Formative 10 Flashcards

1
Q

What is a feature of the tcpdump tool?

It records metadata about packet flows.

It provides real-time reporting and long-term analysis of security events.

It uses agents to submit host logs to centralized management servers.

It can display packet captures in real time or write them to a file.

A

It can display packet captures in real time or write them to a file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A NIDS/NIPS has identified a threat. Which type of security data will be generated and sent to a logging device?

alert

transaction

statistical

session

A

alert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which statement describes the tcpdump tool?

It is used to control multiple TCP-based applications.

It is a command-line packet analyzer.

It accepts and analyzes data captured by Wireshark.

It can be used to analyze network log data in order to describe and predict network behavior.

A

It is a command-line packet analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are two of the 5-tuples? (Choose two.)

protocol

ACL

IPS

IDS

source port

A

protocol

source port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of security data can be used to describe or predict network behavior?

statistical

alert

transaction

session

A

statistical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which Windows log records events related to login attempts and operations related to file or object access?

setup logs

system logs

application logs

security logs

A

security logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of data is used by Cisco Cognitive Intelligence to find malicious activity that has bypassed security controls, or entered through unmonitored channels, and is operating inside an enterprise network?

session

statistical

alert

transaction

A

statistical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which Windows host log event type describes the successful operation of an application, driver, or service?

warning

error

success audit

information

A

information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are two popular SIEM platforms? (Choose two.)

NetFlow

tcpdump

Splunk

Security Onion with ELK

Cisco Umbrella

A

Splunk

Security Onion with ELK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which Windows tool can be used to review host logs?

Event Viewer

Services

Task Manager

Device Manager

A

Event Viewer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which statement describes an operational characteristic of NetFlow?

NetFlow captures the entire contents of a packet.

NetFlow flow records can be viewed by the tcpdump tool.

NetFlow collects basic information about the packet flow, not the flow data itself.

NetFlow can provide services for user access control.

A

NetFlow collects basic informatino about the packet flow, not the flow data itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In a Cisco AVC system, in which module is NBAR2 deployed?

Application Recognition

Metrics Collection

Control

Management and Reporting

A

Application Recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly