Compare and contrast the characteristics of the various types of firewalls and select the correct explanation of a packet filtering firewall.
An Access
... [Show More] Control List (ACL) is configured to deny access to IP addresses with specific sources
A firewall that maintains stateful information about the connection
HTTP headers and the HTML code is analyzed to identify code that matches a pattern
A stand-alone firewall that is implemented with routed interfaces or as a virtual wire transparent firewall
An Access Control List (ACL) is configured to deny access to IP addresses with specific sources
Analyze the following scenarios and determine which best simulates a content filter in action. (Select two)
A packet containing malicious content has been broken down and the suspicious content is erased prior to the packet being rebuilt
A high school student is using the school library to do research for an assignment and cannot access certain websites due to the subject matter
A system administrator builds a set of rules based on information that can be found in source IP address to allow access to an intranet
A system administrator blocks access to social media sites after the CEO complains that work performance has decreased due to excessive social media usage at work
A high school student is using the school library to do research for an assignment and cannot access certain websites due to the subject matter
A system administrator blocks access to social media sites after the CEO complains that work performance has decreased due to excessive social media usage at work
During the planning/scoping phase of the kill chain, an attacker decides that a Distributed Denial of Service (DDoS) attack would be the best way to disrupt the target website and remain anonymous. Evaluate the following explanations to determine the reason a DDoS attack was chosen.
A covert channel is used to launch a DDoS attack
DDoS attacks utilize botnets
A DDoS attack creates a backdoor to a website
DDoS attacks use impersonation
DDoS attacks utilize botnets
Select the statements accurately distinguishing between Layer 4 and Layer 7 load balancers. (Select two)
Layer 4 load balancers base forwarding decisions on IP address port values, while Layer 7 load balancers base forwarding decisions on application-level data.
Layer 4 load balancers base forwarding decisions on application-level data, while Layer 7 load balancers base forwarding decisions on IP address port values.
Layer 4 load balancers are stateless and cannot retain information about user sessions, while Layer 7 load balancers require more complex logic.
Layer 4 load balancers require more complex logic, while Layer 7 load balancers are stateless and cannot retain information about user sessions.
Layer 4 load balancers base forwarding decisions on IP address port values, while Layer 7 load balancers base forwarding decisions on application-level data.
Layer 4 load balancers are stateless and cannot retain information about user sessions, while Layer 7 load balancers require more complex logic.
Evaluate the functions of a Network-Based Intrusion Detection System (NIDS) and conclude which statements are accurate. (Select two)
Training and tuning are fairly simple, and there is a low chance of false positives and false negatives.
A NIDS will identify and log hosts and applications for the administrator to analyze, and take action to remove or block attackers.
Training and tuning are complex and there is a high chance of false positive and negative rates.
A NIDS will identify attacks and block the traffic to stop the attack. The administrator will be able to review the reports for future prevention.
A NIDS will identify and log hosts and applications for the administrator to analyze, and take action to remove or block attackers.
Training and tuning are complex and there is a high chance of false positive and negative rates.
Differentiate between the features of Host-Based Intrusion Detection Systems (HIDS) and Host-Based Intrusion Prevention Systems (HIPS) and compare these systems with other types of detection and prevention systems. (Select two)
HIDS and HIPS are installed on a single host, where administrators may install and configure an instance on each workstation within a network.
HIDS and HIPS are installed on a single host, such as a server, which then captures and analyzes log files for the entire network.
HIDS and HIPS are loaded with a database of attack patterns and if traffic matches a pattern, the engine generates an incident.
HIDS' core ability is to capture and analyze log files while, HIPS preserves the system in its intended state.
HIDS and HIPS are installed on a single host, where administrators may install and configure an instance on each workstation within a network.
HIDS' core ability is to capture and analyze log files while, HIPS preserves the system in its intended state.
A network manager is asked to assist with developing a policy to protect the company from data exfiltration. The employee devises a list of focus points that should be included. Which plans, when consolidated, provide the best protection for the company? (Select three)
Store backups of critical data that may be targeted for destruction or ransom on site within a secure space
New employees complete initial and refresher trainings on document confidentiality and the use of encryption
Only allow removable media if it is company property, required to perform a task, and has been cleared through the proper channels
Encrypt all sensitive data at rest and disconnect systems that are storing archived data from the network
New employees complete initial and refresher trainings on document confidentiality and the use of encryption
Only allow removable media if it is company property, required to perform a task, and has been cleared through the proper channels
Encrypt all sensitive data at rest and disconnect systems that are storing archived data from the network
An employee is working on a project that contains critical data for the company. In order to meet deadlines, the employee decides to email the document containing the data to their personal email to work on at home. Consider the traits of Data Loss Prevention (DLP) and evaluate the scenario to select the DLP remediation that should be utilized.
The email is allowed to send the file and an alert is triggered so that an administrator is aware of the incident
The user should be blocked from sending the email, but retain access to it. The user is alerted to the policy violation and it is logged as an incident
Access is denied to the sender and all other users within the company. The file is encrypted and moved into a quarantine area by the management engine
The original file is quarantined and replaced with one describing the policy violation and how the user can release it again
The user should be blocked from sending the email, but retain access to it. The user is alerted to the policy violation and it is logged as an incident
A user calls the help desk to report that Microsoft Excel continues to crash when used. The technician would like to review the logs in an attempt to determine the cause. Analyze the types of logs to determine which would contain the information the technician needs.
Event log
Audit log
Security log
Access log
Event log
A system administrator suspects a memory leak is occurring on a client. Determine which scenario would justify this finding.
A rapid decrease in disk space has been logged.
High page file utilization has been logged.
High utilization when employees are not working has been logged without a scheduled activity.
Decreasing available bytes and increasing committed bytes have been logged.
Decreasing available bytes and increasing committed bytes have been logged
Consider the configurations of wireless networks to determine which statements properly differentiates features of each type. (Select two)
In an ad hoc configuration, the wireless adapter allows connections to and from other devices in a peer-to-peer WLAN.
In an infrastructure configuration, the adapter is configured to connect through an Access Point (AP) to other wireless and wired devices.
In an ad hoc configuration, the adapter is configured to connect through an Access Point (AP) to other wireless and wired devices.
In an infrastructure configuration, the wireless adapter allows connections to and from other devices in a peer-to-peer WLAN.
In an ad hoc configuration, the wireless adapter allows connections to and from other devices in a peer-to-peer WLAN.
In an infrastructure configuration, the adapter is configured to connect through an Access Point (AP) to other wireless and wired devices.
In an effort to extend a wireless signal range, a technician uses a directional antenna to focus on a particular point. The antenna used is a bar with fins. Analyze the types of antennas and their functions to conclude which type of antenna was used.
Rubber ducky
Wireless bridge
Yagi
Parabolic
Yagi
A technician is installing an Access Point (AP). To maximize coverage and minimize interference, the technician positions the AP as high as possible and sets the channels of other nearby APs to different settings. In order to prevent Co-Channel Interference (CII), what will the technician recommend for spacing between the channels?
28 MHz
24 MHz
18 MHz
14 MHz
28 MHz [Show Less]