Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another
network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?
Which of the following DDoS attacks overloads a service by sending inundate packets?
Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control
measures for their files and folders. Which access control did Ross implement?
Which of the following provides enhanced password protection, secured loT connections, and encompasses stronger encryption techniques?
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which
of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?
James, a network admin in a large US based IT firm, was asked to audit and implement security
controls over all network layers to achieve Defense-in-Depth. While working on this assignment, James
has implemented both blacklisting and whitelisting ACLs. Which layer of defense-in-depth architecture is
Jason working on currently?
Which of the following Wireshark filters can a network administrator use to view the packets without any flags set in order to detect TCP Null Scan attempts?
Which firewall technology provides the best of both packet filtering and application-based filtering and is used in Cisco Adaptive Security Appliances?
Michael decides to view the-----------------to track employee actions on the organization's network.
Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. What is the last step he should list?
Jason works as a System Administrator for www.company.com Inc. The company has a Windows
based network. Sam, an employee of the company, accidentally changes some of the applications and
system settings. He complains to Jason that his system is not working properly. To troubleshoot the
problem, Jason diagnoses the internals of his computer and observes that some changes have been
made in Sam's computer registry. To rectify the issue, Jason has to restore the registry. Which of the
following utilities can Jason use to accomplish the task? Each correct answer represents a complete
solution. Choose all that apply.
Which of the following helps in viewing account activity and events for supported services made by AWS?
Identify the Password Attack Technique in which the adversary attacks cryptographic hash functions based on the probability, that if a hashing process is used for creating a key, then the same is
used for other keys?
Richard has been working as a Linux system administrator at an MNC. He wants to maintain a productive and secure environment by improving the performance of the systems through Linux patch management. Richard is using Ubuntu and wants to patch the Linux systems manually. Which among the following command installs updates (new ones) for Debun based Linux OSes?
Cindy is the network security administrator for her company. She just got back from a security
conference in Las Vegas where they talked about all kinds of old and new security threats; many of
which she did not know of. She is worried about the current security state of her company's network so
she decides to start scanning the network from an external IP address. To see how some of the hosts on
her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK
response. Before the connection is established, she sends RST packets to those hosts to stop the session.
She has done this to see how her intrusion detection system will log the traffic. What type of scan is
Cindy attempting here?
_______________ is a structured and continuous process which integrates information security
and risk management activities into the system development life cycle (SDLC).
What is the name of the authority that verifies the certificate authority in digital certificates?
The Circuit-level gateway firewall technology functions at which of the following OSI layer?
Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?
What defines the maximum time period an organization is willing to lose data during a major IT outage event?
Dan and Alex are business partners working together. Their Business-Partner Policy states that they should encrypt their emails before sending to each other. How will they ensure the authenticity of their emails?
Which of the following network monitoring techniques requires extra monitoring software or hardware?
A stateful multilayer inspection firewall combines the aspects of Application level gateway, Circuit level gateway and Packet filtering firewall. On which layers of the OSI model, does the Stateful
multilayer inspection firewall works?
Riya bought some clothes and a watch from an online shopping site a few days back. Since then,
whenever she accesses any other application (games, browser, etc.) on her mobile, she is spammed with
advertisements for clothes and watches similar to the ones she bought. What can be the underlying
reason for Riya’s situation?
To provide optimum security while enabling safe/necessary services, blocking known dangerous services, and making employees accountable for their online activity, what Internet Access policy would
Brian, the network administrator, have to choose?
Albert works as a Windows system administrator at an MNC. He uses PowerShell logging to identify any suspicious scripting activity across the network. He wants to record pipeline execution details as
PowerShell executes, including variable initialization and command invocations. Which PowerShell logging component records pipeline execution details as PowerShell executes?
Which encryption algorithm does S/MIME protocol implement for digital signatures in emails?
As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's _________integrity check mechanism provides security against a replay attack
In what type of IoT communication model do devices interact with each other through the internet, primarily using protocols such as ZigBee, Z-Wave, or Bluetooth?
Which of the following examines Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) for a disaster recovery strategy?
HexCom, a leading IT Company in the USA, realized that their employees were having trouble accessing multiple servers with different passwords. Due to this, the centralized server was also being
overburdened by avoidable network traffic. To overcome the issue, what type of authentication can be given to the employees?
Wallcot, a retail chain in US and Canada, wants to improve the security of their administration
offices. They want to implement a mechanism with two doors. Only one of the doors can be opened at a
time. Once people enter from the first door, they have to be authorized to open the next one. Failing
the authorization, the person will be locked between the doors until an authorized person lets him or
her out. What is such a mechanism called?
The security network team is trying to implement a firewall capable of operating only in the session
layer, monitoring the TCP inter-packet link protocol to determine when a requested session is legitimate
or not. Using the type of firewall,they could be able to intercept the communication, making the
external network see that the firewall is the source, and facing the user, who responds from the outside
is the firewall itself. They are just limiting a requirements previous listed, because they have already
have a packet filtering firewall and they must add a cheap solution that meets the objective. What kind
of firewall would you recommend?
Patrick wants to change the file permission of a file with permission value 755 to 744. He used a Linux command chmod [permission Value] [File Name] to make these changes. What will be the change
in the file access?
Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21. What does this source address signify?
Which of the following Wireshark filters allows an administrator to detect SYN/FIN DDoS attempt on
the network?
The network admin decides to assign a class B IP address to a host in the network. Identify which of the following addresses fall within a class B IP address range.
Which of the following network security protocols protects from sniffing attacks by encrypting entire communication between the clients and server including user passwords?
Which authorization lets users access a requested resource on behalf of others?
David, a network and system admin, encrypted all the files in a Windows system that supports NTFS file system using Encrypted File Systems (EFS). He then backed up the same files into another Windows
system that supports FAT file system. Later, he found that the backup files were not encrypted. What could be the reason for this?
Ivan needs to pick an encryption method that is scalable even though it might be slower. He has settled on a method that works where one key is public and the other is private. What encryption method did Ivan settle
on?
Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?
You want to increase your network security implementing a technology that only allows certain MAC addresses in specific ports in the switches; which one of the above is the best choice?
John, the network administrator and he wants to enable the NetFlow feature in Cisco routers to collect and monitor the IP network traffic passing through the router. Which command will John use to enable NetFlow on
an interface?
Which of the information below can be gained through network sniffing? (Select all that apply)
Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?
Which of the following network security controls can an administrator use to detect, deflect or study attempts to gain unauthorized access to information systems?
Mark is monitoring the network traffic on his organization’s network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?
Identify the password cracking attempt involving precomputed hash values stored as plaintext and using these to crack the password.
A network designer needs to submit a proposal for a company, which has just published a web
portal for its clients on the internet. Such a server needs to be isolated from the internal network,
placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with
three interfaces, one for the internet network, another for the DMZ server farm and another for the
internal network. What kind of topology will the designer propose?
Jeanne is working as a network administrator in an IT company. She wants to control/limit container
access to CPU, memory, swap, block IO (rates), network. Which Linux kernel feature allows Jeanne to
manage, restrict, and audit groups of the process?
What is the correct order of activities that a IDS is supposed to attempt in order to detect an intrusion?
Kelly is taking backups of the organization's data. Currently, he is taking backups of only those files which are created or modified after the last backup. What type of backup is Kelly using?
Jason has set a firewall policy that allows only a specific list of network services and deny everything else. This strategy is known as a____________.
Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?
To secure his company’s network, Tim the network admin, installed a security device that inspected
all inbound and outbound network traffic for suspicious patterns. The device was configured to alert him
if it found any such suspicious activity. Identify the type of network security device installed by Tim?
A company wants to implement a data backup method which allows them to encrypt the data ensuring its security as well as access at any time and from any location. What is the appropriate backup method that
should be implemented?
Which of the following VPN topologies establishes a persistent connection between an organization's main office and its branch offices using a third-party network or the Internet?
Which of the following commands can be used to disable unwanted services on Debian, Ubuntu and other Debian-based Linux distributions?
Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:
Kyle is an IT consultant working on a contract for a large energy company in Houston. Kyle was hired on to do contract work three weeks ago so the company could prepare for an external IT security audit. With
suggestions from upper management, Kyle has installed a network-based IDS system. This system checks for abnormal behavior and patterns found in network traffic that appear to be dissimilar from the traffic
normally recorded by the IDS. What type of detection is this network-based IDS system using?
Which Internet access policy starts with all services blocked and the administrator enables safe and necessary services individually, which provides maximum security and logs everything, such as system
and network activities?
You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations
to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From
your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification. What type of device are you suggesting?
The GMT enterprise is working on their internet and web usage policies. GMT would like to control
internet bandwidth consumption by employees. Which group of policies would this belong to?
Which of the following is a windows in-built feature that provides filesystem-level encryption in the OS (starting from Windows 2000). except the Home version of Windows?
A VPN Concentrator acts as a bidirectional tunnel endpoint among host machines. What are the other f unction(s) of the device? (Select all that apply)
Which of the following NIST incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?
George was conducting a recovery drill test as a part of his network operation. Recovery drill tests are conducted on the______________.
Which mobile-use approach allows an organization’s employees to use devices that they are comfortable with and best fits their preferences and work purposes?
Martin is a professional hacker. He is performing reconnaissance on an organization to hack a few
target systems. As a part of this method, he needs to determine what hosts are available on the
network, what services those hosts are offering, what operating systems they are running, what type of
packet filters/firewalls, etc. To obtain such information, Martin decided to use automated tools.
Which of the following tool must be employed by Martin?
An administrator wants to monitor and inspect large amounts of traffic and detect unauthorized attempts from inside the organization, with the help of an IDS. They are not able to
recognize the exact location to deploy the IDS sensor. Can you help him spot the location where the IDS sensor should be placed?
Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?
Which of the following filters car be applied to detect an ICMP ping sweep attempt using Wireshark?
Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office. What layer of the OSI model do IPsec tunnels function on?
Which of the following type of UPS is used to supply power above 10kVA and provides an ideal electric output presentation, and its constant wear on the power components reduces the
dependability?
Daniel is monitoring network traffic with the help of a network monitoring tool to detect any abnormalities. What type of network security approach is Daniel adopting?
The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of
following physical security measures should the administrator use?
Which type of information security policy addresses the implementation and configuration of technology and user behavior?
Which of the following things need to be identified during attack surface visualization?
Identify the spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code.
Kyle is an IT technician managing 25 workstations and 4 servers. The servers run applications and mostly store confidential data. Kyle must backup the server's data daily to ensure nothing is lost. The power in the
company's office is not always reliable, Kyle needs to make sure the servers do not go down or are without power for too long. Kyle decides to purchase an Uninterruptible Power Supply (UPS) that has a pair of inverters
and converters to charge the battery and provides power when needed. What type of UPS has Kyle purchased?
Which of the following systems includes an independent NAS Head and multiple storage arrays?
Which type of training can create awareness among employees regarding compliance issues?
How does Windows’ in-built security component, AppLocker, whitelist applications?
Michelle is a network security administrator working at a multinational company. She wants to provide secure access to corporate data (documents, spreadsheets, email, schedules, presentations, and other enterprise data) on mobile devices across organizations networks without being slowed down and also wants to enable easy and secure sharing of information between devices within an enterprise. Based on the above mentioned requirements, which among the following solution should Michelle implement?
Andrew would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability?
Which filter to locate unusual ICMP request an Analyst can use in order to detect a ICMP probes
from the attacker to a target OS looking for the response to perform ICMP fingerprinting?
Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. Which step should Malone list as the last step in the incident response methodology?
CND | 312-38 Questions Answers | 312-38 Test Prep | Certified Network Defender (CND) Questions PDF | 312-38 Online Exam | 312-38 Practice Test | 312-38 PDF | 312-38 Test Questions | 312-38 Study Material | 312-38 Exam Preparation | 312-38 Valid Dumps | 312-38 Real Questions | CND 312-38 Exam Questions