-
Decide where things go.
-
The content management group is considering the use of
DNS Round Robin technology.
What benefit could this provide?
- Load balancing
- Transparent proxying
- Anti-spoofing
- Certificate sharing
-
Gina has been asked by her manager to set up wireless
connectivity for the new software development team.
They will be working in a small remote facility.
What would be the best choice?
Pick two.
- Fat
- Thin
- Controller-based
- Standalone
-
Users are reporting that they can't access the financial
department's secure web page.
The following command output is observed.
What is wrong?
$ netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 10.138.0.3:22 184.16.205.240:50966 ESTABLISHED
tcp4 0 0 127.0.0.1:9000 127.0.0.1:37632 TIME_WAIT
tcp4 0 0 127.0.0.1:11628 127.0.0.1:9000 TIME_WAIT
tcp4 0 0 127.0.0.1:12042 127.0.0.1:9000 TIME_WAIT
tcp4 0 0 10.138.0.3:80 130.15.4.209:46944 TIME_WAIT
tcp4 0 0 10.138.0.3:80 46.229.168.70:15234 TIME_WAIT
tcp4 0 0 10.138.0.3:80 173.187.65.22:50598 ESTABLISHED
tcp4 0 0 10.138.0.3:80 212.3.84.1:55989 ESTABLISHED
tcp4 0 0 10.138.0.3:80 212.3.84.1:55987 ESTABLISHED
tcp4 0 0 10.138.0.3:80 212.3.84.1:55988 TIME_WAIT
tcp4 0 0 10.138.0.3:80 212.3.84.1:55986 TIME_WAIT
tcp4 0 0 *:80 *.* LISTEN
tcp4 0 0 127.0.0.1:9000 *.* LISTEN
tcp4 0 0 *:22 *.* LISTEN
tcp4 0 0 127.0.0.1:25 *.* LISTEN
udp4 0 0 127.0.0.1:123 *.*
udp4 0 0 10.138.0.3:123 *.*
udp4 0 0 *:123 *.*
udp4 0 0 *:514 *.*
- The web server is down
- The server is up but its web service isn't running
- The certificate is expired
- The certificate has been revoked
- HTTPS isn't enabled
- A firewall is blocking connections
-
You observe this data.
11:43:57.293662 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 1, length 64
11:43:57.294143 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 1, length 64
11:43:58.294308 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 2, length 64
11:43:58.294730 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 2, length 64
11:43:59.322328 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 3, length 64
11:43:59.322645 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 3, length 6
Which tool or defensive measure was involved?
Select two.
- Wireshark
- ping
- nmap
- tcpdump
- netstat
- arp
- ifconfig
-
You observe this data.
www.google.com (172.217.6.4) 56(84) bytes of data.
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=1 ttl=116 time=26.9 ms
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=2 ttl=116 time=28.2 ms
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=3 ttl=116 time=27.2 ms
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=4 ttl=116 time=27.2 ms
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=5 ttl=116 time=28.5 ms
--- www.google.com statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 26.976/27.673/28.568/0.621 ms
Which tool or defensive measure was involved?
- Wireshark
- ping
- nmap
- tcpdump
- netstat
- arp
- ifconfig
-
You observe this data.
enp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 2601:249:4300:cb:a62:66ff:fe2c:ab1c prefixlen 64 scopeid 0x0<global>
inet6 fe80::a62:66ff:fe2c:ab1c prefixlen 64 scopeid 0x20<link>
ether 08:62:66:2c:ab:1c txqueuelen 1000 (Ethernet)
RX packets 16332198 bytes 4799272313 (4.7 GB)
RX errors 0 dropped 3 overruns 0 frame 0
TX packets 27220877 bytes 32805346549 (32.8 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Which tool or defensive measure was involved?
- Wireshark
- ping
- nmap
- tcpdump
- netstat
- arp
- ifconfig
-
You observe this data.
Host is up (0.00031s latency).
rDNS record for 192.168.1.40: hplj4250n.kc9rg.org
Not shown: 993 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Virata-EmWeb 6.2.1 (HP LaserJet http config)
280/tcp open http Virata-EmWeb 6.2.1 (HP LaserJet http config)
443/tcp open ssl/https?
515/tcp open printer
7627/tcp open http HP-ChaiSOE 1.0 (HP LaserJet http config)
9100/tcp open jetdirect?
14000/tcp open tcpwrapped
MAC Address: 00:12:79:DF:81:B1 (Hewlett Packard)
Device type: printer
Running: HP embedded
OS details: HP LaserJet 4250 (JetDirect) printer
Network Distance: 1 hop
Service Info: Host: 192.168.1.40; Device: printer
Which tool or defensive measure was involved?
- Wireshark
- ping
- nmap
- tcpdump
- netstat
- arp
- ifconfig
-
You observe this data.
192.168.1.4 at dc:a6:32:36:a9:4e [ether] on enp9s0
192.168.1.218 at b8:27:eb:1f:f6:87 [ether] on enp9s0
192.168.1.20 at b8:27:eb:03:6b:37 [ether] on enp9s0
192.168.1.205 at b8:27:eb:f9:ea:4d [ether] on enp9s0
192.168.1.7 at b8:27:eb:95:25:5b [ether] on enp9s0
192.168.1.40 at 00:12:79:df:81:b1 [ether] on enp9s0
192.168.1.254 at 38:94:ed:fa:48:88 [ether] on enp9s0
192.168.1.42 at 00:1c:50:ac:72:1e [ether] on enp9s0
192.168.1.3 at dc:a6:32:36:a9:4e [ether] on enp9s0
Which tool or defensive measure was involved?
- Wireshark
- ping
- nmap
- tcpdump
- netstat
- arp
- ifconfig
-
You observe this data.
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 www.http ec2-54-251-14-39.http SYN_RCVD
tcp 0 0 www.http 97-127-152-158.c.http SYN_RCVD
tcp 0 72 www.ssh c-67-162-124-176.57046 ESTABLISHED
tcp 0 0 www.ssh c-67-162-124-176.56956 TIME_WAIT
tcp 0 0 www.57694 metadata.google..http ESTABLISHED
tcp 0 0 localhost.9000 localhost.45172 TIME_WAIT
tcp 0 0 www.https cpe-184-153-88-7.45718 ESTABLISHED
tcp 0 0 www.https ec2-54-90-33-176.40684 ESTABLISHED
tcp 0 0 www.https petalbot-114-119.32762 TIME_WAIT
tcp 0 0 www.https static.kpn.net.49168 ESTABLISHED
tcp 0 0 www.https static.kpn.net.49169 ESTABLISHED
tcp 0 0 www.https 185-97-201-166.n.1480 ESTABLISHED
tcp 0 0 www.https 185-97-201-166.n.1478 ESTABLISHED
tcp 0 0 www.https 185-97-201-166.n.1476 ESTABLISHED
tcp 0 0 www.https crawl-66-249-79-.52368 TIME_WAIT
tcp 0 0 www.https crawl-66-249-79-.35610 TIME_WAIT
tcp 0 0 www.http crawl-66-249-68-.58406 TIME_WAIT
tcp 0 0 www.https 84.93.94.244.56895 ESTABLISHED
tcp 0 0 www.https ip-99-203-20-246.19011 ESTABLISHED
tcp 0 0 www.https pool-96-252-105-.51616 TIME_WAIT
tcp 0 63 www.https CPE589630c056fc-.59897 FIN_WAIT_1
tcp 0 0 www.http 200.46.45.114.50849 CLOSED
tcp 0 0 www.http 201.130.137.117..44167 CLOSED
tcp 0 0 *.https *.* LISTEN
tcp 0 0 *.http *.* LISTEN
tcp 0 0 localhost.9000 *.* LISTEN
tcp 0 0 *.ssh *.* LISTEN
tcp6 0 0 *.ssh *.* LISTEN
tcp 0 0 localhost.smtp *.* LISTEN
Which tool or defensive measure was involved?
- Wireshark
- ping
- nmap
- tcpdump
- netstat
- arp
- ifconfig
-
You observe this command output.
Server: 192.168.1.3
Address: 192.168.1.3#53
** server can't find www.faasdfjh.com: NXDOMAIN
What is wrong?
- DNS cache poisoning has happened
- Your workstation cannot contact the nameserver
- The domain faasdfjh.com does not exist
- There is no host named www.faasdfjh.com
-
You observe this command output.
;; connection timed out; no servers could be reached
What is wrong?
- DNS cache poisoning has happened
- Your workstation cannot contact the nameserver
- The domain does not exist
- There is no host with the requested name
-
You observe this data.
[**] [122:1:0] (Web) Directory Traversal [**] [Priority: 2] 07/05-12:15:41.483293 192.168.3.7 -> 192.168.1.1:80 PROTO:255 TTL:0 TOS:0x0 ID:3253 IpLen:20 DgmLen:1501
Which tool or defensive measure was involved?
- NIDS
- NIPS
- HIDS
- HIPS
-
You observe this data.
An unapproved executable attempted to run and was prevented.
The action was stopped and logged.
Location: c:\Program Files\Chromium Browser\Chrome.exe
User: Elon
Cause: Policy setting for unapproved software
Which tool or defensive measure was involved?
- File integrity check
- Antivirus
- Blacklisting
- Whitelisting
- DLP
- DEP
-
Julie, a network engineer, has been informed by management
that they want to deploy network security technology that
uses OSI layers 4 through 7 to authenticate, authorize,
and audit Internet activity.
To reduce the load on help desk personnel, this must
require little to no browser or other application
reconfiguration.
What should she recommend?
- SIEM
- 802.1x
- Transparent proxy
- Load balancer
-
Jenny, a network engineer, has been tasked with auditing
network traffic to determine if any sensitive data is
being transmitted in cleartext form.
What tool could she use?
- Protocol analyzer
- Pen testing toolkit
- Compliance scanner
- Nmap
-
James, a programmer, is looking at the logs of his WAP
in his home.
He notices an unknown device that has been accessing it.
What countermeasure should he use?
- 802.1x
- NAC and certificates
- MAC filtering
- Faraday cage
- RADIUS and EAP
-
Which of these are appropriate defenses for a mobile device?
Select three.
- Remote wipe
- Cable lock
- FM-200
- Biometrics
- GPS tracking
- Transparent proxy
-
George's manager needs to give a presentation to the board
of directors, telling them about the most critical threat
to the organization.
What should George make sure is highlighted?
- Asset management
- Insider threat
- Social media
- Baseline deviations
- Performance
- Unauthorized software
-
Tony, a network engineer, has been tasked by his manager with
monitoring the more sensitive internal networks, to spot
and block attacks.
What should Tony use?
- SIEM
- HIDS
- HIPS
- NIDS
- NIPS