Network administrators are often hesitant to patch the operating systems on CISCO router and switch operating systems, due to the possibility of causing network instability, mainly because of which of the following?
A. Having to rebuild all ACLs
B. Having to replace the kernel
C. Having to re-IP the device
D. Having to rebuild ARP tables
E. Having to rebuild the routing tables
Which Unix administration tool is designed to monitor configuration changes to Cisco, Extreme and Foundry infrastructure devices?
A. SNMP
B. Netflow
C. RANCID
D. RMON
What feature of Wireshark allows the analysis of one HTTP conversation?
A. Follow UDP Stream
B. Follow TCP Stream
C. Conversation list > IPV4
D. Setting a display filter to `tcp'
Which tasks would a First Responder perform during the Identification phase of Incident Response?
A. Verify the root cause of the incident and apply any missing security patches.
B. Install or reenable host-based firewalls and anti-virus software on suspected systems.
C. Search for sources of data and information that may be valuable in confirming and containing an incident.
D. Disconnect network communications and search for malicious executables or processes.
An outside vulnerability assessment reveals that users have been routinely accessing Gmail from work for over a year, a clear violation of this organization's security policy. The users report "it just started working one day". Later, a network administrator admits he meant to unblock Gmail for just his own IP address, but he made a mistake in the firewall rule.
Which security control failed?
A. Access control
B. Authentication
C. Auditing
D. Rights management
An incident response team investigated a database breach, and determined it was likely the result of an internal user who had a default password in place. The password was changed. A week later, they discover another loss of database records. The database admin provides logs that indicate the attack came from the front-end web interface. Where did the incident response team fail?
A. They did not eradicate tools left behind by the attacker
B. They did not properly identify the source of the breach
C. They did not lock the account after changing the password
D. They did not patch the database server after the event
An analyst wants to see a grouping of images that may be contained in a pcap file. Which tool natively meets this need?
A. Scapy
B. NetworkMiner
C. TCPReplay
D. Wireshark
Enabling port security prevents which of the following?
A. Using vendors other than Cisco for switching equipment as they don't offer port security
B. Spoofed MAC addresses from being used to cause a Denial of Service condition
C. Legitimate MAC addresses from being used to cause a Denial of Service condition
D. Network Access Control systems from functioning properly
What would be the output of the following Google search? filetype:doc inurl:ws_ftp
A. Websites running ws_ftp that allow anonymous logins
B. Documents available on the ws_ftp.com domain
C. Websites hosting the ws_ftp installation program
D. Documents found on sites with ws_ftp in the web address
Which statement below is the MOST accurate about insider threat controls?
A. Classification of information assets helps identify data to protect.
B. Security awareness programs have a minimal impact on reducing the insider threat.
C. Both detective and preventative controls prevent insider attacks.
D. Rotation of duties makes an insider threat more likely.
E. Separation of duties encourages one employee to control a great deal of information.