Which one of the following commands is required on an interface in order to apply an ACL as a packet filter? access-class ip access-group ip access-list <SGA group id> Explanation &…
Which access control model originates from the military and uses security labels? access control list discretionary access control mandatory access control role-based access control Explanation & Hint: The access control…
Which statement best describes how a network-based malware protection feature detects a possible event? Using virus signature files locally on the firewall, it will detect incorrect MD5 file hashes. The…
Which two of the following protocols are most commonly found in AAA? (Choose two.) TCP/IP TACACS+ OSPF MD5 RADIUS IPSEC Explanation & Hint: In the context of AAA, which stands…
Which two statements are true regarding commercial and Open Source SOC tools? (Choose two.) Commercial tools tend to be polished and full-featured and come with vendor support, but they also…
Which security device is best for defending Web Servers against the OWASP Top 10 web application security risks? load balancer intrusion prevention system web security appliance stateful firewall web application…
Which endpoint security technology should be used to prevent any incoming connections to the host? host-based personal firewall host-based antivirus host-based IDS host-based malware protection Explanation & Hint: To prevent…
An end user’s host becomes infected with a virus because the end user browsed to a malicious website. Which endpoint security technology can be used to best prevent such an…
Which statement is true about sandboxing? Using a sandbox technique ensures that no malware infected files can get in the network. Running a file in a sandbox guarantees that the…
What is the primary difference between a host-based firewall and a traditional firewall? The host-based firewall can block traffic based on application or file type. The traditional firewall can identify…
File integrity checking tools work by calculating hash values of important files, storing the hash values, and periodically comparing those hash values to hash values that it calculates later. If…
What can a HIPS do that a NIPS cannot? (Choose two.) Detect malware delivered to the host via an encrypted channel. Protect a mobile host while connected to non-secured networks.…
After a file disposition changes from unknown to malicious, what is the next step that should be taken? Run the file in a sandbox to verify if it is malicious…
When Cisco AMP for Endpoints detects that an unknown file has been received on an endpoint, what does it do with the file? submits the file to the cloud for…
During incident investigations, what does the AMP for endpoints device trajectory feature show? hosts that have seen the malicious file the signature that triggered the malicious file alert actions that…
Which method is a permissive security control in which only specified applications can run on an end host, while all other applications are prevented? application blocked lists application allowed lists…
Where is the sda block device stored in the file system? /sys /dev /proc /tmp Explanation & Hint: The sda block device is typically stored in the /dev directory in the file…
If the parent process is terminated before its children, what will the PPID column show in the ps command? N/A - 0 1 Explanation & Hint: If the parent process is terminated…
When a host name is being translated to an IP address, where will the operating system look first? /etc/hosts /etc/hostname /etc/resolv.conf It depends on the configuration of /etc/nsswitch.conf. Explanation & Hint:…
A junior analyst is trying to use the tcpdump –i eth1 command on an Ubuntu system, but it is not working. What could be the problem? The tcpdump command requires root level privilege. The tcpdump command…