NEW QUESTION 1
Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. What is the last step he should list?

• A. Assign eradication.
• B. Recovery
• C. Containment
• D. A follow-up.

Answer: D

NEW QUESTION 2
The--------------protocol works in the network layer and is responsible for handling the error codes during the delivery of packets. This protocol is also responsible for providing communication in the TCP/IP stack.

• A. RARP
• B. ICMP
• C. DHCP
• D. ARP

Answer: B

NEW QUESTION 3
Alex is administrating the firewall in the organization's network. What command will he use to check the ports applications open?

• A. Netstat -an
• B. Netstat -o
• C. Netstat -a
• D. Netstat -ao

Answer: A

NEW QUESTION 4
John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?

• A. Application level gateway
• B. Stateful Multilayer Inspection
• C. Circuit level gateway
• D. Packet Filtering

Answer: C

NEW QUESTION 5
Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Cindy attempting here?

• A. The type of scan she is usinq is called a NULL scan.
• B. Cindy is using a half-open scan to find live hosts on her network.
• C. Cindy is attempting to find live hosts on her company's network by using a XMAS scan.
• D. She is utilizing a RST scan to find live hosts that are listening on her network.

Answer: B

NEW QUESTION 6
Chris is a senior network administrator. Chris wants to measure the Key Risk Indicator (KRI) to assess the organization. Why is Chris calculating the KRI for his organization? It helps Chris to:

• A. Identifies adverse events
• B. Facilitates backward
• C. Facilitates post Incident management
• D. Notifies when risk has reached threshold levels

Answer: AD

NEW QUESTION 7
Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of incident in the plan. Unsuccessful scans and probes are at what severity level?

• A. Extreme severity level
• B. Low severity level
• C. Mid severity level
• D. High severity level

Answer: B

NEW QUESTION 8
Sam, a network administrator is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he use to view the traffic?

• A. Tcp.flags==0x000
• B. Tcp.flags==0000x
• C. Tcp.flags==000x0
• D. Tcp.flags==x0000

Answer: A

NEW QUESTION 9
Blake is working on the company's updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of incident in the plan. Unsuccessful scans and probes are at what severity level?

• A. High severity level
• B. Extreme severity level
• C. Mid severity level
• D. Low severity level

Answer: D

NEW QUESTION 10
If a network is at risk from unskilled individuals, what type of threat is this?

• A. External Threats
• B. Structured Threats
• C. Unstructured Threats
• D. Internal Threats

Answer: C

NEW QUESTION 11
Bryson is the IT manager and sole IT employee working for a federal agency in California. The agency was just given a grant and was able to hire on 30 more employees for a new extended project. Because of this, Bryson has hired on two more IT employees to train up and work. Both of his new hires are straight out of college and do not have any practical IT experience. Bryson has spent the last two weeks teaching the new employees the basics of computers, networking, troubleshooting techniques etc. To see how these two new hires are doing, he asks them at what layer of the OSI model do Network Interface Cards (NIC) work on. What should the new employees answer?

• A. NICs work on the Session layer of the OSI model.
• B. The new employees should say that NICs perform on the Network layer.
• C. They should tell Bryson that NICs perform on the Physical layer
• D. They should answer with the Presentation layer.

Answer: C

NEW QUESTION 12
Kyle, a front office executive, suspects that a Trojan has infected his computer. What should be his first course of action to deal with the incident?

• A. Contain the damage
• B. Disconnect the five infected devices from the network
• C. Inform the IRT about the incident and wait for their response
• D. Inform everybody in the organization about the attack

Answer: C

NEW QUESTION 13
What command is used to terminate certain processes in an Ubuntu system?

• A. #grep Kill [Target Process}
• B. #kill-9[PID]
• C. #ps ax Kill
• D. # netstat Kill [Target Process]

Answer: C

NEW QUESTION 14
Geon Solutions INC., had only 10 employees when it started. But as business grew, the organization had to increase the amount of staff. The network administrator is finding it difficult to accommodate an increasing number of employees in the existing network topology. So the organization is planning to implement a new topology where it will be easy to accommodate an increasing number of employees. Which network topology will help the administrator solve the problem of needing to add new employees and expand?

• A. Bus
• B. Star
• C. Ring
• D. Mesh

Answer: B

NEW QUESTION 15
The company has implemented a backup plan. James is working as a network administrator for the company and is taking full backups of the data every time a backup is initiated. Alex who is a senior security manager talks to him about using a differential backup instead and asks him to implement this once a full backup of the data is completed. What is/are the reason(s) Alex is suggesting that James use a differential backup? (Select all that apply)

• A. Less storage space is required
• B. Father restoration
• C. Slower than a full backup
• D. Faster than a full backup
• E. Less expensive than full backup

Answer: AD

NEW QUESTION 16
Dan and Alex are business partners working together. Their Business-Partner Policy states that they should encrypt their emails before sending to each other. How will they ensure the authenticity of their emails?

• A. Dan will use his public key to encrypt his mails while Alex will use Dan's digital signature to verify the authenticity of the mails.
• B. Dan will use his private key to encrypt his mails while Alex will use his digital signature to verify the authenticity of the mails.
• C. Dan will use his digital signature to sign his mails while Alex will use his private key to verify the authenticity of the mails.
• D. Dan will use his digital signature to sign his mails while Alex will use Dan's public key to verify the authencity of the mails.

Answer: D

NEW QUESTION 17
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?

• A. Tcp.flags==0x2b
• B. Tcp.flags=0x00
• C. Tcp.options.mss_val<1460
• D. Tcp.options.wscale_val==20

Answer: ABC

NEW QUESTION 18
Heather has been tasked with setting up and implementing VPN tunnels to remote offices. She will most likely be implementing IPsec VPN tunnels to connect the offices. At what layer of the OSI model does an IPsec tunnel function on?

• A. They work on the session layer.
• B. They function on either the application or the physical layer.
• C. They function on the data link layer
• D. They work on the network layer

Answer: D

NEW QUESTION 19
......