scns formatted - gratisexam.com · in order to perform promiscuous mode captures using the...

SCNS_formatted

Number: SC0-451Passing Score: 750Time Limit: 120 minFile Version: 4.1

http://www.gratisexam.com/

Exin SCNS

SCNS Tactical Perimeter Defense

Actual TestsVersion 4.1Exin SCNS: Practice Exam

by David Nguyen

Exam A

QUESTION 1The exhibit represents a simple routed network. Node 7 is a Windows 2000 Professional machine thatestablishes a TCP communication with Node 10, a Windows 2003 Server. The routers are Cisco 2500 seriesrunning IOS 11.2.

While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 willreveal which of the following combination of source IP and source Physical addresses:

A. Source IP address 10.0.10.115, Source Physical address for Node 7B. Source IP address 50.0.50.1, Source Physical address for Node 7 ActualTests.comC. Source IP address for Router D's Int E0, Source Physical address for Node 7D. Source IP address 10.0.10.115, Source Physical address Router D's Int E0E. Source IP addresses for both Nodes 7 and Router D's Int E0, Source Physical address for both Nodes 7

and Router D's Int E0.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 2You have implemented an IPSec policy, using only AH. You are analyzing your network traffic in NetworkMonitor, which of the following statements are true about your network traffic?

A. You will not be able to view the data in the packets, as it is encrypted.B. You will not be able to identify the upper layer protocol.C. You will be able to view the unencrypted data in the packets.D. You will be able to identify the encryption algorithm in use.E. You will not be able to view the packet header.

Correct Answer: CSection: (none)Explanation


QUESTION 3In order to perform promiscuous mode captures using the Wireshark capture tool on a Windows Server 2003machine, what must first be installed?

A. IPv4 stackB. IPv6 stackC. WinPcapD. Nothing, it will capture by defaultE. At least two network adapters



QUESTION 4You are configuring the rules on your firewall, and need to take into consideration that some clients in thenetwork are using automatic addressing. What is the IP address range reserved for internal use for APIPA inMicrosoft networks?

A. 169.254.0.0 /4B. 169.254.0.0 /16C. 169.254.0.0 /8D. 169.254.0.0 /0E. 168.255.0.0 /16

Correct Answer: BSection: (none)Explanation


QUESTION 5If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type ofWLAN is this frame a part of?

A. MeshB. BroadcastC. InfrastructureD. HierarchicalE. Ad Hoc

Correct Answer: ESection: (none)Explanation


QUESTION 6There are several options available to you for your new wireless networking technologies, and you areexamining how different systems function. What transmission system uses short bursts combined together as achannel?


A. Frequency Hopping Spread Spectrum (FHSS)B. Direct Sequence Spread Spectrum (DSSS)C. Lamar Anthell Transmission (LAT)D. Digital Band Hopping (DBH)E. Digital Channel Hopping (DCH)

Correct Answer: ASection: (none)Explanation


QUESTION 7You have just installed a new Intrusion Detection System in your network. You are concerned that there arefunctions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?

A. The IDS can only manage RAID 5 failures.B. The IDS cannot be programmed to receive SNMP alert messages.C. The IDS cannot be programmed to receive SNMP trap messages.D. The IDS cannot be programmed to respond to hardware failures.E. The IDS can only inform you that an event happened.



QUESTION 8For the new Snort rules you are building, it will be required to have Snort examine inside the content of thepacket. Which keyword is used to tell Snort to ignore a defined number of bytes before looking inside thepacket for a content match?

A. DepthB. OffsetC. NocaseD. Flow_ControlE. Classtype



QUESTION 9You have recently taken over the security of a mid-sized network. You are reviewing the current configuration ofthe IPTables firewall, and notice the following rule:

ipchains -A input -p TCP -d 0.0.0.0/0 12345 -j DENY

What is the function of this rule?

A. This rule for the output chain states that all incoming packets from any host to port 12345 are to be denied.B. This rule for the input chain states that all incoming packets from any host to port 12345 are to be denied.C. This rule for the input chain states that any TCP traffic from any address destined for any IP address and to

port 12345 is to be denied.D. This rule for the output chain states that any TCP traffic from any address destined for any IP address and

to port 12345 is to be denied.E. This rule for the input chain states that all TCP packets inbound from any network destined to any network

is to be denied for ports 1, 2, 3, 4, and 5.


Explanation/Reference:ActualTests.com

QUESTION 10At a policy meeting you have been given the task of creating the firewall policy. What are the two basicpositions you can take when creating the policy?

A. To deny all traffic and permit only that which is required.B. To permit only IP traffic and filter TCP trafficC. To permit only TCP traffic and filter IP trafficD. To permit all traffic and deny that which is required.E. To include your internal IP address as blocked from incoming to prevent spoofing.

Correct Answer: AD

Section: (none)Explanation


QUESTION 11You are planning on implementing a token-based authentication system in your network. The network currentlyis spread out over four floors of your building. There are plans to add three branch offices. During your researchyou are analyzing the different types of systems. Which of the following are the two common systems token-based authentication uses?

A. Challenge/ResponseB. Random-codeC. Time-basedD. Challenge/HandshakeE. Password-Synch

Correct Answer: ACSection: (none)Explanation


QUESTION 12During your review of the logs of your Cisco router, you see the following line. What is the meaning of this line?

%SYS-5-CONFIG_I: Configured from console by vty1 (172.16.10.1)

A. A normal, but noteworthy eventB. An informative messageC. A warning condition has occurredD. A debugging message

ActualTests.comE. An error condition has occurred



QUESTION 13You are working on your companys IPTables Firewall; you wish to create a rule to address traffic using ports1024 through 2048. Which of the following would you use during the creation of your rule?

A. p:1024 P:2048B. P:1024 p2048C. p=1024-2048D. 1024-2048E. 1024:2048

Correct Answer: E



QUESTION 14You are monitoring the network traffic on your Frame-Relay Internet connection. You notice a large amount ofunauthorized traffic on port 21. You examine the packets, and notice there are no files being transferred. Trafficon what other port must be examined to view any file contents?

A. 20B. 119C. 23D. 80E. 2021



QUESTION 15You are introducing a co-worker to the security systems in place in your organization. During the discussion youbegin talking about the network, and how it is implemented. You mention something in RFC 791, and are askedwhat that is. What does RFC 791 specify the standards for?

A. IPB. TCPC. UDPD. ICMPE. Ethernet



QUESTION 16You have been given the task of building the new wireless networks for your office, and you need to verify thatyour equipment will not interfere with other wireless equipment frequencies. What wireless standard allows forup to 11 Mbps transmission rates and operates in the 2.4GHz range?

A. 802.11bB. 802.11eC. 802.11aD. 802.11iE. 802.11g

Correct Answer: ASection: (none)

Explanation


QUESTION 17When performing wireless network traffic analysis, what is the type and subtype for an 802.11 authenticationpacket?

A. Type AA Subtype AAAAB. Type 00 Subtype 1011C. Type 0A Subtype 0A0AD. Type 11 Subtype 0000E. Type A0 Subtype A1A0



QUESTION 18You are configuring your new IDS machine, where you have recently installed Snort. While you are working withthis machine, you wish to create some basic rules to test the ability to log traffic as you desire. Which of thefollowing Snort rules will log any tcp traffic from any host other than 172.16.40.50 using any port, to any host inthe 10.0.10.0/24 network using any port?

A. log udp ! 172.16.40.50/32 any -> 10.0.10.0/24 anyB. log tcp ! 172.16.40.50/32 any -> 10.0.10.0/24 anyC. log udp ! 172.16.40.50/32 any <> 10.0.10.0/24 anyD. log tcp ! 172.16.40.50/32 any <> 10.0.10.0/24 anyE. log tcp ! 172.16.40.50/32 any <- 10.0.10.0/24 any



QUESTION 19You are configuring a new IDS, running Snort, in your network. To better configure Snort, you are studying theconfiguration file. Which four of the following are the primary parts of the Snort configuration file?

A. PostprocessorsB. VariablesC. PreprocessorsD. Output Plug-insE. Rulesets

Correct Answer: BCDESection: (none)Explanation


QUESTION 20If you wish to create a new rule in ISA Server 2006 so that all file attachments with an .exe extension that comethrough the firewall are dropped, what would you select in the Toolbox to create this rule?

A. Content TypeB. User GroupC. Destination SetD. Protocol SetE. Extension Type



QUESTION 21Your network traffic has increased substantially over the last year, and you are looking into your caching optionsfor frequently visited websites. What are the two types of caching that ISA Server 2006 supports?

A. Reverse cachingB. Forward cachingC. Inverse cachingD. Recursive cachingE. Real-time caching

Correct Answer: ABSection: (none)Explanation


QUESTION 22You are considering your options for a new firewall deployment. At which three layers of the OSI model does astateful packet filtering firewall operate?

A. PresentationB. Data LinkC. NetworkD. ApplicationE. Transport

Correct Answer: BCESection: (none)Explanation


QUESTION 23

As you increase the layers of security in your organization, you must watch the network behavior closely. Howcan a firewall have a negative impact on the performance of your network?

A. It can authorize sensitive information from the wrong hostB. It can block needed trafficC. It can decrypt secure communications that were supposed to get past the firewall encryptedD. It can restrict bandwidth based on QoSE. It can filter packets that contain virus signatures



QUESTION 24You are configuring a Cisco Router, and are creating Access Control Lists as part of the security of the network.When creating Wildcard Masks, which of the following rules apply?

A. If the wildcard mask bit is a 1, then do not check the corresponding bit of the IP address for a match.B. If the wildcard mask bit is a 0, then do not check the corresponding bit of the IP address for a

ActualTests.commatch.

C. If the wildcard mask bit is a 1, then do check the corresponding bit of the IP address for a match.D. If the wildcard mask bit is a 0, then do check the corresponding bit of the IP address for a match.E. To create a Wildcard Mask, always take the inverse of the Subnet Mask.

Correct Answer: ADSection: (none)Explanation


QUESTION 25The CEO of your company has just issued a statement that the network must be more secure right away.

You have discussed several options with the Chief Security Officer and the Chief Technology Officer. Theresults of your discussion are to implement IPSec. What are the two prime functions of IPSec that you can letthe CEO know will be addressed with the implementation?

A. Ensure data corruptibilityB. Ensure data integrityC. Ensure data availabilityD. Ensure data securityE. Ensure data deliverability

Correct Answer: BDSection: (none)Explanation


QUESTION 26As per the specifications of RFC 1191: Path MTU Discovery, MTUs have been defined so that transmitteddatagram will not unnecessarily become fragmented when traveling across different types of physical media.You are going to run several packet captures to be sure there are no out of spec packets on your network.According to these specifications what are the absolute minimum and maximum MTUs?

A. 1492 Bytes and 1500 Bytes respectivelyB. 68 Bytes and 65535 Bytes respectivelyC. 512 Bytes and 1500 Bytes respectivelyD. 512 bits and 1500 bits respectivelyE. 512 bits per second and 1500 bits per second respectively



QUESTION 27What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts werepart of a bigger intrusion, or would help discover infrequent attacks?

"Pass Any Exam. Any Time." - www.actualtests.com 11Exin SCNS: Practice Exam

A. 5B. 9

C. 12D. 10E. 4



QUESTION 28In the image, there are two nodes communicating directly, without an access point. In the packet on the rightside of the image, the Address 1 field is blank. If this packet is going to the other computer, what is the valuethat must be filled in this blank address field?

A. 2345B. 1234C. ABCDD. <null>E. ABCD-1234



QUESTION 29During a training presentation, that you are delivering, you are asked how wireless networks function, comparedto the OSI Model. What two layers of the OSI Model are addressed by the 802.11 standards?

A. PhysicalB. Data LinkC. NetworkD. TransportE. Session



QUESTION 30You have configured Snort to run on your SuSe Linux machine, and you are currently making the configurationchanges to your MySQL database. What is the result of running the following command at the mysql prompt?

source /usr/share/doc/packages/snort/schemas/create_mysql;

A. This command tells MySQL to connect to the /usr directory when source files are required for Snort rules.B. This command tells MySQL that the source files for Snort are located in the /usr directory.C. This command tells MySQL where to place the Snort capture files in the database.D. This command tells MySQL to populate the database using the fields provided by Snort.E. This command tells MySQL where to find the source data for connecting to Snort.



QUESTION 31You are configuring your new Intrusion Detection System, and studying the true-false matrix. You read aboutthe different types of alarms and events. Which of the following defines an event where an alarm does notoccur when an actual intrusion is carried out?

A. True-negativeB. False-positiveC. True-positiveD. False-negativeE. Absolute-positive



QUESTION 32You have recently taken over the security of a mid-sized network. You are reviewing the current configuration ofthe IPTables firewall, and notice the following rule:

ActualTests.comipchains -A output -p TCP -d ! 172.168.35.40 www

What is the function of this rule?

A. This rule for the output chain states that all www traffic on 172.168.35.40 from any IP address is allowed.B. This rule for the input chain states that all TCP packets are able to get to the www service on any IP

address except for 172.168.35.40.C. This rule for the input chain states that all TCP packets are allowed to the 172.168.35.40 IP address to any

port other than 80.D. This rule for the output chain states that all TCP packets are able to get to the www service on any IP

address except for 172.168.35.40.E. This rule for the output chain states that all TCP packets are allowed to the 172.168.35.40 IP address to any

port other than 80.



QUESTION 33The organization you work for has recently decided to have a greater focus on security issues. You run thenetwork, and are called in the meeting to discuss these changes. After the initial meeting you are asked toresearch and summarize the major issues of network security that you believe the organization should address.What are Network Securitys five major issues?

A. Authorization and AvailabilityB. AdministrationC. IntegrityD. ConfidentialityE. EncapsulationF. EncryptionG. Non-RepudiationH. Authentication

Correct Answer: Section: (none)Explanation

Explanation/Reference:Answer: A,C,D,G,H

QUESTION 34To increase the security of the network, you have decided to implement a solution using authentication tokens.You are explaining this to a coworker who is not familiar with tokens. What are Authentication Tokens?

A. An authentication token is a software program that is installed on each user computer. Upon execution ofthe program, each user will be authenticated into the network.ActualTests.com

B. An authentication token is a hardware device that is to be installed, either via a parallel or serial port. Oncethe user has installed the token, he or she will be able to access the resources on the network that theyhave been granted access.

C. An authentication token is a portable device, such as a handheld computer, that stores an authenticatingsequence, that the user will enter after logging into the system to gain access to network resources.

D. An authentication token is a software program that is installed on the main server of the network. As theuser is logging in, the server will instruct the user for username and password.

E. An authentication token is a portable device used for authenticating a user, thereby allowing authorizedaccess into a network system.


Explanation/Reference:"Pass Any Exam. Any Time." - www.actualtests.com 15Exin SCNS: Practice Exam

QUESTION 35You are configuring your new Intrusion Detection System, and studying the true-false matrix. You read aboutthe different types of alarms and events. Which of the following defines an event where an alarm does notoccur and there is no actual intrusion?




QUESTION 36You were recently hired as the security administrator of a small business. You are reviewing the current state ofsecurity in the network and find that the current logging system must be immediately modified. As the system iscurrently configured, auditing has no practical value. Which of the following are the reasons that the currentauditing has little value?

A. The logs go unchecked.B. The logs are automatically deleted after three months.C. The logs are deleted using FIFO and capped at 500Kb.D. The only auditing is successful file access events.E. The logs are deleted using FIFO and capped at 5000Kb.



QUESTION 37The main reason you have been hired at a company is to bring the network security of the organization up tocurrent standards. A high priority is to have a full security audit of the network as soon as possible. You havechosen an Operational Audit and are describing it to your coworkers. Which of the following best describes an

Operational audit?

A. This type of audit is typically done by a contracted external team of security experts who check for policycompliance.

B. This type of audit is usually done by internal resources to examine the current daily and on- going activitieswithin a network system for compliance with an established security policy.

C. This type of audit is typically done by an internal team who ensures the security measures are up tointernational standards.

D. This type of audit is usually done by the current network administrators who ensure the security measuresare up to international standards.

E. This type of audit is usually conducted by external resources and may be a review or audit of detailed auditlogs.



QUESTION 38The main reason you have been hired at a company is to bring the network security of the organization up tocurrent standards. A high priority is to have a full security audit of the network as soon as possible. You havechosen an Independent Audit and are describing it to your coworkers. Which of the following best describes anIndependent Audit?

A. An independent audit is usually conducted by external or outside resources and may be a review or audit ofdetailed audit logs.

B. The independent audit is usually done by the current network administrators who ensure the securitymeasures are up to international standards.

C. The independent audit is typically done by an internal team who ensures the security measures are up tointernational standards.

D. The independent audit is usually done by internal resources to examine the current daily and on-goingactivities within a network system for compliance with an established security policy.

E. The independent audit is typically done by a contracted outside team of security experts who check forpolicy compliance.



QUESTION 39ActualTests.comYou have been hired at a large company to manage network security issues. Prior to your arrival, there was noone dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the mainfunctions and features of network security. One of your assistants asks what the function of Authentication innetwork security is. Which of the following best describes Authentication?

A. Data communications as well as emails need to be protected for privacy and Authentication.Authentication ensures the privacy of data on the network system.

B. Authentication is a security principle that ensures the continuous accuracy of data and information storedwithin network systems. Data must be kept from unauthorized modification, forgery, or any other form ofcorruption either from malicious threats or corruption that is accidental in nature. Upon receiving the email

or data communication, authentication must be verified to ensure that the message has not been altered,modified, or added to or subtracted from in transit by unauthorized users.

C. The security must limit user privileges to minimize the risk of unauthorized access to sensitive informationand areas of the network that only authorized users should only be allowed to access.

D. Security must be established to prevent parties in a data transaction from denying their participation afterthe business transaction has occurred. This establishes authentication for the transaction itself for all partiesinvolved in the transaction.

E. Authentication verifies users to be who they say they are. In data communications, authenticating thesender is necessary to verify that the data came from the right source. The receiver is authenticated as wellto verify that the data is going to the right destination.



QUESTION 40You have been hired at a large company to manage network security issues. Prior to your arrival, there was noone dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the mainfunctions and features of network security. One of your assistants asks what the function of Confidentiality innetwork security is. Which of the following best describes Confidentiality?

A. Confidentiality verifies users to be who they say they are. In data communications, authenticating the senderis necessary to verify that the data came from the right source.

B. Data communications as well as emails need to be protected for privacy and confidentiality.Network security must provide a secure channel for the transmission of data and email that does not alloweavesdropping by unauthorized users. Data confidentiality ensures the privacy of data on the networksystem.


D. Security must be established to prevent parties in a data transaction from denying their ActualTests.comparticipation after the business transaction has occurred. This establishes Confidentiality for the transactionitself for all parties involved in the transaction.

E. Confidentiality is a security principle that ensures the continuous accuracy of data and information storedwithin network systems. Data must be kept from unauthorized modification, forgery, or any other form ofcorruption either from malicious threats or corruption that is accidental in nature.



QUESTION 41You have been hired at a large company to manage network security issues. Prior to your arrival, there was noone dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the mainfunctions and features of network security. One of your assistants asks what the function of Integrity in networksecurity is. Which of the following best describes Integrity?

A. The security must limit user privileges to minimize the risk of unauthorized access to sensitive informationand areas of the network that only authorized users should only be allowed to access.

B. Integrity verifies users to be who they say they are. In data communications, the integrity of the sender isnecessary to verify that the data came from the right source. The receiver is authenticated as well to verifythat the data is going to the right destination.

C. Data communications as well as emails need to be protected for privacy and Integrity. Network securitymust provide a secure channel for the transmission of data and email that does not allow eavesdropping byunauthorized users. Integrity ensures the privacy of data on the network system.

D. Integrity is a security principle that ensures the continuous accuracy of data and information stored withinnetwork systems. Data must be kept from unauthorized modification, forgery, or any other form ofcorruption either from malicious threats or corruption that is accidental in nature.Upon receiving the email or data communication, integrity must be verified to ensure that the message hasnot been altered, modified, or added to or subtracted from in transit by unauthorized users.

E. Security must be established to prevent parties in a data transaction from denying their participation afterthe business transaction has occurred. This establishes integrity for the transaction itself for all partiesinvolved in the transaction.



QUESTION 42You have been chosen to manage the new security system that is to be implemented next month in yournetwork. You are determining the type of access control to use. What are the two types of Access Control thatmay be implemented in a network?

A. Regulatory Access ControlB. Mandatory Access ControlC. Discretionary Access ControlD. Centralized Access ControlE. Distributed Access Control

Correct Answer: BCSection: (none)Explanation


QUESTION 43You have decided to implement SSH for communicating to your router. What does SSH use to establish asecure channel of communication?

A. RSA Public Key CryptographyB. DES Public Key CryptographyC. MD5 Private Key CryptographyD. MD5 Public Key CryptographyE. RSA Private Key Cryptography



QUESTION 44You wish to configure a new Cisco router, which will take advantage of the AutoSecure feature. The

AutoSecure security features are divided into which two planes?

A. Critical PlaneB. Management PlaneC. Recursive PlaneD. Non-Critical PlaneE. Forwarding PlaneF. Responsive Plane

Correct Answer: BESection: (none)Explanation


QUESTION 45You are configuring the Access Lists for your new Cisco Router. The following are the commands that areentered into the router for the list configuration.ActualTests.comRouter(config)#access-list 13 deny 10.10.10.0 0.0.0.255 Router(config)#access-list 13 permit 10.10.11.00.0.0.255 Router(config)#access-list 15 deny 10.10.12.0 0.0.0.255 Router(config)#access-list 15 permit10.10.11.0 0.0.0.255 Router(config)#interface Ethernet 0Router(config-if)#ip access-group 15 outRouter(config-if)#interface Ethernet 2Router(config-if)#ip access-group 15 outBased on this configuration, and using the exhibit, select the answers that identify what the list will accomplish.

A. Deny network 10.10.10.0 from accessing network 10.10.11.0B. Deny network 10.10.12.0 from accessing network 10.10.10.0C. Permit network 10.10.10.0 access to all other networksD. Deny network 10.10.12.0 from accessing network 10.10.11.0E. Permit network 10.10.11.0 access to all other networks

Correct Answer: BESection: (none)Explanation


QUESTION 46When you took over the security responsibilities at your office, you noticed there were no warning banners onany of the equipment. You have decided to create a warning login banner on your Cisco router.Which of the following shows the correct syntax for the banner creation?

A. banner login C Restricted access. Only authorized users allowed to access this device. CB. login banner C Restricted access. Only authorized users allowed to access this device. CC. banner login Restricted access. Only authorized users allowed to access this device.D. login banner Restricted access. Only authorized users allowed to access this device.E. banner logging C Restricted access. Only authorized users allowed to access this device. C



QUESTION 47You have been given the task of router configuration and security in your network. One of the first thingsyou wish to do is to modify the Terminal password. Which of the following shows the correct syntax to modifythe password for all the Terminal sessions?

A. line vty 0loginpassword s3cr3+

B. line vty 4loginpassword s3cr3+

C. line vty-0 4passwd s3cr3+

D. line vty 0 4loginpassword s3cr3+

E. line vty 0 4passwordlogin s3cr3+



QUESTION 48You are configuring your new Cisco router. During your configuration you wish to eliminate any security risksyou can, as based on your organizational security policy. The policy states that the Cisco Discovery Protocol isnot to be used on any interface on any of the routers. What is the command to turn off CDP for the entirerouter?

A. no cdp broadcastB. cdp disableC. no cdp enableD. no cdp runE. no cdp neighbors



QUESTION 49You are concerned about attacks against your network, and have decided to implement some defensivemeasure on your routers. If you have 3 interfaces, S1, S0, and E0, and you implement the followingconfiguration, what attack will you be defending against?

Router#config terminalRouter(config)# Interface Ethernet 0Router(config-if)#no ip directed broadcastRouter(config-if)#Interface Serial 0Router(config-if)#no ip directed broadcastRouter(config-if)#Interface Serial 1Router(config-if)#no ip directed broadcastRouter(config)#^ZRouter#

A. SmurfB. BO2KC. SubSevenD. Any TrojanE. Any Worm



QUESTION 50In order to add to your layered defense, you wish to implement some security configurations on your router. Ifyou wish to have the router work on blocking TCP SYN attacks, what do you add to the end of an ACLstatement?

A. The IP addresses for allowed networks

B. The port range of allowed applicationsC. The word EstablishedD. The word LogE. The string: no service udp-small-servers



QUESTION 51You are building custom ACLs on your routers to prevent known attacks from being successful against yournetwork. If you have configured and implemented the following statements, what two attacks are you workingtowards preventing?

Router(config)#access-list 160 deny tcp any any eq 27665 Router(config)#access-list 160 deny udp any any eq 31335Router(config)#access-list 160 deny udp any any eq 27444 Router(config)#access-list 160 deny tcp any any eq 6776 Router(config)#access-list 160 deny tcp any any eq 6669 Router(config)#access-list 160 deny tcp any any eq 2222 Router(config)#access-list 160 deny tcp any any eq 7000

A. A SYN AttackB. A Land AttackC. TRIN00 DDoS AttackD. SubSeven DDoS AttackE. A Spoofing Attack

Correct Answer: CDSection: (none)Explanation


QUESTION 52If you configure an access-list to block the following networks, what are you trying to protect against?Network 127.0.0.0/8, Network 0.0.0.0/0 Network 10.0.0.0/8 Network 172.16.0.0/16, and Network 168.0.0/16.

A. You are trying to protect against hijackingB. You are trying to protect against spoofingC. You are trying to protect against sniffingD. You are trying to protect against splicingE. You are trying to protect against capturing



QUESTION 53

You are a host in a network segment that has IP addresses in the range of 10.0.16.1~10.0.31.254. You need tocreate an access control list that will filter your segment of addresses. Which of the following is the wildcardmask that will be used to filter your network segment?

A. 0.0.15.255B. 0.0.16.254C. 255.240.0.0D. 0.0.240.0E. 10.0.16.1/20



QUESTION 54As per the specifications of the RFC on TCP, identify from the list below the correct order of the ControlBits in the TCP header from the left to the right (i.e., in the order they are sent):

A. PSH, URG, ACK, RST, SYN, FINB. SYN, FIN, ACK, PSH, RST, URGC. ACK, SYN, FIN, URG, PSH, RSTD. URG, ACK, PSH, RST, SYN, FINE. FIN, SYN, URG, ACK, PSH, RST



QUESTION 55Network Monitor was run on a Windows Server 2003. The exhibit shows the actual contents of a NetworkMonitor capture file.

What are the IP addresses of the source and destination hosts involved in this communication? To help youdetermine the two hosts, they have been outlined within the captured content.

A. 10.18.10.211 & 10.18.71.12B. 10.28.33.131 & 10.28.64.20C. 172.16.30.1 & 172.16.30.2D. 17.26.30.1 & 19.26.30.2E. 212.168.15.1 & 192.168.15.2

Correct Answer: C



QUESTION 56The exhibit shows a router with three interfaces E0, E1 and S0. Interfaces E0 and E1 are connected to internalnetworks 192.168.10.0 and 192.168.20.0 respectively and interface S0 is connected to the Internet.

The objective is to allow only network 192.168.20.0 to access e-commerce Web sites on the Internet, whileallowing all internal hosts to access resources within the internal network. From the following, select all theaccess list statements that are required to make this possible.

A. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any eq 80B. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any eq 53C. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any eq 443D. access-list 113 permit tcp 192.168.20.0 0.0.0.255 any lt 1023E. int S0, ip access-group 113 inF. int E1, ip access-group 113 inG. int S0, ip access-group 113 out

Correct Answer: ABCGSection: (none)Explanation


QUESTION 57What is the function of the following configuration fragment?

Router#configure terminalRouter(config)#line vty 0 4ActualTests.comRouter(config-line)#transport input ssh telnetRouter(config-line)#^ZRouter#

A. The router will attempt to use SSH first, then use Telnet

B. The router will attempt to use Telnet first, then use SSHC. The router will accept only SSH on VTY 0 4D. The router will accept both Telnet and SSH connectionsE. The router will accept only Telnet on VTY 0 4




The objective is to allow two hosts, 192.168.20.16 and 192.168.10.7 access to the Internet while all other hostsare to be denied Internet access. All hosts on network 192.168.10.0 and 192.168.20.0 must be allowed toaccess resources on both internal networks. From the following, select all the access list statements that arerequired to make this possible.

A. access-list 53 permit 192.168.20.16 0.0.0.0B. access-list 80 permit 192.168.20.16 0.0.0.0C. access-list 53 deny 0.0.0.0 255.255.255.255D. access-list 80 permit 192.168.10.7 0.0.0.0E. int S0, ip access-group 53 outF. int S0, ip access-group 80 out

Correct Answer: BDFSection: (none)Explanation


QUESTION 59You are going to migrate the Cisco routers in your network from RIPv1 to RIPv2. What is a security advantagethat RIPv2 provides over RIPv1?

A. RIPv2 encrypts all of the router updatesB. RIPv2 encrypts all the payloads in router updatesC. RIPv2 provides for authentication using Smart Cards and KerberosD. RIPv2 provides for authentication using NTLMv2E. RIPv2 allows for authentication of updates




The objective is to allow host 192.168.10.7 access to the Internet via ftp and deny access to the Internet toeveryone else while allowing them to access resources amongst themselves. From the following, select all theaccess list statements that are required to make this possible.

A. access-list 153 permit tcp 192.168.10.7 0.0.0.0 any eq ftpB. access-list 21 permit ip 192.168.10.7 0.0.0.0 any eq ftpC. access-list 21 deny 0.0.0.0 255.255.255.255D. int S0, ip access-group 21 outE. int S0, ip access-group 153 outF. int E1, ip access-group 153 in

Correct Answer: AESection: (none)Explanation


QUESTION 61You are configuring the Access Lists for your new Cisco Router. The following are the commands that are

entered into the router for the list configuration.

Router(config)#access-list 131 deny tcp 10.10.0.0 0.0.255.255 0.0.0.0 255.255.255.255 eq 23 Router(config)#access-list 131 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 Router(config)#interface Serial 0Router(config-if)#ip access-group 131 out

Based on this configuration, and using the exhibit, select the answers that identify what the list will accomplish.

A. Block all FTP Data traffic to the InternetB. Block all FTP Control traffic to the InternetC. Block all SMTP traffic to the InternetD. Permit all non-Telnet traffic to the InternetE. Block all Telnet traffic to the Internet

Correct Answer: DESection: (none)Explanation


QUESTION 62You are configuring the Access Lists for your new Cisco Router. The following are the commandsActualTests.comthat are entered into the router for the list configuration.

Router(config)#access-list 171 permit tcp 10.10.0.0 0.0.255.255 any eq 80 Router(config)#access-list 171 deny tcp 0.0.0.0 255.255.255.255 10.10.0.0 0.0.255.255 eq 80 Router(config)#access-list 171 deny tcp any any eq 23

Router(config)#access-list 171 permit tcp 10.10.0.0 0.0.255.255 any eq 20 Router(config)# access-list 171 permit tcp 10.10.0.0 0.0.255.255 any eq 21

Based on this configuration, and using the exhibit, select the answers that identify how the router will deal withnetwork traffic.

A. Permit WWW traffic to the InternetB. Deny WWW traffic to the internal networksC. Deny all Telnet trafficD. Permit FTP traffic to the InternetE. Permit FTP traffic to the internal networks

Correct Answer: ADESection: (none)Explanation


QUESTION 63You are configuring a L2TP solution between your office and your primary branch office. The CEO hasrequested a report on the benefits of using this technology. Which of the following benefits does L2TP (withIPSec) provide?

A. Bandwidth ManagementB. EncryptionC. User AuthenticationD. Packet Authentication

E. Key Management

Correct Answer: BDESection: (none)Explanation


QUESTION 64As you analyze the settings of the Secure Server (Require Security) IPSec policy in Windows Server 2003, youare looking at the options available for encryption and integrity. Which of the following answers presents alegitimate combination for encryption and integrity in the IPSec policy?

A. Encryption: SHA1, Integrity: 3DESB. Encryption: 3DES, Integrity: SHA1C. Encryption: RSA, Integrity: MD5D. Encryption: MD5, Integrity: RSAE. Encryption: SHA1, Integrity: MD5



QUESTION 65You are configuring a new custom IPSec policy on your Windows Server 2003 machine. On the rules tab, youfind the three default options under the IP Filter List. What are these three default options?

A. All TCP TrafficB. All UDP TrafficC. All IP TrafficD. All ICMP TrafficE. <Dynamic>

Correct Answer: CDESection: (none)Explanation


QUESTION 66During an analysis of your IPSec implementation, you capture traffic with Network Monitor. You are verifyingthat IP is properly identifying AH. When you look into IP, what protocol ID would IP identify with AH?

A. Protocol ID 0x800 (800)B. Protocol ID 0x6 (6)C. Protocol ID 0x15 (21)D. Protocol ID 0x33 (51)E. Protocol ID 0x1 (1)

Correct Answer: D



QUESTION 67You are designing a new IPSec implementation for your organization, and are trying to determine your securityneeds. You need to clearly understand the implementation choices, before you make any changes to thenetwork. Which of the following describes what transport and tunnel modes protect using IPSec?

A. In transport mode, IPSec protects upper-layer protocols.B. In transport mode, IPSec protects just the TCP header.C. In tunnel mode, IPSec protects the upper-layer protocols.D. In transport mode, IPSec protects the entire IP packet.E. In tunnel mode, IPSec protects the entire IP packet.F. In tunnel mode, IPSec protects just the IP header.



QUESTION 68If you wish to implement IPSec between two branch offices of your organization, and wish for this to include theencryption of the full packet, which implementation would meet your needs?

A. ESP in Transport ModeB. AH in Transport ModeC. ESP in Tunnel ModeD. AH in Tunnel ModeE. Combination of both AH and ESP in Transport Mode



QUESTION 69In your current organization, you have been given the task of implementing the IPSec solution. All your serversare running Windows Server 2003, so you wish to use the built in policies. What are the three default IPSecpolicies in Windows Server 2003?

A. Server (Require Security)B. Server (Request Security)C. Client (Respond Only)D. Client (Request Security)E. Server (Respond Only)

Correct Answer: ABCSection: (none)

Explanation


QUESTION 70You have clients that are connected to your network via a VPN. What is the internetwork environment thatconnects the VPN Client to the VPN Server called?

A. VPN TunnelB. Ethernet TunnelC. Internet PipeD. Transit NetworkE. Session Pipe



QUESTION 71To verify that your PPTP implementation is working as you intended, you sniff the network after theimplementation has been completed. You are looking for specific values in the captures that will indicate to youthe type of packets received. You analyze the packets, including headers and payload. PPTP works at whichlayer of the OSI model?

A. Layer 1B. Layer 2C. Layer 3D. Layer 4E. Layer 5



QUESTION 72You are the firewall administrator for your company and you have just learned that the Server administratorsare gearing up support an L2TP based VPN solution. You are told to be sure that your firewall rule sets will nothinder the performance of the VPN. Which port, from the following list, will you have to allow through thefirewall?

A. TCP 1701B. UDP 1701C. TCP 443D. UDP 443E. TCP 1601

Correct Answer: B



QUESTION 73After you implemented your IPSec solution, you wish to run some tests to verify functionality. Which of thefollowing provides confidentiality and authentication when implementing IPSec?

A. Authentication HeaderB. Encapsulating Security PayloadC. Security AssociationsD. Security AuthenticationsE. Encapsulating Delimiters



QUESTION 74Your network is going to implement a new IPSec solution. Which of the following IPSec components is used todefine the security environment in which the two hosts communicate?

A. Management ToolsB. Security Association APIC. IPSec DriverD. IP Policy AgentE. IP Security Policy and Security Association



QUESTION 75You are the firewall administrator at your company and the network administrators have decided to implement aPPTP VPN solution, which of these ports would you need to allow through the firewall to allow these VPNsessions into your network?

A. 1723B. 2397C. 5273D. 4378E. 7135



QUESTION 76In your network, at the last meeting, it was decided to modify the current client access to allow for VPNs.Which of the following authentication protocols are used in VPNs?

A. PAPB. CHAPC. SPAPD. MD7E. EAP-TLS

Correct Answer: ABCESection: (none)Explanation


QUESTION 77Your network is going to implement a new network security solution, and as part of this you are configuringIPSec on a Windows Server 2003 machine. Which of the following is the description of the Client (RespondOnly) default IPSec Policy?

A. This policy is used for normal communications, and any system with this policy enabled will have the abilityto communicate using IPSec if required, or requested.

B. This policy is used when all IP network traffic is to be secured. Any system with this policy enabled willalways enforce secure communications using IPSec.

C. This policy is used when IP traffic is to be secured, and to allow unsecured communication with clients thatdo not respond to the request.

D. This policy is used when clients are the only machines on the network that need IP traffic to be secured.Any client with this policy enabled will initialize secure communications with other clients runningActualTests.comthis policy.

E. This policy is used when clients must respond to IPSec servers. If the client does not use IPSec, networkcommunications will fail.



QUESTION 78In order to properly manage the network traffic in your organization, you need a complete understandingof protocols and networking models. In regards to the 7-layer OSI model, what is the function of the SessionLayer?

A. The Session layer allows two applications on different computers to establish, use, and end a session.This layer establishes dialog control between the two computers in a session, regulating which sidetransmits, plus when and how long it transmits.

B. The Session layer manages logical addresses. It also determines the route from the source to the

destination computer and manages traffic problems, such as routing, and controlling the congestion of datapackets.

C. The Session layer packages raw bits from the Physical (Layer 1) layer into frames (structured packets fordata). Physical addressing (as opposed to network or logical addressing) defines how devices areaddressed at the data link layer. This layer is responsible for transferring frames from one computer toanother, without errors. After sending a frame, it waits for an acknowledgment from the receiving computer.

D. The Session layer transmits bits from one computer to another and regulates the transmission of a streamof bits over a physical medium. For example, this layer defines how the cable is attached to the networkadapter and what transmission technique is used to send data over the cable.

E. The Session layer handles error recognition and recovery. It also repackages long messages, whennecessary, into small packets for transmission and, at the receiving end, rebuilds packets into the originalmessage. The corresponding Session layer at the receiving end also sends receipt acknowledgments.



QUESTION 79Your network is a mixed environment of Windows, Linux, and UNIX, computers. The routers are primarily Ciscoand the network uses a T-1 to connect to the Internet. You are experimenting with setting up a mail server in aproduction environment for internal use only. You do not want this mail server to receive any requests fromanywhere but the internal network. Therefore you have decided to block incoming SMTP traffic at the Firewall.Which port will you block at the Firewall?

A. 23B. 25C. 53D. 80E. 110



QUESTION 80You are training some network administrators to analyze log files. Some of the logs present IP addresses inbinary. You explain the usefulness of reading addresses in multiple formats. You demonstrate severalconversions between decimal and binary. What is the decimal equivalent of the following binary IP address:

11001111.10001010.01101101.01110001

A. 197.138.119.113B. 217.126.109.213C. 217.138.119.113D. 197.136.119.117E. 207.138.109.113

Correct Answer: ESection: (none)

Explanation


QUESTION 81You are configuring the IP addressing for your network. One of the subnets has been defined with addressesalready. You run ifconfig on a host and determine that it has an address of 10.12.32.18/14. What is thebroadcast address for this network?

A. 0.0.0.0B. 10.255.255.255C. 10.12.0.0D. 10.12.255.255E. 10.15.255.255



QUESTION 82During a network analysis session, you capture several TCP/IP sessions. You focus your analysis on the IPHeaders. In an IP Header, what is the function of the first four bits?

A. To define the typeB. To define the source port numberC. To define the destination port numberD. To define the IP VersionE. To define the upper layer protocol




QUESTION 83In order to properly manage the network traffic in your organization, you need a complete understanding ofprotocols and networking models. In regards to the 7-layer OSI model, what is the function of the TransportLayer?

A. The Transport layer allows two applications on different computers to establish, use, and end a session.This layer establishes dialog control between the two computers in a session, regulating which sidetransmits, plus when and how long it transmits.

B. The Transport layer manages logical addresses. It also determines the route from the source to thedestination computer and manages traffic problems, such as routing, and controlling the congestion of datapackets.

C. The Transport layer packages raw bits from the Physical (Layer 1) layer into frames (structured packets fordata). Physical addressing (as opposed to network or logical addressing) defines how devices areaddressed at the data link layer. This layer is responsible for transferring frames from one computer to

another, without errors. After sending a frame, it waits for an acknowledgment from the receiving computer.D. The Transport layer transmits bits from one computer to another and regulates the transmission of a stream

of bits over a physical medium. For example, this layer defines how the cable is attached to the networkadapter and what transmission technique is used to send data over the cable.

E. The Transport layer handles error recognition and recovery. It also repackages long messages, whennecessary, into small packets for transmission and, at the receiving end, rebuilds packets into the originalmessage. The corresponding Transport layer at the receiving end also sends receipt acknowledgments.ActualTests.com



QUESTION 84In your organization a decision has been made to implement a multicasting application. You are configuringyour firewall to allow this application to flow through in both directions. What address range are you going toaddress on the firewall?


A. 10.0.0.0/8B. 172.16.0.0/12C. Multicast addresses use APIPA's 169.254.0.0/16D. 224.0.0.0/4


E. Addresses are negotiated at the time of the multicast. The nearest router assigns a public IP addressassigned by ARIN.



QUESTION 85The main reason you have been hired at a company is to bring the network security of the organization up tocurrent standards. A high priority is to have a full security audit of the network as soon as possible. You havechosen an Independent Audit and are describing it to your coworkers. Which of the following best describes anIndependent Audit?



C. The independent audit is typically done by an internal team who ensures the security measures are up to

international standards.D. The independent audit is usually done by internal resources to examine the current daily and on-going

activities within a network system for compliance with an established security policy.E. The independent audit is typically done by a contracted outside team of security experts who check for

policy compliance.



QUESTION 86In your network, you manage a mixed environment of Windows, Linux, and UNIX computers. The clients runWindows 2000 Professional while the Servers are UNIX and Linux based with custom applications.During routine administration you successfully ping several nodes in the network. During this you are running apacket capture for further analysis. When examining one of the frames you notice that the Ethernet address forthe source is 1ED0.097E.E5E9 and that for the destination is 1ED0.096F.5B13. From this information yougather that:

A. They are in different networksB. The destination address is in the 1ED0 subnetC. The network cards are by the same manufacturerD. The destination address is in the 1ED0.09AA subnetE. The source and destination share the same MAC subnet "Pass Any Exam. Any Time." -

www.actualtests.com 39Exin SCNS: Practice Exam



QUESTION 87You suspect an increase in malicious traffic on your network. You run several packet captures to analyze trafficpatterns and look for signs of intruders. While studying the packets, you are currently looking for ICMPMessages. You choose to use the IP Protocol ID to locate different kinds of packets. What is the IP Protocol IDof ICMP?

A. 1B. 6C. 17D. 25E. 9



QUESTION 88

You have used a diagnostic utility to run a trace between two nodes on your network. During the trace, you arerunning a packet capture utility and notice the TTL is reaching zero on the trace. What will the router thatidentified the TTL as zero return to the host that originated the trace command?

A. An ICMP Source Route Invalid (SRI) messageB. An ICMP Destination Route Invalid (DRI) messageC. An ICMP Resend packet messageD. An IP Source Route Invalid (SRI) message

ActualTests.comE. An ICMP Time Exceeded message.



QUESTION 89Recently you feel your network has been attacked by people sending out of spec packets to your firewall inorder to get past the firewall rules. You have decided that you will capture all the packets on the firewallsegment with network monitor to analyze the TCP headers for proper use. If you capture a packet that is thefirst part of a legitimate three way handshake between two Windows 2000 professional computers, what will theSEQ and ACK values be for the initializing packet?

A. SEQ 0xF8ADCCEC, ACK 0x0B. SEQ 0x0, ACK 1x0C. SEQ 0x0, ACK 0xF8ADCCECD. SEQ 0xF8ADCCEB, ACK 0x1E. SEQ 0x0, ACK 0x1



QUESTION 90During a network packet capture in Wireshark, you capture ICMP traffic, and are analyzing this capture.In an ICMP Message, what is the function of the first eight bits?

A. To define the source port numberB. To define the typeC. To define the destination port numberD. To define the IP VersionE. To define the upper layer protocol



QUESTION 91You are introducing a co-worker to the security systems in place in your organization. During the discussion youbegin talking about the network, and how it is implemented. You decide to run a packet capture to identifydifferent aspects of network traffic for your co-worker. In the packet capture you are able to identify ProtocolIDs. What is the IP protocol ID for TCP?

A. Protocol ID 1B. Protocol ID 44C. Protocol ID 6D. Protocol ID 17E. Protocol ID 4



QUESTION 92The three-way handshake utilizes three steps, identified as: Step 1, 2 and 3, that take place between a clientand a server in order to establish a TCP connection.In Step 2 of a normal three-way handshake, the server is said to be performing:

A. An Active OpenB. A Passive OpenC. Both Active and Passive OpenD. A Passive Open, while simultaneously closing the Client's Active OpenE. An Active Open, while simultaneously closing the Client's Passive Open



QUESTION 93A significant function of TCP is the ability to guarantee session information. The method used by TCP toguarantee the uniqueness of a session between two hosts is which of the following?

A. By setting the control bits SYN and FIN within the same packetB. By implementing two two-way handshakes to tear down the connectionC. By setting the control bits URG and ACK within the same packetD. By implementing sequence numberingE. By implementing a combination of control bits PSH, URG & RST



QUESTION 94

You are capturing network traffic in Wireshark, for in-depth analysis. When looking at a TCP Header, what isthe function of the first sixteen bits?

A. To define the typeActualTests.com

B. To define the IP VersionC. To define the destination port numberD. To define the upper layer protocolE. To define the source port number



QUESTION 95Your office branch has been assigned the network address of 10.10.0.0/16 by the Corporate HQ. Presentlyyour network addressing scheme has these addresses split into eight networks as shown below:

1: 10.10.0.0/192: 10.10.32.0/193: 10.10.64.0/194: 10.10.96.0/195: 10.10.128.0/196: 10.10.160.0/197: 10.10.192.0/198: 10.10.224.0/19You need to take the currently unused block of network 10.10.160.0/19 and further divide it into eight networksfor use by a satellite branch that is being designed on the fourth floor of your building. What will the new subnetmask be for these new networks?

A. 255.255.252.0B. 255.255.0.0C. 255.248.0.0D. 255.255.240.0E. 255.255.255.0



QUESTION 96During a network capture in Network Monitor, you capture some UDP traffic. In a UDP Header, what is thefunction of the first sixteen bits?

A. To define the upper layer protocolB. To define the source port numberC. To define the destination port numberD. To define the IP Version

ActualTests.comE. To define the type



QUESTION 97During a network capture in Wireshark, you capture some IP traffic. In the IP Datagram, what is the function ofthe Protocol field?

A. This field is used to tell the upper layer protocols that IP is being used.B. This field is used to tell the lower layer protocols that IP is being used.C. This field is used to define the lower layer protocol to IP.D. This field is used to define the upper layer protocol to IP.E. This field is used to identify the version of the IP Protocol in use.



QUESTION 98You are configuring the IP addressing for your network. One of the subnets has been defined with addressesalready. You run ifconfig on a host and determine that it has an address of 172.18.32.54 with a mask of255.255.254.0. What is the network ID to which this host belongs?

A. 172.18.0.0B. 0.0.32.0C. 172.0.0.0D. 172.18.32.32E. 172.18.32.0



QUESTION 99As you increase the layers of security in your organization you watch the network behavior closely. What kind ofproblems can be introduced by adding file encryption to the computers in your network?

A. Network traffic will increase, due to larger packet sizeB. Routers processors will have more work to performC. Routers will require reconfiguring to address encrypted packetsD. Intrusion Detection system will generate more false-positives ActualTests.comE. Computers processors will have more work to perform


Explanation


QUESTION 100The following exhibit is a screen shot of a capture using Network Monitor. Examine the details as shown for aframe and identify which of the statements that follow best describes it.

A. This frame represents an ICMP echo message between the two hostsB. This frame represents an IP broadcast trying to resolve the target IP address to its MAC addressC. This frame represents an Ethernet broadcast trying to resolve the target IP address to its MAC addressD. This frame represents a reply from the target machine with the appropriate resolutionE. This frame represents the first fragment of the three-way handshake.



QUESTION 101Network Monitor was run on the Windows Server 2003 during a network session. The exhibit shows the actualcontents of the Network Monitor capture file.

The Hexadecimal value for the IP protocol and source ports have been circled in the exhibit. The contents ofwhat combination of IP Protocol and Application Layer Protocol have been captured here?

A. TCP & TFTP (Control)

B. UDP & FTP (Control)C. UDP & TFTP (Control)D. TCP & FTP (Data)E. UDP & FTP (Data)



QUESTION 102During your packet capture of traffic to check if your network is getting hit by a Denial of Service attack, youanalyze TCP headers. You notice there are many headers that seem to have the same SEQ number, with theresponding computer using different SEQ and ACK numbers in response. If you are analyzing a normal three-way handshake between two Windows Server 2003 nodes, and the first packet has a SEQ of 0xBD90FBFF,what will the responding computer use as an ACK?

A. 0xBD90FBFEB. 0xBD90FB00C. 1xBD90FBFED. 0xBD90FC00E. 1xBD90FC00



QUESTION 103If you are looking for plain-text ASCII characters in the payload of a packet you capture using Network Monitor,which Pane will provide you this information?

A. Summary PaneB. Packet PaneC. Collection PaneD. Hex PaneE. Detail Pane



QUESTION 104You have been given the task of implementing the wireless solution for your organizations campus.Which two antenna types are best suited for bridge applications connecting two buildings?

A. Yagi

B. ParabolicC. Omni-directionalD. Di-polarE. Mono-polar




QUESTION 105What type of wireless transmission utilizes the process shown in this image?

A. Frequency Hopping Spread Spectrum (FHSS)B. Direct Sequence Spread Spectrum (DSSS)C. Lamar Anthell Transmission (LAT)D. Digital Band Hopping (DBH)E. Digital Channel Hopping (DCH)



QUESTION 106You have been given the task of adding some new wireless equipment to the existing wireless network in youroffice. What wireless standard allows for up to 54 Mbps transmission rates and is compatible with 11b?

A. 802.1aB. 802.11eC. 802.11cD. 802.11gE. 802.11i



QUESTION 107You are configuring the Access Lists for your new Cisco Router. The following are the commands that areentered into the router for the list configuration.

Router(config)#access-list 64 deny 10.10.11.0 0.0.0.255 Router(config)#access-list 64 deny 10.10.12.0 0.0.0.255 Router(config)#interface Ethernet 0Router(config-if)#ip access-group 64 outBased on this configuration, and using the exhibit, select the answers that identify what the list will accomplish.

A. Deny network 10.10.11.0 from access to network 10.10.12.0B. Deny network 10.10.12.0 from access to network 10.10.11.0C. Deny network 10.10.11.0 from access to network 10.10.10.0D. Deny network 10.10.12.0 from access to network 10.10.10.0 ActualTests.comE. Deny all outgoing traffic on E0



QUESTION 108You have been given the task of building the new wireless networks for your office. What wireless standardallows for up to 54 Mbps transmission rates, but is not compatible with 802.11b?

A. 802.11cB. 802.11gC. 802.11eD. 802.11iE. 802.11a



QUESTION 109When logging in to a system that uses Challenge/Response authentication what is the order of steps a usermust follow to complete the login process?

A. Smart Card ID entered into PCB. Response number from Smart Card entered into PCC. Challenge number issues to clientD. Number entered into Smart CardE. a, b, c, dF. a, d, c, bG. a, c, d, bH. c, a, d, bI. c, a, d, b



QUESTION 110During your investigation into wireless security options, you are reading about the 820.11 standards.What wireless standard is designed to address the security issues of 802.11 networks?

A. 802.11aB. 802.11iC. 802.11bD. 802.11eE. 802.11g



QUESTION 111You are concerned that your Access Point security could be improved. What does an Access Point use to

announce its SSID to the network?

A. Burst PacketsB. 802.11g FramesC. Broadcast PacketsD. Beacon FramesE. MACv4 Broadcast Frames



QUESTION 112When a wireless client performs the initial process of communicating with an access point, what is this processcalled?

A. AssociationB. IdentificationC. AuthenticationD. AuthorizationE. Detection



QUESTION 113You have been given the task of establishing a new wireless network in your office. What are the two primarytypes of wireless LAN topologies?

A. HierarchicalB. MeshC. Broadcast

ActualTests.comD. Ad HocE. Infrastructure



QUESTION 114If you configure four laptops in your network to use the same SSID, and you have no access point in use, whattype of WLAN did you make?

A. Hierarchical

B. Ad HocC. MeshD. BroadcastE. Infrastructure



QUESTION 115You need to install a new antenna for the wireless network available on your companys property. Whichantenna type is best for extending the local range of an Access Point?

A. YagiB. Omni-directionalC. Di-polarD. ParabolicE. Mono-polar



QUESTION 116In your company it has been decide to create a custom firewall using IPTables. You have been given the task ofconfiguration and implementation. What is the first step you should take?

A. Set the three default policies (Input, Output, and Forward) to DENY.B. Set the Output policy to DENYC. Set the Input policy to DENYD. Set the Forward policy to DENYE. Set the Masquerade policy to DENY

ActualTests.com



QUESTION 117In the image, there are two nodes communicating via an access point. In the packet on the right side of theimage, the Address 1 field is blank. If this packet is destined for the other computer, what is the value that mustbe filled in this blank address field?

A. ABCDB. <null>C. 1234D. 2345E. ABCD-1234



QUESTION 118In the image, there are two nodes communicating via two access points that are bridging together twosegments. In the middle packet, under the left access point, the Address 4: field is blank. If this packet isdestined for the computer on the right side of the image, what must be the value of Address field 4 in thismiddle packet?

A. ABCDB. 6789C. 2345D. 1234E. CDEF



QUESTION 119There are several options for you to choose from when building your wireless security solution.Wireless Transport Layer Security is based on which fundamental security technology?

A. DESB. Triple-DESC. SSLD. WEPE. WAP



QUESTION 120You need to diagram wireless security options for your team during a planning meeting. What wireless securityprocess is shown in this image?

A. WPAB. WEPC. WTLSD. WPKIE. W3DES



QUESTION 121It has been decided that you must implement new security on your wireless networks. What wireless protectionsystem is defined as: MIC + TKIP + EAP + 802.1x?

A. WTLSB. WEPC. WPAD. W3DESE. WPKI


Explanation/Reference:"Pass Any Exam. Any Time." - www.actualtests.com 54

Exin SCNS: Practice Exam

QUESTION 122If you are configuring your WLAN for security, and you configure the access points with a security feature thatthe clients do not support, what can you add to the clients to have them participate in the WLAN?

A. Protocol AnalyzersB. WLAN SupportC. The correct SSIDD. New access pointsE. Supplicants



QUESTION 123If you are physically examining the office where your WLAN is configured, what are you performing?

A. Protocol AnalysisB. Packet AnalysisC. Cryptographic AnalysisD. Site SurveyE. Logical Survey



QUESTION 124What tool used in wireless network analysis has the ability to output its findings to MapPoint?

A. NetstumblerB. AirSnortC. WiresharkD. Network MonitorE. AirSniffer



QUESTION 125When using IPTables, the ability to specify all possible IP addresses in a rule is included; which of the followingare correct syntax for specifying all possible IP addresses?

A. ip=0/0B. 0/0C. anyD. IP=allE. IP=any



QUESTION 126You are training some of your team on the concepts of wireless technologies. What are the two types ofinfrared wireless transmissions?

A. BridgedB. Line of sightC. DiffusedD. RoutedE. Integrated



QUESTION 127In 802.1x, what allows for the multiple methods of user authentication? ActualTests.com

A. EAPB. WEPC. WTLSD. PHYE. MAC



QUESTION 128You are evaluating the security of different wireless media, and are considering an infrared solution. If anattacker is trying to gain access to an infrared transmission, what will the attacker need?

A. Powered light sourceB. Beam IntegratorC. Beam Collider

D. Beam SplitterE. Photon Analyzer



QUESTION 129You are evaluating the security of different wireless media, and are considering the use of microwavetechnology. What are the two types of microwave transmissions used in commercial wireless networking?

A. TerrestrialB. Line of sightC. DiffusedD. IntegratedE. Satellite



QUESTION 130In your office, you are building the new wireless network, and you will need to install several access points.What do wireless access points use to counter multipath interference?

A. Multiple encryption algorithmsB. Multiple AntennasC. Multiple radio frequenciesD. Duplicate packet transferE. Secondary transmissions



QUESTION 131There are several options available to you for your new wireless networking technologies, and you areexamining how different systems function. What transmission system uses multiple frequencies combinedtogether as a band?

A. Digital Channel Hopping (DCH)B. Lamar Anthell Transmission (LAT)C. Frequency Hopping Spread Spectrum (FHSS)D. Digital Band Hopping (DBH)E. Direct Sequence Spread Spectrum (DSSS)



QUESTION 132You are working on your companys IPTables Firewall, and you wish to create a rule to address the denial ofICMP requests and messages to your machine. Which of the following commands would you use during thecreation of such a rule?

A. -p 1B. -p echoC. -p TCP=1D. -d 1E. -d echo



QUESTION 133You have found a user in your organization who has managed to gain access to a system that this user was notgranted the right to use. This user has just provided you with a working example of which of the following?

A. IntrusionB. MisuseC. Intrusion detectionD. Misuse detectionE. Anomaly detection



QUESTION 134You have configured Snort and MySQL on your SuSe Linux machine. You wish to enhance the system by usingBASE. What is the function of BASE on your Snort machine?

A. BASE is an Apache module, required for Snort database connectivity.B. BASE is a web interface to analyze your Snort data.C. BASE is a Snort plug-in for managing rule sets.D. BASE is a php plug-in required in Apache to use Snort.E. BASE is used with ADOdb to allow for Snort to use php in Apache.



QUESTION 135You are going to add another computer to the pool that you use for detecting intrusions. This time you aremaking a customized Snort machine running on Windows Server 2003. Prior to running Snort you must installwhich of the following programs?

A. Network MonitorB. Network Monitor Tools and AgentC. libpcapD. WinPcapE. TCP/IP



QUESTION 136You are configuring the new Intrusion Detection System at your office. Your CEO asks you what the IDS will dofor the organization. You tell the CEO about the three main components of Network Security and explain howan IDS can be used to meet two of those components. What are the two major components of network securitythat an IDS can meet?

A. PreventionB. AnalysisC. DetectionD. InterpretationE. Response

Correct Answer: CESection: (none)Explanation


QUESTION 137After a meeting between the IT department leaders and a security consultant, they decide to implement a newIDS in your network. You are later asked to explain to your team the type of IDS that is going to beimplemented. Which of the following best describes the process of Host-Based Intrusion Detection Systems?

A. In a Host-Based IDS sensors are installed in key positions throughout the network, and they all report to thecommand console. The sensors in this case, are full detection engines that have the ability to sniff networkpackets, analyze for known signatures, and notify the console with an alert if an intrusion is detected.

B. Host-Based IDS uses what are known as agents (also called sensors). These agents are in fact smallprograms running on the hosts that are programmed to detect intrusions upon the host. They communicatewith the command console, or a central computer controlling the IDS.

C. In Host-Based IDS, the agents on the hosts are the ones that perform the analysis of the network traffic.The intrusion data can be monitored in real-time.

D. In a Host-Based IDS sensors (also called agents) are placed on each key host throughout the networkanalyzing the network packets for intrusion indicators. Once an incident is identified the sensor notifies the

command console.E. In Host-Based IDS, the network traffic data is gathered and sent from the host to a centralized location.

There is no significant performance drop on the hosts because the agents simply gather information andsend them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response.



QUESTION 138You have successfully implemented a new Intrusion Detection System in your network. You have verified thatthe system is active and did detect the tests you have run against it thus far. You are now in the stage ofidentifying the type of analysis you wish to use with the system. You meet with the rest of the IT staff and areasked to describe the different options for analysis. Which of the following best describes Interval Analysis?

A. This method of analysis uses the internal operating system (or other host-based) audit logs to capture theevents, and the IDS at given intervals analyzes the data in the logs for signatures of intrusion.

B. The basic concept of Interval analysis is to find a deviation from a known pattern of behavior.Using this method, an IDS would create profiles of user behavior.

C. Interval analysis runs continuously, collecting, analyzing, reporting, and responding (if programmed to doso). An event cannot be countered the exact moment it happens. However, the concept behind Intervalanalysis is such that an attack should be dealt with as it is happening, and if the system knows thesignature, stop the attack before it can complete and compromise a host."Pass Any Exam. Any Time." - www.actualtests.com 60Exin SCNS: Practice Exam

D. Interval analysis is a method in which the IDS gathers data from both the internal IDS logs and host-basedlogs, such as Event Viewer files. Using the collected data, the IDS reports on found anomalies and/orintrusions.

E. Interval analysis is the process of matching known attacks, at intervals, against the data collected in thenetwork. If there is a match, then that is a trigger for an intrusion, and an alarm may be the result.



QUESTION 139You are configuring your new IDS machine, where you have recently installed Snort. While you are working withthis machine, you wish to create some basic rules to test the ability to log traffic as you desire.Which of the following Snort rules will log any telnet traffic from any IP address to port 23 of the 10.0.10.0/24network?

A. log udp any any -> 10.0.10.0/24 23B. log any any -> 10.0.10.0/24 telnetC. log udp telnet any -> 10.0.10.0/255.255.255.0D. log tcp telnet any -> 10.0.10.0/255.255.255.0E. log tcp any any -> 10.0.10.0/24 23


Explanation


QUESTION 140You are configuring your new IDS machine, where you have recently installed Snort. While you are working withthis machine, you wish to create some basic rules to test the ability to log traffic as you desire.Which of the following Snort rules will log any tcp traffic from any IP address to any port between 1 and 1024 onany host in the 10.0.10.0/24 network?

A. log tcp 0.0.0.0/24 -> 10.0.10.0/24 1<>1024B. log tcp any any -> 10.0.10.0/24 1<>1024C. log tcp any any -> 10.0.10.0/24 1:1024D. log tcp 0.0.0.0/24 -> 10.0.10.0/24 1:1024E. log udp any any -> 10.0.10.0/24 1:1024



QUESTION 141You have discovered that your Bastion host has been compromised but cannot determine when thecompromise occurred. The best course of action for you to take would be:

A. Boot to the "Last Known Good Configuration".B. Format the disk and re-install everything from scratch.C. Restore from your most recent tape back-up.D. Run an Anti-Virus scan on the Bastion host and clean any infected files.E. Download and run the patch for the exploit that was used in the attack.



QUESTION 142You are configuring your new IDS machine, and are creating new rules. You enter the following rule:

Alert tcp any any -> any 23 (msg: "Telnet Connection Attempt";)

What is the effect of this rule?

A. This is a logging rule, designed to capture any telnet attemptsB. This is an alert rule, designed to notify you of the use of telnet in either directionC. This is an alert rule, designed to notify you of the use of telnet in one directionD. This is a logging rule, designed to notify you of telnet connection attempts ActualTests.comE. This is an alert rule, designed to notify you of attempts to connect from any IP address on port 23 to any IP

address and any port on a remote host.



QUESTION 143You are configuring your new IDS machine, and are creating new rules. You enter the following rule:Alert tcp any any -> 10.0.10.0/24 any (msg: "SYN-FIN scan detected"; flags: SF;) What is the effect of this rule?

A. This is an alert rule, designed to notify you of SYN-FIN scans of the network in one direction.B. This is an alert rule, designed to notify you of SYN-FIN scans of the network in either direction.C. This is a logging rule, designed to capture SYN-FIN scans.D. This is a logging rule, designed to notify you of SYN-FIN scans.E. This is an alert rule, designed to notify you of SYN-FIN scans originating from the 10.0.10.0/24 network.



QUESTION 144If you wanted to configure your new system to use the process of detecting unauthorized activity that matchesknown patterns of misuse, this system would be an example of which of the following?




QUESTION 145You are configuring your new IDS machine, and are creating new rules. You enter the following rule:Alert tcp any any -> 10.0.10.0/24 any (msg: "NULL scan detected"; flags: 0;) What is the effect of this rule?

A. This is a logging rule, designed to capture NULL scans originating from the 10.0.10.0/24 network.B. This is a logging rule, designed to capture NULL scans.C. This is an alert rule, designed to notify you of NULL scans of the network in either direction.D. This is an alert rule, designed to notify you of NULL scans of the network in one direction.E. This is a logging rule, designed to notify you of NULL scans.



QUESTION 146You are configuring your new IDS machine, and are creating new rules. You enter the following rule:Alert tcp any any -> 10.0.10.0/24 (msg: "O/S Fingerprint detected"; flags: S12;) What is the effect of this rule?

A. This is a logging rule, designed to capture Operating System detection traffic.B. This is an alert rule, designed to notify you of attempts at learning Operating Systems in one direction.C. This is an alert rule, designed to notify you of attempts at learning Operating Systems in either direction.D. This is a logging rule, designed to notify you of Operating System detection attempts.E. This is a logging rule, designed to capture Operating System detection traffic originating from the

Correct Answer: Section: (none)Explanation


QUESTION 147You are configuring a new custom IPSec policy on your Windows Server 2003 machine. On the rules tab, youfind the three default options under the IP Filter List. What are these three default options?

A. All TCP TrafficB. All UDP TrafficC. All IP TrafficD. All ICMP TrafficE. <test phpinfo() />



QUESTION 148You are reviewing the IDS logs and during your analysis you notice a user account that had attempted to log onto your network ten times one night between 3 and 4 AM. This is quite different from the normal pattern of thisuser account, as this user is only in the office from 8AM to 6PM. Had your IDS detected this anomaly, which ofthe following types of detection best describes this event?

A. External IntrusionB. Internal IntrusionC. Misuse DetectionD. Behavioral Use DetectionE. Hybrid Intrusion Attempt




QUESTION 149What is the primary difference between proxy and packet filtering when the firewall is making a decisionas to whether it should or should not allow a packet through?

A. Both Proxy and Packet filtering filter based upon identical criteria.B. Proxy can filter according to the information contained in the header and payload of the packet.C. Proxy can filter based only upon information contained in the header of the packet.D. Packet filtering can filter based only upon information contained in the header of the packet.E. Packet filtering can filter according to the information contained in the header and payload of the packet.



QUESTION 150You have just installed a new network-based IDS for your organization. You are in the middle of your initialconfiguration of the system, and are now configuring the response. What is the most common response of anIDS when an event happens?

A. To trace the origin of the eventB. To close the communication path to the hostile hostC. To page the security officer on callD. To place an entry of the event in the log fileE. To reconfigure the service that is being exploited



QUESTION 151Your new Intrusion Detection System involves a customized Snort machine with a complex rule set. One thingyou wish to accomplish is to identify payload datA. When using Snort and you need to see the data in thepayload in a packet, what switch should you use?

A. -vB. -VC. -tD. -TE. -d



QUESTION 152You have configured Snort, running on your Windows Server 2003, to connect to a MySQL database.You are now creating the Snort database in MySQL. At the MySQL prompt, what is the correct command tocreate a database named: snortdb1?

A. create database snortdb1;B. build database snortdb1;C. enable database snortdb1;D. create snortdb1 database;E. build snortdb1 database;F. enable snortdb1 database;



QUESTION 153You are going to configure your SuSe Linux computer to run Snort as your IDS. Prior to running Snort, you wishto configure Apache and PHP, so you may use Snort monitoring tools in the browser. You need to verify thatApache and PHP are running properly. What line needs to be entered in the info.php file to test PHP on yourApache server?

A. </php phpinfo() >B. http://localhost/info.phpC. <?php phpinfo(); ?>D. <test phptest() />E. <test phpinfo() />



QUESTION 154You are configuring the new machine in your network that you wish to be used for Snort in your network.What is the switch used when telling Snort to apply the rules in the Snort Configuration file to packetsprocessed by snort?

A. -cB. -CC. -rD. -RE. -p



QUESTION 155You are configuring your new Intrusion Detection System, and studying the true-false matrix. You read aboutthe different types of alarms and events. Which of the following defines an event where an alarm is indicatingan intrusion when there is an actual intrusion?




QUESTION 156You are configuring your Snort rules and you wish to tell Snort to log and send notice when a type of packet isreceived, what rule action syntax will you use?

A. AlertB. LogC. Pass

ActualTests.comD. ActivateE. Dynamic



QUESTION 157You have just installed a new IDS and are creating the analysis options. Since you wish for your options to bebased on time, which of the following will be able to meet your analysis needs?

A. Interval AnalysisB. Real-time AnalysisC. Statistical AnalysisD. Signature AnalysisE. Behavioral Use Analysis



QUESTION 158You are reconfiguring your networks firewall to create a DMZ using three network interfaces. After configuringthe addresses on the interfaces, you are making the required changes in ISA Server 2006. You are going touse Network Template during this configuration change. What Network Template is designed for this firewalltopology?

A. DMZ-ModeB. Multi-NICC. 3-Node FirewallD. 3-Leg PerimeterE. DMZ-Mode, then select three as the number of NICs to configure



QUESTION 159You have decided to install Snort on your Windows Server 2003 and are making changes to the defaultconfiguration file. You see the following two lines:

include classification.configinclude reference.config

What should these two lines read, after you make your changes, on a default installation?

A. include C:\Snort\etc\classification.configB. include C:\Snort\etc\reference.configC. include \classification.configD. include \reference.configE. include //classification.configF. include //reference.config



QUESTION 160You are configuring the Snort Rules for your new IDS. You are creating the rules, and wish to avoid theSnort Rule IDs that are reserved for Snorts use. Which of the following is the range of Snort Rule IDs that arereserved for Snorts use?

A. There are no Rule IDs reservedB. 1,000,000 2,000000C. 2,000,000 10,000,000D. 1-100E. 1-10

Correct Answer: D



QUESTION 161During your configuration of Snort, you wish to use priority levels in your rules. What are the three options in theSnort rule that can be used to define the Priority level of the rule?

A. HighB. MediumC. LowD. FirstE. SecondF. Third

Correct Answer: ABCSection: (none)Explanation


QUESTION 162You are configuring Snort on your new IDS, and wish to categorize the events of the rules you will use.Which keyword is used to categorize Snort events?

A. ContentB. AlertC. DepthD. ClasstypeE. Offset



QUESTION 163For the new Snort rules you are building, it will be required to have Snort examine inside the content of thepacket. Which keyword is used to tell Snort how far inside the packet it should look for the pattern, or definedcontent match?

A. DepthB. OffsetC. NocaseD. Flow_ControlE. Classtype

Correct Answer: ASection: (none)

Explanation


QUESTION 164You have been working with Snort, on your Windows Server 2003, for some time as a packet capture tool, andnow wish to connect Snort to a database on your server. You install MySQL as the database, and are ready toconfigure Snort. If the database is named: snortdb1, has a user name of: snort, and a password of: snortpass,what is the configuration line you need to add to Snort?

A. output database: log, mysql, username:snort, password:snortpass, dbname:snortdb1, host:localhostB. output database: log: mysql: user=snort: password=snortpass: dbname=snortdb1:

host=localhostC. output database: log; mysql; username:snort; password:snortpass; dbname:snortdb1; ActualTests.com

host:localhostD. output database log mysql user=snort password=snortpass dbname=snortdb1 host=localhostE. output database: log, mysql, user=snort password=snortpass dbname=snortdb1 host=localhost



QUESTION 165As Intrusion Detection Systems become more sophisticated, the software manufacturers develop differentmethods of detection. If an IDS uses the process of finding a deviation from a well know pattern of userbehavior, what is this known as?

A. Signature analysisB. Packet filter matchingC. Statistical analysisD. Analysis engine engagementE. Packet match and alarming



QUESTION 166What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts werepart of a bigger intrusion, or would help discover infrequent attacks?

ActualTests.com

A. 5B. 9C. 12D. 10E. 4



QUESTION 167You are going to configure your SuSe Linux machine to run Snort, as the IDS in your network. In order to takefull advantage of Snort, you have read that you need a LAMP Server. What are the components of a LAMPServer?

A. Linux, Apache, MySQL, and PHPB. Linux, ADOdb, MySQL, and PythonC. Linux, ADOdb, MySQL, and PerlD. Linux, Apache, Mozilla, and PearE. Linux, ADOdb, Mozilla, and PHP



QUESTION 168As Intrusion Detection Systems become more sophisticated, the software manufacturers develop differentmethods of detection. If an IDS uses the process of matching known attacks against data collected in yournetwork, what is this known as?

A. Signature analysisB. Packet filter matchingC. Statistical analysisD. Analysis engine engagementE. Packet match and alarming



QUESTION 169You are configuring the Intrusion Detection System in your network, and a significant part of the strategy is touse custom Snort rules. When setting rules for Snort, what rule option keyword would you use to match adefined value in the packets payload?

A. MsgB. TtlC. IdD. FlagsE. Content



QUESTION 170After installing Snort on your Windows machine that is destined to be your IDS, you need to edit theconfiguration file to customize it to your needs. What is the name of that configuration file?

A. Snort.cfgB. Config.sntC. Snort.configD. Snort.confE. Config.snort



QUESTION 171You have recently been contracted to implement a new firewall solution at a client site. What are the two basicforms of firewall implementations?

A. ChainingB. StatefulC. DMZD. StatelessE. KMZ



QUESTION 172You are going to add another computer to the pool that you use for detecting intrusions. This timeActualTests.comyou are making a customized Snort machine running on Windows 2000 Professional. Prior to running Snort youmust install which of the following programs?

A. Network MonitorB. Network Monitor Tools and AgentC. LibpcapD. WinPcapE. TCP/IP



QUESTION 173You have recently installed ISA Server 2006 as your firewall, and are building some new rules. If you need tocreate a rule that will be based upon a Network Set, which of the following would you select in the Toolbox?

A. User GroupB. Extension TypeC. Network ObjectsD. Protocol SetE. Destination Set

Correct Answer: CSection: (none)

Explanation


QUESTION 174During the configuration of your newly installed ISA Server 2006, you are creating new rules. Which three of thefollowing answers are used to create a protocol rule in ISA Server 2006?

A. FilterB. NameC. DirectionD. ActionE. Network



QUESTION 175In the command ipchains -N chain , what will the -N accomplish in the chain?

A. Calls up the next sequential chainB. Create a new chain named "chain"C. Calls up the chain named "chain"D. Negate the current chainE. Commit the new changes in the present chain



QUESTION 176You are reviewing your companys IPTables Firewall and see the command (minus the quotes) " ! 10.10.216" aspart of a rule, what does this mean?

A. Traffic destined for host 10.10.10.216 is exempt from filteringB. Traffic originating from host 10.10.10.216 is exempt from filteringC. Any host except 10.10.10.216D. Only host 10.10.10.216E. Traffic destined for 10.10.10.216 gets sent to the input filter.F. Traffic originating from 10.10.10.216 gets sent to the input filter



QUESTION 177You are configuring the Access Lists for your new Cisco Router. The following are the commands that areentered into the router for the list configuration.

Router(config)#access-list 55 deny 10.10.12.0 0.0.0.255 Router(config)#access-list 55 permit 0.0.0.0255.255.255.255 Router(config)#interface E1Router(config-if)#ip access-group 55 outRouter(config-if)#interface S0Router(config-if)#ip access-group 55 outBased on this configuration, and using the exhibit, select the answers that identify what the list will accomplish.

ActualTests.com

A. Permit network 10.10.12.0 access to network 10.10.11.0B. Permit network 10.10.12.0 access to network 10.10.10.0C. Permit network 10.10.12.0 access to the Internet


D. Permit network 10.10.10.0 access to the InternetE. Permit network 10.10.11.0 access to the Internet



QUESTION 178You need to add a line to your IPTables Firewall input chain that will stop any attempts to use the default installof Back Orifice against hosts on your network (the 10.10.10.0 network). Which of the following would be thecorrect command to use?

A. ipchains -A input TCP -d 0.0.0.0/0 -s 10.10.10.0/24 31337 -J DENYB. ipchains -A input UDP -s 0.0.0.0/0 -d 10.10.10.0/24 p:31337 -j DENYC. ipchains -A input -s 0.0.0.0/0 -d 10.10.10.0/24 -p 31337 -j DENYD. ipchains -A input TCP -s 0.0.0.0/0 -d 10.10.10.0/24 31337 -j DENYE. ipchains -A input -s 0.0.0.0/0 -d 10.10.10.0/24 31337 -j deny



QUESTION 179You have recently taken over the security of a mid-sized network. You are reviewing the current configuration ofthe IPTables firewall, and notice the following rule:ipchains -A output -p TCP -s 10.0.10.0/24 -d 0.0.0.0/0 80 -j ACCEPT What is the function of this rule?

A. This rule for the output chain states that any TCP traffic from the 10.0.10.0 network and destined for any IPaddress on port 80 is to be accepted.

B. This rule for the input chain states that any TCP traffic from the 10.0.10.0 network and destinedActualTests.comfor any IP address on port 80 is to be accepted.

C. This rule for the output chain states that all traffic from any network and destined for the 10.0.10.0 networkon port 80 is to be accepted.

D. This rule states that all web traffic from any network is to jump to the accept rule.E. This rule states that all incoming web traffic from any network is to be output to the accept rule.



QUESTION 180You have recently taken over the security of a mid-sized network. You are reviewing the current configuration ofthe IPTables firewall, and notice the following rule:ipchains -A input -p TCP -s 0.0.0.0/0 -d 10.0.10.0/24 5000:10000 -j DENY What is the function of this rule?

A. This rule for the output chain states that any TCP traffic from any IP address destined for the 10.0.10.0network on ports 5000 to 10000 is to be denied.

B. This rule for the input chain states that any TCP traffic from any IP address destined for the 10.0.10.0network on ports 5000 to 10000 is to be denied.

C. This rule for the output chain states that any traffic from the TCP port to the 10.0.10.0 network on ports5000 and 10000 is to be denied.

D. This rule for the input chain states that any traffic from the TCP port to the 10.0.10.0 network on ports 5000and 10000 is to be denied.

E. This rule for the input chain states that any traffic from the 10.0.10.0 network to ports 5000 and 10000 is tobe denied.



QUESTION 181After installing Snort on your windows machine that is destined to be your IDS, you need to edit theconfiguration files entry of "HOME_NET" to define which of the following?

A. The name of the Domain (or domains) you are parts ofB. The host name of the machine you are installing Snort onC. The name of the network segment you are using Snort to monitorD. The IP address of the machine you are installing Snort onE. The IP subnet address of the network segment you are using Snort to monitor



QUESTION 182One of the firewall choices you are thinking of implementing, in your network, is a proxy server. A proxy servercan accomplish which of the following statements?

A. Cache web pages for increased performanceB. Operate at the Application layer of the OSI modelC. Allow direct communication between an internal and external hostD. Permit or deny traffic based upon type of serviceE. Filter executables that are attached to an e-mail

Correct Answer: ABDESection: (none)Explanation


QUESTION 183You have recently taken over the security of a mid-sized network. You are reviewing the current configuration ofthe IPTables firewall, and notice the following rule:ipchains -A output -p TCP -d 172.168.35.40 ! wwwWhat is the function of this rule?

A. This rule for the output chain states that all www traffic on 172.168.35.40 from any IP address is allowed.B. This rule for the input chain states that all TCP packets are allowed to the 172.168.35.40 IP address to any

port other than 80.C. This rule for the input chain states that all TCP packets are able to get to the www service on any IP

address except for 172.168.35.40.D. This rule for the output chain states that all TCP packets are able to get to the www service on any IP

address except for 172.168.35.40.

E. This rule for the output chain states that all TCP packets are allowed to the 172.168.35.40 IP address to anyport other than 80.



QUESTION 184Your company has recently become security conscious and wishes to protect it's electronic assets.What is the first thing you should have in place before configuring rules for your company's firewall?

A. A Security PolicyB. AN IDS

ActualTests.comC. A DNS serverD. An Email serverE. A WINS server



QUESTION 185Your company has created it's security policy and it's time to get the firewall in place. Your group is trying todecide whether to build a firewall or buy one. What are some of the downsides to deciding to build a firewallrather than purchase one?

A. Weak (or no) management GUI."Pass Any Exam. Any Time." - www.actualtests.com 78Exin SCNS: Practice Exam

B. Weak (or no) logging and alerting.C. Weak rule configuration.D. The OS cannot be hardened before implementing the firewall on it.E. Weak (or no) real time monitoring.

Correct Answer: ABESection: (none)Explanation


QUESTION 186Which of the following is a potential weakness of a commercial firewall product that is installed on a hardenedmachine?

A. That you will not be able to use it in conjunction with personal firewalls on user's desktop machines.B. You will have to give the vendor confidential network information.C. You will be required to use the configuration that the vendor assigns you.

D. That the firewall's vendor may be compromised and your private information may publicly available.E. That it may be vulnerable to attacks targeting the underlying Operating System.



QUESTION 187Your company has created it's security policy and it's time to get the firewall in place. Your group is trying todecide whether to build a firewall or buy one. What are some of the benefits to purchasing a firewall rather thanbuilding one?

A. They usually have a good management GUI.ActualTests.com

B. They offer good logging and alerting.C. You do not need to configure them.D. The OS doesn't need to be hardened before installing the vendor's firewall on it.E. They often do real time monitoring.



QUESTION 188Your organization has extensive resources that you must make available to authorized users, through your ISAServer 2006. From the following answers, select the one that is not a feature of ISA Server Content Publishing:

A. Secure Sockets Layer (SSL) BridgingB. Web Caching and DeliveryC. Web Publishing Load BalancingD. Enhanced Multi-factor AuthenticationE. Robust Logging and Reporting



QUESTION 189What step in the process of Intrusion Detection as shown in the exhibit would an e-mail be delivered to thesecurity admin if an attack were presently taking place?

ActualTests.com

A. 3B. 6C. 7D. 8E. 11



QUESTION 190You are reconfiguring your networks firewall to create a DMZ using three network interfaces. After configuringthe addresses on the interfaces, you are making the required changes in ISA Server 2006. You are going touse a Network Template during this configuration change. What Network Template is designed for this firewalltopology?

A. DMZ-ModeB. Multi-NICC. 3-Node FirewallD. 3-Leg Perimeter

E. DMZ-Mode, then select three as the number of NICs to configure



QUESTION 191You have just installed a new ISA Server 2006, and are monitoring the new deployment. In the MonitoringDetails pane, which tab will provide you with visual displays of current monitoring information?

A. SummaryB. SessionsC. DashboardD. ReportsE. Alerts



QUESTION 192You are installing a new firewall and your CEO asks what the benefits will be to the organization. Which of thefollowing are benefits to implementing a firewall?

A. Increased bandwidthB. End node virus controlC. Central network traffic auditingD. Increased ability to enforce policiesE. Efficient IP Address allocation



QUESTION 193You are going to lead the deployment of a new firewall solution in your office, and are discussing the optionswith your team. What are the two versions of ISA Server 2006?

A. Server EditionB. Professional EditionC. Stand-Alone EditionD. Distributed EditionE. Standard EditionF. Enterprise Edition

Correct Answer: EFSection: (none)Explanation


QUESTION 194You have just installed a new firewall and explained the benefits to your CEO. Next you are asked what someof the limitations of the firewall are. Which of the following are issues where a firewall cannot help to secure thenetwork?

A. Poor Security PolicyB. Increased ability to enforce policiesC. End node virus controlD. Decreased ability to enforce policiesE. Social Engineering

Correct Answer: ACESection: (none)Explanation


QUESTION 195You have been given the task of installing a new firewall system for your network. You are analyzing thedifferent implementation options. Which of the following best describes a Single Packet Filtering Device?

A. This is when one device is configured to run as a packet filter, granting or denying access based on thecontent of the headers.

B. This is when a packet is received on one interface and sent out another interface.C. This is when a device has been configured with more than one network interface, and is running proxy

software to forward packets back and forth between the interfaces.D. This is when the device reads only the session layer and higher headers to grant or deny access to the

packet.E. This is when the network is protected by multiple functions.




QUESTION 196You have been given the task of installing a new firewall system for your network. You are analyzing thedifferent implementation options. Which of the following best describes a Multi- homed Device?


A. This is when one device is configured to run as a packet filter, granting or denying access based on thecontent of the headers.

B. This is when a packet is received on one interface and sent out another interface.C. This is when a device has been configured with more than one network interface, and is running proxy

software to forward packets back and forth between the interfaces.D. This is when the device reads only the session layer and higher headers to grant or deny access to the

packet.E. This is when the network is protected by multiple functions.



QUESTION 197You are in the process of configuring your network firewall policy. As you begin building the content of the policyyou start to organize the document into sections. Which of the following are sections found in the firewallpolicy?

A. The Acceptable Use StatementB. The Firewall Administrator StatementC. The Network Connection Statement

ActualTests.comD. The Incident Handling StatementE. The Escalation Procedures Statement



QUESTION 198You are building the rules of your new firewall. You wish to allow only (Internal) access to standard www siteson the Internet (External). You wish for all other traffic to be disallowed. Which of the following rules will youhave to implement to make this happen?

A. Direction: Inbound, Protocol: TCP, Source IP: Internal, Destination IP: External, Source Port: 80, DestinationPort: >=1024, Action: Allow.

B. Direction: Outbound, Protocol: TCP, Source IP: External, Destination IP: Internal, Source Port: 80,Destination Port: >=1024, Action: Allow.

C. Direction: Outbound, Protocol: TCP, Source IP: Internal, Destination IP: External, Source Port: >=1024,Destination Port: 80, Action: Allow.

D. Direction: Inbound, Protocol: TCP, Source IP: External, Destination IP: Internal, Source Port: 80, DestinationPort: >=1024, Action: Allow.

E. Direction: Inbound, Protocol: WWW, Source IP: Internal, Destination IP: External, Source Port: 80,Destination Port: >=1024, Action: Allow



QUESTION 199You are building the rules of your new firewall. You wish to allow only (Internal) access to secure www sites onthe Internet (External). You wish for all other traffic to be disallowed. Which of the following rules will you haveto implement to make this happen?

A. Direction: Inbound, Protocol: TCP, Source IP: External, Destination IP: Internal, Source Port: 80, DestinationPort: >=1024, Action: Allow.

B. Direction: Outbound, Protocol: TCP, Source IP: Internal, Destination IP: External, Source Port: >=1024,Destination Port: 80, Action: Allow.


D. Direction: Inbound, Protocol: TCP, Source IP: External, Destination IP: Internal, Source Port: 443,Destination Port: >=1024, Action: Allow.

E. Direction: Inbound, Protocol: WWW, Source IP: Internal, Destination IP: External, Source Port: 80,Destination Port: >=1024, Action: Allow



QUESTION 200You are building the rules of your new firewall. You wish to allow only (Internal) access to smtp email on theInternet (External). You wish for all other traffic to be disallowed. Which of the following rules will you have toimplement to make this happen?

A. Direction: Inbound, Protocol: TCP, Source IP: Internal, Destination IP: External, Source Port: 25, DestinationPort: >=1024, Action: Allow.

B. Direction: Outbound, Protocol: TCP, Source IP: External, Destination IP: Internal, Source Port: 25,Destination Port: >=1024, Action: Allow.


D. Direction: Inbound, Protocol: TCP, Source IP: External, Destination IP: Internal, Source Port: 25, DestinationPort: >=1024, Action: Allow.

E. Direction: Inbound, Protocol: SMTP, Source IP: Internal, Destination IP: External, Source Port: 25,Destination Port: >=1024, Action: Allow



QUESTION 201After you configure the monitoring options on your ISA Server 2006, you wish to configure logging. What arethe two options for you to configure on ISA Server 2006 for logging?

A. Internal LoggingB. Protocol Logging

ActualTests.comC. External LoggingD. Web Proxy LoggingE. Firewall Logging



QUESTION 202Your company has many different services that go through your ISA Server 2006, and you need to prioritize thenetwork traffic. What does ISA Server 2006 use to prioritize packets?

A. Differentiated Services (DiffServ) protocolB. Quality of Service (QoS) protocolC. Packet Prioritization (PaPro) protocolD. HTTP Prioritization (HPro) protocolE. Bandwidth Prioritization (BaPro) protocol



QUESTION 203You have just installed ISA Server 2006 on a Windows Server in your network, and you are familiarizingyourself with the new firewall. What are the three basic areas of a newly installed ISA Server 2006 firewall?

A. Console TreeB. Summary PaneC. Advanced PaneD. Details PaneE. Task Pane

Correct Answer: ADESection: (none)Explanation


QUESTION 204

You are considering your options for a new firewall deployment. At which two layers of the OSI model does asimple (stateless) packet filtering firewall operate?

A. Data LinkB. ApplicationC. SessionD. PresentationE. Network



QUESTION 205You have just installed your new network-based IDS. What kinds of attacks will this system be able to detect?

A. DoSB. Buffer OverflowsC. DDoSD. Opening a local unauthorized folderE. Writing to an unauthorized file



QUESTION 206When installing a firewall, what is the process by which you remove un-needed services and features from amachine to reduce the risk of vulnerabilities to the underlying OS called?

A. TighteningB. CascadingC. StreamliningD. CleansingE. Hardening



QUESTION 207Recently, you have made many changes to your ISA Server 2006 firewall. You are concerned about savingthese changes. What is the part of ISA Server used for saving your configuration changes?

A. The built-in feature to export your configuration to an XLS file.B. The Copy Configuration to CD feature.

C. The built-in feature to export your configuration to an XML file.D. The image burning feature set.E. The option to configure the server to utilize RAID 5.



QUESTION 208You are building the rules for your newly installed ISA Server 2006. There are three basic rule types:Access rules, Publishing rules, and Network rules. Which of the following best describes Access rules andPublishing rules?

A. An Access Rule controls access requests from the external network for internal resources.B. A Publishing Rule controls what network traffic from the internal network is allowed to access the external

network.C. A Publishing Rule controls what network traffic is allowed access to published resources, based on Protocol

and Port information.D. A Publishing Rule controls access requests from the external network for internal resources.E. An Access Rule controls what network traffic from the internal network is allowed to access the external

network.



QUESTION 209ISA Server 2006 features extensive rule matching abilities. Which of the following lists has the proper order forhow ISA Server 2006 checks rule elements that make up an Access rule?

A. Protocol, Source Address and Port, Schedule, Destination Address, User Set, and Content GroupsB. Source Address and Port, Protocol, Schedule, Destination Address, User Set, and Content GroupsC. Source Address and Port, Destination Address, Schedule, Protocol, User Set, and Content GroupsD. Source Address and Port, Destination Address, Protocol, Schedule, User Set, and Content GroupsE. Protocol, Source Address and Port, Destination Address, User Set, Content Groups, and Schedule



QUESTION 210You have made some changes to the configuration of your ISA Server 2006 firewall. While analyzing thenetwork traffic, you see that these changes have not yet taken affect. What must you do to get these new rulesto take function?

A. From the rules drop down menu, select enable state table.

B. From the rules drop down menu, select enable rule set.C. From the state table drop down menu, select enable rule set.D. Disable and Enable the network interface that the rule is associated with.E. From the command prompt, type firewallpolicy /reload and press Enter.



QUESTION 211What is the order of the defensive layers a cracker would have to compromise when attacking a properlysecured network?

A. FirewallB. RouterC. ApplicationD. HostE. IDSF. B, E, A, D, CG. B, A, E, D, CH. A, B, C, D, EI. A, B, E, D, CJ. A, E, B, D, C



QUESTION 212You are configuring your new Intrusion Detection System, and studying the true-false matrix. You read aboutthe different types of alarms and events. Which of the following defines an event where an alarm is indicatingan intrusion when there is no actual intrusion?

A. True-negativeB. False-positiveC. True-positive

ActualTests.comD. False-negativeE. Absolute-positive



QUESTION 213As you increase the layers of security in your organization you must watch the network behavior closely.What kind of problems can an improperly configured IDS cause in your network?

A. False negatives, which can make you think that your network isnt being intruded upon.B. False negatives, which can get you to start thinking all alerts are phony and causing you to stop reacting to

them in a timely manner.C. False positives, which can get you to start thinking all alerts are phony and causing you to stop reacting to

them in a timely manner.D. False positives, which can make you think that your network isnt being intrudedE. True-positive, which can get you to start thinking all alerts are fake and causing you to stop reacting to them

in a timely manner.

Correct Answer: ACSection: (none)Explanation


QUESTION 214You are considering adding layers to your authentication system currently in place. Reading through some ofthe vendor literature on logon solutions, it frequently mentions two and three factor authentication. Yourassistant asks you what the difference between the two is. Select the options that correctly describe two-factorand three-factor authentication:

A. Two-factor authentication is the process of providing something you have along with something you know.B. Two-factor authentication is the process of providing two forms of authentication, such as a username and a

password.C. Two-factor authentication is the process of authenticating twice during the login sequence to verify user

identity.D. Three-factor authentication is the process of providing something you have along with something you know

and something you are.E. Three-factor authentication is the process of providing three forms of authentication, such as username,

password, and sitting at the physical machine to login.



QUESTION 215You have just found a user who has performed an improper utilization of resources inside the organization bothintentionally and unintentionally. This user has just provided you with a working example of which of thefollowing?


Correct Answer: A



QUESTION 216The main reason you have been hired at a company is to bring the network security of the organization up tocurrent standards. A high priority is to have a full security audit of the network as soon as possible. You havechosen an Independent Audit and are describing it to your coworkers. Which of the following best describes anIndependent audit?



C. The independent audit is typically done by an internal team who ensures the security measures are up tointernational standards.

D. The independent audit is usually done by internal resources to examine the current daily and on-goingactivities within a network system for compliance with an established security policy.

E. The independent audit is typically done by a contracted outside team of security experts who check forpolicy compliance.



QUESTION 217You have been hired at a large company to manage network security issues. Prior to your arrival, there was noone dedicated to security, so you are starting at the beginning. You hold a meeting and are discussing the mainfunctions and features of network security. One of your assistants asks what the function of Authentication innetwork security is. Which of the following best describes Authentication?

A. Data communications as well as emails need to be protected for privacy and Authentication.Authentication ensures the privacy of data on the network system.

B. Authentication is a security principle that ensures the continuous accuracy of data and information storedwithin network systems. Upon receiving the email or data communication, authentication must be verified toensure that the message has not been altered, modified, or added to or subtracted from in transit byunauthorized users.


D. Security must be established to prevent parties in a data transaction from denying their participation afterthe business transaction has occurred. This establishes authentication for the transaction itself for all partiesinvolved in the transaction.

E. Authentication verifies users to be who they say they are. In data communications, authenticating thesender is necessary to verify that the data came from the right source. The "Pass Any Exam. Any Time." -www.actualtests.com 91Exin SCNS: Practice Examreceiver is authenticated as well to verify that the data is going to the right destination.



QUESTION 218You have been hired at a large company to manage network. Prior to your arrival, there was no one dedicatedto security, so you are starting at the beginning. You hold a meeting and are discussing the main functions andfeatures of network security. One of your assistants asks what the function of Integrity in network security is.Which of the following best describes Integrity?

A. The security must limit user privileges to minimize the risk of unauthorized access to sensitive informationand areas of the network that only authorized users should only be allowed to access.

B. Integrity verifies users to be who they say they are. In data communications, the integrity of the sender isnecessary to verify that the data came from the right source. The receiver is authenticated as well to verifythat the data is going to the right destination.

C. Data communications as well as emails need to be protected for privacy and Integrity. Integrity ensures theprivacy of data on the network system.

D. Integrity is a security principle that ensures the continuous accuracy of data and information stored withinnetwork systems. Data must be kept from unauthorized modification, forgery, or any other form ofcorruption either from malicious threats or corruption that is accidental in nature.Upon receiving the email or data communication, integrity must be verified to ensure that the message hasnot been altered, modified, or added to or subtracted from in transit by unauthorized users.

E. Security must be established to prevent parties in a data transaction from denying their participation afterthe business transaction has occurred. This establishes integrity for the transaction itself for all partiesinvolved in the transaction.



QUESTION 219During your packet capture of traffic to check if your network is getting hit by a Denial of Service attack, youanalyze TCP headers. You notice there are many headers that seem to have the same SEQ number, with theresponding computer using different SEQ and ACK numbers in response. If you are analyzing a normal three-way handshake between two Windows 2000 nodes, and the first packet has a SEQ of0xD36077AF, what will the responding computer use as an ACK?

A. 1xD36077B0B. 0xD36077B0C. 1xD36077AED. 0xD36077AEE. 1xD36077CF



QUESTION 220The exhibit shows the partial contents of a Network Monitor capture on a Windows 2000 FTP Server.Each line represents information pertaining to a frame. What is the sequence number used by TCP for thesecond part of the three way handshake?

A. 0B. 2052360113C. 2052360112D. win:16384, src: 2025 dst: 21E. 261014593



QUESTION 221During a security review of the network it is decided to run a full packet capture over a 24 hour period and logthe packets for analysis. You have been chosen to analyze all the TCP packets. To prepare you study the RFCfor TCP and have identified all the parts of the TCP header. Which of the following are parts of the TCPheader?

A. Syn and Fin FlagsB. Sequence NumberC. Source OSI Model Layer Three AddressD. Destination OSI Model Layer Three AddressE. Acknowledgement Number



QUESTION 222You are running a packet sniffer on your network and capture the TFTP transfer shown in the image. A co-worker leans over your shoulder and asks what the value of the circled byte stands for. You tell him it identifiesthe IP Protocol known as?

A. IPB. RIPC. TCPD. UDPE. IGRP

ActualTests.com



QUESTION 223It is a given that two computers that communicate using TCP/IP as the protocol must use valid addresses andmedia to do so. What combination of the following is required to create a TCP/IP socket?

A. The MAC Address, the IP Address and the IP Protocol IDB. The IP Address, the IP Protocol ID and a Port numberC. The MAC Address and the IP Protocol IDD. The MAC Address, the IP Protocol ID and a Port numberE. The Ethertype and a Port number



QUESTION 224In an ICMP Message, what is the function of the first eight bits?

A. To define the source port number

B. To define the typeC. To define the destination port numberD. To define the IP VersionE. To define the upper layer protocol



QUESTION 225You are introducing a co-worker to the security systems in place in your organization. Early in the discussionyou begin talking about the network, and how it is implemented. You decide to run a packet capture to identifydifferent aspects of network traffic for your co-worker. In the packet capture you are able to identify ProtocolIDs. Which of the following is the IP Protocol ID for UDP?

A. Protocol ID 51B. Protocol ID 21C. Protocol ID 6D. Protocol ID 17E. Protocol ID 11



QUESTION 226In order to properly manage the network traffic in your organization, you need a complete understanding ofprotocols and networking models. In regards to the 7-layer OSI model, what is the function of the NetworkLayer?

A. The Network layer allows two applications on different computers to establish, use, and end a session.This layer establishes dialog control between the two computers in a session, regulating which sidetransmits, plus when and how long it transmits.

B. The Network layer manages logical addresses. It also determines the route from the source to thedestination computer and manages traffic problems, such as routing, and controlling the congestion of datapackets.

C. The Network layer packages raw bits from the Physical (Layer 1) layer into frames (structured packets fordata). Physical addressing (as opposed to network or logical addressing) defines how devices areaddressed at the data link layer. This layer is responsible for transferring frames from one computer toanother, without errors. After sending a frame, it waits for an acknowledgment from the receiving computer.

D. The Network layer transmits bits from one computer to another and regulates the transmission of a streamof bits over a physical medium. For example, this layer defines how the cable is attached to the networkadapter and what transmission technique is used to send data over the cable.

E. The Network layer handles error recognition and recovery. It also repackages long messages, whennecessary, into small packets for transmission and, at the receiving end, rebuilds packets into the originalmessage. The corresponding Network layer at the receiving end also sends receipt acknowledgments.



QUESTION 227You are using Network Monitor to capture some traffic for later analysis. When you do begin to look at yourcaptured data, you examine the TCP traffic you captured. In a TCP Header, what is the function of the firstsixteen bits?

A. To define the typeB. To define the IP VersionC. To define the destination port numberD. To define the upper layer protocolE. To define the source port number



QUESTION 228If you configure an access-list to block the following networks, what are you trying to protect against?Network 127.0.0.0/8, Network 0.0.0.0\0, Network 10.0.0.0\8, Network 172.16.0.0\16, and Network 168.0.0\16.

A. You are trying to protect against hijackingB. You are trying to protect against spoofingC. You are trying to protect against sniffingD. You are trying to protect against splicingE. You are trying to protect against capturing



QUESTION 229You are a host in a network segment that has IP addresses in the range of 168.16.1~192.168.31.254. Youneed to create an access control list that will filter your segment of addresses. Which of the following is thewildcard mask that will be used to filter your network segment?

A. 10.0.16.1/20B. 0.0.16.254C. 255.240.0.0D. 0.0.240.0E. 0.0.15.255



QUESTION 230The exhibit represents a simple routed network. Node 7 is a Windows NT 4.0 Workstation that establishes aTCP communication with Node 10, a Windows 2000 Professional host. The routers are Cisco 2500 seriesrunning IOS 11.2.

While working at Node 10, you run a packet capture. When Node 10 receives a packet sent by Node 7, whatwill the capture reveal is the source MAC address?

A. Interface for Node 7B. Interface E0 of Router AC. Interfaces for both Nodes 7 and E0D. Interface E0 of Router DE. Interface for Node 10



QUESTION 231

During a network capture, using Wireshark, you capture some ICMP traffic for analysis. In an ICMPMessage, what is the function of the first eight bits?

A. To define the source port numberB. To define the typeC. To define the destination port numberD. To define the IP VersionE. To define the upper layer protocol



QUESTION 232A router has two active Ethernet interfaces. Interface E0 is connected to network 10.10.0.0/16 whileInterface E1 is connected to network 10.11.0.0/16. You are configuring access control lists to manage specificaccess, which is disallowed on these segments. The configuration of the lists are as follows:

router(config)#access-list 123 deny tcp 10.11.0.0 0.0.255.255 10.10.0.0 0.0.255.255 eq 20 router(config)#access-list 123 deny tcp 10.11.0.0 0.0.255.255 10.10.0.0 0.0.255.255 eq 21 router(config)#access-list 123deny tcp 10.10.0.0 0.0.255.255 10.11.0.0 0.0.255.255 eq 20 router(config)#access-list 123 deny tcp 10.10.0.00.0.255.255 10.11.0.0 0.0.255.255 eq 21 router(config)#access-list 123 permit tcp 0.0.0.0 255.255.255.2550.0.0.0 255.255.255.255 router(config)#Interface Ethernet 0router(config-if)#ip access-group 123 inrouter(config-if)#Interface Ethernet 1router(config-if)#ip access-group 123 in

Based on the above list configuration, which of the following statements is true on the router?

A. All packets will be droppedB. All packets that match the deny statements will be forwarded to the console portC. All packets that do not match the deny statements will be allowedD. An Access List cannot simultaneously be implemented upon two or more interfacesE. We do not know if this is a standard or extended access list, therefore there is not enough information.



"Pass Any Exam. Any Time." - www.actualtests.com 99


scns formatted - gratisexam.com · in order to perform promiscuous mode captures using the...

Documents