CyberSecurity2_Midterm

What job would require verification that an alert represents a true security incident or a false positive?

a. Incident Reporter
b. Alert Analyst
c. Threat Hunter
d. SOC Manager

Which KPI metric does SOAR use to measure the time required to stop the spread of malware in the network?

a. MTTR
b. Time to Control
c. MTTD
d. MTTC

Which personnel in a SOC are assigned the task of hunting for potential threats and implementing threat detection tools?

a. SOC Manager
b. Tier 1 Analyst
c. Tier 2 Incident Reporter
d. Tier 3 SME

Which organization is an international nonprofit organization that offers the CISSP certification?

a. GIAC
b. IEEE
c. (ISC)^2
d. CompTIA

Which three are major categories of elements in a security operations center? (Choose three.)
a. database engine
b. people
c. data center
d. technologies
e. Internet connection
f. Processes

An SOC is searching for a professional to fill a job opening. The employee must have expert-level skills in networking, endpoint, threat intelligence, and malware reverse engineering in order to search for cyber threats hidden within the network. Which job within an SOC requires a professional with those skills?

a. Incident Responder
b. SOC Manager
c. Threat Hunter
d. Alert Analyst

How does a security information and event management system (SIEM) in a SOC help the personnel fight against security threats?

a. by combining data from multiple technologies

b. by analyzing logging data in real time

c. by integrating all security devices and appliances in an organization

d. by dynamically implementing firewall rules

What is a benefit to an organization of using SOAR as part of the SIEM system?

a. SOAR automates incident investigation and responds to workflows based on playbooks.

b. SOAR automation guarantees an uptime factor of “5 nines”.

c. SOAR was designed to address critical security events and high-end investigation.

d. SOAR would benefit smaller organizations because it requires no cybersecurity analyst involvement once installed.

Which three technologies should be included in a SOC security information and event management system? (Choose three.)

a. firewall appliance
b. threat intelligence
c. log management
d. proxy service
e. intrusion prevention
f. security monitoring

A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic. This traffic rendered the server inoperable. How would a certified cybersecurity analyst classify this type of threat actor?

a. amateur
b. state-sponsored
c. terrorist
d. hacktivist

Why do IoT devices pose a greater risk than other computing devices on a network?

a. IoT devices cannot function on an isolated network with only an Internet connection.

b. IoT devices require unencrypted wireless connections.

c. Most IoT devices do not receive frequent firmware updates.

d. Most IoT devices do not require an Internet connection and are unable to receive new updates

What type of cyberwarfare weapon was Stuxnet?

a. virus
b. ransomware
c. worm
d. Botnet

What is the dark web?

a. It is part of the internet where a person can obtain personally identifiable information from anyone for free.

b. It is part of the internet that can only be accessed with special software.

c. It is a website that sells stolen credit cards.

d. It is a website that reports the most recent activities of cybercriminals all over the world.

Which example illustrates how malware might be concealed?

a. An attack is launched against the public website of an online retailer with the objective of blocking its response to visitors.

b. A botnet of zombies carry personal information back to the hacker.

c. A hacker uses techniques to improve the ranking of a website so that users are redirected to a malicious site.

d. An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware.

When a user turns on the PC on Wednesday, the PC displays a message indicating that all of the user files have been locked. In order to get the files unencrypted, the user is supposed to send an email and include a specific ID in the email title. The message also includes ways to buy and submit bitcoins as payment for the file decryption. After inspecting the message, the technician suspects a security breach occurred. What type of malware could be responsible?

a. ransomware
b. adware
c. spyware
d. Trojan

An employee connects wirelessly to the company network using a cell phone. The employee then configures the cell phone to act as a wireless access point that will allow new employees to connect to the company network. Which type of security threat best describes this situation?

a. spoofing
b. cracking
c. rogue access point
d. denial of service

The term cyber operations analyst refers to which group of personnel in a SOC?

a. Tier 1 personnel
b. Tier 3 personnel
c. Tier 2 personnel
d. SOC managers

What are two examples of personally identifiable information (PII)? (Choose two.)

a. first name
b. IP address
c. language preference
d. street address
e. credit card number

A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?

a. rogue access point
b. password policy
c. weak password
d. user error
e. user laptop

Which regulatory law regulates the identification, storage, and transmission of patient personal healthcare information?

a. FISMA
b. HIPAA
c. PCI-DSS
d. GLBA

A worker in the records department of a hospital accidentally sends a medical record of a patient to a printer in another department. When the worker arrives at the printer, the patient record printout is missing. What breach of confidentiality does this situation describe?

a. EMR
b. PII
c. PSI
d. PHI

What websites should a user avoid when connecting to a free and open wireless hotspot?

a. websites to check account fees
b. websites to check product details
c. websites to check stock prices
d. websites to make purchases

In a smart home, an owner has connected many home devices to the Internet, such as the refrigerator and the coffee maker. The owner is concerned that these devices will make the wireless network vulnerable to attacks. What action could be taken to address this issue?

a. Configure mixed mode wireless operation.

b. Install the latest firmware versions for the devices.

c. Assign static IP addresses to the wireless devices.

d. Disable the SSID broadcast.

A group of users on the same network are all complaining about their computers running slowly. After investigating, the technician determines that these computers are part of a zombie network. Which type of malware is used to control these computers?

a. botnet
b. spyware
c. virus
d. rootkit

Which statement describes cyberwarfare?

a. It is Internet-based conflict that involves the penetration of information systems of other nations.

b. It is simulation software for Air Force pilots that allows them to practice under a simulated war scenario.

c. Cyberwarfare is an attack carried out by a group of script kiddies.

d. It is a series of personal protective equipment developed for soldiers involved in nuclear war.

Which cyber attack involves a coordinated attack from a botnet of zombie computers?

a. DDoS
b. MITM
c. address spoofing
d. ICMP redirect

What is the main purpose of cyberwarfare?

a. to protect cloud-based data centers

b. to develop advanced network devices

c. to gain advantage over adversaries

d. to simulate possible war scenarios among nations

An attacker sends a piece of malware as an email attachment to employees in a company. What is one probable purpose of the attack?

a. Probing open ports on the firewall on the border network

b. Cracking the administrator password for a critical server

c. Denying external access to a web server that is open to the public

d. Searching and obtaining trade secrets

What is cyberwarfare?

a. It is an attack only on military targets

b. It is an attack designed to disrupt, corrupt, or exploit national interests

c. It is an attack that only involves robots and bots

d. It is an attack on a major corporation

What type of malware has the primary objective of spreading across the network?

a. Virus
b. Worm
c. Trojan horse
d. Botnet

What is a potential risk when using a free and open wireless hotspot in a public location?

a. The internet connection can become too slow when many users access the wireless hotspot

b. Purchase of product from vendors might be required in exchange for the internet access

c. Network traffic might be hijacked and information stolen

d. Too many users trying to connect to the internet may cause a network traffic ham

At the request of investors, a company is proceeding with cyber attribution with a particular attack that was conducted from an external source. Which security term is used to describe the person or device responsible for the attack?

a. fragmenter
b. threat actor
c. skeleton
d. tunneler

What name is given to an amateur hacker?

a. red hat
b. script kiddie
c. black hat
d. blue team

What commonly motivates cybercriminals to attack networks as compared to hacktivists or state-sponsored hackers?

a. political reasons
b. financial gain
c. fame seeking
d. status among peers

What is a botnet?

a. a group of web servers that provide load balancing and fault tolerance

b. a network of infected computers that are controlled as a group

c. an online video game intended for multiple players

d. a network that allows users to bring their own technology

What is a rogue wireless hotspot?

a. It is a hotspot that does not encrypt network user traffic.

b. It is a hotspot that does not implement strong user authentication mechanisms.

c. It is a hotspot that appears to be from a legitimate business but was actually set up by someone without the permission from the business.

d. It is a hotspot that was set up with outdated devices.

What is the best definition of personally identifiable information (PII)?

a. Data that is collected from servers and websites for anonymous browsing.

b. Data that is collected by businesses to distinguish identities of individuals.

c. Data that is collected by businesses to track the digital behavior of consumers.

d. Data that is collected from servers and web browsers using cookies in order to track a consumer.

What was used as a cyberwarfare weapon to attack a uranium enrichment facility in Iran?

a. DDoS
b. SQL injection
c. PSYOPS
d. Stuxnet

A company pays a significant sum of money to hackers in order to regain control of an email and data server. Which type of security attack was used by the hackers?

a. Trojan horse
b. Ransomware
c. DoS
d. Spyware

Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident?

a. Tier 1 personnel
b. Tier 2 personnel
c. SOC Manager
d. Tier 3 personnel

After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?

a. an alert analyst for further analysis

b. a cyberoperations analyst for help

c. the SOC manager to ask for other personnel to be assigned

d. a SME for further investigation

Which two services are provided by security operations centers? (Choose two.)

a. managing comprehensive threat solutions

b. responding to data center physical break-ins

c. ensuring secure routing packet exchanges

d. monitoring network security threats

e. providing secure Internet connections

Which metric is used in SOCs to evaluate the average time that it takes to identify that valid security incidents have occurred in the network?

a. Dwell Time
b. MTTR
c. MTTC
d. MTTD

Which KPI metric does SOAR use to measure the length of time that threat actors have access to a network before they are detected and the access of the threat actors stopped?

a. MTTD
b. MTTR
c. MTTC
d. Dwell Time

What is the role of SIEM?

a. to analyze any OS vulnerabilities and apply security patches to secure the operating systems.

b. to analyze all the network packets for any malware signatures and synchronize the signatures with the Federal Government databases.

c. to analyze all the network packets for any malware signatures and update the vulnerabilities database.

d. to analyze all the data that firewalls, network appliances, intrusion detection systems, and other devices generate and institute preventive measures.

What is a characteristic of the SOAR security platform?

a. to include predefined playbooks that enable automatic response to specific threats

b. to interact with the Federal Government security sites and update all vulnerability platforms

c. to provide a user friendly interface that uses the Python programming language to manage security threats

d. to provide a means to synchronize the vulnerabilities database

A network security professional has applied for a Tier 2 position in a SOC. What is a typical job function that would be assigned to a new employee?

a. further investigating security incidents

b. monitoring incoming alerts and verifying that a true security incident has occurred

c. hunting for potential security threats and implementing threat detection tools

d. serving as the point of contact for a customer

If a SOC has a goal of 99.99% uptime, how many minutes of downtime a year would be considered within its goal?

a. 52.56
b. 50.38
c. 48.25
d. 60.56

Which organization offers the vendor-neutral CySA+ certification?
a. CompTIA
b. GIAC
c. IEEE
d. (ISC)²

In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool to investigate?

a. registration system
b. ticketing system
c. syslog server d. security alert knowledge-based system

How can a security information and event management system in a SOC be used to help personnel fight against security threats?

a. by authenticating users to network resources

b. by filtering network traffic

c. by collecting and filtering data

d. by encrypting communications to remote sites

Which three technologies should be included in a security information and event management system in a SOC? (Choose three.)

a. threat intelligence 
b. VPN connection 
c. security monitoring
d. intrusion prevention
e. vulnerability tracking
f. firewall appliance

Which SOC job role manages all the resources of the SOC and serves as a point of contact for the larger organization or customer?

a. SME/Threat Hunter
b. SOC Manager
c. Cybersecurity Analyst
d. Incident Responder

Which SOC job role processes security alerts and forwards tickets to Tier 2 if necessary?

a. SME/Threat Hunter
b. SOC Manager
c. Cybersecurity Analyst
d. Incident Responder

Which SOC job role is responsible for deep investigation of incidents?

a. SME/Threat Hunter
b. SOC Manager
c. Cybersecurity Analyst
d. Incident Responder

Which device integrates security information and event management into a single platform?

a. SIEM
b. SOAR
c. Threat Hunter

Which device integrates orchestration tools and resources to automatically respond to security events?

a. SIEM
b. SOAR
c. Threat Hunter

Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?

a. It is easier to use than other operating systems.

b. More network applications are created for this environment.

c. It is more secure than other server operating systems.

d. The administrator has more control over the operating system.

Which two methods can be used to harden a computing device? (Choose two.)

a. Allow default services to remain enabled.

b. Allow USB auto-detection.

c. Enforce the password history mechanism.

d. Update patches on a strict annual basis irrespective of release date.

e. Ensure physical security.

Which Linux command can be used to display the name of the current working directory?

a. sudo
b. ps
c. pwd
d. chmod

Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file?
ls –l analyst.txt
-rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt

a. write only
b. read, write
c. read only
d. read, write, execute

A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?

a. system viewer
b. file viewer
c. package management tool
d. terminal emulator

What is the well-known port address number used by DNS to serve requests?

a. 25
b. 53
c. 110
d. 60

Which user can override file permissions on a Linux computer?

a. any user that has ‘group’ permission to the file

b. only the creator of the file

c. any user that has ‘other’ permission to the file

d. root user

Which type of tool allows administrators to observe and understand every detail of a network transaction?

a. log manager

b. malware analysis tool

c. ticketing system
d. packet capture software

Why is Kali Linux a popular choice in testing the network security of an organization?

a. It is a network scanning tool that prioritizes security risks.

b. It is an open source Linux security distribution containing many penetration tools.

c. It can be used to test weaknesses by using only malicious software.

d. It can be used to intercept and log network traffic.

What are two advantages of the NTFS file system compared with FAT32? (Choose two.)

a. NTFS is easier to configure.

b. NTFS supports larger files.

c. NTFS allows faster formatting of drives.

d. NTFS allows the automatic detection of bad sectors.

e. NTFS allows faster access to external peripherals such as a USB drive.

f. NTFS provides more security features.

A PC user issues the netstat command without any options. What is displayed as the result of this command?

a. a historical list of successful pings that have been sent

b. a list of all established active TCP connections

c. a network connection and usage report

d. a local routing table

Which two commands could be used to check if DNS name resolution is working properly on a Windows PC? (Choose two.)

a. nslookup cisco.com
b. net cisco.com
c. ipconfig /flushdns
d. nbtstat cisco.com
e. ping cisco.com

What is the purpose of using the net accounts command in Windows?

a. to display information about shared network resources

b. to show a list of computers and network devices on the network

c. to start a network service d. to review the settings of password and logon requirements for users

A technician has installed a third party utility that is used to manage a Windows 7 computer. However, the utility does not automatically start whenever the computer is started. What can the technician do to resolve this problem?

a. Set the application registry key value to one.

b. Use the Add or Remove Programs utility to set program access and defaults.

c. Change the startup type for the utility to Automatic in Services.

d. Uninstall the program and then choose Add New Programs in the Add or Remove Programs utility to install the application.

Which statement describes the function of the Server Message Block (SMB) protocol?

a. It is used to stream media contents.

b. It is used to manage remote PCs.

c. It is used to compress files stored on a disk.

d. It is used to share network resources.

A user creates a file with .ps1 extension in Windows. What type of file is it?

a. PowerShell function
b. PowerShell cmdlet
c. PowerShell documentation
d. PowerShell script

A user logs in to Windows with a regular user account and attempts to use an application that requires administrative privileges. What can the user do to successfully use the application?

a. Right-click the application and choose Run as Priviledge.
b. Right-click the application and choose Run as Superuser.
c. Right-click the application and choose Run as Administrator.
d. Right-click the application and choose Run as root.

An IT technician wants to create a rule on two Windows 10 computers to prevent an installed application from accessing the public Internet. Which tool would the technician use to accomplish this task?

a. Local Security Policy
b. Computer Management
c. Windows Defender Firewall with Advanced Security
d. DMZ

What technology was created to replace the BIOS program on modern personal computer motherboards?

a. UEFI
b. MBR
c. CMOS
d. RAM

What is the outcome when a Linux administrator enters the man man command?

a. The man man command configures the network interface with a manual address

b. The man man command opens the most recent log file

c. The man man command provides a list of commands available at the current prompt

d. The man man command provides documentation about the man command

What are two benefits of using an ext4 partition instead of ext3? (Choose two.)

a. an increase in the number of supported devices

b. improved performance

c. compatibility with NTFS

d. increase in the size of supported files

e. decreased load time

f. compatibility with CDFS

What is the purpose of entering the netsh command on a Windows PC?

a. to configure networking parameters for the PC

b. to change the computer name for the PC

c. to create user accounts

d. to test the hardware devices on the PC

Which type of Windows PowerShell command performs an action and returns an output or object to the next command that will be executed?

a. cmdlets
b. functions
c. routines
d. scripts

A user creates a file with .ps1 extension in Windows. What type of file is it?

a. PowerShell documentation
b. PowerShell cmdlet
c. PowerShell script
d. PowerShell function

In the Linux shell, which character is used between two commands to instruct the shell to combine and execute these two commands in sequence?

a. $
b. #
c. %
d. |

Why is Linux considered to be better protected against malware than other operating systems?

a. customizable penetration and protection tools

b. fewer deployments

c. file system structure, file permissions, and user account restrictions

d. integrated firewall

Which Windows tool can be used by a cybersecurity administrator to secure stand-alone computers that are not part of an active directory domain?

a. PowerShell
b. Windows Defender
c. Windows Firewall
d. Local Security Policy

Which Windows registry hive stores information about object linking and embedding (OLE) registrations?

a. HKEY_CLASSES_ROOT (HKCR)
b. HKEY_CURRENT_CONFIG (HKCC)
c. HKEY_CURRENT_USER (HKCU)
d. HKEY_LOCAL_MACHINE (HKLM)
e. HKEY_USERS (HKU)

Which Windows registry hive stores information about the current hardware profile?

a. HKEY_CLASSES_ROOT (HKCR)
b. HKEY_CURRENT_CONFIG (HKCC)
c.HKEY_CURRENT_USER (HKCU)
d. HKEY_LOCAL_MACHINE (HKLM)
e. HKEY_USERS (HKU)

Which Windows registry hive stores information concerning all the user accounts on the host?

a. HKEY_CLASSES_ROOT (HKCR)
b. HKEY_CURRENT_CONFIG (HKCC)
c. HKEY_CURRENT_USER (HKCU)
d. HKEY_LOCAL_MACHINE (HKLM)
e. HKEY_USERS (HKU)

Which Windows registry hive stores information concerning the currently logged in user?

a. HKEY_CLASSES_ROOT (HKCR)
b. HKEY_CURRENT_CONFIG (HKCC)
c. HKEY_CURRENT_USER (HKCU)
d. HKEY_LOCAL_MACHINE (HKLM)
e. HKEY_USERS (HKU)

Which Windows registry hive stores system-related information?

a. HKEY_CLASSES_ROOT (HKCR)
b. HKEY_CURRENT_CONFIG (HKCC)
c. HKEY_CURRENT_USER (HKCU)
d. HKEY_LOCAL_MACHINE (HKLM)
e. HKEY_USERS (HKU)

Which Windows tool selectively denies traffic to a computer or network segment?

a. Event Viewer
b. Resource Monitor
c. Task manager
d. Windows Defender
e. Windows Defender Firewall
f. Windows Registry

Which Windows tool logs history, application, security, and system events?

a. Event Viewer
b. Resource Monitor
c. Task manager
d. Windows Defender
e. Windows Firewall
f. Windows Registry

Which windows tool or command can be used to look for inbound or outbound TCP connections on a Windows host that are not authorized?

a. Netstat
b. Network and Sharing Center
c. Regedit
d. Net
e. resource monitor
f. Nslookup

Which Windows tool provides resource information, such as memory, CPU, disk, and network?

a. Event Viewer
b. Resource Monitor
c. Task manager
d. Windows Defender
e. Windows Firewall f. Windows Registry

Which Windows tool is the built-in virus and spyware protection?

a. Event Viewer
b. Resource Monitor
c. Task manager
d. Windows Defender
e. Windows Firewall
f. Windows Registry

Which command or tool finds the IP address of a server from a URL?

a. Net
b. Windows Registry
c. Nslookup
d. net session
e. Netstat

Which Windows tool provides information about applications, processes, and services running on the computer?

a. Event Viewer
b. Resource Monitor
c. Task manager
d. Windows Defender
e. Windows Firewall
f. Windows Registry

Which Windows tool is the database that stores all the information about hardware, applications, users, and system settings?

a. Event Viewer
b. Resource Monitor
c. Task manager d. Windows Defender
e. Windows Firewall
f. Windows Registry

When a user makes changes to the settings of a Windows system, where are these changes stored?

a. Registry
b. win.ini
c. boot.ini
d. Control Panel

Which user account should be used only to perform system management and not as the account for regular use?

a. Guest
b. Administrator
c. power user
d. standard user

Which command is used to manually query a DNS server to resolve a specific host name?

a. tracert
b. net
c. ipconfig /displaydns
d. nslookup

For security reasons a network administrator needs to ensure that local computers cannot ping each other. Which settings can accomplish this task?

a. smartcard settings
b. file system settings
c. firewall settings
d. MAC address settings

What contains information on how hard drive partitions are organized?

a. CPU
b. Windows Registry
c. BOOTMGR
d. MBR

What utility is used to show the system resources consumed by each user?

a. Event Viewer
b. Task Manager
c. User Accounts
d. Device Manager

What term is used to describe a logical drive that can be formatted to store data?

a. Track
b. Partition
c. Sector
d. Volume
e. Cluster

How much RAM is addressable by a 32-bit version of Windows?

a. 16 GB
b. 4 GB
c. 32 GB
d. 8 GB

Which Windows version was the first to introduce a 64-bit Windows operating system?

a. Windows 10
b. Windows XP
c. Windows 7
d. Windows NT

Which net command is used on a Windows PC to establish a connection to a shared directory on a remote server?

a. net use
b. net session
c. net share
d. net start

What is the purpose of the cd command?

a. changes directory to the next lower directory

b. changes directory to the previous directory

c. changes directory to the root directory

d. changes directory to the next highest directory

What would be displayed if the netstat -abno command was entered on a Windows PC?

a. all active TCP and UDP connections, their current state, and their associated process ID (PID)

b. only active UDP connections in an LISTENING state

c. only active TCP connections in an ESTABLISHED state

d. a local routing table

A security incident has been filed and an employee believes that someone has been on the computer since the employee left last night. The employee states that the computer was turned off before the employee left for the evening. The computer is running slowly and applications are acting strangely. Which Microsoft Windows tool would be used by the security analyst to determine if and when someone logged on to the computer after working hours?

a. Performance Monitor
b. Task Manager
c. PowerShell
d. Event Viewer

Which type of tool is used by a Linux administrator to attack a computer or network to find vulnerabilities?

a. malware analysis
b. Firewall
c. PenTesting
d. intrusion detection system

What is a benefit of Linux being an open source operating system?

a. Linux distributions are maintained by a single organization.

b. Linux distributions are simpler operating systems since they are not designed to be connected to a network.

c. Linux distributions must include free support without cost.

d. Linux distribution source code can be modified and then recompiled.

Which method can be used to harden a device?

a. Allow default services to remain enabled.
b. Allow users to re-use old passwords.
c. Allow USB auto-detection.
d. Force periodic password changes.

A system administrator issues the command ps on a server that is running the Linux operating system. What is the purpose of this command?

a. to process a new task
b. to change file permissions
c. to list the processes currently running in the system
d. to display the contents of the current directory

Which operating system source code can be downloaded and modified by any person or company?

a. Windows
b. Cisco IOS
c. Linux
d. Mac OS X

Which file system is the primary file system used by Apple in current Macintosh computers?

a. APFS
b. Ext3
c. CDFS
d. HFS+
e. Ext2

Consider the result of the ls -l command in the Linux output below. What are the group file permissions assigned to the analyst.txt file?
ls –l
analyst.txt -rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt

a. read, write
b. full access
c. read only
d. read, write, execute

In the context of a Linux operating system, which command can be used to display the syntax and parameters for a specific command?

a. cat
b. man
c. crontab
d. grep

What is a daemon?

a. a background process that runs without the need for user interaction

b. a record to keep track of important events

c. an application that monitors and analyzes suspicious activity

d. a type of security attack

Which Linux command can be used to display the name of the current working directory?

a. pwd
b. ps
c. sudo
d. chmod

An author is uploading one chapter document from a personal computer to a file server of a book publisher. What role is the personal computer assuming in this network model?

a. Client
b. Transient
c. Primary
d. Server
e. Secondary

A technician has captured packets on a network that has been running slowly when accessing the internet. Which port number should the technician look for within the captured material to locate HTTP packets?

a. 80
b. 53
c. 21
d. 20
e. 110

A system administrator issues the apt-get upgrade command on a Linux operating system. What is the purpose of this command?

a. Every application installed will update itself to the latest version.

b. A specific application named upgrade will be installed.

c. Operating system updates are downloaded and will be installed.

d. The remote repository of applications and dependencies will be updated to the latest version.

Why would a rootkit be used by a hacker?

a. to try to guess a password
b. to gain access to a device without being detected
c. to reverse engineer binary files
d. to do reconnaissance

When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?

a. private
b. public
c. network
d. wireless

Which two parts are components of an IPv4 address? (Choose two.)

a. logical portion
b. host portion
c. broadcast portion
d. subnet portion
e. network portion
f. physical portion

What is the full decompressed form of the IPv6 address 2001:420:59:0:1::a/64?

a. 2001:4200:5900:0:1:0:0:a000
b. 2001:0420:0059:0000:0001:0000:000a
c. 2001:0420:0059:0000:0001:000a
d. 2001:0420:0059:0000:0001:0000:0000:000a
e. 2001:420:59:0:1:0:0:a
f. 2001:4200:5900:0000:1000:0000:0000:a000

A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?

a. route print
b. ipconfig /all
c. netstat -r
d. arp -a

A user sends an HTTP request to a web server on a remote network. During encapsulation for this request, what information is added to the address field of a frame to indicate the destination?

a. the network domain of the destination host
b. the MAC address of the destination host
c. the IP address of the default gateway
d. the MAC address of the default gateway

What addresses are mapped by ARP?

a. destination IPv4 address to the source MAC address
b. destination MAC address to a destination IPv4 address
c. destination MAC address to the source IPv4 address
d. destination IPv4 address to the destination host name

What type of information is contained in an ARP table?

a. domain name to IP address mappings
b. switch ports associated with destination MAC addresses
c. routes to reach destination networks
d. IP address to MAC address mappings

What type of information is contained in a DNS MX record?

a. the IP address of an authoritative name server
b. the FQDN of the alias used to identify a service
c. the domain name mapped to mail exchange servers
d. the IP address for an FQDN entry

A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the server send before it requires an acknowledgment from the PC?

a. 1000 segments
b. 100 segments
c. 1 segment
d. 10 segments

A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1 . What does this code represent?

a. port unreachable
b. network unreachable
c. protocol unreachable
d. host unreachable

Which two commands can be used on a Windows host to display the routing table? (Choose two.)

a. netstat -r
b. show ip route
c. netstat -s
d. route print
e. tracert

A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?

a. host unreachable
b. port unreachable
c. network unreachable
d. protocol unreachable

What message informs IPv6 enabled interfaces to use stateful DHCPv6 for obtaining an IPv6 address?

a. the ICMPv6 Router Solicitation
b. the DHCPv6 Advertise message
c. the DHCPv6 Reply message
d. the ICMPv6 Router Advertisement

What is the purpose of ICMP messages?

a. to inform routers about network topology changes
b. to ensure the delivery of an IP packet
c. to provide feedback of IP packet transmissions
d. to monitor the process of a domain name to IP address resolution

What network service uses the WHOIS protocol?

a. HTTPS
b. DNS
c. SMTP
d. FTP

What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?

a. It sends a DHCPNAK and begins the DHCP process over again.

b. It accepts both DHCPOFFER messages and sends a DHCPACK.

c. It discards both offers and sends a new DHCPDISCOVER.

d. It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?

a. inside global
b. inside local
c. outside global
d. outside local

What is done to an IP packet before it is transmitted over the physical medium?

a. It is tagged with information guaranteeing reliable delivery. b. It is segmented into smaller individual pieces.
c. It is encapsulated in a Layer 2 frame.
d. It is encapsulated into a TCP segment.

Which PDU is processed when a host computer is de-encapsulating a message at the transport layer of the TCP/IP model?

a. segment
b. packet
c. frame
d. bits

Which networking model is being used when an author uploads one chapter document to a file server of a book publisher?

a. peer-to-peer
b. client/server
c. master-slave
d. point-to-point

Which type of transmission is used to transmit a single video stream such as a web-based video conference to a select number of users?

a. anycast
b. broadcast
c. unicast
d. multicast

What is the result of an ARP poisoning attack?

a. Network clients are infected with a virus.
b. Network clients experience a denial of service.
c. Client memory buffers are overwhelmed.
d. Client information is stolen.

What is the function of the HTTP GET message?

a. to upload content to a web server from a web client

b. to retrieve client email from an email server using TCP port 110

c. to request an HTML page from a web server

d. to send error information from a web server to a web client

Which protocol is a client/server file sharing protocol and also a request/response protocol?

a. FTP
b. UDP
c. TCP
d. SMB

How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?

a. A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.

b. A DHCPDISCOVER message is sent with a multicast IP address that all DHCP servers listen to as the destination address.

c. A DHCPDISCOVER message is sent with the IP address of the default gateway as the destination address.

d. A DHCPDISCOVER message is sent with the IP address of the DHCP server as the destination address.

What is a description of a DNS zone transfer?

a. transferring blocks of DNS data from a DNS server to another server

b. the action taken when a DNS server sends a query on behalf of a DNS resolver

c. forwarding a request from a DNS server in a subdomain to an authoritative source

d. finding an address match and transferring the numbered address from a DNS server to the original requesting client

What are the two sizes (minimum and maximum) of an Ethernet frame? (Choose two.)

a. 128 bytes
b. 64 bytes
c. 1024 bytes
d. 56 bytes
e. 1518 bytes

Which process failed if a computer cannot access the internet and received an IP address of 169.254.142.5?

a. DNS
b. IP
c. HTTP
d. DHCP

Which statement describes a feature of the IP protocol?

a. IP relies on Layer 2 protocols for transmission error control.

b. MAC addresses are used during the IP packet encapsulation.

c. IP relies on upper layer services to handle situations of missing or out-of-order packets.

d. IP encapsulation is modified based on network media.

What is a basic characteristic of the IP protocol?

a. connectionless
b. media dependent
c. user data segmentation
d. reliable end-to-end delivery

Which statement describes the ping and tracert commands?

a. Both ping and tracert can show results in a graphical display.

b. Ping shows whether the transmission is successful; tracert does not.

c. Tracert shows each hop, while ping shows a destination reply only.

d. Tracert uses IP addresses; ping does not.

A large corporation has modified its network to allow users to access network resources from their personal laptops and smart phones. Which networking trend does this describe?

a. cloud computing
b. video conferencing
c. online collaboration
d. bring your own device

Which method would an IPv6-enabled host using SLAAC employ to learn the address of the default gateway?

a. router advertisement messages received from the link router

b. router solicitation messages received from the link router

c. neighbor advertisement messages received from link neighbors

d. neighbor solicitation messages sent to link neighbors

A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1. What does this code represent?

a. network unreachable
b. port unreachable
c. protocol unreachable
d. host unreachable

What are three responsibilities of the transport layer? (Choose three.)

a. identifying the applications and services on the client and server that should handle transmitted data.

b. conducting error detection of the contents in frames.

c. meeting the reliability requirements of applications, if any.

d. directing packets towards the destination network.

e. formatting data into a compatible form for receipt by the destination devices.

f. multiplexing multiple communication streams from many users or applications on the same network.

How does network scanning help assess operations security?

a. It can detect open TCP ports on network systems.
b. It can detect weak or blank passwords.
c. It can simulate attacks from malicious sources.
d. It can log abnormal activity.

Which two operations are provided by TCP but not by UDP? (Choose two.)

a. retransmitting any unacknowledged data
b. acknowledging received data
c. reconstructing data in the order received
d. identifying the applications
e. tracking individual conversations

A user is executing a tracert to a remote device. At what point would a router, which is in the path to the destination device, stop forwarding the packet?

a. when the router receives an ICMP Time Exceeded message

b. when the RTT value reaches zero

c. when the values of both the Echo Request and Echo Reply messages reach zero

d. when the host responds with an ICMP Echo Reply message

e. when the value in the TTL field reaches zero

A network administrator is testing network connectivity by issuing the ping command on a router. Which symbol will be displayed to indicate that a time expired during the wait for an ICMP echo reply message?

a. U
b. .
c. !
d. $

A technician is configuring email on a mobile device. The user wants to be able to keep the original email on the server, organize it into folders, and synchronize the folders between the mobile device and the server. Which email protocol should the technician use?

a. SMTP
b. MIME
c. POP3
d. IMAP

At which OSI layer is a source MAC address added to a PDU during the encapsulation process?

a. application layer
b. presentation layer
c. data link layer
d. transport layer

Which value, that is contained in an IPv4 header field, is decremented by each router that receives a packet?

a. Time-to-Live
b. Fragment Offset
c. Header Length
d. Differentiated Services

Which two ICMP messages are used by both IPv4 and IPv6 protocols? (Choose two.)

a. route redirection
b. neighbor solicitation
c. router solicitation
d. router advertisement
e. protocol unreachable

What mechanism is used by a router to prevent a received IPv4 packet from traveling endlessly on a network?

a. It checks the value of the TTL field and if it is 100, it discards the packet and sends a Destination Unreachable message to the source host.

b. It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet and sends a Time Exceeded message to the source host.

c. It checks the value of the TTL field and if it is 0, it discards the packet and sends a Destination Unreachable message to the source host.

d. It increments the value of the TTL field by 1 and if the result is 100, it discards the packet and sends a Parameter Problem message to the source host.

A device has been assigned the IPv6 address of 2001:0db8:cafe:4500:1000:00d8:0058:00ab/64. Which is the host identifier of the device?

a. 2001:0db8:cafe:4500:1000:00d8:0058:00ab
b. 00ab
c. 2001:0db8:cafe:4500
d. 1000:00d8:0058:00ab

What three application layer protocols are part of the TCP/IP protocol suite? (Choose three.)

a. DHCP
b. PPP
c. FTP
d. DNS
e. NAT
f. ARP

A computer can access devices on the same network but cannot access devices on other networks. What is the probable cause of this problem?

a. The computer has an invalid IP address.
b. The cable is not connected properly to the NIC.
c. The computer has an incorrect subnet mask.
d. The computer has an invalid default gateway address.

A user who is unable to connect to the file server contacts the help desk. The helpdesk technician asks the user to ping the IP address of the default gateway that is configured on the workstation. What is the purpose for this ping command?

a. to resolve the domain name of the file server to its IP address

b. to request that gateway forward the connection request to the file server

c. to obtain a dynamic IP address from the server

d. to test that the host has the capability to reach hosts on other networks

A user gets an IP address of 192.168.0.1 from the company network administrator. A friend of the user at a different company gets the same IP address on another PC. How can two PCs use the same IP address and still reach the Internet, send and receive email, and search the web?

a. ISPs use Domain Name Service to change a user IP address into a public IP address that can be used on the Internet.

b. Both users must be using the same Internet Service Provider.

c. Both users must be on the same network.

d. ISPs use Network Address Translation to change a user IP address into an address that can be used on the Internet.

How many host addresses are available on the 192.168.10.128/26 network?

a. 30
b. 32
c. 60
d. 62
e. 64

What are the three ranges of IP addresses that are reserved for internal private use? (Choose three.)

a. 64.100.0.0/14
b. 192.168.0.0/16
c. 192.31.7.0/24
d. 172.16.0.0/12
e. 10.0.0.0/8
f. 127.16.0.0/12

A host PC is attempting to lease an address through DHCP. What message is sent by the server to let the client know it is able to use the provided IP information?

a. DHCPOFFER
b. DHCPREQUEST
c. DHCPACK
d. DHCPNACK

An employee complains that a Windows PC cannot connect to the Internet. A network technician issues the ipconfig command on the PC and is shown an IP address of 169.254.10.3. Which two conclusions can be drawn? (Choose two.)

a. The PC is configured to obtain an IP address automatically.
b. The default gateway address is not configured.
c. The DNS server address is misconfigured.
d. The enterprise network is misconfigured for dynamic routing.
e. The PC cannot contact a DHCP server.

What is a function of the tracert command that differs from the ping command when they are used on a workstation?

a. The tracert command is used to test the connectivity between two devices.

b. The tracert command reaches the destination faster.

c. The tracert command shows the information of routers in the path.

d. The tracert command sends one ICMP message to each hop in the path.

Which two functions or operations are performed by the MAC sublayer? (Choose two.)

a. It is responsible for Media Access Control.

b. It performs the function of NIC driver software.

c. It adds a header and trailer to form an OSI Layer 2 PDU.

d. It handles communication between upper and lower layers.

e. It adds control information to network protocol layer data.

Which field in an IPv4 packet header will typically stay the same during its transmission?

a. Flag
b. Time-to-Live
c. Packet Length
d. Destination Address

What is the process of dividing a large data stream into smaller pieces prior to transmission?

a. Sequencing
b. Duplexing
c. Multiplexing
d. Segmentation

What is the PDU associated with the transport layer?

a. segment
b. Packet
c. Bits
d. frame

Which protocol stack layer encapsulates data into frames?

a. Data link
b. Transport
c. Network
d. Application

What is the name of the process of adding protocol information to data as it moves down the protocol stack?

a. de-encapsulation
b. Sequencing
c. Segmentation
d. Encapsulation

A host is transmitting a broadcast. Which host or hosts will receive it?

a. all hosts on the Internet
b. the closest neighbor on the same network
c. a specially defined group of hosts
d. all hosts in the same network

Which statement describes a characteristic of cloud computing?

a. Applications can be accessed over the Internet by individual users or businesses using any device, anywhere in the world.

b. Investment in new infrastructure is required in order to access the cloud.

c. Devices can connect to the Internet through existing electrical wiring.

d. A business can connect directly to the Internet without the use of an ISP.

A network administrator can successfully ping the server at www.cisco.com, but cannot ping the company web server located at an ISP in another city. Which tool or command would help identify the specific router where the packet was lost or delayed?

a. Ipconfig
b. Netstat
c. Traceroute
d. Telnet

Which OSI model layer contains protocols for process-to-process communication?

a. Session
b. Network
c. Transport
d. Application

At which OSI layer is a destination port number added to a PDU during the encapsulation process?

a. network layer
b. data link layer
c. application layer
d. transport layer

What process involves placing one PDU inside of another PDU?

a. Encoding
b. Encapsulation
c. Segmentation
d. flow control

Which statement accurately describes a TCP/IP encapsulation process when a PC is sending data to the network?

a. Frames are sent from the network access layer to the internet layer.

b. Data is sent from the internet layer to the network access layer.

c. Segments are sent from the transport layer to the internet layer.

d. Packets are sent from the network access layer to the transport layer.

A web client is receiving a response for a web page from a web server. From the perspective of the client, what is the correct order of the protocol stack that is used to decode the received transmission?

a. HTTP, Ethernet, IP, TCP
b. HTTP, TCP, IP, Ethernet
c. Ethernet, IP, TCP, HTTP
d. Ethernet, TCP, IP, HTTP

How does BYOD change the way in which businesses implement networks?

a. BYOD provides flexibility in where and how users can access network resources.

b. BYOD users are responsible for their own network security, thus reducing the need for organizational security policies.

c. BYOD devices are more expensive than devices that are purchased by an organization.

d. BYOD requires organizations to purchase laptops rather than desktops.

In computer communication, what is the purpose of message encoding?

a. to break large messages into smaller frames

b. to convert information to the appropriate form for transmission

c. to negotiate correct timing for successful communication

d. to interpret information

Which statement is true about the TCP/IP and OSI models?

a. The TCP/IP transport layer and OSI Layer 4 provide similar services and functions.

b. The TCP/IP network access layer has similar functions to the OSI network layer.

c. The OSI Layer 7 and the TCP/IP application layer provide identical functions.

d. The first three OSI layers describe general services that are also provided by the TCP/IP internet layer.

What method can be used by two computers to ensure that packets are not dropped because too much data is being sent too quickly?

a. access method
b. flow control
c. response timeout
d. encapsulation

Which Ethernet frame field assists a host in determining if the frame that is received is addressed to it?

a. source address
b. Preamble
c. destination address
d. frame check sequence

Which Ethernet frame field notifies destinations to get ready for a new frame?

a. Preamble
b. Type
c. destination address
d. frame check sequence

Which Ethernet frame field describes the higher-layer protocol that is encapsulated?

a. data field
b. destination address
c. Type/Length
d. frame check sequence

Which part of the Ethernet frame helps a destination detect if there are errors in a frame?

a. start frame delimiter
b. frame check sequence
c. Preamble
d. data field

Which OSI layer sends segments to be encapsulated in an IPv4 or IPv6 packet?

a. data link layer
b. network layer
c. transport layer
d. session layer

Which layer is responsible for taking an IP packet and preparing it for transmission over the communications medium?

a. physical layer
b. network layer
c. data link layer
d. transport layer

What is the term for splitting up an IP packet when forwarding it from one medium to another medium with a smaller MTU?

a. Encapsulation
b. Fragmentation
c. Segmentation
d. Serialization

Which delivery method does not guarantee that the packet will be delivered fully without errors?

a. Connectionless
b. best effort
c. media independent

What are the two most commonly referenced fields in an IPv4 packet header that indicate where the packet is coming from and where it is going? (Choose two.)

a. destination IP address
b. Protocol
c. Time to Live
d. source IP address
e. Differentiated Services (DS)

Which statement is correct about IPv4 packet header fields?

a. The source and destination IPv4 addresses remain the same while travelling from source to destination.

b. The Time to Live field is used to determine the priority of each packet.

c. The Total Length and Header Checksum fields are used to reorder a fragmented packet.

d. The Version field identifies the next level protocol.

Which field is used to detect corruption in the IPv4 header?

a. Header Checksum
b. Time to Live
c. Protocol
d. Differentiated Services (DS)

Which field includes common values such as ICMP (1), TCP (6), and UDP (17)?

a. Header Checksum
b. Time to Live
c. Protocol
d. Differentiated Services (DS)

Which two statements are correct about an IPv4 address? (Choose two.)

a. It contains a network portion.
b. It contains a host portion.
c. It is 24 bits in length.
d. The information within the IPv4 address is sufficient for determining the network portion and host portion of the address.

Which two statements are correct about an IPv4 subnet mask? (Choose two.)

a. It is 24 bits in length.

b. It differentiates the network portion from the host portion of an IPv4 address.

c. It is any combination of 0 and 1 bits.

d. It is a consecutive sequence of 0 bits followed by a consecutive sequence of 1 bits.

e. The 1 bits determine the network portion of an IPv4 address, and the 0 bits determine the host portion.

Which three statements are correct about the AND operation? (Choose three.)

a. The AND operation is performed between an IPv4 address and subnet mask.

b. The AND operation is performed between two IPv4 addresses.

c. 1 AND 1 results in a 0

d. 1 AND 0 results in a 0

e. It is used to determine the network and host portions of an IPv4 address.

What is the result of a logical AND operation of: 10.128.17.4 255.255.240.0?

a. The IPv4 network address of 10.128.0.0 255.255.240.0
b. The IPv4 network address of 10.128.16.0 255.255.240.0
c. The IPv4 network address of 10.128.17.0 255.255.240.0
d. The IPv4 network address of 10.128.17.4 255.255.240.0

Which statement about host forwarding decisions is true?

a. A host cannot ping itself.

b. A remote destination host is on the same local network as the sending host.

c. Local hosts can reach each other without the need of a router.

d. Routing is enabled on switches to discover the best path to a destination.