Certkillers CND 312-38 exam prep (1-50)

Management decides to implement a risk management system to reduce and maintain the organization's risk at an acceptable level. Which of the following is the correct order in the risk management phase?

A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review

B. Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment

C. Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification

D. Risk Identification. Risk Assessment. Risk Monitoring & Review, Risk Treatment

A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review

John has implemented________in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.

A. DMZ

B. Proxies

C. VPN

D. NAT

D. NAT

What command is used to terminate certain processes in an Ubuntu system?

A. #grep Kill [Target Process}

B. #kill-9[PID]

C. #ps ax Kill

D. # netstat Kill [Target Process]

C. #ps ax Kill

Consider a scenario consisting of a tree network. The root Node N is connected to two main nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22. What will happen if any one of the main nodes fail?

A. Failure of the main node affects all other child nodes at the same level irrespective of the main node.

B. Does not cause any disturbance to the child nodes or its tranmission

C. Failure of the main node will affect all related child nodes connected to the main node

D. Affects the root node only

C. Failure of the main node will affect all related child nodes connected to the main node

Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures. What is Stephanie working on?

A. Confidentiality

B. Availability

C. Data Integrity

D. Usability

C. Data Integrity

An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

A. Install a CCTV with cameras pointing to the entrance doors and the street

B. Use fences in the entrance doors

C. Use lights in all the entrance doors and along the company's perimeter

D. Use an IDS in the entrance doors and install some of them near the corners

A. Install a CCTV with cameras pointing to the entrance doors and the street

Eric is receiving complaints from employees that their systems are very slow and experiencing odd issues including restarting automatically and frequent system hangs. Upon investigating, he is convinced the systems are infected with a virus that forces systems to shut down automatically after period of time. What type of security incident are the employees a victim of?

A. Scans and probes

B. Malicious Code

C. Denial of service

D. Distributed denial of service

B. Malicious Code

-----------is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

A. 802.15.4

B. 802.15

C. 802.12

D. 802.16

D. 802.16

The network admin decides to assign a class B IP address to a host in the network. Identify which of the following addresses fall within a class B IP address range.

A. 255.255.255.0

B. 18.12.4.1

C. 172.168.12.4

D. 169.254.254.254

C. 172.168.12.4

Rick has implemented several firewalls and IDS systems across his enterprise network. What should he do to effectively correlate all incidents that pass through these security controls?

A. Use firewalls in Network Address Transition (NAT) mode

B. Implement IPsec

C. Implement Simple Network Management Protocol (SNMP)

D. Use Network Time Protocol (NTP)

D. Use Network Time Protocol (NTP)

Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need. Which of the following factors will the administrator deciding on the appropriate backup medium?

A. Capability

B. Accountability

C. Extensibility

D. Reliability

A. Capability

C. Extensibility

D. Reliability

Which of the following network monitoring techniques requires extra monitoring software or hardware?

A. Non-router based

B. Switch based

C. Hub based

D. Router based

D. Router based

Steven's company has recently grown from 5 employees to over 50. Every workstation has a public IP address and navigated to the Internet with little to no protection. Steven wants to use a firewall. He also wants IP addresses to be private addresses, to prevent public Internet devices direct access to them. What should Steven implement on the firewall to ensure this happens?

A. Steven should use a Demilitarized Zone (DMZ)

B. Steven should use Open Shortest Path First (OSPF)

C. Steven should use IPsec

D. Steven should enabled Network Address Translation(NAT)

D. Steven should enabled Network Address Translation(NAT)

What is the name of the authority that verifies the certificate authority in digital certificates?

A. Directory management system

B. Certificate authority

C. Registration authority

D. Certificate Management system

D. Certificate Management system

Will is working as a Network Administrator. Management wants to maintain a backup of all the company data as soon as it starts operations. They decided to use a RAID backup storage technology for their data backup plan. To implement the RAID data backup storage, Will sets up a pair of RAID disks so that all the data written to one disk is copied automatically to the other disk as well. This maintains an additional copy of the data.

Which RAID level is used here?

A. RAID 3

B. RAID 1

C. RAID 5

D. RAID 0

B. RAID 1

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the

network. What will be first reaction as a first responder?

your first reaction as a first responder?

A. Avoid Fear, Uncertainty and Doubt

B. Communicate the incident

C. Make an initial assessment

D. Disable Virus Protection

A. Avoid Fear, Uncertainty and Doubt

If a network is at risk from unskilled individuals, what type of threat is this?

A. External Threats

B. Structured Threats

C. Unstructured Threats

D. Internal Threats

C. Unstructured Threats

According to the company's security policy, all access to any network resources must use Windows Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is not using Authentication. What needs to happen to force this server to use Windows Authentication?

A. Edit the ADLIN file.

B. Edit the shadow file.

C. Remove the /var/bin/localauth.conf file.

D. Edit the PAM file to enforce Windows Authentication

D. Edit the PAM file to enforce Windows Authentication

Kelly is taking backups of the organization's data. Currently, he is taking backups of only those files which are created or modified after the last backup. What type of backup is Kelly using?

A. Full backup

B. Incremental backup

C. Differential Backup

D. Normal Backup

B. Incremental backup

John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?

A. Tcp.flags==0x2b

B. Tcp.flags=0x00

C. Tcp.options.mss_val<1460

D. Tcp.options.wscale_val==20

A. Tcp.flags==0x2b

B. Tcp.flags=0x00

C. Tcp.options.mss_val<1460

A company has the right to monitor the activities of their employees on different information systems according to the _______policy.

A. Information system

B. User access control

C. Internet usage

D. Confidential data

B. User access control

Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office. What layer of the OSI model do IPsec tunnels function on?

A. The data link layer

B. The session layer

C. The network layer

D. The application and physical layers

C. The network layer

Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. What is the last step he should list?

A. Assign eradication.

B. Recovery

C. Containment

D. A follow-up.

D. A follow-up.

Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

A. Pipe Model

B. AAA model

C. Hub-and-Spoke VPN model

D. Hose mode

A. Pipe Model

James was inspecting ARP packets in his organization's network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they originating. Which type of attack is James analyzing?

A. ARP Sweep

B. ARP misconfiguration

C. ARP spoofinq

D. ARP Poisioning

A. ARP Sweep

Alex is administrating the firewall in the organization's network. What command will he use to check the ports applications open?

A. Netstat -an

B. Netstat -o

C. Netstat -a

D. Netstat -ao

A. Netstat -an

The risk assessment team in Southern California has estimated that the probability of an incident that has potential to impact almost 80% of the bank's business is very high. How should this risk be categorized in the risk matrix?

A. High

B. Medium

C. Extreme

D. Low

C. Extreme

Identify the minimum number of drives required to setup RAID level 5.

A. Multiple

B. 3

C. 4

D. 2

B. 3

Timothy works as a network administrator in a multinational organization. He decides to implement a dedicated network for sharing storage resources. He uses a_______as it seperates the storage units from servers and the user network.

A. SAN

B. SCSA

C. NAS

D. SAS

A. SAN

A local bank wants to protect their card holder data. The bank should comply with the________standard to ensure the security of card holder data.

A. HIPAA

B. ISEC

C. PCI DSS

D. SOAX

C. PCI DSS

Sam wants to implement a network-based IDS in the network. Sam finds out the one IDS solution which works is based on patterns matching. Which type of network-based IDS is Sam implementing?

A. Behavior-based IDS

B. Anomaly-based IDS

C. Stateful protocol analysis

D. Signature-based IDS

D. Signature-based IDS

John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?

A. Application level gateway

B. Stateful Multilayer Inspection

C. Circuit level gateway

D. Packet Filtering

C. Circuit level gateway

You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification. What type of device are you suggesting?

A. The best solution to cover the needs of this company would be a HIDS device.

B. A NIDS device would work best for the company

C. You are suggesting a NIPS device

D. A HIPS device would best suite this company

B. A NIDS device would work best for the company

Management wants to calculate the risk factor for their organization. Kevin, a network administrator in the organization knows how to calculate the risk factor. Certain parameters are required before calculating risk

factor. What are they?

(Select all that apply) Risk factor =.............X. ..............X...........

A. Vulnerability

B. Impact

C. Attack

D. Threat

A. Vulnerability

B. Impact

D. Threat

Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle's company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be

easy to and be network-wide. What type of solution would be best for Lyle?

A. A NEPT implementation would be the best choice.

B. To better serve the security needs of his company, Lyle should use a HIDS system.

C. Lyle would be best suited if he chose a NIPS implementation

D. He should choose a HIPS solution, as this is best suited to his needs.

C. Lyle would be best suited if he chose a NIPS implementation

Sam, a network administrator is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he the traffic?

A. Tcp.flags==0x000

B. Tcp.flags==0000x

C. Tcp.flags==000x0

D. Tcp.flags==x0000

A. Tcp.flags==0x000

Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21. What does this source address signify?

A. This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.

B. This source address is IPv6 and translates as 13.1.68.3

C. This source address signifies that the originator is using 802dot1x to try and penetrate into Frank's network

D. This means that the source is using IPv4

D. This means that the source is using IPv4

The IR team and the network administrator have successfully handled a malware incident on the network. The team is now preparing countermeasure guideline to avoid a future occurrence of the malware incident. Which of the following countermeasure(s) should be added to deal with future malware incidents? (Select all that apply)

A. Complying with the company's security policies

B. Implementing strong authentication schemes

C. Implementing a strong password policy

D. Install antivirus software

D. Install antivirus software

Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?

A. System Specific Security Policy (SSSP)

B. Incident Response Policy (IRP)

C. Enterprise Information Security Policy (EISP)

D. Issue Specific Security Policy (ISSP)

A. System Specific Security Policy (SSSP)

The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and you are now working on updating the Red Hat computers. What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update currently installed packages?

A. You should run the up2date -d -f -u command

B. You should run the up2data -u command

C. You should run the WSUS -d -f -u command.

D. You should type the sysupdate -d command

A. You should run the up2date -d -f -u command

Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network vulnerability assessment plan?

A. Their first step is to analyze the data they have currently gathered from the company or interviews.

B. Their first step is to make a hypothesis of what their final findings will be.

C. Their first step is to create an initial Executive report to show the management team.

D. Their first step is the acquisition of required documents, reviewing of security policies and compliance.

D. Their first step is the acquisition of required documents, reviewing of security policies and compliance.

Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?

A. ISO/IEC 27004

B. ISO/IEC 27002

C. ISO/IEC 27006

D. ISO/IEC 27005

D. ISO/IEC 27005

As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2's _________integrity check mechanism provides security against a replay attack

A. CRC-32

B. CRC-MAC

C. CBC-MAC

D. CBC-32

C. CBC-MAC

John wants to implement a packet filtering firewall in his organization's network. What TCP/IP layer does a packet filtering firewall work on?

A. Application layer

B. Network Interface layer

C. TCP layer

D. IP layer

D. IP layer

Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?

A. Snort is the best tool for their situation

B. They can implement Wireshark

C. They could use Tripwire

D. They need to use Nessus

C. They could use Tripwire

Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?

A. Based on approval from management

B. Based on a first come first served basis

C. Based on a potential technical effect of the incident

D. Based on the type of response needed for the incident

C. Based on a potential technical effect of the incident

Nancy is working as a network administrator for a small company. Management wants to implement a RAID storage for their organization. They want to use the appropriate RAID level for their backup plan that will satisfy the following requirements: 1. It has a parity check to store all the information about the data in multiple drives 2. Help reconstruct the data during downtime. 3. Process the data at a good speed. 4. Should not be expensive. The management team asks Nancy to research and suggest the appropriate RAID level that best suits their requirements. What RAID level will she suggest?

A. RAID 0

B. RAID 10

C. RAID 3

D. RAID 1

C. RAID 3

Which OSI layer does a Network Interface Card (NIC) work on?

A. Physical layer

B. Presentation layer

C. Network layer

D. Session layer

A. Physical layer

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an

______for legal advice to them against this allegation. defend

A. PR Specialist

B. Attorney

C. Incident Handler

D. Evidence Manager

B. Attorney

Brendan wants to implement a hardware based RAID system in his network. He is thinking of choosing a suitable RAM type for the architectural setup in the system. The type he is interested in provides access times of up to 20 ns. Which type of RAM will he select for his RAID system?

A. NVRAM

B. SDRAM

C. NAND flash memory

D. SRAM

D. SRAM