600-199 | If an alert that pertains to a remote code execution…

Question: 14

If an alert that pertains to a remote code execution attempt is seen on your network, which step is unlikely to help?

A. looking for anomalous traffic
B. looking for reconnaissance activity
C. restoring the machine to a known good backup
D. clearing the event store to see if future events indicate malicious activity

Answer: D

600-199 | Which event is likely to be a false positive?

Question : 24

Which event is likely to be a false positive?

A. Internet Relay Chat signature with an alert context buffer containing #IPS_ROCS Yay
B. a signature addressing an ActiveX vulnerability alert on a Microsoft developer network documentation page
C. an alert for a long HTTP request with an alert context buffer containing a large HTTP GET request
D. BitTorrent activity detected on ephemeral ports

Answer : B

600-199 Sample Question : 10

 Question : 10

Which network management protocol relies on multiple connections between a managed device and the management station where such connections can be independently initiated by either side?

A. SSH
B. SNMP
C. Telnet
D. NetFlow

Answer : B

600-199 Sample Question : 9

 Question : 9

Which is considered to be anomalous activity?

A. an alert context buffer containing traffic to amazon.com
B. an alert context buffer containing SSH traffic
C. an alert context buffer containing an FTP server SYN scanning your network
D. an alert describing an anonymous login attempt to an FTP server

Answer : C

600-199 Sample Question : 8

Question : 8

Which will be provided as output when issuing the show processes cpu command on a Cisco IOS router?

A. router configuration
B. CPU utilization of device
C. memory used by device processes
D. interface processing statistics

Answer : B

600-199 Sample Question : 7

Question : 7

When investigating potential network security issues, which two pieces of useful information would be found in a syslog message? (Choose two.)

A. product serial number
B. MAC address
C. IP address
D. product model number
E. broadcast address

Answer: B,C

600-199 Sample Question : 6

 Question : 6

If a company has a strict policy to limit potential confidential information leakage, which three alerts would be of concern? (Choose three.)

A. P2P activity detected
B. Skype activity detected
C. YouTube viewing activity detected
D. Pastebin activity detected
E. Hulu activity detected

Answer: A,B,D

600-199 Sample Question : 5

 Question : 5

As a part of incident response, which action should be performed?

A. watch to see if the incident reoccurs
B. custody of information
C. maintain data security and custody for future forensics use
D. classify the problem

Answer: C

Free 600-199 Actual Test exam questions answers. These Q&A online braindumps are free to use for your 600-199 Actual Test practice test. We keep adding more questions so keep coming to get dumps.

Leave a Comment.