If an alert that pertains to a remote code execution attempt is seen on your network, which step is unlikely to help?
A. looking for anomalous traffic
B. looking for reconnaissance activity
C. restoring the machine to a known good backup
D. clearing the event store to see if future events indicate malicious activity
For TCP and UDP, what is the correct range of well-known port numbers?
A. 0 – 1023
B. 1 – 1024
C. 1 – 65535
D. 0 – 65535
E. 024 – 65535
Which three post-mortem steps are critical to help prevent a network attack from reoccurring? (Choose three.)
A. Document the incident in a report.
B. Collect “show” outputs after the attack.
C. Involve law enforcement officials.
D. Create a “lessons learned” collection.
E. Update the security rules for edge devices.
F. Revise the network security policy.
Question : 24
Which event is likely to be a false positive?
A. Internet Relay Chat signature with an alert context buffer containing #IPS_ROCS Yay
B. a signature addressing an ActiveX vulnerability alert on a Microsoft developer network documentation page
C. an alert for a long HTTP request with an alert context buffer containing a large HTTP GET request
D. BitTorrent activity detected on ephemeral ports
Answer : B
Question : 10
Which network management protocol relies on multiple connections between a managed device and the management station where such connections can be independently initiated by either side?
Answer : B
Question : 9
Which is considered to be anomalous activity?
A. an alert context buffer containing traffic to amazon.com
B. an alert context buffer containing SSH traffic
C. an alert context buffer containing an FTP server SYN scanning your network
D. an alert describing an anonymous login attempt to an FTP server
Answer : C
Question : 8
Which will be provided as output when issuing the show processes cpu command on a Cisco IOS router?
A. router configuration
B. CPU utilization of device
C. memory used by device processes
D. interface processing statistics
Answer : B
Question : 7
When investigating potential network security issues, which two pieces of useful information would be found in a syslog message? (Choose two.)
A. product serial number
B. MAC address
C. IP address
D. product model number
E. broadcast address
Question : 6
If a company has a strict policy to limit potential confidential information leakage, which three alerts would be of concern? (Choose three.)
A. P2P activity detected
B. Skype activity detected
C. YouTube viewing activity detected
D. Pastebin activity detected
E. Hulu activity detected
Question : 5
As a part of incident response, which action should be performed?
A. watch to see if the incident reoccurs
B. custody of information
C. maintain data security and custody for future forensics use
D. classify the problem