Last Updated on September 20, 2021 by Admin 2
312-38 : Certified Network Defender : Part 23
Which of the following types of information can be obtained through network sniffing? (Choose all that apply.)
- DNS traffic
- Telnet passwords
- Programming errors
- Syslog traffic
The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of following physical security measures should the administrator use?
- Video surveillance
Which of the following incident handling stage removes the root cause of the incident?
Justine has been tasked by her supervisor to ensure that the company’s physical security is on the same level as their logical security measures. She installs video cameras at all entrances and exits and installs badge access points for all doors. The last item she wants to install is a method to prevent unauthorized people piggybacking employees. What should she install to prevent piggybacking?
- Justine needs to install a biometrics station at each entrance.
- She should install a mantrap.
- She should install a Thompson Trapdoor.
- Justine will need to install a revolving security door.
An attacker has access to password hashes of a windows 7 computer. Which of the following attacks can the attacker use to reveal the passwords?
- Rainbow table
- Brute force
- Dictionary attacks
Which NIST Incident category includes any activity that seeks to access or identify a federal agency computer, open ports, protocols, service or any combination for later exploit?
- Malicious code
- Scans/ Probes/ Attempted Access
- Improper usage
James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep attack. Which of the following Wireshark filters will he use?
- Icmp.type==8 or icmp.type==16
- icmp.type==8 or icmp.type==0
- icmp.type==8 and icmp.type==0
- Icmp.type==0 and icmp.type==16
Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?
- ISO/IEC 27005
- ISO/IEC 27006
- ISO/IEC 27002
- ISO/IEC 27004
Which of the following systems includes an independent NAS Head and multiple storage arrays?
- None of these
- Gateway NAS System
- Integrated NAS System
You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your first reaction as a first responder?
- Avoid Fear, Uncertainty and Doubt
- Communicate the incident
- Make an initial assessment
- Disable Virus Protection
The security network team is trying to implement a firewall capable of operating only in the session layer, monitoring the TCP inter-packet link protocol to determine when a requested session is legitimate or not. Using this type of firewall, they could be able to intercept the communication, making the external network see that the firewall is the source, and facing the user, who responds from the outside is the firewall itself. They are just limiting a requirements previous listed, because they already have a packet filtering firewall and they must add a cheap solution that meets the objective. What kind of firewall would you recommend?
- Packet Filtering with NAT
- Circuit Level Gateway
- Application Proxies
- Application Level Gateways
If a network is at risk resulting from misconfiguration performed by unskilled and/or unqualified individuals, what type of threat is this?
- External Threats
- Unstructured Threats
- Structured Threats
- Internal Threats
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization’s network. Which of following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt? (Choose all that apply.)
Michael decides to view the ________ to track employee actions on the organization’s network.
- Firewall policy
- Firewall settings
- Firewall log
- Firewall rule set
Which of the following acts as a verifier for the certificate authority?
- Registration authority
- Certificate authority
- Directory management system
- Certificate Management system
What is the best way to describe a mesh network topology?
- A network in which every computer in the network has a connection to each and every computer in the network.
- A network in which every computer meshes together to form a hybrid between a star and bus topology.
- A network in which every computer in the network can communicate with a single central computer.
- A network that is extremely cost efficient, offering the best option for allowing computers to communicate amongst each other.
You are tasked to perform black hat vulnerability assessment for a client. You received official written permission to work with: company site, forum, Linux server with LAMP, where this site hosted. Which vulnerability assessment tool should you consider to use?
Which phase of vulnerability management deals with the actions taken for correcting the discovered vulnerability?
Nancy is working as a network administrator for a small company. Management wants to implement a RAID storage for their organization. They want to use the appropriate RAID level for their backup plan that will satisfy the following requirements:
1. It has a parity check to store all the information about the data in multiple drives
2. Help reconstruct the data during downtime.
3. Process the data at a good speed.
4. Should not be expensive.
The management team asks Nancy to research and suggest the appropriate RAID level that best suits their requirements. What RAID level will she suggest?
- RAID 3.
- RAID 1
- RAID 0
- RAID 10
A network designer needs to submit a proposal for a company, which has just published a web portal for its clients on the internet. Such a server needs to be isolated from the internal network, placing itself in a DMZ. Faced with this need, the designer will present a proposal for a firewall with three interfaces, one for the internet network, another for the DMZ server farm and another for the internal network. What kind of topology will the designer propose?
- Screened subnet
- Multi-homed firewall
- Bastion host
- DMZ, External-Internal firewall