- Email support@dumps4free.com
Topic 1: Exam Pool A
You just set up a security system in your network. In what kind of system would you find
the following string of characters used as a rule within its configuration? alert tcp any any ->
192.168.100.0/24 21 (msg: ““FTP on the network!””;)
A.
A firewall IPTable
B.
FTP Server rule
C.
A Router IPTable
D.
An Intrusion Detection System
An Intrusion Detection System
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy
servers, and Intrusion Detection Systems (IDS) on the network of an organization that has
experienced a possible breach of security. When the investigator attempts to correlate the
information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?
A.
The network devices are not all synchronized.
B.
Proper chain of custody was not observed while collecting the logs
C.
The attacker altered or erased events from the logs.
D.
The security breach was a false positive.
The network devices are not all synchronized.
Explanation: Many network and system administrators don't pay enough attention to
system clock accuracy and time synchronization. Computer clocks can run faster or slower
over time, batteries and power sources die, or daylight-saving time changes are forgotten.
Sure, there are many more pressing security issues to deal with, but not ensuring that the
time on network devices is synchronized can cause problems. And these problems often
only come to light after a security incident.
If you suspect a hacker is accessing your network, for example, you will want to analyze
your log files to look for any suspicious activity. If your network's security devices do not
have synchronized times, the timestamps' inaccuracy makes it impossible to correlate log
files from different sources. Not only will you have difficulty in tracking events, but you will
also find it difficult to use such evidence in court; you won't be able to illustrate a smooth
progression of events as they occurred throughout your network.
Which DNS resource record can indicate how long any "DNS poisoning" could last?
A.
MX
B.
SOA
C.
NS
D.
TIMEOUT
SOA
A technician is resolving an issue where a computer is unable to connect to the Internet
using a wireless access point. The computer is able to transfer files locally to other
machines, but cannot successfully reach the Internet. When the technician examines the IP
address and default gateway they are both on the 192.168.1.0/24. Which of the following
has occurred?
A.
The computer is not using a private IP address
B.
The gateway is not routing to a public IP address.
C.
The gateway and the computer are not on the same network
D.
The computer is using an invalid IP address.
The gateway is not routing to a public IP address.
Explanation:
https://en.wikipedia.org/wiki/Private_network
In IP networking, a private network is a computer network that uses private IP address
space. Both the IPv4 and the IPv6 specifications define private IP address ranges. These
addresses are commonly used for local area networks (LANs) in residential, office, and
enterprise environments.
Private network addresses are not allocated to any specific organization. Anyone may use
these addresses without approval from regional or local Internet registries. Private IP
address spaces were originally defined to assist in delaying IPv4 address exhaustion. IP
packets originating from or addressed to a private IP address cannot be routed through the
public Internet.
The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers
Authority (IANA) to reserve the following IPv4 address ranges for private networks:
· 10.0.0.0 – 10.255.255.255
· 172.16.0.0 – 172.31.255.255
· 192.168.0.0 – 192.168.255.255
Backbone routers do not allow packets from or to internal IP addresses. That is, intranet
machines, if no measures are taken, are isolated from the Internet. However, several
technologies allow such machines to connect to the Internet.
· Mediation servers like IRC, Usenet, SMTP and Proxy server
· Network address translation (NAT)
· Tunneling protocol
NOTE: So, the problem is just one of these technologies.
The establishment of a TCP connection involves a negotiation called three-way handshake.
What type of message does the client send to the server in order to begin this negotiation?
A.
ACK
B.
SYN
C.
RST
D.
SYN-ACK
SYN
| Page 7 out of 114 Pages |
| Previous |