NETAUTH FINAL 22

Which type of firewall filters information at Layers 3, 4, 5, and 7 of the OSI reference model?
Click the card to flip 👆
1 / 257
Terms in this set (257)
Which type of firewall filters information at Layers 3, 4, 5, and 7 of the OSI reference model?
Application Gateway
Which type of firewall is a combination of various firewall types?
Hybrid
Which type of firewall is part of a router firewall, permitting or denying traffic based on Layer 3 and Layer 4 information?
Packet Filtering
Which type of firewall is a PC or server with firewall software running on it?
Host-based
Which type of firewall filters IP traffic between a pair of bridged interfaces?
Transparent
Which network security design typically uses one inside interface, one outside interface, and one DMZ interface?
Demilitarized
Which security design uses different types of firewalls and security measures that are combined at different areas of the network to add depth to the security of an organization ?
Layered Defense
Which three statements describe trusted and untrusted areas of the network? (Choose three.)
- The public internet is generally considered untrusted
- Internal networks, except the dmz, are considered trusted
- In a ZPF network, traffic that moves within zones is generally considered trusted
Which network design groups interfaces into zones with similar functions or features?
ZPF
What are two best practices when implementing firewall security policies?
Disable unnecessary network services
What is one benefit of using a next-generation firewall rather than a stateful firewall?Integrated use of an intrusion prevention system (IPS)Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.)- Layer 3 - Layer 4 - Layer 5Which statement is a characteristic of a packet filtering firewall?They are susceptible to IP spoofingWhich type of firewall is supported by most routers and is the easiest to implement?Packet filtering firewallWhich type of traffic is usually blocked when implementing a demilitarized zone?Traffic originating from the DMZ network and traveling to the private network.What are two characteristics of an application gateway firewall? (Choose two.)- Analyzes traffic at Layers 3, 4, 5, and 7 of the OSI model - Performs most filtering and firewall control in softwareWhich type of firewall generally has a low impact on network performance?stateless firewallWhich type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information?Packet filtering firewallHow does a firewall handle traffic that is originating from the DMZ network and traveling to a private network?Traffic is usually blocked when it is origination from the DMZ network and traveling to a private networkWhich two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.)- UDP - ICMPWhat are two benefits of implementing a firewall in a network? (Choose two.)- A firewall will sanitize protocol flow - A firewall will reduce security management complexityWhen implementing a ZPF, which statement describes a zone?A zone is a group of one or more interfaces that have similar functions or features.Which statement accurately describes Cisco IOS zone-based policy firewall operation?The pass action works in only one directionsHow does ZPF handle traffic between an interface that is a zone member and another interface that does not belong to any zone?DropWhich statement describes a factor to be considered when configuring a zone-based policy firewall?A zone must be configured with the zone security global command before it can be used in the zone-member security commandWhich statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?By default, traffic is allowed to flow among interfaces that are members of the same zoneDesigning a ZPF requires several steps. Which step involves defining boundaries where traffic is subjected to policy restrictions as it crosses to another region of the network?determine the zonesWhen a Cisco IOS zone-based policy firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)- Inspect - DropWhich three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone member interfaces? (Choose three.)- To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone. - Pass, inspect, and drop options can only be applied between two zones. - If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.Which statement describes a feature of a zone-based policy firewall?It does not depends on ACL'sIn what step of zone-based policy firewall configuration is traffic identified for policy application?Configuring Class MapsWhen configuring a class map for a zone-based policy firewall, how is the match criteria applied when using the match-all parameter?Traffic must match all of the match criteria specified in the statement.In ZPF design, what is described as the self zone?The router itself, including all interfaces with assigned IP addresses.Which statement describes a zone when implementing ZPF on a Cisco router?A zone establishes a security border of a network.More vulnerable to network security evasion techniques enabled by various network attack methods (IDP or IPS)IDSCan affect network performance by introducing latency and jitter (IDP or IPS)IPSMust be implemented so that time-sensitive applications are not adversely affected (IDP or IPS)IPSCannot stop the trigger packet and is not guaranteed to stop a connection (IDP or IPS)IDSDeployed in offline mode (IDP or IPS)IDSCan use stream normalization techniques to reduce or eliminate many of the network security evasion capabilities that exist (IDP or IPS)IPSCan be configured to perform a packet drop to stop the trigger packet (IDP or IPS)IPSPrimarily focused on identifying possible incidents, logging information about the incidents, and reporting the incidents (IDP or IPS)IDSMust be deployed inline, and traffic must be able to pass through it (IDP or IPS)IPSLess helpful in stopping email viruses and automated attacks, such as worms (IDP or IPS)IDSTrue or False? A HIPS can be configured in either promiscuous or inline mode.FalseWhat is true of a NIPS that is running in inline mode?It can add latency to the networkWhat is true of a HIPS?HIPS software combines anti-virus, anti-malware, and firewall functionalityWhat is an example of a HIPS?Windows DefenderSnort IPS is available on which router platform?Cisco 4000Where does the Snort engine run?Service ContainerIn which operating mode does Snort IDS inspect traffic and report alerts, but does not take any action to prevent attacks?IDS modeWhat is an IPS signature?It is a set of rules used to detect typical intrusive activityWhich network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?Network TapWhat is a characteristic of an IPS operating in inline-mode?It can stop malicious traffic from reaching the intended targetWhat is a zero-day attack?It is a computer attack that exploits unreported software vulnerabilitiesWhat is a feature of an IPS?It can stop malicious packetsWhich network monitoring technology passively monitors network traffic to detect attacks?IDSWhich open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks?Snort IPSWhich Cisco platform supports Cisco Snort IPS?4000 series ISRWhich device supports the use of SPAN to enable monitoring of malicious activity?Cisco Catalyst SwitchWhat is a host-based intrusion detection system (HIDS)?It combines the functionalities of antimalware applications with firewall protectionWhich network monitoring capability is provided by using SPAN?Traffic Exiting and entering a switch is copied to a network monitoring deviceWhat network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?SPANWhich statement correctly describes the configuration of a Snort VPG interface?The VPG0 interface must have a routable address with access to the internetWhich action logs the IP address from a malicious source only and sends an alert?Log attacker packetsWhich action terminates a malicious packet only?Deny packet inlineWhich action makes the IPS device send TCP resets to hijack and terminate a TCP flow?Reset TCP connectionWhat are the three actions supported by Snort IDS? (Choose three.)- Alert - Log - PassWhich two options are components of Snort IPS that is running on an ISR 4000? (Choose two.)- Snort engine - Snort rule SetWhich type of file contains a compressed, installable version of the Snort IPS virtual machine?OVAWhich Snort IPS interface statement is true?Two virtual port group interfaces are requiredWhich IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern?Pattern-Based DetectionWhat term describes a set of rules used by an IDS or IPS to detect typical intrusion activity?SignatureWhich type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic?False positiveWhat is a characteristic of the Snort subscriber rule set term-based subscription?It is available for a feeWhich classification indicates that an alert is verified as an actual security incident?True positiveWhich intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco?Cisco IOS IPSWhat are three actions that can be performed by Snort in IDS mode? (Choose three.)- Log - Pass - AlertWhich device is a dedicated inline threat prevention appliance that is effective against both known and unknown threats?Cisco FirePOWER NGIPSWhich rule action will cause Snort IPS to block a packet without logging it?SdropWhat is the source for IPS rule updates when using a Cisco intrusion prevention service?Cisco TalosWhich statement is true about ASA CLI and IOS CLI commands? Both CLIs recognize the Tab key to complete a partial command. Only the ASA CLI requires the use of Ctrl-C to interrupt show commands. The ASA CLI does not recognize the write erase command, but the IOS CLI does. The show ip interface brief command is valid for both CLIs.Both CLIs recognize the Tab key to complete a partial command.Which command is used on an ASA to enable password encryption and encrypt all user passwords? password encryption aes service password-encryption key config-key password-encryption [ new-pass [ old-pass ]] enable password passwordpassword encryption aesWhich object or object group is required to implement NAT on an ASA 5506-X device? protocol object group network object service object network objectnetwork objectWhich type of NAT would be used on an ASA where 10.0.1.0/24 inside addresses are to be translated only if traffic from these addresses is destined for the 198.133.219.0/24 network? dynamic NAT policy NAT static NAT dynamic PATpolicy NATWhich option lists the four steps to configure the Modular Policy Framework on an ASA? 1) Configure a policy map to apply actions to the identified traffic. 2) Configure a service policy to identify which interface should be activated for the service. 3) Configure extended ACLS to identify specific granular traffic. This step may be optional. 4) Configure the class map to define interesting traffic. 1) Configure extended ACLS to identify specific granular traffic. This step may be optional. 2) Configure the class map to define interesting traffic. 3) Configure a service policy to identify which interface should be activated for the service. 4) Configure a policy map to apply actions to the identified traffic. 1) Configure extended ACLS to identify specific granular traffic. This step may be optional. 2) Configure the class map to define interesting traffic. 3) Configure a policy map to apply actions to the identified traffic. 4) Configure a service policy to identify which interface should be activated for the service 1) Configure a service policy to identify which interface should be activated for the service. 2) Configure extended ACLS to identify specific granular traffic. This step may be optional. 3) Configure the class map to define interesting traffic. 4) Configure a policy map to apply actions to the identified traffic.1) Configure extended ACLS to identify specific granular traffic. This step may be optional. 2) Configure the class map to define interesting traffic. 3) Configure a policy map to apply actions to the identified traffic. 4) Configure a service policy to identify which interface should be activated for the serviceA network technician is attempting to resolve problems with the NAT configuration on an ASA. The technician generates a ping from an inside host to an outside host. Which command verifies that addresses are being translated on the ASA? show ip address show xlate show running-config show ip nat translationshow xlateWhat type of ACL is designed for use in the configuration of an ASA to support filtering for clientless SSL VPNs? Webtype Standard EtherType ExtendedWebtypeWhat is a difference between ASA IPv4 ACLs and IOS IPv4 ACLs? ASA ACLs use forward and drop ACEs, whereas IOS ACLs use permit and deny ACEs. ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard mask. ASA ACLs are always named, whereas IOS ACLs are always numbered. ASA ACLs do not have an implicit deny any at the end, whereas IOS ACLs do.ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard mask.Which two types of objects can be configured on an ASA device? (Choose two.) protocol ICMP-type network service security usernetwork serviceWhich statement describes a feature of AAA in an ASA device? Accounting can be used alone. Authorization is enabled by default. Both authorization and accounting require a user to be authenticated first. If authorization is disabled, all authenticated users will have a very limited access to the commands.Accounting can be used alone.What worm mitigation phase involves actively disinfecting infected systems? Innoculation. Containment. Treatment. Quarantine. De-worming.Treatment.What security tool allows a threat actor to hack into a wireless network and detect security vulnerabilities? SuperScan. KisMac. Click fuzzers. Nmap. Open VAS. Wire Shark.KisMac.What three items are components of the CIA triad? (Choose three.) NSA, DHS and FBI. Confidentiality. Availability. Integrity. Scalbility. Intevention. Access.Confidentiality. Availability. Integrity.Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data? Statement of Authority. Acceptable use policy. Identification and authentication policy. Statement of Scope. Internet access policy.Identification and authentication policy.What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date? Mitre FireEye CybOX TalosTalosWhich security implementation will provide control plane protection for a network device? There is no ability to secure the control plane. Routing Protocol Authentication. Encryption for remote access connection. NTP for consistent timestamps on logging messages. AAA for authenticating management access. AAA provides free road-side assitance. Question 7Routing Protocol Authentication.What functional area of the Cisco Network Foundation Protection framework uses protocols such as Telnet and SSH to manage network devices? Management plane. Control plane. Data plane. Fowarding plane.Management plane.How does BYOD change the way in which businesses implement networks? BYOD users are responsible for their own network security, thus reducing the need for organizational security policies. BYOD devices are more expensive than devices purchased by the organizations. BYOD devices changed nothing.. BYOD devices provide flexibility in where and how users can access network resources. BYOD users are better at securing their devices than the IT Department.BYOD devices provide flexibility in where and how users can access network resources.With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach? Security Onion. Cabbage. Artichoke. Carrots. MushroomsArtichoke.What method can be used to mitigate ping sweeps? Blocking ICMP echo and echo-replies at the network edge. Installing antivirus software on hosts. Deploying antisniffer software on hosts. It uses the enable password for authentication. Blocking ICMP echo and echo-replies in the middle of the network.Blocking ICMP echo and echo-replies at the network edge.What is the primary function of SANS? To maintain the Internet Storm Center. To maintain the Weather Channel To foster cooperation and coordinationin information sharing, incident prevention and rapid reaction. To provide vendor neutral education products and career services. To maintain the list of common vulnerabilities.To maintain the Internet Storm CenterWhat is the primary means for mitigating virus and Trojan horse attacks? Antivirus Software. Encryption. Blocking ICMP echo and echo replies. Antisniffer Software.Antivirus Software.A company is planning to use a DMZ for their servers and is concerned about securing the network infrastructure. Which device should the network security team use for the edge router? Firewall. VPN gateway. Cisco Nexus Switch. An intrusion prevention device (IPS).Firewall.Which statement describes a typical security policy for a DMZ firewall configuration? Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with little or no restrictions. Traffic that originates from the DMZ interface is selectively permitted to the outside interface. Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface. Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface. Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.Traffic that originates from the DMZ interface is selectively permitted to the outside interface.Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) Physical Security. Zone Isolation. Router Hardening. Opertaing System Security. Flash Security. Remote Access Security.Physical Security. Router Hardening. Opertaing System Security.What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? (config)# service password-encryption (config)# enable secret Secret_Password (config)# enable password-secret (config)# password secret (config)# secret-encrypt all 0 15(config)# service password-encryptionWhat is one difference between using Telnet or SSH to connect to a network device for management purposes? Telnet sends data in plain text, where as SSH encrypts the data. If you are consoled in to the router locally, there is no difference. Telnet uses UDP and SSH uses HTTPS. Telnet does not provide authentication whereas SSH provides authentication.Telnet sends data in plain text, where as SSH encrypts the data.At what point in the enterprise network are packets arriving from the internet examined prior to entering the network? Network Edge. WAN Edge. Core Router. On a third-party server one hop off-siteNetwork Edge.A network administrator is issuing the login block-for 180 attempts 2 within 30 command on a router. Which threat is the network administrator trying to prevent? A device that is trying to inspect the traffic on a link. An unidentified individual who is trying to access the network equipment room. A worm that is attempting to propagate the network. A user who is trying to guess a password to access the router or a brute force attack.A user who is trying to guess a password to access the router or a brute force attack.What three configuration steps must be performed to implement SSH access to a router? (Choose three.) A user account. A unique hostname. An IP domain name. A password on the console line. An encrypted password. An enable mode password. Standard ACLs can filter on source and destination TCP and UDP ports.A user account. A unique hostname. An IP domain name.What is the purpose of using a banner message on a Cisco network device? It will stop attackers dead in their tracks. It can provide more security by slowing down attacks. It can protect an organization from a legal perspective. It can be used to create a quiet period where remote connections are refused.It can protect an organization from a legal perspective.What is a common security task performed when securing administrative access to a network infrastructure device? Enable at least two ports for remote access. Console Line. Disable discovery protocols for all user-facing ports. Block local access. Log and account for all access.Log and account for all access.Which type of access is secured on a Cisco router or switch with the enable secret command? AUX port. Console Line. Virtual Terminal. PuTTY. Privleged EXEC.Privleged EXEC.Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? Provision the router with the maximum amount of RAM possible. Keep a secure copy of the router Cisco IOS image and router configuration file as a backup. Ensure that users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination. Locate the router in a secure locked room that is accessible only to authorized personelLocate the router in a secure locked room that is accessible only to authorized personelWhat is a good password recommendation for a Cisco router? Use the service password-encryption command to protect a password used to log into a remote device across the network. Use a minimum of 7 characters. Leave it blank, no one would guess that and the brute force attacks don't try that. Use one or more spaces within a multiword passphrase. Zeroize all passwords used (like they showed in the video).Use one or more spaces within a multiword passphrase.A network administrator establishes a connection to a switch via SSH. What characteristic uniquely describes the SSH connection? Direct access to the switch through the use of a terminal emulation program. Remote access to a switch where data is encrypted during the session. Out-of-band access to a switch through the use of a terminal with password authentication. Remote access to the switch through the use of a tlephone dialup connection. On-site access toa switch through the use of a directly connected PC and a console cable.Remote access to a switch where data is encrypted during the session.Which command will move the show interface command to privilege level 10? router(config)# privlege exec level 10 show interface router(config)# privlege level 10 show interface router(config)# show interface level 10 router(config-if)# privlege exec level 10 show interfacerouter(config)# privlege exec level 10 show interfaceWhat does level 5 in the following enable secret global configuration mode command indicate? Router(config)# enable secret level 5 csc5io. The enable secret password is hashed using SHA. The enable secret password grants access to privleged EXEC level 5. The enable secret password can only be enabled by individuals for EXEC level 5. The enable secret passwrod is hashed using MD5.The enable secret password grants access to privleged EXEC level 5.What must be done before any role-based CLI views can be created? Costumes must be purchased. Configure user names and passwords. Issue the aaa new-model command. Create a secret password for the root user. Assign Multiple privlege levels.Issue the aaa new-model command.What is the default privilege level of user accounts created on Cisco routers? 16 0 1 151A network administrator wants to create a new view so that a user only has access to certain configuration commands. In role-based CLI, which view should the administrator use to create the new view? CLI view. Admin view. Root view. Superview. Superuser.Root view.Which two router commands can a user issue when granted privilege level 0? (Choose two.) disable enable ping show help configuredisable helpA network administrator enters the command R1# enable view adminview. What is the purpose of this command? Question options: To create a CLI view named adminview. To enter the root view. To enter a superview named adminview. To enter a CLI view named adminview.To enter a CLI view named adminview.What are three network enhancements achieved by implementing the Cisco IOS software role-based CLI access feature? (Choose three.) security scalability fault tolerance cost reduction operational efficiency availabilitysecurity operational efficiency availabilityWhich range of custom privilege levels can be configured on Cisco routers? 2 through 14 0 through 15 1 through 15 1 through 162 through 14What is a characteristic of the Cisco IOS Resilient Configuration feature? It maintains a secure working copy of the bootstrap startup program. Once issued, the secure boot-configcommand automatically upgrades the configuration archive to a newer version after new configuration commands have been entered. A snapshot of the router running configuration can be taken and securely archived in persistent storage. The secure boot-image command works properly when the system is configured to run an image from a TFTP server.A snapshot of the router running configuration can be taken and securely archived in persistent storage.What service or protocol does the Secure Copy Protocol rely on to ensure that secure copy transfers are from authorized users? SNMP AAA IpSec RadiusAAAWhich statement describes SNMP operation? An SNMP agent that resides on a managed device collects information about the device and stores that information remotely in the MIB that is located on the NMS. A get request is used by the SNMP agent to query the device for data. A set request is used by the NMS to change configuration variables in the agent device. An NMS periodically polls the SNMP agents that are residing on managed devices by using traps to query the devices for data.A set request is used by the NMS to change configuration variables in the agent device.Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? Telnet CDP LLDP SSHCDPWhat is the purpose of issuing the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router? To enable OSPF MD5 authentication on a per-interface basis. To facilitate the establichment of neighbor adjacencies. To configure OSPF MD5 authentication globally on the router. To encrypt OSPF routing updates.To configure OSPF MD5 authentication globally on the router.When password recovery on a router is being performed and the settings in NVRAM have been bypassed, which step should be taken next? Reload the Router. Reset the Router. Copy the contents of the RAM to the NVRAM. Copy the contents of the NVRAM to the RAM.Copy the contents of the NVRAM to the RAM.Which service should be disabled on a router to prevent a malicious host from falsely responding to ARP requests with the intent to redirect the Ethernet frames? LLDP CDP proxy ARP reverse ARPproxy ARPWhich technology allows syslog messages to be filtered to different devices based on event importance? Syslog service timestamps. Syslog severity levels. Syslog service identifiers. Syslog facilities.Syslog severity levels.When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB objects? Community strings. Message integrity. Packet encryption. Source validation. Destination validation.Community strings.A network engineer wants to synchronize the time of a router with an NTP server at the IPv4 address 209.165.200.225. The exit interface of the router is configured with an IPv4 address of 192.168.212.11. Which global configuration command should be used to configure the NTP server as the time source for this router? ntp server 209.165.200.225 ntp server 209.165.200.0 ntp server 192.168.212.11 ntp server s0/0/0ntp server 209.165.200.225Which protocol or service is used to automatically synchronize the software clocks on Cisco routers? Question options: NTP DNS SNMP STPNTPWhat are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.) To ensure faster network convergence. To provide data security through encryption. To prevent data traffic from being redirected and then discarded. To ensure more efficient routing. To prevent redirection of data traffic to an insecure link.To prevent data traffic from being redirected and then discarded. To prevent redirection of data traffic to an insecure link.What are SNMP trap messages? Unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network Messages that are used by the NMS to change configuration variables in the agent device. Messages that are used by the NMS to query the device for data. Messages that are sent periodically by the NMS to the SNMP agents that reside on managed devices to query the device for data.Unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the networkWhat are three functions provided by the syslog service? (Choose three.) To specify the destinations of captured messages. To periodically poll agents for data. To gather logging information for monitoring and troubleshooting. Enable DTP on all trunk ports. To select the type of logging information that is captured.To specify the destinations of captured messages. To gather logging information for monitoring and troubleshooting. To select the type of logging information that is captured.What is a feature of the TACACS+ protocol? It combines authentication and authorization as one process. It encrypts the entire body of the packet for more secure communications. It utilizes UDP to provide more efficient packet transfer. It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.It encrypts the entire body of the packet for more secure communications.A user complains about not being able to gain access to a network device configured with AAA. How would the network administrator determine if login access for the user account is disabled? Use the show aaa local user lockout command. Use the show aaa user command. Use the show running-configuration command. Use the show aaa sessions command.Use the show aaa local user lockout command.What is the first required task when configuring server-based AAA authentication? Configure the IP address of the server. Specify the type of server providing the authentication. Enable AAA globally. Configure the type of AAA authentication.Enable AAA globally.Which functionality does _the TACACS single-connection keyword provide to AAA services? Allows the use of differing keys between the TACACS+ server and the AAA client. Maintains a single UDP connection for the life of the session. Encrypts the data transfer between the TACACS+ server and the AAA client. Enhances the performance of the TCP connectionEnhances the performance of the TCP connectionWhich statement describes a difference between RADIUS and TACACS+? RADIUS encrypts only the password whereas TACACS+ encrypts all communication. RADIUS uses TCP whereas TACACS+ uses UDP. RADIUS separates authentication and authorization whereas TACACS+ combines them as one process. RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not. Neither RADIUS nor TACACS+ is supported by the Cisco Secure ACS software.RADIUS encrypts only the password whereas TACACS+ encrypts all communication.Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform? Authentication. Authorization. Accounting. AuditingAuthorization.What is the purpose of the network security accounting function? To keep track of the actions of a user. To provide challenge and response questions. To require users to prove who they are. To determine which resources a user can access.To keep track of the actions of a user.What is a characteristic of AAA accounting? Accounting can only be enabled for network connections. Possible triggers for the aaa accounting exec default command include start-stop and stop-only. Users are not required to be authenticated before AAA accounting logs their activities on the network. Accounting is concerned with allowing and disallowing authenticated users access to certain areas and programs on the network.Possible triggers for the aaa accounting exec default command include start-stop and stop-only.What does the TACACS+ protocol provide in a AAA deployment? Authorization on a per-user or per-group basis. AAA connectivity via UDP. Password encryption without encrypting the packet. Compatibility with previous TACACS protocols.Authorization on a per-user or per-group basis.When a method list for AAA authentication is being configured, what is the effect of the keyword local? It uses the enable password for authentication. It defaults to the vty line password for authentication. It accepts a locally configured username, regardless of case. The login succeeds, even if all methods return an error.It accepts a locally configured username, regardless of caseWhich term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it? Question options: Authentication. Assigning permissions. Accounting. Authorization.Accounting.Refer to the exhibit. A network administrator is configuring an IPv6 ACL to allow hosts on the 2001:DB8:CAFE:10::/64 network to access remote web servers, except for PC1. However, a user on PC1 can successfully access the web server PC2. Why is this possible? The IPv6 ACL Deny_WEB is applied in the incorrect direction on router R1. The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked. The IPv6 ACL Deny_WEB is applied to the wrong interface of router R1. The IPv6 ACL Deny_WEB is spelled incorrectly when applied to the interface.The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked.Refer to the exhibit. Which statement describes the function of the ACEs? These are optional ACEs that can be added to the end of an IPv6 ACL to allow ICMP messages that are defined in object groups named nd-na and nd-ns. These ACEs allow for IPv6 neighbor discovery traffic. These ACEs must be manually added to the end of every IPv6 ACL to allow IPv6 routing to occur. These ACEs automatically appear at the end of every IPv6 ACL to allow IPv6 routing to occur.These ACEs allow for IPv6 neighbor discovery traffic.What type of ACL offers greater flexibility and control over network access? named standard numbered standard flexible extended detractedextendedRefer to the exhibit. A network administrator wants to create a standard ACL to prevent Network 1 traffic from being transmitted to the Research and Development network. On which router interface and in which direction should the standard ACL be applied? R1 Gi0/0 outbound R2 S0/0/0 inbound R1 S0/0/0 outbound R2 Gi0/0 outbound. R2 Gi0/0 inbound R1 Gi0/0 inboundR2 Gi0/0 outbound.What wild card mask will match networks 172.16.0.0 through 172.19.0.0? 0.252.255.255 0.0.3.255 0.3.255.255 0.0.255.255 0.0.0.2550.3.255.255What is the quickest way to remove a single ACE from a named ACL? Use the no access-list command to remove the entire ACL, then recreate it without the ACE. Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router. Use the no keyword and the sequence number of the ACE to be removed.. Create a new ACL with a different number and apply the new ACL to the router interface.Use the no keyword and the sequence number of the ACE to be removed.What method is used to apply an IPv6 ACL to a router interface? The use of the ipv6 traffic-filter command. The use of the access-class command. The use of the ipv6 access-list command. The use of the ip access-group command.The use of the ip access-group command.In applying an ACL to a router interface, which traffic is designated as outbound? Traffic that is coming from the source IP address into the router. Traffic that is going from the destination IP address into the router. Traffic that is leaving the router and going toward the destination host. The IP atraffic for which the router can find no routing table entryddresses of IPsec peers.Traffic that is leaving the router and going toward the destination host.Which operator is used in an ACL statement to match packets of a specific application? eq gt lt established implicit deny matcheqWhich ICMP message type should be stopped inbound? Echo-reply. Echo. Source quench. Echo-tango. Unreachable.Echo.Which scenario would cause an ACL misconfiguration and deny all traffic? Question options: Apply a standard ACL using the ip access-group out command. Apply a named ACL to a VTY line. Apply a standard ACL in the inbound direction. Apply an ACL that has all deny ACE statements.Apply an ACL that has all deny ACE statements.Which statement describes the default network access control on an ASA firewall device? Inbound traffic from the DMZ network to the inside network is allowed. Inbound traffic from the outside network to the DMZ network is allowed. Returning traffic from the outside network to the inside network is allowed. Outbound traffic from the inside network to the outside network is allowed without inspection.Returning traffic from the outside network to the inside network is allowed.Which two statements describe the 8 Gigabit Ethernet ports in the backplane of a Cisco ASA 5506-X device? (Choose two.) Three of them are routed ports and 5 of them are switch ports. Port 1 is a routed port and the rest are switch ports. They are all routed ports. These ports all require IP add resses. They all can be configured as routed ports or switch ports. They are all switched ports.They are all routed ports. These ports all require IP addresses.Which feature is specific to the Security Plus upgrade license of an ASA and provides increased availability? Routed mode. Redundant ISP connections. Transparent mode. Stateful Packet Inspection.Redundant ISP connections.Which statement describes the Cisco ASAv product? It is a Cisco ASA feature added on a Cisco router. It is a virtual machine version of Cisco ASA product. It is a cloud-based Cisco ASA firewall product. It is a Cisco FirePOWER service that can be added on a Cisco router.It is a virtual machine version of Cisco ASA product.What are two basic configuration requirements for each operational interface on an ASA 5506-X device? (Choose two.) a name an encryption key a security level an ACL assignment a VLAN assignmenta name a security levelWhat is the most trustworthy security level that can be configured on an ASA device interface? 255 100 50 0100What is one of the drawbacks to using transparent mode operation on an ASA device? No support for QoS. No support for IP addressing. No support for management. No support for using an ASA as a Layer 2 switch.No support for QoS.Which service is added to the Cisco ASA 5500 by the ASA 5500-X? Threat control and containment services. FirePOWER service. ASA virtualization. High availability with failover.FirePOWER service.What is a characteristic of ASA security levels? An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level. Each operational interface must have a name and be assigned a security level from 0 to 200. Inbound traffic is identified as the traffic moving from an interface with a higher security level to an interface with a lower security level. The lower the security level on an interface, the more trusted the interface.An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level.Which advanced ASA Firewall feature provides granular access control based on an association of IP addresses to Windows Active Directory login information? Identity firewall. ASA virtualization. High availability with failover. Threat control and containment services. Granulated Access Control Lists (GACL).Identity firewall.Which command is used to enable AAA as part of the 802.1X configuration process on a Cisco device? dot1x pae authenticator aaa new-model dot1x system-auth-control aaa authentication dot1xaaa new-modelWhich host-based security measure is used to restrict incoming and outgoing connections? host-based firewall guest-based firewall antivirus/antimalware software host-based IPS rootkithost-based firewallWhich security service is provided by 802.1x? port-based network access control protection against emerging threats for Cisco products malware analysis and protection across the full attack continuum malware analysis of filesport-based network access controlWhich device is used as the authentication server in an 802.1X implementation? Wireless router. RADIUS server .Ethernet switch .Access point.RADIUS serverA port has been configured for the 802.1X protocol and the client has successfully authenticated. Which 802.1X state is associated with this PC? up enabled authorized forwardingauthorizedWhen using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client? The switch to which the client is connected. The supplicant. The router that is serving as the default gateway. The authentication server.The switch to which the client is connected.When would the authentication port-control command be used during an 802.1X implementation? When a client has sent an EAPOL-logoff message. When the authentication server is located in the cloud. When an organization needs to control the port authorization state on a switch. When the authentication server is located in the cloud.When an organization needs to control the port authorization state on a switch.Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation? TSA WSA AVC ASA ESAWSAA switch has the following command issued as part of an 802.1X deployment. address ipv4 10.1.1.50 auth-port 1812 acct-port 1813 What is the purpose of this command? It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic. It identifies the address of the switch to which the client connects and the ports used for the EAPOL messages. It identifies the address of the RADIUS server and the ports used for EAPOL messages. It identifies the address of the default gateway and the ports used for traffic destined for remote networks.It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic.Websites are rated based on the latest website reputation intelligence. Which endpoint security measure prevents endpoints from connecting to websites that have a bad rating? spam filtering DLP denylisting host-based IPS antimalware softwaredenylistingWhy is it important to protect endpoints? Endpoints are the starting point for VLAN attacks. Endpoints are susceptible to STP manipulation attacks that can disrupt the rest of the LAN. After an endpoint is breached, an attacker can gain access to other devices. A breached endpoint gives a threat actor access to system configuration that can modify security policy.After an endpoint is breached, an attacker can gain access to other devices.What command or action will verify that a VPN tunnel has been established? Issue a show ip interface command. Issue a show crypto isakmp sa command. Issue a show crypto map command. Send interesting traffic from the VPN router interface.Issue a show crypto isakmp sa command.What is negotiated in the establishment of an IPsec tunnel between two IPsec hosts during IKE Phase 1? ISAKMP SA policy DH groups transform sets interesting traffic Secret handshakeISAKMP SA policyWhat three protocols must be permitted through the company firewall for establishment of IPsec site-to-site VPNs? (Choose three.) AH HTTPS ESP ISAKMP NTP SSHAH ESP ISAKMPWhich are the five security associations to configure in ISAKMP policy configuration mode? Hash, Accounting, Group, Lifetime, ESP Hash, Authentication, Group, Lifetime, Encryption Hash, Authorization, Group, Lifetime, Encryption Hash, Authentication, GRE, Lifetime, ESPHash, Authentication, Group, Lifetime, EncryptionA network analyst is configuring a crypto map and has just bound the ACL and the transform set to the map, and set the IPsec tunnel lifetime. What other step completes the configuration of the crypto map? Configure the DH group. Define the interesting traffic. Apply the map to an interface. Configure the SA policy.Configure the DH group.What is the first step in establishing an IPsec VPN? Detection of interesting traffic. Negotiation of ISAKMP policies. Creation of a secure tunnel to negotiate a security association policy. Creation of an IPsec tunnel between two IPsec peers.Detection of interesting traffic.Refer to the exhibit. How will traffic that does not match access list 101 be treated by the router? It will be sent encrypted. It will be blocked. It will be sent unencrypted. It will be discarded.It will be sent unencrypted.Refer to the exhibit. The ISAKMP policy for the IKE Phase 1 tunnel was configured, but the tunnel does not yet exist. Which action should be taken next before IKE Phase 1 negotiations can begin? Bind the transform set with the rest of the IPsec policy in a crypto map. Configure an ACL to define interesting traffic. Configure the IPsec tunnel lifetime. Configure the set of encryption and hashing algorithms that will be used to transform the data sent through the IPsec tunnel.Configure an ACL to define interesting traffic.What is defined by an ISAKMP policy? The security associations that IPsec peers are willing to use. The IP addresses of IPsec peers. Access lists that identify interesting traffic. The preshared keys that will be exchanged between IPsec peers.The security associations that IPsec peers are willing to use.Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? IPSec AES MD5 ESP 3DESIPSecA network administrator is planning a VPN tunnel. Why would the engineer select main mode for IKE Phase 1? It is more secure. It requires less configuration. It is the industry standard. It is quicker.It is more secure.Which statement describes a VPN? VPNs use open source virtualization software to create the tunnel through the Internet. VPNs use dedicated physical connections to transfer data between remote users. VPNs use virtual connections to create a private network through a public network. VPNs use logical connections to create public networks through the Internet.VPNs use virtual connections to create a private network through a public network.What can be used as a VPN gateway when setting up a site-to-site VPN? Cisco AnyConnect. Cisco Router. Cisco Unified Communications Manager. Cisco Catalyst switch.Cisco Router.What is a type of VPN that is generally transparent to the end user? public remote-access site-to-site privatesite-to-siteWhich type of VPN may require the Cisco VPN Client software? A site-to-site VPN. A remote access VPN. MPLS VPN. SSL VPN. Nord VPN.A remote access VPN.Which statement describes a feature of site-to-site VPNs? The VPN connection is not statically defined. Individual hosts can enable and disable the VPN connection. Internal hosts send normal, unencapsulated packets. VPN client software is installed on each host.Internal hosts send normal, unencapsulated packets.Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality? ESP AH DH IP Protocol 50AHWhich IPsec security function provides assurance that the data received via a VPN has not been modified in transit? integrity authentication secure key exchange confidentialityintegrityWhat is the purpose of IKE? VPN key management. Firewall port management. Security appliance configuration. Key transmission.VPN key management.What protocol is used to query the revocation status of an X.509 certificate? OCSP SSL EAP LDAP WPA2OCSPWhat is an appropriate use for class 5 digital certificates? Used for private organizations or government security. Used for online business transactions between companies. Used by organizations for which proof of identity is required. Used for testing in situations in which no checks have been performed.Used for private organizations or government security.Which CA class of digital certificates would be used by individuals to perform email verification? 0 2 1 31In which way does the use of HTTPS increase the security monitoring challenges within enterprise networks? HTTPS traffic enables end-to-end encryption. HTTPS traffic does not require authentication. HTTPS traffic is much faster than HTTP traffic. HTTPS traffic can carry a much larger data payload than HTTP can carry.HTTPS traffic enables end-to-end encryption.What is a purpose of a digital certificate? To support large-scale distribution and identification of public encryption keys. To query for the revocation status of an X.509 certificate. To authenticate and verify that a user who is sending a message is who they claim to be. To assure the authenticity and integrity of software code.To authenticate and verify that a user who is sending a message is who they claim to be.Which technology is used to provide assurance of the authenticity and integrity of software code? Public key infrastructures. Block ciphers. Digital signatures. Certificate authorities.Digital signatures.Which statement describes the use of certificate classes in the PKI? Email security is provided by the vendor, not by a certificate. A class 5 certificate is more trustworthy than a class 4 certificate. The lower the class number, the more trusted the certificate. A vendor must issue only one class of certificates when acting as a CA.A class 5 certificate is more trustworthy than a class 4 certificate.What role does an RA play in PKI? A root CA. A subordinate CA. A super CA. A backup root CA.A subordinate CA.Which protocol uses X.509 certificates to support mail protection performed by mail agents? IPSec S/MIME SSL EAP-TLS PEAPS/MIMEWhat is the purpose of code signing? Integrity of source .EXE files. Data encryption. Source identity secrecy. Reliable transfer of data.Integrity of source .EXE files.What is a feature of asymmetrical encryption? Different keys are used to encrypt and decrypt data. Key lengths are short. in encrypts bulk data quickly. It requires fewer computations than symmetric encryption requires. One key is very long, the other key is very short.Different keys are used to encrypt and decrypt data.What is the reason for HMAC to use an additional secret key as input to the hash function? To provide authentication. To prevent DoS attacks. To provide encryption. To provide integrity verification.To provide authentication.Which characteristic of security key management is responsible for making certain that weak cryptographic keys are not used? Verification. Exchange. Generation. Revocation and destruction.Verification.Which type of cryptographic key would be used when connecting to a secure website? DES key digital signature hash keys symetric keysdigital signatureWhich data security component is provided by hashing algorithms? Authentication. Confidentiality. Integrity. Key exchange.Integrity.Which type of attack does the use of HMACs protect against? DDoS man-in-the-middle DoS brute force Whopper attacks.man-in-the-middleWhat do most cryptographic system attacks seek to target? the actual data packet key management user information personally identifiable information (pii)key managementWhat is the purpose of the DH algorithm? To support email data confidentiality. To encrypt data traffic after a VPN is established. To generate a shared secret between two hosts that have not communicated before. To provide nonrepudiation support.To generate a shared secret between two hosts that have not communicated before.Which security function is provided by encryption algorithms? confidentiality key management authorization integrityconfidentialityWhich statement describes the Software-Optimized Encryption Algorithm (SEAL)? It is an example of an asymmetric algorithm. It uses a 112-bit encryption key. SEAL is a stream cipher. It requires more CPU resources than software-based AES does. It was developed by the US Navy..SEAL is a stream cipher.What is the function of the Diffie-Hellman algorithm within the IPsec framework? Provides authentication. Guarantees message integrity. Allows peers to exchange shared keys. Provides strong data encryption.Allows peers to exchange shared keys.As data is being stored on a local hard disk, which method would secure the data from unauthorized access? Deletion of sensitive files. 2FA. Data encryption. A duplicate hard drive copyData encryption.What is an example of the transposition cipher? Vigenere. RC4 Rail fence. Caesar.Caesar.Which type of attack allows an attacker to use a brute force approach? Denial of service. Password cracking. Social engineering. Packet sniffing.Password cracking.What is the focus of cryptanalysis? Breaking encrypted codes. Developing secret codes. Implementing encrypted codes. Hiding secret codes. Using computers for archiological analysis.Breaking encrypted codes.A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration? Confidentiality. Scalbility. Integrity. Availability.Confidentiality.Which objective of secure communications is achieved by encrypting data? Integrity. Availability. Confidentiality. Authentication.Confidentiality.A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file is modified. Which aspect of secure communications is addressed by this security measure? Data confidentiality. Data integrity. Origin authentication. Nonrepudiation.Data integrity.What is cryptology? The science of making and breaking secret codes. The science of creating transposition and substitution ciphers. The science of guaranteeing that a message is not a forgery and comes from the authentic source. The science of cracking the code without access to the shared secret key.The science of making and breaking secret codes.Why would HMAC be used to help secure the data as it travels across various links? It is an asymmetric encryption algorithm used when the two communicating parties have not previously shared a secret key. It is a hashing algorithm used to guarantee that the message is not a forgery and actually comes from the authentic source. It is a hashing algorithm used to encrypt the message and guarantee that no one intercepted the message and altered it. It is a popular symmetric encryption algorithm used when each communicating party needs to know the pre-shared keyIt is a hashing algorithm used to guarantee that the message is not a forgery and actually comes from the authentic source.What is the purpose of a nonrepudiation service in secure communications? To confirm the identity of the recipient of the communications. To provide the highest encryption level possible. To ensure that the source of the communications is confirmed. To protect the reputation of the sender. To ensure that encrypted secure communications cannot be decoded.To ensure that the source of the communications is confirmed.When security is a concern, which OSI Layer is considered to be the weakest link in a network system? Layer 2 Layer 3 Layer 4 Layer 7 Layer 6Layer 2What is the only type of port that an isolated port can forward traffic to on a private VLAN? another isolated port any access port in the same PVLAN a promiscuous port a community porta promiscuous portIf two switches are configured with the same priority and the same extended system ID, what determines which switch becomes the root bridge? The Layer 2 address with the lowest hexadecimal value. The lowest IP address. The highest BID. The MAC address with the highest hexadecimal value.The Layer 2 address with the lowest hexadecimal value.What determines which switch becomes the STP root bridge for a given VLAN? The highest priority. The highest MAC address. The lowest bridge ID The lowest IP address.The lowest bridge IDWhich statement describes the behavior of a switch when the MAC address table is full? It treats frames as unknown unicast and floods all incoming frames to all ports on the switch. It treats frames as unknown unicast and floods all incoming frames to all ports within the collision domain. It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN. It treats frames as unknown unicast and floods all incoming frames to all ports across multiple switches.It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow? Disable STP. Enable port security. Disable DTP. Place unused ports in an unused VLAN.Enable Port SecurityA cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation? VLAN hopping. DHCP spoofing. MAC address table overflow Port hopping. VLAN double-tagging.MAC address table overflowWhat is the only type of traffic that is forwarded by a PVLAN protected port to other protected ports? control broadcast user managementcontrolWhat network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease? DHCP spoofing. DHCP starvation .CAM table attack. IP address spoofing.DHCP starvationA network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command? It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs. It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body. It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body. It checks the source MAC address in the Ethernet header against the MAC address table.It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.hat additional security measure must be enabled along with IP Source Guard to protect against address spoofing? port security BPDU Guard DHCP snooping root guardBPDU GuardWhat action can a network administrator take to help mitigate the threat of VLAN hopping attacks? Disable automatic trunking negotiation Configure all switch ports to be members of VLAN 1. Enable PortFast on all switch ports. Disable VTP.Disable automatic trunking negotiationIn what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? MITM DoS Address Spoofing Session Hijacking HyperjackingDoSWhich two statements describe access attacks? (Choose two.) Port rediretction attacks use a network adapter card in promiscuous mode to capture all network packets that are being sent across a LAN. To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot.Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.What name is given to an amateur hacker? Scriptie Red Hat Blue Team Script Kiddie Kid ScriptScript KiddieWhich evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials? Spinning Pivoting Traffic Substitution Protocol-level misinterpretation Duck and coverPivotingWhich two characteristics describe a worm? (Choose two.) executes when software is run on a computer infects computers by attaching software code travels to new computers without any intervention or knowledge of the user hides in a dormant state until needed by an attacker is self-replicating despite being hermaphroditic, it needs a partner to reproduceravels to new computers without any intervention or knowledge of the user is self-replicatingIn what way are zombies used in security attacks? They probe a group of machine for open ports to learn which services are running. They are malicioulsy formed code segments used to replace legitimate applications. They are infected machines that carry out a DDoS attack. They target specific individuals to gain corporate information. They target specific individuals to gain personal information.They are infected machines that carry out a DDoS attack.What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? Vishing Trojan Backdooring Phreaking Cat Phishing PhishingPhishingA user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? Social Engineering DDoS SAAS Anonymous key logging SPAMSocial EngineeringWhat is an example of a local exploit? A threat actor performs a brute force attack on an enterprise edge router to gain illegal access. A buffer overflow attack is launched against an online shopping website and causes a server crash. Port scanning is used to determine if the Telnet service is running. The threat actor is within a 5 kilometer radius of the target. A threat actor tries to gain the user password of a remote host by using a keyboard capture installed by a Trojan.A threat actor tries to gain the user password of a remote host by using a keyboard capture installed by a Trojan.Why would a rootkit be used by a hacker? to do reconnaissance to try to guess a password to gain access to a device without being detected to reverse engineer binary files to root an Android deviceto gain access to a device without being detectedWhich statement describes the term attack surface? It is the total sum of vulnerabilities in a system that is accessible to an attacker It is the total number of attacks toward an organization within a day. it is the group of hosts that expereiences the same attack. It is the interface where the attacks originate. The interface on the gateway router upon which the attack enters.It is the total sum of vulnerabilities in a system that is accessible to an attackerWhich risk management plan involves discontinuing an activity that creates a risk? Risk Mitigation Risk Avoidance Risk Reduction Risk Sharing Risk RetentionRisk Avoidance