Question 61
An engineer receives a security alert that traffic with a known TOR exit node has occurred on the network.
Question 62
What is an example of social engineering attacks?
A. receiving an unexpected email from an unknown person with an attachment from someone in the same company
B. receiving an email from human resources requesting a visit to their secure website to update contact information
C. sending a verbal request to an administrator who knows how to change an account password
D. receiving an invitation to the department's weekly WebEx meeting
Question 63
Refer to the exhibit. What is occurring in this network?
A. ARP cache poisoning
B. DNS cache poisoning
C. MAC address table overflow
D. MAC flooding attack
Question 64
Which data format is the most efficient to build a baseline of traffic seen over an extended period of time?
A. syslog messages
B. full packet capture
C. NetFlow
D. firewall event logs
Question 65
Which action prevents buffer overflow attacks?
A. variable randomization
B. using web based applications
C. input validation
D. using a Linux operating system
Question 66
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?
A. known-plaintext
B. replay
C. dictionary
D. man-in-the-middle
Question 67
Refer to the exhibit. What should be interpreted from this packet capture?
A. 81.179.179.69 is sending a packet from port 80 to port 50272 of IP address 192.168.122.100 using UDP protocol.
B. 192.168.122.100 is sending a packet from port 50272 to port 80 of IP address 81.179.179.69 using TCP protocol.
C. 192.168.122.100 is sending a packet from port 80 to port 50272 of IP address 81.179.179.69 using UDP protocol.
D. 81.179.179.69 is sending a packet from port 50272 to port 80 of IP address 192.168.122.100 using TCP protocol.
Question 68
What are the two characteristics of the full packet captures? (Choose two.)
A. Identifying network loops and collision domains.
B. Troubleshooting the cause of security and performance issues.
C. Reassembling fragmented traffic from raw data.
D. Detecting common hardware faults and identify faulty assets.
E. Providing a historical record of a network transaction.
Question 69
Refer to the exhibit. An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
A. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
B. The file has an embedded non-Windows executable but no suspicious features are identified.
C. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
D. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
Question 70
DRAG DROP - Drag and drop the technology on the left onto the data type the technology provides on the right. Select and Place:
