312-50v8 Exam Dumps | An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence

<< Prev Question Next Question >>

Question 95/336

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file.
What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

A. Intrusion Prevention System (IPS)

B. Protocol analyzer

C. Network sniffer

D. Vulnerability scanner

Question List (336q): 2 commentQuestion 1: The following is part of a log file taken from the machine o...; Question 2: A pentester is using Metasploit to exploit an FTP server and...; Question 3: Which of the following is the BEST way to defend against net...; Question 4: Which results will be returned with the following Google sea...; Question 5: You are the Systems Administrator for a large corporate orga...; Question 6: A penetration tester is conducting a port scan on a specific...; Question 7: In 2007, this wireless security algorithm was rendered usele...; Question 8: Which of the following is an advantage of utilizing security...; Question 9: A large company intends to use Blackberry for corporate mobi...; Question 10: While performing data validation of web content, a security ...; Question 11: Which of the following examples best represents a logical or...; Question 12: An NMAP scan of a server shows port 69 is open. What risk co...; Question 13: Which of the following identifies the three modes in which S...; Question 14: A hacker is attempting to see which ports have been left ope...; Question 15: Your team has won a contract to infiltrate an organization. ...; Question 16: Which Open Web Application Security Project (OWASP) implemen...; Question 17: A Certificate Authority (CA) generates a key pair that will ...; Question 18: SOAP services use which technology to format information?...; Question 19: When utilizing technical assessment methods to assess the se...; Question 20: Which solution can be used to emulate computer services, suc...; Question 21: A network administrator discovers several unknown files in t...; Question 22: Fingerprinting VPN firewalls is possible with which of the f...; Question 23: Which command line switch would be used in NMAP to perform o...; Question 24: Which of the following is a hardware requirement that either...; Question 25: A covert channel is a channel that...; Question 26: What term describes the amount of risk that remains after th...; Question 27: This tool is an 802.11 WEP and WPA-PSK keys cracking program...; Question 28: Which cipher encrypts the plain text digit (bit or byte) one...; Question 29: Which system consists of a publicly available set of databas...; Question 30: This phase will increase the odds of success in later phases...; Question 31: Which of the following levels of algorithms does Public Key ...; Question 32: A network administrator received an administrative alert at ...; Question 33: Which of the following is a detective control?...; Question 34: A Network Administrator was recently promoted to Chief Secur...; Question 35: A company has hired a security administrator to maintain and...; Question 36: A company's Web development team has become aware of a certa...; Question 37: Which of the following is an extremely common IDS evasion te...; Question 38: Jimmy is standing outside a secure entrance to a facility. H...; Question 39: Which of the following techniques does a vulnerability scann...; Question 40: The "black box testing" methodology enforces which kind of r...; Question 41: Which tool can be used to silently copy files from USB devic...; Question 42: Which of the following security operations is used for deter...; Question 43: Which of the following is used to indicate a single-line com...; Question 44: Firewalk has just completed the second phase (the scanning p...; Question 45: The "gray box testing" methodology enforces what kind of res...; Question 46: Which of the following is the least-likely physical characte...; Question 47: How is sniffing broadly categorized?...; Question 48: How can a rootkit bypass Windows 7 operating system's kernel...; Question 49: Which security strategy requires using several, varying meth...; Question 50: One advantage of an application-level firewall is the abilit...; Question 51: It is a kind of malware (malicious software) that criminals ...; Question 52: If a tester is attempting to ping a target that exists but r...; Question 53: During a security audit of IT processes, an IS auditor found...; Question 54: Which of the following describes the characteristics of a Bo...; Question 55: Ricardo wants to send secret messages to a competitor compan...; Question 56: When you are getting information about a web server, it is v...; Question 57: Which of the following types of firewall inspects only heade...; Question 58: Which of the following network attacks relies on sending an ...; Question 59: You are using NMAP to resolve domain names into IP addresses...; Question 60: A circuit level gateway works at which of the following laye...; Question 61: An attacker gains access to a Web server's database and disp...; Question 62: Which of the following is a component of a risk assessment?...; Question 63: The use of alert thresholding in an IDS can reduce the volum...; Question 64: Which type of scan is used on the eye to measure the layer o...; Question 65: Which statement is TRUE regarding network firewalls preventi...; Question 66: International Organization for Standardization (ISO) standar...; Question 67: A new wireless client is configured to join a 802.11 network...; Question 68: Which of the following is designed to identify malicious att...; Question 69: When analyzing the IDS logs, the system administrator notice...; Question 70: What information should an IT system analysis provide to the...; Question 71: Bluetooth uses which digital modulation technique to exchang...; Question 72: While using your bank's online servicing you notice the foll...; Question 73: Which of the following is considered an acceptable option wh...; Question 74: Which of the following is one of the most effective ways to ...; Question 75: Which of the following items is unique to the N-tier archite...; Question 76: What is one thing a tester can do to ensure that the softwar...; Question 77: Which of the following statements is TRUE?...; Question 78: A certified ethical hacker (CEH) is approached by a friend w...; Question 79: The Heartbleed bug was discovered in 2014 and is widely refe...; Question 80: Which method of password cracking takes the most time and ef...; Question 81: Which type of antenna is used in wireless communication?...; Question 82: Which of the following defines the role of a root Certificat...; Question 83: During a penetration test, the tester conducts an ACK scan u...; Question 84: A hacker searches in Google for filetype:pcf to find Cisco V...; Question 85: The network administrator for a company is setting up a webs...; Question 86: Which of the following can the administrator do to verify th...; Question 87: Which of the following is a primary service of the U.S. Comp...; Question 88: Port scanning can be used as part of a technical assessment ...; Question 89: Jesse receives an email with an attachment labeled "Court_No...; Question 90: Which of the following guidelines or standards is associated...; Question 91: You work as a Security Analyst for a retail organization. In...; Question 92: Which of the following open source tools would be the best c...; Question 93: Which protocol and port number might be needed in order to s...; Question 94: You have several plain-text firewall logs that you must revi...; Question 95: An Intrusion Detection System (IDS) has alerted the network ...; Question 96: Which of the following is a protocol specifically designed f...; Question 97: Which element of Public Key Infrastructure (PKI) verifies th...; Question 98: Which of the following scanning tools is specifically design...; Question 99: It is a regulation that has a set of guidelines, which shoul...; Question 100: You have successfully gained access to your client's interna...; Question 101: After trying multiple exploits, you've gained root access to...; Question 102: One way to defeat a multi-level security solution is to leak...; Question 103: Windows file servers commonly hold sensitive files, database...; Question 104: For messages sent through an insecure channel, a properly im...; Question 105: A security engineer is attempting to map a company's interna...; Question 106: When you return to your desk after a lunch break, you notice...; Question 107: Which of the following describes the characteristics of a Bo...; Question 108: Which of the following tools would be the best choice for ac...; Question 109: The purpose of a __________ is to deny network access to loc...; Question 110: > NMAP -sn 192.168.11.200-215 The NMAP command above perf...; Question 111: Which method can provide a better return on IT security inve...; Question 112: How can rainbow tables be defeated?...; Question 113: While testing the company's web applications, a tester attem...; Question 114: An attacker has installed a RAT on a host. The attacker want...; Question 115: When you are collecting information to perform a data analys...; Question 116: John the Ripper is a technical assessment tool used to test ...; Question 117: Which type of security document is written with specific ste...; Question 118: What is the most secure way to mitigate the theft of corpora...; Question 119: A medium-sized healthcare IT business decides to implement a...; Question 120: What is the main advantage that a network-based IDS/IPS syst...; Question 121: Which technical characteristic do Ethereal/Wireshark, TCPDum...; Question 122: Which of these options is the most secure procedure for stor...; Question 123: What is the most common method to exploit the "Bash Bug" or ...; Question 124: Which of the following lists are valid data-gathering activi...; Question 125: An attacker uses a communication channel within an operating...; Question 126: Which of the following is an example of two factor authentic...; Question 127: Which of the following describes a component of Public Key I...; Question 128: When you are testing a web application, it is very useful to...; Question 129: Which of the following tools can be used for passive OS fing...; Question 130: The fundamental difference between symmetric and asymmetric ...; Question 131: You have successfully gained access to a linux server and wo...; Question 132: An NMAP scan of a server shows port 25 is open. What risk co...; Question 133: A tester has been hired to do a web application security tes...; Question 134: The Open Web Application Security Project (OWASP) is the wor...; Question 135: What is the primary drawback to using advanced encryption st...; Question 136: What technique is used to perform a Connection Stream Parame...; Question 137: To maintain compliance with regulatory requirements, a secur...; Question 138: Least privilege is a security concept that requires that a u...; Question 139: A computer technician is using a new version of a word proce...; Question 140: What is the broadcast address for the subnet 190.86.168.0/22...; Question 141: Which of the following is the greatest threat posed by backu...; Question 142: Which of the following is a low-tech way of gaining unauthor...; Question 143: Diffie-Hellman (DH) groups determine the strength of the key...; Question 144: What is the main reason the use of a stored biometric is vul...; Question 145: A company has five different subnets: 192.168.1.0, 192.168.2...; Question 146: You have compromised a server on a network and successfully ...; Question 147: What are the three types of compliance that the Open Source ...; Question 148: Which tool is used to automate SQL injections and exploit a ...; Question 149: Which of the following is an application that requires a hos...; Question 150: It is a short-range wireless communication technology intend...; Question 151: During a blackbox pen test you attempt to pass IRC traffic o...; Question 152: Which of the following algorithms provides better protection...; Question 153: Which of the following parameters describe LM Hash (see exhi...; Question 154: Which of the following tools is used to analyze the files pr...; Question 155: You have successfully compromised a machine on the network a...; Question 156: Using Windows CMD, how would an attacker list all the shares...; Question 157: An organization hires a tester to do a wireless penetration ...; Question 158: What is a "Collision attack" in cryptography?...; Question 159: Initiating an attack against targeted businesses and organiz...; Question 160: Which NMAP feature can a tester implement or adjust while sc...; Question 161: A bank stores and processes sensitive privacy information re...; Question 162: A hacker was able to sniff packets on a company's wireless n...; Question 163: Which of the following conditions must be given to allow a t...; Question 164: A hacker has successfully infected an internet-facing server...; Question 165: A security administrator notices that the log file of the co...; Question 166: You've just been hired to perform a pen test on an organizat...; Question 167: On a Linux device, which of the following commands will star...; Question 168: A recently hired network security associate at a local bank ...; Question 169: env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd' What ...; Question 170: Nation-state threat actors often discover vulnerabilities an...; Question 171: The chance of a hard drive failure is once every three years...; Question 172: The security concept of "separation of duties" is most simil...; Question 173: While performing online banking using a Web browser, a user ...; Question 174: Which of the following is a strong post designed to stop a c...; Question 175: To send a PGP encrypted message, which piece of information ...; Question 176: Which type of access control is used on a router or firewall...; Question 177: What are the three types of authentication?...; Question 178: What is the best description of SQL Injection?...; Question 179: What is the correct PCAP filter to capture all TCP traffic g...; Question 180: If the final set of security controls does not eliminate all...; Question 181: Which of the following business challenges could be solved b...; Question 182: A security analyst in an insurance company is assigned to te...; Question 183: Which of the following is an example of an asymmetric encryp...; Question 184: Which property ensures that a hash function will not produce...; Question 185: Which of the following settings enables Nessus to detect whe...; Question 186: Which of the following network attacks takes advantage of we...; Question 187: A computer science student needs to fill some information in...; Question 188: What is the main difference between a "Normal" SQL Injection...; Question 189: What statement is true regarding LM hashes?...; Question 190: How does an operating system protect the passwords used for ...; Question 191: You are performing information gathering for an important pe...; Question 192: Which of the following is a component of a risk assessment?...; Question 193: Which of the following resources does NMAP need to be used a...; Question 194: The configuration allows a wired or wireless network interfa...; Question 195: Which United States legislation mandates that the Chief Exec...; Question 196: To determine if a software program properly handles a wide r...; Question 197: This asymmetry cipher is based on factoring the product of t...; Question 198: What results will the following command yield: 'NMAP -sS -O ...; Question 199: What is the process of logging, recording, and resolving eve...; Question 200: The "white box testing" methodology enforces what kind of re...; Question 201: What is the main disadvantage of the scripting languages as ...; Question 202: Perspective clients want to see sample reports from previous...; Question 203: Which of the following is the successor of SSL?...; Question 204: Which statement best describes a server type under an N-tier...; Question 205: An attacker has captured a target file that is encrypted wit...; Question 206: A hacker is attempting to use nslookup to query Domain Name ...; Question 207: Which of the following techniques will identify if computer ...; Question 208: A penetration tester is hired to do a risk assessment of a c...; Question 209: A developer for a company is tasked with creating a program ...; Question 210: Which of the following problems can be solved by using Wires...; Question 211: Which of the following is assured by the use of a hash?...; Question 212: Which of the following does proper basic configuration of sn...; Question 213: Which of the following is the structure designed to verify a...; Question 214: A certified ethical hacker (CEH) completed a penetration tes...; Question 215: PGP, SSL, and IKE are all examples of which type of cryptogr...; Question 216: This international organization regulates billions of transa...; Question 217: When comparing the testing methodologies of Open Web Applica...; Question 218: An incident investigator asks to receive a copy of the event...; Question 219: How can telnet be used to fingerprint a web server?...; Question 220: How does the Address Resolution Protocol (ARP) work?...; Question 221: An attacker changes the profile information of a particular ...; Question 222: An Internet Service Provider (ISP) has a need to authenticat...; Question 223: Which of the following parameters enables NMAP's operating s...; Question 224: A hacker, who posed as a heating and air conditioning specia...; Question 225: Which NMAP command combination would let a tester scan every...; Question 226: A consultant is hired to do physical penetration testing at ...; Question 227: A security consultant decides to use multiple layers of anti...; Question 228: The Open Web Application Security Project (OWASP) testing me...; Question 229: A consultant has been hired by the V.P. of a large financial...; Question 230: You have compromised a server and successfully gained a root...; Question 231: A security analyst is performing an audit on the network to ...; Question 232: You are performing a penetration test. You achieved access v...; Question 233: Company A and Company B have just merged and each has its ow...; Question 234: You are tasked to perform a penetration test. While you are ...; Question 235: A company's security policy states that all Web browsers mus...; Question 236: Pentest results indicate that voice over IP traffic is trave...; Question 237: A person approaches a network administrator and wants advice...; Question 238: The following is a sample of output from a penetration teste...; Question 239: When does the Payment Card Industry Data Security Standard (...; Question 240: You are a Network Security Officer. You have two machines. T...; Question 241: Which of the following is considered the best way to protect...; Question 242: Which of the following ensures that updates to policies, pro...; Question 243: What is the benefit of performing an unannounced Penetration...; Question 244: Which of the following processes of PKI (Public Key Infrastr...; Question 245: A company firewall engineer has configured a new DMZ to allo...; Question 246: Which of the following tools performs comprehensive tests ag...; Question 247: You just set up a security system in your network. In what k...; Question 248: A security policy will be more accepted by employees if it i...; Question 249: Some passwords are stored using specialized encryption algor...; Question 250: A company is using Windows Server 2003 for its Active Direct...; Question 251: Which of the following tools is used to detect wireless LANs...; Question 252: Which of the following processes evaluates the adherence of ...; Question 253: An attacker sniffs encrypted traffic from the network and is...; Question 254: A regional bank hires your company to perform a security ass...; Question 255: What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43...; Question 256: You've gained physical access to a Windows 2008 R2 server wh...; Question 257: A security engineer has been asked to deploy a secure remote...; Question 258: Which of the following is a characteristic of Public Key Inf...; Question 259: During a wireless penetration test, a tester detects an acce...; Question 260: As a Certified Ethical Hacker, you were contracted by a priv...; Question 261: In Risk Management, how is the term "likelihood" related to ...; Question 262: In the software security development life cyle process, thre...; Question 263: Under the "Post-attack Phase and Activities", it is the resp...; Question 264: Which tool allows analysts and pen testers to examine links ...; Question 265: Your company was hired by a small healthcare provider to per...; Question 266: After gaining access to the password hashes used to protect ...; Question 267: Which of the following is a client-server tool utilized to e...; Question 268: In order to show improvement of security over time, what mus...; Question 269: When setting up a wireless network, an administrator enters ...; Question 270: Which tool would be used to collect wireless packet data?...; Question 271: During a penetration test, a tester finds that the web appli...; Question 272: You have successfully comprised a server having an IP addres...; Question 273: A penetration tester is conducting a port scan on a specific...; Question 274: Which command lets a tester enumerate alive systems in a cla...; Question 275: When using Wireshark to acquire packet capture on a network,...; Question 276: The precaution of prohibiting employees from bringing person...; Question 277: It is an entity or event with the potential to adversely imp...; Question 278: You are logged in as a local admin on a Windows 7 system and...; Question 279: Which of the following statements regarding ethical hacking ...; Question 280: Which initial procedure should an ethical hacker perform aft...; Question 281: Which of the following cryptography attack methods is usuall...; Question 282: During a penetration test, a tester finds a target that is r...; Question 283: How can a policy help improve an employee's security awarene...; Question 284: A company has publicly hosted web applications and an intern...; Question 285: An ethical hacker for a large security research firm perform...; Question 286: What does a firewall check to prevent particular ports and a...; Question 287: Which regulation defines security and privacy controls for F...; Question 288: To reduce the attack surface of a system, administrators sho...; Question 289: Which of the following is a hashing algorithm?...; Question 290: A common cryptographical tool is the use of XOR. XOR the fol...; Question 291: If an e-commerce site was put into a live environment and th...; Question 292: The use of technologies like IPSec can help guarantee the fo...; Question 293: From the two screenshots below, which of the following is oc...; Question 294: Which of the following programming languages is most vulnera...; Question 295: A botnet can be managed through which of the following?...; Question 296: A network security administrator is worried about potential ...; Question 297: A newly discovered flaw in a software application would be c...; Question 298: Which of the following is a design pattern based on distinct...; Question 299: An IT security engineer notices that the company's web serve...; Question 300: Advanced encryption standard is an algorithm used for which ...; Question 301: Which of the following is not a Bluetooth attack?...; Question 302: What type of OS fingerprinting technique sends specially cra...; 1 commentQuestion 303: Session splicing is an IDS evasion technique in which an att...; Question 304: During a recent security assessment, you discover the organi...; Question 305: Smart cards use which protocol to transfer the certificate i...; Question 306: Which of the following is optimized for confidential communi...; Question 307: While checking the settings on the internet browser, a techn...; Question 308: A tester has been using the msadc.pl attack script to execut...; Question 309: A pentester gains access to a Windows application server and...; Question 310: Which of the following is a command line packet analyzer sim...; Question 311: Which vital role does the U.S. Computer Security Incident Re...; Question 312: It is a vulnerability in GNU's bash shell, discovered in Sep...; Question 313: The intrusion detection system at a software development com...; Question 314: An engineer is learning to write exploits in C++ and is usin...; Question 315: What is the name of the international standard that establis...; Question 316: In the OSI model, where does PPTP encryption take place?...; Question 317: Risks = Threats x Vulnerabilities is referred to as the:...; Question 318: A penetration tester was hired to perform a penetration test...; Question 319: What is the best defense against privilege escalation vulner...; Question 320: Which of the following is a preventive control?...; Question 321: Which of the following can take an arbitrary length of input...; Question 322: Which of the following programs is usually targeted at Micro...; Question 323: Which set of access control solutions implements two-factor ...; Question 324: Passive reconnaissance involves collecting information throu...; Question 325: An attacker has been successfully modifying the purchase pri...; Question 326: Employees in a company are no longer able to access Internet...; Question 327: Which of the following viruses tries to hide from anti-virus...; Question 328: A security consultant is trying to bid on a large contract t...; Question 329: ICMP ping and ping sweeps are used to check for active syste...; Question 330: A penetration tester is attempting to scan an internal corpo...; Question 331: A Security Engineer at a medium-sized accounting firm has be...; Question 332: WPA2 uses AES for wireless data encryption at which of the f...; Question 333: Which of the following is a common Service Oriented Architec...; Question 334: Which type of scan measures a person's external features thr...; Question 335: The network administrator contacts you and tells you that sh...; Question 336: When creating a security program, which approach would be us...

Question 95/336

LEAVE A REPLY

Download PDF File