|
Question 1.
You have just attempted to perform DNS poisoning on the local network DNS server and did not succeed; you decide to launch an attack against routing tables instead.
Which of the following would NOT be an effective way of attempting to manipulate the routing table on the local network or through its gateway?
A. By using a source route attack
B. By using ICMP redirect messages
C. By adverstising bogus OSDF routes
D. By advertising bogus RIP routes
Answer: C
Question 2.
Why is it so challenging to block packets from Remote Access Troans that use port 80 for network communications? Choose three.
A. To a firewall, the traffic appears simply to be from an internal user making an innocuous HTTP
GET request.
B. Port 80 outbound is normally open on corporate firewalls
C. Stateful inspection firewalls will block unsolicited inbound HTTP GET requests
D. Not all firewalls are capable of inspecting data in the HTTP data fields for evidence of tunneling
Answer: A, B, D
Question 3.
Which of the following statements would best describe the act of signing a message with a Digital Signature?
A. The sender creates a hash value of the message he wishes to send
He uses his private key to encrypt the hash value.
The message and the encrypted hash value are sent to the receiver.
B. The sender creates a hash value of the message he wishes to send.
He uses his public key to encrypt the hash value.
The message and the encrypted has value are sent to the receiver.
C. The sender creates a hash value of the message he wihes to send.
The message and the hash value are sent to the receiver.
D. The sender uses his public key to create a digital signature.
The digital signature is sent along with the text message.
The receiver will use the sender private key to validate the signature.
Answer: A
Question 4.
One of the last steps taken by an attacker will be to configure permanent access to a compromised system. However, the installation of a backdoor, installation of new processes, and changes to key files could be very quickly detected by an administrator.
What tool would assist the attacker in preventing the administrator from detecting changes to files, new processes that are running, or other signs that the system might have been compromised?
A. A Trojan horse
B. A Rootkit
C. A Backdoor
D. A privilege escalation tool
Answer: B
Question 5.
Which of the following tools can detect hidden Alternative Data Streams on an NTFS file or folder? Choose all that apply.
A. Lns.exe
B. Lads.exe
C. FileAlyzer
D. ADSCheker
Answer: A, B, C
Question 6.
In order to idnetify a unique record within a database what would you use?
A. A foreign key
B. A primary key
C. A view
D. A unique key
Answer: B
Question 7.
Why is it important to the security of a network to create a complex password for the SA account on a MSSQL server installation?
A. The SA account is a pseudo-account and does not have any privileges.
B. The SA account can add/delete or change Domain User accounts.
C. The SA account can have privileges of the local administrators group on the host OS.
D. The SA account is the most powerful account on the domain controller.
Answer: C
Question 8.
Bryce, who is a great security professional with a perfect track record, has just been called into his supervisor's office. His supervisor has the sad task of letting him know that hes the next position being cut in their downsizing effort. Bryce has been known to be a mellow type of person but the version of being unemployed after working for 25 years at the same company is just a bit too much for him.
He cannot understand why newer employees with only a few years of experience have not been fired before him and why he is the one that must leave. Bryce tells himself that is employer is going to pay dearly for this and has planning to use his skills to cause disruption within the company infrastructure.
Which of the following term would best describe the reaction of Bryce?
A. Cracker
B. Disgruntled Employee
C. Ethical Hacker
D. Revenge Master
Answer: B
Question 9.
Using Netcat what would be the syntax to setup a listening back door from a compromised Windows Server that will spawn a shell when connecting to the remote server on port 777?
A. nc |p 777 e cmd.exe
B. nc sh p 777 e cmd.exe
C. nc |p 777 sh cmd.exe
D. nc |p 777 exec cmd.exe
Answer: A
Question 10.
Duane is a clever attacker, he has penetrated a system and wishes to hide some files within other files on the file system.
Which of the following could be used by Duane to attempt hiding files within the file system?
A. Attrib
B. HideNSeek
C. Chgrp
D. Alternate Data Stream
Answer: D
|
Question 1. DRAG DROP
Drop
Answer:
Question 2.
Which of the following configurations requires the use of hierarchical policy maps?
A. the use of nested class-maps with class-based marking
B. the use of a strict priority-class queue within CBWFQ
C. the use of class-based WRED within a CBWFQ class queue
D. the use of CBWFQ inside class-based shaping
E. the use of both the bandwidth and shape statements within a CBWFQ class queue
Answer: D
Explanation:
Class-based weighted fair queuing (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. By using CBWFQ, network managers can define traffic classes based on several match criteria, including protocols, access control lists (ACLs), and input interfaces. A FIFO queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class. More than one IP flow, or "conversation", can belong to a class. Once a class has been defined according to its match criteria, the characteristics can be assigned to the class. To characterize a class, assign the bandwidth and maximum packet limit. The bandwidth assigned to a class is the guaranteed bandwidth given to the class during congestion. CBWFQ assigns a weight to each configured class instead of each flow. This weight is proportional to the bandwidth configured for each class. Weight is equal to the interface bandwidth divided by the class bandwidth. Therefore, a class with a higher bandwidth value will have a lower weight.
By default, the total amount of bandwidth allocated for all classes must not exceed 75 percent of the available bandwidth on the interface. The other 25 percent is used for control and routing traffic. The queue limit must also be specified for the class. The specification is the maximum number of packets allowed to accumulate in the queue for the class. Packets belonging to a class are subject to the bandwidth and queue limits that are configured for the class.
Question 3.
In a managed CE scenario, the customer's network is supporting VoIP and bulk file transfers.
According to the best practices, which QoS mechanisms should be applied on the WAN edge CEPE 56-kbps Frame Relay link on the CE outbound direction?
A. LLQ, CB-WRED, CB-Marking, FRTS, FRF.12, and CB-RTP header compression
B. CBWFQ, FRTS, FRF.12, and CB-RTP header compression
C. WRR, CB-WRED, CB-Marking, FRF.12, and CB-RTP header compression
D. WRR, FRTS, FRF.12, and CB-RTP header compression
E. LLQ, CB-WRED, CB-Policing, and CB-TCP and CB-RTP header compressions
F. CBWFQ, CB-WRED, CB-Marking, CB-Policing, and FRTS
Answer: A
Explanation:
1. WRED can be combined with CBWFQ. In this combination CBWFQ provides a guaranteed percentage of the output bandwidth, WRED ensures that TCP traffic is not sent faster than CBWFQ can forward it.
The abbreviated configuration below shows how WRED can be added to a policy-map specifying CBWFQ:
Router(config)# policy-map prioritybw Router(config-pmap)# class class-default fair-queue
Router(config-pmap-c)# class prioritytraffic bandwidth percent 40 random-detect
The random-detect parameter specifies that WRED will be used rather than the default tail-drop action.
2. The LLQ feature brings strict Priority Queuing (PQ) to CBWFQ. Strict PQ allows delay-sensitive data such as voice to be sent before packets in other queues are sent. Without LLQ, CBWFQ provides WFQ based on defined classes with no strict priority queue available for real-time traffic. For CBWFQ, the weight for a packet belonging to a specific class is derived from the bandwidth assigned to the class. Therefore, the bandwidth assigned to the packets of a class determines the order in which packets are sent. All packets are serviced fairly based on weight and no class of packets may be granted strict priority. This scheme poses problems for voice traffic that is largely intolerant of delay, especially variation in delay. For voice traffic, variations in delay introduce irregularities of transmission manifesting as jitter in the heard conversation. LLQ provides strict priority queuing for CBWFQ, reducing jitter in voice conversations.
LLQ enables the use of a single, strict priority queue within CBWFQ at the class level. Any class can be made a priority queue by adding the priority keyword. Within a policy map, one or more classes can be given priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is sent to the same, single, strict priority queue.
Although it is possible to queue various types of real-time traffic to the strict priority queue, it is strongly recommend that only voice traffic be sent to it because voice traffic is well-behaved, whereas other types of real-time traffic are not. Moreover, voice traffic requires that delay be nonvariable in order to avoid jitter. Real-time traffic such as video could introduce variation in delay, thereby thwarting the steadiness of delay required for successful voice traffic transmission.
When the priority command is specified for a class, it takes a bandwidth argument that gives maximum bandwidth in kbps. This parameter specifies the maximum amount of bandwidth allocated for packets belonging to the class configured. The bandwidth parameter both guarantees bandwidth to the priority class and restrains the flow of packets from the priority class. In the event of congestion, policing is used to drop packets when the bandwidth is exceeded. Voice traffic queued to the priority queue is UDP-based and therefore not adaptive to the early packet drop characteristic of WRED. Because WRED is ineffective, the WRED random-detect command cannot be used with the priority command. In addition, because policing is used to drop packets and a queue limit is not imposed, the queue-limit command cannot be used with the priority command.
Question 4.
Refer to the partial router configuration. Which two of the following statements are true? (Choose two.)
A. Regardless of destination IP address, all traffic sent to Mac address 1.2.3 will be subject to
policing
B. All traffic from a server with the IP address of 147.23.54.21 will be subject to policing.
C. Any IP packet will be subject to policing.
D. The class-map class1 command will set the qos-group value to 4 for all IP packets.
E. Only those packets which satisfy all of the matches in class1 and class2 will be subject to
policing.
F. The configuration is invalid since it refers to a class map within a different class.
Answer: A, B
Explanation:
The class-map command is used to define a traffic class. The purpose of a traffic class is to classify traffic that should be given a particular QoS. A traffic class contains three major elements, a name, a series of match commands, and if more than one match command exists in the traffic class, an instruction on how to evaluate these match commands. The traffic class is named in the class-map command line. For example, if the class-map cisco command is entered while configuring the traffic class in the CLI, the traffic class would be named cisco.
Switch(config)# class-map cisco Switch(config-cmap)#
match commands are used to specify various criteria for classifying packets. Packets are checked to determine whether they match the criteria specified in the match commands. If a packet matches the specified criteria, that packet is considered a member of the class and is forwarded according to the QoS specifications set in the traffic policy. Packets that fail to meet any of the matching criteria are classified as members of the default traffic class and will be subject to a separate traffic policy
The policy-map command is used to create a traffic policy. The purpose of a traffic policy is to configure the QoS features that should be associated with the traffic that has been classified in a user-specified traffic class. A traffic policy contains three elements: Policy Name Traffic class specified with the class command QoS policies to be applied to each class The policy-map shown below creates a traffic policy named policy1. The policy applies to all traffic classified by the previously defined traffic-class "cisco" and specifies that traffic in this example should be allocated bandwidth of 3000 kbps. Any traffic which does not belong to the class "cisco" forms part of the catch-all class-default class and will be given a default bandwidth of 2000 kbps. Switch(config)# policy-map policy1 Switch(config-pmap)# class cisco Switch(config-pmap-c)#
bandwidth 3000 Switch(config-pmap-c)# exit Switch(config-pmap)# class class-default
Switch(config-pmap-c)# bandwidth 2000 Switch(config-pmap)# exit
Question 5.
In an unmanaged CE router implementation, how does the service provider enforce the SLA?
A. by marking on the CE to PE link and using CBWFQ and CB-WRED on the PE to P link
B. by marking on the CE to PE link and using class-based policing on the PE to P link
C. by using class-based policing on the CE to PE link to limit the customer's input rate
D. by using class-based random discard on the CE to PE link to limit the customer's input rate
Answer: C
Explanation:
In an unmanaged Router Implementation, Service provider can enforce SLA By using class based policy on the CE to PE link to limit the customer's input rate.
Question 6.
When configuring a Cisco Catalyst switch to accommodate an IP phone with an attached PC, it is desired that the trust boundary be set between the IP phone and the switch.
Which two commands on the switch are recommended to set the trust boundary as described? (Choose two.)
A. mls qos trust device cisco-phone
B. switchport priority extend trust
C. mls qos trust cos
D. no mls qos trust dscp
E. mls qos trust extend [cos value]
F. mls qos cos 5
Answer: A, C
Explanation:
mls qos trust [ cos ] :
B y default, the port is not trusted. All traffic is sent through one egress queue. Use the cos keyword to classify ingress packets with the packet CoS values. The egress queue assigned to the packet is based on the packet CoS value. When this keyword is entered, the traffic is sent through the four QoS queues. Normally, the QoS information from a PC connected to an IP Phone should not be trusted. This is because the PC's applications might try to spoof CoS or Differentiated Services Code Point (DSCP) settings to gain premium network service. In this case, use the cos keyword so that the CoS bits are overwritten to value by the IP Phone as packets are forwarded to the switch. If CoS values from the PC cannot be trusted, they should be overwritten to a value of 0.
Question 7.
According to the best practices, in a service provider network, which statement is true as related to the QoS policy that should be implemented on the inbound provider (P) to provider (P) router link?
A. In the DiffServ model, all ingress and egress QoS processing are done at the network edge
(for example, PE router), so no input or output QoS policy will be needed on the P to P link.
B. Class-based marking should be implemented because it will be needed for the class-based
queuing that will be used on the P router output.
C. Traffic policing should be implemented to rate-limit the ingress traffic into the P router.
D. Because traffic should have already been policed and marked on the upstream ingress PE
router, no input QoS policy is needed on the P to P link.
Answer: D
Question 8.
DRAG DROP
Drop
Answer:
Question 9. HOTSPOT
HOTSPOT
Answer:
Explanation:
Question 10.
A Frame Relay interface has been configured for adaptive shaping with a minimum rate of 15 kbps. The current maximum transmit rate is 56 kbps. If three FECNs are received over the next 4 seconds, what will be the maximum transmit rate after the last FECN has been received?
A. 10 kbps
B. 37 kbps
C. 7 kbps
D. 15 kbps
E. 28 kbps
F. 56 kbps
Answer: F
Explanation:
User specified traffic shaping can be performed on a Frame Relay interface or sub-interface with the traffic-shape rate command. The traffic-shape adaptive command can be specified to allow the shape of the traffic to dynamically adjust to congestion experienced by the Frame-Relay provider. This is achieved through the reception of Backward Explicit Congestion Notifications (BECN) from the Frame Relay switch. When a Frame Relay switch becomes congested it sends BECNs in the direction the traffic is coming from and it generates Forward Explicit Congestion Notifications (FECN) in the direction the traffic is flowing to. If the traffic-shape fecn-adapt command is configured at both ends of the link, the far end will reflect FECNs as BECNs. BECNs notify the sender to decrease the transmission rate. If the traffic is one-way only, such as multicast traffic, there is no reverse traffic with BECNs to notify the sender to slow down. Therefore, when a DTE device receives a FECN, it first determines if it is sending any data in return. If it is sending return data, this data will get marked with a BECN on its way to the other DTE device. However, if the DTE device is not sending any data, the DTE device can send a Q.922 TEST RESPONSE message with the BECN bit set.
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.