Download Securing Cisco Networks with Open Source Snort.actualtests.500-280.2019-01-11.1e.60q.vcex
Download Exam
File Info
| Exam | Securing Cisco Networks with Open Source Snort |
| Number | 500-280 |
| File Name | Securing Cisco Networks with Open Source Snort.actualtests.500-280.2019-01-11.1e.60q.vcex |
| Size | 27 Kb |
| Posted | January 11, 2019 |
| Downloads | 20 |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: EXAMFILESCOM
With discount: 20%
Demo Questions
Question 1
Which protocol operates below the network layer?
- A: UDP
- B: ICMP
- C: ARP
- D: DNS
Question 2
Which area is created between screening devices in an egress/ingress path for housing web, mail, or DNS servers?
- A: EMZ
- B: DMZ
- C: harbor
- D: inlet
Question 3
What does protocol normalization do?
- A: compares evaluated packets to normal, daily network-traffic patterns
- B: removes any protocol-induced or protocol-allowable ambiguities
- C: compares a packet to related traffic from the same session, to determine whether the packet is out of sequence
- D: removes application layer data, whether or not it carries protocol-induced anomalies, so that packet headers can be inspected more accurately for signs of abuse
Question 4
On which protocol does Snort focus to decode, process, and alert on suspicious network traffic?
- A: Apple talk
- B: TCP/IP
- C: IPX/SPX
- D: ICMP
Question 5
Which technique can an intruder use to try to evade detection by a Snort sensor?
- A: exceed the maximum number of fragments that a sensor can evaluate
- B: split the malicious payload over several fragments to mask the attack signature
- C: disable a sensor by exceeding the number of packets that it can fragment before forwarding
- D: send more packet fragments than the destination host can reassemble, to disable the host without regard to any intrusion-detection devices that might be on the network
Question 6
An IPS addresses evasion by implementing countermeasures. What is one such countermeasure?
- A: periodically reset statistical buckets to zero for memory utilization, maximization, and performance
- B: send packets to the origination host of a given communication session, to confirm or eliminate spoofing
- C: perform pattern and signature analysis against the entire packet, rather than against individual fragments
- D: automate scans of suspicious source IP addresses
Question 7
Which IPS placement option is the noisiest?
- A: inside the firewall
- B: outside the firewall
- C: inside the DMZ
- D: inside general user segments
Question 8
What is the purpose of using a span or monitor port on a switch?
- A: to aggregate traffic from multiple switch ports
- B: to tap data off network media
- C: to overcome problems that switches have in accurately reproducing desired traffic
- D: to limit the amount of traffic that passes through the switch
Question 9
Which item examines packets for malformation, anomalies, and protocol compliance and gathers and presents packets in one consistent fashion?
- A: Sniffer
- B: preprocessors
- C: detection engine
- D: output and alerting module
Question 10
Which component is one of the four primary components of Snort?
- A: ACL
- B: postprocessor
- C: iptables
- D: output and alerting
HOW TO OPEN VCEX AND EXAM FILES
Use ProfExam Simulator to open VCEX and EXAM files
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
