Sorry...forgot the questions...
1. For which reason can HTTPS traffic make security monitoring difficult?
B. large packet headers
C. Signature detection takes longer.
D. SSL interception
2. Which actions can a promiscuous IPS take to mitigate an attack? Choose three
A. Denying Frames
B. resetting the TCP Connection
C. requesting host blocking
D. modifying packets
E. denying packets
F. requesting connection blocking
3. Which three statements about host-based IPS are true? Choose three
A. it uses signature-based policies
B. It can have more restrictive policies than network-based IPS
C. It can be deployed at the perimeter
D. It works with deployed firewalls
E. It can view encrypted files
F. It can generate alerts based on behavior at the desktop level.
4. Which statement about digitally signing a document is tru?
A.The document is hashed and then the document is encrypted with the private key.
B. The document is hashed and then the hash is encrypted with the private key.
C. The document is encrypted and then the document is hashed with the public key
D. The document is hashed and then the document is encrypted with the public key.
5. Where does routing occur within the DoD TCP/IP reference model?
6. Which two activities are examples of social engineering? (Choose two)
A. receiving call from the IT department asking you to verify your username/password to maintain the account
B. receiving an invite to your department's weekly WebEx meeting
C. sending a verbal request to an administrator to change the password to the account of a user the administrator does know
D. receiving an email from MR requesting that you visit the secure HR website and update your contract information
E. receiving an unexpected email from an unknown person with an uncharacteristic attachment from someone in the same company
7. Which two features must a next generation firewall include? (Choose two.)
A. data mining
B. host-based antivirus
C. application visibility and control
D. Security Information and Event Management
E. intrusion detection system
8. Which definition of an antivirus program is true?
A. program used to detect and remove unwanted malicious software from the system
B. program that provides real time analysis of security alerts generated by network hardware and application
C. program that scans a running application for vulnerabilities
D. rules that allow network traffic to go in and out
9. While viewing packet capture data, you notice that one IP is sending and receiving traffic for multiple devices by modifying the IP header,
Which option is making this behavior possible?
10. You must create a vulnerability management framework. Which main purpose of this framework is true?
A. Conduct vulnerability scans on the network.
B. Manage a list of reported vulnerabilities.
C. Identify remove and mitigate system vulnerabilities.
D. Detect and remove vulnerabilities in source code.
11. What is one of the advantages of the mandatory access control (MAC) model?
A. Stricter control over the information access.
B. Easy and scalable.
C. The owner can decide whom to grant access to.
12. Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two.)
A. Confirm the timing of network connections differentiated by the TCP 5-tuple
B. Audit the applications used within a social networking web site.
C. Determine the user IDs involved in an instant messaging exchange.
D. Map internal private IP addresses to dynamically translated external public IP addresses
E. Identify the malware variant carried by ^n SMTP connection