CIST 2601 Final Complete Questions And Answers
With Complete Solutions
Refer to the exhibit. A network security specialist issues the command tcpdump to capture events. What does the
number 6337 indicate? ANS the process id of the tcpdump command. *After the tcpdump command is issued,
the device displays the message, [1] 6337. The message indicates that the process with PID 6337was sent to the
background.
How do cybercriminals make use of a malicious iFrame? ANS The iFrame allows the browser to load a web page
from another source. *An inline frame or iFrame is an HTML element that allows the browser to load a different
web page from another source.
What is a difference between symmetric and asymmetric encryption algorithms? ANS Symmetric encryption
algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.
*Asymmetric algorithms can use very long key lengths in order to avoid being hacked. This results in the use of
significantly increased resources and time compared to symmetric algorithms.
What is a network tap? ANS a passive device that forwards all traffic and physical layer errors to an analysis
device. *A network tap is used to capture traffic for monitoring the network. The tap is typically a passive splitting
device implemented inline on the network and forwards all traffic, including physical layer errors, to an analysis
device.
Refer to the exhibit. A network administrator is viewing some output on the Netflow collector. What can be
determined from the output of the traffic flow shown? ANS
ANS
This is a UDP DNS response to a client machine. *The traffic flow shown has a source port of 53 and a destination
port of 1025. Port 53 is used for DNS and because the source port is 53, this traffic is responding to a client
machine from a DNS server. The IP PROTOCOL is 17 and specifies that UDP is being used and the TCP flag is set to 0.
ANS
According to NIST, which step in the digital forensics process involves preparing and presenting information that
resulted from scrutinizing data? ANS Reporting. *NIST describes the digital forensics process as involving the
following four steps:
, ANS Collection - the identification of potential sources of forensic data and acquisition, handling, and storage
of that data
ANS Examination - assessing and extracting relevant information from the collected data. This may involve
decompression or decryption of the data
ANS Analysis - drawing conclusions from the data. Salient features, such as people, places, times, events, and
so on should be documented
ANS Reporting - preparing and presenting information that resulted from the analysis. Reporting should be
impartial and alternative explanations should be offered if appropriate
A technician notices that an application is not responding to commands and that the computer seems to respond
slowly when applications are opened. What is the best administrative tool to force the release of system resources
from the unresponsive application? ANS Task Manager. *Use the Task Manager Performance tab to see a visual
representation of CPU and RAM utilization. This is helpful in determining if more memory is needed. Use the
Applications tab to halt an application that is not responding.
Which three technologies should be included in a security information and event management system in a SOC?
(Choose three.) ANS threat intelligence, security monitoring, vulnerability tracking. *Technologies in a SOC
should include the following:Event collection, correlation, and analysis
Security monitoring ANS
Security control ANS
Log management ANS
Vulnerability assessment ANS
Vulnerability tracking ANS
Threat intelligence ANS
, Firewall appliances, VPNs, and IPS are security devices deployed in the network infrastructure. ANS
In which situation is an asymmetric key algorithm used? ANS A network administrator connects to a Cisco
router with SSH. *The SSH protocol uses an asymmetric key algorithm to authenticate users and encrypt data
transmitted. The SSH server generates a pair of public/private keys for the connections. Encrypting files before
saving them to a storage device uses a symmetric key algorithm because the same key is used to encrypt and
decrypt files. The router authentication with CHAP uses a symmetric key algorithm. The key is pre-configured by
the network administrator. A VPN may use both an asymmetric key and a symmetric encryption algorithm. For
example in an IPSec VPN implementation, the data transmission uses a shared secret (generated with an
asymmetric key algorithm) with a symmetric encryption algorithm used for performance.
Which two statements are characteristics of a virus? (Choose two.) ANS A virus typically requires end-user
activation. A virus can be dormant and then activate at a specific time or date. *The type of end user interaction
required to launch a virus is typically opening an application, opening a web page, or powering on the computer.
Once activated, a virus may infect other files located on the computer or other computers on the same network.
Which Windows Event Viewer log includes events regarding the operation of drivers, processes, and hardware?
ANS system logs. *By default Windows keeps four types of host logs:
ANS Application logs - events logged by various applications
ANS System logs - events about the operation of drivers, processes, and hardware
ANS Setup logs - information about the installation of software, including Windows updates
ANS Security logs - events related to security, such as logon attempts and operations related to file or object
management and access
What is the responsibility of the human resources department when handling a security incident? ANS Apply
disciplinary measures if an incident is caused by an employee. *The human resources department may be called
upon to perform disciplinary measures if an incident is caused by an employee.
Which two net commands are associated with network resource sharing? (Choose two.) ANS net use, net share
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Nipsey. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.