Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Cisco Official New Released 200-120
100% Free Download! 100% Pass Guaranteed!
Securing Cisco Networks with Open Source Snort
Question No: 1
Which protocol operates below the network layer?
-
UDP
-
ICMP
-
ARP
-
DNS
Answer: C
Question No: 2
Which area is created between screening devices in an egress/ingress path for housing web, mail, or DNS servers?
-
EMZ
-
DMZ
-
harbor
-
inlet
Answer: B
Question No: 3
What does protocol normalization do?
-
compares evaluated packets to normal, daily network-traffic patterns
-
removes any protocol-induced or protocol-allowable ambiguities
-
compares a packet to related traffic from the same session, to determine whether the packet is out of sequence
-
removes application layer data, whether or not it carries protocol-induced anomalies, so that packet headers can be inspected more accurately for signs of abuse
Answer: B
Question No: 4
On which protocol does Snort focus to decode, process, and alert on suspicious network traffic?
-
Apple talk
-
TCP/IP
-
IPX/SPX
-
ICMP
Answer: B
Question No: 5
Which technique can an intruder use to try to evade detection by a Snort sensor?
-
exceed the maximum number of fragments that a sensor can evaluate
-
split the malicious payload over several fragments to mask the attack signature
-
disable a sensor by exceeding the number of packets that it can fragment before forwarding
-
send more packet fragments than the destination host can reassemble, to disable the host without regard to any intrusion-detection devices that might be on the network
Answer: B
Question No: 6
An IPS addresses evasion by implementing countermeasures. What is one such countermeasure?
-
periodically reset statistical buckets to zero for memory utilization, maximization, and performance
-
send packets to the origination host of a given communication session, to confirm or eliminate spoofing
-
perform pattern and signature analysis against the entire packet, rather than against individual fragments
-
automate scans of suspicious source IP addresses
Answer: C
Question No: 7
Which IPS placement option is the noisiest?
-
inside the firewall
-
outside the firewall
-
inside the DMZ
-
inside general user segments
Answer: B
Question No: 8
What is the purpose of using a span or monitor port on a switch?
-
to aggregate traffic from multiple switch ports
-
to tap data off network media
-
to overcome problems that switches have in accurately reproducing desired traffic
-
to limit the amount of traffic that passes through the switch
Answer: A
Question No: 9
Which item examines packets for malformation, anomalies, and protocol compliance and gathers and presents packets in one consistent fashion?
-
Sniffer
-
preprocessors
-
detection engine
-
output and alerting module
Answer: B
Question No: 10
Which component is one of the four primary components of Snort?
-
ACL
-
postprocessor
-
iptables
-
output and alerting
Answer: D
100% Dumps4cert Free Download!
–200-120 PDF
100% Dumps4cert Pass Guaranteed!
–200-120 Dumps
| Dumps4cert | ExamCollection | Testking | |
|---|---|---|---|
| Lowest Price Guarantee | Yes | No | No |
| Up-to-Dated | Yes | No | No |
| Real Questions | Yes | No | No |
| Explanation | Yes | No | No |
| PDF VCE | Yes | No | No |
| Free VCE Simulator | Yes | No | No |
| Instant Download | Yes | No | No |