Download New Latest (May) Cisco 600-199 Actual Tests Topic 3, Security Events and Alarms

Ensurepass

 

Topic 3, Security Events and Alarms

 

 

QUESTION 17

In the context of a network security device like an IPS, which event would qualify as having the highest severity?

 

A.

remote code execution attempt

B.

brute force login attempt

C.

denial of service attack

D.

instant messenger activity

 

Answer: A

Explanation:

 

QUESTION 18

Which event is likely to be a false positive?

 

A.

Internet Relay Chat signature with an alert context buffer containing #IPS_ROCS Yay

B.

a signature addressing an ActiveX vulnerability alert on a Microsoft developer network documentation page

C.

an alert for a long HTTP request with an alert context buffer containing a large HTTP GET request

D.

BitTorrent activity detected on ephemeral ports

 

Answer: B

Explanation:

 

QUESTION 19

Given a Linux machine running only an SSH server, which chain of alarms would be most concerning?

 

A.

brute force login attempt from outside of the network, followed by an internal network scan

B.

root login attempt followed by brute force login attempt

C.

Microsoft RPC attack against the server

D.

multiple rapid login attempts

 

Answer: A

Explanation:

 

QUESTION 20

If a company has a strict policy to limit potential confidential information leakage, which three alerts would be of concern? (Choose three.)

 

A.

P2P activity detected

B.

Skype activity detected

C.

YouTube viewing activity detected

D.

Pastebin activity detected

E.

Hulu activity detected

 

Answer: ABD

Explanation:

 

QUESTION 21

Which event is actionable?

 

A.

SSH login failed

B.

Telnet login failed

C.

traffic flow started

D.

reverse shell detected

 

Answer: D

Explanation:

 

QUESTION 22

Which would be classified as a remote code execution attempt?

 

A.

OLE stack overflow detected

B.

null login attempt

C.

BitTorrent activity detected

D.

IE ActiveX DoS

 

Answer: A

Explanation:

 

QUESTION 23

Given the signature “SQL Table Manipulation Detected”, which site may trigger a false positive?

 

A.

a company selling discount dining-room table inserts

B.

a large computer hardware company

C.

a small networking company

D.

a biotech company

 

Answer: A

Explanation:

 

QUESTION 24

Which is considered to be anomalous activity?

 

A.

an alert context buffer containing traffic to amazon.com

B.

an alert context buffer containing SSH traffic

C.

an alert context buffer containing an FTP server SYN scanning your network

D.

an alert describing an anonymous login attempt to an FTP server

 

Answer: C

Explanation:

 

QUESTION 25

If an alert that pertains to a remote code execution attempt is seen on your network, which step is unlikely to help?

 

A.

looking for anomalous traffic

B.

looking for reconnaissance activity

C.

restoring the machine to a known good backup

D.

clearing the event store to see if future events indicate malicious activity

 

Answer: D

Explanation:

Free VCE & PDF File for Cisco 600-199 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …