[Free] 2018(Aug) Ensurepass Cisco 600-199 Dumps with VCE and PDF 11-20

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 600-199
100% Free Download! 100% Pass Guaranteed!

Securing Cisco Networks with Threat Detection and Analysis

Question No: 11

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which DNS Query Types pertains to email?

  1. A?

  2. NS?

  3. SOA?

  4. PTR?

  5. MX?

  6. TXT?

Answer: E

Question No: 12

A server administrator tells you that the server network is potentially under attack. Which piece of information is critical to begin your network investigation?

  1. cabinet location of the servers

  2. administrator password for the servers

  3. OS that is used on the servers

  4. IP addresses/subnets used for the servers

Answer: D

Question No: 13

Which describes the best method for preserving the chain of evidence?

  1. Shut down the machine that is infected, remove the hard drive, and contact the local authorities.

  2. Back up the hard drive, use antivirus software to clean the infected machine, and contact the local authorities.

  3. Identify the infected machine, disconnect from the network, and contact the local authorities.

  4. Allow user(s) to perform any business-critical tasks while waiting for local authorities.

Answer: C

Question No: 14

Which will be provided as output when issuing the show processes cpu command on a Cisco IOS router?

  1. router configuration

  2. CPU utilization of device

  3. memory used by device processes

  4. interface processing statistics

Answer: B

Question No: 15

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which protocol is used in this network traffic flow?

  1. SNMP

  2. SSH

  3. DNS

  4. Telnet

Answer: B

Question No: 16

Which two types of data are relevant to investigating network security issues? (Choose two.)

  1. NetFlow

  2. device model numbers

  3. syslog

  4. routing tables

  5. private IP addresses

Answer: A,C

Question No: 17

In the context of a network security device like an IPS, which event would qualify as having the highest severity?

  1. remote code execution attempt

  2. brute force login attempt

  3. denial of service attack

  4. instant messenger activity

Answer: A

Question No: 18

Which event is likely to be a false positive?

  1. Internet Relay Chat signature with an alert context buffer containing #IPS_ROCS Yay

  2. a signature addressing an ActiveX vulnerability alert on a Microsoft developer network documentation page

  3. an alert for a long HTTP request with an alert context buffer containing a large HTTP GET request

  4. BitTorrent activity detected on ephemeral ports

Answer: B

Question No: 19

Given a Linux machine running only an SSH server, which chain of alarms would be most concerning?

  1. brute force login attempt from outside of the network, followed by an internal network scan

  2. root login attempt followed by brute force login attempt

  3. Microsoft RPC attack against the server

  4. multiple rapid login attempts

Answer: A

Question No: 20

If a company has a strict policy to limit potential confidential information leakage, which three alerts would be of concern? (Choose three.)

  1. P2P activity detected

  2. Skype activity detected

  3. YouTube viewing activity detected

  4. Pastebin activity detected

  5. Hulu activity detected

Answer: A,B,D

100% Ensurepass Free Download!
600-199 PDF
100% Ensurepass Free Guaranteed!
600-199 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.