Issuu on Google+

100% Real Questions & Correct Answers from Lead2pass

Vendor: Cisco Exam Code: 600-199 Exam Name: Securing Cisco Networks with Threat Detection and Analysis Question 26—Question 50 Click to Download All 60 Q&As From Lead2pass QUESTION 26 In a network security policy, which procedure should be documented ahead of time to speed the communication of a network attack? A. restoration plans for compromised systems B. credentials for packet capture devices C. Internet service provider contact information D. risk analysis tool credentials E. a method of communication and who to contact Answer: E

QUESTION 27 Which data is the most useful to determine if a network attack was occurring from inbound Internet traffic? A. syslogs from all core switches B. NetfFow data from border firewall(s) C. VPN connection logs D. DNS request logs 600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

E. Apache server logs Answer: B

QUESTION 28 Which step should be taken first when a server on a network is compromised? A. Refer to the company security policy. B. Email all server administrators. C. Determine which server has been compromised. D. Find the serial number of the server. Answer: A

QUESTION 29 After an attack has occurred, which two options should be collected to help remediate the problem? (Choose two.) A. packet captures B. NAT translation table C. syslogs from affected devices D. connection table information E. NetFlow data Answer: CE

QUESTION 30 Which source should be used to recommend preventative measures against security vulnerabilities regardless of operating system or platform? A. Microsoft security bulletins B. Cisco PSIRT notices C. Common Vulnerabilities and Exposure website D. Mozilla Foundation security advisories E. zero-day attack wiki 600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

Answer: C

QUESTION 31 Which data from previous network attacks should be used to recommend architectural changes based on potential future impact? A. SNMP statistics B. known vulnerabilities C. security audit reports D. IPS signature logs E. STP topology changes Answer: A

QUESTION 32 Which three post-mortem steps are critical to help prevent a network attack from reoccurring? (Choose three.) A. Document the incident in a report. B. Collect "show" outputs after the attack. C. Involve law enforcement officials. D. Create a "lessons learned" collection. E. Update the security rules for edge devices. F. Revise the network security policy. Answer: ADF

QUESTION 33 Refer to the exhibit. Which two personal administrators should be involved to investigate further? (Choose two.)

600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

A. email administrator B. IPS administrator C. DNS administrator D. desktop administrator E. security administrator Answer: CD

QUESTION 34 Which network management protocol relies on multiple connections between a managed device and the management station where such connections can be independently initiated by either side? A. SSH B. SNMP C. Telnet D. NetFlow Answer: B

600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

QUESTION 35 When an IDS generates an alert for a correctly detected network attack, what is this event called? A. false positive B. true negative C. true positive D. false negative Answer: C

QUESTION 36 When is it recommended to establish a traffic profile baseline for your network? A. outside of normal production hours B. during a DDoS attack C. during normal production hours D. during monthly file server backup Answer: C

QUESTION 37 Which two activities would you typically be expected to perform as a Network Security Analyst? (Choose two.) A. Verify user login credentials. B. Troubleshoot firewall performance. C. Monitor database applications. D. Create security policies on routers. Answer: BD

QUESTION 38 Which protocol is typically considered critical for LAN operation? A. BGP 600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

B. ARP C. SMTP D. GRE Answer: B

QUESTION 39 Which two measures would you recommend to reduce the likelihood of a successfully executed network attack from the Internet? (Choose two.) A. Completely disconnect the network from the Internet. B. Deploy a stateful edge firewall. C. Buy an insurance policy against attack-related business losses. D. Implement a password management policy for remote users. Answer: BD

QUESTION 40 Which attack exploits incorrect boundary checking in network software? A. Slowloris B. buffer overflow C. man-in-the-middle D. Smurf Answer: B

QUESTION 41 Where should you report suspected security vulnerability in Cisco router software? A. Cisco TAC B. Cisco IOS Engineering C. Cisco PSIRT D. Cisco SIO

600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

Answer: C

QUESTION 42 When investigating potential network security issues, which two pieces of useful information would be found in a syslog message? (Choose two.) A. product serial number B. MAC address C. IP address D. product model number E. broadcast address Answer: BC

QUESTION 43 Which command would provide you with interface status information on a Cisco IOS router? A. show status interface B. show running-config C. show ip interface brief D. show interface snmp Answer: C

QUESTION 44 Refer to the exhibit. Which DNS Query Types pertains to email?

600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

A. A? B. NS? C. SOA? D. PTR? E. MX? F. TXT? Answer: E

QUESTION 45 A server administrator tells you that the server network is potentially under attack. Which piece of information is critical to begin your network investigation? A. cabinet location of the servers B. administrator password for the servers C. OS that is used on the servers D. IP addresses/subnets used for the servers Answer: D

QUESTION 46 Refer to the exhibit. In the packet captured from tcpdump, which fields match up with the lettered parameters?

A. A.Source and destination IP addresses, B.Source and destination Ethernet addresses, C.Source and destination TCP port numbers, D.TCP acknowledgement number, E.IP options 600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

B. A.Source and destination Ethernet addresses, B.Source and destination IP addresses, C.Source and destination TCP port numbers, D.TCP sequence number, E.TCP options C. A.Source and destination Ethernet addresses, B.Source and destination IP addresses, C.Source and destination TCP port numbers, D.TCP acknowledgement number, E.IP options D. A.Source and destination Ethernet addresses, B.Source and destination IP addresses, C.Source and destination TCP port numbers, D.TCP sequence number, E.IP options Answer: B

QUESTION 47 For TCP and UDP, what is the correct range of well-known port numbers? A. 0 - 1023 B. 1 - 1024 C. 1 - 65535 D. 0 - 65535 E. 024 - 65535 Answer: A

QUESTION 48 Which three symptoms are best used to detect a TCP SYN flood attack? (Choose three.) A. high memory utilization on target server B. large number of sockets in SYN_RECV state on target server C. network monitoring devices report large number of unACKed SYNs sent to target server D. target server crashes repeatedly E. user experience with target server is slow or unresponsive 600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


100% Real Questions & Correct Answers from Lead2pass

Answer: BCE

QUESTION 49 Which two statements about the IPv4 TTL field are true? (Choose two.) A. If the TTL is 0, the datagram is automatically retransmitted. B. Each router that forwards an IP datagram reduces the TTL value by one. C. It is used to limit the lifetime of an IP datagram on the Internet. D. It is used to track IP datagrams on the Internet. Answer: BC

QUESTION 50 What are four steps to manage incident response handling? (Choose four.) A. preparation B. qualify C. identification D. who E. containment F. recovery G. eradication H. lessons learned Answer: ACEH

600-199 Dumps

600-199 Exam Questions

600-199 New Questions

600-199 PDF

600-199 VCE

Get Full Version 600-199 Q&As From Lead2pass: http://www.lead2pass.com/600-199.html


[Full Version] Free Lead2pass 600-199 PDF Guarantee 100% Get 600-199 Certification (26-50)