[Free] 2017(Apr) Ensurepass Testking Cisco 600-199 Latest Dumps 11-20

Ensurepass
2017 April Cisco Official New Released 600-199 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/600-199.html

Securing Cisco Networks with Threat Detection and Analysis

 

QUESTION 11

Refer to the exhibit. Which DNS Query Types pertains to email?

 

clip_image001

 

A.

A?

B.

NS?

C.

SOA?

D.

PTR?

E.

MX?

F.

TXT?

 

Correct Answer: E

 

 

QUESTION 12

A server administrator tells you that the server network is potentially under attack. Which piece of information is critical to begin your network investigation?

 

A.

cabinet location of the servers

B.

administrator password for the servers

C.

OS that is used on the servers

D.

IP addresses/subnets used for the servers

 

Correct Answer: D

 

 

QUESTION 13

Which describes the best method for preserving the chain of evidence?

 

A.

Shut down the machine that is infected, remove the hard drive, and contact the local authorities.

B.

Back up the hard drive, use antivirus software to clean the infected machine, and contact the local authorities.

C.

Identify the infected machine, disconnect from the network, and contact the local authorities.

D.

Allow user(s) to perform any business-critical tasks while waiting for local authorities.

 

Correct Answer: C

 

 

QUESTION 14

Which will be provided as output when issuing the show processes cpu command on a Cisco IOS router?

 

A.

router configuration

B.

CPU utilization of device

C.

memory used by device processes

D.

interface processing statistics

 

Correct Answer: B

 

 

QUESTION 15

Refer to the exhibit. Which protocol is used in this network traffic flow?

 

clip_image002

 

A.

SNMP

B.

SSH

C.

DNS

D.

Telnet

 

Correct Answer: B

 

 

QUESTION 16

Which two types of data are relevant to investigating network security issues? (Choose two.)

 

A.

NetFlow

B.

device model numbers

C.

syslog

D.

routing tables

E.

private IP addresses

 

Correct Answer: AC

 

 

 

 

QUESTION 17

In the context of a network security device like an IPS, which event would qualify as having the highest severity?

 

A.

remote code execution attempt

B.

brute force login attempt

C.

denial of service attack

D.

instant messenger activity

 

Correct Answer: A

 

 

QUESTION 18

Which event is likely to be a false positive?

 

A.

Internet Relay Chat signature with an alert context buffer containing #IPS_ROCS Yay

B.

a signature addressing an ActiveX vulnerability alert on a Microsoft developer network documentation page

C.

an alert for a long HTTP request with an alert context buffer containing a large HTTP GET request

D.

BitTorrent activity detected on ephemeral ports

 

Correct Answer: B

 

 

QUESTION 19

Given a Linux machine running only an SSH server, which chain of alarms would be most concerning?

 

A.

brute force login attempt from outside of the network, followed by an internal network scan

B.

root login attempt followed by brute force login attempt

C.

Microsoft RPC attack against the server

D.

multiple rapid login attempts

 

Correct Answer: A

 

 

QUESTION 20

If a company has a strict policy to limit potential confidential information leakage, which three alerts would be of concern? (Choose three.)

 

A.

P2P activity detected

B.

Skype activity detected

C.

YouTube viewing activity detected

D.

Pastebin activity detectedE. Hulu activity detected

 

Correct Answer: ABD

 

100% Free Download!
—Download Free Demo:600-199 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 600-199 Full Exam PDF and VCE Q&As:269
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com