[Free] 2017(Oct) EnsurePass Passguide Cisco 600-199 Dumps with VCE and PDF 11-20

2017 Oct Cisco Official New Released 600-199
100% Free Download! 100% Pass Guaranteed!

Securing Cisco Networks with Threat Detection and Analysis

Question No: 11

Refer to the exhibit.

Ensurepass 2017 PDF and VCE

Which DNS Query Types pertains to email?

  1. A?

  2. NS?

  3. SOA?

  4. PTR?

  5. MX?

  6. TXT?

Answer: E

Question No: 12

A server administrator tells you that the server network is potentially under attack. Which piece of information is critical to begin your network investigation?

  1. cabinet location of the servers

  2. administrator password for the servers

  3. OS that is used on the servers

  4. IP addresses/subnets used for the servers

Answer: D

Question No: 13

Which describes the best method for preserving the chain of evidence?

  1. Shut down the machine that is infected, remove the hard drive, and contact the local authorities.

  2. Back up the hard drive, use antivirus software to clean the infected machine, and contact the local authorities.

  3. Identify the infected machine, disconnect from the network, and contact the local authorities.

  4. Allow user(s) to perform any business-critical tasks while waiting for local authorities.

Answer: C

Question No: 14

Which will be provided as output when issuing the show processes cpu command on a Cisco IOS router?

  1. router configuration

  2. CPU utilization of device

  3. memory used by device processes

  4. interface processing statistics

Answer: B

Question No: 15

Refer to the exhibit.

Ensurepass 2017 PDF and VCE

Which protocol is used in this network traffic flow?

  1. SNMP

  2. SSH

  3. DNS

  4. Telnet

Answer: B

Question No: 16

Which two types of data are relevant to investigating network security issues? (Choose two.)

  1. NetFlow

  2. device model numbers

  3. syslog

  4. routing tables

  5. private IP addresses

Answer: A,C

Question No: 17

In the context of a network security device like an IPS, which event would qualify as having the highest severity?

  1. remote code execution attempt

  2. brute force login attempt

  3. denial of service attack

  4. instant messenger activity

Answer: A

Question No: 18

Which event is likely to be a false positive?

  1. Internet Relay Chat signature with an alert context buffer containing #IPS_ROCS Yay

  2. a signature addressing an ActiveX vulnerability alert on a Microsoft developer network documentation page

  3. an alert for a long HTTP request with an alert context buffer containing a large HTTP GET request

  4. BitTorrent activity detected on ephemeral ports

Answer: B

Question No: 19

Given a Linux machine running only an SSH server, which chain of alarms would be most concerning?

  1. brute force login attempt from outside of the network, followed by an internal network scan

  2. root login attempt followed by brute force login attempt

  3. Microsoft RPC attack against the server

  4. multiple rapid login attempts

Answer: A

Question No: 20

If a company has a strict policy to limit potential confidential information leakage, which three alerts would be of concern? (Choose three.)

  1. P2P activity detected

  2. Skype activity detected

  3. YouTube viewing activity detected

  4. Pastebin activity detected

  5. Hulu activity detected

Answer: A,B,D

100% Free Download!
Download Free Demo:600-199 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 600-199 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com