Question 1

A threat actor has gone to a local coffee shop and opened a program that can analyze traffic being sent and received on the network. He finds that someone on the network is sending emails using SMTP without encryption, and he can see the contents of the emails. Which of the following programs is he most likely using?

A) netstat
B) dig
C) Wireshark
D) Nessus

Wireshark

Accepted Answer

Wireshark is a network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network, making it suitable for analyzing unencrypted SMTP traffic.

Question 2

Umberto works for an organization that has created a policy prohibiting the use of open source software unless there is no alternative. He wants to sniff packets on the network, but most of the sniffer applications are open source. Which of the following software packages would adhere to the company's policy?

A) Wireshark
B) EtherApe
C) NetworkMiner
D) Network General

Network General

Accepted Answer

Network General is a commercial packet sniffer, which would adhere to the company's policy of avoiding open source software when alternatives are available.

Question 3

A cybersecurity analyst is researching syslog for possible implementation at his organization. He is reading about the elements that syslog messages contain and sees the priority and header fields. Which of the following fields contains the contents of the messages?

A) MSG
B) CONTENT
C) VALUE
D) STAT

MSG

Accepted Answer

The MSG field in a syslog message contains the actual content or message body that describes the event or log entry.

Question 4

Ian, a cybersecurity analyst, wants to use a system to identify when employees are using Telnet on the network by examining only the headers of packets as they traverse the network. Which of the following might he decide to implement to meet this goal?

A) Packet analysis
B) Protocol analysis
C) Traffic analysis
D) Wireless analysis

Accepted Answer

Protocol analysis is the correct choice because it involves examining the protocols used in packet headers to understand the types of traffic on a network. Telnet, being a specific protocol, can be identified through this method.

Question 5

Morena wants to use Wireshark to analyze the types of traffic being sent across her company's network. Which of the following types of analysis does she want to perform?&#10;A) Wireless analysis&#10;B) Traffic analysis&#10;C) Packet analysis&#10;D) Protocol analysis

Accepted Answer

Morena wants to use Wireshark to analyze the types of traffic, which involves examining the data packets being sent across the network. This is known as packet analysis.

Question 6

Talera believes an evil twin might be planted somewhere around her company's office. Which of the following is the best method of finding where it might be located?&#10;A) Protocol analysis&#10;B) Traffic analysis&#10;C) Packet analysis&#10;D) Wireless analysis

Accepted Answer

Wireless analysis is the best method to locate an evil twin, as it involves scanning and analyzing wireless networks to detect unauthorized or rogue access points.

Question 7

Jorge is analyzing the event logs on a server and sees that someone attempted to log into a user account twice with the incorrect password before logging in successfully. In which of the following general types of logs were these events most likely captured?

A) System
B) Security
C) Application
D) Authentication

Accepted Answer

Attempts to log into a user account, whether successful or not, are typically recorded in security logs. These logs are designed to track access control and security-related events, including authentication attempts.

Question 8

Tina wants to determine the fault toleranceof the servers in her data center, and is reviewing the previous 24 months of logs using an analysis tool. Which of the following types of analysis is Tina most likely performing?

A) Conditional analysis
B) Anomaly analysis
C) Behavioral analysis
D) Availability analysis

Accepted Answer

Availability analysis is the correct choice because it focuses on assessing the uptime and reliability of servers or systems, which is essential for determining fault tolerance. This type of analysis would involve reviewing logs to identify periods of downtime or failure, which directly relates to understanding how resilient the servers are to faults.

Question 9

Thierry wants to implement a method of analyzing network traffic to detect attacks by using a database of known attacks for comparison. Which of the following methods of analysis meets his goal?&#10;A) Signature analysis&#10;B) Behavioral analysis&#10;C) Availability analysis&#10;D) Anomaly analysis

Accepted Answer

Signature analysis involves comparing network traffic against a database of known attack signatures or patterns, which aligns with Thierry's goal of using a database of known attacks for comparison.

Question 10

Jonquil, a cybersecurityanalyst, has been asked to implement a system that collects information for analysis about traffic flowing through the routers and switches on her company's network. Which of the following protocols should she considerto implement this type of setup?

A) IDS
B) Resource Monitor
C) NetFlow
D) SIEM

Accepted Answer

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow, making it suitable for analyzing traffic through routers and switches.

Question 11

Neo wants to consolidate real-time monitoring and management of security-related information with analysis and reporting of events. Which of the following might he want to implement?&#10;A) IGRP&#10;B) SERP&#10;C) SIEM&#10;D) IMEI

Accepted Answer

The answer of Neo wants to consolidate real-time monitoring and...

Question 12

Nichole, a cybersecurity analyst, has received an alert about a potential ping flood on one of the company's Windows servers. She is able to connect to the server via an out-of-band management network. Which of the following native tools might help her verify what is occurring on the server at the moment?

A) Resource Monitor
B) tcpdump
C) Wireshark
D) Network General

Accepted Answer

The answer of Nichole, a cybersecurity analyst, has received an...

Question 13

Cyndi, a cybersecurity researcher, has been hired to comb through historical data at a large organization after an APT was discovered. She needs to determine the extent of the attack and be able to view various parts of the network's logs to give her the full context of what occurred. Which of the following might best describe the type of analysis she is performing?

A) Packet analysis
B) Retrospective network analysis
C) Signature analysis
D) Anomaly analysis

Accepted Answer

The answer of Cyndi, a cybersecurity researcher, has been hired...

Question 14

Match the command switch used with nmap to generate on of the output types&#10;&#10;-Interactive&#10;A) (Default)&#10;B) -oN&#10;C) -oX&#10;D) -oG

Accepted Answer

The answer of Match the command switch used with nmap...

Question 15

Match the command switch used with nmap to generate on of the output types&#10;&#10;-Interactive output stored in a file&#10;A) (Default)&#10;B) -oN&#10;C) -oX&#10;D) -oG

Accepted Answer

The answer of Match the command switch used with nmap...

Question 16

Match the command switch used with nmap to generate on of the output types&#10;&#10;-Output in Extensible Markup Language&#10;A) (Default)&#10;B) -oN&#10;C) -oX&#10;D) -oG

Accepted Answer

The answer of Match the command switch used with nmap...

Question 17

Match the command switch used with nmap to generate on of the output types&#10;&#10;-Output that can be manipulated using Linux command-line tools&#10;A) (Default)&#10;B) -oN&#10;C) -oX&#10;D) -oG

Accepted Answer

The answer of Match the command switch used with nmap...

Deck 2: Analyzing Network Reconnaissance