New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Exin SCNS SCNS Tactical Perimeter Defense Exam Practice Test

Demo: 34 questions
Total 232 questions

SCNS Tactical Perimeter Defense Questions and Answers

Question 1

What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were part of a bigger intrusion, or would help discover infrequent attacks?

Options:

A.

5

B.

9

C.

12

D.

10

E.

4

Question 2

You are training some network administrators to analyze log files. Some of the logs present IP addresses in binary. You explain the usefulness of reading addresses in multiple formats. You demonstrate several conversions between decimal and binary. What is the decimal equivalent of the following binary IP address:

11001111.10001010.01101101.01110001

Options:

A.

197.138.119.113

B.

217.126.109.213

C.

217.138.119.113

D.

197.136.119.117

E.

207.138.109.113

Question 3

In your organization a decision has been made to implement a multicasting application. You are configuring your firewall to allow this application to flow through in both directions. What address range are you going to address on the firewall?

Options:

A.

10.0.0.0/8

B.

172.16.0.0/12

C.

Multicast addresses use APIPA's 169.254.0.0/16

D.

224.0.0.0/4

E.

Addresses are negotiated at the time of the multicast. The nearest router assigns a public IP address assigned by ARIN.

Question 4

The exhibit represents a simple routed network. Node 7 is a Windows 2000 Professional machine that establishes a TCP communication with Node 10, a Windows 2003 Server. The routers are Cisco 2500 series running IOS 11.2.

While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 will reveal which of the following combination of source IP and source Physical addresses:

Options:

A.

Source IP address 10.0.10.115, Source Physical address for Node 7

B.

Source IP address 50.0.50.1, Source Physical address for Node 7

C.

Source IP address for Router D's Int E0, Source Physical address for Node 7

D.

Source IP address 10.0.10.115, Source Physical address Router D's Int E0

E.

Source IP addresses for both Nodes 7 and Router D's Int E0, Source Physical address for both Nodes 7 and Router D's Int E0.

Question 5

You are configuring the Access Lists for your new Cisco Router. The following are the commands that are entered into the router for the list configuration.

Router(config)#access-list 13 deny 10.10.10.0 0.0.0.255

Router(config)#access-list 13 permit 10.10.11.0 0.0.0.255

Router(config)#access-list 15 deny 10.10.12.0 0.0.0.255

Router(config)#access-list 15 permit 10.10.11.0 0.0.0.255

Router(config)#interface Ethernet 0

Router(config-if)#ip access-group 15 out

Router(config-if)#interface Ethernet 2

Router(config-if)#ip access-group 15 out

Based on this configuration, and using the exhibit, select the answers that identify what the list will accomplish.

Options:

A.

Deny network 10.10.10.0 from accessing network 10.10.11.0

B.

Deny network 10.10.12.0 from accessing network 10.10.10.0

C.

Permit network 10.10.10.0 access to all other networks

D.

Deny network 10.10.12.0 from accessing network 10.10.11.0

E.

Permit network 10.10.11.0 access to all other networks

Question 6

You are planning on implementing a token-based authentication system in your network. The network currently is spread out over four floors of your building. There are plans to add three branch offices. During your research you are analyzing the different types of systems. Which of the following are the two common systems token-based authentication uses?

Options:

A.

Challenge/Response

B.

Random-code

C.

Time-based

D.

Challenge/Handshake

E.

Password-Synch

Question 7

You were recently hired as the security administrator of a small business. You are reviewing the current state of security in the network and find that the current logging system must be immediately modified. As the system is currently configured, auditing has no practical value. Which of the following are the reasons that the current auditing has little value?

Options:

A.

The logs go unchecked.

B.

The logs are automatically deleted after three months.

C.

The logs are deleted using FIFO and capped at 500Kb.

D.

The only auditing is successful file access events.

E.

The logs are deleted using FIFO and capped at 5000Kb.

Question 8

During your investigation into wireless security options, you are reading about the 820.11 standards.

What wireless standard is designed to address the security issues of 802.11 networks?

Options:

A.

802.11a

B.

802.11i

C.

802.11b

D.

802.11e

E.

802.11g

Question 9

If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?

Options:

A.

Mesh

B.

Broadcast

C.

Infrastructure

D.

Hierarchical

E.

Ad Hoc

Question 10

In the image, there are two nodes communicating directly, without an access point. In the packet on the right side of the image, the Address 1 field is blank. If this packet is going to the other computer, what is the value that must be filled in this blank address field?

Options:

A.

2345

B.

1234

C.

ABCD

D.

E.

ABCD-1234

Question 11

You are configuring a new IDS, running Snort, in your network. To better configure Snort, you are studying the configuration file. Which four of the following are the primary parts of the Snort configuration file?

Options:

A.

Postprocessors

B.

Variables

C.

Preprocessors

D.

Output Plug-ins

E.

Rulesets

Question 12

Your network is going to implement a new network security solution, and as part of this you are configuring IPSec on a Windows Server 2003 machine. Which of the following is the description of the Client (Respond Only) default IPSec Policy?

Options:

A.

This policy is used for normal communications, and any system with this policy enabled will have the ability to communicate using IPSec if required, or requested.

B.

This policy is used when all IP network traffic is to be secured. Any system with this policy enabled will always enforce secure communications using IPSec.

C.

This policy is used when IP traffic is to be secured, and to allow unsecured communication with clients that do not respond to the request.

D.

This policy is used when clients are the only machines on the network that need IP traffic to be secured.

Any client with this policy enabled will initialize secure communications with other clients running this policy.

E.

This policy is used when clients must respond to IPSec servers. If the client does not use IPSec, network communications will fail.

Question 13

The exhibit shows a router with three interfaces E0, E1 and S0. Interfaces E0 and E1 are connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and interface S0 is connected to the Internet.

The objective is to allow two hosts, 192.168.20.16 and 192.168.10.7 access to the Internet while all other hosts are to be denied Internet access. All hosts on network 192.168.10.0 and 192.168.20.0 must be allowed to access resources on both internal networks. From the following, select all the access list statements that are required to make this possible.

Options:

A.

access-list 53 permit 192.168.20.16 0.0.0.0

B.

access-list 80 permit 192.168.20.16 0.0.0.0

C.

access-list 53 deny 0.0.0.0 255.255.255.255

D.

access-list 80 permit 192.168.10.7 0.0.0.0

E.

int S0, ip access-group 53 out

F.

int S0, ip access-group 80 out

Question 14

You are designing a new IPSec implementation for your organization, and are trying to determine your security needs. You need to clearly understand the implementation choices, before you make any changes to the network. Which of the following describes what transport and tunnel modes protect using IPSec?

Options:

A.

In transport mode, IPSec protects upper-layer protocols.

B.

In transport mode, IPSec protects just the TCP header.

C.

In tunnel mode, IPSec protects the upper-layer protocols.

D.

In transport mode, IPSec protects the entire IP packet.

E.

In tunnel mode, IPSec protects the entire IP packet.

F.

In tunnel mode, IPSec protects just the IP header.

Question 15

You are considering your options for a new firewall deployment. At which three layers of the OSI model does a stateful packet filtering firewall operate?

Options:

A.

Presentation

B.

Data Link

C.

Network

D.

Application

E.

Transport

Question 16

You have been given the task of establishing a new wireless network in your office. What are the two primary types of wireless LAN topologies?

Options:

A.

Hierarchical

B.

Mesh

C.

Broadcast

D.

Ad Hoc

E.

Infrastructure

Question 17

You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?

Options:

A.

The IDS can only manage RAID 5 failures.

B.

The IDS cannot be programmed to receive SNMP alert messages.

C.

The IDS cannot be programmed to receive SNMP trap messages.

D.

The IDS cannot be programmed to respond to hardware failures.

E.

The IDS can only inform you that an event happened.

Question 18

As Intrusion Detection Systems become more sophisticated, the software manufacturers develop different methods of detection. If an IDS uses the process of matching known attacks against data collected in your network, what is this known as?

Options:

A.

Signature analysis

B.

Packet filter matching

C.

Statistical analysis

D.

Analysis engine engagement

E.

Packet match and alarming

Question 19

You have just installed your new network-based IDS. What kinds of attacks will this system be able to detect?

Options:

A.

DoS

B.

Buffer Overflows

C.

DDoS

D.

Opening a local unauthorized folder

E.

Writing to an unauthorized file

Question 20

The main reason you have been hired at a company is to bring the network security of the organization up to current standards. A high priority is to have a full security audit of the network as soon as possible. You have chosen an Independent Audit and are describing it to your coworkers. Which of the following best describes an Independent audit?

Options:

A.

An independent audit is usually conducted by external or outside resources and may be a review or audit of detailed audit logs.

B.

The independent audit is usually done by the current network administrators who ensure the security measures are up to international standards.

C.

The independent audit is typically done by an internal team who ensures the security measures are up to international standards.

D.

The independent audit is usually done by internal resources to examine the current daily and on-going activities within a network system for compliance with an established security policy.

E.

The independent audit is typically done by a contracted outside team of security experts who check for policy compliance.

Question 21

You have been given the task of installing a new firewall system for your network. You are analyzing the different implementation options. Which of the following best describes a Single Packet Filtering Device?

Options:

A.

This is when one device is configured to run as a packet filter, granting or denying access based on the content of the headers.

B.

This is when a packet is received on one interface and sent out another interface.

C.

This is when a device has been configured with more than one network interface, and is running proxy software to forward packets back and forth between the interfaces.

D.

This is when the device reads only the session layer and higher headers to grant or deny access to the packet.

E.

This is when the network is protected by multiple functions.

Question 22

During your packet capture of traffic to check if your network is getting hit by a Denial of Service attack, you analyze TCP headers. You notice there are many headers that seem to have the same SEQ number, with the responding computer using different SEQ and ACK numbers in response. If you are analyzing a normal three-way handshake between two Windows 2000 nodes, and the first packet has a SEQ of

0xD36077AF, what will the responding computer use as an ACK?

Options:

A.

1xD36077B0

B.

0xD36077B0

C.

1xD36077AE

D.

0xD36077AE

E.

1xD36077CF

Question 23

If you are physically examining the office where your WLAN is configured, what are you performing?

Options:

A.

Protocol Analysis

B.

Packet Analysis

C.

Cryptographic Analysis

D.

Site Survey

E.

Logical Survey

Question 24

You are configuring your new IDS machine, and are creating new rules. You enter the following rule:

Alert tcp any any -> 10.0.10.0/24 any (msg: "NULL scan detected"; flags: 0;)

What is the effect of this rule?

Options:

A.

This is a logging rule, designed to capture NULL scans originating from the 10.0.10.0/24 network.

B.

This is a logging rule, designed to capture NULL scans.

C.

This is an alert rule, designed to notify you of NULL scans of the network in either direction.

D.

This is an alert rule, designed to notify you of NULL scans of the network in one direction.

E.

This is a logging rule, designed to notify you of NULL scans.

Question 25

You have just installed ISA Server 2006 on a Windows Server in your network, and you are familiarizing yourself with the new firewall. What are the three basic areas of a newly installed ISA Server 2006 firewall?

Options:

A.

Console Tree

B.

Summary Pane

C.

Advanced Pane

D.

Details Pane

E.

Task Pane

Question 26

You are configuring a new custom IPSec policy on your Windows Server 2003 machine. On the rules tab, you find the three default options under the IP Filter List. What are these three default options?

Options:

A.

All TCP Traffic

B.

All UDP Traffic

C.

All IP Traffic

D.

All ICMP Traffic

E.

Question 27

You are configuring your new IDS machine, and are creating new rules. You enter the following rule:

Alert tcp any any -> 10.0.10.0/24 any (msg: "SYN-FIN scan detected"; flags: SF;)

What is the effect of this rule?

Options:

A.

This is an alert rule, designed to notify you of SYN-FIN scans of the network in one direction.

B.

This is an alert rule, designed to notify you of SYN-FIN scans of the network in either direction.

C.

This is a logging rule, designed to capture SYN-FIN scans.

D.

This is a logging rule, designed to notify you of SYN-FIN scans.

E.

This is an alert rule, designed to notify you of SYN-FIN scans originating from the 10.0.10.0/24 network.

Question 28

You have decided to install Snort on your Windows Server 2003 and are making changes to the default configuration file. You see the following two lines:

include classification.config

include reference.config

What should these two lines read, after you make your changes, on a default installation?

Options:

A.

include C:\Snort\etc\classification.config

B.

include C:\Snort\etc\reference.config

C.

include \classification.config

D.

include \reference.config

E.

include //classification.config

F.

include //reference.config

Question 29

You are configuring your new IDS machine, and are creating new rules. You enter the following rule:

Alert tcp any any -> any 23 (msg: "Telnet Connection Attempt";)

What is the effect of this rule?

Options:

A.

This is a logging rule, designed to capture any telnet attempts

B.

This is an alert rule, designed to notify you of the use of telnet in either direction

C.

This is an alert rule, designed to notify you of the use of telnet in one direction

D.

This is a logging rule, designed to notify you of telnet connection attempts

E.

This is an alert rule, designed to notify you of attempts to connect from any IP address on port 23 to any IP address and any port on a remote host.

Question 30

You are going to add another computer to the pool that you use for detecting intrusions. This time you are making a customized Snort machine running on Windows 2000 Professional. Prior to running Snort you must install which of the following programs?

Options:

A.

Network Monitor

B.

Network Monitor Tools and Agent

C.

Libpcap

D.

WinPcap

E.

TCP/IP

Question 31

In your office, you are building the new wireless network, and you will need to install several access points. What do wireless access points use to counter multipath interference?

Options:

A.

Multiple encryption algorithms

B.

Multiple Antennas

C.

Multiple radio frequencies

D.

Duplicate packet transfer

E.

Secondary transmissions

Question 32

You have been working with Snort, on your Windows Server 2003, for some time as a packet capture tool, and now wish to connect Snort to a database on your server. You install MySQL as the database, and are ready to configure Snort. If the database is named: snortdb1, has a user name of: snort, and a password of: snortpass, what is the configuration line you need to add to Snort?

Options:

A.

output database: log, mysql, username:snort, password:snortpass, dbname:snortdb1, host:localhost

B.

output database: log: mysql: user=snort: password=snortpass: dbname=snortdb1: host=localhost

C.

output database: log; mysql; username:snort; password:snortpass; dbname:snortdb1; host:localhost

D.

output database log mysql user=snort password=snortpass dbname=snortdb1 host=localhost

E.

output database: log, mysql, user=snort password=snortpass dbname=snortdb1 host=localhost

Question 33

You are configuring the new Intrusion Detection System at your office. Your CEO asks you what the IDS will do for the organization. You tell the CEO about the three main components of Network Security and explain how an IDS can be used to meet two of those components. What are the two major components of network security that an IDS can meet?

Options:

A.

Prevention

B.

Analysis

C.

Detection

D.

Interpretation

E.

Response

Question 34

Your company has many different services that go through your ISA Server 2006, and you need to prioritize the network traffic. What does ISA Server 2006 use to prioritize packets?

Options:

A.

Differentiated Services (DiffServ) protocol

B.

Quality of Service (QoS) protocol

C.

Packet Prioritization (PaPro) protocol

D.

HTTP Prioritization (HPro) protocol

E.

Bandwidth Prioritization (BaPro) protocol

Demo: 34 questions
Total 232 questions