Limited Time Discount Offer
30% Off - Ends in 02:00:00

X

Cisco 600-199 Dumps

Cisco
Securing Cisco Networks with Threat Detection and Analysis (SCYBER)
Cisco
Securing Cisco Networks with Threat Detection and Analysis (SCYBER)

Questions & Answers for Cisco 600-199

Showing 1-15 of 58 Questions

Question #1

Which action is recommended to prevent an incident from spreading?

A. Shut down the switch port.

B. Reboot the system.

C. Reboot the switch.

D. Reboot the router.

Question #2

Which attack exploits incorrect boundary checking in network software?

A. Slowloris

B. buffer overflow

C. man-in-the-middle

D. Smurf

Question #3

Which is considered to be anomalous activity?

A. an alert context buffer containing traffic to amazon.com

B. an alert context buffer containing SSH traffic

C. an alert context buffer containing an FTP server SYN scanning your network

D. an alert describing an anonymous login attempt to an FTP server

Question #4

Which three symptoms are best used to detect a TCP SYN flood attack? (Choose three.)

A. high memory utilization on target server

B. large number of sockets in SYN_RECV state on target server

C. network monitoring devices report large number of unACKed SYNs sent to target server

D. target server crashes repeatedly

E. user experience with target server is slow or unresponsive

Question #5

Which protocol is typically considered critical for LAN operation?

A. BGP

B. ARP

C. SMTP

D. GRE

Question #6

Refer to the exhibit.

Which two options does the following tcpdump command do? (Choose two.)

A. Read from nvram (non-volatile) and parse the stream.

B. Capture traffic based on host 10.10.10.10 and HTTP traffic.

C. Capture traffic based on host 10.10.10.10 and everything but HTTP traffic.

D. Capture ARP traffic only.

E. Write the capture as a file.

F. Read the capture from a file.

Question #7

In a network security policy, which procedure should be documented ahead of time to
speed the communication of a network attack?

A. restoration plans for compromised systems

B. credentials for packet capture devices

C. Internet service provider contact information

D. risk analysis tool credentials

E. a method of communication and who to contact

Question #8

Refer to the exhibit.

Based on the traffic captured in the tcpdump, what is occurring?

A. The device is powered down and is not on the network.

B. The device is reachable and a TCP connection was established on port 23.

C. The device is up but is not responding on port 23.

D. The device is up but is not responding on port 51305.

E. The resend flag is requesting the connection again.

Question #9

What is the most important reason for documenting an incident?

A. It could be used as evidence for a criminal case.

B. It could be used to identify the person responsible for allowing it into the network.

C. To train others on what they should not do.

D. To use it for future incident response handling.

Question #10

Given the signature "SQL Table Manipulation Detected", which site may trigger a false
positive?

A. a company selling discount dining-room table inserts

B. a large computer hardware company

C. a small networking company

D. a biotech company

Question #11

What are four steps to manage incident response handling? (Choose four.)

A. preparation

B. qualify

C. identification

D. who

E. containment

F. recovery

G. eradication

H. lessons learned

Question #12

Which two statements about the IPv4 TTL field are true? (Choose two.)

A. If the TTL is 0, the datagram is automatically retransmitted.

B. Each router that forwards an IP datagram reduces the TTL value by one.

C. It is used to limit the lifetime of an IP datagram on the Internet.

D. It is used to track IP datagrams on the Internet.

Question #13

Refer to the exhibit.

Which DNS Query Types pertains to email?

A. A?

B. NS?

C. SOA?

D. PTR?

E. MX?

F. TXT?

Question #14

Which two tools are used to help with traffic identification? (Choose two.)

A. network sniffer

B. ping

C. traceroute

D. route table

E. NetFlow

F. DHCP

Question #15

Which describes the best method for preserving the chain of evidence?

A. Shut down the machine that is infected, remove the hard drive, and contact the local authorities.

B. Back up the hard drive, use antivirus software to clean the infected machine, and contact the local authorities.

C. Identify the infected machine, disconnect from the network, and contact the local authorities.

D. Allow user(s) to perform any business-critical tasks while waiting for local authorities.

×