600-199 Questions And Answers

$58

Exam Name: Securing Cisco Networks with Threat Detection and Analysis

Updated: 2018-12-11

Q & A: 58

Money Back Guaranteed
  Reviews
  Customers who bought this item also bought

600-199 Frequently Asked Questions

Q1: Can I use 600-199 exam Q&As in my phone?
Yes, PassQuestion provides Network Management 600-199 pdf Q&As which you can download to study on your computer or mobile device, we also provide 600-199 pdf free demo which from the full version to check its quality before purchasing.

Q2: What are the formats of your Cisco 600-199 exam questions?
PassQuestion provides Cisco 600-199 exam questions with pdf format and software format, pdf file will be sent in attachment and software file in a download link, you need to download the link in a week, it will be automatically invalid after a week.

Q3: How can I download my 600-199 test questions after purchasing?
We will send Network Management 600-199 test questions to your email once we receive your order, pls make sure your email address valid or leave an alternate email.

Q4: How long can I get my Network Management 600-199 questions and answers after purchasing?
We will send Network Management 600-199 questions and answers to your email in 10 minutes in our working time and no less than 12 hours in our off time.

Working Time:
GMT+8: Monday- Saturday 8:00 AM-18:00 PM
GMT: Monday- Saturday 0:00 AM-10:00 AM

Q5: Can I pass my test with your Network Management 600-199 practice questions only?
Sure! All of PassQuestion Network Management 600-199 practice questions come from real test. If you can practice well and get a good score in our practice Q&As, we ensure you can pass your Securing Cisco Networks with Threat Detection and Analysis exam easily.

Q6: How can I know my 600-199 updated? 
You can check the number of questions, if it is changed,that means we have updated this exam ,you can contact us anytime to ask for an free update. our sales email : [email protected]

Q7: What is your refund process if I fail Cisco  600-199 test?
If you fail your 600-199 test by studying our study material, just scan your score report and send to us in attchment,when we check, we will give you full refund.

Q8. What other payment menthod can I use except Paypal?
If your country don't support Paypal, we offer another Payment method Western Union,it is also safe and fast. Pls contact us for the details, we will send it to your email.

Question No : 1

Which two activities would you typically be expected to perform as a Network Security Analyst? (Choose two.)
A. Verify user login credentials.
B. Troubleshoot firewall performance.
C. Monitor database applications.
D. Create security policies on routers.
Answer: B,D

Question No : 2

Which would be classified as a remote code execution attempt?
A. OLE stack overflow detected
B. null login attempt
C. BitTorrent activity detected
D. IE ActiveX DoS
Answer: A

Question No : 3

Which four tools are used during an incident to collect data? (Choose four.)
A. Sniffer
B. TCPDump
C. FTK
D. EnCase
E. ABC
F. ASA
G. Microsoft Windows 7
Answer: A,B,C,D

Question No : 4

Refer to the exhibit.



Which two personal administrators should be involved to investigate further? (Choose two.)
A. email administrator
B. IPS administrator
C. DNS administrator
D. desktop administrator
E. security administrator
Answer: C,D

Question No : 5

Which protocol is typically considered critical for LAN operation?
A. BGP
B. ARP
C. SMTP
D. GRE
Answer: B

Question No : 6

Which three statements are true about the IP fragment offset? (Choose three.)
A. A fragment offset of 0 indicates that it is the first in a series of fragments.
B. A fragment offset helps determine the position of the fragment within the reassembled datagram.
C. A fragment offset number refers to the number of fragments.
D. A fragment offset is measured in 8-byte units.
E. A fragment offset is measured in 16-byte units.
Answer: A,B,D

Question No : 7

Which event is likely to be a false positive?
A. Internet Relay Chat signature with an alert context buffer containing #IPS_ROCS Yay
B. a signature addressing an ActiveX vulnerability alert on a Microsoft developer network documentation page
C. an alert for a long HTTP request with an alert context buffer containing a large HTTP GET request
D. BitTorrent activity detected on ephemeral ports
Answer: B

Question No : 8

Refer to the exhibit.



Based on the tcpdump capture, which three statements are true? (Choose three.)
A. Host 10.10.10.20 is requesting the MAC address of host 10.10.10.10 using ARP.
B. Host 10.10.10.10 is requesting the MAC address of host 10.10.10.20.
C. The ARP request is unicast.
D. The ARP response is unicast.
E. The ARP request is broadcast.
F. Host 10.10.10.20 is using the MAC address of ffff.ffff.ffff.
Answer: B,D,E

Question No : 9

After an attack has occurred, which two options should be collected to help remediate the problem? (Choose two.)
A. packet captures
B. NAT translation table
C. syslogs from affected devices
D. connection table information
E. NetFlow data
Answer: C,E

Question No : 10

Which source should be used to recommend preventative measures against security vulnerabilities regardless of operating system or platform?
A. Microsoft security bulletins
B. Cisco PSIRT notices
C. Common Vulnerabilities and Exposure website
D. Mozilla Foundation security advisories
E. zero-day attack wiki
Answer: C

Question No : 11

As a part of incident response, which action should be performed?
A. watch to see if the incident reoccurs
B. custody of information
C. maintain data security and custody for future forensics use
D. classify the problem
Answer: C

Question No : 12

Refer to the exhibit.



In the packet captured from tcpdump, which fields match up with the lettered parameters?
A. A. Source and destination IP addresses,B. Source and destination Ethernet addresses,C. Source and destination TCP port numbers,D. TCP acknowledgement number,E. IP options
B. A. Source and destination Ethernet addresses,B. Source and destination IP addresses,C. Source and destination TCP port numbers,D. TCP sequence number,E. TCP options
C. A. Source and destination Ethernet addresses,B. Source and destination IP addresses,C. Source and destination TCP port numbers,D. TCP acknowledgement number,E. IP options
D. A. Source and destination Ethernet addresses,B. Source and destination IP addresses,C. Source and destination TCP port numbers,D. TCP sequence number,E. IP options
Answer: B

Question No : 13

Which step should be taken first when a server on a network is compromised?
A. Refer to the company security policy.
B. Email all server administrators.
C. Determine which server has been compromised.
D. Find the serial number of the server.
Answer: A

Question No : 14

Refer to the exhibit.



Based on the traffic captured in the tcpdump, what is occurring?
A. The device is powered down and is not on the network.
B. The device is reachable and a TCP connection was established on port 23.
C. The device is up but is not responding on port 23.
D. The device is up but is not responding on port 51305.
E. The resend flag is requesting the connection again.
Answer: C

Question No : 15

Which describes the best method for preserving the chain of evidence?
A. Shut down the machine that is infected, remove the hard drive, and contact the local authorities.
B. Back up the hard drive, use antivirus software to clean the infected machine, and contact the local authorities.
C. Identify the infected machine, disconnect from the network, and contact the local authorities.
D. Allow user(s) to perform any business-critical tasks while waiting for local authorities.
Answer: C

Add Comments

Your Rating