The CompTIA Security+ SY0-501 guide collects all information about the CompTIA Security+ (SY0-501) certification exam. This study guide provides a series of goals and resources that will help you prepare for the SY0-501 safety+ exam project. In order to ensure success in the CompTIA Security+ certification exam, recommended https://www.pass4itsure.com/sy0-501.html updated SY0-501 exam dumps (SY0-501 Practice Test, SY0-501 Q&As: 1334).
CompTIA Security+ Exam Summary:
Certifications: CompTIA Security+
Exam Code: SY0-501
Exam Name: CompTIA Security+ Certification Exam
The CompTIA Security+ certification is mainly targeted to those candidates who want to build their career in the IT Security domain.
The CompTIA Security+ exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of CompTIA Security Plus.
Preparation material prepared by Pass4itsure
The CompTIA SY0-501 exam dumps made by Pass4itsure experts is purely designed for professionals who are determined to pass the SY0-501 question.
CompTIA Security+ SY0-501 practice test question answers q1-q13
QUESTION 1 While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security? A. MAC spoofing B. Pharming C. Xmas attack D. ARP poisoning Correct Answer: A
QUESTION 2 Which of the following threats has sufficient knowledge to cause the MOST danger to an organization? A. Competitors B. Insiders C. Hacktivists D. Script kiddies Correct Answer: B
QUESTION 3 When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as: A. system sprawl B. end-of-life systems C. resource exhaustion D. a default configuration Correct Answer: B
QUESTION 4 While performing a penetration test, the technicians want their efforts to go unnoticed for as long as possible while they gather useful data about the network they are assessing. Which of the following would be the BEST choice for the technicians? A. Vulnerability scanner B. Offline password cracker C. Packet sniffer D. Banner grabbing Correct Answer: C
QUESTION 7 An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomalybased system. Which of the following does the organization need to determine for this to be successful? A. The baseline B. The endpoint configurations C. The adversary behavior profiles D. The IPS signatures Correct Answer: D
QUESTION 8 Which of the following BEST explains how the use of configuration templates reduces organization risk? A. It ensures consistency of configuration for initial system implementation. B. It enables system rollback to a last known-good state if patches break functionality. C. It facilitates fault tolerance since applications can be migrated across templates. D. It improves vulnerability scanning efficiency across multiple systems. Correct Answer: C
QUESTION 9 Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users? A. NAC B. VLAN C. DMZ D. Subnet Correct Answer: C
QUESTION 10 A department head at a university resigned on the first day of the spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this from occurring? A. Time-of-day restrictions B. Permission auditing and review C. Offboarding D. Account expiration Correct Answer: C
QUESTION 11 A security analyst is assessing a small company\\’s internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Select TWO). A. Compare configurations against platform benchmarks, B. Confirm adherence to the company\\’s industry-specific regulations. C. Review the company\\’s current security baseline, D. Verify alignment with policy related to regulatory compliance E. Run an exploitation framework to confirm vulnerabilities Correct Answer: CE
QUESTION 12 Which of the following network vulnerability scan indicators BEST validates a successful, active scan? A. The scan job is scheduled to run during off-peak hours. B. The scan output lists SQL injection attack vectors. C. The scan data identifies the use of privileged-user credentials. D. The scan results identify the hostname and IP address. Correct Answer: D
QUESTION 13 A systems developer needs to provide machine-to-machine interface between an application and a database server in the production environment. This interface will exchange data once per day. Which of the following access control account practices would BEST be used in this situation? A. Establish a privileged interface group and apply read-write permission to the members of that group. B. Submit a request for account privilege escalation when the data needs to be transferred. C. Install the application and database on the same server and add the interface to the local administrator group. D. Use a service account and prohibit users from accessing this account for development work. Correct Answer: D
Latest CompTIA SY0-501 exam question by Youtube
Share the Pass4itsure CompTIA exam discount code for free
Enter the discount code “CompTIA” to get a 15% discount!
Here are some study tips to help you prepare for a test:
The best way to prepare for the CompTIA SY0-501 exam is to get the SY0-501 exam dump. If you want to succeed in the SY0-501 exam immediately, then the SY0-501 exam dumps are the only solution. In short, you can get all in one product from Pass4itsure. URL Link: https://www.pass4itsure.com/sy0-501.html SY0-501 exam dumps! Best of luck!
CompTIA N10-007 practice tests are a powerful way to prepare for certification N10-007 exams. Choose Pass4itsure CompTIA expert: https://www.pass4itsure.com/n10-007.html Study hard to pass the exam easily! You can get free CompTIA N10-007 exam practice test questions here.
Here are some essential features about N10-007 exam dumps offered by Pass4itsure
Fully updated N10-007 study material with verified N10-007 questions
CompTIA N10-007 pdf free download
CompTIA Network+ N10-007 practice test questions 1-13
CompTIA Network+ N10-007 practice test questions 1-13
QUESTION 1 A user reports network resources can no longer be accessed. The PC reports a link but will only accept static IP addresses. The technician pings other devices on the subnet, but the PC displays the message Destination unreachable. Which of the following are MOST likley the causes of this issue? (Select TWO). A. Damaged cables B. Crosstalk C. Bent pins D. TX/RX reverse E. VLAN mismatch F. Duplex mismatch Correct Answer: CE
QUESTION 2 Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer Correct Answer: B
QUESTION 3 Which of the following is a secure way to connect to a device? A. RSH B. TFTP C. SNMPv2 D. SFTP Correct Answer: D
QUESTION 4 The network optimization process used to allow reasonable use of data, voice, and video on the same network infrastructure is called: A. CARP B. QoS C. Traffic shaping. D. Fault tolerance. Correct Answer: B
QUESTION 5 A network technician is installing a new network switch is looking for an appropriate fiber optic patch cable. The fiber optic patch panel uses a twist-style connector. The switch uses a SFP module. Which of the following connector types should the fiber patch cable have? A. LC B. ST C. SC D. MTRJ E. MTP Correct Answer: B
QUESTION 6 A network technician needs to set up an access method for Ann, a manager, to work from home. Ann needs to locally mapped corporate resources to perform her job. Which of the following would provide secure access to the corporate resources? A. Utilize an SSH connection to the corporate server. B. Use TFTP to transfer files to corporate resources. C. Allow RDP through an external firewall. D. Connect utilizing client-to-site VPN. Correct Answer: D
QUESTION 7 A network technician is configuring user\\’s access to a VPN concentrator and has advised to use a protocol that supports encryption over UDP. Which of the following protocols has the technician MOST likely configured for client use? A. TFTP B. DTLS C. DNS D. SNMP Correct Answer: B
QUESTION 8 Which of the following BEST describes how a layer 2 switch functions? A. Switches packets within the same subnet based on MAC addresses B. Switches packets between different subnets based on IP addresses C. Switches packets between different subnets based on MAC addresses D. Switches packets between different subnets based on MAC addresses Correct Answer: A
QUESTION 9 Which of the following devices, if implemented, would result in decreased administration time of an 802.11 network running centralized authentication services? (Choose two.) A. VPN concentrator B. Proxy server C. Wireless controller D. RADIUS server E. Multilayer switch Correct Answer: CD
QUESTION 10 A technician is setting up a firewall on the network that would show a public IP address out to the Internet and assign private IP addresses to users inside the network. Which of the following processes should be set up? A. Port security B. MAC filtering C. ACL D. NAT Correct Answer: D
QUESTION 11 A network technician notices that most of the nodes in the 10.10.74.0/23 address space return either 1 or 2 node hop after running a tracert, however, some of the new servers are showing a hop count larger than A. New servers are being provisioned in the cloud. B. Those servers have host-based firewalls. C. Some of the servers are configured to use different gateways. D. Part of the subnet is configured to use different VLANs. Correct Answer: A
QUESTION 12 In the past, users brought personal laptops to the office to bypass some of the security protocols on their desktops. Due to new security initiatives, management has asked that users not be allowed to attach personal devices to the network. Which of the following should a technician use to BEST meet this goal? A. Shut down unused ports on switches B. Upgrade firmware on network devices C. Allow only secure protocols on the network D. Disable unnecessary services Correct Answer: C
QUESTION 13 A consulting company was hired to project and deploy a new datacenter in a different city. This new facility must have the same components installed as the current datacenter to be ready to take over all the network services as soon as the primary site becomes unavailable. Which of the following describes what will be deployed in the new location? A. Cold site B. Hot site C. Warm site D. Off-site backup E. Infrastructure as a service Correct Answer: B
CompTIA N10-007 questions exam video
Pass4itsure CompTIA exam discount code 2021
Pass4itsure shares the latest CompTIA exam Discount code “CompTIA“.
Pass4itsure values your money and give you a 15% discount on the purchase of a complete CompTIA exam preparation product set practice test software, PDF Q&A.
Ensure your success with the reliable practice exam questions: Select https://www.pass4itsure.com/n10-007.html (Newest N10-007 Q&As: 990). Practice, practice, and practice! Study hard, practice well and move one step forward towards your CompTIA N10-007 certification.
A reliable solution to pass the Cisco 200-201 exam: valid 200-201 dumps! Where can I get valid 200-201 dumps? You will need to contact Pass4itsure to obtain valid 200-201 dumps. Share the latest Cisco 200-201 exam dumps, 200-201 exam questions and answers! 200-201 pdf, 200-201 exam video!
Cisco 200-201 Practice Test Questions Answers Free Share
The most reliable Cisco CyberOps Associate 200-201 practice exam questions and answers (free)
Refer to the exhibit. Which application protocol is in this PCAP file? A. SSH B. TCP C. TLS D. HTTP Correct Answer: B
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet. After collecting this packet capture the analyst cannot determine the technique and payload used for the communication. Which obfuscation technique is the attacker using? A. Base64 encoding B. transport layer security encryption C. SHA-256 hashing D. ROT13 encryption Correct Answer: B
QUESTION 3 Which process is used when IPS events are removed to improve data integrity? A. data availability B. data normalization C. data signature D. data protection Correct Answer: B
QUESTION 4 At which layer is deep packet inspection investigated on a firewall? A. internet B. transport C. application D. data link Correct Answer: C
QUESTION 5 Which event artifact is used to identity HTTP GET requests for a specific file? A. destination IP address B. TCP ACK C. HTTP status code D. URI Correct Answer: D
QUESTION 6 What is the difference between mandatory access control (MAC) and discretionary access control (DAC)? A. MAC is controlled by the discretion of the owner and DAC is controlled by an administrator B. MAC is the strictest of all levels of control and DAC is object-based access C. DAC is controlled by the operating system and MAC is controlled by an administrator D. DAC is the strictest of all levels of control and MAC is object-based access Correct Answer: B
QUESTION 7 What is a purpose of a vulnerability management framework? A. identifies, removes, and mitigates system vulnerabilities B. detects and removes vulnerabilities in source code C. conducts vulnerability scans on the network D. manages a list of reported vulnerabilities Correct Answer: A
QUESTION 8 What is an attack surface as compared to a vulnerability? A. any potential danger to an asset B. the sum of all paths for data into and out of the application C. an exploitable weakness in a system or its design D. the individuals who perform an attack Correct Answer: B
QUESTION 9 Which security technology allows only a set of pre-approved applications to run on a system? A. application-level blacklisting B. host-based IPS C. application-level whitelisting D. antivirus Correct Answer: C
QUESTION 10 An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use? A. social engineering B. eavesdropping C. piggybacking D. tailgating Correct Answer: A
QUESTION 11 Which regular expression matches “color” and “colour”? A. colo?ur B. col[0-8]+our C. colou?r D. col[0-9]+our Correct Answer: C
QUESTION 12 What makes HTTPS traffic difficult to monitor? A. SSL interception B. packet header size C. signature detection time D. encryption Correct Answer: D
QUESTION 13 During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity? A. examination B. investigation C. collection D. reporting Correct Answer: C
Cisco 200-201 Practice test questions from Youtube
Why 200-201 candidates put Pass4itsure first?
Pass4itsure is the industry leader! He includes almost all popular certification tests. The most concern is customer satisfaction, and the growing number of customers is the best proof of Pass4itsure’s commitment. You will never get frustrated by preparing Cisco 200-201 exam guides and 200-201 exam dumps.
Promo Code For 200-201 Dumps: 2020PASS
All CyberOps Associate related certification exams
100-890 Exam (Dumps)
300-215 Exam (Dumps)
350-201 Exam (Dumps)
700-840 Exam (Dumps)
700-845 Exam (Dumps)
500-220 Exam (Dumps)
700-755 Exam (Dumps)
300-630 Exam (Dumps)
Numerous Cisco certified experts recommend using Pass4itsure to help pass the 200-201 exam. Because it is the best preparation material, you can get high scores with just one attempt. Select Pass4itsure 200-201 dumps pass 200-201 exam. Best of luck to you!
The most effective way to pass the Cisco 700-765 exam is the 700-765 exam dumps! Hi, we share the preparation guide for online training for Cisco 700-765 ASAESE exam for free: Cisco 700-765 exam pdf, Cisco 700-765 exam dumps video, recommend a trusted website https://www.pass4itsure.com/700-765.html (700-765 dumps pdf renewed on time), and the latest Pass4itsure purchase discount code.
Cisco Certification Exam Material 700-765 Exam Dumps
The latest Cisco 700-765 exam resources are shared here. You must practice these questions for your 700-765 exam.
Pass4itsure Latest and Most Accurate Cisco 700-765 Exam Q&As
Exam Name: Cisco Security Architecture for System Engineers (ASASE) Updated: Nov 12, 2020 Q&As: 80
QUESTION 1 Which two elements does Advanced Malware Protection provide? (Choose two.) A. dynamic URL filtering B. advanced analytics C. dynamic data analysis D. intrusion analysis E. reputation analytics Correct Answer: BC
QUESTION 2 What does remote access use to verify identity? A. MFA B. Agents C. Remote Access VPN D. AMP for Endpoints Correct Answer: C
QUESTION 3 Which two attack vectors are protected by Visibility and Enforcement? (Choose two.) A. Cloud B. Mobile C. Endpoints D. Email E. Web Correct Answer: AE
QUESTION 4 What do customers receive when implementing TrustSec? A. SL decryption enabling secure communications on and off company networks B. Context-aware access enhancing the forensic capabilities available to their IT team C. Device profiling and onboarding, enabling businesses to control company role policies across all network services 1 D. Dynamic role-based access control that enables them to enforce business role policies across all network services Correct Answer: D
QUESTION 5 How does AMP\\’s file reputation feature help customers? A. It increases the protection to systems with exact fingerprinting B. It increases the accuracy of threat detection with Big Data analytics C. It enables point in time detection through a one-to-one engine D. It enables secure web browsing with cognitive threat analytics Correct Answer: C
QUESTION 6 In which two ways should companies modernize their security philosophies? (Choose two.) A. Expand their IT departments B. Decrease internal access and reporting C. Complement threat-centric tactics with trust-centric methods D. Reinforce their threat-centric security tactics E. Rebuild their security portfolios with new solutions Correct Answer: AC
QUESTION 7 What are two steps customers can take to evolve to a trust-centric security philosophy? (Choose two.) A. Require and install agents on mobile devices. B. Block BYOD devices. C. Limit internal access to networks D. Always verify and never trust everything inside and outside the perimeter. E. Only grant access to authorized users and devices. Correct Answer: BE
QUESTION 8 Which two Cisco products remediate network, cloud, and endpoint threats? (Choose two.) A. pxGrid B. Cisco Security Connector C. Duo D. Stealthwatch E. AMP for Endpoints Correct Answer: AE
QUESTION 9 Which feature of Cognitive Intelligence can separate statistically normal traffic from anomalous traffic? A. Event classification B. Anomaly detection C. Anomaly modeling D. Trust modeling Correct Answer: B
QUESTION 10 In the Campus NGFW use case, which capability is provided by NGFW and NGIPS? A. Flexible AAA Options B. Identity Services Engine C. Differentiated Mobile Access D. High throughput maintained while still protecting domains against threats Correct Answer: D
QUESTION 11 What are two capabilities of Cisco\\’s NGFW Identity Based Policy Control feature? (Choose two.) A. security enforced at the DNS layer B. access to multiple data layers C. access to Trojan downloader D. see and share malware details E. threats stopped from getting in and spreading Correct Answer: AB
QUESTION 12 What are two solutions for Cisco Cloud Security? (Choose two.) A. cloud data security B. cloud-delivered security C. advanced network security D. intrusion prevention E. cloud security Correct Answer: BE
QUESTION 13 What are three main areas of the Cisco Security Portfolio? (Choose three ) A. Roaming Security B. Advanced Threat C. Cloud Security D. D loT Security . E. Voice and Collaboration F. Firewalls Correct Answer: BCD
At Pass4itsure, we provide a fully reviewed Cisco 700-765 dumps training resource, which is the best resource to clear the Cisco 700-765 exam and obtain certification.
Real Cisco 700-765 exam dumps https://www.pass4itsure.com/700-765.html The latest 700-765 exam resources are shared here: 700-765 exam pdf dumps, 700-765 exam video, and the latest 700-765 practice questions.
Passing exams 300-410 has always been a difficult task, requiring comprehensive knowledge and practice. In view of these difficulties of candidates, the most effective, simple, and practical exam plan is: Try download valid Cisco 300-410 pdf. Recommend https://www.pass4itsure.com/300-410.html is your door to success. Maeeonline thinks everyone can get 300-410 pdf and free test questions to study.
Why Choose Pass4itsure Cisco 300-410 PDF
Pass4itsure 300-410 PDF provides highly accurate 300-410 questions and answers for those preparing to take the Cisco (ENARSI) exam. It can help you pass the Cisco 300-410 exam in the first exam.
Cisco CCNP 300-410 Practice Test Questions Answers
QUESTION 1 Refer to the exhibit. Which configuration configures a policy on R1 to forward any traffic that is sourced from the 192.168.130.0/24 network to R2?
A. Option A B. Option B C. Option C D. Option D Correct Answer: D
QUESTION 2 Refer to the following output: Router#show ip nhrp detail 1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47 TypE. dynamic, Flags: authoritative unique nat registered used NBMA address: 10.12.1.2 What does the authoritative flag mean in regards to the NHRP information? A. It was obtained directly from the next-hop server. B. Data packets are process switches for this mapping entry. C. NHRP mapping is for networks that are local to this router. D. The mapping entry was created in response to an NHRP registration request. E. The NHRP mapping entry cannot be overwritten Correct Answer: A
QUESTION 3 Refer to the exhibit. A network engineer executes the show ipv6 ospf database command and is presented with the output that is shown. Which flooding scope is referenced in the link-state type?
A. link-local B. area C. As (OSPF domain) D. reserved Correct Answer: B
QUESTION 4 What is the output of the following command: show ip vrf A. Show\\’s default RD values B. Displays IP routing table information associated with a VRF C. Show\\’s routing protocol information associated with a VRF. D. Displays the ARP table (static and dynamic entries) in the specified VRF Correct Answer: A
Refer to the exhibit. An engineer is troubleshooting BGP on a device but discovers that the clock on the device does not correspond to the time stamp of the log entries. Which action ensures consistency between the two times? A. Configure the service timestamps log uptime command in global configuration mode. B. Configure the logging clock synchronize command in global configuration mode. C. Configure the service timestamps log datetime localtime command in global configuration mode. D. Make sure that the clock on the device is synchronized with an NTP server. Correct Answer: D
Refer to the exhibit. An IP SLA was configured on router R1 that allows the default route to be modified in the event that Fa0/0 loses reachability with the router R3 Fa0/0 interface. The route has changed to flow through router R2. Which debug command is used to troubleshoot this issue? A. debug ip flow B. debug ip sla error C. debug ip routing D. debug ip packet Correct Answer: C
A. The flow exporter is configured but is not used. B. The flow monitor is applied in the wrong direction. C. The flow monitor is applied to the wrong interface. D. The destination of the flow exporter is not reachable. Correct Answer: D
QUESTION 8 Refer to the exhibit. After applying IPsec, the engineer observed that the DMVPN tunnel went down, and both spoke-tospoke and hub were not establishing. Which two actions resolve the issue? (Choose two.)
A. Change the mode from mode tunnel to mode transport on R3. B. Remove the crypto isakmp key cisco address 10.1.1.1 on R2 and R3. C. Configure the crypto isakmp key cisco address 22.214.171.124 on R2 and R3. D. Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3. E. Change the mode from mode transport to mode tunnel on R2. Correct Answer: AD
QUESTION 9 After some changes in the routing policy, it is noticed that the router in AS 45123 is being used as a transit AS router for several service provides. Which configuration ensures that the branch router in AS 45123 advertises only the local networks to all SP neighbors?
A. Option A B. Option B C. Option C D. Option D Correct Answer: D
QUESTION 12 Refer to the exhibit. Which interface configuration must be configured on the spoke A router to enable a dynamic DMVPN tunnel with the spoke B router?
A. Option A B. Option B C. Option C D. Option D Correct Answer: B
QUESTION 13 Which is statement about IPv6 inspection is true? A. It teams and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables B. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables C. It teams and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables D. It team and secures binding for stateless autoconfiguration addresses in Layer 2 neighbor tables. Correct Answer: D
Latest Cisco 300-410 Exam Video
All CCNP Corporate Related Certification Exams
The Best Choice For All Cisco 300-410 Candidates
Prepare for the exam with the help of Pass4sure 300-410 pdf dumps and study guide. This will be a helpful and beneficial learning experience for you.
Every customer is guaranteed to pass, and if they fail the exam, they can get their money back.
Pass4itsure Discount Code 2020
All in all:
Valid Cisco 300-410 PDF https://www.pass4itsure.com/300-410.html This is a suitable way to study, pass the exam. Share Cisco 300-410 pdf download and 300-410 video learning online and practice questions for free.
If you are trying to take the Microsoft DP-900 exam, you should consider using Microsoft DP-900 dumps. The cost of the Microsoft DP-900 exam is not low, and once you fail the first time, you will waste a lot of time preparing again. Get Microsoft DP-900 dumps https://www.pass4itsure.com/dp-900.html (Q&As: 118). Pass4itsure Microsoft DP-900 study materials include DP-900 questions and answers, DP-900 pdf, DP-900 study guide, and DP-900 training video.
How Can You Select Right Preparation Material for the Microsoft DP-900 exam?
Microsoft DP-900 pdf dumps free download
Microsoft DP-900 exam video
Microsoft Fundamentals DP-900 exam questions and answers
Why select Pass4itsure
Pass4itsure discount code 2020
How Can You Select Right Preparation Material for the Microsoft DP-900 exam?
Choosing a DP-900 dump that can ensure your success in the Microsoft DP-900 exam is undoubtedly a difficult task. Now, we will solve this problem for you. The first thing is the correlation with the actual Microsoft DP-900 exam.
Pass4itsure DP-900 dumps stand out from the competition due to its unique features and relevance to the actual DP-900 exam.
Microsoft Fundamentals DP-900 exam questions and answers
QUESTION 1 When provisioning an Azure Cosmos DB account, which feature provides redundancy within an Azure region? A. multi-master replication B. Availability Zones C. automatic failover D. the strong consistency level Correct Answer: B
QUESTION 2 What are two characteristics of real-time data processing? Each correct answer present a complete solution. NOTE: Each correct selection is worth one point. A. Data is processed as it is created. B. Low latency is expected C. High latency acceptable D. Data is processed periodically Correct Answer: BD
QUESTION 3 Your company has a reporting solution that has paginated reports. The reports query a dimensional model in a data warehouse. Which type of processing does the reporting solution use? A. stream processing B. Online Transaction Processing (OLTP) C. batch processing D. Online Analytical Processing (OLAP) Correct Answer: D
QUESTION 4 Match the tools to the appropriate descriptions. To answer, drag the appropriate tool from the column on the left to its description on the right. Each tool may be used once, more than once, or not at all. NOTE: Each correct match is worth one point. Select and Place:
QUESTION 5 Your company is designing a data store tor internet-connected temperature sensors. The collected data will be used to analyze temperature trends. Which type of data store should you use? A. relational B. columnar C. graph D. time series Correct Answer: A
QUESTION 6 To complete the sentence, select the appropriate option in the answer area.
.QUESTION 7 What is a benefit of the Azure Cosmos DB Table API as compared to Azure Table storage? A. supports partitioning B. provides resiliency if art Azure region fads C. provides a higher storage capacity D. supports a multi-master model Correct Answer: B
QUESTION 8 Match the Azure data factory components to the appropriate descriptions. To answer, drag the appropriate component from the column on the left to its description on the right. Each component may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.
QUESTION 9 You have the following SQL query.
NOTE: Each correct selection is worth one point. Hot Area:
QUESTION 10 You have an Azure SQL database that you access directly from the internet. You recently changed your external IP address. After changing the IP address, you can no longer access the database. You can connect to other resources in Azure. What is a possible cause of the issue? A. a database-level firewall B. role-based access control (RSAC) C. Dynamic Host Configuration Protocol (DHCP) D. Domain Name Service (DNS) Correct Answer: D
QUESTION 11 You have an e-commerce application that reads and writes data to an Azure SQL database. Which type of processing does the application use? A. stream processing B. batch processing C. Online Analytical Processing (OLTP) D. Online Transaction Processing (OLTP) Correct Answer: D
QUESTION 12 Match the types of workloads to the appropriate scenarios. To answer, drag the appropriate workload type from the column on the left to its scenario on the right. Each workload type may be used once, more than once, or not at all. NOTE: Each correct match is worth one point. Select and Place:
QUESTION 13 You need to develop a solution to provide data to executives. the solution must provide an interactive graphic interface, depict various key performance indications, and support data exploration by using drill down. What should you use in Microsoft Power BI? A. a dashboard B. Microsoft Power Apps C. a dataflow D. a report Correct Answer: B
Microsoft DP-900 dumps can help millions of people prepare and prove their skills when trying to implement the “Microsoft Azure Data Fundamentals” exam! Get full DP-900 dumps file: https://www.pass4itsure.com/dp-900.html Updated: Oct 08, 2020.
What is the best way to pass the Microsoft Azure Fundamentals AZ-900 exam? The answer does not need to be questioned, it must be the real AZ-900 PDF guide your success. You can get free AZ-900 exam practice test questions here. New Microsoft Azure AZ-900 PDF dumps from Pass4itsure (236 Q&As)! Welcome to download the newest AZ-900 PDF.
You may be interested in other exam PDFs shared by maeeonline!
az-900 study guide pdf | az 900 dumps pdf | az-900 exam questions pdf | az-900 vce pdf
Microsoft Azure AZ-900 PDF Free Download
Why Choose The Microsoft AZ-900 PDF Powered By Pass4itsure?
Microsoft AZ-900 Exam Questions And Answers (AZ-900 PDF)
Latest Microsoft az-900 Exam Video (Practice test Questions and answers)
Pass4itsure Year-round Discount Code 2020
Why Choose The Microsoft AZ-900 PDF Powered By Pass4itsure?
 Microsoft AZ-900 Exam Questions And Answers (AZ-900 PDF)
Prepare for your Microsoft Azure Fundamentals certification with free AZ-900 exam questions updated.
QUESTION 1 You have an on-premises network that contains 100 servers. You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs. What should you include in the recommendation? A. a complete migration to the public cloud B. an additional data center C. a private cloud D. a hybrid cloud Correct Answer: C
QUESTION 2 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
QUESTION 3 HOTSPOT For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
QUESTION 4 HOTSPOT For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
QUESTION 5 Which two types of customers are eligible to use Azure Government to develop a cloud solution? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. a Canadian government contractor B. a European government contractor C. a United States government entity D. a United States government contractor E. a European government entity Correct Answer: CD References: https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-government/2-what-is-azure-government
QUESTION 6 You have an on-premises application that sends email notifications automatically based on a rule. You plan to migrate the application to Azure. You need to recommend a serverless computing solution for the application. What should you include in the recommendation? A. a web app B. a server image in Azure Marketplace C. a logic app D. an API app Correct Answer: C
QUESTION 7 HOTSPOT For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
QUESTION 8 This question requires that you evaluate the underlined text to determine if it is correct. You have an Azure virtual network named VNET1 in a resource group named RG1. You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1. VNET1 is deleted automatically. Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. is moved automatically to another resource group C. continues to function normally D. is now a read-only object Correct Answer: A References: https://docs.microsoft.com/en-us/azure/governance/policy/overview
QUESTION 9 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
QUESTION 10 This question requires that you evaluate the underlined text to determine if it is correct. Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions. Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. Management groups C. Azure policies D. Azure App Service plans Correct Answer: C
QUESTION 11 HOTSPOT For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
QUESTION 12 You plan to deploy a critical line-of-business application to Azure. The application will run on an Azure virtual machine. You need to recommend a deployment solution for the application. The solution must provide a guaranteed availability of 99.99 percent. What is the minimum number of virtual machines and the minimum number of availability zones you should recommend for the deployment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
QUESTION 13 A team of developers at your company plans to deploy, and then remove, 50 customized virtual machines each week. Thirty of the virtual machines run Windows Server 2016 and 20 of the virtual machines run Ubuntu Linux. You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines. What should you recommend? A. Azure Reserved Virtual Machines (VM) Instances B. Azure virtual machine scale sets C. Azure DevTest Labs D. Microsoft Managed Desktop Correct Answer: C
Latest Microsoft az-900 Exam Video (Practice test Questions and answers)
Pass4itsure Year-round Discount Code 2020
The latest discount code “2020PASS” is provided below. 12% off discount, pass the exam, come soon!
Summarize: The most efficient and reliable Microsoft AZ-900 PDF shared above. Pass4itsure’s Microsoft AZ-900 PDF exam questions can help you pass the exam and prove your skills. Join now to get more of the most reliable Microsoft AZ-900 PDF exam materials.
Welcome to download the newest Pass4itsure ISC CISSP PDF dumps: https://www.pass4itsure.com/cissp.html (Updated: Jul 10, 2020, Q&As: 970). Latest ISC CISSP exam pdf and valid ISC CISSP test questions to help you pass test.
New ISC CISSP Exam Dumps Pdf from Pass4itsure (Update Questions)
QUESTION 1 When can a security program be considered effective? A. Audits are rec/Jarty performed and reviewed. B. Vulnerabilities are proactively identified. C. Risk is lowered to an acceptable level. D. Badges are regiiartv performed and validated Correct Answer: C
QUESTION 2 Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the A. security impact analysis. B. structured code review. C. routine self assessment. D. cost benefit analysis. Correct Answer: A
QUESTION 3 What is the MOST effective method of testing custom application code? A. Negative testing B. White box testing C. Penetration testing D. Black box testing Correct Answer: B
QUESTION 4 How is remote authentication Dial-In user service (RADIUS) authentication accomplished? A. It uses clear text and shared secret keys. B. It uses clear text and firewall rules. C. It relies on Virtual Private Networks (VPN). D. It relies on asymmetric encryption keys. Correct Answer: A
QUESTION 5 Following the completion of a network security assessment, which of the following can BEST be demonstrated? A. The effectiveness of controls can be accurately measured B. A penetration test of the network will fail C. The network is compliant to industry standards D. All unpatched vulnerabilities have been identified Correct Answer: A
QUESTION 6 Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router? A. Network Address Translation (NAT) B. Application Proxy C. Routing Information Protocol (RIP) Version 2 D. Address Masking Correct Answer: A
QUESTION 7 Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs? A. Check arguments in function calls B. Test for the security patch level of the environment C. Include logging functions D. Digitally sign each application module Correct Answer: B
QUESTION 8 Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed? A. Truncating parts of the data B. Applying Access Control Lists (ACL) to the data C. Appending non-watermarked data to watermarked data D. Storing the data in a database Correct Answer: A
QUESTION 9 A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate? A. Encryption routines B. Random number generator C. Obfuscated code D. Botnet command and control Correct Answer: C
QUESTION 10 An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? A. Availability B. Confidentiality C. Integrity D. Ownership Correct Answer: A
QUESTION 11 The use of private and public encryption keys is fundamental in the implementation of which of the following? A. Diffie-Hellman algorithm B. Secure Sockets Layer (SSL) C. Advanced Encryption Standard (AES) D. Message Digest 5 (MD5) Correct Answer: B
QUESTION 12 Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack? A. parameterized database queries B. whitelist input values C. synchronized session tokens D. use strong ciphers Correct Answer: C
QUESTION 13 What MUST each information owner do when a system contains data from multiple information owners? A. Provide input to the Information System (IS) owner regarding the security requirements of the data B. Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate. C. Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data D. Move the data to an Information System (IS) that does not contain data owned by other information owners Correct Answer: C
Pass4itsure Reason for selection
If you cannot pass the exam easily due to various factors, please trust Pass4itsure!
Pass4itsure Discount Code 2020
The discount has been applied to all exam products, bringing maximum convenience and help to customers.
Effective EC-COUNCIL 312-38 Exam Practice Questions
QUESTION 1 Fill in the blank with the appropriate term. A is a technique to authenticate digital documents by using computer cryptography. Correct Answer: signature A digital signature is a technique to authenticate digital documents by using computer cryptography. A digital signature not only validates the sender\\’s identity, but also ensures that the document\\’s contents have not been altered. It verifies that the source and integrity of the document is not compromised since the document is signed. A digital signature provides the following assurances: Authenticity, Integrity, and Non-repudiation. Microsoft Office 2007 Excel and Word provide a feature known as Signature line to insert a user\\’s digital signature on a document.
QUESTION 2 Which of the following layers refers to the higher-level protocols used by most applications for network communication? A. Transport layer B. Link layer C. Application layer D. Internet layer Correct Answer: C
QUESTION 3 Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs? A. Contingency plan B. Disaster recovery plan C. Business continuity plan D. Continuity of Operations Plan Correct Answer: A A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and “triggers” for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option D is incorrect. It includes the plans and procedures documented that ensure the continuity of critical operations during any period where normal operations are impossible. Answer option B is incorrect. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for ITrelated infrastructure recovery/continuity. Answer option C is incorrect. Business continuity planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan. The BCP lifecycle is as follows:
QUESTION 4 Which of the following forms of recognition of the sender can inform the data receiver of all segments that have arrived successfully? A. negative acknowledgment B. the cumulative reset C. with block D. None E. selective acknowledgment Correct Answer: E
QUESTION 5 Which of the following is a worldwide organization whose mission is to create, refine and promote internet safety standards? A. None B. SPROUT C. ANSI D. IEEE E. WASC Correct Answer: E
QUESTION 6 Which of the following cables is made of glass or plastic and transmits signals in the form of light? A. Coaxial cable B. Twisted pair cable C. Plenum cable D. Fiber optic cable Correct Answer: D Fiber optic cable is also known as optical fiber. It is made of glass or plastic and transmits signals in the form of light. It is of cylindrical shape and consists of three concentric sections: the core, the cladding, and the jacket. Optical fiber carries much more information than conventional copper wire and is in general not subject to electromagnetic interference and the need to retransmit signals. Most telephone company\\’s long-distance lines are now made of optical fiber. Transmission over an optical fiber cable requires repeaters at distance intervals. The glass fiber requires more protection within an outer cable than copper. Answer option B is incorrect. Twisted pair cabling is a type of wiring in which two conductors (the forward and return conductors of a single circuit) are twisted together for the purposes of canceling out electromagnetic interference (EMI) from external sources. It consists of the following twisted pair cables: Shielded Twisted Pair: Shielded Twisted Pair (STP) is a special kind of copper telephone wiring used in some business installations. An outer covering or shield is added to the ordinary twisted pair telephone wires; the shield functions as a ground. Twisted pair is the ordinary copper wire that connects home and many business computers to the telephone company. Shielded twisted pair is often used in business installations. Unshielded Twisted Pair: Unshielded Twisted Pair (UTP) is the ordinary wire used in home. UTP cable is also the most common cable used in computer networking. Ethernet, the most common data networking standard, utilizes UTP cables. Twisted pair cabling is often used in data networks for short and medium length connections because of its relatively lower costs compared to optical fiber and coaxial cable.UTP is also finding increasing use in video applications, primarily in security cameras. Many middle to highend cameras include a UTP output with setscrew terminals. This is made possible by the fact that UTP cable bandwidth has improved to match the baseband of television signals. Answer option A is incorrect. Coaxial cable is the kind of copper cable used by cable TV companies between the community antenna and user homes and businesses. Coaxial cable is sometimes used by telephone companies from their central office to the telephone poles near users. It is also widely installed for use in business and corporation Ethernet and other types of local area network. Coaxial cable is called “coaxial” because it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. The outer channel serves as a ground. Many of these cables or pairs of coaxial tubes can be placed in a single outer sheathing and, with repeaters, can carry information for a great distance. It is shown in the figure below:
Answer option C is incorrect. Plenum cable is cable that is laid in the plenum spaces of buildings. The plenum is the space that can facilitate air circulation for heating and air conditioning systems, by providing pathways for either heated/ conditioned or return airflows. Space between the structural ceiling and the dropped ceiling or under a raised floor is typically considered plenum. However, some drop ceiling designs create a tight seal that does not allow for airflow and therefore may not be considered a plenum air-handling space. The plenum space is typically used to house the communication cables for the building\\’s computer and telephone network.protocols. Answer options B, A, and D are incorrect. These are invalid tags.
QUESTION 8 Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity? A. Disaster Recovery Plan B. Business Continuity Plan C. Contingency Plan D. Continuity of Operations Plan Correct Answer: B BCP is a strategy to minimize the consequence of the instability and to allow for the continuation of business processes. The goal of BCP is to minimize the effects of a disruptive event on a company, and is formed to avoid interruptions to normal business activity. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan. Answer option C is incorrect. A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and “triggers” for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option A is incorrect. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity. Answer option D is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization\\’s essential. COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable.
QUESTION 9 Fill in the blank with the appropriate term.The is a communication protocol that communicates information between the network routers and the multicast end stations. Correct Answer: IGMP The Internet Group Management Protocol (IGMP) is a communication protocol that communicates information between the network routers and the multicast end stations. It allows the receivers to request a multicast data stream from a specific group address. However, multicast traffic is sent to a single MAC address but is processed by multiple hosts. The IGMP allows an end station to connect to a multicast group and leave it, while being connected to the group address. It can be effectively used for gaming and showing online videos. Although it does not actually act as a transport protocol, it operates above the network layer. It is analogous to ICMP for unicast connections. It is susceptible to some attacks, so firewalls commonly allow the user to disable it if not needed.
QUESTION 10 Which of the following is a non-profit organization that oversees the allocation of IP addresses, management of the DNS infrastructure, protocol parameter assignment, and root server system management? A. ANSI B. IEEE C. ITU D. ICANN Correct Answer: D ICANN stands for Internet Corporation for Assigned Names and Numbers. ICANN is responsible for managing the assignment of domain names and IP addresses. ICANN\\’s tasks include responsibility for IP address space allocation, protocol identifier assignment, top-level domain name system management, and root server system management functions. Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit organization that oversees the allocation of IP addresses, management of the DNS infrastructure, protocol parameter assignment, and root server system management. Answer option B is incorrect. Institute of Electrical and Electronics Engineers (IEEE) is an organization of engineers and electronics professionals who develop standards for hardware and software. Answer option C is incorrect. The International Telecommunication Union is an agency of the United Nations which regulates information and communication technology issues. ITU coordinates the shared global use of the radio spectrum, promotes international cooperation in assigning satellite orbits, works to improve telecommunication infrastructure in the developing world and establishes worldwide standards. ITU is active in areas including broadband Internet, latestgeneration wireless technologies, aeronautical and maritime navigation, radio astronomy, satellite-based meteorology, convergence in fixed-mobile phone, Internet access, data, voice, TV broadcasting, and next-generation networks. Answer option A is incorrect. ANSI (American National Standards Institute) is the primary organization for fostering the development of technology standards in the United States. ANSI works with industry groups and is the U.S. member of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Longestablished computer standards from ANSI include the American Standard Code for Information Interchange (ASCII) and the Small Computer System Interface (SCSI).
QUESTION 11 A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides an attacker unauthorized access to a computer. Which of the following tools can an attacker use to perform war dialing? Each correct answer represents a complete solution. Choose all that apply. A. ToneLoc B. Wingate C. THC-Scan D. NetStumbler Correct Answer: CA THC-Scan and ToneLoc are tools used for war dialing. A war dialer is a tool that is used to scan thousands of telephone numbers to detect vulnerable modems. It provides the attacker unauthorized access to a computer. Answer option D is incorrect. NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. It detects wireless networks and marks their relative position with a GPS. It uses an 802.11 Probe Request that has been sent to the broadcast destination address. Answer option B is incorrect. Wingate is a proxy server.
QUESTION 12 Fill in the blank with the appropriate term. A network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or tokenpassing scheme is used for preventing the collision of data between two computers that want to send messages at the same time. Correct Answer: Token Ring A Token Ring network is a local area network (LAN) in which all computers are connected in a ring or star topology and a bit- or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. The Token Ring protocol is the second most widely-used protocol on local area networks after Ethernet. The IBM Token Ring protocol led to a standard version, specified as IEEE 802.5. Both protocols are used and are very similar. The IEEE 802.5 Token Ring technology provides for data transfer rates of either 4 or 16 megabits per second. Working: Empty information frames are constantly circulated on the ring. When a computer has a message to send, it adds a token to an empty frame and adds a message and a destination identifier to the frame. The frame is then observed by each successive workstation. If the workstation sees that it is the destination for the message, it copies the message from the frame and modifies the token back to 0. When the frame gets back to the originator, it sees that the token has been modified to 0 and that the message has been copied and received. It removes the message from the particular frame. The frame continues to circulate as an empty frame, ready to be taken by a workstation when it has a message to send.
Maeeonline provides the latest EC-COUNCIL ECSAV10 exam dumps, EC-COUNCIL ECSAV10 pdf, and EC-COUNCIL ECSAV10 free exams to help you increase your exam pass rate! Paid Complete EC-COUNCIL ECSAV10 exam dumps https://www.pass4itsure.com/ecsav10.html recommend to you.
Effective EC-COUNCIL ECSAV10 Exam Practice Questions
QUESTION 1 What are the security risks of running a “repair” installation for Windows XP? A. There are no security risks when running the “repair” installation for Windows XP B. Pressing Shift+F1 gives the user administrative rights C. Pressing Ctrl+F10 gives the user administrative rights D. Pressing Shift+F10 gives the user administrative rights Correct Answer: D
QUESTION 2 Identify the framework that comprises of five levels to guide agency assessment of their security programs and assist in prioritizing efforts for improvement: A. Information System Security Assessment Framework (ISSAF) B. Microsoft Internet Security Framework C. Nortells Unified Security Framework D. Federal Information Technology Security Assessment Framework Correct Answer: D
QUESTION 3 Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida; They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company\\’s main office in Iowa; She states that she needs the receptionist\\’s network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for. What principal of social engineering did Julia use? A. Reciprocation B. Friendship/Liking C. Social Validation D. Scarcity Correct Answer: A
QUESTION 4 Which of the following equipment could a pen tester use to perform shoulder surfing? A. Binoculars B. Painted ultraviolet material C. Microphone D. All the above Correct Answer: A
QUESTION 5 Which of the following protocols cannot be used to filter VoIP traffic? A. Media Gateway Control Protocol (MGCP) B. Real-time Transport Control Protocol (RTCP) C. Session Description Protocol (SDP) D. Real-Time Publish Subscribe (RTPS) Correct Answer: D
QUESTION 6 Firewall is an IP packet filter that enforces the filtering and security policies to the flowing network traffic. Using firewalls in IPv6 is still the best way of protection from low level attacks at the network and transport layers. Which one of the following cannot handle routing protocols properly? A. “Internet-router-firewall-net architecture” B. “Internet-firewall-router-net architecture” C. “Internet-firewall/router(edge device)-net architecture” D. “Internet-firewall -net architecture” Correct Answer: B
QUESTION 7 What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser? A. Server Side Includes B. Sort Server Includes C. Server Sort Includes D. Slide Server Includes Correct Answer: A
QUESTION 8 Variables are used to define parameters for detection, specifically those of your local network and/or specific servers or ports for inclusion or exclusion in rules. These are simple substitution variables set with the var keyword. Which one of the following operator is used to define meta-variables? A. “$” B. “#” C. “*” D. “?” Correct Answer: A
QUESTION 9 When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used? A. Passive IDS B. Active IDS C. Progressive IDS D. NIPS Correct Answer: B
QUESTION 10 Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics? A. Threat-Assessment Phase B. Pre-Assessment Phase C. Assessment Phase D. Post-Assessment Phase Correct Answer: B
QUESTION 11 Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field. If the destination is not reachable, which one of the following are generated? A. Type 8 ICMP codes B. Type 12 ICMP codes C. Type 3 ICMP codes D. Type 7 ICMP codes Correct Answer: C
QUESTION 12 Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls? A. SYN Scan B. Connect() scan C. XMAS Scan D. Null Scan Correct Answer: A
Pass4itsure Reason for selection
If you cannot pass the exam easily due to various factors, please trust Pass4itsure!