ITN EXAM QUESTIONS AND CORRECT ANSWERS (ALREADY GRADED A+)
5 views 0 purchase
Course
ITN 260
Institution
ITN 260
ITN EXAM QUESTIONS AND CORRECT ANSWERS (ALREADY GRADED A+)
Which can be the most valuable log for finding malware in a system?
A) network
B) WEB
C) DNS
C) IPFIX - Answer- C) DNS
To best understand which machines are talking to each other, which of the following should be used?
A) DNS l...
Which can be the most valuable log for finding malware in a system?
A) network
B) WEB
C) DNS
C) IPFIX - Answer- C) DNS
To best understand which machines are talking to each other, which of the following
should be used?
A) DNS logs
B) NetFLow
C) network logs
D) SIEM alerts - Answer- B) NetFLow
To remotely log information using a centralized log server, which of the following
protocols should be used?
A) DNS
B) NetFlow
C) Syslog
D) IPFIX - Answer- C) Syslog
IPFIX is used for what?
A) Capturing which machines are in communication with each other
B) managing mobile messaging solutions
C) reading syslog files
D) DNS logs - Answer- A) Capturing which machines are in communication with each
other
Where can you find metadata showing where a picture was taken?
A) EXIF data
B) IPFIX data
C) E-mail metadata
D) SIP CTL - Answer- A) EXIF data
Which of these is not associated with syslog files?
A) journalctl
B) NXLog
C) SIP CTL
D) IPFIX - Answer- D) IPFIX
,Correlation does what with SIEM data?
A) Determines causes
B) Provides background contextual information
C) allows rule-based interpretation of data
D) All of the above - Answer- C) allows rule-based interpretation of data
What is one of the challenges of NetFlow data?
A) proprietary format
B) Excess data fields
C) record size
D) removing duplicate records along a path - Answer- D) removing duplicate records
along a path
What tool can be used to read system log data in Linux systems?
A) Any text editor
B) Journalctl
C) Web browser
D) protocol analyzer - Answer- B) Journalctl
Which of the following are issues that need to be determined as part of setting up a
SIEM solution? ( check all that apply)
A) Sensor placement
B) Log files and relevant fields
C) Desired alert conditions
D) DNS logging - Answer- A,B,C, & D
You have been directed by upper management to block employees from accessing
Facebook from the corporate machines. Which would be the easier way to exercise this
control?
A) Application allow list
B) Application block list
C) DLP
D) Content filtering - Answer- D) Content filtering
Having an expired certificate is an example of what type of error?
A) Mobile device management
B) configuration
C) application whitelisting
D) content filter/URL filter - Answer- B) configuration
A system-focused set of predetermined automation steps is an example of what?
A) isolation
B) Runbook
C) playbook
D) firewall rules - Answer- B) Runbook
, Your business application server sends data to partners using encrypted (Signed)
messages.. You hear from one of the partners that their messages have ceased
coming. What should you investigate?
A) Application whitelist
B) application blacklist
C) the playbook for the system
D) configuration settings of the process - Answer- D) configuration settings of the
process
You have kiosk-based machines in the lobby and scattered through the facility. They do
not require a login for guests to access certain items. what is the best way to protect
these machines from user introducing trojans?
A) Application allow list
B) application block list
C) data loss prevention
D) configuration settings of the process - Answer- A) Application allow list
To coordinate team activities during an incident response event, what is the best way to
communicate approved instructions?
A) Runbook
B) MDM solution
C) quarantine rule
D) playbook - Answer- D) playbook
Your security system has identified a specific executable as potentially dangerous.
What is the best way to handle the specific item that was identified?
A) segmentation
B) quarantine
C) firewall rule
D) playbook - Answer- B) quarantine
Your company has merged with another company, and it uses a different release of
accounting software than your company does. How could you provision user machines
in accounting so they will not inadvertently run the incorrect version?
A) Application allow listing
B) isolation
C) configuration associate with the application
D) application block listing - Answer- D) application block listing
You wish to keep people from using the internal mobile network to play games on their
personal phones. What would be the best method of managing this?
A) MDM
B) application block list
C) content filter
D) segmentation - Answer- A) MDM
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
