Welcome to Dumpsbase.com

600-199 Dumps

Only $41.76, Automatic 28% OFF

$ 68
(171 Customer Reviews)
Exam Name

Securing Cisco Networks with Threat Detection and Analysis

Updated
2018-08-17
Q&A
58

Network Management 600-199 are available on Dumpsbase.com. You will always have to constantly get different Network Management certification exams to prove your level of competence in your expertise and strengthen your career challenges. 

Tips to pass Cisco 600-199 exam test by a fast way.

1. Cisco 600-199 exam test could be registered online or at your local exam center.

Pearson VUE (virtual university enterprise)
If you sign up for an exam in the United States and Canada, you can visit VUE website, or dial 1-800-829-nets (6387), choose 1, and press 4.

For countries and territories outside the United States and Canada, please contact VUE for details.

Thomson Prometric
If you sign up for an exam in the United States and Canada, you can visit Prometric, or call 1-800-829-nets (6387), choose 1, and press 4.

For countries and regions outside the United States and Canada, please contact Prometric for detailed information.

In the United States and Canada, you can register for the first six weeks in advance, and the deadline is the day of the test.
Candidates usually have to wait five days after taking a test before they can take the test again.

2. With Dumpsbase valid Network Management 600-199 exam dumps questions material to prepare for your 600-199 exam test will be very easy and fast.

Question No : 1

If an alert that pertains to a remote code execution attempt is seen on your network, which step is unlikely to help?
A. looking for anomalous traffic
B. looking for reconnaissance activity
C. restoring the machine to a known good backup
D. clearing the event store to see if future events indicate malicious activity
Answer: D

Question No : 2

Which data from previous network attacks should be used to recommend architectural changes based on potential future impact?
A. SNMP statistics
B. known vulnerabilities
C. security audit reports
D. IPS signature logs
E. STP topology changes
Answer: A

Question No : 3

Which two tools are used to help with traffic identification? (Choose two.)
A. network sniffer
B. ping
C. traceroute
D. route table
E. NetFlow
F. DHCP
Answer: A,E

Question No : 4

Which two measures would you recommend to reduce the likelihood of a successfully executed network attack from the Internet? (Choose two.)
A. Completely disconnect the network from the Internet.
B. Deploy a stateful edge firewall.
C. Buy an insurance policy A. against attack-related business losses.
D. Implement a password management policy for remote users.
Answer: B,D

Question No : 5

Which describes the best method for preserving the chain of evidence?
A. Shut down the machine that is infected, remove the hard drive, and contact the local authorities.
B. Back up the hard drive, use antivirus software to clean the infected machine, and contact the local authorities.
C. Identify the infected machine, disconnect from the network, and contact the local authorities.
D. Allow user(s) to perform any business-critical tasks while waiting for local authorities.
Answer: C

Question No : 6

Refer to the exhibit.



In the packet captured from tcpdump, which fields match up with the lettered parameters?
A. A. Source and destination IP addresses,B. Source and destination Ethernet addresses,C. Source and destination TCP port numbers,D. TCP acknowledgement number,E. IP options
B. A. Source and destination Ethernet addresses,B. Source and destination IP addresses,C. Source and destination TCP port numbers,D. TCP sequence number,E. TCP options
C. A. Source and destination Ethernet addresses,B. Source and destination IP addresses,C. Source and destination TCP port numbers,D. TCP acknowledgement number,E. IP options
D. A. Source and destination Ethernet addresses,B. Source and destination IP addresses,C. Source and destination TCP port numbers,D. TCP sequence number,E. IP options
Answer: B

Question No : 7

What are four steps to manage incident response handling? (Choose four.)
A. preparation
B. qualify
C. identification
D. who
E. containment
F. recovery
G. eradication
H. lessons learned
Answer: A,C,E,H

Question No : 8

Which step should be taken first when a server on a network is compromised?
A. Refer to the company security policy.
B. Email all server administrators.
C. Determine which server has been compromised.
D. Find the serial number of the server.
Answer: A

Question No : 9

When investigating potential network security issues, which two pieces of useful information would be found in a syslog message? (Choose two.)
A. product serial number
B. MAC address
C. IP address
D. product model number
E. broadcast address
Answer: B,C

Question No : 10

In the context of a network security device like an IPS, which event would qualify as having the highest severity?
A. remote code execution attempt
B. brute force login attempt
C. denial of service attack
D. instant messenger activity
Answer: A

Question No : 11

Which network management protocol relies on multiple connections between a managed device and the management station where such connections can be independently initiated by either side?
A. SSH
B. SNMP
C. Telnet
D. NetFlow
Answer: B

Question No : 12

Refer to the exhibit.



Based on the tcpdump capture, which three statements are true? (Choose three.)
A. Host 10.10.10.20 is requesting the MAC address of host 10.10.10.10 using ARP.
B. Host 10.10.10.10 is requesting the MAC address of host 10.10.10.20.
C. The ARP request is unicast.
D. The ARP response is unicast.
E. The ARP request is broadcast.
F. Host 10.10.10.20 is using the MAC address of ffff.ffff.ffff.
Answer: B,D,E

Question No : 13

Refer to the exhibit.



Based on the traffic captured in the tcpdump, what is occurring?
A. The device is powered down and is not on the network.
B. The device is reachable and a TCP connection was established on port 23.
C. The device is up but is not responding on port 23.
D. The device is up but is not responding on port 51305.
E. The resend flag is requesting the connection again.
Answer: C

Question No : 14

Refer to the exhibit.



In the tcpdump output, what is the sequence number that is represented by XXXXX?
A. 82080
B. 82081
C. 83448
D. 83449
E. 98496
F. 98497
Answer: C

Question No : 15

Which event is likely to be a false positive?
A. Internet Relay Chat signature with an alert context buffer containing #IPS_ROCS Yay
B. a signature addressing an ActiveX vulnerability alert on a Microsoft developer network documentation page
C. an alert for a long HTTP request with an alert context buffer containing a large HTTP GET request
D. BitTorrent activity detected on ephemeral ports
Answer: B

Question No : 16

Which action is recommended to prevent an incident from spreading?
A. Shut down the switch port.
B. Reboot the system.
C. Reboot the switch.
D. Reboot the router.
Answer: A

Question No : 17

Which two activities would you typically be expected to perform as a Network Security Analyst? (Choose two.)
A. Verify user login credentials.
B. Troubleshoot firewall performance.
C. Monitor database applications.
D. Create security policies on routers.
Answer: B,D

Question No : 18

Which three symptoms are best used to detect a TCP SYN flood attack? (Choose three.)
A. high memory utilization on target server
B. large number of sockets in SYN_RECV state on target server
C. network monitoring devices report large number of unACKed SYNs sent to target server
D. target server crashes repeatedly
E. user experience with target server is slow or unresponsive
Answer: B,C,E

Question No : 19

Where should you report suspected security vulnerability in Cisco router software?
A. Cisco TAC
B. Cisco IOS Engineering
C. Cisco PSIRT
D. Cisco SIO
Answer: C

Question No : 20

Given the signature "SQL Table Manipulation Detected", which site may trigger a false positive?
A. a company selling discount dining-room table inserts
B. a large computer hardware company
C. a small networking company
D. a biotech company
Answer: A
Some similar or invalid comments have been hidden.

Leave your Review

Your Rating