- (Exam Topic 1)
Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

1. A. Honeypots
2. B. Firewalls
3. C. Network-based intrusion detection system (NIDS)
4. D. Host-based intrusion detection system (HIDS)

Correct Answer: C

- (Exam Topic 3)
Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

1. A. Exploitation
2. B. Weaponization
3. C. Delivery
4. D. Reconnaissance

Correct Answer: B

- (Exam Topic 2)
While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

1. A. Conduct stealth scan
2. B. Conduct ICMP scan
3. C. Conduct IDLE scan
4. D. Conduct silent scan

Correct Answer: C
Once a suitable zombie has been found, performing a scan is easy. Simply specify the zombie hostname to the -sI option and Nmap does the rest. Example 5.19 shows an example of Ereet scanning the Recording Industry Association of America by bouncing an idle scan off an Adobe machine named Kiosk.
Example 5.19. An idle scan against the RIAA
# nmap -Pn -p- -sI kiosk.adobe.com www.riaa.com
Starting Nmap ( http://nmap.org )
Idlescan using zombie kiosk.adobe.com (192.150.13.111:80); Class: Incremental Nmap scan report for 208.225.90.120
(The 65522 ports scanned but not shown below are in state: closed)
Port-State-Service
21/tcpopenftp
25/tcpopensmtp
80/tcpopenhttp
111/tcpopensunrpc
135/tcpopenloc-srv
443/tcpopenhttps
1027/tcpopenIIS
1030/tcpopeniad1
2306/tcpopenunknown
5631/tcpopenpcanywheredata
7937/tcpopenunknown
7938/tcpopenunknown
36890/tcpopenunknown
Nmap done: 1 IP address (1 host up) scanned in 2594.47 seconds
https://nmap.org/book/idlescan.html

- (Exam Topic 1)
A zone file consists of which of the following Resource Records (RRs)?

1. A. DNS, NS, AXFR, and MX records
2. B. DNS, NS, PTR, and MX records
3. C. SOA, NS, AXFR, and MX records
4. D. SOA, NS, A, and MX records

Correct Answer: D

- (Exam Topic 1)
Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

1. A. Bob can be right since DMZ does not make sense when combined with stateless firewalls
2. B. Bob is partially righ
3. C. He does not need to separate networks if he can create rules by destination IPs, one by one
4. D. Bob is totally wron
5. E. DMZ is always relevant when the company has internet servers and workstations
6. F. Bob is partially righ
7. G. DMZ does not make sense when a stateless firewall is available

Correct Answer: C