[Free] 2017(Aug) CollectDumps Passguide Cisco 500-280 Dumps with VCE and PDF 1-10

CollectDumps 2017 Aug Cisco Official New Released 500-280
100% Free Download! 100% Pass Guaranteed!
http://www.CollectDumps.com/500-280.html

Securing Cisco Networks with Open Source Snort

Question No: 1

Which protocol operates below the network layer?

  1. UDP

  2. ICMP

  3. ARP

  4. DNS

Answer: C

Question No: 2

Which area is created between screening devices in an egress/ingress path for housing web, mail, or DNS servers?

  1. EMZ

  2. DMZ

  3. harbor

  4. inlet

Answer: B

Question No: 3

What does protocol normalization do?

  1. compares evaluated packets to normal, daily network-traffic patterns

  2. removes any protocol-induced or protocol-allowable ambiguities

  3. compares a packet to related traffic from the same session, to determine whether the packet is out of sequence

  4. removes application layer data, whether or not it carries protocol-induced anomalies, so that packet headers can be inspected more accurately for signs of abuse

Answer: B

Question No: 4

On which protocol does Snort focus to decode, process, and alert on suspicious network traffic?

  1. Apple talk

  2. TCP/IP

  3. IPX/SPX

  4. ICMP

Answer: B

Question No: 5

Which technique can an intruder use to try to evade detection by a Snort sensor?

  1. exceed the maximum number of fragments that a sensor can evaluate

  2. split the malicious payload over several fragments to mask the attack signature

  3. disable a sensor by exceeding the number of packets that it can fragment before forwarding

  4. send more packet fragments than the destination host can reassemble, to disable the host without regard to any intrusion-detection devices that might be on the network

Answer: B

Question No: 6

An IPS addresses evasion by implementing countermeasures. What is one such countermeasure?

  1. periodically reset statistical buckets to zero for memory utilization, maximization, and performance

  2. send packets to the origination host of a given communication session, to confirm or eliminate spoofing

  3. perform pattern and signature analysis against the entire packet, rather than against individual fragments

  4. automate scans of suspicious source IP addresses

Answer: C

Question No: 7

Which IPS placement option is the noisiest?

  1. inside the firewall

  2. outside the firewall

  3. inside the DMZ

  4. inside general user segments

Answer: B

Question No: 8

What is the purpose of using a span or monitor port on a switch?

  1. to aggregate traffic from multiple switch ports

  2. to tap data off network media

  3. to overcome problems that switches have in accurately reproducing desired traffic

  4. to limit the amount of traffic that passes through the switch

Answer: A

Question No: 9

Which item examines packets for malformation, anomalies, and protocol compliance and gathers and presents packets in one consistent fashion?

  1. Sniffer

  2. preprocessors

  3. detection engine

  4. output and alerting module

Answer: B

Question No: 10

Which component is one of the four primary components of Snort?

  1. ACL

  2. postprocessor

  3. iptables

  4. output and alerting

Answer: D

100% Free Download!
Download Free Demo:500-280 Demo PDF
100% Pass Guaranteed!
Download 2017 CollectDumps 500-280 Full Exam PDF and VCE

CollectDumps ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 CollectDumps IT Certification PDF and VCE