web analytics

Cisco Specialist Certifications 500-280 Dumps With VCE and PDF Download (Question 31 – Question 40)

New 500-280 exam questions from PassLeader 500-280 dumps! Welcome to download the newest PassLeader 500-280 VCE and PDF dumps: http://www.passleader.com/500-280.html (70 Q&As)

P.S. Free 500-280 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpdGtsVkxNYUYwa2s

QUESTION 31
Which rule keyword categorizes alerts into attack classes?

A.    class-key
B.    class-value
C.    classtype
D.    alert-class

Answer: C

QUESTION 32
Given the rule option byte_test:1, ,64,2;, what is the offset?

A.    1
B.    2
C.    64
D.    cannot be determined

Answer: B

QUESTION 33
Given the rule option byte_jump:4,4,relative, align;, how many bytes are being jumped?

A.    4
B.    align
C.    relative
D.    cannot be determined

Answer: D

QUESTION 34
Given the regular expression /[^Cc]at/, where does the system look for the “C” or “c”?

A.    at the beginning of the line
B.    at the end of the line
C.    anywhere
D.    nowhere, because the content is negated

Answer: D

QUESTION 35
Which protocol operates below the network layer?

A.    UDP
B.    ICMP
C.    ARP
D.    DNS

Answer: C

QUESTION 36
Which area is created between screening devices in an egress/ingress path for housing web, mail, or DNS servers?

A.    EMZ
B.    DMZ
C.    harbor
D.    inlet

Answer: B

QUESTION 37
What does protocol normalization do?

A.    compares evaluated packets to normal, daily network-traffic patterns
B.    removes any protocol-induced or protocol-allowable ambiguities
C.    compares a packet to related traffic from the same session, to determine whether the packet is out of sequence
D.    removes application layer data, whether or not it carries protocol-induced anomalies, so that packet headers can be inspected more accurately for signs of abuse

Answer: B

QUESTION 38
On which protocol does Snort focus to decode, process, and alert on suspicious network traffic?

A.    Apple talk
B.    TCP/IP
C.    IPX/SPX
D.    ICMP

Answer: B

QUESTION 39
Which technique can an intruder use to try to evade detection by a Snort sensor?

A.    exceed the maximum number of fragments that a sensor can evaluate
B.    split the malicious payload over several fragments to mask the attack signature
C.    disable a sensor by exceeding the number of packets that it can fragment before forwarding
D.    send more packet fragments than the destination host can reassemble, to disable the host without regard to any intrusion-detection devices that might be on the network

Answer: B

QUESTION 40
An IPS addresses evasion by implementing countermeasures. What is one such countermeasure?

A.    periodically reset statistical buckets to zero for memory utilization, maximization, and performance
B.    send packets to the origination host of a given communication session, to confirm or eliminate spoofing
C.    perform pattern and signature analysis against the entire packet, rather than against individual fragments
D.    automate scans of suspicious source IP addresses

Answer: C


New 500-280 exam questions from PassLeader 500-280 dumps! Welcome to download the newest PassLeader 500-280 VCE and PDF dumps: http://www.passleader.com/500-280.html (70 Q&As)

P.S. Free 500-280 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpdGtsVkxNYUYwa2s