Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Network General 1T6-540 Exam -

Free 1T6-540 Sample Questions:

Q: 1 Applications that use ephemeral ports on both sides of a connection are difficult to mine, because:
A. The ephemeral ports cannot be predicted
B. They all use the same port, TCP/1024
C. The well-known ports cannot be predicted
D. The ephemeral ports can be predicted but the port pairings are always different
Answer: A

Q: 2 Mining FTP frames for both the Control and Data connections is difficult, because:
A. The server listens on TCP/20 and on ephemeral addresses that are difficult to predict.
B. The server listens on TCP/21 and multiple addresses that cannot be predicted.
C. The server listens on TCP/21 and ephemeral ports that are difficult to predict.
D. Many implementations of FTP exist that use varying well-known ports.
Answer: C

Q: 3 Which of the following is NOT typically associated with network security auditing?
A. Inspection of passwords
B. Examining a network for signs of misuse
C. Troubleshooting network application efficiency
D. Looking for conformance to policy
Answer: C

Q: 4 Which file records the aliases used by InfiniStream?
A. ICEConfigParams.cfg
D. aliases.adr
Answer: D

Q: 5 The easiest way to identify data for further analysis is to _______.
A. create an alias
B. group multiple protocols together
C. sort on port number
D. select all ephemeral ports
Answer: C

Q: 6 A one to many relationship is indicative of:
A. Backdoors
B. Clients sending email to a relay server
C. Password guessing
D. Peer-to-Peer
Answer: D

Q: 7 Which setting(s) does the ICEConfigParams.cfg record?
A. Most recently used files
B. Tab names and order
C. File size and location for extracted data
D. Expert Display options
Answer: C

Q: 8 Time duration and speed are _______.
A. primary limitations of mining and analysis
B. not relevant to InfiniStream
C. only related to Expert analysis
D. relevant, but secondary issues
Answer: A

Q: 9 For testing, it is useful to convert your _______ into _______.
A. data / units of measurement
B. hypothesis / an if-then statement
C. hypothesis / a conclusion
D. conclusion / if-then statement
Answer: B

Q: 10 Maintaining a baseline can aid in detecting bandwidth denial of service attacks by:
A. Listing status codes associated with denial of service.
B. Revealing significant changes in protocol activity and bandwidth through comparison.
C. Showing ports known to be associated with bandwidth denial of service.
D. Listing source IP addresses know to send denial of service attacks.
Answer: B

Q: 11 To see user names sent to an FTP server, you should view _______.
A. the Expert Service layer objects
B. the Expert Application layer objects
C. the Advanced tab in the mining interface (Quick Select)
D. the Names tab in the mining interface (Quick Select)
Answer: B

Q: 12 Most Remote Procedure Calls (RPCs) listen on _________ ports?
A. all well-known ports
B. any port below 512
C. dynamically assigned ports, usually below port 1024
D. dynamically assigned ports, usually above port 1023
Answer: D

Q: 13 In order to mine DHCP client addressing problems, it would be best to mine _______.
A. RDP and its associated port
B. Bootpc and Bootps (DHCP) and the last known address of the client
C. the last known address of the client
D. the port on the server that the client was attempting to reach
Answer: B

Q: 14 Which of the following cannot be selected as a condition for generating alerts?
A. Broadcast frames per second
B. HTTP response codes
C. UDP bytes per second
D. TCP utilization levels
Answer: B

Q: 15 Reviewing initial data and noting significant trends is part of a process used to ________.
A. testing a hypothesis
B. isolate an application for conversion
C. profile network usage
D. all of the above
Answer: C

Q: 16 If you have captured network traffic and misuse of a network is uncovered, it is usually best to:
A. Confront the individual and record your conversation.
B. Hand the information over to a network security officer or manager.
C. Take the initiative and perform your own investigation.
D. Not inform anyone.
Answer: B

Q: 17 Remote Procedure Calls may change their listening port number when the service is disabled and restarted.
Answer: A

Q: 18 Which of the following uses Remote Procedure Calls?
A. Grep
B. Linux and Unix
C. Windows
Answer: B, C

Q: 19 A list of up to 10 of the last file names accessed on an FTP server may be viewed _______.
A. in the data mining interface (Quick Select) on Files tab
B. in the data mining interface (Quick Select) by creating a custom tab and adding a Files column
C. in the analysis interface in an Expert Application layer object
D. in the analysis interface in an Expert Service layer object
Answer: D

Q: 20 While troubleshooting firewall issues, it is useful to compare:
A. Stream data on the inside, since anything blocked will be on the inside.
B. Stream data on the outside, since anything blocked will be on the outside.
C. Stream data on the inside and outside of the firewall to see what is getting through.
D. None of the above.
Answer: C

Q: 21 When conducting a detailed analysis to confirm a hypothesis, we should ________.
A. perform a detailed examination of data throughout various networking layers
B. focus on specific error messages
C. isolate on HTTP as a common problem area
D. decrypt the data before beginning analysis
Answer: A

Q: 22 ICMP messages always indicate:
A. Packets could not be forwarded
B. UDP errors
C. TCP errors
D. None of the above
Answer: D

Q: 23 When troubleshooting a suspected firewall issue, duplicate frame removal is _________.
A. not usually useful, since Network Address Translation will assign a new address and ports to the outside traffic and you want to compare this to the inside and outside traffic
B. usually useful, since Network Address Translation will assign a new address and ports to the outside traffic and it reduces the redundant frames
C. usually useful, since Network Address Translation will assign a new hostname to traffic on the outside traffic
D. an unrelated issue
Answer: A

Q: 24 A valid hypothesis ________.
A. can be tested
B. is relevant
C. is measurable
D. is all of the above
Answer: D

Q: 25 When troubleshooting POPv3 mail problems, the status codes returned by a server indicates _________.
A. mail delivery status
B. delivery location/address in RFC 822 format
C. simple success or failure
D. none of the above
Answer: C

Q: 26 Regarding scanning, if one host only talks to one other host, but attempts connections to thousands of ports, what is likely occurring?
A. A backdoor communicating
B. A worm is spreading
C. Normal activity
D. Vertical scanning
Answer: D

© 2014, All Rights Reserved