Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the SANS Certified Incident Handler SEC504 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam SEC504 Premium Access

View all detail and faqs for the SEC504 exam

Go to Exam

489 Students Passed

85% Average Score

96% Same Questions
Viewing page 1 out of 10 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which of the following is used to determine the range of IP addresses that are mapped to a live hosts?

Options:

A.

Port sweep

B.

Ping sweep

C.

IP sweep

D.

Telnet sweep

Questions # 2:

Which of the following statements about smurf is true?

Options:

A.

It is a UDP attack that involves spoofing and flooding.

B.

It is an ICMP attack that involves spoofing and flooding.

C.

It is an attack with IP fragments that cannot be reassembled.

D.

It is a denial of service (DoS) attack that leaves TCP ports open.

Questions # 3:

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote operating system (OS fingerprinting), or incorporated into a device fingerprint.

Which of the following Nmap switches can be used to perform TCP/IP stack fingerprinting?

Options:

A.

nmap -sS

B.

nmap -sU -p

C.

nmap -O -p

D.

nmap -sT

Questions # 4:

Which of the following types of rootkits replaces regular application binaries with Trojan fakes and modifies the behavior of existing applications using hooks, patches, or injected code?

Options:

A.

Application level rootkit

B.

Hypervisor rootkit

C.

Kernel level rootkit

D.

Boot loader rootkit

Questions # 5:

You want to measure the number of heaps used and overflows occurred at a point in time. Which of the following commands will you run to activate the appropriate monitor?

Options:

A.

UPDATE DBM CONFIGURATION USING DFT_MON_TABLE

B.

UPDATE DBM CONFIGURATION DFT_MON_TIMESTAMP

C.

UPDATE DBM CONFIGURATION USING DFT_MON_BUFPOOL

D.

UPDATE DBM CONFIGURATION USING DFT_MON_SORT

Questions # 6:

Fill in the blank with the appropriate term.

______ is a technique used to make sure that incoming packets are actually from the networks that they claim to be from.

Options:

Questions # 7:

Which of the following is the method of hiding data within another media type such as graphic or document?

Options:

A.

Spoofing

B.

Steganography

C.

Packet sniffing

D.

Cryptanalysis

Questions # 8:

Which of the following are the rules by which an organization operates?

Options:

A.

Acts

B.

Policies

C.

Rules

D.

Manuals

Questions # 9:

Which of the following virus is a script that attaches itself to a file or template?

Options:

A.

Boot sector

B.

Trojan horse

C.

Macro virus

D.

E-mail virus

Questions # 10:

Which of the following strategies allows a user to limit access according to unique hardware information supplied by a potential client?

Options:

A.

Extensible Authentication Protocol (EAP)

B.

WEP

C.

MAC address filtering

D.

Wireless Transport Layer Security (WTLS)

Viewing page 1 out of 10 pages
Viewing questions 1-10 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA