Adobe certification Adobe
Apple certification Apple
Avaya certification Avaya
BlackBerry certification BlackBerry
Checkpoint certification Checkpoint
Cisco certification Cisco
Citrix certification Citrix
CIW certification CIW
COGNOS certification COGNOS
CompTIA certification CompTIA
CWNP certification CWNP
ECCouncil certification ECCouncil
EMC certification EMC
Exam Express certification Exam Express
Exin certification Exin
F5 Networks certification F5 Networks
HP certification HP
IBM certification IBM
ISC certification ISC
ISEB certification ISEB
Juniper certification Juniper
Lotus certification Lotus
LPI certification LPI
Microsoft certification Microsoft
Nortel certification Nortel
Oracle certification Oracle
PMI certification PMI
RedHat certification RedHat
Sun certification Sun
Sybase certification Sybase
Symantec certification Symantec
Tibco certification Tibco
VMware certification VMware
All Exams

Network General 1T6-540 Exam - Testking

Free 1T6-540 Sample Questions:

Q: 1 Applications that use ephemeral ports on both sides of a connection are difficult to mine, because:
A. The ephemeral ports cannot be predicted
B. They all use the same port, TCP/1024
C. The well-known ports cannot be predicted
D. The ephemeral ports can be predicted but the port pairings are always different
Answer: A

Q: 2 Mining FTP frames for both the Control and Data connections is difficult, because:
A. The server listens on TCP/20 and on ephemeral addresses that are difficult to predict.
B. The server listens on TCP/21 and multiple addresses that cannot be predicted.
C. The server listens on TCP/21 and ephemeral ports that are difficult to predict.
D. Many implementations of FTP exist that use varying well-known ports.
Answer: C

Q: 3 Which of the following is NOT typically associated with network security auditing?
A. Inspection of passwords
B. Examining a network for signs of misuse
C. Troubleshooting network application efficiency
D. Looking for conformance to policy
Answer: C

Q: 4 Consider this illustration of a data mining filter.

What is wrong with it?
A. The filter only allows packets that are sent to HTTP servers on their well-known port. It would only show commands without replies. This filter is incomplete.
B. The filter only allows packets that are both to and from the well-known port TCP/80 (HTTP). Both source and destination port cannot be 80. Nothing would pass the filter.
C. It would also allow UDP packets to and from port 80 (HTTP), which does not make sense, since HTTP is a TCP-based protocol.
D. Nothing. It will capture normal data to and from TCP/80 (HTTP) servers.
Answer: B

Q: 5 The easiest way to identify data for further analysis is to _______.
A. create an alias
B. group multiple protocols together
C. sort on port number
D. select all ephemeral ports
Answer: C

Q: 6 A one to many relationship is indicative of:
A. Backdoors
B. Clients sending email to a relay server
C. Password guessing
D. Peer-to-Peer
Answer: D

Q: 7 Consider this mining filter.

Which description most accurately describes what it does?
A. It includes all packets to and from network 192.168.1.0/24.
B. It includes all packets that have sources and destinations within network 192.168.1.0/24.
C. It includes all packets that are not to or from network 192.168.1.0/24.
D. Nothing. No packets would pass this filter.
Answer: C

Q: 8 Time duration and speed are _______.
A. primary limitations of mining and analysis
B. not relevant to InfiniStream
C. only related to Expert analysis
D. relevant, but secondary issues
Answer: A

Q: 9 For testing, it is useful to convert your _______ into _______.
A. data / units of measurement
B. hypothesis / an if-then statement
C. hypothesis / a conclusion
D. conclusion / if-then statement
Answer: B

Q: 10 Maintaining a baseline can aid in detecting bandwidth denial of service attacks by:
A. Listing status codes associated with denial of service.
B. Revealing significant changes in protocol activity and bandwidth through comparison.
C. Showing ports known to be associated with bandwidth denial of service.
D. Listing source IP addresses know to send denial of service attacks.
Answer: B

Q: 11 To see user names sent to an FTP server, you should view _______.
A. the Expert Service layer objects
B. the Expert Application layer objects
C. the Advanced tab in the mining interface (Quick Select)
D. the Names tab in the mining interface (Quick Select)
Answer: B

Q: 12 Most Remote Procedure Calls (RPCs) listen on _________ ports?
A. all well-known ports
B. any port below 512
C. dynamically assigned ports, usually below port 1024
D. dynamically assigned ports, usually above port 1023
Answer: D

Q: 13 In order to mine DHCP client addressing problems, it would be best to mine _______.
A. RDP and its associated port
B. Bootpc and Bootps (DHCP) and the last known address of the client
C. the last known address of the client
D. the port on the server that the client was attempting to reach
Answer: B

Q: 14 Consider this mining filter.

Which description most accurately describes what it does?
A. It includes packets in either direction only between network 192.168.1.0/24 and network 10.2.1.0/24.
B. It includes packets sent from network 192.168.1.0/24 to network 10.2.1.0/24.
C. It includes packets in either direction between network 192.168.1.0/24 and other all other networks, except 10.2.1.0/24.
D. Nothing. No packets would pass this filter.
Answer: A

Q: 15 Reviewing initial data and noting significant trends is part of a process used to ________.
A. testing a hypothesis
B. isolate an application for conversion
C. profile network usage
D. all of the above
Answer: C

Q: 16 If you have captured network traffic and misuse of a network is uncovered, it is usually best to:
A. Confront the individual and record your conversation.
B. Hand the information over to a network security officer or manager.
C. Take the initiative and perform your own investigation.
D. Not inform anyone.
Answer: B

Q: 17 Remote Procedure Calls may change their listening port number when the service is disabled and restarted.
A. TRUE
B. FALSE
Answer: A

Q: 18 Which of the following uses Remote Procedure Calls?
A. Grep
B. Linux and Unix
C. Windows
D. VLANs
E. DNS
Answer: B, C

Q: 19 A list of up to 10 of the last file names accessed on an FTP server may be viewed _______.
A. in the data mining interface (Quick Select) on Files tab
B. in the data mining interface (Quick Select) by creating a custom tab and adding a Files column
C. in the analysis interface in an Expert Application layer object
D. in the analysis interface in an Expert Service layer object
Answer: D

Q: 20 While troubleshooting firewall issues, it is useful to compare:
A. Stream data on the inside, since anything blocked will be on the inside.
B. Stream data on the outside, since anything blocked will be on the outside.
C. Stream data on the inside and outside of the firewall to see what is getting through.
D. None of the above.
Answer: C

Q: 21 When conducting a detailed analysis to confirm a hypothesis, we should ________.
A. perform a detailed examination of data throughout various networking layers
B. focus on specific error messages
C. isolate on HTTP as a common problem area
D. decrypt the data before beginning analysis
Answer: A

Q: 22 ICMP messages always indicate:
A. Packets could not be forwarded
B. UDP errors
C. TCP errors
D. None of the above
Answer: D

Q: 23 When troubleshooting a suspected firewall issue, duplicate frame removal is _________.
A. not usually useful, since Network Address Translation will assign a new address and ports to the outside traffic and you want to compare this to the inside and outside traffic
B. usually useful, since Network Address Translation will assign a new address and ports to the outside traffic and it reduces the redundant frames
C. usually useful, since Network Address Translation will assign a new hostname to traffic on the outside traffic
D. an unrelated issue
Answer: A

Q: 24 A valid hypothesis ________.
A. can be tested
B. is relevant
C. is measurable
D. is all of the above
Answer: D

Q: 25 Consider this illustration of a data mining filter.

What would it include?
A. Packets sent to an FTP server from host 192.168.1.200, and the replies.
B. Packets sent to an FTP server from host 192.168.1.200.
C. Packets sent from an FTP server to the host 192.168.1.200 only.
D. Nothing. No packets would be included.
Answer: C

Q: 26 When troubleshooting POPv3 mail problems, the status codes returned by a server indicates _________.
A. mail delivery status
B. delivery location/address in RFC 822 format
C. simple success or failure
D. none of the above
Answer: C

Q: 27 Regarding scanning, if one host only talks to one other host, but attempts connections to thousands of ports, what is likely occurring?
A. A backdoor communicating
B. A worm is spreading
C. Normal activity
D. Vertical scanning
Answer: D

Q: 28 Which of the following cannot be selected as a condition for generating alerts?
A. Broadcast frames per second
B. HTTP response codes
C. UDP bytes per second
D. TCP utilization levels
Answer: B

Q: 29 Which setting(s) does the ICEConfigParams.cfg record?
A. Most recently used files
B. Tab names and order
C. File size and location for extracted data
D. Expert Display options
Answer: C

Q: 30 Which file records the aliases used by InfiniStream?
A. ICEConfigParams.cfg
B. address.bet
C. alias.nab
D. aliases.adr
Answer: D