FINAL EXAM 2026 -2027 NEWEST VERSION
A,B,C&D COMPLETE QUESTIONS AND
CORRECT DETAILED ANSWERS
(RATIONALES) VERIFIED 100% LATEST
UPDATE ! !!
What changes to the most common Snort configuration can alert on
internal pivoting activity?
A) Setting EXTERNAL_NET variable to !$HOME_NET
B) Setting EXTERNAL_NET variable to any
C) Setting HOME_NET variable to RFC1918 addresses
D) Setting LOCAL_NET variable to any
B) Setting EXTERNAL_NET variable to any
When using local virtualization to segregate productivity applications
and privileged applications, which host should be used to handle
productivity applications?
A) The local virtual machine.
B) The physical host.
C) Either the local virtual machine or the physical host.
D) Both virtual hosts should be run on a remote server.
A) The local virtual machine.
,Which component of a Zeek cluster is responsible for collecting and
centralizing logs generated by Zeek?
A) Frontend
B) Proxy
C) Worker
D) Manager
D) Manager
Regarding the number of rules on a NGFW, which of the following is the
recommended practice?
A) A rule should be created for each authorized connection.
B) Rules should prioritize usability of security.
C) There should be a specific rule for every condition.
D) Rules should strike a balance between security and usability.
D) Rules should strike a balance between security and usability.
,When implementing network antivirus on a NGFW, which of the
following is the recommended practice?
A) Enable in detection mode, remove false positives, and then switch to
deny mode.
B) Enable and maintain in detection mode to prevent affecting valid
applications.
C) Enable and maintain in deny mode to protect the organization as fast
as possible.
D) Enable in deny mode and remove false positives gradually based on
input from Help Desk / IT Department.
A) Enable in detection mode, remove false positives, and then switch to
deny mode.
Which type of DDoS attack is a matter of brute strength?
A) Protocol
B) Volumetric
C) Data link layer
D) Application later
B) Volumetric
, Which security enhancement mechanism helps to protect websites
against man-in-the-middle attacks by ensuring that web browsers
should automatically interact with them over HTTPS connections only?
A) HTTP Strict Transport Security
B) HTTP over SSL
C) HTTP over TLS
D) HTTP redirect
A) HTTP Strict Transport Security
Which of the following remote access solutions can verify whether an
antivirus solution is installed after performing authentication?
A) SSH
B) OpenVPN
C) Team Viewer
D) Telnet
B) OpenVPN