Browse Exams Pricing

Exams600-199Questions

600-199 Exam Questions

60 real 600-199 exam questions with expert-verified answers and explanations. Page 1 of 2.

Question #1
Which describes the best method for preserving the chain of evidence?
Question #2
Which will be provided as output when issuing the show processes cpu command on a Cisco IOS router?
Question #3
Refer to the exhibit. Which protocol is used in this network traffic flow?
Question #4
Which two types of data are relevant to investigating network security issues? (Choose two.)
Question #5
In the context of a network security device like an IPS, which event would qualify as having the highest severity?
Question #6
Which event is likely to be a false positive?
Question #7
Given a Linux machine running only an SSH server, which chain of alarms would be most concerning?
Question #8
If a company has a strict policy to limit potential confidential information leakage, which three alerts would be of concern? (Choose three.)
Question #9
Which event is actionable?
Question #10
Which would be classified as a remote code execution attempt?
Question #11
Given the signature "SQL Table Manipulation Detected", which site may trigger a false positive?
Question #12
Which is considered to be anomalous activity?
Question #13
If an alert that pertains to a remote code execution attempt is seen on your network, which step is unlikely to help?
Question #14
Refer to the exhibit. In the tcpdump output, what is the sequence number that is represented by XXXXX?
Question #15
Refer to the exhibit. Based on the traffic captured in the tcpdump, what is occurring?
Question #16
Which three statements are true about the IP fragment offset? (Choose three.)
Question #17
Which two tools are used to help with traffic identification? (Choose two.)
Question #18
Refer to the exhibit. Based on the tcpdump capture, which three statements are true? (Choose three.)
Question #19
Refer to the exhibit. Based on the tcpdump output, which two statements are true? (Choose two.)
Question #20
Refer to the exhibit. Which two options does the following tcpdump command do? (Choose two.)
Question #21
What is the maximum size of an IP datagram?
Question #22
The IHL is a 4-bit field containing what measurement?
Question #23
What is the purpose of the TCP SYN flag?
Question #24
Refer to the exhibit. What does the tcpdump command do?
Question #25
What is the most effective way to save the data on a system for later forensic use?
Question #26
In a network security policy, which procedure should be documented ahead of time to speed the communication of a network attack?
Question #27
Which data is the most useful to determine if a network attack was occurring from inbound Internet traffic?
Question #28
Which step should be taken first when a server on a network is compromised?
Question #29
After an attack has occurred, which two options should be collected to help remediate the problem? (Choose two.)
Question #30
Which source should be used to recommend preventative measures against security vulnerabilities regardless of operating system or platform?
Question #31
Which data from previous network attacks should be used to recommend architectural changes based on potential future impact?
Question #32
Which three post-mortem steps are critical to help prevent a network attack from reoccurring? (Choose three.)
Question #33
Refer to the exhibit. Which two personal administrators should be involved to investigate further? (Choose two.)
Question #34
Which network management protocol relies on multiple connections between a managed device and the management station where such connections can be independently initiated by either...
Question #35
When an IDS generates an alert for a correctly detected network attack, what is this event called?
Question #36
When is it recommended to establish a traffic profile baseline for your network?
Question #37
Which two activities would you typically be expected to perform as a Network Security Analyst? (Choose two.)
Question #38
Which protocol is typically considered critical for LAN operation?
Question #39
Which two measures would you recommend to reduce the likelihood of a successfully executed network attack from the Internet? (Choose two.)
Question #40
Which attack exploits incorrect boundary checking in network software?
Question #41
Where should you report suspected security vulnerability in Cisco router software?
Question #42
When investigating potential network security issues, which two pieces of useful information would be found in a syslog message? (Choose two.)
Question #43
Which command would provide you with interface status information on a Cisco IOS router?
Question #44
Refer to the exhibit. Which DNS Query Types pertains to email?
Question #45
A server administrator tells you that the server network is potentially under attack. Which piece of information is critical to begin your network investigation?
Question #46
Refer to the exhibit. In the packet captured from tcpdump, which fields match up with the lettered parameters?
Question #47
For TCP and UDP, what is the correct range of well-known port numbers?
Question #48
Which three symptoms are best used to detect a TCP SYN flood attack? (Choose three.)
Question #49
Which two statements about the IPv4 TTL field are true? (Choose two.)
Question #50
What are four steps to manage incident response handling? (Choose four.)

Page 1 of 2Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.