Skip to content
  • Home
  • CCNA Labs
    • CCNA 1 LAB Activities (v6 & v7)
    • CCNA 2 LAB Activities (v6 & v7)
    • CCNA 3 LAB Activities (v6 & v7)
    • CCNA 4 Lab Activities
  • Linux
    • Linux Unhatched
    • Linux Essentials 2.0
    • Linux Essentials
    • Introduction to Linux I
    • Introduction to Linux II
  • Programming
    • PCAP – Programming Essentials in Python
    • CLA – Programming Essentials in C
    • CPA Programming Essentials in C++
  • About
    • Contact Us
    • Privacy Policy

CCNA 7 Exam Answers 2023

Go with our CCIE, Passed 100%

  • ITE
    • ITE - IT Essentials v7.0
    • ITE - IT Essentials v6.0
      • IT Essentials Lab 2019
    • ITE v5.0 Exam
    • Virtual Activity Laptop
    • Virtual Activity Desktop
  • NE
    • MF
  • CCNA
    • CCNA1
      • CCNA1 v7.0 – ITN
      • CCNA1 v6.0
    • CCNA2
      • CCNA2 v7.0 – SRWE
      • CCNA2 v6.0
    • CCNA3
      • CCNA3 v7.0 – ENSA
      • CCNA3 v6.0
    • CCNA4
      • CCNA4 v6.0
  • Cyber-Security
    • ITC – Introduction to Cybersecurity 2.1 (Level 1)
    • CE – Cybersecurity Essentials 1.1 (Level 2)
    • CCNA CyberOps 1.1 (Level 3)
  • Security
    • CCNA Security v2
  • DevNet
  • CCNA PT Lab 2023

CCNA CyberOps Chapter 13 Exam Online

Last Updated on May 20, 2021 by Admin

CCNA CyberOps Chapter 13 Exam Online

CCNA CyberOps 1.1 -- Chapter 13 Exam

Time limit: 0

Quiz-summary

0 of 30 questions completed

Questions:

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30

Information

CCNA CyberOps 1.1 — Chapter 13 Exam

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading...

You must sign in or sign up to start the quiz.

You have to finish following quiz, to start this quiz:

Results

0 of 30 questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 points, (0)

Average score
 
 
Your score
 
 

Categories

  1. Not categorized 0%
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  1. Answered
  2. Review
  1. Question 1 of 30
    1. Question
    1 points

    Which top-level element of the VERIS schema would allow a company to log who the actors were, what actions affected the asset, which assets were affected, and how the asset was affected?

    Correct

    Incorrect

    The incident description top-level element uses the 4A model (actors, actions, assets, and attributes). Each section has subsections to further document the incident.

    Hint

    The incident description top-level element uses the 4A model (actors, actions, assets, and attributes). Each section has subsections to further document the incident.

  2. Question 2 of 30
    2. Question
    1 points

    A threat actor has identified the potential vulnerability of the web server of an organization and is building an attack. What will the threat actor possibly do to build an attack weapon?

    Correct

    Incorrect

    One tactic of weaponization used by a threat actor after the vulnerability is identified is to obtain an automated tool to deliver the malware payload through the vulnerability.

    Hint

    One tactic of weaponization used by a threat actor after the vulnerability is identified is to obtain an automated tool to deliver the malware payload through the vulnerability.

  3. Question 3 of 30
    3. Question
    1 points

    Which schema or model was created to anonymously share quality information about security events to the security community?

    Correct

    Incorrect

    Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to create a way to describe security incidents in a structured or repeatable way. A Computer Security Incident response Team (CSIRT) is an internal organizational group that provides services and functions to secure assets. Cyber Kill Chain contains seven steps which help analysts understand the techniques, tools, and procedures of threat actors. The Diamond Model of intrusion has four parts that represent a security incident.

    Hint

    Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to create a way to describe security incidents in a structured or repeatable way. A Computer Security Incident response Team (CSIRT) is an internal organizational group that provides services and functions to secure assets. Cyber Kill Chain contains seven steps which help analysts understand the techniques, tools, and procedures of threat actors. The Diamond Model of intrusion has four parts that represent a security incident.

  4. Question 4 of 30
    4. Question
    1 points

    What is the role of vendor teams as they relate to CSIRT?

    Correct

    Incorrect

    There are many different types of CSIRTs and related information security organizations. Vendor CSIRT teams provide remediation for vulnerabilities in the software or hardware of an organization and often handle customer reports concerning security vulnerabilities.

    Hint

    There are many different types of CSIRTs and related information security organizations. Vendor CSIRT teams provide remediation for vulnerabilities in the software or hardware of an organization and often handle customer reports concerning security vulnerabilities.

  5. Question 5 of 30
    5. Question
    1 points

    What is the role of a Computer Emergency Response Team?

    Correct

    Incorrect

    A Computer Emergency Response Team (CERT) provides security awareness, best practices, and security vulnerability information to populations. A CERT does not respond directly to security incidents.

    Hint

    A Computer Emergency Response Team (CERT) provides security awareness, best practices, and security vulnerability information to populations. A CERT does not respond directly to security incidents.

  6. Question 6 of 30
    6. Question
    1 points

    What is the purpose of the policy element in a computer security incident response capability of an organization, as recommended by NIST?

    Correct

    Incorrect

    NIST recommends creating policies, plans, and procedures for establishing and maintaining a CSIRC. A purpose of the policy element is to detail how incidents should be handled based on the mission and functions of an organization.

    Hint

    NIST recommends creating policies, plans, and procedures for establishing and maintaining a CSIRC. A purpose of the policy element is to detail how incidents should be handled based on the mission and functions of an organization.

  7. Question 7 of 30
    7. Question
    1 points

    Which action should be included in a plan element that is part of a computer security incident response capability (CSIRC)?

    Correct

    Incorrect

    NIST recommends creating policies, plans, and procedures for establishing and maintaining a CSIRC. A purpose of the plan element is to develop metrics for measuring the incident response capability and its effectiveness.

    Hint

    NIST recommends creating policies, plans, and procedures for establishing and maintaining a CSIRC. A purpose of the plan element is to develop metrics for measuring the incident response capability and its effectiveness.

  8. Question 8 of 30
    8. Question
    1 points

    What is defined in the SOP of a computer security incident response capability (CSIRC)?

    Correct

    Incorrect

    A CSIRC will include standard operating procedures (SOPs) that are followed during an incident response. Procedures include following technical processes, filling out forms, and following checklists.

    Hint

    A CSIRC will include standard operating procedures (SOPs) that are followed during an incident response. Procedures include following technical processes, filling out forms, and following checklists.

  9. Question 9 of 30
    9. Question
    2 points

    According to information outlined by the Cyber Kill Chain, which two approaches can help identify reconnaissance threats? (Choose two.)

    Correct

    Incorrect

    Threat actors may use port scanning toward a web server of an organization and identify vulnerabilities on the server. They may visit the web server to collect information about the organization. The web server logging should be enabled and the logging data should be analyzed to identify possible reconnaissance threats. Building playbooks by filtering and combining related web activities by visitors can sometimes reveal the intentions of threat actors.

    Hint

    Threat actors may use port scanning toward a web server of an organization and identify vulnerabilities on the server. They may visit the web server to collect information about the organization. The web server logging should be enabled and the logging data should be analyzed to identify possible reconnaissance threats. Building playbooks by filtering and combining related web activities by visitors can sometimes reveal the intentions of threat actors.

  10. Question 10 of 30
    10. Question
    2 points

    When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to help block potential exploitations of a system? (Choose two.)

    Correct

    Incorrect

    The most common exploit targets, once a weapon is delivered, are applications, operating system vulnerabilities, and user accounts. Among other measures, conducting employee awareness training and email testing and auditing endpoints to forensically determine the origin of an exploit can help block future exploitations of systems.

    Hint

    The most common exploit targets, once a weapon is delivered, are applications, operating system vulnerabilities, and user accounts. Among other measures, conducting employee awareness training and email testing and auditing endpoints to forensically determine the origin of an exploit can help block future exploitations of systems.

  11. Question 11 of 30
    11. Question
    1 points

    What is the goal of an attack in the installation phase of the Cyber Kill Chain?

    Correct

    Incorrect

    In the installation phase of the Cyber Kill Chain, the threat actor establishes a back door into the system to allow for continued access to the target.

    Hint

    In the installation phase of the Cyber Kill Chain, the threat actor establishes a back door into the system to allow for continued access to the target.

  12. Question 12 of 30
    12. Question
    1 points

    What is the objective the threat actor in establishing a two-way communication channel between the target system and a CnC infrastructure?

    Correct

    Incorrect

    In the command and control phase of the Cyber Kill Chain, the threat actor establishes command and control (CnC) with the target system. With the two-way communication channel, the threat actor is able to issue commands to the malware software installed on the target.

    Hint

    In the command and control phase of the Cyber Kill Chain, the threat actor establishes command and control (CnC) with the target system. With the two-way communication channel, the threat actor is able to issue commands to the malware software installed on the target.

  13. Question 13 of 30
    13. Question
    1 points

    Which term is used in the Diamond Model of intrusion to describe a tool that a threat actor uses toward a target system?

    Correct

    Incorrect

    The Diamond Model of intrusion contains four parts:

    • Adversary – the parties responsible for the intrusion
    • Capability – a tool or technique that the adversary uses to attack the victim
    • Infrastructure – the network path or paths that the adversaries use to establish and maintain command and control over their capabilities
    • Victim – the target of the attack

     

    Hint

    The Diamond Model of intrusion contains four parts:

    • Adversary – the parties responsible for the intrusion
    • Capability – a tool or technique that the adversary uses to attack the victim
    • Infrastructure – the network path or paths that the adversaries use to establish and maintain command and control over their capabilities
    • Victim – the target of the attack

     

  14. Question 14 of 30
    14. Question
    1 points

    What is a benefit of using the VERIS community database?

    Correct

    Incorrect

    The VERIS community database is free. It can be used as a tool for risk management, to document security incidents, to discover over incidents, and to compare how other organizations dealt with a particular type of security incident.

    Hint

    The VERIS community database is free. It can be used as a tool for risk management, to document security incidents, to discover over incidents, and to compare how other organizations dealt with a particular type of security incident.

  15. Question 15 of 30
    15. Question
    1 points

    Which action is taken in the postincident phase of the NIST incident response life cycle?

    Correct

    Incorrect

    It is in the post-incident phase of the NIST incident response life cycle phase that the CSIRT documents how incidents are handled. Recommended changes for future response are also made to avoid reoccurrences.

    Hint

    It is in the post-incident phase of the NIST incident response life cycle phase that the CSIRT documents how incidents are handled. Recommended changes for future response are also made to avoid reoccurrences.

  16. Question 16 of 30
    16. Question
    1 points

    What information is gathered by the CSIRT when determining the scope of a security incident?

    Correct

    Incorrect

    The scoping activity performed by the CSIRT after an incident determines which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring.

    Hint

    The scoping activity performed by the CSIRT after an incident determines which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring.

  17. Question 17 of 30
    17. Question
    1 points

    After containment, what is the first step of eradicating an attack?

    Correct

    Incorrect

    Once an attack is contained, the next step is to identify all hosts that will need remediation so that the effects of the attack can be eliminated.

    Hint

    Once an attack is contained, the next step is to identify all hosts that will need remediation so that the effects of the attack can be eliminated.

  18. Question 18 of 30
    18. Question
    3 points

    To ensure that the chain of custody is maintained, what three items should be logged about evidence that is collected and analyzed after a security incident has occurred? (Choose three.)

    Correct

    Incorrect

    A chain of custody refers to the proper accounting of evidence collected about an incident that is used as part of an investigation. The chain of custody should include the location of all evidence, the identifying information of all evidence such as serial numbers and hostnames, identifying information about all persons handing the evidence, and the time and date that the evidence was collected.

    Hint

    A chain of custody refers to the proper accounting of evidence collected about an incident that is used as part of an investigation. The chain of custody should include the location of all evidence, the identifying information of all evidence such as serial numbers and hostnames, identifying information about all persons handing the evidence, and the time and date that the evidence was collected.

  19. Question 19 of 30
    19. Question
    1 points

    Which meta-feature element in the Diamond Model describes information gained by the adversary?

    Correct

    Incorrect

    The meta-feature element results are used to delineate what the adversary gained from the intrusion event.

    Hint

    The meta-feature element results are used to delineate what the adversary gained from the intrusion event.

  20. Question 20 of 30
    20. Question
    1 points

    What is the main purpose of exploitations by a threat actor through the weapon delivered to a target during the Cyber Kill Chain exploitation phase?

    Correct

    Incorrect

    After the weapon has been delivered, the threat actor uses it to break the vulnerability and gain control of the target. The threat actor will use an exploit that gains the effect desired, does it quietly, and avoids detections. Establishing a back door in the target system is the phase of installation.

    Hint

    After the weapon has been delivered, the threat actor uses it to break the vulnerability and gain control of the target. The threat actor will use an exploit that gains the effect desired, does it quietly, and avoids detections. Establishing a back door in the target system is the phase of installation.

  21. Question 21 of 30
    21. Question
    1 points

    A threat actor collects information from web servers of an organization and searches for employee contact information. The information collected is further used to search personal information on the Internet. To which attack phase do these activities belong according to the Cyber Kill Chain model?

    Correct

    Incorrect

    According to the Cyber Kill Chain model, in the reconnaissance phase the threat actor performs research, gathers intelligence, and selects targets.

    Hint

    According to the Cyber Kill Chain model, in the reconnaissance phase the threat actor performs research, gathers intelligence, and selects targets.

  22. Question 22 of 30
    22. Question
    2 points

    When a security attack has occurred, which two approaches should security professionals take to mitigate a compromised system during the Actions on Objectives step as defined by the Cyber Kill Chain model? (Choose two.)

    Correct

    Incorrect

    When security professionals are alerted about the system compromises, forensic analysis of endpoints should be performed immediately for rapid triage. In addition, detection efforts for further attacking activities such as data exfiltration, lateral movement, and unauthorized credential usage should be enhanced to reduce damage to the minimum.

    Hint

    When security professionals are alerted about the system compromises, forensic analysis of endpoints should be performed immediately for rapid triage. In addition, detection efforts for further attacking activities such as data exfiltration, lateral movement, and unauthorized credential usage should be enhanced to reduce damage to the minimum.

  23. Question 23 of 30
    23. Question
    5 points

    Match the security incident stakeholder with the role.

     

    Sort elements
    • performs disciplinary measures
    • changes firewall rules
    • preserves attack evidence
    • designs the budget
    • reviews policies for local or federal guideline violations
    • human resources
      • information assurance
        • IT support
          • management
            • legal department
              Correct

              Incorrect

            • Question 24 of 30
              24. Question
              4 points

              Match the attack vector with the description.

               

              Sort elements
              • initiated through an email attachment
              • initiated from external storage
              • uses brute force against devices or services
              • initiated from a website application
              • email
                • media
                  • attrition
                    • web
                      Correct

                      Incorrect

                    • Question 25 of 30
                      25. Question
                      4 points

                      Match the NIST incident response life cycle phase with the description.

                       

                      Sort elements
                      • Identify, analyze, and validate incidents.
                      • Conduct training on incident response.
                      • Document how incidents are handled.
                      • Implement procedures to eradicate the impact to organizational assets.
                      • detection and analysis
                        • preparation
                          • post incident actvities
                            • containment, eradication, and recovery
                              Correct

                              Incorrect

                            • Question 26 of 30
                              26. Question
                              5 points

                              Match the NIST incident response stakeholder with the role.

                               

                              Sort elements
                              • preserves attack evidence
                              • designs the budget
                              • reviews policies for local or federal guideline violations
                              • performs disciplinary measures
                              • develops firewall rules
                              • IT support
                                • management
                                  • legal department
                                    • human resources
                                      • information assurance
                                        Correct

                                        Incorrect

                                      • Question 27 of 30
                                        27. Question
                                        1 points
                                        A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken.
                                        The threat actor has already placed malware on the server causing its performance to slow. The network administrator has found and removed the malware as well as patched the security hole where the threat actor gained access. The network administrator can find no other security issue. What stage of the Cyber Kill Chain did the threat actor achieve?
                                        Correct

                                        Incorrect

                                        During the installation step, the threat actor installed a server backdoor in order to install the malware (installation step), and an outside server command channel was created to manipulate the target (CnC step). The final step is used to access the server to achieve the objective of the attack.
                                        The Cyber Kill Chain has seven steps:

                                        1. reconnaissance
                                        2. weaponization
                                        3. delivery
                                        4. exploitation
                                        5. installation
                                        6. command and control (CnC)
                                        7. actions on objectives

                                         

                                        Hint

                                        During the installation step, the threat actor installed a server backdoor in order to install the malware (installation step), and an outside server command channel was created to manipulate the target (CnC step). The final step is used to access the server to achieve the objective of the attack.
                                        The Cyber Kill Chain has seven steps:

                                        1. reconnaissance
                                        2. weaponization
                                        3. delivery
                                        4. exploitation
                                        5. installation
                                        6. command and control (CnC)
                                        7. actions on objectives

                                         

                                      • Question 28 of 30
                                        28. Question
                                        1 points
                                        A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken.
                                        If the web server runs Microsoft IIS, which Windows tool would the network administrator use to view the access logs?
                                        Correct

                                        Incorrect

                                        Information provided in the IIS access log includes the date, time, client IP address, username, port number, requested action, bytes sent, bytes received, and content of the cookie sent or received.

                                        Hint

                                        Information provided in the IIS access log includes the date, time, client IP address, username, port number, requested action, bytes sent, bytes received, and content of the cookie sent or received.

                                      • Question 29 of 30
                                        29. Question
                                        1 points
                                        A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken.
                                        Reports of network slowness lead the network administrator to review server alerts. The administrator confirms that an alert was an actual security incident. Which type of security alert classification would this be?
                                        Correct

                                        Incorrect

                                        A positive alert of any type means that the system generated a system alert. A true positive indicates the incident occurred. A false positive is that no incident occurred (the system alerted, but there was no problem). A negative alert of any type means there was no alert generated. A true negative indicates that there wasn’t any incident (thus no alert). A false negative indicates that there was an incident, but an alert was not generated.

                                        Hint

                                        A positive alert of any type means that the system generated a system alert. A true positive indicates the incident occurred. A false positive is that no incident occurred (the system alerted, but there was no problem). A negative alert of any type means there was no alert generated. A true negative indicates that there wasn’t any incident (thus no alert). A false negative indicates that there was an incident, but an alert was not generated.

                                      • Question 30 of 30
                                        30. Question
                                        1 points
                                        A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken.
                                        The network administrator believes that the threat actor used a commonly available tool to slow the server down. The administrator concludes that based on the source IP address identified in the alert, the threat actor was probably one of the students. What type of hacker would the student be classified as?
                                        Correct

                                        Incorrect

                                        Three classifications of hackers are black hat, gray hat, and white hat. White hat hackers use their security skills for good, ethical, legal purposes. Gray hat hackers do not compromise the network for personal gain or to cause damage such as when users leave their computers logged into the corporate network and walk away. Black hat hackers penetrate computers or servers for malicious reasons, such as to slow down system performance.

                                        Hint

                                        Three classifications of hackers are black hat, gray hat, and white hat. White hat hackers use their security skills for good, ethical, legal purposes. Gray hat hackers do not compromise the network for personal gain or to cause damage such as when users leave their computers logged into the corporate network and walk away. Black hat hackers penetrate computers or servers for malicious reasons, such as to slow down system performance.

                                      • CCNA1 v7
                                      • CCNA2 v7
                                      • CCNA3 v7
                                      System Test Exam Answers
                                      Modules 1 – 3 Exam Answers
                                      Modules 4 – 7 Exam Answers
                                      Modules 8 – 10 Exam Answers
                                      Modules 11 – 13 Exam Answers
                                      Modules 14 – 15 Exam Answers
                                      Modules 16 – 17 Exam Answers
                                      Practice Final – ITN Answers
                                      Course Feedback
                                      ITN Practice PT Skills Assessment (PTSA)
                                      Final Exam Answers
                                      Modules 1 – 4 Exam Answers
                                      Modules 5 – 6 Exam Answers
                                      Modules 7 – 9 Exam Answers
                                      Modules 10 – 13 Exam Answers
                                      Modules 14 – 16 Exam Answers
                                      ITN Practice Skills Assessment – PT Answers
                                      SRWE Practice Skills Assessment – PT Part 1 Answers
                                      SRWE Practice Skills Assessment – PT Part 2 Answers
                                      SRWE Hands On Skills Exam Answers
                                      SRWE Practice Final Exam Answers
                                      SRWE Final Exam Answers 
                                      Modules 1 – 2 Exam Answers
                                      Modules 3 – 5 Exam Answers
                                      Modules 6 – 8 Exam Answers
                                      Modules 9 – 12 Exam Answers
                                      Modules 13 – 14 Exam Answers
                                      ITN Practice PT Skills Assessment (PTSA) Answers
                                      SRWE Practice PT Skills Assessment (PTSA) – Part 1 Answers
                                      SRWE Practice PT Skills Assessment (PTSA) – Part 2 Answers
                                      ENSA Practice PT Skills Assessment (PTSA) Answers
                                      ENSA Hands On Skills Exam Answers
                                      Practice Final – ENSA Answers
                                      ENSA Final Exam Answers
                                      CCNA Certification Practice Exam Answers

                                      Copyright © 2023 PressExam.