Skip to content
  • Home
  • CCNA Labs
    • CCNA 1 LAB Activities (v6 & v7)
    • CCNA 2 LAB Activities (v6 & v7)
    • CCNA 3 LAB Activities (v6 & v7)
    • CCNA 4 Lab Activities
  • Linux
    • Linux Unhatched
    • Linux Essentials 2.0
    • Linux Essentials
    • Introduction to Linux I
    • Introduction to Linux II
  • Programming
    • PCAP – Programming Essentials in Python
    • CLA – Programming Essentials in C
    • CPA Programming Essentials in C++
  • About
    • Contact Us
    • Privacy Policy

CCNA 7 Exam Answers 2023

Go with our CCIE, Passed 100%

  • ITE
    • ITE - IT Essentials v7.0
    • ITE - IT Essentials v6.0
      • IT Essentials Lab 2019
    • ITE v5.0 Exam
    • Virtual Activity Laptop
    • Virtual Activity Desktop
  • NE
    • MF
  • CCNA
    • CCNA1
      • CCNA1 v7.0 – ITN
      • CCNA1 v6.0
    • CCNA2
      • CCNA2 v7.0 – SRWE
      • CCNA2 v6.0
    • CCNA3
      • CCNA3 v7.0 – ENSA
      • CCNA3 v6.0
    • CCNA4
      • CCNA4 v6.0
  • Cyber-Security
    • ITC – Introduction to Cybersecurity 2.1 (Level 1)
    • CE – Cybersecurity Essentials 1.1 (Level 2)
    • CCNA CyberOps 1.1 (Level 3)
  • Security
    • CCNA Security v2
  • DevNet
  • CCNA PT Lab 2023

CCNA CyberOps Chapter 7 Exam Online

Last Updated on May 20, 2021 by Admin

CCNA CyberOps Chapter 7 Exam Online

CCNA CyberOps 1.1 -- Chapter 7 Exam

Time limit: 0

Quiz-summary

0 of 25 questions completed

Questions:

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25

Information

CCNA CyberOps 1.1 — Chapter 7 Exam

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading...

You must sign in or sign up to start the quiz.

You have to finish following quiz, to start this quiz:

Results

0 of 25 questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 points, (0)

Average score
 
 
Your score
 
 

Categories

  1. Not categorized 0%
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  1. Answered
  2. Review
  1. Question 1 of 25
    1. Question
    2 points

    What are two monitoring tools that capture network traffic and forward it to network monitoring devices? (Choose two.)

    Correct

    Incorrect

    A network tap is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and forwards all traffic including physical layer errors to an analysis device. SPAN is a port mirroring technology supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device.

    Hint

    A network tap is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and forwards all traffic including physical layer errors to an analysis device. SPAN is a port mirroring technology supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device.

  2. Question 2 of 25
    2. Question
    1 points

    What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?

    Correct

    Incorrect

    When enabled on a switch, port mirroring copies frames sent and recieved by the switch and forwards them to another port, which has a analysis device attached.

    Hint
    • When enabled on a switch, port mirroring copies frames sent and recieved by the switch and forwards them to another port, which has a analysis device attached.
  3. Question 3 of 25
    3. Question
    1 points

    Which network monitoring capability is provided by using SPAN?

    Correct

    Incorrect

    When enabled on a switch, SPAN or port mirroring, copies frames that are sent and received by the switch and forwards them to another port, known as a Switch Port Analyzer port, which has a analysis device attached.

    Hint

    When enabled on a switch, SPAN or port mirroring, copies frames that are sent and received by the switch and forwards them to another port, known as a Switch Port Analyzer port, which has a analysis device attached.

  4. Question 4 of 25
    4. Question
    1 points

    Which technology is an open source SIEM system?

    Correct

    Incorrect

    There are many SIEM systems available to network administrators. The ELK suite is an open source option.

    Hint

    There are many SIEM systems available to network administrators. The ELK suite is an open source option.

  5. Question 5 of 25
    5. Question
    1 points

    Which network monitoring tool can provide a complete audit trail of basic information of all IP flows on a Cisco router and forward the data to a device?

    Correct

    Incorrect

    NetFlow is a Cisco technology that provides statistics on packets flowing through a Cisco router or multilayer switch.

    Hint

    NetFlow is a Cisco technology that provides statistics on packets flowing through a Cisco router or multilayer switch.

  6. Question 6 of 25
    6. Question
    1 points

    Which SIEM function is associated with speeding up detection of security threats by examining logs and events from different systems?

    Correct

    Incorrect

    The correlation function of SIEM speeds the detection and reaction to security threats by examining logs and events from different systems.

    Hint

    The correlation function of SIEM speeds the detection and reaction to security threats by examining logs and events from different systems.

  7. Question 7 of 25
    7. Question
    1 points

    Which capability is provided by the aggregation function in SIEM?

    Correct

    Incorrect

    The aggregation function of SIEM reduces the volume of event data by consolidating duplicate event records.

    Hint

    The aggregation function of SIEM reduces the volume of event data by consolidating duplicate event records.

  8. Question 8 of 25
    8. Question
    1 points

    Refer to the exhibit. A junior network administrator is inspecting the traffic flow of a particular server in order to make security recommendations to the departmental supervisor. Which recommendation should be made?

    CCNA Cybersecurity Operations (Version 1.1) - CyberOps Chapter 7 Exam Answers 2019 Full 100% 02
    CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 7 Exam Answers 2019 Full 100% 02

    Correct

    Incorrect

    FTP is an unsecure network protocol. Anyone capturing packets can obtain the username and password from the capture. A more secure protocol such as SFTP should be used.

    Hint

    FTP is an unsecure network protocol. Anyone capturing packets can obtain the username and password from the capture. A more secure protocol such as SFTP should be used.

  9. Question 9 of 25
    9. Question
    1 points

    Refer to the exhibit. What protocol would be used by the syslog server service to create this type of output for security purposes?

    CCNA Cybersecurity Operations (Version 1.1) - CyberOps Chapter 7 Exam Answers 2019 Full 100% 01
    CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 7 Exam Answers 2019 Full 100% 01

    Correct

    Incorrect

    The Simple Network Management Protocol is used by network devices to send and log messages to a syslog server in order to monitor traffic and network device events.

    Hint

    The Simple Network Management Protocol is used by network devices to send and log messages to a syslog server in order to monitor traffic and network device events.

  10. Question 10 of 25
    10. Question
    1 points

    Which network monitoring tool saves captured packets in a PCAP file?

    Correct

    Incorrect

    Wireshark captures are saved as PCAP files, which contain frame, interface, and packet information, and also time stamps.

    Hint

    Wireshark captures are saved as PCAP files, which contain frame, interface, and packet information, and also time stamps.

  11. Question 11 of 25
    11. Question
    1 points

    How is optional network layer information carried by IPv6 packets?

    Correct

    Incorrect

    IPv6 uses extension headers to carry optional network layer information. Extension headers are not part of the main IPv6 header but are separate headers placed between the IPv6 header and the payload.

    Hint

    IPv6 uses extension headers to carry optional network layer information. Extension headers are not part of the main IPv6 header but are separate headers placed between the IPv6 header and the payload.

  12. Question 12 of 25
    12. Question
    1 points

    Which cyber attack involves a coordinated attack from a botnet of zombie computers?

    Correct

    Incorrect

    DDoS is a distributed denial-of-services attack. A DDoS attack is launched from multiple coordinated sources. The sources of the attack are zombie hosts that the cybercriminal has built into a botnet. When ready, the cybercriminal instructs the botnet of zombies to attack the chosen target.

    Hint

    DDoS is a distributed denial-of-services attack. A DDoS attack is launched from multiple coordinated sources. The sources of the attack are zombie hosts that the cybercriminal has built into a botnet. When ready, the cybercriminal instructs the botnet of zombies to attack the chosen target.

  13. Question 13 of 25
    13. Question
    1 points

    In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?

    Correct

    Incorrect

    In a TCP SYN flood attack, the attacker sends to the target host a continuous flood of TCP SYN session requests with a spoofed source IP address. The target host responds with a TCP-SYN-ACK to each of the SYN session requests and waits for a TCP ACK that will never arrive. Eventually the target is overwhelmed with half-open TCP connections.

    Hint

    In a TCP SYN flood attack, the attacker sends to the target host a continuous flood of TCP SYN session requests with a spoofed source IP address. The target host responds with a TCP-SYN-ACK to each of the SYN session requests and waits for a TCP ACK that will never arrive. Eventually the target is overwhelmed with half-open TCP connections.

  14. Question 14 of 25
    14. Question
    2 points

    What are two methods used by cybercriminals to mask DNS attacks? (Choose two.)

    Correct

    Incorrect

    Fast flux, double IP flux, and domain generation algorithms are used by cybercrimals to attack DNS servers and affect DNS services. Fast flux is a technique used to hide phishing and malware delivery sites behind a quickly-changing network of compromised DNS hosts (bots within botnets). The double IP flux technique rapidly changes the hostname to IP address mappings and the authoritative name server. Domain generation algorithms randomly generate domain names to be used as rendezvous points.

    Hint

    Fast flux, double IP flux, and domain generation algorithms are used by cybercrimals to attack DNS servers and affect DNS services. Fast flux is a technique used to hide phishing and malware delivery sites behind a quickly-changing network of compromised DNS hosts (bots within botnets). The double IP flux technique rapidly changes the hostname to IP address mappings and the authoritative name server. Domain generation algorithms randomly generate domain names to be used as rendezvous points.

  15. Question 15 of 25
    15. Question
    1 points

    What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?

    Correct

    Incorrect

    DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages in order to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.

    Hint

    DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages in order to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.

  16. Question 16 of 25
    16. Question
    1 points

    Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?

    Correct

    Incorrect

    Two threats to DNS are DNS shadowing and DNS tunneling attacks. DNS shadowing attacks compromise a parent domain and then the cybercriminal creates subdomains to be used in attacks. DNS tunneling attacks build botnets to bypass traditional security solutions. Three threats to DNS open resolvers are cache poisoning, amplification and reflection, and resource utilization attacks.

    Hint

    Two threats to DNS are DNS shadowing and DNS tunneling attacks. DNS shadowing attacks compromise a parent domain and then the cybercriminal creates subdomains to be used in attacks. DNS tunneling attacks build botnets to bypass traditional security solutions. Three threats to DNS open resolvers are cache poisoning, amplification and reflection, and resource utilization attacks.

  17. Question 17 of 25
    17. Question
    1 points

    Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?

    Correct

    Incorrect

    A cybercriminal could set up a rogue DHCP server that provides one or more of the following:Wrong default gateway that is used to create a man-in-the-middle attack and allow the attacker to intercept data
    Wrong DNS server that results in the user being sent to a malicious website
    Invalid default gateway IP address that results in a denial of service attack on the DHCP client

    Hint

    A cybercriminal could set up a rogue DHCP server that provides one or more of the following:Wrong default gateway that is used to create a man-in-the-middle attack and allow the attacker to intercept data
    Wrong DNS server that results in the user being sent to a malicious website
    Invalid default gateway IP address that results in a denial of service attack on the DHCP client

  18. Question 18 of 25
    18. Question
    1 points

    What is the result of a passive ARP poisoning attack?

    Correct

    Incorrect

    ARP poisoning attacks can be passive or active. The result of a passive attack is that cybercriminals steal confidential information. With an active attack, cybercriminals modify data in transit or they inject malicious data.

    Hint

    ARP poisoning attacks can be passive or active. The result of a passive attack is that cybercriminals steal confidential information. With an active attack, cybercriminals modify data in transit or they inject malicious data.

  19. Question 19 of 25
    19. Question
    1 points

    In which type of attack is falsified information used to redirect users to malicious Internet sites?

    Correct

    Incorrect

    In a DNS cache poisoning attack, falsified information is used to redirect users from legitimate to malicious internet sites.

    Hint

    In a DNS cache poisoning attack, falsified information is used to redirect users from legitimate to malicious internet sites.

  20. Question 20 of 25
    20. Question
    1 points

    What type of attack targets an SQL database using the input field of a user?

    Correct

    Incorrect

    A criminal can insert a malicious SQL statement in an entry field on a website where the system does not filter the user input correctly.

    Hint

    A criminal can insert a malicious SQL statement in an entry field on a website where the system does not filter the user input correctly.

  21. Question 21 of 25
    21. Question
    1 points

    Which term is used for bulk advertising emails flooded to as many end users as possible?

    Correct

    Incorrect

    Spam is annoying and unwanted bulk email that is sent to as many end users as possible.

    Hint

    Spam is annoying and unwanted bulk email that is sent to as many end users as possible.

  22. Question 22 of 25
    22. Question
    1 points

    Which protocol is exploited by cybercriminals who create malicious iFrames?

    Correct

    Incorrect

    An HTML element known as an inline frame or iFrame allows the browser to load a different web page from another source.

    Hint

    An HTML element known as an inline frame or iFrame allows the browser to load a different web page from another source.

  23. Question 23 of 25
    23. Question
    1 points

    Which protocol would be the target of a cushioning attack?

    Correct

    Incorrect

    The HTTP 302 cushioning attack is used by cybercriminals to take advantage of the 302 Found HTTP response status code to redirect the browser of the user to a new location, usually a malicious site.

    Hint

    The HTTP 302 cushioning attack is used by cybercriminals to take advantage of the 302 Found HTTP response status code to redirect the browser of the user to a new location, usually a malicious site.

  24. Question 24 of 25
    24. Question
    4 points

    Match the monitoring tool to the description.

     

    Sort elements
    • Splunk
    • Wireshark
    • Gobbler
    • StealthWatch
    • SIEM system
      • protocol analyzer
        • DHCP attack tool
          • NetFlow collector
            Correct

            Incorrect

          • Question 25 of 25
            25. Question
            3 points

            Match the attack to the definition. (Not all options are used.)

             

            Sort elements
            • resource utilization attack
            • ARP cache poisoning
            • amplification and reflection
            • domain generation
            • attacker sends multiple packets that consume server resources
              • attacker sends falsified information to redirect users to malicious sites
                • attacker uses open resolvers to increase the volume of attacks and mask the true source of the attack
                  Correct

                  Incorrect

                • CCNA1 v7
                • CCNA2 v7
                • CCNA3 v7
                System Test Exam Answers
                Modules 1 – 3 Exam Answers
                Modules 4 – 7 Exam Answers
                Modules 8 – 10 Exam Answers
                Modules 11 – 13 Exam Answers
                Modules 14 – 15 Exam Answers
                Modules 16 – 17 Exam Answers
                Practice Final – ITN Answers
                Course Feedback
                ITN Practice PT Skills Assessment (PTSA)
                Final Exam Answers
                Modules 1 – 4 Exam Answers
                Modules 5 – 6 Exam Answers
                Modules 7 – 9 Exam Answers
                Modules 10 – 13 Exam Answers
                Modules 14 – 16 Exam Answers
                ITN Practice Skills Assessment – PT Answers
                SRWE Practice Skills Assessment – PT Part 1 Answers
                SRWE Practice Skills Assessment – PT Part 2 Answers
                SRWE Hands On Skills Exam Answers
                SRWE Practice Final Exam Answers
                SRWE Final Exam Answers 
                Modules 1 – 2 Exam Answers
                Modules 3 – 5 Exam Answers
                Modules 6 – 8 Exam Answers
                Modules 9 – 12 Exam Answers
                Modules 13 – 14 Exam Answers
                ITN Practice PT Skills Assessment (PTSA) Answers
                SRWE Practice PT Skills Assessment (PTSA) – Part 1 Answers
                SRWE Practice PT Skills Assessment (PTSA) – Part 2 Answers
                ENSA Practice PT Skills Assessment (PTSA) Answers
                ENSA Hands On Skills Exam Answers
                Practice Final – ENSA Answers
                ENSA Final Exam Answers
                CCNA Certification Practice Exam Answers

                Copyright © 2023 PressExam.