Skip to content
  • Home
  • CCNA Labs
    • CCNA 1 LAB Activities (v6 & v7)
    • CCNA 2 LAB Activities (v6 & v7)
    • CCNA 3 LAB Activities (v6 & v7)
    • CCNA 4 Lab Activities
  • Linux
    • Linux Unhatched
    • Linux Essentials 2.0
    • Linux Essentials
    • Introduction to Linux I
    • Introduction to Linux II
  • Programming
    • PCAP – Programming Essentials in Python
    • CLA – Programming Essentials in C
    • CPA Programming Essentials in C++
  • About
    • Contact Us
    • Privacy Policy

CCNA 7 Exam Answers 2023

Go with our CCIE, Passed 100%

  • ITE
    • ITE - IT Essentials v7.0
    • ITE - IT Essentials v6.0
      • IT Essentials Lab 2019
    • ITE v5.0 Exam
    • Virtual Activity Laptop
    • Virtual Activity Desktop
  • NE
    • MF
  • CCNA
    • CCNA1
      • CCNA1 v7.0 – ITN
      • CCNA1 v6.0
    • CCNA2
      • CCNA2 v7.0 – SRWE
      • CCNA2 v6.0
    • CCNA3
      • CCNA3 v7.0 – ENSA
      • CCNA3 v6.0
    • CCNA4
      • CCNA4 v6.0
  • Cyber-Security
    • ITC – Introduction to Cybersecurity 2.1 (Level 1)
    • CE – Cybersecurity Essentials 1.1 (Level 2)
    • CCNA CyberOps 1.1 (Level 3)
  • Security
    • CCNA Security v2
  • DevNet
  • CCNA PT Lab 2023

CCNA CyberOps Practice Final Exam Online

Last Updated on May 20, 2021 by Admin

CCNA CyberOps Practice Final Exam Online

CCNA CyberOps 1.1 -- Practice Final Exam

Time limit: 0

Quiz-summary

0 of 60 questions completed

Questions:

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35
  36. 36
  37. 37
  38. 38
  39. 39
  40. 40
  41. 41
  42. 42
  43. 43
  44. 44
  45. 45
  46. 46
  47. 47
  48. 48
  49. 49
  50. 50
  51. 51
  52. 52
  53. 53
  54. 54
  55. 55
  56. 56
  57. 57
  58. 58
  59. 59
  60. 60

Information

CCNA CyberOps 1.1 — Practice Final Exam

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading...

You must sign in or sign up to start the quiz.

You have to finish following quiz, to start this quiz:

Results

0 of 60 questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 points, (0)

Average score
 
 
Your score
 
 

Categories

  1. Not categorized 0%
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35
  36. 36
  37. 37
  38. 38
  39. 39
  40. 40
  41. 41
  42. 42
  43. 43
  44. 44
  45. 45
  46. 46
  47. 47
  48. 48
  49. 49
  50. 50
  51. 51
  52. 52
  53. 53
  54. 54
  55. 55
  56. 56
  57. 57
  58. 58
  59. 59
  60. 60
  1. Answered
  2. Review
  1. Question 1 of 60
    1. Question
    1 points

    What is the main purpose of cyberwarfare?

    Correct

    Incorrect

    Cyberwarfare is Internet-based conflict that involves the penetration of the networks and computer systems of other nations. The main purpose of cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors.

    Hint

    Cyberwarfare is Internet-based conflict that involves the penetration of the networks and computer systems of other nations. The main purpose of cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors.

  2. Question 2 of 60
    2. Question
    1 points

    A technician has installed a third party utility that is used to manage a Windows 7 computer. However, the utility does not automatically start whenever the computer is started. What can the technician do to resolve this problem?

    Correct

    Incorrect

    The Services console in Windows OS allows for the management of all the services on the local and remote computers. The setting of Automatic in the Services console enables the chosen service to start when the computer is started.

    Hint

    The Services console in Windows OS allows for the management of all the services on the local and remote computers. The setting of Automatic in the Services console enables the chosen service to start when the computer is started.

  3. Question 3 of 60
    3. Question
    1 points

    Which statement describes the state of the administrator and guest accounts after a user installs Windows desktop version to a new computer?

    Correct

    Incorrect

    When a user installs Windows desktop version, two local user accounts are created automatically during the process, administrator and guest. Both accounts are disabled by default.

    Hint

    When a user installs Windows desktop version, two local user accounts are created automatically during the process, administrator and guest. Both accounts are disabled by default.

  4. Question 4 of 60
    4. Question
    1 points

    Refer to the exhibit. Approximately what percentage of the physical memory is in use on this Windows system?

    Correct

    Incorrect

    The graphic shows that there is 5.0 GB (187 MB) of memory in use with 10.7 GB still available. Together this adds up to 16 GB of total physical memory. 5 GB is approximately 33% of 16 GB.

    Hint

    The graphic shows that there is 5.0 GB (187 MB) of memory in use with 10.7 GB still available. Together this adds up to 16 GB of total physical memory. 5 GB is approximately 33% of 16 GB.

  5. Question 5 of 60
    5. Question
    1 points

    Refer to the exhibit. Which security issue would a cybersecurity analyst use the displayed tool?

    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 08
    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 08

    Correct

    Incorrect

    Windows Performance Monitor is used to evaluate the performance of individual components on a Windows host computer. Commonly monitored components include the processor, hard drive, network, and memory. Windows Task Manager and Performance Monitor are used when malware is suspected and a component is not performing the way it should.

    Hint

    Windows Performance Monitor is used to evaluate the performance of individual components on a Windows host computer. Commonly monitored components include the processor, hard drive, network, and memory. Windows Task Manager and Performance Monitor are used when malware is suspected and a component is not performing the way it should.

  6. Question 6 of 60
    6. Question
    1 points

    A PC user issues the netstat command without any options. What is displayed as the result of this command?

    Correct

    Incorrect

    When used by itself (without any options), the netstat command will display all the active TCP connections that are available.

    Hint

    When used by itself (without any options), the netstat command will display all the active TCP connections that are available.

  7. Question 7 of 60
    7. Question
    1 points

    A security incident has been filed and an employee believes that someone has been on the computer since the employee left last night. The employee states that the computer was turned off before the employee left for the evening. The computer is running slowly and applications are acting strangely. Which Microsoft Windows tool would be used by the security analyst to determine if and when someone logged on to the computer after working hours?

    Correct

    Incorrect

    Event Viewer is used to investigate the history of application, security, and system events. Events show the date and time that the event occurred along with the source of the event. If a cybersecurity analyst has the address of the Windows computer targeted or the date and time that a security breach occurred, the analyst could use Event Viewer to document and prove what occurred on the computer.

    Hint

    Event Viewer is used to investigate the history of application, security, and system events. Events show the date and time that the event occurred along with the source of the event. If a cybersecurity analyst has the address of the Windows computer targeted or the date and time that a security breach occurred, the analyst could use Event Viewer to document and prove what occurred on the computer.

  8. Question 8 of 60
    8. Question
    1 points

    A client device has initiated a secure HTTP request to a web browser. Which well-known port address number is associated with the destination address?

    Correct

    Incorrect

    Port numbers are used in TCP and UDP communications to differentiate between the various services running on a device. The well-known port number used by HTTPs is port 443.

    Hint

    Port numbers are used in TCP and UDP communications to differentiate between the various services running on a device. The well-known port number used by HTTPs is port 443.

  9. Question 9 of 60
    9. Question
    1 points

    Which component in Linux is responsible for interacting directly with the device hardware?

    Correct

    Incorrect

    A Linux OS can be divided into kernel and shell. The shell, also called the command line interface, is a command interpreter that parses the inputs (or commands) from a user and interacts with the kernel. The kernel, in turn, interacts with the hardware components of a device.

    Hint

    A Linux OS can be divided into kernel and shell. The shell, also called the command line interface, is a command interpreter that parses the inputs (or commands) from a user and interacts with the kernel. The kernel, in turn, interacts with the hardware components of a device.

  10. Question 10 of 60
    10. Question
    1 points

    Which method can be used to harden a device?

    Correct

    Incorrect

    The basic best practices for device hardening are as follows:
    Ensure physical security.
    Minimize installed packages.
    Disable unused services.
    Use SSH and disable the root account login over SSH.
    Keep the system updated.
    Disable USB auto-detection.
    Enforce strong passwords.
    Force periodic password changes.
    Keep users from re-using old passwords.
    Review logs regularly.

    Hint

    The basic best practices for device hardening are as follows:
    Ensure physical security.
    Minimize installed packages.
    Disable unused services.
    Use SSH and disable the root account login over SSH.
    Keep the system updated.
    Disable USB auto-detection.
    Enforce strong passwords.
    Force periodic password changes.
    Keep users from re-using old passwords.
    Review logs regularly.

  11. Question 11 of 60
    11. Question
    1 points

    Which Linux program is going to be used when installing an application?

    Correct

    Incorrect

    A package is a specific program and all of the files needed to run that program. A package manager is used to install a package and place all the associated files in the correct location within the operating system.

    Hint

    A package is a specific program and all of the files needed to run that program. A package manager is used to install a package and place all the associated files in the correct location within the operating system.

  12. Question 12 of 60
    12. Question
    1 points

    How many host addresses are available on the 192.168.10.128/26 network?

    Correct

    Incorrect

    A /26 prefix gives 6 host bits, which provides a total of 64 addresses, because 26 = 64. Subtracting the network and broadcast addresses leaves 62 usable host addresses.

    Hint

    A /26 prefix gives 6 host bits, which provides a total of 64 addresses, because 26 = 64. Subtracting the network and broadcast addresses leaves 62 usable host addresses.

  13. Question 13 of 60
    13. Question
    1 points

    Refer to the exhibit. What is a valid address on the PC for the default gateway?

    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 02
    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 02

    Correct

    Incorrect

    The default gateway setting is the IP address of the router to which the host will send packets in order to reach remote networks. The default gateway address setting must be on the same logical network as the host IP address. In this case, the network of the host is 192.168.1.0 so the default gateway must also be on the 192.168.1.0 network.

    Hint

    The default gateway setting is the IP address of the router to which the host will send packets in order to reach remote networks. The default gateway address setting must be on the same logical network as the host IP address. In this case, the network of the host is 192.168.1.0 so the default gateway must also be on the 192.168.1.0 network.

  14. Question 14 of 60
    14. Question
    1 points

    Refer to the exhibit. Which IPv4 address does the PC use for sending traffic to remote networks?

    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 03
    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 03

    Correct

    Incorrect

    The default gateway setting is the IP address of the router to which the host will send packets that are destined for remote networks. In the routing table of a PC, the gateway address is the default gateway and must be on the same logical network as the host IP address, in this case 192.168.1.0. Thus the gateway address, which must be on the 192.168.1.0 network, is 192.168.1.1.

    Hint

    The default gateway setting is the IP address of the router to which the host will send packets that are destined for remote networks. In the routing table of a PC, the gateway address is the default gateway and must be on the same logical network as the host IP address, in this case 192.168.1.0. Thus the gateway address, which must be on the 192.168.1.0 network, is 192.168.1.1.

  15. Question 15 of 60
    15. Question
    1 points

    A cybersecurity analyst believes that an attacker is announcing a forged MAC address to network hosts in an attempt to spoof the default gateway. Which command could the analyst use on the network hosts to see what MAC address the hosts are using to reach the default gateway?

    Correct

    Incorrect

    The command arp -a will display the MAC address table on a PC.

    Hint

    The command arp -a will display the MAC address table on a PC.

  16. Question 16 of 60
    16. Question
    1 points

    Which value, that is contained in an IPv4 header field, is decremented by each router that receives a packet?

    Correct

    Incorrect

    When a router receives a packet, the router will decrement the Time-to-Live (TTL) field by one. When the field reaches zero, the receiving router will discard the packet and will send an ICMP Time Exceeded message to the sender.

    Hint

    When a router receives a packet, the router will decrement the Time-to-Live (TTL) field by one. When the field reaches zero, the receiving router will discard the packet and will send an ICMP Time Exceeded message to the sender.

  17. Question 17 of 60
    17. Question
    1 points

    What information does an Ethernet switch examine and use to forward a frame?

    Correct

    Incorrect

    A switch is a Layer 2 device that uses source MAC addresses to build a MAC address table (a CAM table) and destination MAC addresses to forward frames.

    Hint

    A switch is a Layer 2 device that uses source MAC addresses to build a MAC address table (a CAM table) and destination MAC addresses to forward frames.

  18. Question 18 of 60
    18. Question
    1 points

    A person coming to a cafe for the first time wants to gain wireless access to the Internet using a laptop. What is the first step the wireless client will do in order to communicate over the network using a wireless management frame?

    Correct

    Incorrect

    In order for wireless devices to communicate on a wireless network, management frames are used to complete a three-stage process:

    1. Discover the AP
    2. Authenticate with the AP
    3. Associate with the AP

     

    Hint

    In order for wireless devices to communicate on a wireless network, management frames are used to complete a three-stage process:

    1. Discover the AP
    2. Authenticate with the AP
    3. Associate with the AP

     

  19. Question 19 of 60
    19. Question
    1 points

    Refer to the exhibit. A cybersecurity analyst is viewing packets forwarded by switch S2. What addresses will identify frames containing data sent from PCA to PCB?

    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 05
    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 05

    Correct

    Incorrect

    When a message sent from PCA to PCB reaches router R2, some frame header fields will be rewritten by R2 before forwarding to switch S2. The frames will contain the source MAC address of router R2 and the destination MAC address of PCB. The frames will retain the original IPv4 addressing applied by PCA which is the IPv4 address of PCA as the source address and the IPv4 address of PCB as the destination.

    Hint

    When a message sent from PCA to PCB reaches router R2, some frame header fields will be rewritten by R2 before forwarding to switch S2. The frames will contain the source MAC address of router R2 and the destination MAC address of PCB. The frames will retain the original IPv4 addressing applied by PCA which is the IPv4 address of PCA as the source address and the IPv4 address of PCB as the destination.

  20. Question 20 of 60
    20. Question
    3 points

    What are three functions provided by the syslog service? (Choose three.)

    Correct

    Incorrect

    There are three primary functions provided by the syslog service:

    1. gathering logging information
    2. selection of the type of information to be logged
    3. selection of the destination of the logged information

     

    Hint

    There are three primary functions provided by the syslog service:

    1. gathering logging information
    2. selection of the type of information to be logged
    3. selection of the destination of the logged information

     

  21. Question 21 of 60
    21. Question
    1 points

    Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics?

    Correct

    Incorrect

    A virus such as this is harmless, but still needs to be removed. Other viruses can be destructive in that they modify or delete files on the local computer and possibly other computers on the network.

    Hint

    A virus such as this is harmless, but still needs to be removed. Other viruses can be destructive in that they modify or delete files on the local computer and possibly other computers on the network.

  22. Question 22 of 60
    22. Question
    1 points

    Why does a worm pose a greater threat than a virus poses?

    Correct

    Incorrect

    One major component of a worm is the propagation mechanism which replicates the worm and targets unprotected network devices. A virus requires a host program, but worms do not.

    Hint

    One major component of a worm is the propagation mechanism which replicates the worm and targets unprotected network devices. A virus requires a host program, but worms do not.

  23. Question 23 of 60
    23. Question
    2 points

    Which two characteristics describe a virus? (Choose two.)

    Correct

    Incorrect

    A virus is malicious code that is attached to legitimate programs or executable files. Most viruses require end user activation, can lie dormant for an extended period, and then activate at a specific time or date. In contrast, a worm executes arbitrary code and installs copies of itself in the memory of the infected computer. The main purpose of a worm is automatic replication to spread quickly across a network. A worm does not require a host program to run.

    Hint

    A virus is malicious code that is attached to legitimate programs or executable files. Most viruses require end user activation, can lie dormant for an extended period, and then activate at a specific time or date. In contrast, a worm executes arbitrary code and installs copies of itself in the memory of the infected computer. The main purpose of a worm is automatic replication to spread quickly across a network. A worm does not require a host program to run.

  24. Question 24 of 60
    24. Question
    1 points

    The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?

    Correct

    Incorrect

    Phishing, spyware, and social engineering are security attacks that collect network and user information. Adware consists, typically, of annoying popup windows. Unlike a DDoS attack, none of these attacks generate large amounts of data traffic that can restrict access to network services.

    Hint

    Phishing, spyware, and social engineering are security attacks that collect network and user information. Adware consists, typically, of annoying popup windows. Unlike a DDoS attack, none of these attacks generate large amounts of data traffic that can restrict access to network services.

  25. Question 25 of 60
    25. Question
    1 points

    A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?

    Correct

    Incorrect

    Wireshark is a free download that allows network packet inspection. Someone using this tool for malicious intent would be performing a reconnaissance attack. Through the capture of network packets, weak security network connectivity protocols such as Telnet can be caught, inspected, and then analyzed for detailed network information, including passwords.

    Hint

    Wireshark is a free download that allows network packet inspection. Someone using this tool for malicious intent would be performing a reconnaissance attack. Through the capture of network packets, weak security network connectivity protocols such as Telnet can be caught, inspected, and then analyzed for detailed network information, including passwords.

  26. Question 26 of 60
    26. Question
    1 points

    What is an essential function of SIEM?

    Correct

    Incorrect

    SIEM provides real-time reporting and analysis of security events. SIEM provides administrators with details on sources of suspicious activity such as user information, device location, and compliance with security policies.

    Hint

    SIEM provides real-time reporting and analysis of security events. SIEM provides administrators with details on sources of suspicious activity such as user information, device location, and compliance with security policies.

  27. Question 27 of 60
    27. Question
    1 points

    What is the result of a DHCP starvation attack?

    Correct

    Incorrect

    DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.

    Hint

    DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.

  28. Question 28 of 60
    28. Question
    2 points

    What are two types of attacks used on DNS open resolvers? (Choose two.)

    Correct

    Incorrect

    Three types of attacks used on DNS open resolvers are as follows:DNS cache poisoning – attacker sends spoofed falsified information to redirect users from legitimate sites to malicious sites
    DNS amplification and reflection attacks – attacker sends an increased volume of attacks to mask the true source of the attack
    DNS resource utilization attacks – a denial of service (DoS) attack that consumes server resources

    Hint

    Three types of attacks used on DNS open resolvers are as follows:DNS cache poisoning – attacker sends spoofed falsified information to redirect users from legitimate sites to malicious sites
    DNS amplification and reflection attacks – attacker sends an increased volume of attacks to mask the true source of the attack
    DNS resource utilization attacks – a denial of service (DoS) attack that consumes server resources

  29. Question 29 of 60
    29. Question
    1 points

    What would be the target of an SQL injection attack?

    Correct

    Incorrect

    SQL is the language used to query a relational database. Cybercriminals use SQL injections to get information, create fake or malicious queries, or to breach the database in some other way.

    Hint

    SQL is the language used to query a relational database. Cybercriminals use SQL injections to get information, create fake or malicious queries, or to breach the database in some other way.

  30. Question 30 of 60
    30. Question
    2 points

    Which two options are security best practices that help mitigate BYOD risks? (Choose two.)

    Correct

    Incorrect

    Many companies now support employees and visitors attaching and using wireless devices that connect to and use the corporate wireless network. This practice is known as a bring-your-own-device policy or BYOD. Commonly, BYOD security practices are included in the security policy. Some best practices that mitigate BYOD risks include the following:Use unique passwords for each device and account.
    Turn off Wi-Fi and Bluetooth connectivity when not being used. Only connect to trusted networks.
    Keep the device OS and other software updated.
    Backup any data stored on the device.
    Subscribe to a device locator service with a remote wipe feature.
    Provide antivirus software for approved BYODs.
    Use Mobile Device Management (MDM) software that allows IT teams to track the device and implement security settings and software controls.

    Hint

    Many companies now support employees and visitors attaching and using wireless devices that connect to and use the corporate wireless network. This practice is known as a bring-your-own-device policy or BYOD. Commonly, BYOD security practices are included in the security policy. Some best practices that mitigate BYOD risks include the following:Use unique passwords for each device and account.
    Turn off Wi-Fi and Bluetooth connectivity when not being used. Only connect to trusted networks.
    Keep the device OS and other software updated.
    Backup any data stored on the device.
    Subscribe to a device locator service with a remote wipe feature.
    Provide antivirus software for approved BYODs.
    Use Mobile Device Management (MDM) software that allows IT teams to track the device and implement security settings and software controls.

  31. Question 31 of 60
    31. Question
    1 points

    A user successfully logs in to a corporate network via a VPN connection. Which part of the AAA process records that a certain user performed a specific operation at a particular date and time?

    Correct

    Incorrect

    The three parts of the AAA process are authentication, authorization, and accounting. The accounting function records information such as who logged in, when the user logged in and out, and what the user did with network resources.

    Hint

    The three parts of the AAA process are authentication, authorization, and accounting. The accounting function records information such as who logged in, when the user logged in and out, and what the user did with network resources.

  32. Question 32 of 60
    32. Question
    4 points

    What are three access control security services? (Choose three.)

    Correct

    Incorrect

    This question refers to AAA authentication, authorization, and accountability.

    Hint

    This question refers to AAA authentication, authorization, and accountability.

  33. Question 33 of 60
    33. Question
    1 points

    In threat intelligence communications, which sharing standard is a specification for an application layer protocol that allows communication of cyberthreat intelligence over HTTPS?

    Correct

    Incorrect

    The two common threat intelligence sharing standards are as follows:

    • Structured Threat Information Expression (STIX) – This is a set of specifications for exchanging cyberthreat information between organizations. The Cyber Observable Expression (CybOX) standard has been incorporated into STIX.
    • Trusted Automated Exchange of Indicator Information (TAXII) – This is the specification for an application layer protocol that allows the communication of CTI over HTTPS. TAXII is designed to support STIX.

     

    Hint

    The two common threat intelligence sharing standards are as follows:

    • Structured Threat Information Expression (STIX) – This is a set of specifications for exchanging cyberthreat information between organizations. The Cyber Observable Expression (CybOX) standard has been incorporated into STIX.
    • Trusted Automated Exchange of Indicator Information (TAXII) – This is the specification for an application layer protocol that allows the communication of CTI over HTTPS. TAXII is designed to support STIX.

     

  34. Question 34 of 60
    34. Question
    1 points

    A network security specialist is tasked to implement a security measure that monitors the status of critical files in the data center and sends an immediate alert if any file is modified. Which aspect of secure communications is addressed by this security measure?

    Correct

    Incorrect

    Secure communications consists of four elements:

    • Data confidentiality – guarantees that only authorized users can read the message
    • Data integrity – guarantees that the message was not altered
    • Origin authentication – guarantees that the message is not a forgery and does actually come from whom it states
    • Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent

     

    Hint

    Secure communications consists of four elements:

    • Data confidentiality – guarantees that only authorized users can read the message
    • Data integrity – guarantees that the message was not altered
    • Origin authentication – guarantees that the message is not a forgery and does actually come from whom it states
    • Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent

     

  35. Question 35 of 60
    35. Question
    2 points

    Which two statements describe the use of asymmetric algorithms? (Choose two.)

    Correct

    Incorrect

    Asymmetric algorithms use two keys: a public key and a private key. Both keys are capable of the encryption process, but the complementary matched key is required for decryption. If a public key encrypts the data, the matching private key decrypts the data. The opposite is also true. If a private key encrypts the data, the corresponding public key decrypts the data.

    Hint

    Asymmetric algorithms use two keys: a public key and a private key. Both keys are capable of the encryption process, but the complementary matched key is required for decryption. If a public key encrypts the data, the matching private key decrypts the data. The opposite is also true. If a private key encrypts the data, the corresponding public key decrypts the data.

  36. Question 36 of 60
    36. Question
    1 points

    What is the most common use of the Diffie-Helman algorithm in communications security?

    Correct

    Incorrect

    Diffie-Helman is not an encryption mechanism and is not typically used to encrypt data. Instead, it is a method to securely exchange the keys used to encrypt the data.

    Hint

    Diffie-Helman is not an encryption mechanism and is not typically used to encrypt data. Instead, it is a method to securely exchange the keys used to encrypt the data.

  37. Question 37 of 60
    37. Question
    1 points

    A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required?

    Correct

    Incorrect

    Digital signatures provide three basic security services:Authenticity of digitally signed data – Digital signatures authenticate a source, proving that a certain party has seen and signed the data in question.
    Integrity of digitally signed data – Digital signatures guarantee that the data has not changed from the time it was signed.
    Nonrepudiation of the transaction – The recipient can take the data to a third party, and the third party accepts the digital signature as a proof that this data exchange did take place. The signing party cannot repudiate that it has signed the data.

    Hint

    Digital signatures provide three basic security services:Authenticity of digitally signed data – Digital signatures authenticate a source, proving that a certain party has seen and signed the data in question.
    Integrity of digitally signed data – Digital signatures guarantee that the data has not changed from the time it was signed.
    Nonrepudiation of the transaction – The recipient can take the data to a third party, and the third party accepts the digital signature as a proof that this data exchange did take place. The signing party cannot repudiate that it has signed the data.

  38. Question 38 of 60
    38. Question
    1 points

    When a user visits an online store website that uses HTTPS, the user browser queries the CA for a CRL. What is the purpose of this query?

    Correct

    Incorrect

    A digital certificate must be revoked if it is invalid. CAs maintain a certificate revocation list (CRL), a list of revoked certificate serial numbers that have been invalidated. The user browser will query the CRL to verify the validity of a certificate.

    Hint

    A digital certificate must be revoked if it is invalid. CAs maintain a certificate revocation list (CRL), a list of revoked certificate serial numbers that have been invalidated. The user browser will query the CRL to verify the validity of a certificate.

  39. Question 39 of 60
    39. Question
    1 points

    Which management system implements systems that track the location and configuration of networked devices and software across an enterprise?

    Correct

    Incorrect

    Asset management involves the implementation of systems that track the location and configuration of networked devices and software across an enterprise.

    Hint

    Asset management involves the implementation of systems that track the location and configuration of networked devices and software across an enterprise.

  40. Question 40 of 60
    40. Question
    1 points

    Which host-based firewall uses a three-profile approach to configure the firewall functionality?

    Correct

    Incorrect

    Windows Firewall uses a profile-based approach to configuring firewall functionality. It uses three profiles, Public, Private, and Domain, to define firewall functions.

    Hint

    Windows Firewall uses a profile-based approach to configuring firewall functionality. It uses three profiles, Public, Private, and Domain, to define firewall functions.

  41. Question 41 of 60
    41. Question
    1 points

    Which approach is intended to prevent exploits that target syslog?

    Correct

    Incorrect

    Hackers may try to block clients from sending data to the syslog server, manipulate or erase logged data, or manipulate the software used to transmit messages between the clients and the server. Syslog-ng is the next generation of syslog and it contains improvements to prevent some of the exploits.

    Hint

    Hackers may try to block clients from sending data to the syslog server, manipulate or erase logged data, or manipulate the software used to transmit messages between the clients and the server. Syslog-ng is the next generation of syslog and it contains improvements to prevent some of the exploits.

  42. Question 42 of 60
    42. Question
    2 points

    Which two technologies are primarily used on peer-to-peer networks? (Choose two.)

    Correct

    Incorrect

    Bitcoin is used to share a distributed database or ledger. BitTorrent is used for file sharing.

    Hint

    Bitcoin is used to share a distributed database or ledger. BitTorrent is used for file sharing.

  43. Question 43 of 60
    43. Question
    1 points

    How can statistical data be used to describe or predict network behavior?

    Correct

    Incorrect

    Statistical data is created through the analysis of other forms of network data. Statistical characteristics of normal network behavior can be compared to current network traffic in an effort to detect anomalies. Conclusions resulting from analysis can be used to describe or predict network behavior.

    Hint

    Statistical data is created through the analysis of other forms of network data. Statistical characteristics of normal network behavior can be compared to current network traffic in an effort to detect anomalies. Conclusions resulting from analysis can be used to describe or predict network behavior.

  44. Question 44 of 60
    44. Question
    2 points

    What are two elements that form the PRI value in a syslog message? (Choose two.)

    Correct

    Incorrect

    The PRI in a syslog message consists of two elements, the facility and severity of the message.

    Hint

    The PRI in a syslog message consists of two elements, the facility and severity of the message.

  45. Question 45 of 60
    45. Question
    1 points

    Which tool can be used in a Cisco AVC system to analyze and present the application analysis data into dashboard reports?

    Correct

    Incorrect

    A management and reporting system, such as Cisco Prime, can be used to analyze and present the application analysis data into dashboard reports for use by network monitoring personnel.

    Hint

    A management and reporting system, such as Cisco Prime, can be used to analyze and present the application analysis data into dashboard reports for use by network monitoring personnel.

  46. Question 46 of 60
    46. Question
    1 points

    Refer to the exhibit. Which field in the Sguil event window indicates the number of times an event is detected for the same source and destination IP address?

    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 01
    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 01

    Correct

    Incorrect

    The CNT field indicates the number of times an event is detected from the same source and destination IP address. Having a high number of events can indicated a problem with event signatures.

    Hint

    The CNT field indicates the number of times an event is detected from the same source and destination IP address. Having a high number of events can indicated a problem with event signatures.

  47. Question 47 of 60
    47. Question
    1 points

    Refer to the exhibit. A network security specialist is issuing the tail command to monitor the Snort alert in real time. Which option should be used in the command line to watch the file for changes?

    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 06
    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 06

    Correct

    Incorrect

    For the Linux tail command, the option -f is used to monitor a file for changes. The -c option is used to limit the number of bytes shown. The -n option is used to set the number of lines to display. The -q option is used to suppress the header line.

    Hint
    For the Linux tail command, the option -f is used to monitor a file for changes. The -c option is used to limit the number of bytes shown. The -n option is used to set the number of lines to display. The -q option is used to suppress the header line.
  48. Question 48 of 60
    48. Question
    1 points

    A law office uses a Linux host as the firewall device for the network. The IT administrator is configuring the firewall iptables to block pings from Internet devices to the Linux host. Which iptables chain should be modified to achieve the task?

    Correct

    Incorrect

    The firewall iptables uses the concepts of chains and rules to filter traffic:

    • INPUT chain – handles traffic entering the firewall and destined to the firewall device itself
    • OUTPUT chain – handles traffic originating within the firewall device itself and destined to somewhere else
    • FORWARD chain – handles traffic originated somewhere else and passing through the firewall device

     

    Hint

    The firewall iptables uses the concepts of chains and rules to filter traffic:

    • INPUT chain – handles traffic entering the firewall and destined to the firewall device itself
    • OUTPUT chain – handles traffic originating within the firewall device itself and destined to somewhere else
    • FORWARD chain – handles traffic originated somewhere else and passing through the firewall device

     

  49. Question 49 of 60
    49. Question
    1 points

    Which type of events should be assigned to categories in Sguil?

    Correct

    Incorrect

    Sguil includes seven pre-built categories that can be assigned to events that have been identified as true positives.

    Hint

    Sguil includes seven pre-built categories that can be assigned to events that have been identified as true positives.

  50. Question 50 of 60
    50. Question
    1 points

    Refer to the exhibit. A network security analyst is examining captured data using Wireshark. What is represented by the first three frames?

    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 07
    CCNA Cybersecurity Operations (Version 1.1) – Practice Final Exam Answers 2019 Full 100% 07

    Correct

    Incorrect

    The first three frames consist of the SYN, SYN/ACK, and ACK exchanges that constitute the TCP three-way handshake between the two hosts.

    Hint

    The first three frames consist of the SYN, SYN/ACK, and ACK exchanges that constitute the TCP three-way handshake between the two hosts.

  51. Question 51 of 60
    51. Question
    1 points

    Which term is used for describing automated queries that are useful for adding efficiency to the cyberoperations workflow?

    Correct

    Incorrect

    A playbook is an automated query that can add efficiency to the cyberoperations workflow.

    Hint

    A playbook is an automated query that can add efficiency to the cyberoperations workflow.

  52. Question 52 of 60
    52. Question
    1 points

    Which statement describes the Cyber Kill Chain?

    Correct

    Incorrect

    The Cyber Kill Chain was developed to identify and prevent cyber intrusions by specifying what threat actors must complete to accomplish their goals.

    Hint

    The Cyber Kill Chain was developed to identify and prevent cyber intrusions by specifying what threat actors must complete to accomplish their goals.

  53. Question 53 of 60
    53. Question
    2 points

    When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to block a potential back door creation? (Choose two.)

    Correct

    Incorrect

    In the installation phase of the Cyber Kill Chain, the threat actor establishes a back door into the system to allow for continued access to the target. Among other measures, using HIPS to alert or block on common installation paths and auditing endpoints to discover abnormal file creations can help block a potential back door creation.

    Hint

    In the installation phase of the Cyber Kill Chain, the threat actor establishes a back door into the system to allow for continued access to the target. Among other measures, using HIPS to alert or block on common installation paths and auditing endpoints to discover abnormal file creations can help block a potential back door creation.

  54. Question 54 of 60
    54. Question
    1 points

    Which schema or model allows security professionals to enter data about a particular incident, such as victim demographics, incident description, discovery method and response, and impact assessment, and share that data with the security community anonymously?

    Correct

    Incorrect

    Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to create a way to describe security incidents in a structured or repeatable way. A Computer Security Incident response Team (CSIRT) is an internal organizational group that provides services and functions to secure assets. Cyber Kill Chain contains seven steps which help analysts understand the techniques, tools, and procedures of threat actors. The Diamond Model of intrusion has four parts that represent a security incident.

    Hint

    Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to create a way to describe security incidents in a structured or repeatable way. A Computer Security Incident response Team (CSIRT) is an internal organizational group that provides services and functions to secure assets. Cyber Kill Chain contains seven steps which help analysts understand the techniques, tools, and procedures of threat actors. The Diamond Model of intrusion has four parts that represent a security incident.

  55. Question 55 of 60
    55. Question
    1 points

    What is the responsibility of the IT support group when handling a security incident?

    Correct

    Incorrect

    IT support best understands the technology used in the organization and can perform the correct actions to minimize the effectiveness of the attack and preserve evidence.

    Hint

    IT support best understands the technology used in the organization and can perform the correct actions to minimize the effectiveness of the attack and preserve evidence.

  56. Question 56 of 60
    56. Question
    4 points

    Match the type of CSIRT with the description.

     

    Sort elements
    • handles security incidents across multiple CSIRTs
    • handles customer reports about vulnerabilities
    • handles security incidents of other organizations for a fee
    • uses trends to predict future incidents
    • coordination center
      • vendor team
        • managed security service provider
          • analysis center
            Correct

            Incorrect

          • Question 57 of 60
            57. Question
            4 points

            Match the IPS alarm with the description.

             

            Sort elements
            • normal traffic is correctly not identified as a threat
            • malicious traffic is correctly identified as a threat
            • malicious traffic is not correctly identified as a threat
            • normal traffic is incorrectly identified as a threat
            • true negative
              • true positive
                • false negative
                  • false positive
                    Correct

                    Incorrect

                  • Question 58 of 60
                    58. Question
                    4 points

                    Match the Windows host log to the messages contained in it. (Not all options are used.)

                     

                    Sort elements
                    • events logged by various applications
                    • events related to the operation of drivers, processes, and hardware
                    • information about the installation of software, including Windows updates
                    • events related to logon attempts and operations related to file or object management and access
                    • events related to the web server access and activity
                    • application logs
                      • system logs
                        • setup logs
                          • security logs
                            Correct

                            Incorrect

                          • Question 59 of 60
                            59. Question
                            3 points

                            Match the term to the description.

                             

                            Sort elements
                            • assets
                            • threats
                            • vulnerabilities
                            • information or equipment valuable enough to an organization to warrant protection
                              • potential dangers to a protected asset
                                • weaknesses in a system or design
                                  Correct

                                  Incorrect

                                • Question 60 of 60
                                  60. Question
                                  4 points

                                  Match the server profile element to the description. (Not all options are used.)

                                   

                                  Sort elements
                                  • the parameters defining user access and behavior
                                  • the number of times the server is powered on and off
                                  • the TCP and UDP daemons and ports that are allowed to be open on the server
                                  • the tasks, processes, and applications that are permitted to run on the server
                                  • the definitions of the type of service that an application is allowed to run on a given host
                                  • user accounts
                                    • listening ports
                                      • software environment
                                        • service accounts
                                          Correct

                                          Incorrect

                                          The elements of a server profile include the following:Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server
                                          User accounts – the parameters defining user access and behavior
                                          Service accounts – the definitions of the type of service that an application is allowed to run on a given host
                                          Software environment – the tasks, processes, and applications that are permitted to run on the server

                                          Hint

                                          The elements of a server profile include the following:Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server
                                          User accounts – the parameters defining user access and behavior
                                          Service accounts – the definitions of the type of service that an application is allowed to run on a given host
                                          Software environment – the tasks, processes, and applications that are permitted to run on the server

                                        • CCNA1 v7
                                        • CCNA2 v7
                                        • CCNA3 v7
                                        System Test Exam Answers
                                        Modules 1 – 3 Exam Answers
                                        Modules 4 – 7 Exam Answers
                                        Modules 8 – 10 Exam Answers
                                        Modules 11 – 13 Exam Answers
                                        Modules 14 – 15 Exam Answers
                                        Modules 16 – 17 Exam Answers
                                        Practice Final – ITN Answers
                                        Course Feedback
                                        ITN Practice PT Skills Assessment (PTSA)
                                        Final Exam Answers
                                        Modules 1 – 4 Exam Answers
                                        Modules 5 – 6 Exam Answers
                                        Modules 7 – 9 Exam Answers
                                        Modules 10 – 13 Exam Answers
                                        Modules 14 – 16 Exam Answers
                                        ITN Practice Skills Assessment – PT Answers
                                        SRWE Practice Skills Assessment – PT Part 1 Answers
                                        SRWE Practice Skills Assessment – PT Part 2 Answers
                                        SRWE Hands On Skills Exam Answers
                                        SRWE Practice Final Exam Answers
                                        SRWE Final Exam Answers 
                                        Modules 1 – 2 Exam Answers
                                        Modules 3 – 5 Exam Answers
                                        Modules 6 – 8 Exam Answers
                                        Modules 9 – 12 Exam Answers
                                        Modules 13 – 14 Exam Answers
                                        ITN Practice PT Skills Assessment (PTSA) Answers
                                        SRWE Practice PT Skills Assessment (PTSA) – Part 1 Answers
                                        SRWE Practice PT Skills Assessment (PTSA) – Part 2 Answers
                                        ENSA Practice PT Skills Assessment (PTSA) Answers
                                        ENSA Hands On Skills Exam Answers
                                        Practice Final – ENSA Answers
                                        ENSA Final Exam Answers
                                        CCNA Certification Practice Exam Answers

                                        Copyright © 2023 PressExam.