Skip to content
  • Home
  • CCNA Labs
    • CCNA 1 LAB Activities (v6 & v7)
    • CCNA 2 LAB Activities (v6 & v7)
    • CCNA 3 LAB Activities (v6 & v7)
    • CCNA 4 Lab Activities
  • Linux
    • Linux Unhatched
    • Linux Essentials 2.0
    • Linux Essentials
    • Introduction to Linux I
    • Introduction to Linux II
  • Programming
    • PCAP – Programming Essentials in Python
    • CLA – Programming Essentials in C
    • CPA Programming Essentials in C++
  • About
    • Contact Us
    • Privacy Policy

CCNA 7 Exam Answers 2023

Go with our CCIE, Passed 100%

  • ITE
    • ITE - IT Essentials v7.0
    • ITE - IT Essentials v6.0
      • IT Essentials Lab 2019
    • ITE v5.0 Exam
    • Virtual Activity Laptop
    • Virtual Activity Desktop
  • NE
    • MF
  • CCNA
    • CCNA1
      • CCNA1 v7.0 – ITN
      • CCNA1 v6.0
    • CCNA2
      • CCNA2 v7.0 – SRWE
      • CCNA2 v6.0
    • CCNA3
      • CCNA3 v7.0 – ENSA
      • CCNA3 v6.0
    • CCNA4
      • CCNA4 v6.0
  • Cyber-Security
    • ITC – Introduction to Cybersecurity 2.1 (Level 1)
    • CE – Cybersecurity Essentials 1.1 (Level 2)
    • CCNA CyberOps 1.1 (Level 3)
  • Security
    • CCNA Security v2
  • DevNet
  • CCNA PT Lab 2023

CCNA CyberOps SECOPS (210-255) Cert Practice Exam Online

Last Updated on May 20, 2021 by Admin

CCNA CyberOps SECOPS (210-255) Cert Practice Exam Online

CCNA CyberOps 1.1 -- SECOPS (210-255) Cert Practice Exam

Time limit: 0

Quiz-summary

0 of 55 questions completed

Questions:

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35
  36. 36
  37. 37
  38. 38
  39. 39
  40. 40
  41. 41
  42. 42
  43. 43
  44. 44
  45. 45
  46. 46
  47. 47
  48. 48
  49. 49
  50. 50
  51. 51
  52. 52
  53. 53
  54. 54
  55. 55

Information

CCNA CyberOps 1.1 — SECOPS (210-255) Cert Practice Exam

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading...

You must sign in or sign up to start the quiz.

You have to finish following quiz, to start this quiz:

Results

0 of 55 questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 points, (0)

Average score
 
 
Your score
 
 

Categories

  1. Not categorized 0%
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35
  36. 36
  37. 37
  38. 38
  39. 39
  40. 40
  41. 41
  42. 42
  43. 43
  44. 44
  45. 45
  46. 46
  47. 47
  48. 48
  49. 49
  50. 50
  51. 51
  52. 52
  53. 53
  54. 54
  55. 55
  1. Answered
  2. Review
  1. Question 1 of 55
    1. Question
    1 points

    Refer to the exhibit. A security specialist is checking if files in the directory contain ADS data. Which switch should be used to show that a file has ADS attached?

    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 05
    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 05

    Correct

    Incorrect

    By using NTFS, Alternate Data Streams (ADSs) can be connected to a file as an attribute called $DATA. The command dir /r can be used to see if a file contains ADS data.

    Hint

    By using NTFS, Alternate Data Streams (ADSs) can be connected to a file as an attribute called $DATA. The command dir /r can be used to see if a file contains ADS data.

  2. Question 2 of 55
    2. Question
    1 points

    When attempting to improve system performance for Linux computers with a limited amount of memory, why is increasing the size of the swap file system not considered the best solution?

    Correct

    Incorrect

    The swap file system is used by Linux when it runs out of physical memory. When needed, the kernel moves inactive RAM content to the swap partition on the hard disk. Storing and retrieving content in the swap partition is much slower than RAM is, and therefore using the swap partition should not be considered the best solution to improving system performance.

    Hint

    The swap file system is used by Linux when it runs out of physical memory. When needed, the kernel moves inactive RAM content to the swap partition on the hard disk. Storing and retrieving content in the swap partition is much slower than RAM is, and therefore using the swap partition should not be considered the best solution to improving system performance.

  3. Question 3 of 55
    3. Question
    1 points

    How much overhead does the TCP header add to data from the application layer?

    Correct

    Incorrect

    The Layer 4 header in a TCP segment is the TCP header, which is 20 bytes in length. This adds 20 bytes of overhead to the data from the application layer in the composition of a TCP segment.

    Hint

    The Layer 4 header in a TCP segment is the TCP header, which is 20 bytes in length. This adds 20 bytes of overhead to the data from the application layer in the composition of a TCP segment.

  4. Question 4 of 55
    4. Question
    3 points

    Which three fields are found in both the TCP and UDP headers? (Choose three.)

    Correct

    Incorrect

    The UPD header has four fields. Three of these fields are in common with the TCP header. These three fields are the source port, destination port, and checksum.

    Hint

    The UPD header has four fields. Three of these fields are in common with the TCP header. These three fields are the source port, destination port, and checksum.

  5. Question 5 of 55
    5. Question
    1 points

    Refer to the exhibit. A security specialist is using Wireshark to review a PCAP file generated by tcpdump. When the client initiated a file download request, which source socket pair was used?

    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 02
    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 02

    Correct

    Incorrect

    The combination of the source IP address and source port number, or the destination IP address and destination port number, is known as a socket. A socket is shown as the IP address and associated port number with a colon in between the two (IP_address:port_number).

    Hint

    The combination of the source IP address and source port number, or the destination IP address and destination port number, is known as a socket. A socket is shown as the IP address and associated port number with a colon in between the two (IP_address:port_number).

  6. Question 6 of 55
    6. Question
    1 points

    Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet?

    Correct

    Incorrect

    Optional Layer 3 information about fragmentation, security, and mobility is carried inside of extension headers in an IPv6 packet. The next header field of the IPv6 header acts as a pointer to these optional extension headers if they are present.

    Hint

    Optional Layer 3 information about fragmentation, security, and mobility is carried inside of extension headers in an IPv6 packet. The next header field of the IPv6 header acts as a pointer to these optional extension headers if they are present.

  7. Question 7 of 55
    7. Question
    3 points

    Which three IPv4 header fields have no equivalent in an IPv6 header? (Choose three.)

    Correct

    Incorrect

    Unlike IPv4, IPv6 routers do not perform fragmentation. Therefore, all three fields supporting fragmentation in the IPv4 header are removed and have no equivalent in the IPv6 header. These three fields are fragment offset, flag, and identification. IPv6 does support host packet fragmentation through the use of extension headers, which are not part of the IPv6 header.

    Hint

    Unlike IPv4, IPv6 routers do not perform fragmentation. Therefore, all three fields supporting fragmentation in the IPv4 header are removed and have no equivalent in the IPv6 header. These three fields are fragment offset, flag, and identification. IPv6 does support host packet fragmentation through the use of extension headers, which are not part of the IPv6 header.

  8. Question 8 of 55
    8. Question
    1 points

    Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?

    Correct

    Incorrect

    Cisco AMP uses threat intelligence along with known file signatures to identify and block policy-violating file types and exploitations.

    Hint

    Cisco AMP uses threat intelligence along with known file signatures to identify and block policy-violating file types and exploitations.

  9. Question 9 of 55
    9. Question
    1 points

    When establishing a network profile for an organization, which element describes the time between the establishment of a data flow and its termination?

    Correct

    Incorrect

    A network profile should include some important elements, such as the following:

    • Total throughput – the amount of data passing from a given source to a given destination in a given period of time
    • Session duration – the time between the establishment of a data flow and its termination
    • Ports used – a list of TCP or UDP processes that are available to accept data
    • Critical asset address space – the IP addresses or the logical location of essential systems or data

     

    Hint

    A network profile should include some important elements, such as the following:

    • Total throughput – the amount of data passing from a given source to a given destination in a given period of time
    • Session duration – the time between the establishment of a data flow and its termination
    • Ports used – a list of TCP or UDP processes that are available to accept data
    • Critical asset address space – the IP addresses or the logical location of essential systems or data

     

  10. Question 10 of 55
    10. Question
    1 points

    A network administrator is creating a network profile to generate a network baseline. What is included in the critical asset address space element?

    Correct

    Incorrect

    A network profile should include some important elements, such as the following:

    • Total throughput – the amount of data passing from a given source to a given destination in a given period of time
    • Session duration – the time between the establishment of a data flow and its termination
    • Ports used – a list of TCP or UDP processes that are available to accept data
    • Critical asset address space – the IP addresses or the logical location of essential systems or data

     

    Hint

    A network profile should include some important elements, such as the following:

    • Total throughput – the amount of data passing from a given source to a given destination in a given period of time
    • Session duration – the time between the establishment of a data flow and its termination
    • Ports used – a list of TCP or UDP processes that are available to accept data
    • Critical asset address space – the IP addresses or the logical location of essential systems or data

     

  11. Question 11 of 55
    11. Question
    1 points

    When a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server?

    Correct

    Incorrect

    A server profile will often contain the following:

    • Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server
    • User accounts – the parameters defining user access and behavior
    • Service accounts – the definitions of the type of service that an application is allowed to run on a server
    • Software environment – the tasks, processes, and applications that are permitted to run on the server

     

    Hint

    A server profile will often contain the following:

    • Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server
    • User accounts – the parameters defining user access and behavior
    • Service accounts – the definitions of the type of service that an application is allowed to run on a server
    • Software environment – the tasks, processes, and applications that are permitted to run on the server

     

  12. Question 12 of 55
    12. Question
    1 points

    When establishing a server profile for an organization, which element describes the type of service that an application is allowed to run on the server?

    Correct

    Incorrect

    A server profile should contain some important elements including these:

    • Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server
    • User accounts – the parameters defining user access and behavior
    • Service accounts – the definitions of the type of service that an application is allowed to run on a server
    • Software environment – the tasks, processes, and applications that are permitted to run on the server

     

    Hint

    A server profile should contain some important elements including these:

    • Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server
    • User accounts – the parameters defining user access and behavior
    • Service accounts – the definitions of the type of service that an application is allowed to run on a server
    • Software environment – the tasks, processes, and applications that are permitted to run on the server

     

  13. Question 13 of 55
    13. Question
    3 points

    What are the three impact metrics contained in the CVSS 3.0 Base Metric Group? (Choose three.)

    Correct

    Incorrect

    The Common Vulnerability Scoring System (CVSS) is a vendor-neutral, industry standard, open framework for weighing the risks of a vulnerability using a variety of metrics. CVSS uses three groups of metrics to assess vulnerability, the Base Metric Group, Temporal Metric Group, and Environmental Metric Group. The Base Metric Group has two classes of metrics (exploitability and impact). The impact metrics are rooted in the following areas: confidentiality, integrity, and availability.

    Hint

    The Common Vulnerability Scoring System (CVSS) is a vendor-neutral, industry standard, open framework for weighing the risks of a vulnerability using a variety of metrics. CVSS uses three groups of metrics to assess vulnerability, the Base Metric Group, Temporal Metric Group, and Environmental Metric Group. The Base Metric Group has two classes of metrics (exploitability and impact). The impact metrics are rooted in the following areas: confidentiality, integrity, and availability.

  14. Question 14 of 55
    14. Question
    1 points

    Which metric in the CVSS Base Metric Group is used with an attack vector?

    Correct

    Incorrect

    The attack vector is one of several metrics defined in the Common Vulnerability Scoring System (CVSS) Base Metric Group Exploitability metrics. The attack vector is how close the threat actor is to the vulnerable component. The farther away the threat actor is to the component, the higher the severity because threat actors close to the network are easier to detect and mitigate.

    Hint

    The attack vector is one of several metrics defined in the Common Vulnerability Scoring System (CVSS) Base Metric Group Exploitability metrics. The attack vector is how close the threat actor is to the vulnerable component. The farther away the threat actor is to the component, the higher the severity because threat actors close to the network are easier to detect and mitigate.

  15. Question 15 of 55
    15. Question
    1 points

    A cybersecurity analyst is performing a CVSS assessment on an attack where a web link was sent to several employees. Once clicked, an internal attack was launched. Which CVSS Base Metric Group Exploitability metric is used to document that the user had to click on the link in order for the attack to occur?

    Correct

    Incorrect

    The CVSS Base Metric Group has the following metrics: attack vector, attack complexity, privileges required, user interaction, and scope. The user interaction metric expresses the presence or absence of the requirement for user interaction in order for an exploit to be successful.

    Hint

    The CVSS Base Metric Group has the following metrics: attack vector, attack complexity, privileges required, user interaction, and scope. The user interaction metric expresses the presence or absence of the requirement for user interaction in order for an exploit to be successful.

  16. Question 16 of 55
    16. Question
    1 points

    Which statement describes the card verification value (CVV) for a credit card?

    Correct

    Incorrect

    The card verification value (CVV), or card verification code (CVC), or card security code (CSC) is a security feature of a credit card, usually 3 or 4 digits printed on the back of the card.

    Hint

    The card verification value (CVV), or card verification code (CVC), or card security code (CSC) is a security feature of a credit card, usually 3 or 4 digits printed on the back of the card.

  17. Question 17 of 55
    17. Question
    1 points

    After a security monitoring tool identifies a malware attachment entering the network, what is the benefit of performing a retrospective analysis?

    Correct

    Incorrect

    General security monitoring can identify when a malware attachment enters a network and which host is first infected. Retrospective analysis takes the next step and is the tracking of the behavior of the malware from that point forward.

    Hint

    General security monitoring can identify when a malware attachment enters a network and which host is first infected. Retrospective analysis takes the next step and is the tracking of the behavior of the malware from that point forward.

  18. Question 18 of 55
    18. Question
    2 points

    What are two of the 5-tuples? (Choose two.)

    Correct

    Incorrect

    The components of a 5-tuple include a source IP address and port number, destination IP address and port number, and the protocol in use.

    Hint

    The components of a 5-tuple include a source IP address and port number, destination IP address and port number, and the protocol in use.

  19. Question 19 of 55
    19. Question
    1 points

    What are security event logs commonly based on when sourced by traditional firewalls?

    Correct

    Incorrect

    Traditional firewalls commonly provide security event logs based on the 5-tuples of source IP address and port number, destination IP address and port number, and the protocol in use.

    Hint

    Traditional firewalls commonly provide security event logs based on the 5-tuples of source IP address and port number, destination IP address and port number, and the protocol in use.

  20. Question 20 of 55
    20. Question
    1 points

    When real-time reporting of security events from multiple sources is being received, which function in SIEM provides capturing and processing of data in a common format?

    Correct

    Incorrect

    SIEM combines SEM and SIM tools to provide some useful functions, one of which is data normalization. Data normalization is the process of mapping log messages from different systems into a common data model in order to analyze related security events, even if they are initially logged in different source formats.

    Hint

    SIEM combines SEM and SIM tools to provide some useful functions, one of which is data normalization. Data normalization is the process of mapping log messages from different systems into a common data model in order to analyze related security events, even if they are initially logged in different source formats.

  21. Question 21 of 55
    21. Question
    1 points

    What is a goal of deploying an in-line security device that can analyze data as a normalized stream?

    Correct

    Incorrect

    An IPS is an in-line security device that can analyze data as a normalized stream to reduce or eliminate the possibility of security evasions.

    Hint

    An IPS is an in-line security device that can analyze data as a normalized stream to reduce or eliminate the possibility of security evasions.

  22. Question 22 of 55
    22. Question
    2 points

    What are two sources of data in the operation of a security information and event management (SIEM) system? (Choose two.)

    Correct

    Incorrect

    Security information and event management (SIEM) systems receive data from IPS devices, firewalls, NetFlow devices, servers, endpoints, and syslog infrastructure devices.

    Hint

    Security information and event management (SIEM) systems receive data from IPS devices, firewalls, NetFlow devices, servers, endpoints, and syslog infrastructure devices.

  23. Question 23 of 55
    23. Question
    1 points

    Refer to the exhibit. Which techology generated the event log?

    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 06
    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 06

    Correct

    Incorrect

    The output shown is from a web proxy.

    Hint

    The output shown is from a web proxy.

  24. Question 24 of 55
    24. Question
    1 points

    Refer to the exhibit. A network administrator is examining a NetFlow record. Why would the record indicate that both TRNS SOURCE PORT and TRNS DESTINATION PORT are 0?

    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 04
    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 04

    Correct

    Incorrect

    The data flow recorded is ICMP traffic, indicated by the number 1 for IP PROTOCOL. Because ICMP is a Layer 3 protocol and has no need for a Layer 4 protocol such as TCP or UDP, the port numbers show a 0 within the NetFlow output.

    Hint

    The data flow recorded is ICMP traffic, indicated by the number 1 for IP PROTOCOL. Because ICMP is a Layer 3 protocol and has no need for a Layer 4 protocol such as TCP or UDP, the port numbers show a 0 within the NetFlow output.

  25. Question 25 of 55
    25. Question
    1 points

    Refer to the exhibit. A network administrator is examining a NetFlow record. Which protocol is in use in the flow shown?

    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 03
    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 03

    Correct

    Incorrect

    The data flow shown is captured UDP traffic of a DNS response, indicated by the number 17 in the IP PROTOCOL output.

    Hint

    The data flow shown is captured UDP traffic of a DNS response, indicated by the number 17 in the IP PROTOCOL output.

  26. Question 26 of 55
    26. Question
    1 points

    At the request of investors, a company is proceeding with cyber attribution with a particular attack that was conducted from an external source. Which security term is used to describe the person or device responsible for the attack?

    Correct

    Incorrect

    Some people may use the common word of “hacker” to describe a threat actor. A threat actor is an entity that is involved with an incident that impacts or has the potential to impact an organization in such a way that it is considered a security risk or threat.

    Hint

    Some people may use the common word of “hacker” to describe a threat actor. A threat actor is an entity that is involved with an incident that impacts or has the potential to impact an organization in such a way that it is considered a security risk or threat.

  27. Question 27 of 55
    27. Question
    1 points

    What classification is used for an alert that correctly identifies that an exploit has occurred?

    Correct

    Incorrect

    A true positive occurs when an IDS and IPS signature is correctly fired and an alarm is generated when offending traffic is detected.

    Hint

    A true positive occurs when an IDS and IPS signature is correctly fired and an alarm is generated when offending traffic is detected.

  28. Question 28 of 55
    28. Question
    1 points

    Which type of analysis relies on predefined conditions and can analyze applications that only use well-known fixed ports?

    Correct

    Incorrect

    Deterministic analysis uses predefined conditions to analyze applications that conform to specification standards, such as performing a port-based analysis.

    Hint

    Deterministic analysis uses predefined conditions to analyze applications that conform to specification standards, such as performing a port-based analysis.

  29. Question 29 of 55
    29. Question
    1 points

    Which type of analysis relies on different methods to establish the likelihood that a security event has happened or will happen?

    Correct

    Incorrect

    Probabilistic methods use powerful tools to create a probabilistic answer as a result of analyzing applications.

    Hint

    Probabilistic methods use powerful tools to create a probabilistic answer as a result of analyzing applications.

  30. Question 30 of 55
    30. Question
    1 points

    What is the benefit of converting log file data into a common schema?

    Correct

    Incorrect

    When data is converted into a universal format, it can be effectively structured for performing fast queries and event analysis.

    Hint

    When data is converted into a universal format, it can be effectively structured for performing fast queries and event analysis.

  31. Question 31 of 55
    31. Question
    1 points

    What will match the regular expression ^83?

    Correct

    Incorrect

    The expression ^83 indicates any string that begins with 83 will be matched.

    Hint

    The expression ^83 indicates any string that begins with 83 will be matched.

  32. Question 32 of 55
    32. Question
    1 points

    Using Tcpdump and Wireshark, a security analyst extracts a downloaded file from a pcap file. The analyst suspects that the file is a virus and wants to know the file type for further examination. Which Linux command can be used to determine the file type?

    Correct

    Incorrect

    The Linux file command can be used to determine a file type, such as whether it is executable, ASCII text, or zip.

    Hint

    The Linux file command can be used to determine a file type, such as whether it is executable, ASCII text, or zip.

  33. Question 33 of 55
    33. Question
    1 points

    Which type of evidence cannot prove an IT security fact on its own?

    Correct

    Incorrect

    Indirect evidence cannot prove a fact on its own, but direct evidence can. Corroborative evidence is supporting information. Best evidence is most reliable because it is something concrete such as a signed contract.

    Hint

    Indirect evidence cannot prove a fact on its own, but direct evidence can. Corroborative evidence is supporting information. Best evidence is most reliable because it is something concrete such as a signed contract.

  34. Question 34 of 55
    34. Question
    1 points

    A cybersecurity analyst has been called to a crime scene that contains several technology items including a computer. Which technique will be used so that the information found on the computer can be used in court?

    Correct

    Incorrect

    A normal file copy does not recover all data on a storage device so an unaltered disk image is commonly made. An unaltered disk image preserves the original evidence, thus preventing inadvertent alteration during the discovery phase. It also allows recreation of the original evidence.

    Hint

    A normal file copy does not recover all data on a storage device so an unaltered disk image is commonly made. An unaltered disk image preserves the original evidence, thus preventing inadvertent alteration during the discovery phase. It also allows recreation of the original evidence.

  35. Question 35 of 55
    35. Question
    1 points

    Refer to the exhibit. A security analyst issues the cat command to review the content of the file confidential2. Which encoding method was used to encode the file?

    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 01
    CCNA Cybersecurity Operations (Version 1.1) – SECOPS (210-255) Cert Practice Exam Answers 2019 Full 100% 01

    Correct

    Incorrect

    Hex encodes binary data in hexidecimal string format. Base64 encodes binary data in an ASCII string format. In this case, the characters are 0-9 and a-f, typical hexidecimal numbers.

    Hint

    Hex encodes binary data in hexidecimal string format. Base64 encodes binary data in an ASCII string format. In this case, the characters are 0-9 and a-f, typical hexidecimal numbers.

  36. Question 36 of 55
    36. Question
    1 points

    According to the Cyber Kill Chain model, after a weapon is delivered to a targeted system, what is the next step that a threat actor would take?

    Correct

    Incorrect

    The Cyber Kill Chain specifies seven steps (or phases) and sequences that a threat actor must complete to accomplish an attack:

    • Reconnaissance – The threat actor performs research, gathers intelligence, and selects targets.
    • Weaponization – The threat actor uses the information from the reconnaissance phase to develop a weapon against specific targeted systems.
    • Delivery – The weapon is transmitted to the target using a delivery vector.
    • Exploitation – The threat actor uses the weapon delivered to break the vulnerability and gain control of the target.
    • Installation – The threat actor establishes a back door into the system to allow for continued access to the target.
    • Command and Control (CnC) – The threat actor establishes command and control (CnC) with the target system.
    • Action on Objectives – The threat actor is able to take action on the target system, thus achieving the original objective.

     

    Hint

    The Cyber Kill Chain specifies seven steps (or phases) and sequences that a threat actor must complete to accomplish an attack:

    • Reconnaissance – The threat actor performs research, gathers intelligence, and selects targets.
    • Weaponization – The threat actor uses the information from the reconnaissance phase to develop a weapon against specific targeted systems.
    • Delivery – The weapon is transmitted to the target using a delivery vector.
    • Exploitation – The threat actor uses the weapon delivered to break the vulnerability and gain control of the target.
    • Installation – The threat actor establishes a back door into the system to allow for continued access to the target.
    • Command and Control (CnC) – The threat actor establishes command and control (CnC) with the target system.
    • Action on Objectives – The threat actor is able to take action on the target system, thus achieving the original objective.

     

  37. Question 37 of 55
    37. Question
    1 points

    What will a threat actor do to create a back door on a compromised target according to the Cyber Kill Chain model?

    Correct

    Incorrect

    Once a target system is compromised, the threat actor will establish a back door into the system to allow for continued access to the target. Adding services and autorun keys is a way to create a point of persistent access.

    Hint

    Once a target system is compromised, the threat actor will establish a back door into the system to allow for continued access to the target. Adding services and autorun keys is a way to create a point of persistent access.

  38. Question 38 of 55
    38. Question
    3 points

    Which three things will a threat actor do to prepare a DDoS attack against a target system on the Internet? (Choose three.)

    Correct

    Incorrect

    To prepare for launching a DDoS attack, a threat actor will compromise many hosts on the Internet, called zombies. The threat actor will then install attack software on zombies and establish a two-way communications channel to CnC infrastructure with zombies. The threat actor will issue the command to zombies through the CnC to launch a DDoS attack against a target system.

    Hint

    To prepare for launching a DDoS attack, a threat actor will compromise many hosts on the Internet, called zombies. The threat actor will then install attack software on zombies and establish a two-way communications channel to CnC infrastructure with zombies. The threat actor will issue the command to zombies through the CnC to launch a DDoS attack against a target system.

  39. Question 39 of 55
    39. Question
    1 points

    In which top-level element of the VERIS schema does VERIS use the A4 threat model to describe an incident?

    Correct

    Incorrect

    In the top-level element incident description of the VERIS schema, VERIS uses the A4 threat model that was developed by the RISK team at Verizon to describe an incident completely.

    Hint

    In the top-level element incident description of the VERIS schema, VERIS uses the A4 threat model that was developed by the RISK team at Verizon to describe an incident completely.

  40. Question 40 of 55
    40. Question
    3 points

    What are three of the four interactive landscapes that VERIS schema use to define risk?

    Correct

    Incorrect

    In the VERIS schema, risk is defined as the intersection of four landscapes of threat, asset, impact, and control. Information from each landscape helps to understand the level of risk to the organization.

    Hint

    In the VERIS schema, risk is defined as the intersection of four landscapes of threat, asset, impact, and control. Information from each landscape helps to understand the level of risk to the organization.

  41. Question 41 of 55
    41. Question
    1 points

    Which specification provides a common language for describing security incidents in a structured and repeatable way?

    Correct

    Incorrect

    Vocabulary for Event Recording and Incident Sharing (VERIS) was created to provide a common language for describing security incidents. VERIS addresses the problems of dealing with different security tools and the tendency of humans to refer to incidents and events inconsistently.

    Hint

    Vocabulary for Event Recording and Incident Sharing (VERIS) was created to provide a common language for describing security incidents. VERIS addresses the problems of dealing with different security tools and the tendency of humans to refer to incidents and events inconsistently.

  42. Question 42 of 55
    42. Question
    1 points

    What is the VERIS Community Database (VCDB)?

    Correct

    Incorrect

    The VERIS Community Database (VCDB) is an open and free collection of publicly-reported security incidents in VERIS format. The VCDB is in a universal format that allows for manipulation and transformation.

    Hint

    The VERIS Community Database (VCDB) is an open and free collection of publicly-reported security incidents in VERIS format. The VCDB is in a universal format that allows for manipulation and transformation.

  43. Question 43 of 55
    43. Question
    1 points

    Which type of computer security incident response team is responsible for determining trends to help predict and provide warning of future security incidents?

    Correct

    Incorrect

    There are many different types of computer security incident response teams (CSIRTs) and related information security organizations. Analysis centers use data from many sources to determine security incident trends that can help predict future incidents and provide early warning.

    Hint

    There are many different types of computer security incident response teams (CSIRTs) and related information security organizations. Analysis centers use data from many sources to determine security incident trends that can help predict future incidents and provide early warning.

  44. Question 44 of 55
    44. Question
    1 points

    What is the role of vendor teams as they relate to a computer security incident response team?

    Correct

    Incorrect

    There are many different types of computer security incident response teams (CSIRTs) and related information security organizations. Vendor CSIRT teams provide remediation for vulnerabilities in the software or hardware of an organization and often handle customer reports concerning security vulnerabilities.

    Hint

    There are many different types of computer security incident response teams (CSIRTs) and related information security organizations. Vendor CSIRT teams provide remediation for vulnerabilities in the software or hardware of an organization and often handle customer reports concerning security vulnerabilities.

  45. Question 45 of 55
    45. Question
    2 points

    Which two actions should be taken during the preparation phase of the incident response life cycle defined by NIST? (Choose two.)

    Correct

    Incorrect

    According to the guideline defined in the NIST Incident Response Life Cycle, several actions should be taken during the preparation phase including (1) creating and training the CSIRT and (2) acquiring and deploying the tools needed by the team to investigate incidents.

    Hint

    According to the guideline defined in the NIST Incident Response Life Cycle, several actions should be taken during the preparation phase including (1) creating and training the CSIRT and (2) acquiring and deploying the tools needed by the team to investigate incidents.

  46. Question 46 of 55
    46. Question
    1 points

    During the detection and analysis phase of the NIST incident response process life cycle, which sign category is used to describe that an incident might occur in the future?

    Correct

    Incorrect

    There are two categories for the signs of an incident:

    • Precursor – a sign that an incident might occur in the future
    • Indicator – a sign that an incident might already have occurred or is currently occurring

     

    Hint

    There are two categories for the signs of an incident:

    • Precursor – a sign that an incident might occur in the future
    • Indicator – a sign that an incident might already have occurred or is currently occurring

     

  47. Question 47 of 55
    47. Question
    2 points

    A company is applying the NIST.SP800-61 r2 incident handling process to security events. What are two examples of incidents that are in the category of precursor? (Choose two.)

    Correct

    Incorrect

    As an incident category, the precursor is a sign that an incident might occur in the future. Examples of precursors are log entries that show a response to a port scan or a newly-discovered vulnerability in web servers using Apache.

    Hint

    As an incident category, the precursor is a sign that an incident might occur in the future. Examples of precursors are log entries that show a response to a port scan or a newly-discovered vulnerability in web servers using Apache.

  48. Question 48 of 55
    48. Question
    2 points

    Which two actions can help identify an attacking host during a security incident? (Choose two.)

    Correct

    Incorrect

    The following actions can help identify an attacking host during a security incident:Use incident databases to research related activity.
    Validate the IP address of the threat actor to determine if it is a viable one.
    Use an Internet search engine to gain additional information about the attack.
    Monitor the communication channels that some threat actors use, such as IRC.

    Hint

    The following actions can help identify an attacking host during a security incident:Use incident databases to research related activity.
    Validate the IP address of the threat actor to determine if it is a viable one.
    Use an Internet search engine to gain additional information about the attack.
    Monitor the communication channels that some threat actors use, such as IRC.

  49. Question 49 of 55
    49. Question
    1 points

    What is defined in the policy element of the NIST incident response plan?

    Correct

    Incorrect

    The policy element of the NIST incident response plan details how incidents should be handled based on the mission and function of the organization.

    Hint

    The policy element of the NIST incident response plan details how incidents should be handled based on the mission and function of the organization.

  50. Question 50 of 55
    50. Question
    1 points

    What is specified in the plan element of the NIST incident response plan?

    Correct

    Incorrect

    NIST recommends creating policies, plans, and procedures for establishing and maintaining a CSIRC. One component of the plan element is to develop metrics for measuring the incident response capability and its effectiveness.

    Hint

    NIST recommends creating policies, plans, and procedures for establishing and maintaining a CSIRC. One component of the plan element is to develop metrics for measuring the incident response capability and its effectiveness.

  51. Question 51 of 55
    51. Question
    1 points

    Which NIST-defined incident response stakeholder is responsible for coordinating incident response with other stakeholders and minimizing the damage of an incident?

    Correct

    Incorrect

    The management team creates the policies, designs the budget, and is in charge of staffing all departments. Management is also responsible for coordinating the incident response with other stakeholders and minimizing the damage of an incident.

    Hint

    The management team creates the policies, designs the budget, and is in charge of staffing all departments. Management is also responsible for coordinating the incident response with other stakeholders and minimizing the damage of an incident.

  52. Question 52 of 55
    52. Question
    1 points

    What is the responsibility of the IT support group when handing an incident as defined by NIST?

    Correct

    Incorrect

    IT support best understands the technology used in the organization and can perform the correct actions to minimize the effectiveness of the attack and preserve evidence.

    Hint

    IT support best understands the technology used in the organization and can perform the correct actions to minimize the effectiveness of the attack and preserve evidence.

  53. Question 53 of 55
    53. Question
    1 points

    What is the responsibility of the human resources department when handing a security incident as defined by NIST?

    Correct

    Incorrect

    The human resources department may be called upon to perform disciplinary measures if an incident is caused by an employee.

    Hint

    The human resources department may be called upon to perform disciplinary measures if an incident is caused by an employee.

  54. Question 54 of 55
    54. Question
    3 points

    After containing an incident that infected user workstations with malware, what are three effective remediation procedures that an organization can take for eradication? (Choose three.)

    Correct

    Incorrect

    To recover infected user workstations, use clean and recent backups or rebuild the PCs with installation media if no backups are available or they have been compromised. Also, fully update and patch the operating system and installed software of all hosts. All users are encouraged to change their passwords for the workstation or workstations they use. Rebuilding DHCP servers is needed only if they are affected by the incident.Also not all devices need to change the name and password configuration setting unless they are affected by the incident.

    Hint

    To recover infected user workstations, use clean and recent backups or rebuild the PCs with installation media if no backups are available or they have been compromised. Also, fully update and patch the operating system and installed software of all hosts. All users are encouraged to change their passwords for the workstation or workstations they use. Rebuilding DHCP servers is needed only if they are affected by the incident.Also not all devices need to change the name and password configuration setting unless they are affected by the incident.

  55. Question 55 of 55
    55. Question
    1 points

    In which step of the NIST incident response process does the CSIRT perform an analysis to determine which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring?

    Correct

    Incorrect

    In the detection and analysis phase of the NIST incident response process life cycle, the CSIRT should immediately perform an initial analysis to determine the scope of the incident, such as which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring.

    Hint

    In the detection and analysis phase of the NIST incident response process life cycle, the CSIRT should immediately perform an initial analysis to determine the scope of the incident, such as which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring.

  • CCNA1 v7
  • CCNA2 v7
  • CCNA3 v7
System Test Exam Answers
Modules 1 – 3 Exam Answers
Modules 4 – 7 Exam Answers
Modules 8 – 10 Exam Answers
Modules 11 – 13 Exam Answers
Modules 14 – 15 Exam Answers
Modules 16 – 17 Exam Answers
Practice Final – ITN Answers
Course Feedback
ITN Practice PT Skills Assessment (PTSA)
Final Exam Answers
Modules 1 – 4 Exam Answers
Modules 5 – 6 Exam Answers
Modules 7 – 9 Exam Answers
Modules 10 – 13 Exam Answers
Modules 14 – 16 Exam Answers
ITN Practice Skills Assessment – PT Answers
SRWE Practice Skills Assessment – PT Part 1 Answers
SRWE Practice Skills Assessment – PT Part 2 Answers
SRWE Hands On Skills Exam Answers
SRWE Practice Final Exam Answers
SRWE Final Exam Answers 
Modules 1 – 2 Exam Answers
Modules 3 – 5 Exam Answers
Modules 6 – 8 Exam Answers
Modules 9 – 12 Exam Answers
Modules 13 – 14 Exam Answers
ITN Practice PT Skills Assessment (PTSA) Answers
SRWE Practice PT Skills Assessment (PTSA) – Part 1 Answers
SRWE Practice PT Skills Assessment (PTSA) – Part 2 Answers
ENSA Practice PT Skills Assessment (PTSA) Answers
ENSA Hands On Skills Exam Answers
Practice Final – ENSA Answers
ENSA Final Exam Answers
CCNA Certification Practice Exam Answers

Copyright © 2023 PressExam.