Deck1 Flashcards Preview

CCNA CyberOps 210-255 > Deck1 > Flashcards

Flashcards in Deck1 Deck (98)
Loading flashcards...
1

Which of the following is not a metadata feature of the Diamond Model?
A. Direction
B. Result
C. Devices
D. Resources

C. Devices

2

Which data type is protected under the PCI compliance framework?
A. credit card type
B. primary account number
C. health conditions
D. provision of individual care

B. primary account number

3

Which of the following are core responsibilities of a national CSIRT and CERT?
A. Provide solutions for bug bounties
B. Protect their citizens by providing security vulnerability information, security awareness
training, best practices, and other information
C. Provide vulnerability brokering to vendors within a country
D. Create regulations around cybersecurity within the country

B. Protect their citizens by providing security vulnerability information, security awareness
training, best practices, and other information

4

REFER TO EXHIBIT
A customer reports that they cannot access your organization's website. Which option is a
possible reason that the customer cannot access the website?
A. The server at 10.33.1.5 is using up too much bandwidth causing a denial- of-service.
B. The server at 10.67.10.5 has a virus.
C. A vulnerability scanner has shown that 10.67.10.5 has been compromised.
D. Web traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.

D. Web traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.

5

In addition to cybercrime and attacks, evidence found on a system or network may be presented in a court of law to support accusations of crime or civil action, including which of the following?
A. Fraud, money laundering, and theft
B. Drug-related crime
C. Murder and acts of violence
D. All of the above

D. All of the above

6

An organization has recently adjusted its security stance in response to online threats made by a known hacktivist group. Which term defines the initial event in the NIST SP800-61 r2?
A. instigator
B. precursor
C. online assault
D. trigger

B. precursor

7

Which of the following is an example of a managed security offering where incident response experts monitor and respond to security alerts in a SOC?
A. Cisco CloudLock
B. Cisco’s Active Threat Analytics (ATA)
C. Cisco Managed Firepower Service
D. Cisco Jasper

B. Cisco’s Active Threat Analytics (ATA)

8

Which kind of evidence can be considered most reliable to arrive at an analytical assertion?
A. direct
B. corroborative
C. indirect
D. circumstantial
E. textual

A. direct

9

What is NAC?
A. Non-Admin Closure
B. Network Access Control
C. Nepal Airline Corporations
D. Network Address Control

B. Network Access Control

10

Which data element must be protected with regards to PCI?
A. past health condition
B. geographic location
C. full name / full account number
D. recent payment amount

C. full name / full account number

11

What is the process of remediation the system from attack so that responsible threat actor can be revealed?
A. Validating the Attacking Host’s IP Address
B. Researching the Attacking Host through Search Engines.
C. Using Incident Databases.
D. Monitoring Possible Attacker Communication Channels.

A. Validating the Attacking Host’s IP Address

12

Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?
A. confidentiality
B. integrity
C. availability
D. complexity

C. availability

13

Which regular expression matches "color" and "colour"?
A. col[0-9]+our
B. colo?ur
C. colou?r
D. ]a-z]{7}

C. colou?r

14

Which option filters a LibPCAP capture that used a host as a gateway?
A. tcp|udp] [src|dst] port
B. [src|dst] net [{mask }|{len }]
C. ether [src|dst] host
D. gateway host

D. gateway host

15

What protocol is related to NAC?
A. 802.1Q
B. 802.1X (EAP-TLS, EAP-PEAP or EAP-MSCHAP)
C. 802.1E
D. 802.1F

B. 802.1X (EAP-TLS, EAP-PEAP or EAP-MSCHAP)

16

A CMS plugin creates two files that are accessible from the Internet myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the vulnerability, one must send an HTTP POST with specific
variables to exploitable.php. You see traffic to your webserver that consists of only HTTP GET requests to myplugin.html. Which category best describes this activity?
A. weaponization
B. exploitation
C. installation
D. reconnaissance

D. reconnaissance

17

From a security perspective, why is it important to employ a clock synchronization protocol on a network?
A. so that everyone knows the local time
B. to ensure employees adhere to work schedule
C. to construct an accurate timeline of events when responding to an incident
D. to guarantee that updates are pushed out according to schedule

C. to construct an accurate timeline of events when responding to an incident

18

Which option is generated when a file is run through an algorithm and generates a string specific to the contents of that file?
A. URL
B. hash
C. IP address
D. destination port

B. hash

19

Which identifies both the source and destination location?
A. IP address
B. URL
C. ports
D. MAC address

A. IP address
Explanation:
The IP Address is used to uniquely identify the desired host we need to contact. This information is not shown in the above packet because it exists in the IP header
section located right above the TCP header we are analysing. If we were to expand the IP header, we would (certainly) find the source and destination IP Address fields in there.

20

What mechanism does the Linux operating system provide to control access to files?
A. privileges required
B. user interaction
C. file permissions
D. access complexity

C. file permissions

21

Which of the following are the three broad categories of cybersecurity investigations?
A. Public, private, and individual investigations
B. Judiciary, private, and individual investigations
C. Public, private, and corporate investigations
D. Government, corporate, and private investigations

A. Public, private, and individual investigations

22

Which source provides reports of vulnerabilities in software and hardware to a Security Operations Center?
A. Analysis Center
B. National CSIRT
C. Internal CSIRT
D. Physical Security

C. Internal CSIRT

23

Which netstat command show ports? (Choose two)
A. netstat –a
B. netstat -l
C. netstat -v
D. netstat -g

A. netstat –a
B. netstat -l

24

During which phase of the forensic process is data that is related to a specific event labeled and recorded to preserve its integrity?
A. collection
B. examination
C. reporting
D. investigation

A. collection

25

Choose the option that best describes NIST data integrity
A. use only sha-1
B. use only md5
C. you must hash data & backup and compare hashes
D. no need to hash data & backup and compare hashes

C. you must hash data & backup and compare hashes

26

Which option allows a file to be extracted from a TCP stream within Wireshark?
A. File > Export Objects
B. Analyze > Extract
C. Tools > Export > TCP
D. View > Extract

A. File > Export Objects

27

What information from HTTP logs can be used to find a threat actor?
A. referer
B. IP address
C. user-agent
D. URL

B. IP address

28

ping cisco.com
Reply from 2001:420:1101:1::a: time=145ms
What can be determined from this ping result?
A. The public IP address of cisco.com is 2001:420:1101:1::a.
B. The Cisco.com website is down.
C. The Cisco.com website is responding with an internal IP.
D. The public IP address of cisco.com is an IPv4 address.

A. The public IP address of cisco.com is 2001:420:1101:1::a.

29

Refer to the following packet capture. Which of the following statements is true about this packet capture?
A. The host with the IP address 93.184.216.34 is the source.
B. The host omar.cisco.com is the destination.
C. This is a Telnet transaction that is timing out and the server is not responding.
D. The server omar.cisco.com is responding to 93.184.216.34 with four data packets.

C. This is a Telnet transaction that is timing out and the server is not responding.

30

What attribute belonging VERIS schema?
A. confidentiality/possession
B. integrity/authenticity
C. availability/utility

A. confidentiality/possession
B. integrity/authenticity
C. availability/utility