CCNA CYBER OPS CHAPTER 1-2
What is DLP?
A software or solution for making sure that corporate users do not send sensitive or critical information outside the corporate network
Which of the following is a good definition of a vulnerability? a. A weakness in the system design, implementation, software, or code, or the lack of a mechanism. b. A common vulnerability and exposure (CVE) c. Any potential danger to an asset d. None of these answers are correct.
A. A vulnerability is a weakness in the system design, implementation, software, or code, or the lack of a mechanism. Vulnerabilities can be found in software or hardware.
Which of the following development methodologies uses Scrum? a. Agile b. Waterfall c. Service Iteration d. None of these answers are correct.
A. Agile uses Scrum. Scrum is a framework that helps organizations work together because it encourages teams to learn through experiences, self-organize while working on a solution, and reflect on their wins and losses to continuously improve. Scrum is used by software development teams; however, its principles and lessons can be applied to all kinds of teamwork. Scrum describes a set of meetings, tools, and roles that work in concert to help teams structure and manage their work.
Which of the following is a type of attack where the attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud server? a. Side-channel b. Session riding c. CSRF d. Man-in-the-browser attack
A. An example of a side-channel attack is when the attacker attempts to compromise the cloud environment by placing a malicious virtual machine in close proximity to a target cloud server.
Which of the following statements are true about application proxies? (Choose two.) a. Application proxies, or proxy servers, are devices that operate as intermediary agents on behalf of clients that are on a private or protected network. b. Clients on the protected network send connection requests to the application proxy to transfer data to the unprotected network or the Internet. c. Application proxies can be classified as next-generation firewalls. d. Application proxies always perform Network Address Translation
A. Application proxies, or proxy servers, are devices that operate as intermediary agents on behalf of clients that are on a private or protected network. B. Clients on the protected network send connection requests to the application proxy to transfer data to the unprotected network or the Internet
Which of the following is the cloud service model of Cisco WebEx and Office 365? a. SaaS b. PaaS c. Serverless computing d. IaaS
A. Cisco WebEx and Office 365 are examples of the Software as a Service (SaaS) cloud service model.
Which of the following is a technology that typically has the ability to detect any sensitive emails, documents, or information leaving your organization? a. DLP b. IDaaS c. SaaS d. IaaS
A. Data Loss Prevention (DLP) systems are designed to detect any sensitive emails, documents, or information leaving your organization.
The cloud security shared responsibility depends on the type of cloud model (SaaS, PaaS, or IaaS). In which of the following cloud service models is the cloud consumer (customer) responsible for the security and patching of the applications, but not the underlying operating system, virtual machines, storage, and virtual networks? a. PaaS b. SaaS c. IaaS d. None of these answers are correct.
A. In a Platform-as-a-Service (PaaS) environment the cloud consumer (customer) is responsible for the security and patching of the applications but not the underlying operating system, storage, virtual machines, and virtual networks.
Which of the following is the component of the CIA triad that ensures that a system and its data have not been altered or compromised? a. Integrity b. Availability c. Confidentiality d. Nonrepudiation
A. Integrity is the component of the CIA triad that ensures that a system and its data have not been altered or compromised.
Which of the following is a methodology in which the intrusion detection device searches for a fixed sequence of bytes within the packets traversing the network using signatures? a. Pattern matching and stateful pattern-matching recognition b. Anomaly-based analysis c. Snort-based analysis using AMP d. NetFlow-based analysis
A. Pattern matching and stateful pattern-matching recognition are methodologies used by intrusion detection devices.
What are examples of cloud security threats?
API attacks, VM escape attacks, and web application attacks such as XSS, CSRF, session hijacking, and SQL injection
Which of the following are components of the 5-tuple in a NetFlow flow record? a. Source port, destination port, source IP address, destination IP address, and protocol b. TCP, UDP, ICMP, source IP address, destination IP address c. Source IP address, destination IP address, source MAC address, destination MAC address, protocol d. None of these answers are correct.
A. The 5-tuple in a NetFlow record includes the source port, destination port, source IP address, destination IP address, and protocol.
Which of the following centralizes the management and reporting for one or more Cisco ESAs and Cisco WSAs? a. Cisco SMA b. Cisco FMC c. Cisco Defense Orchestrator d. Cisco DNAC
A. The Cisco Content Security Management Appliance (SMA) is used to provide centralized management and reporting for one or more Cisco ESAs and Cisco WSAs. Cisco FMC is used to manage firewalls and intrusion prevention systems. Cisco Defense Orchestrator is a cloud-based solution to manage and deploy policies to Cisco firewalls. The Cisco DNA Center (DNAC) is a software defined networking (SDN) solution
Which of the following entities developed a tool to provide a repeatable and measurable process for organizations to measure their cybersecurity readiness? a. FFIEC b. FedRAMP c. FIRST d. ISO
A. The Federal Financial Institutions Examination Council developed a tool to provide a repeatable and measurable process for organizations to measure their cybersecurity readiness.
Which of the following protocols is used to redirect traffic from a network infrastructure device to the Cisco WSA for inspection? a. WCCP b. NetFlow c. TLS d. TAXII
A. The WCCP protocol can be used to redirect traffic from a network infrastructure device (such as a firewall or router) to the Cisco WSA for inspection.
Explain the features of a traditional stateful firewall
Access control is done by application awareness and visibility
Which of the following is a type of cloud model composed of two or more clouds or cloud services (including on-premises services or private clouds and public clouds)? a. IaaS b. Hybrid cloud c. Community cloud d. None of these answers are correct.
B. A hybrid cloud is a type of cloud model composed of two or more clouds or cloud services (including on-premises services or private clouds and public clouds).
Which of the following refers to the way you document and preserve evidence from the time that you started the cyber forensics investigation to the time the evidence is presented at court or to your executives? a. Best evidence b. Chain of custody c. Chain of trust d. Web of trust
B. Chain of custody is the way you document and preserve evidence from the time that you started the cyber forensics investigation to the time the evidence is presented at court or to your executives.
Which of the following is a reason why organizations are moving to the cloud? a. To transition from operational expenditure (OpEx) to capital expenditure (CapEx) b. To transition from capital expenditure (CapEx) to operational expenditure (OpEx) c. Because of the many incompatibility issues in security technologies d. None of these answers are correct.
B. Many organizations move their applications to the cloud to transition from CapEx to OpEx (and reduce overhead).
Which of the following is the operating system used by the Cisco ESA and Cisco WSA? a. Cisco IOS-XE b. AsyncOS c. Cisco FTD d. Cisco NX-OS
B. The operating system used by the Cisco ESA and Cisco WSA is the AsyncOS operating system. Cisco IOS-XE is used in Cisco enterprise routers and switches. Cisco FTD is a next-generation firewall solution. Cisco NX-OS is the operating system used in datacenter switches and other Cisco products.
Which of the following is a collection of procedures and operations performed by system administrators, security professionals, or network operators? a. Separation of duties document b. Vulnerability management SOP c. Runbook d. None of these answers are correct.
C. A runbook is a collection of procedures and operations performed by system administrators, security professionals, or network operators.
Which of the following is a solution that makes basic personal firewalls and HIPS obsolete? a. CTA b. CVSS c. AMP for Endpoints d. None of these answers are correct.
C. AMP for Endpoints provides capabilities that are more advanced than basic personal firewalls and host intrusion prevention systems (HIPS).
Which of the following development methodologies includes a feedback loop to prevent problems from happening again (enabling faster detection and recovery by seeing problems as they occur and maximizing opportunities to learn and improve), as well as continuous experimentation and learning? a. Pipelines b. Waterfall c. DevOps d. None of these answers are correct.
C. DevOps includes a feedback loop to prevent problems from happening again (enabling faster detection and recovery by seeing problems as they occur and maximizing opportunities to learn and improve), as well as continuous experimentation and learning.
Which of the following statements are true when referring to Network Address Translation? (Choose two.) a. NAT can only be used in firewalls b. Static NAT does not allow connections to be initiated bidirectionally. c. Static NAT allows connections to be initiated bidirectionally. d. NAT is often used by firewalls; however, other devices such as routers and wireless access points provide support for NAT
C. Static NAT allows connections to be initiated bidirectionally
Which of the following is a framework, developed by the United States government, that provides a common taxonomy, and one of the main goals is to address and manage cybersecurity risk in a cost-effective way to protect critical infrastructure? a. The Forum of Incident Response and Security Teams (FIRST) b. The Common Vulnerability Scoring System (CVSS) c. NIST Cybersecurity Framework d. The National Vulnerability Database (NVD)
C. The NIST Cybersecurity Framework provides a common taxonomy, and one of the main goals is to address and manage cybersecurity risk in a cost-effective way to protect critical infrastructure. CVSS provides a scoring system to characterize the impact of a given security vulnerability. FIRST is an international nonprofit organization where incident response professionals exchange information, provide education, and develop new standards and best practices. NVD is a common repository of known security vulnerabilities that can be accessed at nvd.nist.gov.
What is a specification that provides a methodology for scoring software weaknesses?
CWE
What is a type of cloud deployment model where the cloud environment is shared among different organizations?
Community cloud
What is a software development practice where programmers merge code changes in a central repository multiple times a day?
Continuous Integration (CI)
What is a technology that bundles a program and its dependencies into a single artifact under a root file system? These items are made up of a series of file system layers. Each layer adds, removes, or modifies files from the preceding layer in the file system.
Containers (such as Docker, Rocket, and LXC)
Which of the following are considered personally identifiable information (PII)? a. Individual's name b. Date of birth c. Mother's maiden name d. All of these answers are correct.
D. An individual's name, date of birth, and mother's maiden name are all considered personally identifiable information (PII).
AWS Lambda is an example of "serverless" computing. Serverless does not mean that you do not need a server somewhere. Instead, it means that you will be using which of the following to host and develop your code? a. Agile b. Fuzzers c. Eclipse d. Cloud platforms
D. AWS Lambda is an example of a cloud platform often referred to as "serverless" computing, where you can develop code without having to worry about the underlying infrastructure.
Which of the following are best practices in the SOC? a. Organizations should operate the SOC as a program rather than a single project. b. Metrics must be established to measure the effectiveness of the SOC capabilities. c. Analysts should collaborate with other groups such as public relations, legal, and IT. d. All of these answers are correct.
D. All the available answers are best practices for the Security Operations Center (SOC). Organizations should operate the SOC as a program rather than a single project. Metrics must be established to measure the effectiveness of the SOC capabilities. SOC analysts should collaborate with other groups such as public relations, legal, and IT.
Which of the following is an input validation attack that has been used by adversaries to steal user cookies that can be exploited to gain access as an authenticated user to a cloud-based service? Attackers also have used these vulnerabilities to redirect users to malicious sites. a. DNS attacks b. HTML injection c. SQL injection d. XSS
D. Cross-site scripting (XSS) is an input validation attack that has been used by adversaries to steal user cookies that can be exploited to gain access as an authenticated user to a cloud-based service. Attackers also have used these vulnerabilities to redirect users to malicious sites or display messages to users to obtain sensitive information.
Which of the following statements are true about cybersecurity practices? a. Cybersecurity risk includes not only the risk of a data breach but also the risk of the entire organization being undermined via business activities that rely on digitization and accessibility. b. The objective of cybersecurity is to protect each of us, our economy, our critical infrastructure, and our country from the harm that can result from inadvertent or intentional misuse, compromise, or destruction of information and information systems. c. In the past, information security programs and policies were designed to protect the confidentiality, integrity, and availability of data within the confines of an organization. Cybersecurity is the process of protecting information by preventing, detecting, and responding to attacks d. All of these answers are correct
D. Cybersecurity is different from traditional Information Security (InfoSec). Cybersecurity encompasses risk analysis and is the process of protecting information by preventing, detecting, and responding to attacks. Cybersecurity aims to protect people and critical infrastructure from inadvertent or intentional misuse, compromise, or destruction of information and information systems
Cybersecurity programs and policies expand and build on traditional information security programs but also include which of the following? a. Cyber risk management and oversight b. Threat intelligence c. Threat hunting d. All of these answers are correct.
D. Cybersecurity programs and policies include risk management and oversight, threat intelligence, and threat hunting.
Insufficient due diligence is one of the biggest issues when moving to the cloud. Security professionals must verify that which of the following issues are in place and discussed with the cloud provider? a. Encryption b. Data classification c. Incident response d. All of these answers are correct.
D. Encryption, data classification, and incident response are areas of concern that must be discussed with cloud providers.
18. One of the primary benefits of a ____________ is that even if a single control (such as a firewall or IPS) fails, other controls can still protect your environment and assets. a. DLP b. AMP c. CoPP d. Defense-in-depth strategy
D. One of the primary benefits of a defense-in-depth strategy is to provide security capabilities even if a single control (such as a firewall or IPS) fails. Other controls can still protect your environment and assets.
Which of the following is part of TrustSec? a. Security group tags (SGTs) b. Security group access control lists (SGACLs) c. AnyConnect d. All of these answers are correct.
D. SGTs, SGALCs, and the Cisco AnyConnect Secure Mobility Client are all components of the TrustSec solution.
Which of the following can be used to obtain proof-of-concept exploits against known vulnerabilities? a. The Exploit Database by Offensive Security b. The searchploit tool c. GitHub d. All of these answers are correct.
D. The Exploit Database by Offensive Security (exploit-db.com), searchsploit, and sometimes GitHub can be used to obtain proof-of-concept software designed to exploit a security vulnerability.
A number of standards are being developed for disseminating threat intelligence information. Which of the following standards is a language designed for sharing threat intelligence? a. CWE b. CVE c. CVSS d. STIX
D. STIX is a standard designed to share threat intelligence. The Common Vulnerability and Exposures (CVE) is a standard created by MITRE to identify security vulnerabilities. CVSS is a scoring system to describe the impact of a security vulnerability.
Which of the following states that all users—whether they are individual contributors, managers, directors, or executives—should be granted only the level of privilege they need to do their jobs, and no more? a. ISO privilege standard b. NIST 800-61r2 c. CVSS d. Principle of least privilege
D. The principle of least privilege states that all users—whether they are individual contributors, managers, directors, or executives—should be granted only the level of privilege they need to do their jobs, and no more.
Describe the use of DMZs
DMZs can serve as segments on which a web server farm resides or as extranet connections to business partners
Access control entries, which are part of an access control list, can classify packets by inspecting Layer 2 through Layer 4 headers for a number of parameters, including which of the following items? a. Layer 2 protocol information such as EtherTypes b. Layer 3 protocol information such as ICMP, TCP, or UDP c. Layer 3 header information such as source and destination IP addresses d. Layer 4 header information such as source and destination TCP or UDP ports e. All of these answers are correct.
E. Access control lists can classify packets using Layer 2 protocol information such as EtherTypes; Layer 3 protocol information such as ICMP, TCP, or UDP; Layer 3 header information such as source and destination IP addresses; and Layer 4 header information such as source and destination TCP or UDP ports.
Which of the following are examples of cloud-based security solutions? a. Cisco Cloud Email Security (CES) b. Cisco AMP Threat Grid c. Umbrella (OpenDNS) d. CloudLock e. All of these answers are correct.
E. Cisco Cloud Email Security (CES), Cisco AMP Threat Grid, Umbrella (formerly OpenDNS), and CloudLock are all cloud-based security solutions.
List a commercial tool used in digital forensics
EnCase
What is a United States government program and certification that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services?
FedRAMP
What is the disadvantage of the waterfall development methodology?
It can be difficult for customers to enumerate and communicate all of their needs at the beginning of the project.
List container management and orchestration platforms.
Kubernetes and Apache Mesos
You are part of a vulnerability management team tasked to research information about a new vulnerability disclosed by Microsoft affecting numerous systems in your company. What database can you query to obtain more information about such a vulnerability? a. NVD b. CVSS c. FIRST d. None of these answers are correct.
NVD is a common repository of known security vulnerabilities that can be accessed at nvd.nist.gov. CVSS provides a scoring system to characterize the impact of a given security vulnerability. FIRST is an international nonprofit organization where incident response professionals exchange information, provide education, and develop new standards and best practices.
Describe some of the benefits of NetFlow
NetFlow provides information about network session data, and NetFlow records take less space than a full packet capture
What are examples of the DevOps value stream?
Product management, quality assurance (QA), IT operations, infosec, and cybersecurity practices
Stateful and traditional firewalls can analyze packets and judge them against a set of predetermined rules called access control lists. Which elements within a packet do they inspect?
Source and destination ports and source and destination IP addresses
What is an element of the Scrum framework?
Sprints
xam format questions, use the exam engine on the website. A PaaS cloud typically provides what infrastructure?
Virtual networks, storage, hypervisors
Which of the following is true about heuristic-based algorithms? a. Heuristic-based algorithms may require fine-tuning to adapt to network traffic and minimize the possibility of false positives. b. Heuristic-based algorithms do not require fine-tuning. c. Heuristic-based algorithms support advanced malware protection. d. Heuristic-based algorithms provide capabilities for the automation of IPS signature creation and tuning
a. Heuristic-based algorithms may require fine-tuning to adapt to network traffic and minimize the possibility of false positives
Which of the following has the most storage requirements? a. NetFlow b. Syslog c. Full packet captures d. IPS signatures
c. Full packet captures
List an open-source SDN solution
pen vSwitch