Chapter 5. Introduction to Security Operations Management
1. Which of the following are properties of a secure digital identity? (Select all that apply.) a. Unique b. Nondescriptive c. Encrypted d. Nominative
A and B. A secure digital identity should be a unique and nondescriptive security issuance.
13. Which elements are found in a typical Cisco BYOD architecture? (Select all that apply.) a. Mobile device management (MDM) server b. Cisco ISE c. Cisco MARS d. Cisco ASR5000
A and B. Cisco ISE and an MDM server are typically found in a Cisco BYOD architecture.
12. Which of the following functions are typically provided by an SIEM? (Select all that apply.) a. Log correlation b. Log archiving c. Log normalization d. Log correction
A, B, C. SIEM provides correlation, archiving, normalization, aggregation, and reporting for logs.
3. In which cases can access be revoked? (Select all that apply.) a. After job termination b. When a user moves to another job c. When creating an administrative user d. Due to a security violation
A, B, D. Access can be revoked due to job termination, change of the job, or a violation of security policy.
14. Which of the following are required before a patch can be applied? (Select all that apply.) a. Formally start a request for change. b. Perform a security assessment. c. Verify that the patch works correctly. d. Test the patch in the lab.
A, B, D. Verifying that the patch works correctly is done after the patch has been deployed.
12. In which type of penetration assessment is all information about the systems and network known? a. White box approach b. Black box approach c. Gray box approach d. Silver box approach
A. With a white box approach, all information about the systems is known prior to the start of the penetration assessment.
4. Which of the following are responsibilities of an asset owner? (Mark all that apply) a. Implementation of security controls b. Asset security classification c. Asset disposal d. Analysis of the access logs
B and C. Asset classification and Asset disposal are responsibilities of the asset owner.
15. Which of the following are true statements regarding vulnerability scanners and penetration assessments? (Select all that apply.) a. Vulnerability scanners can crash a device; penetration assessments do not. b. Vulnerability scanners usually work with known vulnerabilities. c. Penetration assessment is typically fully automated. d. Vulnerability scanners can work in active mode and passive mode.
B and D. Vulnerability scanners usually work with known vulnerabilities and can work in passive and active modes.
8. Which of the following are advantages of a cloud-based mobile device manager compared to an on-premises model? (Select all that apply.) a. Higher control b. Flexibility c. Scalability d. Easier maintenance
B, C, D. A cloud-based MDM provides more flexibility and scalability, and it is easier to maintain.
3. Which of the following is a password system that's based on tokens and uses a challenge-response mechanism? a. Synchronous token system b. Asynchronous token system c. One-time token system d. Time-base token system
B. An asynchronous token system uses a challenge-response mechanism.
7. Where are configuration records stored? a. In a CMDB b. In a MySQL DB c. In a XLS file d. There is no need to store them
A. Configuration records are stored in a configuration management database (CMDB).
16. What is an OVAL definition? a. An XML file that contains information about how to check a system for the presence of vulnerabilities. b. It is synonymous with the OVAL language. c. An XML file used to represent reporting on the vulnerability assessment. d. A database schema.
A. An OVAL definition is an XML file that contains information about how to check a system for the presence of vulnerabilities.
7. In asset management, what is used to create a list of assets owned by the organization? a. Asset inventory b. Asset acceptable use c. Asset disposal d. Asset category
A. An asset inventory results in a list of assets owned by the organization.
4. In the context of the X.500 standard, how is an entity uniquely identified within a directory information tree? a. By its distinguish name (DN) b. By its relative distinguish name (RDN) c. By its FQDN d. By its DNS name
A. An entity is uniquely identified by its distinguish name (DN).
5. What is the relative distinguished name at the organizational unit level of the following entity? C=US, O=Cisco, OU=CCNA Learning, CN=Jones? a. OU=CCNA Learning b. C=US, O=Cisco, OU=CCNA Learning c. CN=Jones d. OU=CCNA Learning, CN=Jones
A. Answer A is correct in this case.
2. Why is a periodic access rights and privileges review important? a. To avoid privilege creep b. To verify a user's security clearance c. To ensure credentials are encrypted d. To assign a security label
A. A periodic privileges review is needed to make sure each user has the correct level of privileges after any event that could require the assignment of different privileges.
10. In the context of configuration management, which of the following best defines a security baseline configuration? a. A configuration that has been formally reviewed and approved b. The default configuration from the device vendor c. A configuration that can be changed without a formal approval d. The initial server configuration
A. A security baseline configuration is a configuration that has been formally reviewed and approved and cannot be changed without a formal request.
11. A change that is low risk and might not need to follow the full change management process is classified as which of the following? a. Standard b. Emergency c. Normal d. Controlled
A. A standard change is a low-risk change that might not require the full change management process.
14. At which step of the change process is the configuration database updated? a. In the review and close change record b. When the request for change is created c. During the change implementation d. During the request for change review
A. After the RFC is closed, the configuration database is updated with the new configuration.
5. What is the main advantage of single sign-on? a. The user authenticates with SSO and is authorized to access resources on multiple systems. b. The SSO server will automatically update the password on all systems. c. The SSO server is a single point of failure. d. SSO is an open source protocol.
A. The advantage of SSO is that the user authenticates once and he is granted access to organization resources.
10. What is the syslog priority (PRI) of a message from facility 20 with a severity of 4? a. 164 b. 160 c. 24 d. 52
A. The syslog PRI is obtained by multiplying the facility code by 8 and adding the severity code.
9. Which of the following is a typical feature of a Mobile Device Management solution? a. Device jailbreak b. PIN lock enforcement c. Call forwarding d. Speed dial
B. MDM solutions typically provide PIN lock enforcement capabilities.
6. What is the main advantage of an SIEM compared to a normal log collector? a. It provides log storage. b. It provides log correlation. c. It provides a GUI. d. It provides a log search functionality.
B. One of the critical functions of an SIEM compared to a normal log collector is the log correlation capability.
2. What is an advantage of a system-generated password? a. It is easy to remember. b. It complies with the organization's password policy. c. It is very long. d. It includes numbers and letters.
B. System-generated passwords are created by the system by following the constraints embedded in the security policy.
6. In which case should an employee return his laptop to the organization? a. When moving to a different role b. Upon termination of the employment c. As described in the asset return policy d. When the laptop is end of lease
C is the most correct answer.
1. In which phase of the identity and account lifecycle are the access rights assigned? a. Registration b. Access review c. Privileges provisioning d. Identity validation
C. Access rights are provided during the privileges provisioning phase.
9. In which enterprise patch management model can the system can install a patch automatically? a. Agentless b. Passive c. Agent based d. Install based
C. Agent based deployment model gives automatic patch installation capabilities.
13. In which type of vulnerability disclosure approach is the vulnerability exploit not disclosed? a. Partial disclosure b. Full disclosure c. Responsible disclosure d. Initial disclosure
C. In a responsible disclosure approach, the information about how to exploit a vulnerability is not disclosed.
8. Which type of vulnerability scanner probes the target system to get information? a. Intrusive b. Direct c. Passive d. Active
D. Active vulnerability scanners probes the target system.
11. What is the log normalization functionality used for? a. It provides a way to archive logs. b. It aggregates information based on common information and reduces duplicates. c. It provides reporting capabilities. d. It extracts relevant attributes from logs received in different formats and stores them in a common data model or template.
D. Log normalization extracts relevant attributes from logs received in different formats and stores them in a common data model or template.