Cisco CyberOps Associate Review
Which of the following describes the effect of encapsulation on data? A. Hides an object from unwanted access B. Ensures that sent or received information is correct C. Ensures that no information leakage can occur D. Checks if invalid characters are used
A. Hides an object from unwanted access
Which of the following describes a computer program designed to infiltrate and damage a computer without user interaction? A. Malware B. Cross-site scripting C. Buffer overflow D. MITM
A. Malware
For which of the following access control models is the main purpose preserving the confidentiality of data? A. Mandatory access control B. Role-based access control C. Non-discretionary access control D. Time-based access control
A. Mandatory access control
Which technology allows a large number of private IP addresses to be represented by a smaller number of public IP addresses? A. NAT B. NTP C. RFC 1631 D. RFC 1918
A. NAT
Where is a host-based intrusion detection system located? A. On a particular endpoint as an agent or desktop application B. On a dedicated proxy server monitoring egress traffic C. On a span switch port D. On a tap switch port
A. On a particular endpoint as an agent or desktop application
While analyzing the network, we notice aggressive traffic in the ICMP protocol. Which of the following attacks could be the cause? A.Ping flood attack B.Brute-force C.SQLi D.XSS
A. Ping flood attack
Which of the following does NetFlow use to determine if traffic belongs to the same flow? (Select three) A. Port numbers B. MAC address C. IP address D. Interface name E. L3 protocol type
A. Port numbers C. IP address E. L3 protocol type
Which of the following describes a situation in which a virus scanner identifies a file as a virus, when it isn't really a virus, and then tries to delete it? A. True positive B. False negative C. True negative D. False positive
D. False positive
Which of the following is software that runs on an individual computer to protect it from viruses and malware and to control the spread of harmful infections throughout the network? A. Host-based intrusion detection B. Host-based firewall C. Application-level whitelisting/blacklisting D. System-based sandboxing
B. Host-based firewall
Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IPS phones? A. Replay B. Man-in-the-middle C. Dictionary D. Known plaintext
B. Man-in-the-middle
While viewing packet capture data, you notice that an IP is sending and receiving traffic for multiple devices by modifying the IP header. Which of the following make this behavior possible? A. TOR B. NAT C. Encapsulation D. Tunneling
B. NAT
At which OSI layer does a router typically operate? A. Transport B. Network C. Data link D. Application
B. Network
Which of the following are Cisco cloud security solutions?(Choose two) A.CloudDLP B.OpenDNS C.CloudLock D.CloudSLS
B. OpenDNS C. CloudLock
In computer security, what information does PHI describe? A. Private host information B. Protected health information C. Personal health information D. Protected host information
B. Protected health information
Which of the following represents an access control model that enable users to perform activities based on the permissions assigned to their roles? A. Non-discretionary access control B. Role-based access control C. Time-based access control D. Rule-based access control
B. Role-based access control
Which of the following is a safe, isolated environment that replicates an end-user operating environment, within which code can be run, observed, and rated based on activity rather than attributes? A. Application-level whitelisting/blacklisting B. Host-based firewall C. Host-based intrusion detection D. Systems-based sandboxing
D. Systems-based sandboxing
A user reports difficulty accessing certain external web pages. When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address but different payloads. Which of the following could possibly explain the situation? A. Insufficient network resources B. Failure of full packet capture solution C. Misconfiguration of a web filter D. TCP injection
D. TCP injection
Which of the following is not related to SIEM system activity? A. Monitoring B. Service privileges C. Incident response and log auditing D. Total traffic encryption
D. Total traffic encryption
Which security monitoring data type is associated with application server logs? A. Alert data B. Statistical data C. Session data D. Transaction data
D. Transaction data
As a SOC analyst, Tom is suspicious that a MITM attack is underway. Which of the following traffic protocols should Tom investigate? A. ICMP B. POP3 C. ARP D. IPv6
C. ARP
Which of the following is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system? A. Application-level blacklisting B. Systems-based sandboxing C. Application-level whitelisting D. Host-based firewall
C. Application-level whitelisting
In which of the following cases should an employee return his laptop to the organization? A. When changing to a different role B. Upon termination of employment C. As described in the asset return policy D. When the lease for the laptop expires
C. As described in the asset return policy
Which identifier is used to describe the application or process that submits a log message? A. Action B. Selector C. Priority D. Facility
C. Priority
Which of the following refers to data that web content filtering provides? A. Information about the volume of computer storage usage B. Data about existing threats on the network C. Reports providing visibility of actual blocks and web usage D. Reports pertaining to additional tools running online
C. Reports providing visibility of actual blocks and web usage
Which of the following hash algorithms is the weakest? A. SHA-512 B. RSA 4096 C. SHA-1 D. SHA-256
C. SHA-1
Which term represents a weakness in a system that could lead to a system compromise? A. Vulnerability B. Threat C. Exploit D. Risk
A. Vulnerability
Which cryptographic key is contained in an X.509 certificate? A. Symmetric B. Public C. Private D. Asymmetric
B. Public
Which of the following describes malware in which rogue software code effectively holds a user's computer hostage until a fee is paid? A. DDoS B. Ransomware C. SQL injection D. Command injection
B. Ransomware
Which of the following is a code injection technique that launches malicious statements via input fields? A. DDoS B. SQLi C. Brute-force D. SSRF
B. SQLi
Which of the following are elements of X.509 certificates?(Choose two) A. Last name sign B. Signature algorithm ID C. Serial name D. Version number
B. Signature algorithm ID D. Version number
Which of the following is a technique used by cybercrooks to trick users into revealing confidential information? A. SQLi B. Social engineering C. MITM D. DDoS
B. Social engineering
Which of the following represents a mechanism that allows users to protect their privacy against a common form of internet surveillance known as traffic analysis? A. Access control list B. TOR C. TCPdump D. NetFlow
B. TOR
Which directory is commonly used in Linux systems to store log files, including syslog and Apache access logs? A. /etc/log B. /root/log C. /lib/log D. /var/log
D. /var/log
Which of the following is the maximum size of an IPv4 header? A. 32 bytes B. 60 bytes C. 64 bytes D. 20 bytes
D. 20 bytes
Which of the following is an IDS that monitors and analyzes data while logging malicious behavior? A. Host-based intrusion detection B. Windows Defender C. WireShark D. Network-based intrusion detection
A. Host-based intrusion detection
Which security monitoring data type requires the most storage space? A. Full packet capture B. Transaction data C. Statistical data D. Session data
A. Full packet capture
Which of the following is an advantage of NGFW over a firewall? A. Dynamic packet filtering B. Filtering packets based on applications C. Static packet filtering D. VPN support
B. Filtering packets based on applications
Which of the following is the correct definition of threat actors in cybersecurity? A. A person or group of people trying to perform malicious acts against organizations, whether unintentionally or intentionally B. A very strong hacking tool that helps commit maliciousacts against organizations C. Any malicious activity that occurs on mobile devices D. Offensive security professionals who are experts in attacking systems and breaking through defenses
A. A person or group of people trying to perform malicious acts
Which of the following is the correct definition of TCPdump? A. A program used for sniffing and filtering network traffic B. A program used to detect and remove unwanted malicious software from the system C. A program used to ensure the privacy of a certificate D. Technology used to automate IT operation management
A. A program used for sniffing and filtering network traffic
Which is the correct definition of an antivirus program? A. A program used to detect and remove unwanted malicious software from the system B. A program that provides real-time analysis of security alerts generated by network hardware and applications C. A program that scans a running application for vulnerabilities D. Rules that allow network traffic to pass in and out
A. A program used to detect and remove unwanted malicious software from the system
Which of the following encryption algorithms is the strongest? A.AES B.CES C.DES D.3DES
A. AES
Which of the following are Layer 2 network attacks?(Choose three) A. ARP attack B. Brute-force attack C. Spoofing attack D. DDoS attack E. VLAN hopping F. Botnet attack
A. ARP attack C. Spoofing attack E. VLAN hopping
Which of the following describes the advantages of application visibility and control? A. Applications and traffic in the network are controlled to protect assets against attacks and manage bandwidth. B. All documents are encrypted with a private key. C. Establishes a platform to test environments for unknown threats D. Provides a database that stores low-level settings for the operating system
A. Applications and traffic in the network are controlled to protect assets against attacks and manage bandwidth.
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context? A. Confidentiality, integrity, and availability B. Confidentiality, identity, and availability C. Confidentiality, integrity, and authorization D. Confidentiality, identity, and authorization
A. Confidentiality, integrity, and availability
Which two tasks can be performed by analyzing the logsof a traditional stateful firewall? (Choose two) A. Confirm the timing of network connections differentiated by the TCP 5-tuple. B. Audit applications used on a social networking website. C. Determine user IDs involved in an instant message exchange. D. Map internal private IP addresses to dynamically translated external public IP addresses. E. Identify a malware variant carried over an SMTP connection.
A. Confirm the timing of network connections differentiated by the TCP 5-tuple. D. Map internal private IP addresses to dynamically translated external public IP addresses.
Which of the following describes a situation in which an attacker can use injected scripts to change the content of a website or even redirect the browser to another web page that, for example, contains malicious code? A. Cross-site scripting B. SQL injection C. DDoS D. Command injection
A. Cross-site scripting
What are the advantages of full-duplex transmission mode, as opposed to half-duplex mode? (Select all correct answers) A. Each station can transmit and receive at the same time B. It avoids collisions C. It makes use of backofftime D. It uses a collision avoidance algorithm to transmit data
A. Each station can transmit and receive at the same time B. It avoids collisions
What may be responsible for making security monitoring for HTTPS traffic difficult? A. Encryption B. Large packet headers C. Signature detection takes longer D. SSL interception
A. Encryption
Which two actions are valid uses of public key infrastructure?(Choose two) A. Ensuring the privacy of a certificate B. Revoking the validation of a certificate C. Validating the authenticity of a certificate D. Creating duplicate copies of a certificate E. Changing ownership of a certificate
A. Ensuring the privacy of a certificate C. Validating the authenticity of a certificate
Which of the following represents the use of a vulnerability in a system that can help hackers breach a system? A. Exploit B. Threat C. Zero trust D. Vulnerability
A. Exploit
Which tool is commonly used by threat actors on a webpage to take advantage of software vulnerabilities on a system and spread malware? A. Exploit kit B. Root kit C. Vulnerability kit D. Script kiddie kit
A. Exploit kit
Which activity may be an example of social engineering? A. Receiving a call from the IT department asking you to verify your username/password to maintain your account. B. Receiving an invitation to your department's weekly WebEx meeting. C. Sending a verbal request to an administrator to change the password of an account the administrator recognizes. D. Receiving an email from MR requesting that you visit the secure HR website and update your contract information.
A. Receiving a call from the IT department asking you to verify your username/password to maintain your account.
Which network device is used to separate broadcast domains? A. Router B. Repeater C. Switch D. Bridge
A. Router
What is a trunk link used for? A. To transfer traffic of multiple virtual LANs B. To connect more than two switches C. To enable the Spanning Tree Protocol D. To encapsulate Layer 2 frames
A. To transfer traffic of multiple virtual LANs
Which of the following is true if the IDS identifies activity as an attack and the activity is actually an attack? A. True positive B. False negative C. True negative D. False positive
A. True positive
Which of the following is most commonly used in PPTP, L2TP/IPsec, SSTP, and OpenVPN? A. Tunneling B. STP C. P2P D. PAT
A. Tunneling
Which of the following allows you to create a secure connection to another network over the internet? A. VPN B. Proxy server C. Proxy chains D. None of the above
A. VPN
Which of the following describes the Zero Trust model? A. A unique trust model that establishes an encrypted connection between devices in a private network. B. A model designed to protect systems by requiring authentication for any device or person trying to access the network. C. A model that creates a blacklist that includes all devices that are not allowed to access resources. D. None of the above.
B. A model designed to protect systems by requiring authentication for any device or person trying to access the network.
Which definition of the virtual address space for a Windows process is true? A. Actual physical location of an object in memory B. A set of virtual memory addresses the process can use C. A set of pages that currently reside in physical memory D. A system-level memory protection feature built into the operating system
B. A set of virtual memory addresses the process can use
Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent across networks? A. Internet Control Message Protocol B. Address Resolution Protocol C. Session Initiation Protocol D. Transmission Control Protocol/Internet Protocol
B. Address Resolution Protocol
Which of the following describes SOAR? A. Helps improve enterprise networking processes by speeding up network traffic B. Collects data on security threats from a variety of sources and responds to security incidents without human assistance C. Collects data about user activity in the organization and provides remote help for errors D. A cybersecurity teamwork method for responding to events
B. Collects data on security threats from a variety of sources and responds to security incidents without human assistance
Which of the following is an attack that exploits a vulnerable application and executes commands on a remote host? A. MITM B. Command injection C. SQLi D. XSS
B. Command injection
Which type of attack can a traditional firewall protect a system against? A. Dumpster diving B. Denial-of-service (DoS) C. Phishing D. Shoulder surfing
B. Denial-of-service (DoS)
Which of the following is the case when an IDS does not identify an actual attack? A. True positive B. False negative C. True negative D. False positive
B. False negative
Which of the following describes the effect of encryption on data? A. Optimizes data traffic B. Scrambles a message or information so that only authorized parties can access it C. Ensures that information is not lost along the way and data is transferred more efficiently and securely D. Compresses information and saves storage space
B. Scrambles a message or information so that only authorized parties can access it
Based on which statement does the discretionary access control security model grant or restrict access? A. Discretion of the system administrator B. Security policy defined by the owner of an object C. Security policy defined by the system administrator D. Role of a user within an organization
B. Security policy defined by the owner of an object
Which statement about digitally signing a document is true? A. The document is hashed and then the document is encrypted with a private key. B. The document is hashed and then the hash is encrypted with a private key. C. The document is encrypted and then the document is hashed with a public key. D. The document is hashed and then the document is encrypted with a public key.
B. The document is hashed and then the hash is encrypted with a private key.
If a router has four interfaces and each interface is connected to four switches, how many broadcast domains are present on the router? A. 1 B. 2 C. 4 D. 8
C. 4
Which of the following describes the Threat Intelligence Platform (TIP)? A. A platform that provides testing environments for unknown threats B. Hardware that is installed on enterprise computers to provide updates about security threats C. A platform that gathers raw data to produce useable information for automated security control systems D. A unique trust platform that creates an encrypted connection between devices in a private network
C. A platform that gathers raw data to produce useable information for automated security control systems
Which definition of the IIS Log Parser tool is correct? A. A module for IIS that allows you to log into a database B. A data source control to connect to your data source C. A powerful, versatile tool that makes it possible to run SQL-like queries in log files D. A powerful versatile tool that verifies the integrity of log files
C. A powerful, versatile tool that makes it possible to run SQL-like queries in log files
Which of the following occurs when data exceeds its limits and overwrites memory locations? A. MITM B. Command injection C. Buffer overflow D. DDoS
C. Buffer overflow
Which term represents the chronological record of how evidence was collected, analyzed, preserved, and transferred? A. Chain of evidence B. Evidence chronology C. Chain of custody D. Record of safekeeping
C. Chain of custody
If a web server accepts input from the user and passes it to a Bash shell, to which attack method is it vulnerable? A. Input validation B. Hash collision C. Command injection D. Integer overflow
C. Command injection
Which property of information security does encryption support? A. Sustainability B. Integrity C. Confidentiality D. Availability
C. Confidentiality
Which of the following is an attack in which multiple systems flood the bandwidth? A. Brute-force B. SQLi C. DDoS D. XSS
C. DDoS
Which of the following describes a type of security access control that grants or restricts object access via policies determined by the object's owner? A. Rule-based access control B. Non-discretionary access control C. Discretionary access control D. Mandatory access control
C. Discretionary access control
Which type of attack occurs when a botnet is used to transmit requests from an NTP server to overwhelm the target? A. Man-in-the- middle B. Denial-of-service C. Distributed denial-of-service D. Replay
C. Distributed denial-of-service
Which of the following describes the benefit of using a load balancer? A. In-depth analysis of information traffic B. Encrypts all data with a private key C. Improves service availability and helps prevent downtime D. Stores low-level settings for the operating system
C. Improves service availability and helps prevent downtime
Which of the following is a process that allows two computers to use the same cryptographic algorithm? A. X.509 B. Cipher suite C. Key exchange D. PKCS
C. Key exchange
In security terms, which of the following describes the principle of least privilege (POLP)? A. Maintains regular network traffic to avoid overloads B. Enterprise data management system C. Restricts user permissions to the minimum required for their work D. Keeps computing systems up-to-date to improve protection
C. Restricts user permissions to the minimum required for their work
Which of the following refers to disassembling an object to see how it works and study its structure and behavior? A. Threat actor B. Threat hunting C. Reverse engineering D. Malware analysis
C. Reverse engineering
Stateful and traditional firewalls can analyze packets and judge them against a set of predetermined rules called access control lists (ACLs). Which of the following elements do they inspect within a packet?(Choose two) A. Session headers B. NetFlow flow information C. Source and destination ports and IP addresses D. Protocol information
C. Source and destination ports and IP addresses D. Protocol information
Which of the following terms represent types of cross-site scripting attacks? (Choose two) A. Directed B. Encoded C. Stored D. Reflected E. Cascaded
C. Stored D. Reflected
Which of the following is a disadvantage of a brute-force attack? A.Most passwords today are complex. B.The password may not be in the list or dictionary. C.The attack requires a lot of time and resources to succeed. D.Brute-force can only occur online.
C. The attack requires a lot of time and resources to succeed.
Which features must a next-generation firewall include? (Choose two) A.Data mining B.Host-based antivirus C.Application visibility and control D.Security information and event management E.Intrusion detection system
C.Application visibility and control E.Intrusion detection system
In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance, such as a firewall, before it could be fully established? A. ACK B. SYN ACK C. RST D. PSH, ACK
C.RST
Which definition of Windows Registry is correct? A. A set of pages that currently reside in physical memory B. A basic unit to which the operating system allocates processor time C. A set of virtual memory addresses D. A database that stores low-level settings for the operating system
D. A database that stores low-level settings for the operating system
Which of the following describes Defense in Depth (DiD)? A. Certification valued by cybersecurity professionals B. Software designed to help a cybersecurity department receive updates on the organization's security systems C. A platform that provides testing environments for unknown threats D. A series of layered protection mechanisms used to protect important data and information
D. A series of layered protection mechanisms used to protect important data and information
Which of the following describes the run book automation (RBA)? A. A system designed to enrich the IT department's knowledge of innovations in the field B. External hardware designed to protect enterprise computing systems by alerting the IT department about changes C. Maps internal private IP addresses to dynamically translated external public IP addresses D. A technology used to automate IT operations management
D. A technology used to automate IT operations management
Which of the following uses a set of rules that filter network traffic and can be configured on network devices with packet filtering capabilities, such as routers and firewalls? A. Next-gen firewall B. NetFlow C. Web content filtering D. Access control list
D. Access control list
Which of the following are metrics that can measure the effectiveness of a runbook? A. Mean time to repair (MTTR) B. Mean time between failures (MTBF) C. Mean time to discover a security incident D. All of the above
D. All of the above
Which situation indicates application-level whitelisting? A. Allow everything and deny specific executable files B. Allow specific executable files and deny other executable files C. Daily writing of application-based attacks on a whiteboard D. Allow specific files and deny everything else
D. Allow specific files and deny everything else
Which of the following refers to a situation in which computers in an organization are redirected to false websites? A. SQLi B. XSS C. DDoS D. DNS Spoofing
D. DNS Spoofing
Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke architecture. pxGrid is used to enable the sharing of contextual-based information from which devices? A. From a Cisco ASA to the Cisco OpenDNS service B. From a Cisco ASA to the Cisco WSA C. From a Cisco ASA to the Cisco FMC D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA
D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA
Which of the following protocols are used for email?(Choose two) A. NTP B. DNS C. HTTP D. IMAP E. SMTP
D. IMAP E. SMTP
Which of the following represents the practice of giving employees only permissions necessary to perform their specific role within an organization? A. Integrity validation B. Due diligence C. Need to know D. Least privilege
D. Least privilege
Which of the following is an attack in which the attacker secretly relays and possibly alters communication between two parties? A. XSS B. SQLi C. Brute-force D. MITM
D. MITM
Which definition of a fork in Linux is true? A. Daemon to execute scheduled commands B. Parent directory name of a file pathname C. Macros for manipulating CPU sets D. New process created by a parent process
D. New process created by a parent process
Which of the following refers to data that email content filtering provides? A. In-depth analysis of information traffic B. A report on the remaining storage volume for email use C. Information about contacts frequently communicated with via email D. Probability that messages are legitimate or spam
D. Probability that messages are legitimate or spam
According to RFC 1035, which transport protocol is recommended for use with DNS queries? A. Transmission Control Protocol B. Reliable Data Protocol C. Hypertext Transfer Protocol D. User Datagram Protocol
D. User Datagram Protocol