CCNA Cyber Ops 210-250 SECFND Questions
UDP is commonly used for DNS queries. TCP can be used for DNS zone transfers. What is the protocol number for UDP? A. 17 B. 1 C. 6 D. None of the other provided answers are correct
A
What is steganography? A. Concealing data, such as a message or image, within another file B. Using SSL/TLS to protect data C. Using IPsec to protect data D. Sending sensitive company data in an email
A
What is the primary purpose of the Domain Name System? A. To resolve names to IP addresses. B. To filter traffic (using ACLs) through the network. C. To hand out dynamically assigned IP addresses. D. To resolve IP addresses to other IP addresses.
A
Which of the following binary values represents the decimal number 225? A. 11100001 B. 10100001 C. 11010001 D. 11100011
A
Which of the following are true? (Choose five) A. /var/log is a commonly used location to store log files B. ps -e shows all processes that are running C. A spoon is a new process created by a parent process D. A fork is a new process created by a parent process E. ls -l shows attributes of a file or directory, including permissions and ownership F. /var/log is a commonly used location to store program files G. A daemon is a long running program that runs in the background
ABDEG
Match the protocol with the appropriate layer or function: 1. TCP 2. IP 3. UDP 4. ICMP A. Connection oriented B. Connectionless C. Network Layer D. Used for protocol management
ACBD
Match the type of data with its correct source. 1. Connection event 2. Alert data 3. App transaction data 4. Full packet capture 5. Network trends A. Stateful firewall log B. Web or app server log C. IPS/IDS log D. NetFlow data E. Wireshark or TCP Dump
ACBED
Place the social engineering phases in the correct order. A. Research B. Exploit relationship C. Choose individual victim D. Build relationship
ACDB
Which of the following are included as part of the DHCP 4 packet exchange? (Choose four) A. Request B. Response C. Offer D. Discover E. Acknowledge F. Open
ACDE
Which of the following are L2 or switch related attack types? (Choose three) A. Spanning Tree Protocol (STP) redirection B. Phishing emails to executives (Whaling) C. VLAN hopping D. Phishing emails to select groups in an organization (Spear Phishing) E. ARP poisoning F. Shoulder surfing
ACE
Which of the following are commonly found in an X.509 v3 digital certificate? (Choose three) A. Signature of CA B. Compressed and encrypted file C. Subject name D. .zip file E. Validity date
ACE
SQL injection is dangerous, as it allows the attacker to potentially _____? (Choose two) A. send commands to be processed by the backend SQL server B. discover endpoints on the network that have TCP port 80 open C. perform a man in the middle attack against the internal servers D. bypass authentication
AD
What does the CIA acronym specifically represent? (Choose three) A. Integrity B. Intelligence-based IPS C. Control D. Availability E. Confidentiality F. Access
ADE
Which of the following are true? (Choose three) A. Multicast traffic is intended for a group of devices. B. Multicast traffic is intended for a single device. C. Multicast traffic is intended for all devices. D. Hub networks are wired as a hub but logically act as a star. E. CSMA/CD is needed in a network that uses hubs. F. CSMA/CD is needed in a network that uses switches. G. Hub networks are wired as a star but logically act as a bus.
AEG
What is the decimal value for the binary number 10101010 ? A. 124 B. 170 C. 252 D. 224
B
Which of the following are flags that can be set in a TCP header? (Choose all that apply) A. Destination IP address B. Destination MAC address C. Acknowledgement D. Syn E. Source IP address F. Source MAC address
CD
Which of the following are true? (Choose two) A. HTTP uses the transport protocol of TCP B. DNS queries use the transport protocol of UDP C. HTTP uses the data-link layer protocol of TCP D. DNS queries use the network layer protocol of UDP E. ICMP uses the transport layer protocol of UDP
AB
Which of the following are true? (Choose three) A. A TCP RST indicates a termination of a TCP session B. NTP should be used to assist in correlation of events and logs across the network C. NetFlow can be used to see trends on the network without performing full packet captures D. Only a full packet capture utility can identify a trend or anomaly on the network E. NetFlow stores data on a collector as plain text with a .txt extension
ABC
Which of the following methods could be used as part of a DDoS attack? (Choose all that apply) A. Volumetric B. TCP-State C. Fragmentation D. HTTP Flood E. Botnet
ABCDE
Where can AMP be leveraged? (Choose four) A. NGIPS B. ESA C. WSA D. Layer 2 switches E. Endpoints
ABCE
Which model of access control used sensitivity labels on data? A. RBAC B. MAC C. ABAC D. DAC
B
When can a switch learn all the MAC addresses on the network? A. When each device has received at least one frame from the switch B. The switch will never learn every MAC address of connected devices C. When each device has sent at least one frame into the switch D. Only after each device has sent at least two frames into the switch
C
Where does the Cisco Web Security solution logically reside? (Choose the best answer) A. Between the user and a local WSA B. Between the user and the CWS service C. Between the user and the Internet resource they are attempting to access D. Between the local router and remote router
C
Which of the following could be symptoms of an amplification attack? (Choose the best 3 answers) A. TCP connections to servers in foreign countries B. Abnormally high levels of NTP traffic C. Host receiving replies that it did not make requests for D. TCP 3-way handshakes being completed for HTTP sessions E. Abnormally high levels of DNS traffic
BCE
Which of the following is an international standard and has guidelines for managing risk? A. None of the other answers are correct B. IOS 6783 C. ISO 6783 D. IOS 31000 E. ISO 31000
E
Which of the following is true? A. ARP replies are sent as a layer 2 broadcast B. ARP requests are forwarded only to the device that has the IP address being queried C. ARP replies are forwarded to all other devices in the same VLAN D. ARP acknowledgements are forwarded to all other devices in the same VLAN E. ARP requests are forwarded to all other devices in the same VLAN
E
The client uses its DHCP request to discover if there is a DHCP server on the network. True or false?
F
What are the actual names/layers that are used by the TCP/IP protocol suite today? A. Physical, Data Link, Network, Transport, Session, Presentation, Application B. Physical, Data Link, Internet, Transport, Application C. Logical, Data Link, Network, Transport, Application D. Physical, Data Link, Transport, Network, Application E. Network Access, Internet, Transport, Application F. Physical, Data Link, Network, Transport, Application
F
Which of the following is NOT a traditional method for an IDS/IPS to identify malicious traffic? A. Anomaly-based B. Protocol Analysis C. Pattern matching D. Heuristics E. Global-threat correlation F. All the other provided answers are correct
F
Hashing can be used for _____. (Choose the best answer) A. data integrity B. reverse engineering C. encryption D. confidentiality
A
How does a switch learn which port can be used to reach a specific Layer 2 MAC address? A. It learns it from the source MAC address of incoming frames B. It learns it from the source MAC address of outgoing frames C. It learns it from the source IP address of incoming frames D. It learns it from the destination MAC address of incoming frames
A
If a client makes a request for HTTP services, which port will the responding server use for the destination TCP port? A. The original source port used by the client B. The original source port used by the server C. The original listening port used by the server D. The original destination port used by the client
A
In a TCP three-way handshake, which ACK is expected with a SYN request of 6783? A. 6784 B. 6782 C. 0 D. 1 E. There would be no acknowledgement
A
In which layer are VLANs implemented? A. Layer 4 firewall ports B. Layer 2 switch ports C. Layer 1 firewall ports D. At the application layer E. Layer 3 router ports
B
Which are common to both network-based IDS and IPS systems? A. Both are inline with the traffic B. Both identify malicious traffic C. Both are not inline with the traffic D. Both can prevent malicious traffic from reaching the intended destination
B
Which aspect of cryptography provides the benefit of confidentiality? A. Hashing B. Encryption C. Authentication D. Digital Signatures
B
Which best describes a weakness of a system that may be taken advantage of? A. Threat B. Vulnerability C. Exposure D. Risk
B
Which is a feature that would be found in an NGFW but not in a traditional firewall? A. Packet filtering using an ACL B. Deep packet inspection and application awareness C. Stateful filtering D. Cisco Express Forwarding
B
Which of the following is an example of Cisco's implementation of switch port mirroring? A. EIGRP B. SPAN C. NSPA D. EIEIO E. PSAN
B
Which of the following is true regarding the OSI model? A. Network layer can facilitate reliable delivery based on the application being used B. Transport layer can facilitate reliable delivery based on the application being used C. Data Link layer can facilitate reliable delivery based on the application being used D. Abstract layer can facilitate reliable delivery based on the application being used
B
Which of the following is used for DNS queries? A. ICMP:53 B. UDP:53 C. TCP:53 D. IP:53
B
Which of the following represents the protocol and port number that belongs to NTP? A. TCP:123 B. UDP:123 C. IP:123 D. ICMP:123
B
Which symmetrical encryption protocol is the strongest? A. 3DES B. AES C. RSA D. DES
B
Match the items with the attributes related to them. 1. FMC 2. Syslog 3. SNMP 4. Runbook A. Uses facilities to identify the app or process that generated the message B. Can export events to HTML, PDF, and CSV C. Uses trap messages D. List of procedures to follow
BACD
Match the PDU with the layer it uses: 1. Packet 2. Segment 3. Bit 4. Frame A. Layer 4 B. Layer 3 C. Layer 2 D. Layer 1
BADC
Which of the following methods may be used to communicate which certificate(s) have been revoked by a CA? (Choose two) A. OSCP B. CRL C. OCSP D. IPsec E. Telnet
BC
Which of the following are benefits of Host-based IDS/IPS compared to Network-based IDS/IPS (Choose all that apply) A. Can identify a network scan looking for TCP port 80 on all network devices B. App white-listing can be implemented on specific machines C. Can look at the details of an encrypted file, when the OS decrypts it. D. Can have more granular and/or tighter controls for critical systems E. Can protect un-managed devices or non-supported OS's
BCD
Which of the following are true? (Choose five) A. A process is a virtual area of memory B. The Windows registry is a database of settings for the OS and apps C. An orphaned process shows as still running, even though the parent process is terminated D. WMI can be used for remote management of Windows systems in an enterprise E. Virtual memory address space is allocated and used by a process F. A process is a running program G. A child process can't remain running if the parent process abruptly terminates H. A Windows process is a database of settings for the OS and apps
BCDEF
Which of the following are commonly used as part of PKI? (Choose three) A. SSH B. PCKS #12 C. PKCS #7 D. ESP E. PKCS #10
BCE
Which of the following can leverage an ACL (Access Control List)? (Choose all that apply) A. Decreasing link capacity B. Filtering traffic C. Network Address Translation D. Increasing link bandwidth E. Quality of Service
BCE
Which of the following statements are true? (Choose three) A. The host portion of an IP address represents the network B. The address 175.88.3.49 is an example of a class B address C. IP Addresses are written in dotted decimal D. The address 175.88.3.49 is an example of a class A address E. The mask identifies which part of an IP address represents the network F. IP Addresses are written in binary G. The address 175.88.3.49 is an example of a class C address
BCE
Which of the following are true? (Choose three) A. L2 address names include IP, Ethernet, and logical B. L2 address names include physical, Ethernet, and MAC C. L2 Ethernet addresses are represented as 48 Hex characters D. L2 Ethernet addresses are represented as 12 Hex characters E. L2 Ethernet addresses are 48 bits long F. L2 Ethernet addresses are 12 bits long
BDE
Which of the following are true regarding Cross-site Scripting? (Choose four) A. Always uses a botnet B. Can be stored on the server C. Involves port scanning to discover services D. XSS is a type of injection attack E. Can be reduced by input validation in the Web application F. Can be reflective
BDEF
Within a packet that is going out to the internet, which of the following is translated with PAT? (Choose two) A. Both Source and Destination IP B. Source Port C. Destination Port D. Destination IP E. Source IP F. Both Source and Destination Port
BE
Match the role with its respective function: 1. Secret Agent 007 (Presentation layer) 2. Mail Room (Network layer) 3. Scribe (Application layer) 4. Middle Manager (Transportation layer) 5. Envelope Stuffer (Data link layer) 6. Lawyer (Session layer) 7. FedEx (Physical layer) A. Provides a service directly to the king B. May do encryption or translation C. Manages king's affairs and sessions D. May perform reliability services or chop up messages into smaller pieces E. Adds labels and addresses F. Implements correct framing G. Transfers data from point A to point B
BEADFCG
An ARP spoofing/poisoning attack primarily takes advantage of which layer? A. Layer 1 B. Layer 3 C. Layer 2 D. Layer 4
C
Separation of Duties is which type of control? A. Physical B. Inductive C. Administrative D. Technical
C
What does a router use to make forwarding decisions? A. Layer 1 Addresses B. Layer 4 Addresses C. Layer 3 Addresses D. Layer 2 Addresses E. Physical Addresses
C
What is the significant difference between NAT and PAT? A. PAT uses a one to one relationship B. NAT uses ports for tracking translations C. NAT uses a one to one relationship D. NAT uses a many to one relationship
C
Which of the following best explains the function of the IPv4 mask? A. It divides the inside from the outside. B. It divides the transport layer from and network layer. C. It divides the network on the left from the host portion on the right. D. It divides the host on the left from the network portion on the right.
C
Which of the following decimal values represents the binary number 10000110 ? A. None of the other answers are correct B. 143 C. 134 D. 431 E. 228
C
Which of the following is used on a trunk to indicate the VLAN a frame is associated with? A. 802.11i tag B. 802.11 tag C. 802.1Q tag D. 802.1D tag
C
Match the attack or evasion method with its properties. 1. Resource Exhaustion 2. TCP Injection 3. Traffic Fragmentation 4. Pivot 5. Rogue DHCP server A. Same source/destination IP addresses and sequence numbers but different payload B. Clients have incorrect DNS or default gateway information C. Thousands of alerts being artificially generated D. Launching more attacks from a compromised system E. Hiding an attack among multiple smaller packets
CAEDB
Which of the following are accurate? (Choose two) A. "switchport access mode" is used on Cisco to configure an access port B. "switchport trunk mode" is used on Cisco to configure a trunk port C. "switchport mode trunk" is used on Cisco to configure a trunk port D. "switchport mode access" is used on Cisco to configure an access port
CD
Which of the following are true? (Choose two) A. Users primarily interact directly with the back-end SQL server when using a web based application B. Web application servers that use SQL always use a local SQL database on the same server that's running the web based application C. Users interact primarily with the server that's running a web based application but not the SQL server directly D. Web application servers may interact with 1 or more SQL servers on the back end E. SQL is used to control and reduce network based port scanning
CD
Which of the following are true regarding Cisco's Email security solutions? (Choose three) A. Is only available as a hosted cloud service (CES) B. Is only available as a physical appliance (ESA) C. Authentication and encryption services are available D. DLP is a feature E. AMP is used
CDE
Which of the following are true? (Choose three) A. Java is risky because the JVM doesn't support sand-boxing B. Greylisting can be used to allow only specific applications to run C. Google Chromium uses a sandboxing approach D. Network-based IPS runs on a local host or endpoint E. HIPS/HIDS runs on a local host or endpoint F. Blacklisting can be used to allow only specific applications to run G. Whitelisting can be used to allow only specific applications to run
CEG
An access list is an example of which type of control? A. Elementary B. Physical C. Administrative D. Technical
D
What does a DNS server do when it learns the IP addresses of name servers? A. It sends all that information to the client. B. It places them in the ARP cache C. It sends the information to a DNS server. D. It caches the information.
D
What is another way of describing a Virtual Local Area Network (VLAN)? A. IP routing domain B. Layer 3 forwarding domain C. Layer 1 broadcast domain D. Layer 2 broadcast domain
D
Which of the following allows a client's private address to be communicated over the public Internet? A. It is allowed if class C B. By default, they are allowed with the correct service agreement C. The Internet allows specific private addresses D. Translation
D
Which of the following is the MOST important, regarding preventing a successful social engineering attack? A. Technical controls B. Physical control C. Administrative controls D. User training
D
Which of the following networks match a host with an IP address of 12.67.83.254 and a mask of 255.255.0.0? A. The network is 12.67.0.0 /12 B. The network is 12.67.0.0 /8 C. The network is 12.67.0.0 /24 D. The network is 12.67.0.0 /16
D
Which security objective is implemented through encryption? A. Access B. Availability C. Integrity D. Confidentiality
D
Match the following items: 1. LDAPS 2. HTTPS 3. RDP 4. SSH 5. TFTP 6. SMTP 7. NTP A. UDP:123 B. TCP:443 C. TCP:3389 D. TCP:636 E. TCP:25 F. TCP:22 G. UDP:69
DBCFGEA
Match the protocols with their well-known ports: 1. FTP 2. DNS 3. HTTP 4. Telnet A. TCP:80 B. TCP:23 C. UDP:53 D. TCP:21
DCAB
A CAM table overflow attack attempts to take advantage of how a layer 2 switch learns and retains MAC addresses. True or false?
T
A CAM table overflow attack is an example of a Layer 2 based attack. True or false?
T
A buffer overflow or overrun can overwrite adjacent memory locations. True or false?
T
A digital signature is accomplished by creating a hash and encrypting that hash with the sender's private key. True or false?
T
A phishing attack is an example of a social engineering attack. True or false?
T
Adding an application with SQL injection vulnerabilities will increase the attack surface of that app/system. True or false?
T
Dynamic ARP Inspection (DAI) can use the DHCP snooping table as part of the information it uses to enforce policing. True or false?
T
If a web-based application takes user input and passes it directly to the BASH shell of the underlying OS, the system could be vulnerable to command injection. True or false?
T
Malware, as used with a botnet, may periodically connect to a command and control network to get updates and/or new instructions. True or false?
T
Planning ahead is one of the most important aspects of preventing a DoS or DDoS attack. True or false?
T
Shellshock is an example of a command injection/code execution vulnerability. True or false?
T
