CCNA Cybersecurity Operations (Version 1.1) - CyberOps Chapter 10 Exam

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which statement describes agentless antivirus protection? The antivirus protection is provided by the ISP. Antivirus scans are performed on hosts from a centralized system. Host-based antivirus systems provide agentless antivirus protection. The antivirus protection is provided by the router that is connected to a cloud service.

Antivirus scans are performed on hosts from a centralized system.

On a Windows host, which tool can be used to create and maintain blacklists and whitelists? Group Policy Editor Local Users and Groups Computer Management Task Manager

Group Policy Editor

The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.) 802.1x authentication FTP transfers HTTPS web service local NTP server file and directory access permission

HTTPS web service 802.1x Authentication

What is the first step taken in risk assessment? Perform audits to verify threats are eliminated. Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness. Establish a baseline to indicate risk before security controls are implemented. Identify threats and vulnerabilities and the matching of threats with vulnerabilities.

Identify threats and vulnerabilities and the matching of threats with vulnerabilities.

Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.) Impact metrics Confidentiality Requirement Exploitability Exploit Code Maturity Modified Base

Impact metrics Exploitability

What is a host-based intrusion detection system (HIDS)? It is an agentless system that scans files on a host for potential malware. It combines the functionalities of antimalware applications with firewall protection. It detects and stops potential direct attacks but does not scan for malware. It identifies potential attacks and sends alerts but does not stop the traffic.

It combines the functionalities of antimalware applications with firewall protection.

Which statement describes the anomaly-based intrusion detection approach? It compares the operations of a host against a well-defined security policy. It compares the signatures of incoming traffic to a known intrusion database. It compares the behavior of a host to an established baseline to identify potential intrusions. It compares the antivirus definition file to a cloud based repository for latest updates.

It compares the behavior of a host to an established baseline to identify potential intrusions.

Which statement describes the term iptables? It is a file used by a DHCP server to store current active IP addresses. It is a rule-based firewall application in Linux. It is a DHCP application in Windows. It is a DNS daemon in Linux.

It is a rule-based firewall application in Linux.

Which statement describes the Cisco Threat Grid Glovebox? It is a sandbox product for analyzing malware behaviors. It is a network-based IDS/IPS. It is a firewall appliance. It is a host-based intrusion detection system (HIDS) solution to fight against malware.

It is a sandbox product for analyzing malware behaviors.

Which statement describes the term attack surface? It is the total number of attacks toward an organization within a day. It is the total sum of vulnerabilities in a system that is accessible to an attacker. It is the network interface where attacks originate. It is the group of hosts that experiences the same attack.

It is the total sum of vulnerabilities in a system that is accessible to an attacker.

Which statement describes the use of a Network Admission Control (NAC) solution? It provides network access to only authorized and compliant systems. It provides endpoint protection from viruses and malware. A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint. It provides filtering and blacklisting of websites being accessed by end users.

It provides network access to only authorized and compliant systems.

Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information? Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Federal Information Security Management Act of 2002 (FISMA) Sarbanes-Oxley Act of 2002 (SOX)

Sarbanes-Oxley Act of 2002 (SOX)

If the entrepreneur decides to go with Linux server, how are services handled differently from how Windows server services would be handled? The services are managed using configuration files. Services can only be managed from the Administrator account. Services use only TCP port numbers because they are more secure. The PowerShell environment can be used to make configuration changes.

Services can only be managed from the Administrator account.

provides dynamic IP addresses to authenticated endpoints

advanced malware protection

provides endpoint protection from viruses and malware

advanced malware protection

behavior-based

analyzing suspicious activities

Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification? assess verify prioritize assets discover

assess

Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component? user interaction attack complexity attack vector privileges required

attack vector

Which type of antimalware software detects and mitigates malware by analyzing suspicious activities? signature-based packet-based behavior-based heuristics-based

behavior-based

Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites? HIDS blacklisting baselining whitelisting

blacklisting

signature-based

blank

For network systems, which management system addresses the inventory and control of hardware and software configurations? asset management vulnerability management configuration management risk management

configuration management

provides filtering of SPAM and potentially malicious emails before they reach the endpoint

email security appliance

The company will be using both Linux- and Windows-based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two.) iptables SIEM Snort Windows Firewall Wireshark

iptables, Windows Firewall

Which statement describes the threat-vulnerability (T-V) pairing? It is the advisory notice from a vulnerability research center. It is the comparison between known malware and system risks. It is the detection of malware against a central vulnerability research center. It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.

it is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.

permits only authorized and compliant systems to connect to the network

network admission control

heuristics-based

recognizing general features shared by various types of malware

Agent-based

recognizing various characteristics of known malware files

In addressing an identified risk, which strategy aims to stop performing the activities that create risk? risk reduction risk avoidance risk sharing risk retention

risk avoidance

The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk? risk sharing risk retention risk reduction risk avoidance

risk reduction

In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences? risk reduction risk sharing risk retention risk avoidance

risk retention

When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination? critical asset address space ports used total throughput session duration

session duration

What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file? heuristic-based agent-based behavior-based signature-based

signature-based

Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks? workstation server switch firewall

switch

In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location? safe browsing intrusion detection and prevention anti-phishing telemetry

telemetry

Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two) scope user interaction attack complexity attack vector privileges required

user interaction attack complexity

In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities? penetration testing strength of network security testing vulnerability assessment risk analysis

vulnerability assessment

provides filtering of websites and blacklisting before they reach the endpoint

web security appliance


Ensembles d'études connexes

Common Size Income Statement Preparation

View Set

Anatomy Lecture 6 - Pelvic Cavity

View Set

BUSINESS DYNAMICS COMPREHENSIVE EXAM

View Set

Engage Fundamentals RN: Vital Signs

View Set

Roll of Thunder, Hear My Cry Chapter 10-12

View Set

Chapter 12 NCLEX Review (website)

View Set