CCNA Cybersecurity Operations (Version 1.1) - CyberOps Chapter 10 Exam
Which statement describes agentless antivirus protection? The antivirus protection is provided by the ISP. Antivirus scans are performed on hosts from a centralized system. Host-based antivirus systems provide agentless antivirus protection. The antivirus protection is provided by the router that is connected to a cloud service.
Antivirus scans are performed on hosts from a centralized system.
On a Windows host, which tool can be used to create and maintain blacklists and whitelists? Group Policy Editor Local Users and Groups Computer Management Task Manager
Group Policy Editor
The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.) 802.1x authentication FTP transfers HTTPS web service local NTP server file and directory access permission
HTTPS web service 802.1x Authentication
What is the first step taken in risk assessment? Perform audits to verify threats are eliminated. Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness. Establish a baseline to indicate risk before security controls are implemented. Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.) Impact metrics Confidentiality Requirement Exploitability Exploit Code Maturity Modified Base
Impact metrics Exploitability
What is a host-based intrusion detection system (HIDS)? It is an agentless system that scans files on a host for potential malware. It combines the functionalities of antimalware applications with firewall protection. It detects and stops potential direct attacks but does not scan for malware. It identifies potential attacks and sends alerts but does not stop the traffic.
It combines the functionalities of antimalware applications with firewall protection.
Which statement describes the anomaly-based intrusion detection approach? It compares the operations of a host against a well-defined security policy. It compares the signatures of incoming traffic to a known intrusion database. It compares the behavior of a host to an established baseline to identify potential intrusions. It compares the antivirus definition file to a cloud based repository for latest updates.
It compares the behavior of a host to an established baseline to identify potential intrusions.
Which statement describes the term iptables? It is a file used by a DHCP server to store current active IP addresses. It is a rule-based firewall application in Linux. It is a DHCP application in Windows. It is a DNS daemon in Linux.
It is a rule-based firewall application in Linux.
Which statement describes the Cisco Threat Grid Glovebox? It is a sandbox product for analyzing malware behaviors. It is a network-based IDS/IPS. It is a firewall appliance. It is a host-based intrusion detection system (HIDS) solution to fight against malware.
It is a sandbox product for analyzing malware behaviors.
Which statement describes the term attack surface? It is the total number of attacks toward an organization within a day. It is the total sum of vulnerabilities in a system that is accessible to an attacker. It is the network interface where attacks originate. It is the group of hosts that experiences the same attack.
It is the total sum of vulnerabilities in a system that is accessible to an attacker.
Which statement describes the use of a Network Admission Control (NAC) solution? It provides network access to only authorized and compliant systems. It provides endpoint protection from viruses and malware. A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint. It provides filtering and blacklisting of websites being accessed by end users.
It provides network access to only authorized and compliant systems.
Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information? Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Federal Information Security Management Act of 2002 (FISMA) Sarbanes-Oxley Act of 2002 (SOX)
Sarbanes-Oxley Act of 2002 (SOX)
If the entrepreneur decides to go with Linux server, how are services handled differently from how Windows server services would be handled? The services are managed using configuration files. Services can only be managed from the Administrator account. Services use only TCP port numbers because they are more secure. The PowerShell environment can be used to make configuration changes.
Services can only be managed from the Administrator account.
provides dynamic IP addresses to authenticated endpoints
advanced malware protection
provides endpoint protection from viruses and malware
advanced malware protection
behavior-based
analyzing suspicious activities
Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification? assess verify prioritize assets discover
assess
Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component? user interaction attack complexity attack vector privileges required
attack vector
Which type of antimalware software detects and mitigates malware by analyzing suspicious activities? signature-based packet-based behavior-based heuristics-based
behavior-based
Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites? HIDS blacklisting baselining whitelisting
blacklisting
signature-based
blank
For network systems, which management system addresses the inventory and control of hardware and software configurations? asset management vulnerability management configuration management risk management
configuration management
provides filtering of SPAM and potentially malicious emails before they reach the endpoint
email security appliance
The company will be using both Linux- and Windows-based hosts. Which two solutions would be used in a distributed firewall network design? (Choose two.) iptables SIEM Snort Windows Firewall Wireshark
iptables, Windows Firewall
Which statement describes the threat-vulnerability (T-V) pairing? It is the advisory notice from a vulnerability research center. It is the comparison between known malware and system risks. It is the detection of malware against a central vulnerability research center. It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
it is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
permits only authorized and compliant systems to connect to the network
network admission control
heuristics-based
recognizing general features shared by various types of malware
Agent-based
recognizing various characteristics of known malware files
In addressing an identified risk, which strategy aims to stop performing the activities that create risk? risk reduction risk avoidance risk sharing risk retention
risk avoidance
The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk? risk sharing risk retention risk reduction risk avoidance
risk reduction
In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences? risk reduction risk sharing risk retention risk avoidance
risk retention
When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination? critical asset address space ports used total throughput session duration
session duration
What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file? heuristic-based agent-based behavior-based signature-based
signature-based
Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks? workstation server switch firewall
switch
In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location? safe browsing intrusion detection and prevention anti-phishing telemetry
telemetry
Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two) scope user interaction attack complexity attack vector privileges required
user interaction attack complexity
In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities? penetration testing strength of network security testing vulnerability assessment risk analysis
vulnerability assessment
provides filtering of websites and blacklisting before they reach the endpoint
web security appliance
