Cycle 18 CCNA CyberOps

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What does Cisco AMP do when it detects an unknown file received on an endpoint?

it submits the file to the cloud for future analysis

To ensure sysinternal toll runs properly on windows

run sysinternal tool as admin

Linux fork

running program creating a copy of itself

Linux command scp

secure copy file from source to destination

What can cause a handle leak?

A handles thats not released after being used

PXgrid is used to enable the sharing of contextual-based information from which devices?

From a Cisco ISE session directory to other policy network systems, such as Cisco IoS devices and the Cisco ASA

Buffer Overflow Attack

Goal- find system memory-related flaw on a server & exploit it. Exploiting the buffer memory by overwhelming it with unexpected values

ARP Ethertype / IPv4 Ethertype

0x806 / 0x800

If the parent process is terminated before its children, what will the PPID column show in the ps command?

1

Used in Cisco TrustSec architecture to provide link-level encryption

MACSec

Hashing Algorithms (weakest to strongest)

MD5, SHA1, SHA2

IIS log parser tool

powerful, versatile tool that makes it possible to run SQL-like queries against log files

Network socket information includes...

protocol, port, and ip address

Cryptographic key contained in an X.509 certificate

public key

If an engineering server's risk of being hacked is assigned a risk level of very high, which assessment strategy is being used?

qualitative

Uses for nslookup

query DNS servers for A records, display the default DNS server, display all the mail servers for a domain

Used to pass multiple virtual LANs

trunk link

CA in a PKI deployment

trusted 3rd party that signs the public keys; issues either a certificate revocation list or uses an OCSP process to determine certificate validity

WMI cannot be used to...

uninstall an application

Pins monitored by a network tap

TX pin on inbound, TX pin on outbound

Fork System vs Exec System

Fork system call creates a new kernel instance. Exec system call executes a command within the current kernel instance.

Default location in Linux for the syslog or rsyslog config file

/etc directory

File which can be referenced to show the boot parameters processed by the boot loader

/proc/cmdline

2 true statements regarding malvertisements

1. are sometimes set up to affect all visitors to a site during a specific period of time 2. affect both trustworthy & untrustworthy sites

3 changes in modern networks that require enhances security

1. widely known and open ports. 2.global connectivity of internet 3.increased complexity of OS and application software

Router with 4 interfaces, each connected to four switches; how many broadcast domains?

4

Port access control tech that allows dynamic authorization policy to be downloaded from the authentication server

802.1X

During incident investigations, what does the AMP for endpoints device trajectory feature show?

Actions that have been performed on the victims host

Collision Attacks

An attempt to find two input strings of a hash function that produce the same hash result

Practical usage of the Diamond model

Analytical pivoting

Examples of exploit kits

Angler & Blackhole

two data items that an analyst can learn about a data exfiltration alarm by using Cisco stealthwatch

Application or protocol used to transfer data + IP address to which data sent

Where is EAPol traffic seen?

Between supplicant & authenticator

RADIUS exchange happens

Between the network access server & the authentication server

Software that can enable you to encrypt files on your hard drive

Bitlocker

Two IT security control frameworks offering good starting points & can be used together

COBIT & ISO/IEC 27002:2013

Used by Cisco AVC to provide deep packet inspection tech to identify a wide variety of applications within a network flow using layer3-layer7 data

Cisco Network-based Application Recognition version 2 (NBAR2)

Cisco cloud security solutions

Cloudlock & Open DNS

3 factors that contribute to CVSS score

Confidentiality, privileges, and availability

Important distinctions of HTTP

Cookie info is sent in response header, request header, and is stored on the clients browser

Option used by Diffie-Hellman to determine strength of key used in a key agreement process

DH Group

one way to mitigate DHCP attacks using a Cisco switch

DHCP snooping

2 protocols often used for DDOS amplification attacks

DNS & NTP

DNS tunneling tool example

DNScapy

DNS tunneling tools

DNScapy, dns2tcp, DeNiSe

Why are enterprises reluctant to move to cloud-based security services

Data within cloud is not natively secure, and customer data breaches are a major concern for enterprises

Established attacks can be detected by which 3 methods

Decent set of IPS signatures applied, updated anti-virus signatures, and updated IP/domain blacklists

Best defense for traffic fragmentation attacks

Deploying a proxy or inline security solution

Transparent proxy vs Explicit proxy deployment

Deploying an explicit proxy configuration, the client-web browser must be statically set to use HTTP proxy specifically

AAA protocol allows for capability exchange

Diameter

Depending on the version of Netflow, a network infrastructure device can gather...

Differentiated services codepoint (DSCP), device's input interface, TCP flags, and Type of Service (TOS) byte

Asymmetrical Encryption Algorithms

Diffie-Hellman key exchange protocol, RSA, EIGamal, Digital Signature Algorithm (DSA), and Elliptic Curve Cryptography (ECC)

2 fields within an X.509v3 and entity certificate

Digital signature & public key associated with the subject

Classless routing protocols

EIGRP, OSPF, RIPv2

ICMP messages used by ping command

Echo Request & Echo Reply

Evasion Methods

Encryption + tunneling, resource exhaustion, traffic fragmentation, protocol level misinterpretation, traffic substitution, traffic insertion, pivoting, and rootkits

Attributes exchanged in IKEv1 phase 1

Encryption algorithms, hashing algorithms, Diffie-Hellman Groups, Vendor-specific attributes

File & folder attributes that can help with application whitelisting

File path, file name, and file size

HTTP method used to request a response without the response body

HEAD

What type of security tool is OSSEC?

HIDS

Big data analytics tech used by several frameworks in SOCs

Hadoop

DNS tunneling attack

Hides malicious instructions inside DNS queries and responses

3 options needed for a host to ping another host on the same network

ICMP echo request+reply, Source & Destination IP addresses, and Source & Destination MAC addresses

two techniques an attacker will utilize to have a client send packets to the wrong gateway

ICMP redirect & ARP poisoning

Required command on interface to apply ACL as packet filter

IP access-group

Cisco switches can incorporate VLAN traffic into a trunk using these two methods

ISL & 802.1Q

Which IP header field is used to recognize fragments from the same packet?

Identification

Why is using ECDHE_ECDSA stronger than using RSA?

If the server's private key is later compromised, all the prior TLS handshakes that are done using the cipher suite cannot be compromised

How does 802.1q incorporate VLAN info onto an ethernet frame

Inserts 4-byte header after the source MAC address in the original ethernet frame

ISO 31000

International standard for general risk management; principles and guidelines for managing risks

The FMC can share HTML, PDF, and CSV data types related to...

Intrusion events

Malicious Windows OS codes that share a single virtual address space, and can manage the system CPU and memory resources directly are running in which mode?

Kernal

Examples of P2P tools

Lionshare, Napster, Peercoin

Host on an ethernet network must know the __________ of a destination in order to send an ethernet frame to that destination

MAC Address

When researching a Windows OS vulnerability, __________ can provide information about a specific vulnerability

NIST

3 types of traffic to be aware of cuz traffic might be botnet C&C traffic

P2P, DNS, and IRC

Public Key Standard

PKCS #10

Used TCP port 110

POP

Windows directory that stores 64-bit applications

Program Files

Established keyword in ACL entry indicates

Reply packets that belong to established TCP connection will be permitted if the TCP packet has the ACK or RST bit set

Splunk

SIEM system; one of the more proprietary SIEM systems used by SOCs

UDP-based attack examples

SQL slammer + UDP flooding

Regulation that specifically addresses credit card compliance

Safe Harbor Act

Examples of protocols used for VPN implementations

Secure Socket Layer (SSL), Multiprotocol Label Switching (MPLS), Internet Protocol Security (IPSec)

Root CAs can delegate their authority to ___________ to create + assign identity certificates to clients

Subordinate CAs

2 primary linux processes that are used for managing services

System v init & Systemd

On a multilayer switch, which table retains QoS info?

TCAM

IMAP

TCP port 143

How network-based malware protection feature detects a possible event

The firewall applies broad-based application and file control policies to detect malware

True statement about the Diffie-Hellman key agreement

The higher the Diffie-Hellman group number, the larger the key size

Process of key management deals with...

The secure generation, verification, exchange, storage, and destruction of keys

Application -specific records generated from network traffic

Transaction data

Not a defense against a traffic substitution and insertion attack

Using unicode instead of ASCII

2 hypervisors currently supported in a virtual implementation of Cisco WSA

VMware ESXI & Kernal-based virtual machine

Best description of malware reverse engineering

a method of understanding how malware behaves

Best describes amplification attack

a small forged packet elicits a large reply from reflectors

Patch management model to install patch automatically

agent based

Determines speed at which password can be cracked using the brute force method

attacker's computer speed & length of complexity of the password

why can encryption cause problems when analyzing data in packet captures?

because you cannot see the actual payload of the packet

What does 766 command do to a file?

changes the file's read/write/execute permissions to a desired configuration

Services provided by lightweight access points

channel encryption & the transmission+reception of frames

Programs designed to interact with Powershell

cmdlets

Not a defense against a pivot attack

content filtering

Needed to map your dynamic ip address to your domain name

dynamic dns

Implicit ACL entry that is at the end of the ACL

deny ip any any

3 reasons to use HTTPS

encrypt data, ensure identity, and avoid detection

Important function of winload.exe

ensure that the drivers that it reads are digitally signed to maintain the security of the system

2 critical elements required during chain of custody of forensic evidence

exact time evidence was collected & who handled the evidence

DNS shadowing attack

hijacked domains are used to create subdomains which are used to resolve to malicious websites

Use _________ to block a host port scan

host-based firewall

How can you tell if a route has been poisoned in the routing table?

it has an infinite metric assigned to it

Cisco CTA

leverages network traffic behaviors, machine learning, and anomaly detection to detect security breaches.

command allowing you to view a list of open files/connections

lsof

On an infected windows host, what command can verify if the host has an established HTTP connection to the CnC server?

netstat

Examples of vulnerability + port scanners

nmap, Nexpose, Nessus

Windows component used by applications to modify system resources

object handle

This action must be taken to validate a digital signature

obtain the signers public key

How many broadcast domains are created if 3 hosts are connected to a layer2 switch in full-duplex mode?

one

3 valid SQL commands

select, update, alter

DNS iterative query

sent from a DNS server to other servers to resolve a domain

2 uses for DNS covert tunnels

stealthy data exfiltration & issuing CnC traffic to bots on the network

2 options to be included in the CSR that is to be signed by a CA

subject's public key info & subject's identity info

After attackers gain access to a system, what method can they use to expand their access to other systems without exploiting vulnerabilities on the other system's network?

take advantage of domain trust to make connections to a partner network

TCP injection attack

the addition of a forged TCP packet to an existing TCP session

When investigating a malicious windows application, these two also need to be investigated

threads and processes

How can SMB worm self-propagate throughout network?

using windows file shares

Useful reports collected from Cisco ISE related endpoints

web server log reports, top application reports, and admin login reports

A __________ process continues to be recorded in the process table after it has ended & status is returned to the parent

zombie


Ensembles d'études connexes

TETXBOOK: Ch. 12: Gendered Power and Violence

View Set

MGT. 4613 Compensation and Benefits Final Werling

View Set

Texas Statutes and Rules pertinent to Life Insurance only

View Set

Application Based Activity - E-Commerce

View Set

I giorni della settimana,le domande e le espressioni del capitolo 1

View Set

QB25__WORD_FORMATION_SENTENCES_SET_04

View Set