Cisco Chapter 1&7 Exam/Quiz
When describing malware, what is a difference between a virus and a worm?
A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
What is the significant characteristic of worm malware?
A worm can execute independently of the host system.
Which statement describes a difference between RADIUS and TACACS+?
RADIUS encrypts only the password whereas TACACS+ encrypts all communication.
Two pings were issued from a host on a local network. The first ping was issued to the IP address of the default gateway of the host and it failed. The second ping was issued to the IP address of a host outside the local network and it was successful. What is a possible cause for the failed ping?
Security rules are applied to the default gateway device, preventing it from processing ping requests.
What information does an Ethernet switch examine and use to build its address table?
Source MAC address
Which technology is a proprietary SIEM system?
Splunk
What type of physical topology can be created by connecting all Ethernet cables to a central device?
Star
True or False? A WLAN frame sent by a wireless client is formatted differently than a wired Ethernet frame.
True
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?
a type of ransomware
Which message delivery option is used when all devices need to receive the same message simultaneously?
broadcast
How can a security information and event management system in a SOC be used to help personnel fight against security threats?
by collecting and filtering data
What is the purpose of the cd\ command?
changes directory to the root directory
What name is given to hackers who hack for a politcal or social cause?
hactivist
Which term is used to describe the act of sending an email message in an attempt to divulge sensitive information from someone?
phishing
Which term is used to describe a running instance of a computer program?
process
A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?
terminal emulator
What OSI layer is responsible for establishing a temporary communication session between two applications and ensuring that transmitted data can be reassembled in proper sequence?
transport
The term cyber operations analyst refers to which group of personnel in a SOC?
Tier 1 personnel
Which organization is an international nonprofit organization that offers the CISSP certification?
(ISC)^2
What addresses are mapped by ARP?
destination MAC address to a destination IPv4 address
What is the most compressed representation of the IPv6 address 2001:0000:0000:abcd:0000:0000:0000:0001?
2001:0:0:abcd::1
How much RAM is addressable by a 32-bit version of Windows?
4 GB
What is an example of "hacktivism"?
A group of environmentalists launch a denial of service attack against an oil company that is responsible for a large oil spill.
An _____________ permits or denies traffic through a router based on specific defined criteria.
ACL
A network administrator detects unknown sessions involving port 21 on the network. What could be causing this security breach?
An FTP Trojan horse is executing.
If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year would be considered within its goal?
Approximately 5 minutes per year.
How can a user prevent specific applications from accessing a Windows computer over a network?
Block specific TCP or UDP ports in Windows Firewall.
Which wireless parameter refers to the frequency bands used to transmit data to a wireless access point?
Channel settings
Which SIEM function is associated with examining the logs and events of multiple systems to reduce the amount of time of detecting and reacting to security events?
Correlation
What type of attack uses zombies?
DDoS
What technique is a security attack that depletes the pool of IP addresses available for legitimate hosts?
DHCP starvation
Which message does an IPv4 host use to reply when it receives a DHCPOFFER message from a DHCP server?
DHCPREQUEST
In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?
DoS
What three application layer protocols are part of the TCP/IP protocol suite? (Choose three.)
FTP DNS DHCP
A standard ACL filters network traffic based on the destination MAC address.
False
The Linux GUI is the same across different distributions.
False
The primary objective of a DoS attack is to penetrate systems and steal data. T/F
False
True or False? In a star LAN topology, every end system must be connected to every other end system.
False
True or False? The Linux GUI is the same across different distributions.
False
Which network service synchronizes the time across all devices on the network?
NTP
Which term is used to describe legitimate traffic that is mistaken for unauthorized traffic by firewalls and IPSs?
False positive
Which device is an intermediary device?
Firewall
Which method can be used to harden a computing device?
Force periodic password changes.
What specialized network device uses signatures to detect patterns in network traffic?
IDS
What is the best description of Trojan horse malware?
It appears as useful software but hides malicious code.
Which statement describes cyberwarfare?
It is Internet-based conflict that involves the penetration of information systems of other nations.
What is a rogue wireless hotspot?
It is a hotspot that appears to be from a legitimate business but was actually set up by someone without the permission from the business.
What is cyberwarfare?
It is an attack designed to disrupt, corrupt, or exploit national interests.
Which network monitoring technology collects IP operational data on packets flowing through Cisco routers and multilayer switches?
NetFlow
What is a benefit of Linux being an open source operating system?
Linux distribution source code can be modified and then recompiled.
What is the benefit of Linux being an open source operating system?
Linux distribution source code can be modified and then recompiled.
What contains information on how hard drive partitions are organized?
MBR
Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?
Network tap
Which tool is used to provide a list of open ports on network devices?
Nmap
Which type of tool is used by a Linux administrator to attack a computer or network to find vulnerabilities?
PenTesting
A user creates a file with .ps1 extension in Windows. What type of file is it?
PowerShell script
Which Linux component would be used to access a short list of tasks the application can perform?
Quicklist
When a user makes changes to the settings of a Windows system, where are these changes stored?
Registry
A user logs in to Windows with a regular user account and attempts to use an application that requires administrative privileges. What can the user do to successfully use the application?
Right-click the application and choose Run as Administrator.
Which network service allows administrators to monitor and manage network devices?
SNMP
Which monitoring technology mirrors traffic flowing through a switch to an analysis device connected to another switch port?
SPAN
Which language is used to query a relational database?
SQL
Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured?
SSID
What utility is used to show the system resources consumed by each user?
Task Manager
Which statement is true about the TCP/IP and OSI models?
The TCP/IP transport layer and OSI Layer 4 provide similar services and functions.
Which statement is true about FTP?
The client can download data from or upload data to the server.
If the default gateway is configured incorrectly on the host, what is the impact on communications?
The host can communicate with other hosts on the local network, but is unable to communicate with hosts on remote networks.
What is the outcome when a Linux administrator enters the man man command?
The man man command provides documentation about the man command
A high school in New York (school A) is using videoconferencing technology to establish student interactions with another high school (school B) in Russia. The videoconferencing is conducted between two end devices through the Internet. The network administrator of school A configures the end device with the IP address 209.165.201.10. The administrator sends a request for the IP address for the end device in school B and the response is 192.168.25.10. Neither school is using a VPN. The administrator knows immediately that this IP will not work. Why?
This is a private IP address
Which Windows version was the first to introduce a 64-bit Windows operating system?
Windows XP
Which network monitoring tool is in the category of network protocol analyzers?
Wireshark
Which network monitoring tool saves captured network frames in PCAP files?
Wireshark
Which working environment is more user-friendly?
a GUI
After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?
a SME for further investigation
What is a ping sweep?
a network scanning technique that indicates the live hosts in a range of IP addresses.
Which type of startup must be selected for a service that should run each time the computer is booted?
automatic
Which types of files are used to manage services in a Linux system?
configuration files
For ease of administration, it is recommended that the Everyone group in Windows have Full Control permissions.
false
What specialized network device is responsible for enforcing access control policies between networks?
firewall
Where are the settings that are chosen during the installation process stored?
in BIOS
Tier 2 Incident Responder
involved in deep investigation of incidents
Tier 3 Subject Matter Expert
involved in hunting for potential threats and implementing threat detection tools
Which Linux command is used to manage processes?
kill
Which two services are provided by security operations centers? (Choose two.)
managing comprehensive threat solutions monitoring network security threats
Tier 1 Alert Analyst
monitors incoming alerts and verifies a true incident has occurred
Which net command is used on a Windows PC to establish a connection to a shared directory on a remote server?
net use
Which two OSI model layers have the same functionality as two layers of the TCP/IP model? (Choose two.)
network transport
Which command is used to manually query a DNS server to resolve a specific host name?
nslookup
Which type of attack allows an attacker to use a brute force approach?
password cracking
Users report that a database file on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
ransomware
Consider the result of the ls -l command in the Linux output below. What are the group file permissions assigned to the analyst.txt file? ls -l analyst.txt -rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt
read, write
Which three technologies should be included in a SOC security information and event management system? (Choose three.)
threat intelligence, security monitoring,event collection, correlation, and analysis
What is the purpose of a rootkit?
to gain privileged access to a device while concealing itself
What is the purpose of a reconnaissance attack on a computer network?
to gather information about the target network and system
Which type of security threat can be described as software that attaches itself to another program to execute a specific unwanted function?
virus
A __________________ is a flaw or weakness in a computer operating system that can be exploited by an attacker.
vulnerability