CyberOps Associate – FINAL Exam 0-67
65. A device has been assigned the IPv6 address of 2001:0db8:cafe:4500:1000:00d8:0058:00ab/64. Which is the network identifier of the device? 2001:0db8:cafe:4500:1000 2001:0db8:cafe:4500:1000:00d8:0058:00ab 1000:00d8:0058:00ab 2001:0db8:cafe:4500 2001
2001:0db8:cafe:4500
1. Which two statements are characteristics of a virus? (Choose two.) A virus typically requires end-user activation. A virus can be dormant and then activate at a specific time or date. A virus replicates itself by independently exploiting vulnerabilities in networks. A virus has an enabling vulnerability, a propagation mechanism, and a payload. A virus provides the attacker with sensitive data, such as passwords
A virus typically requires end-user activation. A virus can be dormant and then activate at a specific time or date.
13. If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year would be considered within its goal? Approximately 5 minutes per year. Approximately 10 minutes per year Approximately 20 minutes per year. Approximately 30 minutes per year.
Approximately 5 minutes per year.
40. Which tol included in the Security Onion is a series of software plugins that send different types of data to the Elasticsearch data stores? Curator Beats OSSEC ElastAlert
Beats
6. A cybersecurity analyst needs to collect alert data. What are three detection tools to perform this task in the Security Onion architecture? (Choose three.) CapME Wazuh Kibana Zeek Sguil Wireshark
CapME Wazuh Zeek
60. What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease? DHCP starvation IP address spoofing DHCP spoofing CAM table attack
DHCP starvation
21. Which two network protocols can be used by a threat actor to exfiltrate data in traffic that is disguised as normal network traffic? (Choose two.) NTP DNS HTTP syslog SMTP
DNS HTTP
30. Which measure can a security analyst take to perform effective security monitoring against network traffic encrypted by SSL technology? Use a Syslog server to capture network traffic. Deploy a Cisco SSL Appliance. Require remote access connections through IPsec VPN. Deploy a Cisco ASA.
Deploy a Cisco SSL Appliance.
19. What is a property of the ARP table on a device? Entries in an ARP table are time-stamped and are purged after the timeout expires. Every operating system uses the same timer to remove old entries from the ARP cache. Static IP-to-MAC address entries are removed dynamically from the ARP table. Windows operating systems store ARP cache entries for 3 minutes.
Entries in an ARP table are time-stamped and are purged after the timeout expires.
29. An IT enterprise is recommending the use of PKI applications to securely exchange information between the employees. In which two cases might an organization use PKI applications to securely exchange information between users? (Choose two.) HTTPS web service 802.1x authentication local NTP server FTP transfers file and directory access permission
HTTPS web service 802.1x authentication
41. Which two types of unreadable network traffic could be eliminated from data collected by NSM? (Choose two.) STP traffic IPsec traffic routing updates traffic SSL traffic broadcast traffic
IPsec traffic SSL traffic
18. What are two features of ARP? (Choose two.) When a host is encapsulating a packet into a frame, it refers to the MAC address table to determine the mapping of IP addresses to MAC addresses. If a host is ready to send a packet to a local destination device and it has the IP address but not the MAC address of the destination, it generates an ARP broadcast. If a device receiving an ARP request has the destination IPv4 address, it responds with an ARP reply. If no device responds to the ARP requ
If a host is ready to send a packet to a local destination device and it has the IP address but not the MAC address of the destination, it generates an ARP broadcast. If a device receiving an ARP request has the destination IPv4 address, it responds with an ARP reply.
46. What is a characteristic of CybOX? It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations. It enables the real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector. It is a set of specifications for exchanging cyberthreat information between organizations. It is the specification for an application layer protocol that allows the communication of CTI over HTTPS.
It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations.
42. Which core open source component of the Elastic-stack is responsible for accepting the data in its native format and making elements of the data consistent across all sources? Logstash Kibana Beats Elasticsearch
Logstash
2. What is a characteristic of a Trojan horse as it relates to network security? Too much information is destined for a particular memory block, causing additional memory areas to be affected. Extreme quantities of data are sent to a particular network device interface. An electronic dictionary is used to obtain a password to be used to infiltrate a key network device. Malware is contained in a seemingly legitimate executable program.
Malware is contained in a seemingly legitimate executable program.
15. What is an advantage for small organizations of adopting IMAP instead of POP? POP only allows the client to store messages in a centralized way, while IMAP allows distributed storage. IMAP sends and retrieves email, but POP only retrieves email. When the user connects to a POP server, copies of the messages are kept in the mail server for a short time, but IMAP keeps them for a long time. Messages are kept in the mail servers until they are manually deleted from the email client.
Messages are kept in the mail servers until they are manually deleted from the email client.
22. What is a key difference between the data captured by NetFlow and data captured by Wireshark? NetFlow data shows network flow contents whereas Wireshark data shows network flow statistics. NetFlow data is analyzed by tcpdump whereas Wireshark data is analyzed by nfdump. NetFlow provides transaction data whereas Wireshark provides session data. NetFlow collects metadata from a network flow whereas Wireshark captures full data packets.
NetFlow collects metadata from a network flow whereas Wireshark captures full data packets.
31. An administrator is trying to develop a BYOD security policy for employees that are bringing a wide range of devices to connect to the company network. Which three objectives must the BYOD security policy address? (Choose three.) All devices must be insured against liability if used to compromise the corporate network. All devices must have open authentication with the corporate network. Rights and activities permitted on the corporate network must be defined. Safeguards must be put in place
Rights and activities permitted on the corporate network must be defined. Safeguards must be put in place for any personal device being compromised. The level of access of employees when connecting to the corporate network must be defined.
34. What type of attack targets an SQL database using the input field of a user? XML injection buffer overflow Cross-site scripting SQL injection
SQL injection
36. A user calls to report that a PC cannot access the internet. The network technician asks the user to issue the command ping 127.0.0.1 in a command prompt window. The user reports that the result is four positive replies. What conclusion can be drawn based on this connectivity test? The IP address obtained from the DHCP server is correct. The PC can access the network. The problem exists beyond the local network. The PC can access the Internet. However, the web browser may not work. The TCP/I
The TCP/IP implementation is functional.
28. What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.) The code contains no viruses. The code has not been modified since it left the software publisher. The code is authentic and is actually sourced by the publisher. The code contains no errors. The code was encrypted with both a private and public key.
The code has not been modified since it left the software publisher. The code is authentic and is actually sourced by the publisher.
14. The HTTP server has responded to a client request with a 200 status code. What does this status code indicate? The request is understood by the server, but the resource will not be fulfilled. The request was completed successfully. The server could not find the requested resource, possibly because of an incorrect URL. The request has been accepted for processing, but processing is not completed.
The request was completed successfully.
37. What characterizes a threat actor? They are all highly-skilled individuals. They always use advanced tools to launch attacks. They always try to cause some harm to an individual or organization. They all belong to organized crime.
They always try to cause some harm to an individual or organization.
35. What are two characteristics of Ethernet MAC addresses? (Choose two.) MAC addresses use a flexible hierarchical structure. They are expressed as 12 hexadecimal digits. They are globally unique. They are routable on the Internet. MAC addresses must be unique for both Ethernet and serial interfaces on a device.
They are expressed as 12 hexadecimal digits. They are globally unique.
What is a purpose of implementing VLANs on a network? They can separate user traffic. They prevent Layer 2 loops. They eliminate network collisions. They allow switches to forward Layer 3 packets without a router.
They can separate user traffic.
27. What is privilege escalation? Vulnerabilities in systems are exploited to grant higher levels of privilege than someone or some process should have. Everyone is given full rights by default to everything and rights are taken away only when someone abuses privileges. Someone is given rights because she or he has received a promotion. A security problem occurs when high ranking corporate officials demand rights to systems or files that they should not have.
Vulnerabilities in systems are exploited to grant higher levels of privilege than someone or some process should have.
16. What debugging security tool can be used by black hats to reverse engineer binary files when writing exploits? WinDbg Firesheep Skipfish AIDE
WinDbg
54. Refer to the exhibit. What solution can provide a VPN between site A and site B to support encapsulation of any Layer 3 protocol between the internal networks at each site? an IPsec tunnel Cisco SSL VPN a GRE tunnel a remote access tunnel
a GRE tunnel
11. What is a network tap? a technology used to provide real-time reporting and long-term analysis of security events a Cisco technology that provides statistics on packets flowing through a router or multilayer switch a feature supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device a passive device that forwards all traffic and physical layer errors to an analysis device
a passive device that forwards all traffic and physical layer errors to an analysis device
38. A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this? a type of logic bomb a type of virus a type of worm a type of ransomware
a type of ransomware
61. Refer to the exhibit. If Host1 were to transfer a file to the server, what layers of the TCP/IP model would be used? only application and Internet layers application, transport, Internet, and network access layers only Internet and network access layers only application, transport, network, data link, and physical layers only application, Internet, and network access layers application, session, transport, network, data link, and physical layers
application, transport, Internet, and network access layers
44. In the NIST incident response process life cycle, which type of attack vector involves the use of brute force against devices, networks, or services? media impersonation attrition loss or theft
attrition
62. A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework? automation authentication authorization accounting
authorization
48. What are two ways that ICMP can be a security threat to a company? (Choose two.) by collecting information about a network by corrupting data between email servers and email recipients by the infiltration of web pages by corrupting network IP data packets by providing a conduit for DoS attacks
by collecting information about a network by providing a conduit for DoS attacks
55. For what purpose would a network administrator use the Nmap tool? protection of the private IP addresses of internal hosts identification of specific network anomalies collection and analysis of security alerts and logs detection and identification of open ports
detection and identification of open ports
64. A person coming to a cafe for the first time wants to gain wireless access to the Internet using a laptop. What is the first step the wireless client will do in order to communicate over the network using a wireless management frame? associate with the AP authenticate to the AP discover the AP agree with the AP on the payload
discover the AP
49. Which three IPv4 header fields have no equivalent in an IPv6 header? (Choose three.) fragment offset protocol flag TTL identification version
fragment offset flag identification
52. Which PDU format is used when bits are received from the network medium by the NIC of a host? segment file packet frame
frame
50. Which two net commands are associated with network resource sharing? (Choose two.) net start net accounts net share net use net stop
net share net use
3. What technique is used in social engineering attacks? sending junk email buffer overflow phishing man-in-the-middle
phishing
8. In network security assessments, which type of test is used to evaluate the risk posed by vulnerabilities to a specific organization including assessment of the likelihood of attacks and the impact of successful exploits on the organization? port scanning risk analysis penetration testing vulnerability assessment
risk analysis
10. In addressing an identified risk, which strategy aims to shift some of the risk to other parties? risk avoidance risk sharing risk retention risk reduction
risk sharing
39. Which ICMPv6 message type provides network addressing information to hosts that use SLAAC? router solicitation neighbor advertisement neighbor solicitation router advertisement
router advertisement
25. In a Linux operating system, which component interprets user commands and attempts to execute them? GUI daemon kernel shell
shell
26. A network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication? (Choose two.) encryption for all communication encryption for only the data single process for authentication and authorization separate processes for authentication and authorization hidden passwords during transmission
single process for authentication and authorization hidden passwords during transmission
66. An administrator wants to create four subnetworks from the network address 192.168.1.0/24. What is the network address and subnet mask of the second useable subnet? subnetwork 192.168.1.64subnet mask 255.255.255.192 subnetwork 192.168.1.64subnet mask 255.255.255.240 subnetwork 192.168.1.32subnet mask 255.255.255.240 subnetwork 192.168.1.128subnet mask 255.255.255.192 subnetwork 192.168.1.8subnet mask 255.255.255.224
subnetwork 192.168.1.64subnet mask 255.255.255.192
23. Which tool captures full data packets with a command-line interface only? nfdump Wireshark NBAR2 tcpdump
tcpdump
20. What is the purpose of Tor? to allow users to browse the Internet anonymously to securely connect to a remote network over an unsecure link such as an Internet connection to donate processor cycles to distributed computational tasks in a processor sharing P2P network to inspect incoming traffic and look for any that violates a rule or matches the signature of a known exploit
to allow users to browse the Internet anonymously
24. Which method can be used to harden a device? maintain use of the same passwords allow default services to remain enabled allow USB auto-detection use SSH and disable the root account access over SSH
use SSH and disable the root account access over SSH
53. A user is executing a tracert to a remote device. At what point would a router, which is in the path to the destination device, stop forwarding the packet? when the router receives an ICMP Time Exceeded message when the values of both the Echo Request and Echo Reply messages reach zero when the RTT value reaches zero when the value in the TTL field reaches zero when the host responds with an ICMP Echo Reply message
when the value in the TTL field reaches zero