User talk:Titiperera/sandbox

1.	What commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers? •	financial gain 2.	Which scenario is probably the result of activities by a group of hacktivists? •	The internal emails related to the handling of an environmental disaster by a petroleum company appear on multiple websites. 3.	Which three are major categories of elements in a security operations center? (Choose three.) •	people •	processes •	technologies 4.	Which three technologies should be included in a security information and event management system in a SOC? (Choose three.) •	threat intelligence •	security monitoring •	vulnerability tracking 5.	A network security professional has applied for a Tier 2 position in a SOC. What is a typical job function that would be assigned to a new employee? •	further investigating security incidents 6.	What are two advantages of the NTFS file system compared with FAT32? (Choose two.) •	NTFS supports larger partitions. •	NTFS provides more security features. 7.	A technician notices that an application is not responding to commands and that the computer seems to respond slowly when applications are opened. What is the best administrative tool to force the release of system resources from the unresponsive application? •	Task Manager 8.	In a networking class, the instructor tells the students to ping the other computers in the classroom from the command prompt. Why do all pings in the class fail? •	The Windows firewall is blocking the ping. 9.	Which two net commands are associated with network resource sharing? (Choose two.) •	net use •	net share 10.	Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)? •	It can be acquired at no charge. 11.	Which method can be used to harden a device? •	use SSH and disable the root account access over SSH 12.	Based on the command output shown, which file permission or permissions have been assigned to the other user group for the data.txt file? ls –l data.txt -rwxrw-r– sales staff 1028 May 28 15:50 data.txt •	read 13.	Which Linux command could be used to discover the process ID (PID) for a specific process before using the kill command? •	ps 14.	Refer to the exhibit. If host A sends an IP packet to host B, what will the destination address be in the frame when it leaves host A?

•	BB:BB:BB:BB:BB:BB 15.	What are three responsibilities of the transport layer? (Choose three.) •	meeting the reliability requirements of applications, if any •	multiplexing multiple communication streams from many users or applications on the same network •	identifying the applications and services on the client and server that should handle transmitted data 16.	Which protocol translates a website name such as www.cisco.com into a network address? •	DNS 17.	Refer to the exhibit. A cybersecurity analyst is viewing captured packets forwarded on switch S1. Which device has the MAC address d8:cb:8a:5c:d5:8a? •	PC-A 18.	Which two roles are typically performed by a wireless router that is used in a home or small business? (Choose two.) •	access point •	Ethernet switch 19.	Refer to the exhibit. Which access list configuration on router R1 will prevent traffic from the 192.168.2.0 LAN from reaching the Restricted LAN while permitting traffic from any other LAN?

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 02 •	R1(config-std-nacl)# deny 192.168.2.0 R1(config-std-nacl)# permit any R1(config)# interface G0/2 R1(config-if)# ip access-group BLOCK_LAN2 out 20.	Which technique is necessary to ensure a private transfer of data using a VPN? •	encryption 21.	How is a source IP address used in a standard ACL? •	It is the criterion that is used to filter traffic. 22.	What is a function of SNMP? •	provides a message format for communication between network device managers and agents 23.	Which two characteristics describe a worm? (Choose two.) •	is self-replicating •	travels to new computers without any intervention or knowledge of the user 24.	Which type of security threat would be responsible if a spreadsheet add-on disables the local software firewall? •	Trojan horse 25.	Which two statements are characteristics of a virus? (Choose two.) •	A virus typically requires end-user activation. •	A virus can be dormant and then activate at a specific time or date. 26.	Which two statements describe access attacks? (Choose two.) •	Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers. •	Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code. 27.	What are two evasion techniques that are used by hackers? (Choose two.) •	pivot •	rootkit 28.	What is a network tap? •	a passive device that forwards all traffic and physical layer errors to an analysis device 29.	Refer to the exhibit. A network administrator is showing a junior network engineer some output on the server. Which service would have to be enabled on the server to receive such output? •	SNMP 30.	How do cybercriminals make use of a malicious iFrame? •	The iFrame allows the browser to load a web page from another source. 31.	Which device in a layered defense-in-depth approach denies connections initiated from untrusted networks to internal networks, but allows internal users within an organization to connect to untrusted networks? •	firewall 32.	Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? •	authorization 33.	Which statement identifies an important difference between the TACACS+ and RADIUS protocols? •	The TACACS+ protocol allows for separation of authentication from authorization. 34.	A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.) •	AES •	3DES 35.	In which situation is an asymmetric key algorithm used? •	A network administrator connects to a Cisco router with SSH. 36.	What is a difference between symmetric and asymmetric encryption algorithms? •	Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data. 37.	Why is Diffie-Hellman algorithm typically avoided for encrypting data? •	The large numbers used by DH make it too slow for bulk data transfers. 38.	What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.) •	The code is authentic and is actually sourced by the publisher. •	The code has not been modified since it left the software publisher. 39.	Which technology might increase the security challenge to the implementation of IoT in an enterprise environment? •	cloud computing 40.	Which statement describes the policy-based intrusion detection approach? •	It compares the operations of a host against well-defined security rules. 41.	As described by the SANS Institute, which attack surface includes the use of social engineering? •	human attack surface 42.	Which metric class in the CVSS Basic Metric Group identifies the impacts on confidentiality, integrity, and availability? •	Impact 43.	How might DNS be used by a threat actor to create mayhem? •	Collect personal information and encode the data in outgoing DNS queries. 44.	What is the result of using security devices that include HTTPS decryption and inspection services? •	The devices introduce processing delays and privacy issues. 45.	Which Windows Event Viewer log includes events regarding the operation of drivers, processes, and hardware? •	system logs 46.	Which two services are provided by the NetFlow tool? (Choose two.) •	network monitoring •	usage-based network billing 47.	Refer to the exhibit. A network administrator is viewing some output on the Netflow collector. What can be determined from the output of the traffic flow shown? •	This is a UDP DNS response to a client machine. 48.	Refer to the exhibit. A network security specialist issues the command tcpdump to capture events. What does the number 6337 indicate? •	the process id of the tcpdump command 49.	What is indicated by a true negative security alert classification? •	Normal traffic is correctly ignored and erroneous alerts are not being issued. 50.	Which type of data would be considered an example of volatile data? •	memory registers 51.	According to NIST, which step in the digital forensics process involves preparing and presenting information that resulted from scrutinizing data? •	reporting 52.	Why would threat actors prefer to use a zero-day attack in the Cyber Kill Chain weaponization phase? •	to avoid detection by the target 53.	A threat actor has gained administrative access to a system and achieved the goal of controlling the system for a future DDoS attack by establishing a communication channel with a CnC owned by the threat actor. Which phase in the Cyber Kill Chain model describes the situation? •	action on objectives 54.	What are two advantages of using the community VERIS database? (Choose two.) •	The data is open and free to the public. •	Data is in a format that allows for manipulation. 55.	What is the responsibility of the human resources department when handling a security incident? •	Apply disciplinary measures if an incident is caused by an employee. 56.	Match the phase in the NIST incident response life cycle to the action. •	Document incident handling Post-incident activities •	Conduct CSIRT response training Preparation •	Identify, analyze, and validate an incident. Detection and analysis •	Implement procedures to contain the threat. Containment, eradication, and recovery 57.	Match the alert classification with the description. •	Malicious traffic is correctly identified as a threat True positive •	Normal traffic is incorrectly identified as a threat Fales positive •	Malicious traffic is not identified as a threat False negative •	Normal traffic is not identified as a threat True negative 58.	Match the common network technology or protocol with the description. (Not all options are used.) •	Uses a hierarchy of authoritative time source to send time information between device on the network NTP •	Uses by attackers to exfiltrate data in traffic disguised as normal client queries DNS •	Uses UDP port 514 for logging event messages from network devices and end points Syslog •	Used by attackers to identify hosts on a network and the structure of the network ICMP 59.	Match the information security component with the description. •	Only authorized individuals, entities, or processes can access sensitive information. Confidentiality •	Data is protected from unauthorized alteration. Integrity •	Authorized users must have uninterrupted access to important resources and data Availability

60.	Match the network profile element to the description. (Not all options are used.) •	A list of TCP or UDP processes that are available to accept data Ports are used •	The IP address or the logical location of essential systems or data Critical asset address space •	The time between the establishment of a data flow and its termination Session duration •	The amount of data passing from a given source toa given destination in a given period of time Total throughput