CCNA Cyber Ops Implementing Cisco Cybersecurity Operations v1.0 (210-255)

Page:    1 / 12   
Total 179 questions

You have run a suspicious file in a sandbox analysis tool to see what the file does. The analysis report shows that outbound callouts were made post infection.
Which two pieces of information from the analysis report are needed or required to investigate the callouts? (Choose two.)

  • A. file size
  • B. domain names
  • C. dropped files
  • D. signatures
  • E. host IP addresses


Answer : BE

Reference:
https://digital-forensics.sans.org/blog/2012/07/26/four-focus-areas-of-malware-analysis

A CMS plugin creates two filters that are accessible from the Internet: myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the vulnerability, one must send an HTTP POST with specific variables to exploitable.php. You see traffic to your webserver that consists of only HTTP GET requests to myplugin.html.
Which category best describes this activity?

  • A. weaponization
  • B. exploitation
  • C. installation
  • D. reconnaissance


Answer : B

During which phase of the forensic process are tools and techniques used to extract the relevant information from the collective data?

  • A. examination
  • B. reporting
  • C. collection
  • D. investigation


Answer : A

Explanation:
Examinations involve forensically processing large amounts of collected data using a combination of automated and manual methods to assess and extract data of particular interest, while preserving the integrity of the data. Forensic tools and techniques appropriate to the types of data that were collected are executed to identify and extract the relevant information from the collected data while protecting its integrity. Examination may use a combination of automated tools and manual processes.
Reference:
http://resources.infosecinstitute.com/computer-forensics-investigation-case-study/#gref

Which feature is used to find possible vulnerable services running on a server?

  • A. CPU utilization
  • B. security policy
  • C. temporary internet files
  • D. listening ports


Answer : D

Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?

  • A. TTLs
  • B. ports
  • C. SMTP replies
  • D. IP addresses


Answer : B

Which of the following is not a metadata feature of the Diamond Model?

  • A. Direction
  • B. Result
  • C. Devices
  • D. Resources


Answer : C

Which of the following has been used to evade IDS and IPS devices?

  • A. SNMP
  • B. HTTP
  • C. TNP
  • D. Fragmentation


Answer : D

Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)

  • A. Communication to CnC servers
  • B. Configuration issues
  • C. Malicious domains based on reputation
  • D. Routing problems


Answer : AC

Which of the following is an example of a managed security offering where incident response experts monitor and respond to security alerts in a security operations center (SOC)?

  • A. Cisco CloudLock
  • B. Cisco's Active Threat Analytics (ATA)
  • C. Cisco Managed Firepower Service
  • D. Cisco Jasper


Answer : B

Which of the following is not an example of weaponization?

  • A. Connecting to a command and control server
  • B. Wrapping software with a RAT
  • C. Creating a backdoor in an application
  • D. Developing an automated script to inject commands on a USB device


Answer : A

Which of the following are core responsibilities of a national CSIRT and CERT?

  • A. Provide solutions for bug bounties
  • B. Protect their citizens by providing security vulnerability information, security awareness training, best practices, and other information
  • C. Provide vulnerability brokering to vendors within a country
  • D. Create regulations around cybersecurity within the country


Answer : B

Which of the following is one of the main goals of the CSIRT?

  • A. To configure the organization's firewalls
  • B. To monitor the organization's IPS devices
  • C. To minimize and control the damage associated with incidents, provide guidance for mitigation, and work to prevent future incidents
  • D. To hire security professionals who will be part of the InfoSec team of the organization.


Answer : C

Which of the following are examples of some of the responsibilities of a corporate CSIRT and the policies it helps create? (Select all that apply.)

  • A. Scanning vendor customer network Incident classification and handling
  • B. Information classification and protection
  • C. Information dissemination
  • D. Record retentions and destruction


Answer : BCD

Which of the following is one of the main goals of data normalization?

  • A. To save duplicate logs for redundancy
  • B. To purge redundant data while maintaining data integrity
  • C. To correlate IPS and IDS logs with DNS
  • D. To correlate IPS/IDS logs with firewall logs


Answer : B

Which of the following is an example of a coordination center?

  • A. Cisco PSIRT
  • B. Microsoft MSRC
  • C. CERT division of the Software Engineering Institute (SEI)
  • D. FIRST


Answer : C

Page:    1 / 12   
Total 179 questions