Cisco Certified CyberOps Associate Welcome to your Cisco Certified CyberOps Associate What is the main purpose of Mobile Device Management (MDM)? A. To monitor and manage the use of mobile devices by employees B. To protect sensitive corporate data stored on mobile devices C. To manage the distribution and updates of mobile applications D. To provide a secure platform for mobile device users to access corporate resources E. All of the above None Attackers use Distributed Denial of Service attacks to affect the availability pillar in the CIA triad. Which of the following mechanisms would be most effective in detecting DoS attacks? A. Host Based IDS B. Data Loss Prevention C. Encryption D. Network Based IDS None Which access control does not focus on user identity and uses a static set of rules governing the whole environment? A. Risk Based Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Routine Based Access Control None AppScan, Burp Suite, N-Stalker, and Nessus are tools to carry out which type of attacks? A. Reconnaissance attacks B. Social Engineering C. Privilege Escalation Attacks D. Code Execution None What is the recommended order of evidence collection according to NIST.SP 800-86? A. Log files, memory dump, system image, network data B. System image, memory dump, log files, network data C. Network data, log files, system image, memory dump D. Network data, log files, Memory dump, system image None Protecting endpoints in a borderless network can be accomplished using host-based techniques. What endpoint protection from viruses and malware? A. ESA B. WSA C. NAC D. AMP None The attacker uses pings to discover subnets and hosts on a protected network, generate flood attacks, and alter host routing tables. Which of the following attack being described? A. ICMP Attack B. MITM Attack C. Session Hijacking D. Address Spoofing Attack None Which of the following are the most common file types created during disk imaging to be used as forensic images? (Select TWO) A. .AFF B. .INI C. .E01 D. .SVG What is the host-based intrusion detection tool that is integrated into Security Onion? A. OSSEC B. Snort C. Sguil D. Wireshark None Which of the following type of data under network monitoring includes detailed protocol and payload information for all traffic on a network segment? A. Statistical Data B. Alert Data C. Transaction Data D. Full Packet Capture None Which of the following best definition of a fork in Linux ? A. method that the kernel uses to allow a process to create a copy of itself B. running instance of a computer program C. the records that a computer stores to keep track of important events D. another file that points to the same location as the original file None What type of data is considered protected in a network? A. Employee personal information B. Marketing strategies C. Financial information D. All of the above None A cybersecurity analyst has captured a packet capture (PCAP) file of network traffic and wants to extract files from a TCP stream using Wireshark.Which of the following is the correct process for extracting files from a TCP stream when given a PCAP file and Wireshark? A. Open the PCAP file in Wireshark and use the "File" menu to save the desired files B. Open the PCAP file in Wireshark, right-click on the TCP stream, and select "Export Selected Packets" C. Open the PCAP file in Wireshark, right-click on the TCP stream, and select "Follow TCP Stream" D. Open the PCAP file in Wireshark, right-click on the TCP stream, and select "Export Object None You are a cybersecurity analyst and you have to implement data integrity measures as documented in NIST SP 800-86. What is the recommended mechanism to ensure data integrity in NIST SP 800-86? A. Encryption of data B. Hashing of data C. Compression of data D. Signature of data None A company is implementing a new intrusion detection system (IDS) and wants to understand the impact of false positives and false negatives. Which of the following best describes the difference in impact between false positives and false negatives in an intrusion detection system? A. False positive has a higher impact than a false negative B. False negative has a higher impact than false positive C. False positive and false negative have the same impact D. None of the above None What is the main purpose of write-protecting a drive? A. To ensure that the drive is still usable once retrieved from the crime scene B. All of these answers are correct C. To ensure evidence is not accidentally contaminated by the addition or amending of critical data D. This is the Standard Operating Procedure as outlined by NIS None The following table contains types of threat Actors. Match them against their description mentioned in points i), ii), iii) & iv): 1. The main purpose of these groups is to steal information, scam people, and make money.2. These agents are interested in stealing data, including intellectual property and research-and-development data from major manufacturers, government agencies, and defense contractors.3. These people carry out cybersecurity attacks aimed at promoting a social or political cause.4. These people use existing "scripts" or tools to hack into computers and networks. They lack the expertise to write their own scripts. Script kiddies Organized crime groups State sponsors and governments Hacktivists A. Script kiddies- iv), Organized crime groups- ii), State sponsors and governments - ii), Hacktivists-i) B. Script kiddies - iv), Organized crime groups- i), State sponsors and governments-ii), Hacktivists-iii) C. Script kiddies - i), Organized crime groups - ii), State sponsors and governments- iv), Hacktivists - iii) D. Script kiddies- i), Organized crime groups- ii), State sponsors and governments-iii), Hacktivists - iv) None Which technology would provide information about network traffic and detect unauthorized access attempts? A. IDS/IPS B. Firewall C. Network application control D. Proxy logs E. Transaction data (NetFlow) F. All of the above None Which of the following is an element of the chain of custody? A. Documenting how the evidence was collected B. Documenting How the evidence was stored C. Documenting who had access to the evidence and how it was accessed D. All of the above None Which of the following tools is used to provide real-time reporting and long-term analysis of security events in enterprise organizations? A. SNMP B. Wireshark C. SIEM D. TCPDump None What technology is illustrated in the following image? A. Static NAT B. Static PAT C. Dynamic NAT D. Dynamic PAT None An act of taking advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system is called ____ A. Threat B. Risk C. Exploit D. threat vector None A system administrator issues the command ps on a server that is running the Linux operating system. What is the purpose of this command? A. display the syntax and parameters for a specific command B. to change file permissions C. to display the contents of the current directory D. to list the processes currently running in the system None An event occurred on a company's computer network, and the IT department needs to apply the incident handling process to determine the cause and take appropriate actions to prevent future occurrences. Which of the following is the correct order of steps to apply the incident handling process to an event? A. Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned B. Containment, Eradication, Preparation, Identification, Recovery, Lessons Learned C. Identification, Eradication, Preparation, Containment, Lessons Learned, Recovery D. Recovery, Preparation, Lessons Learned, Identification, Containment, Eradication None What is the correct regular expression to extract the date and time from the following log file? Log File:192.168.0.1 - - [22/Apr/2022:09:35:27+0500] "GET /index.html HTTP/1.1" 200 612 A. (\d{2}\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2}) B. (\d{2}\/\w{3}\\d{4})\s(\d{2}:\d{2}:\d{2}) C. (\d{2}\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2})\s\+\d{4} D. (\d{2}\/\w{3}\/\d{4}:\d{2}:\d{2}:\d{2} \+\d{4}) None Which of the following tools used to scan the network and to scan for the vulnerability? A. Netstat B. nessus C. nmap D. wireshark None Common Vulnerability Scoring System is an industry-standard used to convey information about the severity of vulnerabilities. In CVSS, a vulnerability is evaluated under three aspects, and a score is assigned to each of them. Which of the following focuses on assessing the vulnerability as it changes over time? A. Base Group B. Temporal Group C. Environmental Group D. Time Group None Which of the following is a popular open-source Run Book Automation (RBA) solution? A. Phishing B. Malvertising C. Pharming D. Pre-Texting None What is the main purpose of Deep Packet Inspection (DPI)? A. To monitor network traffic for malicious activities B. To prioritize network traffic based on the importance of data packets C. To analyze the content of data packets and make routing decisions based on the analysis D. To reduce network congestion by limiting the flow of data packets None In defense-in-depth strategy, which device is usually placed in the first line? A. Edge Router B. Firewall C. Internal Router D. Access Switch None John and Rhea are two people who want to establish a VPN connection with each other. To do so what could they use to make sure they are talking to the right entity? A. Identity B. Hashing C. Digital Signatures D. Private Key None In which step is the weapon transmitted to the target through a website, removable USB media, an email attachment, or other means? A. reconnaissance B. delivery C. installation D. command and control None A court would only accept digital evidence based on its originality, and the ruling will be based on the same. Which of the following evidence collection method is most likely to be acceptable in a court case? A. Provide a full system backup and network inventory at the time of the incident B. Provide a mirror image of the hard drive related to the incident C. Provide a disk image that contains bits and fragments specific to the incident D. Provide a list of all applications and files accessed at the time of the incident None Which term represents a weakness in a system or its design that could be exploited? A. Vulnerability B. Threat C. Risk D. Exploit None Which of the following encryption algorithm is the strongest? A. AES B. DES C. 3DES D. RC4 None Following figure illustrates the architecture of which Sandboxing Technology? A. Google Chromium sandbox B. Java JVM sandboxing C. Nexpose sandbox D. ArcSight sandbox None Which of the following detection technique deploy statistical analysis of the traffic passing through the network? A. Pattern matching B. Protocol analysis C. Heuristic-Based Analysis D. Anomaly-Based Analysis None Which of the following process is illustrated by below image? A. Windows Boot Process B. Linux Boot Process C. Mac Boot Process D. Both Windows and Linux Boot Process None Evidence-based knowledge of the capabilities of internal and external threat actors is commonly defined as which of the following? A. Threat Hunting B. Reverse engineering C. Threat intelligence D. Malware analysis None Which of the following is true about Host-based IDS (HIDS) or IPS (HIPS)? (Select TWO) A. Have visibility on all network traffic; therefore, can offer better event correlation B. Can slow down the operating system of the host C. Have visibility after encryption and can block an attack delivered via encrypted packets D. Do not have visibility into encrypted packets None admin Vstep – B1 – Listening 1- 35Q – 40m
web page says: I like this web site it’s a master piece! Glad I discovered this 09/08/2024 at 20:33 Reply
I like this web site it’s a master piece! Glad I discovered this