CCNA Cyber Ops (Version 1.1) – Chapter 12 Test Online Full

How is the hash value of files useful in network security investigations?

Which tool is a Security Onion integrated host-based intrusion detection system?

Which type of evidence supports an assertion based on previously obtained evidence?

Which tool is developed by Cisco and provides an interactive dashboard that allows investigation of the threat landscape?

Which term is used to describe the process of converting log entries into a common format?

According to NIST, which step in the digital forensics process involves extracting relevant information from data?

A law office uses a Linux host as the firewall device for the network. The IT administrator is adding a rule to the firewall iptables to block internal hosts from connecting to a remote device that has the IP address 209.165.202.133. Which command should the administrator use?

What procedure should be avoided in a digital forensics investigation?

Which statement describes a feature of timestamps in Linux?

Which tool is included with Security Onion that is used by Snort to automatically download new rules?

Which tool would an analyst use to start a workflow investigation?

What is indicated by a Snort signature ID that is below 3464?

How does an application program interact with the operating system?

A threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert?

Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. a. How would a certified cybersecurity analyst classify this type of threat actor?

Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. The security team at this company has removed the compromised server and preserved it with the security hack still embedded. What type of evidence is this?

Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. Which type of attack was achieved?

Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. What would be the threat attribution in this case?

Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. What are three common tools used to carry out this type of attack? (Choose three.)

Refer to the exhibit. A network security specialist issues the command tcpdump to capture events. What is the function provided by the ampersand symbol used in the command?

Refer to the exhibit. A cybersecurity analyst is using Sguil to verify security alerts. How is the current view sorted?

Which three procedures in Sguil are provided to security analysts to address alerts? (Choose three.)

Which two strings will be matched by the regular expression? (Choose two.) Level[^12]

Which statement describes the status after the Security Onion VM is started?

What are the three core functions provided by the Security Onion? (Choose three.)

Refer to the exhibit. A network security analyst is using the Follow TCP Stream feature in Wireshark to rebuild the TCP transaction. However, the transaction data seems indecipherable. What is the explanation for this?

What is the tool that has alert records linked directly to the search functionality of the Enterprise Log Search and Archive (ELSA)?

Refer to the exhibit. A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?

Which two types of unreadable network traffic could be eliminated from data collected by NSM? (Choose two.)