CCNA Cyber Ops (Version 1.1) – Chapter 13 Test Online Full

When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to help block potential exploitations of a system? (Choose two.)

Which action should be included in a plan element that is part of a computer security incident response capability (CSIRC)?

What is the objective the threat actor in establishing a two-way communication channel between the target system and a CnC infrastructure?

After containment, what is the first step of eradicating an attack?

What is defined in the SOP of a computer security incident response capability (CSIRC)?

A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. The threat actor has already placed malware on the server causing its performance to slow. The network administrator has found and removed the malware as well as patched the security hole where the threat actor gained access. The network administrator can find no other security issue. What stage of the Cyber Kill Chain did the threat actor achieve?

A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. If the web server runs Microsoft IIS, which Windows tool would the network administrator use to view the access logs?

A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. Reports of network slowness lead the network administrator to review server alerts. The administrator confirms that an alert was an actual security incident. Which type of security alert classification would this be?

A school has a web server mainly used for parents to view school events, access student performance indicators, and communicate with teachers. The network administrator suspects a security-related event has occurred and is reviewing what steps should be taken. The network administrator believes that the threat actor used a commonly available tool to slow the server down. The administrator concludes that based on the source IP address identified in the alert, the threat actor was probably one of the students. What type of hacker would the student be classified as?

What is the goal of an attack in the installation phase of the Cyber Kill Chain?

Which meta-feature element in the Diamond Model describes information gained by the adversary?

What is a benefit of using the VERIS community database?

When a security attack has occurred, which two approaches should security professionals take to mitigate a compromised system during the Actions on Objectives step as defined by the Cyber Kill Chain model? (Choose two.)

A threat actor has identified the potential vulnerability of the web server of an organization and is building an attack. What will the threat actor possibly do to build an attack weapon?

Which action is taken in the postincident phase of the NIST incident response life cycle?

Which top-level element of the VERIS schema would allow a company to log who the actors were, what actions affected the asset, which assets were affected, and how the asset was affected?

What is the role of vendor teams as they relate to CSIRT?

According to information outlined by the Cyber Kill Chain, which two approaches can help identify reconnaissance threats? (Choose two.)

To ensure that the chain of custody is maintained, what three items should be logged about evidence that is collected and analyzed after a security incident has occurred? (Choose three.)

Which schema or model was created to anonymously share quality information about security events to the security community?

What is the purpose of the policy element in a computer security incident response capability of an organization, as recommended by NIST?

What information is gathered by the CSIRT when determining the scope of a security incident?

What is the main purpose of exploitations by a threat actor through the weapon delivered to a target during the Cyber Kill Chain exploitation phase?

Which term is used in the Diamond Model of intrusion to describe a tool that a threat actor uses toward a target system?

What is the role of a Computer Emergency Response Team?

In the NIST incident response process life cycle, which type of attack vector involves the use of brute force against devices, networks, or services?

Which NIST incident response life cycle phase includes continuous monitoring by the CSIRT to quickly identify and validate an incident?

Which NIST incident response life cycle phase includes training for the computer security incident response team on how to respond to an incident?

Which three aspects of a target system are most likely to be exploited after a weapon is delivered? (Choose three.)

Which meta-feature element in the Diamond Model describes tools and information (such as software, black hat knowledge base, and username and password) that the adversary uses for the intrusion event?

Which activity is typically performed by a threat actor in the installation phase of the Cyber Kill Chain?

Which top-level element of the VERIS schema would allow a company to document the incident timeline?

When dealing with a security threat and using the Cyber Kill Chain model, which two approaches can an organization use to help block potential exploitations on a system? (Choose two.)

What is a chain of custody?

What type of CSIRT organization is responsible for determining trends to help predict and provide warning of future security incidents?

Which approach can help block potential malware delivery methods, as described in the Cyber Kill Chain model, on an Internet-facing web server?

According to NIST standards, which incident response stakeholder isresponsible for coordinating an incident response with other stakeholders to minimize the damage of an incident?

After a threat actor completes a port scan of the public web server of an organization and identifies a potential vulnerability, what is the next phase for the threat actor in order to prepare and launch an attack as defined in the Cyber Kill Chain?

A threat actor collects information from web servers of an organization and searches for employee contact information. The information collected is further used to search personal information on the Internet. To which attack phase do these activities belong according to the Cyber Kill Chain model?

Match the security incident stakeholder with the role.

Match the attack vector with the description.

Match the NIST incident response life cycle phase with the description.

Match the NIST incident response stakeholder with the role.