CCNA Cyber Ops (Version 1.1) – FINAL Test Online Full

Hint

After the tcpdump command is issued, the device displays the message, [1] 6337. The message indicates that the process with PID 6337was sent to the background.

Hint

An inline frame or iFrame is an HTML element that allows the browser to load a different web page from another source.

Hint

Asymmetric algorithms can use very long key lengths in order to avoid being hacked. This results in the use of significantly increased resources and time compared to symmetric algorithms.

Hint

A network tap is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and forwards all traffic, including physical layer errors, to an analysis device.

Hint

The traffic flow shown has a source port of 53 and a destination port of 1025. Port 53 is used for DNS and because the source port is 53, this traffic is responding to a client machine from a DNS server. The IP PROTOCOL is 17 and specifies that UDP is being used and the TCP flag is set to 0.

Hint

NIST describes the digital forensics process as involving the following four steps:

• Collection – the identification of potential sources of forensic data and acquisition, handling, and storage of that data
• Examination – assessing and extracting relevant information from the collected data. This may involve decompression or decryption of the data
• Analysis – drawing conclusions from the data. Salient features, such as people, places, times, events, and so on should be documented
• Reporting – preparing and presenting information that resulted from the analysis. Reporting should be impartial and alternative explanations should be offered if appropriate

Hint

Use the Task Manager Performance tab to see a visual representation of CPU and RAM utilization. This is helpful in determining if more memory is needed. Use the Applications tab to halt an application that is not responding.

Hint

Technologies in a SOC should include the following:

• Event collection, correlation, and analysis
• Security monitoring
• Security control
• Log management
• Vulnerability assessment
• Vulnerability tracking
• Threat intelligence
• Firewall appliances, VPNs, and IPS are security devices deployed in the network infrastructure.

Hint

The SSH protocol uses an asymmetric key algorithm to authenticate users and encrypt data transmitted. The SSH server generates a pair of public/private keys for the connections. Encrypting files before saving them to a storage device uses a symmetric key algorithm because the same key is used to encrypt and decrypt files. The router authentication with CHAP uses a symmetric key algorithm. The key is pre-configured by the network administrator. A VPN may use both an asymmetric key and a symmetric encryption algorithm. For example in an IPSec VPN implementation, the data transmission uses a shared secret (generated with an asymmetric key algorithm) with a symmetric encryption algorithm used for performance.

Hint

The type of end user interaction required to launch a virus is typically opening an application, opening a web page, or powering on the computer. Once activated, a virus may infect other files located on the computer or other computers on the same network.

Hint

By default Windows keeps four types of host logs:

• Application logs – events logged by various applications
• System logs – events about the operation of drivers, processes, and hardware
• Setup logs – information about the installation of software, including Windows updates
• Security logs – events related to security, such as logon attempts and operations related to file or object management and access

Hint

The human resources department may be called upon to perform disciplinary measures if an incident is caused by an employee.

Hint

In a typical SOC, the job of a Tier 2 incident responder involves deep investigation of security incidents.

Hint

Confidential and secure transfers of data with VPNs require data encryption.

Hint

The SANS Institute describes three components of the attack surface:

• Network Attack Surface – exploitation of vulnerabilities in networks
• Software Attack Surface – exploitation of vulnerabilities in web, cloud, or host-based software applications
• Human Attack Surface – exploitation of weaknesses in user behavior

Hint

The Simple Network Management Protocol is used by network devices to send and log messages to a syslog server in order to monitor traffic and network device events. The syslog service must be enabled on the server or a syslog server application must be installed in order to receive such traffic.

Hint

Hacktivists are typically hackers who protest against a variety of political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles and leaking sensitive information. Accessing school database and changing grades is probably made by a few script kiddies. Offers from someone to restore data for a hefty fee is a ransomware attack. Attacking the major power grid is typically conducted by a government.

Hint

The file system has no control over the speed of access or formatting of drives, and the ease of configuration is not file system-dependent.

Hint

Digitally signing code provides several assurances about the code:

• The code is authentic and is actually sourced by the publisher.
• The code has not been modified since it left the software publisher.
• The publisher undeniably published the code. This provides nonrepudiation of the act of publishing.

Hint

One key difference between TACACS+ and RADIUS protocols is that TACACS+ provides flexibility by separating authentication and authorization processes. RADIUS, on the other hand, combines authentication and authorization as one process.

Hint

SNMP is an application layer protocol that allows administrators to manage devices on the network by providing a messaging format for communication between network device managers and agents.

Hint

Cybercriminals are commonly motivated by money. Hackers are known to hack for status. Cyberterrorists are motivated to commit cybercrimes for religious or political reasons.

Hint

Unsuccessful pings usually indicate a network problem which eliminates the virus option. In this case computers in the same classroom would also be on the same network. Port 25 is used used by the email SMTP protocol, not by ping.

Hint

One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.

Hint

Domain Name Service translates names into numerical addresses, and associates the two. DHCP provides IP addresses dynamically to pools of devices. HTTP delivers web pages to users. FTP manages file transfers.

Hint

Malware could be used by a threat actor to collect stolen encoded data, decode it, and then gain access to corporate data such as a username/password database.

Hint

The Wireshark capture is a DNS response from the DNS server to PC-A. Because the packet was captured on the LAN that the PC is on, router DG would have encapsulated the response packet from the ISP router into an Ethernet frame addressed to PC-A and forwarded the frame with the MAC address of PC-A as the destination.

Hint

With the anomaly-based intrusion detection approach, a set of rules or policies are applied to a host. Violation of these policies is interpreted to be the result of a potential intrusion.

Hint

When a threat actor prepares a weapon for an attack, the threat actor chooses an automated tool (weaponizer) that can be deployed through discovered vulnerabilities. Malware that will carry desired attacks is then built into the tool as the payload. The weapon (tool plus malware payload) will be delivered to the target system. By using a zero-day weaponizer, the threat actor hopes that the weapon will not be detected because it is unknown to security professionals and detection methods are not yet developed.

Hint

NetFlow efficiently provides an important set of services for IP applications including network traffic accounting, usage-based network billing, network planning, security, denial of service monitoring capabilities, and network monitoring.

Hint

Volatile data is data stored in memory such as registers, cache, and RAM, or it is data that exists in transit. Volatile memory is lost when the computer loses power.