CyberOps Associate (200-201) Certification Practice – Test online

Match the definition to the Microsoft Windows term. (Not all options are used.)

What are two motivating factors for nation-state sponsored threat actors? (Choose two.)

Match the description to the Linux term. (Not all options are used.)

Match the antimalware approach to the description.

Which type of data is used by Cisco Cognitive Intelligence to find malicious activity that has bypassed security controls, or entered through unmonitored channels, and is operating inside an enterprise network?

Which type of evasion technique splits malicious payloads into smaller packets in order to bypass security sensors that do not reassemble the payloads before scanning them?

Which type of cyber attack is a form of MiTM in which the perpetrator copies IP packets off the network without modifying them?

Which is an example of social engineering?

Which component is a pillar of the zero trust security approach that focuses on the secure access of devices, such as servers, printers, and other endpoints, including devices attached to IoT?

A security analyst is reviewing information contained in a Wireshark capture created during an attempted intrusion. The analyst wants to correlate the Wireshark information with the log files from two servers that may have been compromised. What type of information can be used to correlate the events found in these multiple data sets?

A security analyst is investigating a cyber attack that began by compromising one file system through a vulnerability in a custom software application. The attack now appears to be affecting additional file systems under the control of another security authority. Which CVSS v3.0 base exploitability metric score is increased by this attack characteristic?

Which regular expression would match any string that contains 4 consecutive zeros?

Refer to the exhibit. Which technology generated the event log?

Refer to the exhibit. A security specialist is using Wireshark to review a PCAP file generated by tcpdump . When the client initiated a file download request, which source socket pair was used?

Match the security service with the description.

Using Tcpdump and Wireshark, a security analyst extracts a downloaded file from a pcap file. The analyst suspects that the file is a virus and wants to know the file type for further examination. Which Linux command can be used to determine the file type?

Match the IPS alarm with the description.

What is a feature of an IPS?

Which three fields are found in both the TCP and UDP headers? (Choose three.)

What will match the regular expression ^83?

What is a key difference between the data captured by NetFlow and data captured by Wireshark?

Which three IPv4 header fields have no equivalent in an IPv6 header? (Choose three.)

What classification is used for an alert that correctly identifies that an exploit has occurred?

Match the NIST incident response life cycle phase with the description.

Place the seven steps defined in the Cyber Kill Chain in the correct order.

During the detection and analysis phase of the NIST incident response process life cycle, which sign category is used to describe that an incident might occur in the future?

According to the Cyber Kill Chain model, after a weapon is delivered to a targeted system, what is the next step that a threat actor would take?

A company is applying the NIST.SP800-61 r2 incident handling process to security events. What are two examples of incidents that are in the category of precursor? (Choose two.)

A network administrator is creating a network profile to generate a network baseline. What is included in the critical asset address space element?

Which NIST-defined incident response stakeholder is responsible for coordinating incident response with other stakeholders and minimizing the damage of an incident?

What is defined in the policy element of the NIST incident response plan?

What is the responsibility of the human resources department when handing a security incident as defined by NIST?

What is the benefit of a defense-in-depth approach?

Which type of analysis relies on predefined conditions and can analyze applications that only use well-known fixed ports?

Which type of analysis relies on different methods to establish the likelihood that a security event has happened or will happen?

Which access control model allows users to control access to data as an owner of that data?

What are the three impact metrics contained in the CVSS 3.0 Base Metric Group? (Choose three.)

Which access control model applies the strictest access control and is often used in military and mission critical applications?

Match the security concept to the description.

What is the principle behind the nondiscretionary access control model?

Match the information security component with the description.

Which attack is integrated with the lowest levels of the operating system of a host and attempts to completely hide the activities of the threat actor on the local system?

Which tool captures full data packets with a command-line interface only?

To which category of security attacks does man-in-the-middle belong?

What is an example of a local exploit?

Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?

Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials?

What are two examples of DoS attacks? (Choose two.)

Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs?

Refer to the exhibit. A security analyst is reviewing an alert message generated by Snort. What does the number 2100498 in the message indicate?

Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)

Which security function is provided by encryption algorithms?

Match the Windows term to the description.

Which security endpoint setting would be used by a security analyst to determine if a computer has been configured to prevent a particular application from running?

Refer to the exhibit. Which technology would contain information similar to the data shown for infrastructure devices within a company?

At the request of investors, a company is proceeding with cyber attribution with a particular attack that was conducted from an external source. Which security term is used to describe the person or device responsible for the attack?

Which Windows application is commonly used by a cybersecurity analyst to view Microsoft IIS access logs?

Which two algorithms use a hashing function to ensure message integrity? (Choose two.)

Which type of evidence cannot prove an IT security fact on its own?

Refer to the exhibit. Approximately what percentage of the physical memory is still available on this Windows system?

Which Windows tool can be used by a cybersecurity administrator to secure stand-alone computers that are not part of an active directory domain?

What are three benefits of using symbolic links over hard links in Linux? (Choose three.)

When attempting to improve system performance for Linux computers with a limited amount of memory, why is increasing the size of the swap file system not considered the best solution?

Refer to the exhibit. A security analyst is reviewing the logs of an Apache web server. Which action should the analyst take based on the output shown?

A security professional is making recommendations to a company for enhancing endpoint security. Which security endpoint technology would be recommended as an agent-based system to protect hosts against malware?

Which technique could be used by security personnel to analyze a suspicious file in a safe environment?

A cybersecurity analyst has been called to a crime scene that contains several technology items including a computer. Which technique will be used so that the information found on the computer can be used in court?

Which SOC technology automates security responses by using predefined playbooks which require a minimum amount of human intervention?

What is the first line of defense when an organization is using a defense-in-depth approach to network security?

Which access control model assigns security privileges based on the position, responsibilities, or job classification of an individual or group within an organization?

Which metric in the CVSS Base Metric Group is used with an attack vector?

Which field in the IPv6 header points to optional network layer information that is carried in the IPv6 packet?

Which data security component is provided by hashing algorithms?

Which attack surface, defined by the SANS Institute, is delivered through the exploitation of vulnerabilities in web, cloud, or host-based applications?

What is the main goal of using different evasion techniques by threat actors?

How can NAT/PAT complicate network security monitoring if NetFlow is being used?

Which statement describes the function provided by the Tor network?

When establishing a server profile for an organization, which element describes the type of service that an application is allowed to run on the server?

What will a threat actor do to create a back door on a compromised target according to the Cyber Kill Chain model?

Which three things will a threat actor do to prepare a DDoS attack against a target system on the Internet? (Choose three.)

What is specified in the plan element of the NIST incident response plan?

What is the responsibility of the IT support group when handing an incident as defined by NIST?

What is an example of privilege escalation attack?

A threat hunter is concerned about a significant increase in TCP traffic sourced from port 53. It is suspected that malicious file transfer traffic is being tunneled out using the TCP DNS port. Which deep packet inspection tool can detect the type of application originating the suspicious traffic?

Which type of evaluation includes the assessment of the likelihood of an attack, the type of threat actor likely to perpetrate such an attack, and what the consequences could be to the organization if the exploit is successful?

When establishing a network profile for an organization, which element describes the time between the establishment of a data flow and its termination?

Which term describes a threat actor who has advanced skills and pursues a social agenda?

Refer to the exhibit. A security specialist is checking if files in the directory contain ADS data. Which switch should be used to show that a file has ADS attached?

The SOC manager is reviewing the metrics for the previous calendar quarter and discovers that the MTTD for a breach of password security perpetrated through the Internet was forty days. What does the MTTD metric represent within the SOC?

A cybersecurity analyst is performing a CVSS assessment on an attack where a web link was sent to several employees. Once clicked, an internal attack was launched. Which CVSS Base Metric Group Exploitability metric is used to document that the user had to click on the link in order for the attack to occur?

When a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server?

Which two actions should be taken during the preparation phase of the incident response life cycle defined by NIST? (Choose two.)

Match the NIST incident response stakeholder with the role.

Match the file system term used in Linux to the function.

Which information security component is compromised in a DDoS attack?