Time limit: 0
Quiz-summary
0 of 24 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
Information
Network Defense (NetDef) Module 9 - 11 Group Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 24 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- Answered
- Review
-
Question 1 of 24
1. Question
1 pointsWhich two technologies are primarily used on peer-to-peer networks? (Choose two.)Correct
Incorrect
Hint
Bitcoin is used to share a distributed database or ledger. BitTorrent is used for file sharing. -
Question 2 of 24
2. Question
1 pointsWhich technique would a threat actor use to disguise traces of an ongoing exploit?Correct
Incorrect
Hint
The Network Time Protocol (NTP) uses a hierarchy of time sources to provide a consistent time clock to network infrastructure devices. Threat actors may attack the NTP infrastructure in order to corrupt time information that is used in network logs. -
Question 3 of 24
3. Question
1 pointsWhich type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs?Correct
Incorrect
Hint
Packet filtering ACLs use rules to filter incoming and outgoing traffic. These rules are defined by specifying IP addresses, port numbers, and protocols to be matched. Threat actors can use a reconnaissance attack involving port scanning or penetration testing to determine which IP addresses, protocols, and ports are allowed by ACLs. -
Question 4 of 24
4. Question
1 pointsWhat is the purpose of Tor?Correct
Incorrect
Hint
Tor is a software platform and network of peer-to-peer (P2P) hosts that function as routers. Users access the Tor network by using a special browserthat allows them to browse anonymously. -
Question 5 of 24
5. Question
1 pointsWhich protocol is exploited by cybercriminals who create malicious iFrames?Correct
Incorrect
Hint
An HTML element known as an inline frame or iFrame allows the browser to load a different web page from another source. -
Question 6 of 24
6. Question
1 pointsAfter a security monitoring tool identifies a malware attachment entering the network, what is the benefit of performing a retrospective analysis?Correct
Incorrect
Hint
General security monitoring can identify when a malware attachment enters a network and which host is first infected. Retrospective analysis takes the next step and is the tracking of the behavior of the malware from that point forward. -
Question 7 of 24
7. Question
1 pointsWhich technique is necessary to ensure a private transfer of data using a VPN?Correct
Incorrect
Hint
Confidential and secure transfers of data with VPNs require data encryption. -
Question 8 of 24
8. Question
1 pointsWhich method is used by some malware to transfer files from infected hosts to a threat actor host?Correct
Incorrect
Hint
ICMP traffic from inside the company is also a threat. Some varieties of malware use ICMP packets to transfer files from infected hosts to threat actors via ICMP tunneling. -
Question 9 of 24
9. Question
1 pointsMatch the Windows host log to the messages contained in it.Correct
Incorrect
Hint
Place the options in the following order:Events logged by various applications Application logs Events related to the operation of drivers, processes, and hardware System logs Information about the installation of software, including Windows updates Setup logs Events related to logon attempts and operations related to file or object management and access Security logs -
Question 10 of 24
10. Question
1 pointsWhat is a key difference between the data captured by NetFlow and data captured by Wireshark?Correct
Incorrect
Hint
Wireshark captures the entire contents of a packet. NetFlow does not. Instead, NetFlow collects metadata, or data about the flow. -
Question 11 of 24
11. Question
1 pointsWhich type of data is used by Cisco Cognitive Intelligence to find malicious activity that has bypassed security controls, or entered through unmonitored channels, and is operating inside an enterprise network?Correct
Incorrect
Hint
Cisco Cognitive Intelligence utilizes statistical data for statistical analysis in order to find malicious activity that has bypassed security controls, or entered through unmonitored channels (including removable media), and is operating inside the network of an organization. -
Question 12 of 24
12. Question
1 pointsMatch the network monitoring data type with the description.Correct
Incorrect
Hint
Place the options in the following order:Includes device-specific server and host logs Transaction data Generated by IPS or IDS devices when suspicious traffic is detected Alert data Used to describe and analyze network flow or performance data Statistical data contains details of network flows including the 5-tuples, the amount of data transmitted, and the duration of data transmission Session data -
Question 13 of 24
13. Question
1 pointsWhich Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?Correct
Incorrect
Hint
The Cisco Web Security Appliance (WSA) acts as a web proxy for an enterprise network. WSA can provide many types of logs related to web traffic security including ACL decision logs, malware scan logs, and web reputation filtering logs. The Cisco Email Security Appliance (ESA) is a tool to monitor most aspects of email delivery, system functioning, antivirus, antispam operations, and blacklist and whitelist decisions. The Cisco ASA is a firewall appliance. The Cisco Application Visibility and Control (AVC) system combines multiple technologies to recognize, analyze, and control over 1000 applications. -
Question 14 of 24
14. Question
1 pointsA system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?Correct
Incorrect
Hint
On Windows computers, security logging and security policies enforcement are carried out by the Local Security Authority Subsystem Service (LSASS), running as lsass.exe. It should be running from the Windows\System32 directory. If a file with this name, or a camouflaged name, such as 1sass.exe, is running or running from another directory, it could be malware. -
Question 15 of 24
15. Question
1 pointsHow does a web proxy device provide data loss prevention (DLP) for an enterprise?Correct
Incorrect
Hint
A web proxy device can inspect outgoing traffic as means of data loss prevention (DLP). DLP involves scanning outgoing traffic to detect whether the data that is leaving the enterprise network contains sensitive, confidential, or secret information. -
Question 16 of 24
16. Question
1 pointsWhich two services are provided by the NetFlow tool? (Choose two.)Correct
Incorrect
Hint
NetFlow efficiently provides an important set of services for IP applications including network traffic accounting, usage-based network billing, network planning, security, denial of service monitoring capabilities, and network monitoring. -
Question 17 of 24
17. Question
1 pointsWhat information is contained in the options section of a Snort rule?Correct
Incorrect
Hint
Snort rules consist of two sections, the rules header and the rule options. The rule options section of a snort rule consists of the messages text displayed to describe an alert as well as metadata about the alert. -
Question 18 of 24
18. Question
1 pointsWhich classification indicates that an alert is verified as an actual security incident?Correct
Incorrect
Hint
Alerts can be classified as follows: True Positive: The alert has been verified to be an actual security incident. False Positive: The alert does not indicate an actual security incident. Benign activity that results in a false positive is sometimes referred to as a benign trigger. An alternative situation is that an alert was not generated. The absence of an alert can be classified as follows: True Negative: No security incident has occurred. The activity is benign. False Negative: An undetected incident has occurred. -
Question 19 of 24
19. Question
1 pointsMatch the characteristic to the method of security analysis.each event is the inevitable result of antecedent causes Deterministic precise method that yields the same result every time by relying on predefined conditions Deterministic analysis of applications that conform to application/networking standards Deterministic random variables create difficulty in knowing the outcome of any given event with certainty Probabilistic preferred method for analyzing applications designed to circumvent firewalls Probabilistic Correct
Incorrect
-
Question 20 of 24
20. Question
1 pointsA threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert?Correct
Incorrect
Hint
A false negative is where no alert exists and exploits are not being detected by the security systems that are in place. -
Question 21 of 24
21. Question
1 pointsWhat are two scenarios where probabilistic security analysis is best suited? (Choose two.)Correct
Incorrect
Hint
Probabilistic analysis relies on statistical techniques that are designed to estimate the probability that an event will occur based on the likelihood that prior events will occur. -
Question 22 of 24
22. Question
1 pointsWhat are the three core functions provided by the Security Onion? (Choose three.)Correct
Incorrect
Hint
Security Onion is an open source suite of Network Security Monitoring (NSM) tools for evaluating cybersecurity alerts. For cybersecurity analysts the Security Onion provides full packet capture, network-based and host-based intrusion detection systems, and alert analysis tools. -
Question 23 of 24
23. Question
1 pointsRefer to the exhibit. Which field in the Sguil event window indicates the number of times an event is detected for the same source and destination IP address?Correct
Incorrect
Hint
The CNT field indicates the number of times an event is detected from the same source and destination IP address. Having a high number of events can indicated a problem with event signatures. -
Question 24 of 24
24. Question
1 pointsMatch the Snort rule source to the description.Correct
Incorrect