IT Questions Bank Mar 16, 2020 Last Updated: Jun 29, 2023 No Comments Share Tweet Share Pin it IT Questions Bank › Category: CCNA CyberOpsReports of network slowness lead the network administrator to review server alerts. The administrator confirms that an alert was an actual security incident. Which type of security alert classification would this be?ITExamAnswers asked 4 years ago • CCNA CyberOpsThe threat actor has already placed malware on the server causing its performance to slow. The network administrator has found and removed the malware as well as patched the security hole where the threat actor gained access. The network administrator can find no other security issue. What stage of the Cyber Kill Chain did the threat actor achieve?ITExamAnswers asked 4 years ago • CCNA CyberOpsIf the web server runs Microsoft IIS, which Windows tool would the network administrator use to view the access logs?ITExamAnswers asked 4 years ago • CCNA CyberOpsWhat is defined in the SOP of a computer security incident response capability (CSIRC)?IT Administrator asked 4 years ago • CCNA CyberOpsAfter containment, what is the first step of eradicating an attack?IT Administrator asked 4 years ago • CCNA CyberOpsAccording to NIST standards, which incident response stakeholder isresponsible for coordinating an incident response with other stakeholders to minimize the damage of an incident?ITExamAnswers asked 4 years ago • CCNA CyberOpsWhich approach can help block potential malware delivery methods, as described in the Cyber Kill Chain model, on an Internet-facing web server?ITExamAnswers asked 4 years ago • CCNA CyberOpsWhat type of CSIRT organization is responsible for determining trends to help predict and provide warning of future security incidents?ITExamAnswers asked 4 years ago • CCNA CyberOpsWhen dealing with a security threat and using the Cyber Kill Chain model, which two approaches can an organization use to help block potential exploitations on a system? (Choose two.)IT Administrator asked 4 years ago • CCNA CyberOpsWhich meta-feature element in the Diamond Model describes tools and information (such as software, black hat knowledge base, and username and password) that the adversary uses for the intrusion event?ITExamAnswers asked 4 years ago • CCNA CyberOpsWhich three aspects of a target system are most likely to be exploited after a weapon is delivered? (Choose three.)ITExamAnswers asked 4 years ago • CCNA CyberOpsWhich NIST incident response life cycle phase includes training for the computer security incident response team on how to respond to an incident?ITExamAnswers asked 4 years ago • CCNA CyberOpsWhat is a characteristic of a routed port that is configured on a Cisco switch?IT Administrator asked 4 years ago • CCNA CyberOpsWhat action does an Ethernet switch take when it receives a frame with an unknown Layer 2 source address?IT Administrator asked 4 years ago • CCNA CyberOpsRefer to the exhibit. A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?IT Administrator asked 4 years ago • CCNA CyberOps