Let’s travel together.

CCNA Cybersecurity Operations (Vesion 1.1) – CyberOps Chapter 10 Exam Answers

  1. Which class of metric in the CVSS Basic metric group defines the features ofthe exploit such as the vector, complexity, and user interaction required by the exploit?
    • Impact
    • Exploitability *
    • Modified Base
    • Exploit Code Maturity
  2. Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?
    • Assess
    • Discover *
    • Remediate
    • Prioritize assets
  3. In network security assessments, which type of test is used to evaluate the risk posed by vulnerabilities to a specific organization, including assessment of the likelihood of attacks and the impact of successful exploits on the organization?
    • Risk analysis *
    • Port scanning
    • Penetration testing
    • Vulnerability assessment
  4. In most host-based security suites, which function provides robust logging of security-related events and sends logs to a central location?
    • intrusion detection and prevention
    • anti-phishing
    • telemetry
    • safe browsing
  5. On a Windows host, which tool can be used to create and maintain blacklists and whitelists?
    • Group Policy Editor
    • Local Users and Groups
    • Computer Management
    • Task Manager
  6. Which statement describes agentless antivirus protection?
    • Host-based antivirus systems provide agentless antivirus protection.
    • The antivirus protection is provided by the router that is connected to a cloud service.
    • The antivirus protection is provided by the ISP.
    • Antivirus scans are performed on hosts from a centralized system.
  7. In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities?
    • risk analysis
    • penetration testing
    • vulnerability assessment
    • strength of network security testing
  8. The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?
    • risk avoidance
    • risk retention
    • risk reduction
    • risk sharing
  9. In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences?
    • risk reduction
    • risk avoidance
    • risk retention
    • risk sharing
  10. Which three devices are possible examples of network endpoints? (Choose three.)
    • Router
    • Sensor *
    • Wireless AP
    • IoT controller *
    • VPN appliance
    • Network security camera *
  11. Which antimalware software approach can recognize various characteristics of known malware files to detect a threat?
    • Routing-based
    • Behavior-based
    • Signature-based *
    • Heuristics-based
  12. As described by the SANS Institute, which attack surface includes the exploitation of vulnerabilities in wired and wireless protocols used by IoT devices?
    • Human Attack Surface
    • Internet Attack Surface
    • Network Attack Surface *
    • Software Attack Surface
  13. In profiling a server, what defines what an application is allowed to do or run on a server?
    • User accounts
    • Listening ports
    • Service accounts *
    • Software environment
  14. What is a host-based intrusion detection system (HIDS)?
    • It identifies potential attacks and sends alerts but does not stop the traffic.
    • It detects and stops potential direct attacks but does not scan for malware.
    • It is an agentless system that scans files on a host for potential malware.
    • It combines the functionalities of antimalware applications with firewall protection.
  15. What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file?
    • behavior-based
    • agent-based
    • signature-based
    • heuristic-based
  16. Which device in a LAN infrastructure is susceptible to MAC address-table overflow and spoofing attacks?
    • firewall
    • workstation
    • server
    • switch
  17. Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component?
    • user interaction
    • attack vector
    • attack complexity
    • privileges required
  18. In addressing an identified risk, which strategy aims to stop performing the activities that create risk?
    • risk reduction
    • risk avoidance
    • risk retention
    • risk sharing
  19. Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites?
    • whitelisting
    • HIDS
    • blacklisting
    • baselining
  20. Which statement describes the use of a Network Admission Control (NAC) solution?
    • It provides network access to only authorized and compliant systems.
    • A Network Admission Control solution provides filtering of potentially malicious emails before they reach the endpoint.
    • It provides endpoint protection from viruses and malware.
    • It provides filtering and blacklisting of websites being accessed by end users.
  21. Which statement describes the Cisco Threat Grid Glovebox?
    • It is a network-based IDS/IPS.
    • It is a firewall appliance.
    • It is a host-based intrusion detection system (HIDS) solution to fight against malware
    • It is a sandbox product for analyzing malware behaviors.
  22. Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?
    • heuristics-based
    • packet-based
    • behavior-based
    • signature-based
  23. Which regulatory compliance regulation sets requirements for all U.S. public company boards, management and public accounting firms regarding the way in which corporations control and disclose financial information?
    • Gramm-Leach-Bliley Act (GLBA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Federal Information Security Management Act of 2002 (FISMA)
    • Sarbanes-Oxley Act of 2002 (SOX)
  24. Which statement describes the term attack surface?
    • It is the total sum of vulnerabilities in a system that is accessible to an attacker.
    • It is the group of hosts that experiences the same attack.
    • It is the network interface where attacks originate.
    • It is the total number of attacks toward an organization within a day.
  25. Which step in the Vulnerability Management Life Cycle determines a baseline risk profile to eliminate risks based on asset criticality, vulnerability threat, and asset classification?
    • assess
    • discover
    • verify
    • prioritize assets
  26. When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?
    • session duration
    • critical asset address space
    • ports used
    • total throughput
  27. Which statement describes the term iptables?
    • It is a file used by a DHCP server to store current active IP addresses.
    • It is a DHCP application in Windows.
    • It is a DNS daemon in Linux.
    • It is a rule-based firewall application in Linux.
  28. For network systems, which management system addresses the inventory and control of hardware and software configurations?
    • asset management
    • vulnerability management
    • risk management
    • configuration management
  29. Which statement describes the anomaly-based intrusion detection approach?
    • It compares the signatures of incoming traffic to a known intrusion database.
    • It compares the antivirus definition file to a cloud based repository for latest updates.
    • It compares the operations of a host against a well-defined security policy.
    • It compares the behavior of a host to an established baseline to identify potential intrusions.
  30. What is the first step taken in risk assessment?
    • Identify threats and vulnerabilities and the matching of threats with vulnerabilities.
    • Establish a baseline to indicate risk before security controls are implemented.
    • Compare to any ongoing risk assessment as a means of evaluating risk management effectiveness.
    • Perform audits to verify threats are eliminated.
  31. Which statement describes the threat-vulnerability (T-V) pairing?
    • It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
    • It is the comparison between known malware and system risks.
    • It is the detection of malware against a central vulnerability research center.
    • It is the advisory notice from a vulnerability research center.
  32. Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.)
    • Modified Base
    • Confidentiality Requirement
    • Exploit Code Maturity
    • Exploitability
    • Impact metrics
  33. Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks? (Choose two)
    • scope
    • attack complexity
    • user interaction
    • attack vector
    • privileges required
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x