Name:     ID: 
 
Email: 

CybSec-FIN17Qs

Multiple Choice
Identify the choice that best completes the statement or answers the question.
 

 1. 

A threat actor has gained administrative access to a system and achieved the goal of controlling the system for a future DDoS attack by establishing a communication channel with a CnC owned by the threat actor. Which phase in the Cyber Kill Chain model describes the situation?
a.
exploitation
c.
delivery
b.
command and control
d.
action on objectives
 

 2. 

Which term is used for describing automated queries that are useful for adding efficiency to the cyberoperations workflow?
a.
rootkit
c.
chain of custody
b.
cyber kill chain
d.
playbook
 

 3. 

When a user visits an online store website that uses HTTPS, the user browser queries the CA for a CRL. What is the purpose of this query?
a.
to negotiate the best encryption to use
c.
to check the length of key used for the digital certificate
b.
to request the CA self-signed digital certificate
d.
to verify the validity of the digital certificate
 

 4. 

Which statement describes the state of the administrator and guest accounts after a user installs Windows desktop version to a new computer?
a.
By default, both the administrator and guest accounts are enabled.
c.
By default, the administrator account is enabled but the guest account is disabled.
b.
By default, the guest account is enabled but the administrator account is disabled.
d.
By default, both the administrator and guest accounts are disabled.
 

 5. 

According to NIST, which step in the digital forensics process involves preparing and presenting information that resulted from scrutinizing data?
a.
reporting
c.
analysis
b.
collection
d.
examination
 

 6. 

What is indicated by a true negative security alert classification?
a.
Normal traffic is correctly ignored and erroneous alerts are not being issued
c.
An alert is incorrectly issued and does not indicate an actual security incident.
b.
An alert is verified to be an actual security incident.
d.
Exploits are not being detected by the security systems that are in place.
 

 7. 

mc007-1.jpgThe exhibit consists of a rectangular box containing the  command tcpdump, which has been issued with options. The output of that command is also shown.

Refer to the exhibit. A network security specialist issues the command tcpdump to capture events. What does the number 6337 indicate?
a.
the port that tcpdump is listening to
c.
the process id of the tcpdump command
b.
the Snort signature id that tcpdump will watch and capture
d.
the number of transactions currently captured
 

 8. 


What is the result of using security devices that include HTTPS decryption and inspection services?
a.
The devices introduce processing delays and privacy issues.
c.
The devices require continuous monitoring and fine tuning.
b.
The devices must have preconfigured usernames and passwords for all users.
d.
Monthly service contracts with reputable web filtering sites can be costly.
 

 9. 


Which technology might increase the security challenge to the implementation of IoT in an enterprise environment?
a.
CPU processing speed
c.
cloud computing
b.
data storage
d.
network bandwidth
 

 10. 

In which situation is an asymmetric key algorithm used?
a.
User data is transmitted across the network after a VPN is established.
c.
A network administrator connects to a Cisco router with SSH.
b.
Two Cisco routers authenticate each other with CHAP.
d.
An office manager encrypts confidential files before saving them to a removable device.
 

 11. 


Because of implemented security controls, a user can only access a server with FTP.
Which AAA component accomplishes this?
a.
authorization
d.
auditing
b.
accessibility
e.
authentication
c.
accounting
 

 12. 

mc012-1.jpgRefer to the exhibit. A cybersecurity analyst is viewing captured packets forwarded on switch S1. Which device has the MAC address d8:cb:8a:5c:d5:8a?
a.
router ISP
d.
web server
b.
router DG
e.
PC-A
c.
DNS server
 

 13. 

Based on the command output shown, which file permission or permissions have been assigned to the other user group for the data.txt file?
ls –l data.txt
-rwxrw-r-- sales staff 1028 May 28 15:50 data.txt
a.
full access
c.
read, write, execute
b.
read, write
d.
read
 

 14. 

Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?
a.
The administrator has control over specific security functions, but not standard applications.
c.
More network applications are created for this environment.
b.
It is easier to use than other server operating systems.
d.
It can be acquired at no charge.
 

Multiple Response
Identify one or more choices that best complete the statement or answer the question.
 

 15. 

What are two advantages of using the community VERIS database? (Choose two.)
 a.
Data is in a format that allows for manipulation.
 d.
The data sets are compact for easy download.
 b.
The access fee is minimal.
 e.
The data is open and free to the public.
 c.
The database is sponsored and backed by governments.
 

 16. 

When dealing with security threats and using the Cyber Kill Chain model, which two approaches can an organization use to block a potential back door creation? (Choose two.)
 a.
Conduct damage assessment.
 d.
Consolidate the number of Internet points of presence.
 b.
Audit endpoints to discover abnormal file creations.
 e.
Establish an incident response playbook.
 c.
Use HIPS to alert or place a block on common installation paths.
 

 17. 

What are three functions provided by the syslog service? (Choose three.)
 a.
to provide traffic analysis
 d.
to provide statistics on packets that are flowing through a Cisco device
 b.
to gather logging information for monitoring and troubleshooting
 e.
to select the type of logging information that is captured
 c.
to periodically poll agents for data
 f.
to specify the destinations of captured messages
 

 18. 

A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.)
 a.
SHA-1
 d.
3DES
 b.
AES
 e.
MD5
 c.
HMAC
 

 19. 

Which two statements describe access attacks? (Choose two.)
 a.
To detect listening services,  port scanning attacks scan a range of TCP or UDP port numbers on a host.
 d.
Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot.
 b.
Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.
 e.
Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.
 c.
Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.
 

 20. 

Which two statements are characteristics of a virus? (Choose two.)
 a.
A virus provides the attacker with sensitive data, such as passwords.
 d.
A virus can be dormant and then activate at a specific time or date.
 b.
A virus typically requires end-user activation.
 e.
A virus has an enabling vulnerability, a propagation mechanism, and a payload.
 c.
A virus replicates itself by independently exploiting vulnerabilities in networks.
 

 21. 

What are three responsibilities of the transport layer? (Choose three.)
 a.
meeting the reliability requirements of applications, if any
 d.
directing packets towards the destination network
 b.
formatting data into a compatible form for receipt by the destination devices
 e.
multiplexing multiple communication streams from many users or applications on the same network
 c.
identifying the applications and services on the client and server that should handle transmitted data
 f.
conducting error detection of the contents in frames
 

 22. 

Which two net commands are associated with network resource sharing? (Choose two.)
 a.
net use
 d.
net accounts
 b.
net share
 e.
net start
 c.
net stop
 

 23. 

Which three are major categories of elements in a security operations center? (Choose three.)
 a.
database engine
 d.
people
 b.
Internet connection
 e.
data center
 c.
technologies
 f.
processes
 



 
         Start Over