Mock Exam : CCNA Cyber Ops - SECFND # 210-250

What can be used to make a malicious file to appear to have 0 byte size in the dir command output?

Options are :

  • using AES to encrypt the file
  • using winzip to compress the file
  • using the Master File Table to alter the true file size
  • using NTFS Alternate Data Streams to attach the data to the file (Correct)

Answer : using NTFS Alternate Data Streams to attach the data to the file

CCNA ICND1 Certification Exam

Which file is an executable used to troubleshoot DNS issues?

Options are :

  • /etc/hosts
  • /usr/bin/nslookup (Correct)
  • /bin/resolve
  • /sys/domain/lookup

Answer : /usr/bin/nslookup

What input validation can a program perform to prevent buffer overflow attacks?

Options are :

  • Data input size matches what system has allocated. (Correct)
  • User has administrative rights to install programs.
  • whether the input was downloaded from the Internet
  • Data input is not from a command line argument.

Answer : Data input size matches what system has allocated.

What type of data can be learned about a server by performing a basic port scan on it with nmap?

Options are :

  • list of patches missing from applications
  • misconfiguratons of web applications allowing command injection
  • list of all open ports and services that are running (Correct)
  • list of all systems that the server is communicating with
  • list of users who are logged on to the server

Answer : list of all open ports and services that are running

Test : CCNA Cyber Ops - SECOPS # 210-255

What is the order in which reconnaissance scanning typically occurs? The correct choice also shows the order from least detail to most detail obtained for each system.

Options are :

  • DNS registry info, vulnerability scan, port scan, ping sweep
  • vulnerability scan, ping sweep, DNS registry info, port scan
  • DNS registry info, ping sweep, port scan, vulnerability scan (Correct)
  • ping sweep, port scan, vulnerability scan, DNS registry info

Answer : DNS registry info, ping sweep, port scan, vulnerability scan

What NGFW feature supports inspection of SSL-based traffic?

Options are :

  • user or user group policies
  • intelligent security automation, correlating different event data and payloads
  • ESP packet payload enforcement policies
  • SSL/TLS traffic flow analysis (Correct)
  • malware protection

Answer : SSL/TLS traffic flow analysis

The Cisco Web Security Appliance (Cisco WSA) can be both a physical and virtual instance. Which two of the following options are hypervisors that are currently supported in a virtual implementation of Cisco WSA? (Choose two.)

Options are :

  • Citrix XenServer
  • Oracle VM Server for x86
  • VMware ESXi (Correct)
  • Nutanix Acropolis
  • Kernel-Based Virtual Machine (Correct)

Answer : VMware ESXi Kernel-Based Virtual Machine

CCNA ICND1 Certification

The OSSEC tool is which type of security tool?

Options are :

  • NetFlow Collector
  • IPS
  • IDS
  • HIDS (Correct)
  • Firewall

Answer : HIDS

File integrity checking tools work by calculating hash values of important files, storing the hash values, and periodically comparing those hash values to hash values that it calculates later. If a file hash value comparison results in a mismatch, what does that indicate?

Options are :

  • It means nothing; it is a mismatch because the files hashes were compiled on different days.
  • It means that one file did not calculate correctly and need to be recalculated.
  • It indicates that the file has been changed in some way and there may be an issue to be resolved. (Correct)
  • It indicates that your organization has suffered a security breach and a full-scale investigation is needed as soon as possible.

Answer : It indicates that the file has been changed in some way and there may be an issue to be resolved.

What are two reasons that AAA server logs are useful in protecting the network and users? (Choose two.)

Options are :

  • Due to the nature of AAA logging, AAA server logs always indicate actual attack attempts.
  • Most AAA server log authentication failures, an excessive number of which may point the security analyst to a brute force attack. (Correct)
  • Authentication logs track the success and failure of legitimate users with a time stamp record. (Correct)
  • AAA server logs are very minimal and actually do not yield much information.

Answer : Most AAA server log authentication failures, an excessive number of which may point the security analyst to a brute force attack. Authentication logs track the success and failure of legitimate users with a time stamp record.

CCNA ICND1 Questions

Related to the chain of custody of forensic evidence, what two critical elements are required? (Choose two.)

Options are :

  • where the evidence was collected
  • the exact time that the evidence was collected (Correct)
  • a copy of the evidence in case the original is damaged during forensic analysis
  • investigators that rely on their own evidence documentation
  • who handled the evidence (Correct)

Answer : the exact time that the evidence was collected who handled the evidence

What are the advantages of a full-duplex transmission mode compared to half-duplex mode? (Choose two.)

Options are :

  • Each station can transmit and receive at the same time. (Correct)
  • It avoids collisions. (Correct)
  • It makes use of backoff time.
  • It uses a collision avoidance algorithm to transmit.

Answer : Each station can transmit and receive at the same time. It avoids collisions.

Stateful and traditional firewalls can analyze packets and judge them against a set of predetermined rules called access control lists (ACLs). They inspect which of the following elements within a packet? (Choose two.)

Options are :

  • Session headers
  • NetFlow flow information
  • Source and destination ports and source and destination IP addresses (Correct)
  • Protocol information (Correct)

Answer : Source and destination ports and source and destination IP addresses Protocol information

Mock Exam : CCNA Cyber Ops - SECFND # 210-250

In which case should an employee return his laptop to the organization?

Options are :

  • When moving to a different role
  • Upon termination of the employment
  • As described in the asset return policy (Correct)
  • When the laptop is end of lease

Answer : As described in the asset return policy

Which of the following are metrics that can measure the effectiveness of a runbook?

Options are :

  • Mean time to repair (MTTR)
  • Mean time between failures (MTBF)
  • Mean time to discover a security incident
  • All of the above (Correct)

Answer : All of the above

Which of the following access control models use security labels to make access decisions?

Options are :

  • Mandatory access control (MAC) (Correct)
  • Role-based access control (RBAC)
  • Identity-based access control (IBAC)
  • Discretionary access control (DAC)

Answer : Mandatory access control (MAC)

Certification : CCNA Cyber Ops - SECOPS # 210-255

Where are configuration records stored?

Options are :

  • In a CMDB (Correct)
  • In a MySQL DB
  • In a XLS file
  • There is no need to store them

Answer : In a CMDB

Which of the following is true about heuristic-based algorithms?

Options are :

  • Heuristic-based algorithms may require fine tuning to adapt to network traffic and minimize the possibility of false positives. (Correct)
  • Heuristic-based algorithms do not require fine tuning.
  • Heuristic-based algorithms support advanced malware protection.
  • Heuristic-based algorithms provide capabilities for the automation of IPS signature creation and tuning.

Answer : Heuristic-based algorithms may require fine tuning to adapt to network traffic and minimize the possibility of false positives.

How many broadcast domains are created if three hosts are connected to a Layer 2 switch in full-duplex mode?

Options are :

  • 4
  • 3
  • None
  • 1 (Correct)

Answer : 1

Certification : CCNA Cyber Ops - SECOPS # 210-255

What is one of the advantages of the mandatory access control (MAC) model?

Options are :

  • Stricter control over the information access. (Correct)
  • Easy and scalable.
  • The owner can decide whom to grant access to.
  • Complex to administer.

Answer : Stricter control over the information access.

According to the attribute-based access control (ABAC) model, what is the subject  location considered?

Options are :

  • Part of the environmental attributes (Correct)
  • Part of the object attributes
  • Part of the access control attributes
  • None of the above

Answer : Part of the environmental attributes

What type of algorithm uses the same key to encrypt and decrypt data?

Options are :

  • a symmetric algorithm (Correct)
  • an asymmetric algorithm
  • a Public Key infrastructure algorithm
  • an IP Security algorithm

Answer : a symmetric algorithm

Mock : CCNA Cyber Ops - SECOPS # 210-255

Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.)

Options are :

  • modifying packets
  • requesting connection blocking (Correct)
  • denying packets
  • resetting the TCP connection (Correct)
  • requesting host blocking (Correct)
  • denying frames

Answer : requesting connection blocking resetting the TCP connection requesting host blocking

Which Statement about personal firewalls is true?

Options are :

  • They are resilient against kernal attacks
  • They can protect email messages and private documents in a similar way to a VPN
  • They can protect the network against attacks
  • They can protect a system by denying probing requests (Correct)

Answer : They can protect a system by denying probing requests

Which three statements about host-based IPS are true? (Choose three.)

Options are :

  • It can view encrypted files (Correct)
  • It can be deployed at the perimeter
  • It uses signature-based policies
  • It can have more restrictive policies than network-based IPS (Correct)
  • It works with deployed firewalls
  • It can generate alerts based on behavior at the desktop level. (Correct)

Answer : It can view encrypted files It can have more restrictive policies than network-based IPS It can generate alerts based on behavior at the desktop level.

Mock : CCNA Cyber Ops - SECOPS # 210-255

An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity?

Options are :

  • The switch could offer fake DHCP addresses.
  • The switch could become the root bridge. (Correct)
  • The switch could be allowed to join the VTP domain
  • The switch could become a transparent bridge.

Answer : The switch could become the root bridge.

Which command produces the following output:

Router# address     ref clock    st  when  poll reach delay offset  disp

*~173.230.149.23 127.67.113.92  2   11   64   1 69.829 -1.822 187.53

 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

Options are :

  • show ntp associations (Correct)
  • show ntp
  • show ntp status
  • Inside dynamic NAT

Answer : show ntp associations

Cisco LancopeStealthwatch offers correlating and mapping of translated IP addresses, leveraging FlowCollector and drawing on data from NetFlow. What is this process known as?

Options are :

  • NAT mapping
  • NAT stitching (Correct)
  • Outside static NAT
  • Inside dynamic NAT

Answer : NAT stitching

Test : CCNA Cyber Ops - SECOPS # 210-255

What is a Tor exit node and how can the same be potentially abused?

Options are :

  • Tor exit nodes are where Tor traffic is encrypted before it hits the Internet. They can be potentially abused as they allow the Internet authorities to track the Tor users.
  • Tor exit nodes are points in the onion network where the traffic is send as Point-to-Point (P2P). They can be abused as users can see other users’ traffic flows.
  • Tor exit nodes are the gateways where Tor traffic leaves the onion network. These nodes can be abused by malicious users to monitor the traffic if the traffic is unencrypted. (Correct)
  • Tor exit nodes are the gateways where the traffic enters the onion network after exiting the user machine. The user can monitor the traffic entering the onion network from exit nodes.

Answer : Tor exit nodes are the gateways where Tor traffic leaves the onion network. These nodes can be abused by malicious users to monitor the traffic if the traffic is unencrypted.

During a security audit, the auditor executes the nslookup command on a Windows machine to check the IP address of a web server. The IP he gets in the response is not the IP that should be resolved by nslookup as per the organization’s inventory of IP records. What might be the cause behind the discrepancy?

Options are :

  • A DNS spoofing attack has been discovered. (Correct)
  • The auditor executed the wrong command as the command should be ping.
  • An ARP spoofing attack was in progress.
  • The nslookup service is corrupted on the Windows machine.

Answer : A DNS spoofing attack has been discovered.

Which statement is true about the characteristics of an amplification attack?

Options are :

  • An amplification attack is a form of smurf attack using ICMP messages.
  • An amplification attack is a coordinated and directed DDoS attack.
  • An amplification attack is a type of reflected attack in which the response traffic is made up of packets that are much larger than those initially sent by the attacker. (Correct)
  • An amplification attack is a type of reconnaissance attack where larger than usual packets are monitored by the attacker.

Answer : An amplification attack is a type of reflected attack in which the response traffic is made up of packets that are much larger than those initially sent by the attacker.

Certification : CCNA Cyber Ops - SECOPS # 210-255

While conducting a penetration test on a critical workload server, the penetration tester (also known as pen tester) retrieves a file containing hashed passwords. What type of attack is a hashed file susceptible to?

Options are :

  • Rainbow table attack (Correct)
  • MD5Sum attack
  • Brute force attack
  • Salt retrieval attack

Answer : Rainbow table attack

An attacker can manipulate a web page form by entering malicious code to exploit a flaw in the coding or validating process. What is such an attack known as?

Options are :

  • SQL manipulation
  • SQL fiddling
  • SQL injection (Correct)
  • SQL hijack

Answer : SQL injection

While most attacks on information systems are technical, some attacks take advantage of human nature. These attacks allow the attacker to gain access to objects and information that should otherwise be disallowed. What is the type of attack being discussed?

Options are :

  • Biometric
  • False-positive
  • Perimeter breach
  • Social engineering (Correct)

Answer : Social engineering

Test : CCNA Cyber Ops - SECOPS # 210-255

What type of attack encompasses an attacker falsifying the source address (of an IP packet or a frame)?

Options are :

  • Spoofing attack (Correct)
  • Reconnaissance attack
  • Social engineering attack
  • Denial-of-Service (Dos) or a Distributed-Denial-of-Service (DDoS) attack

Answer : Spoofing attack

Which of the following is not a type of attack used against access controls?

Options are :

  • Dictionary
  • Brute force
  • Denial of Service (Correct)
  • Man-in-the-middle

Answer : Denial of Service

What type of attack causes a service to fail by exhausting all of a system’s resources?

Options are :

  • Worm attack
  • Denial of Service (DoS) attack (Correct)
  • Virus attack
  • Adware attack

Answer : Denial of Service (DoS) attack

CCNA ICND1 Certification Exam

What is onion routing?

Options are :

  • It’s another term for layered routing.
  • Onion routing is often used in Cisco IOS products to respond to routing loops.
  • Onion routing is used in onion networks (anonymous networks) where the information of sender and receiver is kept confidential. (Correct)
  • Onion routing is used in community clouds for chefs and cooks.

Answer : Onion routing is used in onion networks (anonymous networks) where the information of sender and receiver is kept confidential.

Which of the following statements is true of NetFlow?

Options are :

  • NetFlow gives an insight to the device configuration changes.
  • NetFlow gives an insight to logs and alerts from devices.
  • NetFlow gives an insight to the security updates applied on end-user devices and network servers.
  • NetFlow gives an insight to the types of traffic flows in the network. (Correct)

Answer : NetFlow gives an insight to the types of traffic flows in the network.

Which of the following are forms of social engineering? (Choose two.)

Options are :

  • ARP poisoning
  • Phishing (Correct)
  • Man-in-the-middle (MITM)
  • Tailgating (Correct)

Answer : Phishing Tailgating

Certification : CCNA Cyber Ops - SECOPS # 210-255

An organization is conducting a penetration test. The pen tester discovers a vulnerability related to dynamically generated web pages whereby an attacker can induce a malicious browser-side script while hiding the code in legitimate requests. What type of attack can be launched using this vulnerability?

Options are :

  • SQL injection
  • Java buffer overflow
  • Cross-site scripting (Correct)
  • IIS overflow

Answer : Cross-site scripting

What type of attack is most likely to transpire after an effective ARP spoofing attempt?

Options are :

  • DoS attack
  • Trojan
  • Replay attack
  • Man-in-the-middle attack (Correct)

Answer : Man-in-the-middle attack

In organization ABC, the VP of sales receives an email from a VP of XYZ. The email states that the VP of ABC should provide certain details and fill out an online form to proceed with an ongoing deal. After clicking on the provided link, the VP fills in his credentials to access the form; however, after filling out the form, he gets no response from the website. In the context of this scenario what attack was executed?

Options are :

  • Phishing
  • Malware piggybacking
  • Spear phishing (Correct)
  • Vishing

Answer : Spear phishing

Test : CCNA Cyber Ops - SECOPS # 210-255

Which of the following is not a direct threat to access control mechanisms?

Options are :

  • Cross-site scripting
  • Phishing (Correct)
  • Dictionary attacks
  • Man-in-the-middle attacks

Answer : Phishing

Which of the following correctly describes a session hijack attack?

Options are :

  • The attacker waits until his victim establishes a connection to the organization’s web server and then executes a program that allows him to take control of the established session. (Correct)
  • The attacker keeps a duplicate session in progress while his victim establishes a connection to the organization’s web server and then executes a program that allows him to merge the existing session with the user session.
  • The attacker eavesdrops into an existing session that his victim has established to the organization’s web server and then executes a program that allows him to duplicate the established session.
  • The attacker injects a code into an existing session that his victim has established to the organization’s web server and replays the session to his machine.

Answer : The attacker waits until his victim establishes a connection to the organization’s web server and then executes a program that allows him to take control of the established session.

Which of the following are considered DDoS attack methods?

Options are :

  • Directed
  • Reflected
  • Amplified
  • All of these answers are correct. (Correct)

Answer : All of these answers are correct.

CCNA ICND1 Test

Which of the following statements correctly describe a pivoting attack?

Options are :

  • A pivoting attack encompasses breaking through external defenses such as firewall and IDS.
  • A pivoting attack involves privilege escalation and subsequently attacking other systems on the same network. (Correct)
  • A pivoting attack relies on worms and viruses to corrupt the information at rest.
  • A pivoting attack is a result of a Denial of Service (DoS) attempt.

Answer : A pivoting attack involves privilege escalation and subsequently attacking other systems on the same network.

What is true about traffic fragmentation attacks?

Options are :

  • Traffic fragmentation attacks modify the TCP/IP traffic in a way that is unexpected by security detection devices; the goal is to confuse the detection functions. (Correct)
  • Traffic fragmentation attacks modify the TCP/IP traffic in a way that is expected by security detection devices; the goal is to diffuse the detection functions.
  • Traffic fragmentation attacks modify the UDP traffic in a way that is unexpected by security detection devices; the goal is to diffuse the detection functions.
  • Traffic fragmentation attacks modify the UDP traffic in a way that is unexpected by security detection devices; the goal is to confuse the detection functions.

Answer : Traffic fragmentation attacks modify the TCP/IP traffic in a way that is unexpected by security detection devices; the goal is to confuse the detection functions.

Which one of the following protocols is used to automatically assign IP addresses and set TCP/IP stack configuration parameters?

Options are :

  • DNS
  • TFTP
  • DHCP (Correct)
  • RARP

Answer : DHCP

Certification : CCNA Cyber Ops - SECOPS # 210-255

Which one of the following tools should you use for packet capture and analysis?

Options are :

  • ping
  • traceroute
  • netstat
  • nmap
  • tcpdump (Correct)

Answer : tcpdump

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions