Mock Practice : CCNA Cyber Ops - SECFND # 210-250

What are three similarities between IDS and IPS sensors? (Choose three.)

Options are :

  • Both use reflective ACLs to detect malicious network activity.
  • Both can verify that the rules of network protocols such as TCP/IP, UDP, and ICMP are properly followed. (Correct)
  • Both use signature files to determine whether suspicious activity is occurring. (Correct)
  • Both can block attacks that would normally pass through a traditional firewall device.
  • Both can analyze all traffic that controls Layer 2-to-Layer 3 mappings, such as ARP and DHCP. (Correct)

Answer : Both can verify that the rules of network protocols such as TCP/IP, UDP, and ICMP are properly followed. Both use signature files to determine whether suspicious activity is occurring. Both can analyze all traffic that controls Layer 2-to-Layer 3 mappings, such as ARP and DHCP.

Which three technologies typically send traffic using clear text? (Choose three.)

Options are :

  • FTP/TFTP (Correct)
  • SCP
  • SMTP (Correct)
  • SSH
  • SSL
  • Telnet (Correct)

Answer : FTP/TFTP SMTP Telnet

CCNA ICND1 Questions

Regarding outbound email security policies, which one of the following steps is omitted from the outbound mail pipeline, but is available in the inbound mail pipeline?

Options are :

  • reputation filters (Correct)
  • RSA DLP
  • advanced malware protection
  • anti-virus
  • anti-spam

Answer : reputation filters

An end user’s host becomes infected with a virus because the end user browsed to a malicious website. Which endpoint security technology can be used to best prevent such an incident?

Options are :

  • personal firewall
  • personal anti-virus
  • endpoint malware protection (Correct)
  • file sandboxing
  • file integrity checks

Answer : endpoint malware protection

During incident investigations, what does the AMP for endpoints device trajectory feature show?

Options are :

  • hosts that have seen the malicious file
  • the signature that triggered the malicious file alert
  • actions that have been performed on the victim’s host (Correct)
  • how the malware file was packed (compressed or encrypted)

Answer : actions that have been performed on the victim’s host

Certification : CCNA Cyber Ops - SECOPS # 210-255

Which two statements are true about packet captures and packet capturing utilities? (Choose two.)

Options are :

  • Packet captures can record transactions between specific hosts on a network and be played back later for deep packet analysis. (Correct)
  • Most packet capturing tools are cumbersome and difficult to configure.
  • Packet captures can provide information about hidden content that may be inside a packet. (Correct)
  • Because packet captures are relatively useless unless entire untruncated packets are captured, maximum packet length is not a configurable option in packet capture utilities.

Answer : Packet captures can record transactions between specific hosts on a network and be played back later for deep packet analysis. Packet captures can provide information about hidden content that may be inside a packet.

What are five pieces of information that an analyst can learn about an IP conversation from a NetFlow report? (Choose five.)

Options are :

  • source IP address (Correct)
  • amount of data passed (Correct)
  • user account
  • source port (Correct)
  • destination port (Correct)
  • device hostname
  • protocol (Correct)
  • active directory login time

Answer : source IP address amount of data passed source port destination port protocol

Which statement best describes malware reverse engineering?

Options are :

  • a method to understand how malware behaves (Correct)
  • a group of techniques that improve malware
  • a set of processes that seem backwards to most engineers, that measure the impact of a compromise
  • a suite of tools that are used to measure threat vectors and risk analysis

Answer : a method to understand how malware behaves

CCNA ICND1 Certification

Which data can be obtained using NetFlow?

Options are :

  • session data (Correct)
  • application logs
  • network downtime report
  • full packet capture

Answer : session data

Certification : CCNA Cyber Ops - SECOPS # 210-255

Which situation indicates application-level whitelisting?

Options are :

  • Allow everything and deny specific executable files.
  • Allow specific executable files and deny specific executable files.
  • Writing current application attacks on a whiteboard daily.
  • Allow specific files and deny everything else. (Correct)

Answer : Allow specific files and deny everything else.

Which definition of an antivirus program is true?

Options are :

  • program used to detect and remove unwanted malicious software from the system (Correct)
  • program that provides real-time analysis of security alerts generated by network hardware and applications
  • program that scans a running application for vulnerabilities
  • rules that allow network traffic to go in and out

Answer : program used to detect and remove unwanted malicious software from the system

Refer to the exhibit. During an analysis, this list of email attachments is found. Which files contain the same content?


Options are :

  • 1 and 4
  • 3 and 4
  • 1 and 3 (Correct)
  • 1 and 2

Answer : 1 and 3

CCNA ICND1 Practice

Which type of attack occurs when an attacker utilizes a botnet to reflect requests off an NTP server to overwhelm their target?

Options are :

  • main in the middle
  • denial of service
  • distributed denial of service (Correct)
  • replay

Answer : distributed denial of service

Which technology allows a large number of private IP addresses to be represented by a smaller number of public IP addresses?

Options are :

  • NAT (Correct)
  • NTP
  • RFC 1631
  • RFC 1918

Answer : NAT

Which NTP command configures the local device as an NTP reference clock source?

Options are :

  • ntp peer
  • ntp broadcast
  • ntp master (Correct)
  • ntp server

Answer : ntp master

Practice : CCNA Cyber Ops - SECOPS # 210-255

Which three options are types of Layer 2 network attack? (Choose three.)

Options are :

  • ARP attacks (Correct)
  • brute force attacks
  • spoofing attacks (Correct)
  • DDOS attacks
  • VLAN hopping (Correct)
  • botnet attacks

Answer : ARP attacks spoofing attacks VLAN hopping

If a router has four interfaces and each interface is connected to four switches, how many broadcast domains are present on the router?

Options are :

  • 1
  • 2
  • 4 (Correct)
  • 8

Answer : 4

Where does routing occur within the DoD TCP/IP reference model?

Options are :

  • application
  • internet (Correct)
  • network
  • transport

Answer : internet

Test : CCNA Cyber Ops - SECOPS # 210-255

What is PHI?

Options are :

  • Protected HIPAA information
  • Protected health information (Correct)
  • Personal health information
  • Personal human information

Answer : Protected health information

Which of the following are Cisco cloud security solutions? (Choose two.)

Options are :

  • CloudDLP
  • OpenDNS (Correct)
  • CloudLock (Correct)
  • CloudSLS

Answer : OpenDNS CloudLock

What is a trunk link used for?

Options are :

  • To pass multiple virtual LANs (Correct)
  • To connect more than two switches
  • To enable Spanning Tree Protocol
  • To encapsulate Layer 2 frames

Answer : To pass multiple virtual LANs

Mock : CCNA Cyber Ops - SECFND # 210-250

At which OSI layer does a router typically operate?

Options are :

  • Transport
  • Network (Correct)
  • Data link
  • Application

Answer : Network

Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke architecture. pxGrid is used to enable the sharing of contextual-based information from which devices?

Options are :

  • From a Cisco ASA to the Cisco OpenDNS service
  • From a Cisco ASA to the Cisco WSA
  • From a Cisco ASA to the Cisco FMC
  • From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA (Correct)

Answer : From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA

Which of the following are characteristics of hashing algorithms, for example, MD5 or SHA-1?

Options are :

  • One-way (nonreversible) operation
  • Variable-length input with fixed-length output
  • Collision resistance
  • All of these answers are correct. (Correct)

Answer : All of these answers are correct.

Certification : CCNA Cyber Ops - SECOPS # 210-255

When dealing with VPN tunnels, which of the following is used with IPsec to provide source authentication, confidentiality, and integrity?

Options are :

  • Encapsulating Security Payload (ESP) (Correct)
  • Authentication header (AH)
  • IPsec Internet Key Exchange (IKE)
  • MD5 or SHA

Answer : Encapsulating Security Payload (ESP)

Which algorithm offers a mechanism for key distribution but does not provide encryption or nonrepudiation?

Options are :

  • AH
  • 3DES
  • RSA
  • Diffie-Hellman (Correct)

Answer : Diffie-Hellman

What type of logs could possibly offer evidence that an attacker has been attempting to compromise the SQL Server database?

Options are :

  • Event logs (Correct)
  • SQL logs
  • Security logs
  • System logs

Answer : Event logs

Test : CCNA Cyber Ops - SECOPS # 210-255

What is a fork in the context of a Linux system?

Options are :

  • A fork represents a parent and child process running in separate memory spaces.
  • A fork represents the operation where a process makes a copy of itself (a parent creates a child). (Correct)
  • A fork allows a Linux system to run multithreaded programs.
  • A fork is not responsible to return a process ID or PID.

Answer : A fork represents the operation where a process makes a copy of itself (a parent creates a child).

Which of the following is an example of an endpoint sandboxing solution?

Options are :

  • Cisco Firepower
  • Google Chromium (Correct)
  • IIS Archiver
  • Avast Endpoint Protection

Answer : Google Chromium

Which of the following is an appropriate tool/protocol for encrypting email messages?

Options are :

  • MD5
  • IPSEC
  • PGP (Correct)
  • TLS

Answer : PGP

QA : CCNA Cyber Ops - SECOPS # 210-255

A user downloaded software from a potentially untrusted site. While trying to install the software, the antivirus software alerts the user that the file could be infected and carries a malware. What best describes the type of malware?

Options are :

  • Trojan (Correct)
  • Virus
  • Ransomware
  • Worm

Answer : Trojan

To prevent against a previously unknown attack, which endpoint security technique is the most likely to succeed?

Options are :

  • Updated antivirus
  • Host Intrusion Detection Systems (HIDS)
  • Malware scanner
  • Application whitelisting (Correct)

Answer : Application whitelisting

Which of the following are examples of packet analyzers? (Choose two.)

Options are :

  • Wireshark (Correct)
  • Metasploit
  • tcpdump (Correct)
  • Kaspersky

Answer : Wireshark tcpdump

Mock : CCNA Cyber Ops - SECOPS # 210-255

Which of the following mechanisms offers end-to-end encryption between two parties communicating over a potentially unsecure channel/medium without exposing original IP header information?

Options are :

  • IPsec transport mode
  • IPsec tunnel mode (Correct)
  • Secure Shell (SSH)
  • ACL based filtering

Answer : IPsec tunnel mode

Which Windows log captures and describes events like an OS shutdown/restart or a service being (re)started/stopped?

Options are :

  • Application log
  • System log (Correct)
  • IIS log
  • Security log

Answer : System log

An organization is in the process of conducting OS hardening. What should the engineer be looking at on a Linux or Unix system if she has to disable unnecessary network services or applications?

Options are :

  • Services
  • RPCs
  • PIDs
  • Daemons (Correct)

Answer : Daemons

Test : CCNA Cyber Ops - SECOPS # 210-255

What challenge is most common for endpoint security system deployments?

Options are :

  • Compromises
  • The volume of data (Correct)
  • Monitoring encrypted traffic on the network
  • Handling non-TCP protocols

Answer : The volume of data

Which of the following antivirus software programs are open source?

Options are :

  • ClamAV and Immunet (Correct)
  • F-Secure and AVG
  • Immunet and F-Secure
  • ClamAV and Kaspersky

Answer : ClamAV and Immunet

What are different types of sandboxing techniques?

Options are :

  • Application sandboxing
  • Malware sandboxing
  • System based sandboxing
  • All of these answers are correct. (Correct)

Answer : All of these answers are correct.

Mock : CCNA Cyber Ops - SECOPS # 210-255

Cisco LanscopeStealthwatch leverages NetFlow to identify unusual traffic. Which of the following NetFlow characteristics make it apt for use in a network with respect to security?

Options are :

  • NetFlow helps identify applications causing network congestion and diagnose slow performance. (Correct)
  • Using NetFlow the network administrators can verify that an application receives the appropriate amount of bandwidth based on its Class of Service (CoS).
  • NetFlow helps with billing and accounting of network traffic flows.
  • None of the answers is correct.

Answer : NetFlow helps identify applications causing network congestion and diagnose slow performance.

Which IOS command defines an NTP server?

Options are :

  • ipntp-server
  • ntp server (Correct)
  • ntp-server
  • ntp server location

Answer : ntp server

What are the some of the common logging destinations used by administrators on Cisco ASA?

Options are :

  • Syslog, Console, ASDM, Email, Buffered (Correct)
  • Console, Syslog, Firepower, SNTP
  • Syslog, Console, Buffered, Flash, TrustSec
  • RAM, Flash, Terminal, SDM, LDAP

Answer : Syslog, Console, ASDM, Email, Buffered

Certification : CCNA Cyber Ops - SECOPS # 210-255

Which of the following are the most common tools used for deploying DNS tunneling and can also be used to detect DNS tunneling? (Select two.)

Options are :

  • DNScapy
  • Heyoka
  • DNScat-P (Correct)
  • DNScat-B (Correct)

Answer : DNScat-P DNScat-B

Which one of the following protocols is susceptible to a SYN flood attack?

Options are :

  • UDP
  • ARP
  • TCP (Correct)
  • ICMP

Answer : TCP

Which one of the following flags does a host set in the TCP segment to gracefully terminate a TCP connection?

Options are :

  • END
  • STOP
  • TERM
  • FIN (Correct)

Answer : FIN

Certification : CCNA Cyber Ops - SECOPS # 210-255

Which one of the following options is most used by multilayer switches to allow for wire-speed switching?

Options are :

  • label switching
  • high-speed CPU and huge amount of memory
  • specialized ASIC hardware (Correct)
  • distributed switching using multiple MAC address table

Answer : specialized ASIC hardware

Which three of the following statements are true regarding ACLs? (Choose three.)

Options are :

  • ACLs provide packet filtering for routers and firewalls to protect network segments that require more security. (Correct)
  • ACLs are used to perform stateful packets inspections and filtering on routers and firewalls.
  • ACLs provide a basic level of security and control the packets that pass through the routers or firewalls, preventing them from getting to the different parts of the network. (Correct)
  • At a minimum, it is important to configure the ACLs on the network edge routers or firewalls. (Correct)
  • ACLs can be applied only at the inbound direction and not at the outbound direction.

Answer : ACLs provide packet filtering for routers and firewalls to protect network segments that require more security. ACLs provide a basic level of security and control the packets that pass through the routers or firewalls, preventing them from getting to the different parts of the network. At a minimum, it is important to configure the ACLs on the network edge routers or firewalls.

Which one of the following options is the implicit ACL entry that is at the end of the ACL?

Options are :

  • deny ip any any (Correct)
  • deny tcp any any
  • permit ip any any
  • permit tcp any any
  • There is no implicit ACL entry.

Answer : deny ip any any

QA : CCNA Cyber Ops - SECOPS # 210-255

Which one of the following options does the established keyword in an ACL entry indicate?

Options are :

  • The established keyword function has been deprecated and no longer serves as a functional configuration element.
  • Reply packets that belong to an established TCP connection will be permitted if the TCP packet has the ACK or RST bit set. (Correct)
  • Reply packets that belong to an established TCP connection will be permitted if the TCP packet has the SYN or FIN bit set.
  • The device interface will modify the source IP address to that of the interface that it enters through.

Answer : Reply packets that belong to an established TCP connection will be permitted if the TCP packet has the ACK or RST bit set.

What type of attack occurs when an attacker sends a flood of protocol request packets to various IP hosts and the attacker spoofs the source IP address of the packets, such that each packet has the IP address of the intended target rather than the IP address of the attacker as its source address?

Options are :

  • reflection attack (Correct)
  • amplification attack
  • MITM attack
  • Trojan virus ARP

Answer : reflection attack

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions