agencies are subject to regulatory compliance with respect to vulnerability assessments. What federal law requires the use of vulnerability scanning pertinent to federal government agencies?

Options are :

Answer : FISMA

CCNA Cyber Ops - SECFND # 210-250

What does an attacker modify to control process execution or possibly crash the process in the context of a buffer overflow attack?

Options are :

Answer : The target process's address space

NetFlow is used for which of the following purposes?

Options are :

Answer : To capture information on the types of traffic traversing the network

Which of the following are the most common tools used for deploying DNS tunneling and can also be used to detect DNS tunneling? (Choose two.)

Options are :

Answer : DNScat DNScat2

Test : CCNA Cyber Ops - SECOPS # 210-255

In today’s world, where information holds more value than anything else, many threat actors are at work to steal intellectual property from organizations and individuals. Which of the following are examples of intellectual property?

Options are :

Answer : All of these answers are correct.

An organization is investigating an occurrence of a possible breach signified by an IDS system. Pertinent to this specific occasion, which of the following terms best describes the occurrence of a false negative in context to the IDS system?

Options are :

Answer : An event

Incident response strategy involves creating risk assessment capabilities within the organization. Which step of the incident response process would encompass the aforementioned activity?

Options are :

Answer : Preparation phase

Certification : CCNA Cyber Ops - SECOPS # 210-255

Maintain and use a knowledge base of information and run packet sniffers to collect additional data are part of which incident response phase?

Options are :

Answer : Detection and analysis phase

An incident response process addresses a number of activities by going through a number of steps. Which of the following is the last step in an incident response process?

Options are :

Answer : Post-incident activity

Which NIST publication addresses the incident response process in line with statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347?

Options are :

Answer : 800-61

Test : CCNA Cyber Ops - SECOPS # 210-255

Predictive analysis can use which four of the following to make predictions about future attacks or events? (Choose four.)

Options are :

Answer : data mining log mining path analysis past and current events

Consider the following event that Bro generated. Which two of the options are true? (Choose two.)

host=127.0.0.1 program=bro_http class=BRO_HTTP srcip=10.10.6.10 srcport=12080 dstip=209.165.200.233 dstport=80 status_code=200 content_length=184401 method=GET site=www.services.public uri=/files/55nn-X_at_a_glance.pdf referer=http://www.services.public/files/index.php user_agent=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 mime_type=application/pdf

Options are :

Answer : This event is an example of transaction data. This event documents a client request for a file.

NetFlow records provide IP flow information which is based on the IP 5-tuple and can be considered which type of NSM data?

Options are :

Answer : session

Test : CCNA Cyber Ops - SECOPS # 210-255

Which node is responsible for conducting an intrusion in the diamond model?

Options are :

Answer : adversary

Regarding the diamond model, which tool or technique might the adversary use in an event?  

Options are :

Answer : capability

Which exploit kit component consists of code that gathers data about a victim’s computer and finds vulnerable applications?

Options are :

Answer : The exploit kit’s landing page.

Mock Practice : CCNA Cyber Ops - SECFND # 210-250

Which CVSS 3.0 metrics group contains metrics that enable an analyst to adjust the combined base-temporal score according to modifications that exist within the particular environment?

Options are :

Answer : environmental

Using environmental metrics, which three security requirement metric values allow the confidentiality score to be customized depending on the criticality of the affected IT asset? (Choose three.)

Options are :

Answer : low medium high

Malware often takes the form of binary files. Submitting the output of a sandbox detonation report as evidence, as opposed to submitting the binary malware file itself, is an example of which concept?

Options are :

Answer : best evidence

QA : CCNA Cyber Ops - SECOPS # 210-255

What are two types of Windows memory-based protection measures that can be deployed to combat the use of shellcode? (Choose two.)

Options are :

Answer : DEP ASLR

What two components are mandatory to implement using the network as a sensor to detect emerging threats? (Choose two.)

Options are :

Answer : NetFlow capable network devices that are deployed throughout the enterprise network. NetFlow analytics system

What important information does NetFlow provide to the analyst?

Options are :

Answer : Visibility into all the IP flows that can help identify anomalous traffic on the network.

Certification : CCNA Cyber Ops - SECOPS # 210-255

Which two statements are true regarding sandbox? (Choose two.)

Options are :

Answer : A sandbox allows the file to be executed in a controlled environment. Analysis on the sandbox is automated and generally has a very quick turnaround time.

With the China Chopper RAT, which protocol should the analyst monitors closely to detect the caidao.exe client communications with the compromised web server?

Options are :

Answer : HTTP or HTTPS

Recommended Readings

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now