CCNA Cyber Ops - SECFND # 210-250

Which definition of a fork in Linux is true?

Options are :

  • Daemon to execute scheduled commands
  • Parent directory name of a file path name
  • Macros for manipulating CPU sets
  • New process created by a parent process (Correct)

Answer : New process created by a parent process

Which identifier is used to describe the application or process that submitted a log message?

Options are :

  • Action
  • Selector
  • Priority
  • Facility (Correct)

Answer : Facility

Which protocol is expected to have a user agent, host, and referrer header in a packet capture?

Options are :

  • NTP
  • HTTP (Correct)
  • DNS
  • SSH

Answer : HTTP

Which evasion method involves performing actions slower than normal to prevent detection?

Options are :

  • Traffic Fragmentation
  • Tunneling
  • Timing Attack (Correct)
  • Resource Exhaustion

Answer : Timing Attack

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IP phones?

Options are :

  • Replay
  • Man-In-The-Middle (Correct)
  • Dictionary
  • Known-Plaintext

Answer : Man-In-The-Middle

Which definition of permissions in Linux is true?

Options are :

  • Rules that allow network traffic to go in and out
  • Table maintenance program
  • Written affidavit that you have to sign before using the system
  • Attributes of ownership and control of an object (Correct)

Answer : Attributes of ownership and control of an object

Which definition describes the main purpose of a Security Information and Event Management solution?

Options are :

  • A database that collects and categorizes indicators of compromise to evaluate and search for potential security threats
  • A monitoring interface that manages firewall access control lists for duplicate firewall filtering
  • A relay server or device that collects then forwards event logs to another log collection device
  • A security product that collects, normalizes, and correlates event log data to provide holistic views of the security posture of an environment (Correct)

Answer : A security product that collects, normalizes, and correlates event log data to provide holistic views of the security posture of an environment

If a web server accepts input from the user and passes it to a bash shell, to which attack method if it vulnerable?

Options are :

  • Input Validation
  • Hash Collision
  • Command Injection (Correct)
  • Integer Overflow

Answer : Command Injection

Which security monitoring data type is associated with application server logs?

Options are :

  • Alert Data
  • Statistical Data
  • Session Data
  • Transaction Data (Correct)

Answer : Transaction Data

Which two terms are types of cross site scripting attacks? (Choose two.)

Options are :

  • Directed
  • Encoded
  • Stored (Correct)
  • Reflected (Correct)
  • cascaded

Answer : Stored Reflected

Which two actions are valid uses of public key infrastructure? (Choose two.)

Options are :

  • Ensuring the privacy of a certificate
  • Revoking the validation of a certificate (Correct)
  • Validating the authenticity of a certificate (Correct)
  • Creating duplicate copies of a certificate
  • Changing ownership of a certificate

Answer : Revoking the validation of a certificate Validating the authenticity of a certificate

Which definition of a process in Windows is true?

Options are :

  • Running Program (Correct)
  • Unit of execution that must be manually scheduled by the application
  • Database that stores low-level settings for the OS and for certain applications
  • Basic unit to which the operating system allocates processor time

Answer : Running Program

Which tool is commonly used by threat actors on a web page to take advantage of the software vulnerabilities of a system to spread malware?

Options are :

  • Exploit kit (Correct)
  • Root kit
  • Vulnerability kit
  • Script kiddie kit

Answer : Exploit kit

Which encryption algorithm is the strongest?

Options are :

  • AES (Correct)
  • CES
  • DES
  • 3DES

Answer : AES

In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance, like a firewall, before it could be built fully?

Options are :

  • ACK
  • SYN, ACK
  • RST (Correct)
  • PSH, ACK

Answer : RST

Which of the following are classless protocols? (Choose three)

Options are :

  • IGRP
  • EIGRP (Correct)
  • OSPF (Correct)
  • RIPv2 (Correct)

Answer : EIGRP OSPF RIPv2

An IPv6 address is comprised of how many bits?

Options are :

  • 16
  • 32
  • 64
  • 128 (Correct)

Answer : 128

How can it be ascertained that a route has been poisoned in the routing table?

Options are :

  • It has a metric of 0 assigned to it.
  • It has an infinite administrative distance assigned to it.
  • It has an administrative distance of 0 assigned to it.
  • It has an infinite metric assigned to it. (Correct)

Answer : It has an infinite metric assigned to it.

In the OSI model at which layer does compression, decompression, encryption, and decryption take place?

Options are :

  • Presentation (Correct)
  • Session
  • Application
  • Transport

Answer : Presentation

Cisco switches can incorporate VLAN traffic into a trunk using which of the following methods? (Select two)

Options are :

  • 802.1Q (Correct)
  • 802.1x
  • 802.11
  • ISL (Correct)

Answer : 802.1Q ISL

How many host addresses are there on each subnet for a Class B network with a subnet mask of 255.255.255.192?

Options are :

  • 30
  • 62 (Correct)
  • 126
  • 254

Answer : 62

Cisco offers a cloud-based service for IPS correlation. What is this service better known as?

Options are :

  • WSA
  • ESA
  • SIO (Correct)
  • ISO

Answer : SIO

Which of the following are the types of ACLs that Cisco ASA supports?

Options are :

  • Standard, extended, EtherType, and Webtype (Correct)
  • Standard, extended, time-bound, and Webtype
  • Standard, EtherType, time-Bound, and Webtype
  • Standard, extended, IPv6, EtherType, and cascading

Answer : Standard, extended, EtherType, and Webtype

MAC addresses are how many bits in length and are represented by what numbering format?

Options are :

  • 32, ASCII
  • 48, hexadecimal (Correct)
  • 64, ASCII
  • 48, binary

Answer : 48, hexadecimal

Segmentation, sequencing, and error checking all occur at what layer of the OSI model that is associated with SSL, TLS, and UDP?

Options are :

  • Transport layer (Correct)
  • Network layer
  • Session layer
  • Presentation layer

Answer : Transport layer

If the next hop specified is the IP address of a neighboring router, what is the (default) administrative distance of a static route?

Options are :

  • 0
  • 1 (Correct)
  • 10
  • Infinite

Answer : 1

What is the purpose of the Diffused Update Algorithm (DUAL) in the context of EIGRP?

Options are :

  • DUAL is used to avoid routing update collisions.
  • DUAL reduces the bandwidth consumed for sharing updates among EIGRP routers.
  • DUAL is used to calculate the best path to a destination and provides a mechanism to avoid loops. (Correct)
  • DUAL allows EIGRP to interoperate with non-IP protocols.

Answer : DUAL is used to calculate the best path to a destination and provides a mechanism to avoid loops.

During a security review of an organization’s network, the security assessor discovers that the network is suffering from broadcast storms. What basic network design principle can change this shortcoming?

Options are :

  • Disallow users to access the network segment experiencing broadcast storms.
  • Install a firewall at each host machine.
  • Segment the network into Virtual LANs (VLANs) based on functional requirements. (Correct)
  • Enable broadcast and loop detection.

Answer : Segment the network into Virtual LANs (VLANs) based on functional requirements.

Switches break up broadcast domains and help keep traffic collision free. What type of traffic is not flooded by a layer 2 switch?

Options are :

  • Unicast (known traffic) (Correct)
  • Unicast (unknown traffic)
  • Broadcast
  • Multicast

Answer : Unicast (known traffic)

The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?

Options are :

  • Layer 1
  • Layer 2 (Correct)
  • Layer 3
  • Layer 4

Answer : Layer 2

Cisco ASA supports which of the following VPN modes? (Choose Three)

Options are :

  • Site-to-site VPN tunneling (Correct)
  • Clientless SSL VPN (Correct)
  • AnyConnect SSL VPN (Correct)
  • DMVPN

Answer : Site-to-site VPN tunneling Clientless SSL VPN AnyConnect SSL VPN

All of the following are Cisco Intrusion Detection and Prevention services or platforms, except for which one?

Options are :

  • Cisco Identity Services Engine (ISE) (Correct)
  • Cisco Advanced Malware Protection (AMP)
  • Cisco FirePOWER
  • Cisco Security Intelligence Operations (SIO)

Answer : Cisco Identity Services Engine (ISE)

When a user opens a web browser to initiate an HTTP connection to the http://www.test.com web server, the first TCP packet that is sent to the web server will have which TCP flag set?

Options are :

  • RST
  • URG
  • PSH
  • ACK
  • SYN (Correct)

Answer : SYN

Which two of the following statements are true regarding the DHCP relay agent? (Choose two.)

Options are :

  • DHCP relay is required if the DHCP clients and the DHCP servers are located in the same broadcast domain.
  • The DHCP server uses the ciaddr IP address to select an IP address pool from which to assign the IP addresses to the DHCP client.
  • The primary function of a DHCP relay agent is to relay the DHCP messages from the local DHCP clients to the remote DHCP servers. (Correct)
  • DHCP discovery messages are broadcasted from the DHCP relay agent to the DHCP servers.
  • When the DHCP relay agent receives a broadcast packet from a connected client, it changes the giaddr field from zero to the relay agent IP address, and forwards the message to the DHCP server. (Correct)

Answer : The primary function of a DHCP relay agent is to relay the DHCP messages from the local DHCP clients to the remote DHCP servers. When the DHCP relay agent receives a broadcast packet from a connected client, it changes the giaddr field from zero to the relay agent IP address, and forwards the message to the DHCP server.

Which one of the following options best describes the role of the DHCP relay agent in a network infrastructure?

Options are :

  • acts as a "middle manâ€? to forward DHCP requests to a designated remote DHCP server (Correct)
  • provides an IP address from a local pool of addresses
  • adds the default gateway option to the DHCP reply
  • adds DHCP options, such as preferred TFTP server (option 150) or WLC (option 43)

Answer : acts as a "middle man� to forward DHCP requests to a designated remote DHCP server

When using DHCP with IP phones, what is option 150 used for?

Options are :

  • to identify the preferred name server
  • to supply the TFTP server IP address for image download (Correct)
  • to identify the default gateway
  • to assign a fallback IP address

Answer : to supply the TFTP server IP address for image download

Which two of the following statements are true regarding early TCP/IP development? (Choose two.)

Options are :

  • TCP/IP was the only network protocol suite available and was developed for internet work environments.
  • The focus was on solving the technical challenges of moving information quickly and reliably, not to secure it. (Correct)
  • The model was developed as a flexible, fault-tolerant set of protocols. (Correct)
  • The design and architecture of TCP/IP have not changed since its adoption in the early 1970s.

Answer : The focus was on solving the technical challenges of moving information quickly and reliably, not to secure it. The model was developed as a flexible, fault-tolerant set of protocols.

What type of IP attack occurs when an attacker inserts itself into a communication session and then takes over the session?

Options are :

  • MAC address flooding attack
  • session hijacking (Correct)
  • DHCP depletion attack
  • DoS attack

Answer : session hijacking

What two types of attacks are examples of ICMP DoS attacks? (Choose two.)

Options are :

  • smurf attack (Correct)
  • blooming onion attack
  • ping of death attack (Correct)
  • DHCP depletion attack

Answer : smurf attack ping of death attack

Which of the following two options are impacts of cryptography on security investigations? (Choose two.)

Options are :

  • All the employee's SSL/TLS outbound traffic should be decrypted and inspected since it requires minimal resources on the security appliance.
  • Cryptographic attacks can be used to find a weakness in the cryptographic algorithms. (Correct)
  • With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before. (Correct)
  • Encryption does not pose a threat to the ability of law enforcement authorities to gain access to information for investigating and prosecuting cybercriminal activities.

Answer : Cryptographic attacks can be used to find a weakness in the cryptographic algorithms. With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before.

Which one of the following methods allows you to verify entity authentication, data integrity, and authenticity of communications, without encrypting the actual data?

Options are :

  • Both parties calculate an authenticated MD5 hash value of the data accompanying the message—one party uses the private key, while the other party uses the public key.
  • Both parties to the communication use the same secret key to produce a message authentication code to accompany the message. (Correct)
  • Both parties calculate a CRC32 of the data before and after transmission of the message.
  • Both parties obfuscate the data with XOR and a known key before and after transmission of the message.

Answer : Both parties to the communication use the same secret key to produce a message authentication code to accompany the message.

Which one of the following options describes the concept of small changes in data causing a large change in the hash algorithm output?

Options are :

  • butterfly effect
  • Fibonacci effect
  • keyed effect
  • avalanche effect (Correct)

Answer : avalanche effect

Which activity can be used to ensure data confidentiality?

Options are :

  • provide authenticity of the data by digitally signing it
  • increase the data privacy by encrypting it (Correct)
  • use a two-factor authentication to authenticate the source of the data
  • back up the data to an offsite location

Answer : increase the data privacy by encrypting it

What is a countermeasure that an organization can employ to improve the confidentiality of data that is transmitted by users and devices?

Options are :

  • update network cable to use shielded twisted pair cable
  • increase password complexity rules
  • use encryption between sending and receiving parties (Correct)
  • make sure that operating systems have up-to-date software patches

Answer : use encryption between sending and receiving parties

Why are open DNS resolvers vulnerable to attacks?

Options are :

  • because they are typically running the BIND DNS software
  • because they are internal to an organization
  • because they are typically configured to only accept DNS queries from specific IP addresses
  • because they are exposed to the Internet (Correct)

Answer : because they are exposed to the Internet

What uses the most resources on the DNS resolver?

Options are :

  • non-recursive resolution
  • ARP resolution
  • recursive resolution (Correct)
  • non-authoritative resolution

Answer : recursive resolution

If you are hosting a web site and getting a dynamic IP address from your ISP, what do you need to use in order to map your dynamic IP address to your domain name?

Options are :

  • direct DNS
  • auto DNS
  • recursive DNS registry
  • dynamic DNS (Correct)

Answer : dynamic DNS

Which two determine the speed at which a password can be cracked using the brute-force method? (Choose two.)

Options are :

  • willingness of the victim to share personal information
  • the attacker’s computer speed (Correct)
  • the attacker’s list of the commonly used passwords
  • the length and complexity of the password (Correct)

Answer : the attacker’s computer speed the length and complexity of the password

Microsoft has operating systems that are targeted for which two kinds of devices? (Choose two.)

Options are :

  • servers (Correct)
  • network routers
  • network switches
  • personal printers
  • personal computers (Correct)

Answer : servers personal computers

Which Windows directory stores the 64-bit system DLL files?

Options are :

  • Program Files (x86)
  • Program Files
  • System
  • System32 (Correct)

Answer : System32

What command would you use to save a packet capture in PCAP format?

Options are :

  • tcpdump -s 0 -n >evidence.pcap
  • tcpdump -s 0 -n >>evidence.pcap
  • tcpdump -s 0 -n -w evidence.pcap (Correct)
  • tcpdump -s 0 -n --write evidence.pcap

Answer : tcpdump -s 0 -n -w evidence.pcap

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions