Certification : CCNA Cyber Ops - SECFND # 210-250

A pen tester is using a sniffer to monitor traffic to and from a RADIUS server. What sort of traffic would the pen tester be able to see, and what protocol should the pen tester look for in the sniffer?

Options are :

  • Nothing, as all traffic is encrypted. RADIUS uses TCP protocol.
  • Nothing, as all traffic is encrypted. RADIUS uses UDP protocol.
  • Everything, as all traffic is unencrypted. RADIUS uses TCP protocol.
  • All traffic except for the passwords, which are encrypted by default. RADIUS uses UDP protocol. (Correct)

Answer : All traffic except for the passwords, which are encrypted by default. RADIUS uses UDP protocol.

What type of security controls are used to thwart possible threats and attacks, even before they can be realized by the perpetrator?

Options are :

  • Corrective
  • Deterrent (Correct)
  • Response
  • Recovery

Answer : Deterrent

What type of access control allows the owner of a file to grant other users access to it using an access control list?

Options are :

  • Role based
  • Nondiscretionary
  • Attribute based
  • Discretionary (Correct)

Answer : Discretionary

Which type of access control allows a many-to-many relationship and leverages mapping between a user and a subset of roles?

Options are :

  • Core RBAC (Correct)
  • MAC
  • DAC
  • ABAC

Answer : Core RBAC

What does the defense-in-depth approach signify?

Options are :

  • The defense-in-depth approach implies using onion network for maximum protection against unknown threats.
  • The defense-in-depth approach emphasizes that it is better to have a layered security approach than investing time and money into just one single point of control/security for your entire network. (Correct)
  • The defense-in-depth approach signifies that if one single point of security is misconfigured or fails to implement policy, the network is wide open to all the negative impact.
  • The defense-in-depth approach signifies the importance of using different routing AS to stop threats in isolated segments.

Answer : The defense-in-depth approach emphasizes that it is better to have a layered security approach than investing time and money into just one single point of control/security for your entire network.

What best describes the situation where there is a probability of adverse effects from an apparent threat?

Options are :

  • Threat vector
  • Risk (Correct)
  • Exposure
  • Exploit

Answer : Risk

To protect against tampering or making unauthorized changes to data, which of the following is helpful?

Options are :

  • Privacy
  • Integrity (Correct)
  • VPN
  • Business Continuity Plan

Answer : Integrity

Which of the following antivirus detection techniques looks for deviation from normal behavior of an application or service?

Options are :

  • Protocol analysis
  • Heuristic
  • Signature
  • Anomaly (Correct)

Answer : Anomaly

A low profile and nontechnical yet powerful process of information gathering pertaining to confidential information such as usernames/passwords, Social Security numbers, employee information, customer information, and so on is known as what?

Options are :

  • Dumpster diving (Correct)
  • Paper scavenging
  • Fiddling resources
  • Critical asset leakage

Answer : Dumpster diving

Who is ultimately responsible for the security of data?

Options are :

  • The data owner (Correct)
  • The data custodian
  • Chief Information Security Officer (CISO)
  • InfoSec auditor

Answer : The data owner

Which form of access control relies on labels for access control management?

Options are :

  • RBAC
  • DAC
  • MAC (Correct)
  • Core RBAC

Answer : MAC

What type of security controls are used to reduce risks pertinent to possible attacks from within and outside an organization?

Options are :

  • Corrective (Correct)
  • Deterrent
  • Response
  • Recovery

Answer : Corrective

What type of access control is being used in the following example?

User <level> A = <read/write/list/delete> access to file storage B

User 1 <Level 0>: Can read, write, list, delete the objects

User2 <Level 1>: Can read, write, list the objects

User 3 <Level 2>: Can read, list the objects 

User4 <Level 3>: Can only list the objects

Options are :

  • Resource-based access controls
  • Rule-based access controls (Correct)
  • Mandatory access controls
  • Checksum-based access controls

Answer : Rule-based access controls

An organization has deployed a new biometric system. In the words of the technician, the new biometric authentication system has been identified with a high FAR. What does this mean?

Options are :

  • The system is not accepting users who should have been rejected.
  • The system is accepting users who should have been rejected. (Correct)
  • The system is rejecting users who should have been accepted.
  • The system is behaving normally.

Answer : The system is accepting users who should have been rejected.

When data is sent from one host to another host, the sending host must package up the data. What is this packaging-up process called?

Options are :

  • packaging
  • encapsulation (Correct)
  • containerization
  • encoding

Answer : encapsulation

What is the maximum number of hosts that a network with a subnet mask of /26 can have?

Options are :

  • 54
  • 56
  • 62 (Correct)
  • 64

Answer : 62

If a switch receives a frame for an endpoint whose MAC address exists in the MAC address table, how does it process the traffic?

Options are :

  • It will forward the frame back out of the interface that it came in through.
  • It will drop the frame, as it does not know where to forward it.
  • It will be sent to all multicast listeners in hope of finding its destination host.
  • It will forward the frame out of the identified port in the table and filter transmission to all other ports. (Correct)

Answer : It will forward the frame out of the identified port in the table and filter transmission to all other ports.

Which one of the following best describes how VLANs improve network performance?

Options are :

  • VLANs separate a large broadcast domain into smaller broadcast domains. (Correct)
  • VLANs enable rate limiting of the broadcast traffic.
  • VLANs create one large virtual switch out of many physical switches.
  • VLANs place each switch port into its own collision domain.

Answer : VLANs separate a large broadcast domain into smaller broadcast domains.

Which one of the following statements best describes how 802.1q incorporates VLAN information onto an Ethernet frame?

Options are :

  • It uses a special EtherType to identify the Ethernet payload that contains the 802.1Q tag.
  • It inserts a 4-byte header after the source MAC address in the original Ethernet frame, which carries the VLAN information. (Correct)
  • The VLAN information is identified in the Ethernet header Type/Length field.
  • It encapsulates the entire Ethernet frame and adds a 4-byte header before the destination MAC address which carries the VLAN information.

Answer : It inserts a 4-byte header after the source MAC address in the original Ethernet frame, which carries the VLAN information.

When using the 802.1Q frame tagging protocol, how much additional overhead does the protocol add to the frame structure?

Options are :

  • 8 bytes
  • 4 bytes (Correct)
  • 2 bytes
  • 16 bytes
  • no impact to frame overhead

Answer : 4 bytes

What best describes an attack surface?

Options are :

  • a way to classify which tools were used in an attack
  • the sum of the different points ("attack vectors") in a given computing device or network that are accessible to an unauthorized user ("attacker") (Correct)
  • the people who are involved in protecting the network perimeter
  • only describes the data that is gathered about an attack

Answer : the sum of the different points ("attack vectors") in a given computing device or network that are accessible to an unauthorized user ("attacker")

What is an example of a reconnaissance attack tool that will cycle through all well-known ports to provide a complete list of all services that are running on the hosts?

Options are :

  • Netuse
  • ipconfig
  • NMAP (Correct)
  • show run

Answer : NMAP

What are two examples of a software vulnerability scan? (Choose two.)

Options are :

  • VmStat
  • Nessus (Correct)
  • fingerprint
  • open VAS (Correct)

Answer : Nessus open VAS

How many encryption key bits are needed to double the number of possible key values that are available with a 40-bit encryption key?

Options are :

  • 41 bits (Correct)
  • 80 bits
  • 120 bits
  • 160 bits

Answer : 41 bits

Which one of the following is the reason that asymmetric encryption is not used to perform bulk encryption?

Options are :

  • Asymmetric algorithms are substantially slower than symmetric algorithms. (Correct)
  • Asymmetric algorithms are easier to break than symmetric algorithms.
  • Symmetric algorithms can provide authentication and confidentiality.
  • Symmetric algorithms use a much larger key size.

Answer : Asymmetric algorithms are substantially slower than symmetric algorithms.

Which one of the following options was used by Diffie-Hellman to determine the strength of the key that is used in the key agreement process?

Options are :

  • DH prime number (p)
  • DH base generator (g)
  • DH group (Correct)
  • DH modulus

Answer : DH group

What type of information does CVSS provide for a vulnerability?

Options are :

  • risk transfer procedures
  • severity of the vulnerability (Correct)
  • suggestions for managing the vulnerability
  • risk mitigation

Answer : severity of the vulnerability

What type of access control model is based on an individual's roles and responsibilities within the organization?

Options are :

  • access control list
  • non-discretionary access control (Correct)
  • mandatory access control
  • discretionary access control

Answer : non-discretionary access control

What is an advantage to using HTTPS?

Options are :

  • Performance and data retrieval is faster.
  • Traffic is encrypted between the client and the server. (Correct)
  • HTTPS works with multiple websites.
  • Traffic cannot be inspected by firewall and IPS.

Answer : Traffic is encrypted between the client and the server.

PHP is an example of what type of scripting languages?

Options are :

  • server-side scripting (Correct)
  • client-side scripting
  • server and client-side scripting
  • HTML styling scripting
  • XML-based scripting

Answer : server-side scripting

What is a threat to the end user regarding web scripting?

Options are :

  • The user may be denied access to the web site.
  • The web script may deliver malware without the user’s knowledge. (Correct)
  • The web script provides dynamic content to the user’s browser.
  • Client-side scripting may not be permitted due to security policy.

Answer : The web script may deliver malware without the user’s knowledge.

What two describe how attackers obtain access to password hashes? (Choose two.)

Options are :

  • brute-force attack
  • phishing attack
  • memory that is left behind from active log-on sessions (Correct)
  • relevant authentication databases (Correct)

Answer : memory that is left behind from active log-on sessions relevant authentication databases

Which best describes how a DNS amplification and reflection attack is implemented?

Options are :

  • by predicting the next transaction ID used in DNS query and using that to construct a spoofed DNS message
  • by using multiple DNS open resolvers to send DNS response messages to the target device (Correct)
  • by falsifying and spoofing RR information on the DNS resolver
  • by depleting DNS resolver’s CPU, memory, and/or socket buffers

Answer : by using multiple DNS open resolvers to send DNS response messages to the target device

How does a network tap alter the data flow?

Options are :

  • A network tap installs a new header field into the Ethernet frame.
  • A network tap alters the Layer 3 TCP/IP headers and recalculates the CRC field.
  • A network tap does not alter the data flow. (Correct)
  • Using a data-mixing feature, the network tap combines two or more data flows for efficiency.
  • A network tap regenerates the captured packet, thus changing its digital signature.

Answer : A network tap does not alter the data flow.

What are two limitations to deploying a local SPAN to monitor traffic? (Choose two.)

Options are :

  • Local SPAN functionality varies depending on the platform and software revision that are used. (Correct)
  • Local SPAN can be configured, but dropped packets may occur when applying it to the destination interface.
  • Since local SPAN is run in software, it provides a cost-effective solution, compared to network taps.
  • The monitoring interface can become a bottleneck during periods of high use. (Correct)
  • Minimal filtering is possible by specifying the interface directionally or VLAN.

Answer : Local SPAN functionality varies depending on the platform and software revision that are used. The monitoring interface can become a bottleneck during periods of high use.

Which three of the following statements are benefits of RSPAN? (Choose three.)

Options are :

  • RSPAN uses existing hardware to provide a cost-effective monitoring solution. (Correct)
  • RSPAN eliminates the need for VLAN-capable devices between the source and destination to monitor traffic.
  • With RSPAN working at the IOS driver level, it bypasses any ACLs that are applied to the 802.1Q trunk.
  • RSPAN allows multiple sources for enterprise-wide port monitoring. (Correct)
  • RSPAN does not require the capture device to be directly connected. (Correct)

Answer : RSPAN uses existing hardware to provide a cost-effective monitoring solution. RSPAN allows multiple sources for enterprise-wide port monitoring. RSPAN does not require the capture device to be directly connected.

Which method is a permissive security control in which only specified applications can run on an end host, while all other applications are prevented?

Options are :

  • application blacklisting
  • application whitelisting (Correct)
  • application deep packets inspection
  • application recognition and detection

Answer : application whitelisting

When endpoint malware protection detects that an unknown file has been received on an endpoint, what does the malware protection do with the file?

Options are :

  • submits the file to the cloud for future analysis (Correct)
  • deletes the file
  • executes the file to determine if it is malicious or not
  • performs a file trajectory to determine which other systems have seen the same file

Answer : submits the file to the cloud for future analysis

What are two data items that an analyst can learn about a data exfiltration alarm by using Cisco Stealthwatch? (Choose two.)

Options are :

  • application or protocol that is used to transfer the data (Correct)
  • IP address to which data was sent (Correct)
  • names of files that were transferred
  • the signature that triggered the alarm

Answer : application or protocol that is used to transfer the data IP address to which data was sent

Which two statements are true about application logs? (Choose two.)

Options are :

  • On a Windows system, the Windows Registry is where most of the application logs are stored.
  • Application logs can provide analysts with detailed information about users’ application usage. (Correct)
  • Application logs only track the time and date an application was used.
  • Application logs can be correlated with other time synchronized logs in forensic analysis of an attack. (Correct)

Answer : Application logs can provide analysts with detailed information about users’ application usage. Application logs can be correlated with other time synchronized logs in forensic analysis of an attack.

What method can be used to reduce the complexity of SOC operations?

Options are :

  • run ad-hoc analysis
  • implement runbook automation (Correct)
  • implement a central point of log and event collection, such as a SIEM
  • use highly skilled security analysts to evaluate security events

Answer : implement runbook automation

Which security principle states that more than one person is required to perform a critical task?

Options are :

  • due diligence
  • separation of duties (Correct)
  • need to know
  • least privilege

Answer : separation of duties

Which definition of a daemon on Linux is true?

Options are :

  • error check right afterthe call to fork a process
  • new process created by duplicating the calling process
  • program that runs unobtrusively in the background (Correct)
  • set of basic CPU instructions

Answer : program that runs unobtrusively in the background

Which directory is commonly used on Linux systems to store log files, including syslog and apache access logs?

Options are :

  • /etc/log
  • /root/log
  • /lib/log
  • /var/log (Correct)

Answer : /var/log

A user reports difficulties accessing certain external web pages. When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible explanation of this situation?

Options are :

  • insufficient network resources
  • failure of full packet capture solution
  • misconfiguration of web filter
  • TCP injection (Correct)

Answer : TCP injection

Which security monitoring data type requires the most storage space?

Options are :

  • full packet capture (Correct)
  • transaction data
  • statistical data
  • session data

Answer : full packet capture

Which hash algorithm is the weakest?

Options are :

  • SHA-512
  • RSA 4096
  • SHA-1 (Correct)
  • SHA-256

Answer : SHA-1

Where is a host-based intrusion detection system located?

Options are :

  • on a particular end-point as an agent or a desktop application (Correct)
  • on a dedicated proxy server monitoring egress traffic
  • on a span switch port
  • on a tap switch port

Answer : on a particular end-point as an agent or a desktop application

Which definition of the IIS Log Parser tool is true?

Options are :

  • a logging module for IIS that allows you to log to a database
  • a data source control to connect to your data source
  • a powerful, versatile tool that makes it possible to run SQL-like queries against log files (Correct)
  • a powerful, versatile tool that verifies the integrity of the log files

Answer : a powerful, versatile tool that makes it possible to run SQL-like queries against log files

A firewall requires deep packet inspection to evaluate which layer?

Options are :

  • application (Correct)
  • internet
  • link
  • transport

Answer : application

Which definition of vulnerability is true?

Options are :

  • an exploitable, unpatched and unmitigated weakness in software (Correct)
  • an incompatible piece of software
  • software that does not have the most current patch applied
  • software that was not approved for installation

Answer : an exploitable, unpatched and unmitigated weakness in software

Which cryptographic key is contained in an X.509 certificate?

Options are :

  • symmetric
  • public (Correct)
  • private
  • asymmetric

Answer : public

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions