CCNA Cyber Ops Version 11 Chapter 1 Exam Answers Full
CCNA Cyber Ops Version 11 Chapter 1 Exam Answers Full
How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the
question to find that question/answer.
NOTE: If you have the new question on this test, please comment Question and
Multiple-Choice list in form below this article. We will update answers for you in
the shortest time. Thank you! We truly value your contribution to the website.
A type of virus
A type of logic bomb
A type of ransomware *
A type of worm
C. Ransomware commonly encrypts data on a computer and makes the data unavailable
until the computer user pays a specific sum of money
2. What is cyberwarfare?
1/8
A. A security information and event management system (SIEM) combines data from
multiple sources to help SOC personnel collect and filter data, detect and classify threats,
analyze and investigate threats, and manage resources to implement preventive
measures.
Proxy service
User authentication
Threat intelligence *
Security monitoring *
Intrusion prevention
Event collection, correlation, and analysis *
5. What name is given to hackers who hack for a political or social cause?
White hat
Hacker
Hacktivist *
Blue hat
C. The term is used to describe gray hat hackers who rally and protect for a cause.
(ISC)2 *
IEEE
GIAC
CompTIA
2/8
7. After a security incident is verified in a SOC, an incident responder reviewsthe
incident but cannot identify the source of the incident and form an effective
mitigation procedure. To whom should the incident ticket be escalated?
Tier 1 personnel *
Tier 2 personnel
Tier 3 personnel
SOC managers
A. In a typical SOC, the Tier 1 personnel are called alert analysts, also known as
cyberoperations analysts.
10. What is a potential risk when using a free and open wireless hotspot in a public
location?
Too many users trying to connect to the Internet may cause a network traffic jam.
The Internet connection can become too slow when many users access the
wireless hotspot.
Network traffic might be hijacked and information stolen.
Purchase of products from vendors might be required in exchange for the Internet
access.
11. How does a security information and event management system (SIEM) in a
SOC help the personnel fight against security threats?
3/8
by integrating all security devices and appliances in an organization
by analyzing logging data in real time
by combining data from multiple technologies
by dynamically implementing firewall rules
A security information and event management system (SIEM) combines data from
multiple sources to help SOC personnel collect and filter data, detect and classify threats,
analyze and investigate threats, and manage resources to implement preventive
measures.
Each type of cybercriminal has a distinct motivation for his or her actions.
13. If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year
would be considered within its goal?
Within a year, there are 365 days x 24 hours a day x 60 minutes per hour = 525,600
minutes. With the goal of uptime 99.999% of time, the downtime needs to be controlled
under 525,600 x (1-0.99999) = 5.256 minutes a year.
14. Why do IoT devices pose a greater risk than other computing devices on a
network?
Most IoT devices do not require an Internet connection and are unable to receive
new updates.
IoT devices cannot function on an isolated network with only an Internet
connection.
Most IoT devices do not receive frequent firmware updates.
IoT devices require unencrypted wireless connections.
IoT devices commonly operate using their original firmware and do not receive updates
as frequently as laptops, desktops, and mobile platforms.
15. Which two services are provided by security operations centers? (Choose two.)
Security operations centers (SOCs) can provide a broad range of services to defend
against threats to information systems of an organization. These services include
monitoring threats to network security and managing comprehensive solutions to fight
against threats. Ensuring secure routing exchanges and providing secure Internet
connections are tasks typically performed by a network operations center (NOC).
Responding to facility break-ins is typically the function and responsibility of the local
police department.
16. Users report that a database file on the main server cannot be accessed. A
database administrator verifies the issue and notices that the database file is now
encrypted. The organization receives a threatening email demanding payment for
the decryption of the database file. What type of attack has the organization
experienced?
man-in-the-middle attack
DoS attack
ransomware
Trojan horse
IEEE
CompTIA
(ISC)²
GIAC
DDoS
SQL injection
PSYOPS
Stuxnet
19. Which three technologies should be included in a SOC security information and
event management system? (Choose three.)
5/8
firewall appliance
security monitoring
log management
intrusion prevention
proxy service
threat intelligence
20. Which personnel in a SOC is assigned the task of verifying whether an alert
triggered by monitoring software represents a true security incident?
SOC Manager
Tier 2 personnel
Tier 3 personnel
Tier 1 personnel
In a SOC, the job of a Tier 1 Alert Analyst includes monitoring incoming alerts and
verifying that a true security incident has occurred.
Cyberwarfare is Internet-based conflict that involves the penetration of the networks and
computer systems of other nations. Organized hackers are typically involved in such an
attack.
22. in the operation of a SOC, which system is frequently used to let an analyst
select alerts from a pool to investigate?
syslog server
registration system
6/8
ticketing system
security alert knowledge-based system
In a SOC, a ticketing system is typically used for a work flow management system.
red hat
script kiddie
black hat
blue team
24. Which personnel in a SOC are assigned the task of hunting for potential threats
and implementing threat detection tools?
Tier 1 Analyst
SOC Manager
Tier 2 Incident Reporter
Tier 3 SME
In a SOC, Tier 3 SMEs have expert-level skills in network, endpoint, threat intelligence,
and malware reverse engineering (RE). They are deeply involved in hunting for potential
security threats and implementing threat detection tools.
Answer:
7/8
Download PDF File below:
like
tweet
share
follow us
error
share
or wait 0s
8/8