Cisco CyberOps Associate Study Questions Flashcards by Barbara Golson

What does it mean when access to a resource is granted with discretionary control?
A. Access can be configured only by an administrator.
B. Access can be granted only by the owner of the resource.
C. Access is granted to all users.
D. Access is read-only for everyone.

How well did you know this?

Not at all

Perfectly

In the field of information security, the CIA of data is a crucial point of concern. What does CIA refer to?
A. The data’s Confidentiality, Integrity, and Availability.
B. The data’s Confidentiality, Identity, and Availability.
C. The data’s Confidentiality, Integrity, and Authorization.
D. The data’s Confidentiality, Identity, and Authorization.

How well did you know this?

Not at all

Perfectly

Which of the following refers to disassembling an object to understand how it works and study its structure and behavior?
A. Threat actor
B. Threat hunting
C. Reverse engineering
D. Malware analysis

How well did you know this?

Not at all

Perfectly

Which of the following represents the use of a vulnerability to breach a system?
A. Exploit
B. Threat
C. Zero trust
D. Vulnerability

How well did you know this?

Not at all

Perfectly

Which cryptographic key is used by an X.509 certificate?
A. Asymmetric
B. Public
C. Private
D. Asymmetric

How well did you know this?

Not at all

Perfectly

Which of the following describes the advantages of application visibility and control?
A. Applications and traffic in the network are controlled to protect assets against attacks and manage bandwidth.
B. All documents are encrypted with a private key.
C. Establishes a platform to test environments for unknown threats.
D. Provides a database that stores low-level settings for the operating system.

How well did you know this?

Not at all

Perfectly

Which of the following is a code injection technique that launches malicious statements via input fields?
A. DDoS
B. SQLi
C. Brute-force
D. SSRF

How well did you know this?

Not at all

Perfectly

Which type of attack can a traditional firewall protect a system against?
A. Dumpster diving
B. Denial-of-Service (DoS)
C. Phishing
D. Shoulder surfing

How well did you know this?

Not at all

Perfectly

Which of the following definitions of the Windows registry is correct?
A. A set of pages that currently reside in physical memory.
B. A basic unit to which the operating system allocates processor time.
C. A set of virtual memory addresses.
D. A database that stores low-level settings for the operating system.

How well did you know this?

Not at all

Perfectly

Which of the following best describes the IIS Log Parser tool?
A. A dynamic tool that allows execution of SQL-like queries for log files.
B. A tool used to control data sources, such as databases.
C. A tool that monitors the availability of log files.
D. A tool used for remote database connection

How well did you know this?

Not at all

Perfectly

Which of the following terms applies to evidence that supports existing theories derived from an original piece of evidence?
A. Corroborative
B. Probabilistic
C. Accurate
D. Indirect

How well did you know this?

Not at all

Perfectly

Which directory is commonly used in Linux systems to store log files, including syslog and Apache access logs?
A. /etc/log
B. /root/log
C. /lib/log
D. /var/log

How well did you know this?

Not at all

Perfectly

Which of the following terms refers to a case in which an IDS fails to identify an actual attack?
A. True positive
B. False negative
C. True negative
D. False positive

How well did you know this?

Not at all

Perfectly

Which of the following refers to improving data integrity by removing IPS events?
A. Digital signing
B. Operational cleaning
C. Data normalization
D. Integrity validation

How well did you know this?

Not at all

Perfectly

John sent an HTTP GET request to get a file from the web server. Which event artifact will identify the request?
A. URI
B. HTTPS
C. Destination MAC address
D. Source IP address

How well did you know this?

Not at all

Perfectly

Which of the following is the maximum size of an IPv4 header?
A. 32 bytes
B. 60 bytes
C. 64 bytes
D. 20 bytes

How well did you know this?

Not at all

Perfectly

Which of the following relate to the preparation phase? (choose more than one)
A. Smartphones available for emergency communication
B. Communication and coordination mechanisms that serve as backups in case of a failure.
C. Secure storage facilities
D. None of the above

How well did you know this?

Not at all

Perfectly

What is adjusting security according to threats from a hacktivist group known as in NIST SP800- 61 r2?
A. Adjustment
B. Preparation
C. Precursor
D. Instigator

How well did you know this?

Not at all

Perfectly

When an instruction is issued stating that more than one person must perform a critical task, which principle is being followed?
A. There is no such particular principle
B. Separation of duties
C. Due diligence
D. Free action

How well did you know this?

Not at all

Perfectly

Which property of information security does encryption support?
A. Integrity
B. Availability
C. Confidentiality
D. Sustainability

How well did you know this?

Not at all

Perfectly

One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?
A. Confidentiality, integrity, and availability
B. Confidentiality, identity, and availability
C. Confidentiality, integrity, and authorization
D. Confidentiality, identity, and authorization

How well did you know this?

Not at all

Perfectly

According to RFC 1035, which transport protocol is recommended for use with DNS queries?
A. Transmission Control Protocol
B. Reliable Data Protocol
C. Hypertext Transfer Protocol
D. User Datagram Protocol

How well did you know this?

Not at all

Perfectly

Which term represents the chronological record of how evidence was collected, analyzed, preserved, and transferred?
A. Chain of evidence
B. Evidence chronology
C. Chain of custody
D. Record of safekeeping

How well did you know this?

Not at all

Perfectly

In computer security, what information does PHI describe?
A. Private host information
B. Protected health information
C. Personal health information
D. Protected host information

How well did you know this?

Not at all

Perfectly

Which protocol maps IP network addresses to MAC hardware addresses so that IP packets can be sent across networks? A. Internet Control Message Protocol B. Address Resolution Protocol C. Session Initiation Protocol D. Transmission Control Protocol/Internet Protocol

Which term represents a weakness in a system that could lead to a system comprise? A. Vulnerability B. Threat C. Exploit D. Risk

Which two tasks can be performed by analyzing the logs of a traditional stateful firewall? (Choose two) A. Confirm the timing of network connections differentiated by the TCP 5-tuple. B. Audit applications used on a social networking website. C. Determine user IDs involved in an instant message exchange. D. Map internal private IP addresses to dynamically translated external public IP addresses. E. Identify a malware variant carried over an SMTP connection

Based on which statement does the discretionary access control security model grant or restrict access? A. Discretion of the system administrator B. Security policy defined by the owner of an object C. Security policy defined by the system administrator D. Role of a user within an organization

Which security monitoring data type is associated with application server logs? A. Alert data B. Statistical data C. Session data D. Transaction data

Which activity may be an example of social engineering? A. Receiving a call from the IT department asking you to verify your username/password to maintain your account. B. Receiving an invitation to your department's weekly WebEx meeting. C. Sending a verbal request to an administrator to change the password of an account the administrator recognizes. D. Receiving an email from MR requesting that you visit the secure HR website and update your contract information

Which of the following describes the Zero Trust model? A. A unique trust model that establishes an encrypted connection between devices in a private network. B. A model designed to protect systems by requiring authentication for any device or person trying to access the network. C. A model that creates a blacklist that includes all devices that are not allowed to access resources. D. None of the above

Which of the following is not related to SIEM system activity? A. Monitoring B. Service privileges C. Incident response and log auditing D. Total traffic encryption

In security terms, which of the following describes the principle of least privilege (POLP)? A. Maintains regular network traffic to avoid overloads B. Enterprise data management system C. Restricts user permissions to the minimum required for their work. D. Keeps computing systems up-to-date to improve protection

Which of the following is the correct definition of threat actors in cybersecurity? A. A person or group of people trying to perform malicious acts against organizations, whether unintentionally or intentionally B. A very strong hacking tool that helps commit malicious acts against organizations C. Any malicious activity that occurs on mobile devices D. Offensive security professionals who are experts in attacking systems and breaking through defenses.

Which of the following describes the run book automation (RBA)? A. A system designed to enrich the IT department's knowledge of innovations in the field B. External hardware designed to protect enterprise computing systems by alerting the IT department about changes. C. Maps internal private IP addresses to dynamically translated external public IP addresses. D. A technology used to automate IT operations management

Which of the following describes the Threat Intelligence Platform (TIP)? A. A platform that provides testing environments for unknown threats. B. Hardware that is installed on enterprise computers to provide updates about security threats C. A platform that gathers raw data to produce useable information for automated security control systems D. A unique trust platform that creates an encrypted connection between devices in a private network

Which of the following describes SOAR? A. Helps improve enterprise networking processes by speeding up network traffic B. Collects data on security threats from a variety of sources and responds to security incidents without human assistance. C. Collects data about user activity in the organization and provides remote help for errors D. A cybersecurity teamwork method for responding to events

Which of the following represents the use of a vulnerability in a system that can help hackers breach a system? A. Exploit B. Threat C. Zero Trust D. Vulnerability

Which of the following describes Defense in Depth (DiD)? A. Certification valued by cybersecurity professionals B. Software designed to help a cybersecurity department receive updates on the organization's security systems C. A platform that provides testing environments for unknown threats D. A series of layered protection mechanisms used to protect important data and information

Which of the following represents an access control model that enable users to perform activities based on the permissions assigned to their roles? A. Nondiscretionary access control B. Role-based access control C. Time-based access control D. Rule-based access control

Which of the following describes a type of security access control that grants or restricts object access via policies determined by the object's owner? A. Rule-based access control B. Nondiscretionary access control C. Discretionary access control D. Mandatory access control

For which of the following access control models is the main purpose preserving the confidentiality of data? A. Mandatory access control B. Role-based access control C. Nondiscretionary access control D. Time-based access control

Which of the following refers to disassembling an object to see how it works and study its structure and behavior? A. Threat actor B. Threat hunting C. Reverse engineering

Stateful and traditional firewalls can analyze packets and judge them against a set of predetermined rules called access control lists (ACLs). Which of the following elements do they inspect within a packet? A. Session headers B. NetFlow flow information C. Source and destination ports and IP addresses D. Protocol information

Which of the following are Layer 2 network attacks? (choose 3) A. ARP attack B. Brute-force attack C. Spoofing attack D. DDoS attack E. VLAN hopping F. Botnet attack

Which definition of Windows Registry is correct? A. A set of pages that currently reside in physical memory B. A basic unit to which the operating system allocates processor time C. A set of virtual memory addresses D. A database that stores low-level settings for the operating system

While viewing packet capture data, you notice that an IP is sending and receiving traffic for multiple devices by modifying the IP header. Which of the following make this behavior possible? A. TOR B. NAT C. Encapsulation D. Tunneling

Which is the correct definition of an antivirus program? A. Program used to detect and remove unwanted malicious software from the system B. A program that provides real-time analysis of security alerts generated by network hardware and applications C. A program that scans a running application for vulnerabilities D. Rules that allow network traffic to pass in and out

Which type of attack occurs when a botnet is used to transmit requests from a NTP server to overwhelm the target? A. Man-in-the-Middle B. Denial-of-Service C. Distributed denial-of-service D. Replay

In NetFlow records, which flags indicate that an HTTP connection was stopped by a security appliance, such as a firewall, before it could be fully established? A. ACK B. SYN ACK C. RST D. PSH, ACK

Which of the following terms represent types of cross-site scripting attacks? (choose two) A. Directed B. Encoded C. Stored D. Reflected E. Cascaded

f a router has four interfaces and each interface is connected to four switches, how many broadcast domains are present on the router? A. 1 B. 2 C. 4 D. 8

Which cryptographic key is contained in an X.509 certificate? A. Symmetric B. Public C. Private D. Asymmetric

Which of the following is the correct definition of TCPdump? A. A program used for sniffing and filtering network traffic B. A program used to detect and remove unwanted malicious software from the system C. A program used to ensure the privacy of a certificate D. Technology used to automate IT operation management

Which of the following does NetFlow use to determine if traffic belongs to the same flow? (select three) A. Port numbers B. MAC address C. IP address D. Interface name E. L3 protocol type

Which of the following is an advantage of NGFW over a firewall? A. Dynamic packet filtering B. Filtering packets based on applications C. Static packet filtering D. VPN support

Which type of attack can a traditional firewall protect a system against? A. Dumpster diving B. Denial-of-Service (DoS) C. Phishing D. Shoulder surfing

Which of the following describes the advantages of application visibility and control? A. Applications and traffic in the network are controlled to protect assets against attacks and manage bandwidth B. All documents are encrypted with a private key D. Provides a database that stores low-level settings for the operating system

Which of the following refers to data that web content filtering provides? A. Information about the volume of computer storage usage B. Data about existing threats on the network C. Reports providing visibility of actual blocks and web usage D. Reports pertaining to additional tools running online

Which of the following refers to data that email content filtering provides? A. In-depth analysis of information traffic B. A report on the remaining storage volume for email use C. Information about contracts frequently communicated with via email D. Probability that messages are legitimate or spam

Which of the following describes the effect of encryption on data? A. Optimizes data traffic B. Scrambles a message or information so that only authorized parties can access it C. Ensures that information is not lost along the way and data is transferred more efficiently and securely D. Compresses information and saves storage space

Which of the following describes the effect of encapsulation on data? A. Hides an object from unwanted access B. Ensures that sent or received information is correct C. Ensures that no information leakage can occur D. Checks if invalid characters are used

Which of the following describes the benefit of using a load balancer? A. In-depth analysis of information traffic B. Encrypts all data with a private key C. Improves service availability and helps prevent downtime D. Stores low-level settings for the operating system

Which of the following is a code injection technique that launches malicious statements via input fields? A. DDoS B. SQLi C. Brute-force D. SSRF

Which of the following is an attack in which the attacker secretly relays and possibly alters communication between two parties? A. XSS B. SQLi C. Brute-force D. MITM

Which of the following is an attack in which multiple systems flood the bandwidth? A. Brute-force B. SQLi C. DDoD D. XSS

Which of the following allows you to create a secure connection to another network over the internet? A. VPN B. Proxy server C. Proxy chains D. None of the above

Which of the following is a technique used by cybercrooks to trick users into revealing confidential information? A. SQLi B. Social Engineering C. MITM D. DDoS

Which of the following represents a mechanism that allows users to protect their privacy against a common form of internet surveillance known as traffic analysis? A. Access control list B. TOR C. TCPdump D. NetFlow

Which of the following is an attack that exploits a vulnerable application and executes commands on a remote host? A. MITM B. Command injection C. SQLi D. XSS

Which of the following is most commonly used in PPTP, L2TP/IPsec, SSTP, and OpenVPN? A. Tunneling B. STP C. P2P D. PAT

Which of the following uses a set of rules that filter network traffic and can be configured on network devices with packet filtering capabilities, such as routers and firewalls? A. Next-gen firewall B. NetFlow C. Web content filtering D. Access control list

Which of the following are elements of X.509 certificates? (choose two) A. Last name sign B. Signature algorithm ID C. Serial name D. Version number

Which of the following is a process that allows two computers to use the same cryptographic algorithm? A. X.509 B. Cipher suite C. Key exchange D. PKCS

Which of the following is an IDS that monitors and analyzes data while logging malicious behavior? A. Host-based intrusion detection B. Windows Defender C. WireShark D. Network-based intrusion detection

Which of the following is software that runs on an individual computer to protect it from viruses and malware and to control the spread of harmful infections throughout the network? A. Host-based intrusion detection B. Host-based firewall C. Application-level whitelising/blacklisting D. System-based sandboxing

Which of the following is a safe, isolated environment that replicates an end-user operating environment, within which code can be run, observed, and rated based on activity rather than attributes? A. Application-level whitelisting/blacklisting B. Host-based firewall C. Host-based intrusion detection D. Systems-based sandboxing

Which of the following is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system? A. Application-level blacklisting B. Systems-based sandboxing C. Application-level whitelisting D. Host-based firewall

Which of the following describes a situation in which an attacker can use injected scripts to change the content of a website or even redirect the browser to another web page that, for example, contains malicious code? A. Cross-site scripting B. SQL injection C. DDoS D. Command injection

Which of the following occurs when data exceeds its limits and overwrites memory locations? A. MITM B. Command injection C. Buffer overflow D. DDoS

Which of the following describes a computer program designed to infiltrate and damage a computer without user interaction? A. Malware B. Cross-site scripting C. Buffer overflow D. MITM

Which of the following describes malware in which rogue software code effectively holds a user's computer hostage until a fee is paid? A. DDoS B. Ransomware C. SQL injection D. Command injection

A user reports difficulty accessing certain external web pages. When examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address but different payloads. Which of the following could possibly explain the situation? A. Insufficient network resources B. Failure of full packet capture solution C. Misconfiguration of a web filter D. TCP injection

Which tool is commonly used by threat actors on a webpage to take advantage of software vulnerabilities on a system and spread malware? A. Exploit kit B. Root kit C. Vulnerability kit D. Script kiddie kit

Which of the following represents the practice of giving employees only permissions necessary to perform their specific role within an organization? A. Integrity validation B. Due diligence C. Need to know D. Least privilege

What may be responsible for making security monitoring for HTTPS traffic difficult? A. Encryption B. Large packet headers C. Signature detection takes longer D. SSL interception

Which directory is commonly used in Linux systems to store log files, including syslog and Apache access logs? A. /etc/log B. /root/log C. /lib/log D. /var/log

Which definition of the IIS Log Parser tool is correct? A. A module for IIS that allows you to log into a database B. A data source control to connect to your data source C. A powerful, versatile tool that makes it possible to run SQL-like queries in log files D. A powerful versatile tool that verifies the integrity of log files

Which definition of the virtual address space for a Windows process is true? A. Actual physical location of an object in memory B. A set of virtual memory addresses the process can use C. A set of pages that currently reside in physical memory D. A system-level memory protection feature built into the operating system

Which situation indicates application-level whitelisting? A. Allow everything and deny specific executable files B. Allow specific executable files and deny other executable files C. Daily writing of application-based attacks on a whiteboard D. Allow specific files and deny everything else

If a web server accepts input from the user and passes it to a Bash shell, to which attack method is it vulnerable? A. Input validation B. Hash collision C. Command injection D. Integer overflow

Where is a host-based intrusion detection system located? A. On a particular endpoint as an agent or desktop application B. On a dedicated proxy server monitoring egress traffic C. On a span switch port D. On a tap switch port

Which of the following describes a situation in which a virus scanner identifies a file as a virus, when it isn't really a virus, and then tries to delete it? A. True positive B. False negative C. True negative D. False positive

Which of the following is true if the IDS identifies activity as an attack and the activity is actually an attack? A. True positive B. False negative C. True negative D. False positive

Which of the following is the case when an IDS does not identify and actual attack? A. True positive B. False negative C. True negative D. False positive

Which of the following are Cisco cloud security solutions? (choose two) A. CloudDLP B. OpenDNS C. CloudLock D. CloudSLS

What are the advantages of full-duplex transmission mode, as opposed to half-duplex mode? (select all correct answers) A. Each station can transmit and receive at the same time B. It avoids collisions C. It makes use of backoff time D. It uses a collision avoidance algorithm to transmit data

Which of the following are metrics that can measure the effectiveness of a runbook? A. Mean time to repair (MTTR) B. Mean time between failures (MTBF) C. Mean time to discover a security incident D. All of the above

Which technology allows a large number of private IP addresses to be represented by a smaller number of public IP addresses? A. NAT B. NTP C. RFC 1631 D. RFC 1918

Which features must a next-generation firewall include? (choose two) A. Data mining B. Host-based antivirus C. Application visibility and control D. Security information and event management E. Intrusion detection system

Which type of attack occurs when an attacker is successful in eavesdropping on a conversation between two IPS phones? A. Replay B. Man-in-the-middle C. Dictionary D. Known plaintext

Which network device is used to separate broadcast domains? A. Router B. Repeater C. Switch D. Bridge

Which identifier is used to describe the application or process that submits a log message? A. Action B. Selector C. Priority D. Facility

Which security monitoring data type requires the most storage space? A. Full packet capture B. Transaction data C. Statistical data D. Session data

Which of the following protocols are used for email? (choose two) A. NTP B. DNS C. HTTP D. IMAP E. SMTP

Which of the following is the maximum size of an IPv4 header? A. 32 bytes B. 60 bytes C. 64 bytes D. 20 bytes

Which of the following is a disadvantage of a brute-force attack? A. Most passwords today are complex B. The password may not be in the list or dictionary C. The attack requires a lot of time and resources to succeed D. Brute-force can only occur online

While analyzing the network, we notice aggressive traffic in the ICMP protocol. Which of the following attacks could be the cause? A. Ping flood attack B. Brute-force C. SQLi D. XSS

As a SOC analyst, Tom is suspicious that a MITM attack is underway. Which of the following traffic protocols should Tom investigate? A. ICMP B. POP3 C. ARP D. IPv6

Which of the following refers to a situation in which computers in an organization are redirected to false websites? A. SQLi B. XSS C. DDoS D. DNS Spoofing

Which property of information security does encryption support? A. Sustainability B. Integrity C. Confidentiality D. Availability

Which of the following encryption algorithms is the strongest? A. AES B. CES C. DES D. 3DES

Which statement about digitally signing a document is true? A. The document is hashed and then the document is encrypted with a private key B. The document is hashed and then the hash is encrypted with a private key C. The document is encrypted and then the document is hashed with a public key D. The document is hashed and then the document is encrypted with a public key

Which of the following hash algorithms is the weakest? A. SHA-512 B. RSA 4096 C. SHA-1 D. SHa-256

Which definition of a fork in Linux is true? A. Daemon to execute scheduled commands B. Parent directory name of a file pathname C. Marcos for manipulating CPU sets D. New process created by a parent process

Which two actions are valid uses of public key infrastructure? (choose two) A. Ensuring the privacy of a certificate B. Revoking the validation of a certificate C. Validating the authenticity of a certificate D. Creating duplicate copies of a certificate E. Changing ownership of a certificate

In which of the following cases should an employee return his laptop to the organization? A. When changing to a different role B. Upon termination of employment C. As described in the asset return policy D. When the lease for the laptop expires

What is a trunk link used for? A. To transfer traffic of multiple virtual LANs B. To connect more than two switches C. To enable the Spanning Tree Protocol D. To encapsulate Layer 2 frames

At which OSI layer does a router typically operate? A. Transport B. Network C. Data link D. Application

Cisco pxGrid has a unified framework with an open API designed in a hub-and-spoke architecture. pxGrid is used to enable the sharing of contextual-based information from which devices? A. From a Cisco ASA to the Cisco OpenDNS service B. From a Cisco ASA to the Cisco WSA C. From a Cisco ASA to the Cisco FMC D. From a Cisco ISE session directory to other policy network systems, such as Cisco IOS devices and the Cisco ASA

Which of the following answers relate to the preparation phase? (choose more then one) A. Smartphones that be available for emergency communication B. Communication and coordination mechanisms in case of failure of one mechanism C. Secure storage facility D. None of the above