CCNA Cyber Ops FAQ: Endpoint Security Technologies

CCNA Cyber Ops FAQ: Endpoint Security Technologies

Q1. What is a Trojan horse?
A. A piece of malware that downloads and installs other malicious content from the Internet to perform additional exploitation on an affected system.

B. A type of malware that executes instructions determined by the nature of the Trojan to delete files, steal data, and compromise the integrity of the underlying operating system, typically by leveraging social engineering and convincing a user to install such software.

C. A virus that replicates itself over the network infecting numerous vulnerable systems.

D. A type of malicious code that is injected into a legitimate application. An attacker can program a logic bomb to delete itself from the disk after it performs the malicious tasks on the system.

Answer: B. A Trojan horse is a type of malware that executes instructions determined by the nature of the Trojan to delete files, steal data, and compromise the integrity of the underlying operating system. Trojan horses typically use a form of social engineering to fool victims into installing such software on their computers or mobile devices.

Q2. What is ransomware?
A. A type of malware that compromises a system and then often demands a ransom from the victim to pay the attacker in order for the malicious activity to cease or for the malware to be removed from the affected system

B. A set of tools used by an attacker to elevate his privilege to obtain root-level access in order to completely take control of the affected system

C. A type of intrusion prevention system

D. A type of malware that doesn’t affect mobile devices

Answer: A. Ransomware is a type of malware that compromises a system and then often demands a ransom from the victim to pay the attacker in order for the malicious activity to cease or for the malware to be removed from the affected system.

Q3. Which of the following are examples of free antivirus software? (Select all that apply.)
A. McAfee Antivirus
B. Norton AntiVirus
C. ClamAV
D. Immunet

Answer: C and D. ClamAV and Immunet are free. The rest are commercial-based antivirus software.

Q4. Host-based firewalls are often referred to as which of the following?
A. Next-generation firewalls
B. Personal firewalls
C. Host-based intrusion detection systems
D. Antivirus software

Answer: B. Host-based firewalls are often referred to as “personal firewalls.”

Q5. What is an example of a Cisco solution for endpoint protection?
A. Cisco ASA
B. Cisco ESA
C. Cisco AMP for Endpoints
D. Firepower Endpoint System

Answer: C. Cisco AMP for Endpoints is an example of a Cisco solution for endpoint protection. Cisco ASA is a network firewall, Cisco ESA is an email security appliance, and Firepower Endpoint System does not exist.

Q6. What is a graylist?
A. A list of separate things, such as hosts, applications, email addresses, and services, that are authorized to be installed or active on a system in accordance with a predetermined baseline.

B. A list of different entities that have been determined to be malicious.

C. A list of different objects that have not yet been established as not harmful or malicious.Once additional information is obtained, graylist items can be moved onto a whitelist or a blacklist.

D. A list of different objects that have not yet been established as not harmful or malicious. Once additional information is obtained, graylist items cannot be moved onto a whitelist or a blacklist.

Answer: C. A graylist is a list of different objects that have not yet been established as not harmful or malicious. Once additional information is obtained, graylist items can be moved onto a whitelist or a blacklist.
A whitelist is a list of separate things, such as hosts, applications, email addresses, and services, that are authorized to be installed or active on a system in accordance to a predetermined baseline. A blacklist is a list of different entities that have been determined to be malicious.

Q7. Which of the following are examples of application file and folder attributes that can help with application whitelisting?
A. Application store
B. File path
C. Filename
D. File size

Answer: B, C, D. File path, filename, and file size are examples of application file and folder attributes that can help with application whitelisting.

Q8. Which of the following are examples of sandboxing implementations?
A. Google Chromium sandboxing
B. Java Virtual Machine (JVM) sandboxing
C. HTML CSS and JavaScript sandboxing
D. HTML5 “sandbox” attribute for use with iframes

Answer: A, B, D. Google Chromium sandboxing, JVM sandboxing, and the HTML5 “sandbox” attribute for use with iframes are all examples of sandboxing implementations.

Q9. What are worms?
A. A type of malware that compromises a system and then often demands a ransom from the victim to pay the attacker in order for the malicious activity to cease or for the malware to be removed from the affected system.

B. Viruses that replicate themselves over the network, infecting numerous vulnerable systems. On most occasions, a worm will execute malicious instructions on a remote system without user interaction.

C. An exploit of a network infrastructure device vulnerability that installs a backdoor on the affected system.

D. An exploit of a firewall vulnerability that installs a backdoor on the affected system.

Answer: B. Worms are viruses that replicate themselves over the network, infecting numerous vulnerable systems.

Q10. What is ransomware?
A. A type of malware that compromises a system and then often demands a ransom from the victim to pay the attacker in order for the malicious activity to cease or for the malware to be removed from the affected system.

B. A type of malware that is installed on a stolen laptop or mobile device.

C. A type of malware that compromises a system that has access to sensitive data and can replicate itself in other systems such as firewalls, IPSs, NetFlow collectors, and so on.

D. A type of malware that compromises a system that has access to sensitive data and can replicate itself in other systems such as routers and switches.

Answer: A. Ramsomware is a type of malware that compromises a system and then often demands a ransom from the victim to pay the attacker in order for the malicious activity to cease or for the malware to be removed from the affected system.

Q11. Which of the following are examples of system-based sandboxing implementations? (Select all that apply.)
A. Google Project Zero
B. Google Chromium sandboxing
C. Java JVM sandboxing
D. Threat Grid

Answer: B and C. Google Chromium sandboxing and Java JVM sandboxing are examples of systembased sandboxing implementations.

Q12. Which of the following are benefits of system-based sandboxing?
A. It limits the development of an application inside ofa region of memory.

B. It limits the impact of security vulnerabilities and bugs in code to only run inside the “sandbox.”

C. It prevents software bugs and exploits of vulnerabilities from affecting the rest of the system and from installing persistent malware in the system.

D. It limits the communication of kernel modules within the system, controlling the flow of information and data exchange.

Answer: B and C. Answers B and C are both benefits of system-based sandboxing.

Q13. What is a limitation of application whitelisting?
A. The cost of application whitelisting technologies.
B. The ability to interact with other systems.
C. Scalability in low-power and low-resource IoT.
D. The continuous management of what is and is not on the whitelist.

Answer: D. A limitation of whitelisting is the need to continuously manage what is and is not on the whitelist. It is extremely difficult to keep a list of what is and is not allowed on a system where there are hundreds of thousands of files with a legitimate need to be present and running on the system.

Q14. Cisco AMP for Endpoints takes advantage of which of the following?
A. Telemetry from big data, continuous analysis, and advanced analytics provided by Cisco ESA and WSA in order to detect, analyze, and stop advanced malware across endpoints

B. Advanced analytics provided by antivirus software in order to detect, analyze, and stop advanced malware across endpoints

C. Telemetry from big data, continuous analysis, and advanced analytics provided by Cisco threat intelligence in order to detect, analyze, and stop advanced malware across endpoints

D. Telemetry from big data, continuous analysis, and advanced analytics provided by Cisco next-generation firewalls in order to detect, analyze, and stop advanced malware across endpoints.

Answer: C. Cisco AMP for Endpoints takes advantage of telemetry from big data, continuous analysis, and advanced analytics provided by Cisco threat intelligence in order to detect, analyze, and stop advanced malware across endpoints.

Q15. Which of the following is an example of a host-based encryption technology that can help protect files as well as email?
A. Cisco AMP
B. Protected Guided Privacy (PGP)
C. Pretty Good Privacy (PGP)
D. Cisco WSA

Answer: C. Pretty Good Privacy (PGP) is an example of a host-based encryption technology that can help protect files as well as email.

Q16. What is an application blacklist?
A. A list of different entities that have been determined to be malicious
B. A list of different entities that have been determined to be false positives
C. A list of different malicious websites and hosts
D. A list of different domains that are known to host malware

Answer: A. An application blacklist is a list of different entities that have been determined to be malicious.

Q17. Which of the following is software that can enable you to encrypt files on your hard disk drive?
A. BitCrypt
B. CryptoWall
C. CryptoLocker
D. BitLocker

Answer: D. BitLocker is software for encrypting files on a hard disk drive.

Q18. To effectively protect your emails, you should make sure of which the following?
A. All your email messages are sent to a sandbox to be evaluated before reaching their destination.

B. The connection to your email provider or email server is actually encrypted.

C. Your actual email messages are encrypted.

D. Your stored, cached, or archived email messages are also protected.

Answer: B, C, D. Answers B, C, and D represent actions you should take to ensure your emails are protected.

More Resources

About the author

Scott

Leave a Comment