CCNA Cyber Ops FAQ: Introduction to Security Operations Management

CCNA Cyber Ops FAQ: Introduction to Security Operations Management

Q1. In which phase of the identity and account life cycle are the access rights assigned?
A. Registration
B. Access review
C. Privileges provisioning
D. Identity validation

Answer: C. Access rights are provided during the privileges provisioning phase.

Q2. What is an advantage of a system-generated password?
A. It is easy to remember.
B. It complies with the organization’s password policy.
C. It is very long.
D. It includes numbers and letters

Answer: B. System-generated passwords are created by the system by following the constraints embedded in the security policy.

Q3. Which of the following is a password system that’s based on tokens and uses a challengeresponse mechanism?
A. Synchronous token system
B. Asynchronous token system
C. One-time token system
D. Time-base token system

Answer: B. An asynchronous token system uses a challenge-response mechanism.

Q4. In the context of the X.500 standard, how is an entity uniquely identified within a directory information tree?
A. By its distinguish name (DN)
B. By its relative distinguish name (RDN)
C. By its FQDN
D. By its DNS name

Answer: A. An entity is uniquely identified by its distinguish name (DN).

Q5. What is the main advantage of single sign-on?
A. The user authenticates with SSO and is authorized to access resources on multiple systems.

B. The SSO server will automatically update the password on all systems.

C. The SSO server is a single point of failure.

D. SSO is an open source protocol.

Answer: A. The advantage of SSO is that the user authenticates once and he is granted access to organization resources.

Q6. What is the main advantage of an SIEM compared to a normal log collector?
A. It provides log storage.
B. It provides log correlation.
C. It provides a GUI.
D. It provides a log search functionality.

Answer: B. One of the critical functions of an SIEM compared to a normal log collector is the log correlation capability.

Q7. In asset management, what is used to create a list of assets owned by the organization?
A. Asset inventory
B. Asset acceptable use
C. Asset disposal
D. Asset category

Answer: A. An asset inventory results in a list of assets owned by the organization.

Q8. Which of the following are advantages of a cloud-based mobile device manager compared to an on-premises model? (Select all that apply.)
A. Higher control
B. Flexibility
C. Scalability
D. Easier maintenance

Answer: B, C, D. A cloud-based MDM provides more flexibility and scalability, and it is easier to maintain.

Q9. Which of the following is a typical feature of a Mobile Device Management solution?
A. Device jailbreak
B. PIN lock enforcement
C. Call forwarding
D. Speed dial

Answer: B. MDM solutions typically provide PIN lock enforcement capabilities.

Q10. In the context of configuration management, which of the following best defines a security baseline configuration?
A. A configuration that has been formally reviewed and approved
B. The default configuration from the device vendor
C. A configuration that can be changed without a formal approval
D. The initial server configuration

Answer: A. A security baseline configuration is a configuration that has been formally reviewed and approved and cannot be changed without a formal request.

Q11. A change that is low risk and might not need to follow the full change management process is classified as which of the following?
A. Standard
B. Emergency
C. Normal
D. Controlled

Answer: A. A standard change is a low-risk change that might not require the full change management process.

Q12. In which type of penetration assessment is all information about the systems and network known?
A. White box approach
B. Black box approach
C. Gray box approach
D. Silver box approach

Answer: A. With a white box approach, all information about the systems is known prior to the start of the penetration assessment.

Q13. In which type of vulnerability disclosure approach is the vulnerability exploit not disclosed?
A. Partial disclosure
B. Full disclosure
C. Responsible disclosure
D. Initial disclosure

Answer: C. In a responsible disclosure approach, the information about how to exploit a vulnerability is not disclosed.

Q14. Which of the following are required before a patch can be applied? (Select all that apply.)
A. Formally start a request for change.
B. Perform a security assessment.
C. Verify that the patch works correctly.
D. Test the patch in the lab.

Answer: A, B, D. Verifying that the patch works correctly is done after the patch has been deployed.

Q15. Which of the following are properties of a secure digital identity? (Select all that apply.)
A. Unique
B. Nondescriptive
C. Encrypted
D. Nominative

Answer: A and B. A secure digital identity should be a unique and nondescriptive security issuance.

Q16. Why is a periodic access rights and privileges review important?
A. To avoid privilege creep
B. To verify a user’s security clearance
C. To ensure credentials are encrypted
D. To assign a security label

Answer: A. A periodic privileges review is needed to make sure each user has the correct level of privileges after any event that could require the assignment of different privileges.

Q17. In which cases can access be revoked? (Select all that apply.)
A. After job termination
B. When a user moves to another job
C. When creating an administrative user
D. Due to a security violation

Answer: A, B, D. Access can be revoked due to job termination, change of the job, or a violation of security policy.

Q18. Which of the following are responsibilities of an asset owner? (Mark all that apply)
A. Implementation of security controls
B. Asset security classification
C. Asset disposal
D. Analysis of the access logs

Answer: B and C. Asset classification and Asset disposal are responsibilities of the asset owner.

Q19. What is the relative distinguished name at the organizational unit level of the following entity? C=US, O=Cisco, OU=CCNA Learning, CN=Jones?
A. OU=CCNA Learning
B. C=US, O=Cisco, OU=CCNA Learning
C. CN=Jones
D. OU=CCNA Learning, CN=Jones

Answer: A. Answer A is correct in this case.

Q20. In which case should an employee return his laptop to the organization?
A. When moving to a different role
B. Upon termination of the employment
C. As described in the asset return policy
D. When the laptop is end of lease

Answer: C is the most correct answer.

Q21. Where are configuration records stored?
A. In a CMDB
B. In a MySQL DB
C. In a XLS file
D. There is no need to store them

Answer: A. Configuration records are stored in a configuration management database (CMDB).

Q22. Which type of vulnerability scanner probes the target system to get information?
A. Intrusive
B. Direct
C. Passive
D. Active

Answer: D. Active vulnerability scanners probes the target system.

Q23. In which enterprise patch management model can the system can install a patch automatically?
A. Agentless
B. Passive
C. Agent based
D. Install based

Answer: C. Agent based deployment model gives automatic patch installation capabilities.

Q24. What is the syslog priority (PRI) of a message from facility 20 with a severity of 4?
A. 164
B. 160
C. 24
D. 52

Answer: A. The syslog PRI is obtained by multiplying the facility code by 8 and adding the severity code.

Q25. What is the log normalization functionality used for?
A. It provides a way to archive logs.

B. It aggregates information based on common information and reduces duplicates.

C. It provides reporting capabilities.

D. It extracts relevant attributes from logs received in different formats and stores them in a common data model or template.

Answer: D. Log normalization extracts relevant attributes from logs received in different formats and stores them in a common data model or template.

Q26. Which of the following functions are typically provided by an SIEM? (Select all that apply.)
A. Log correlation
B. Log archiving
C. Log normalization
D. Log correction

Answer: A, B, C. SIEM provides correlation, archiving, normalization, aggregation, and reporting for logs.

Q27. Which elements are found in a typical Cisco BYOD architecture? (Select all that apply.)
A. Mobile device management (MDM) server
B. Cisco ISE
C. Cisco MARS
D. Cisco ASR5000

Answer: A and B. Cisco ISE and an MDM server are typically found in a Cisco BYOD architecture.

Q28. At which step of the change process is the configuration database updated?
A. In the review and close change record
B. When the request for change is created
C. During the change implementation
D. During the request for change review

Answer: A. After the RFC is closed, the configuration database is updated with the new configuration.

Q29. Which of the following are true statements regarding vulnerability scanners and penetration assessments? (Select all that apply.)
A. Vulnerability scanners can crash a device; penetration assessments do not.
B. Vulnerability scanners usually work with known vulnerabilities.
C. Penetration assessment is typically fully automated.
D. Vulnerability scanners can work in active mode and passive mode.

Answer: B and D. Vulnerability scanners usually work with known vulnerabilities and can work in passive and active modes.

Q30. What is an OVAL definition?
A. An XML file that contains information about how to check a system for the presence of vulnerabilities.

B. It is synonymous with the OVAL language.

C. An XML file used to represent reporting on the vulnerability assessment.

D. A database schema.

Answer: A. An OVAL definition is an XML file that contains information about how to check a system for the presence of vulnerabilities.

More Resources

About the author

Scott

Leave a Comment