CCNA Cyber Ops FAQ: Security Principles

CCNA Cyber Ops FAQ: Security Principles

Q1. What is one of the primary benefits of a defense-in-depth strategy?
A. You can deploy advanced malware protection to detect and block advanced persistent threats.

B. You can configure firewall failover in a scalable way.

C. Even if a single control (such as a firewall or IPS) fails, other controls can still protect your environment and assets.

D. You can configure intrusion prevention systems (IPSs) with custom signatures and autotuning to be more effective in the network.

Answer: C. One of the primary benefits of a defense-in-depth strategy is that even if a single control (such as a firewall or IPS) fails, other controls can still protect your environment and assets.

Q2. Which of the following planes is important to understand for defense in depth?
A. Management plane
B. Failover plane
C. Control plane
D. Clustering
E. User/data plane
F. Services plane

Answer: A, C, E, F. Understanding the management, control, user/data, and services planes is crucial for a defense-in-depth strategy.

Q3. Which of the following are examples of vulnerabilities?
A. Advanced threats
B. CVSS
C. SQL injection
D. Command injection
E. Cross-site scripting (XSS)
F. Cross-site request forgery (CSRF)

Answer: C, D, E, F. SQL injection, command injection, XSS, and CSRF are all examples of vulnerabilities.

Q4. What is the Common Vulnerabilities and Exposures (CVE)?
A. An identifier of threats

B. A standard to score vulnerabilities

C. A standard maintained by OASIS

D. A standard for identifying vulnerabilities to make it easier to share data across tools, vulnerability repositories, and security services

Answer: D. CVE is a standard for identifying vulnerabilities to make it easier to share data across tools, vulnerability repositories, and security services.

Q5. Which of the following is true when describing threat intelligence?
A. Threat intelligence’s primary purpose is to make money by exploiting threats.

B. Threat intelligence’s primary purpose is to inform business decisions regarding the risks and implications associated with threats.

C. With threat intelligence, threat actors can become more efficient to carry out attacks.

D. Threat intelligence is too difficult to obtain.

Answer: B. Threat intelligence’s primary purpose is to inform business decisions regarding the risks and implications associated with threats.

Q6. Which of the following is an open source feed for threat data?
A. Cyber Squad Threat Connect
B. BAE Detica CyberReveal
C. MITRE CRITs
D. Cisco AMP Threat Grid

Answer: C. Collaborative Research Into Threats (CRITs) is an open source feed for threat data. Learn more at https://crits.github.io.

Q7. What is the Common Vulnerability Scoring System (CVSS)?
A. A scoring system for exploits.

B. A tool to automatically mitigate vulnerabilities.

C. A scoring method that conveys vulnerability severity and helps determine the urgency and priority of response.

D. A vulnerability-mitigation risk analysis tool.

Answer: C. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine the urgency and priority of response.

Q8. Which of the following are examples of personally identifiable information (PII)?
A. Social security number

B. Biological or personal characteristics, such as an image of distinguishing features, fingerprints, x-rays, voice signature, retina scan, and geometry of the face

C. CVE

D. Date of birth

Answer: A, B, D. The following are a few examples of PII:

  • The individual’s name
  • Social security number
  • Biological or personal characteristics, such as an image of distinguishing features,
  • fingerprints, x-rays, voice signature, retina scan, and geometry of the face
  • Date and place of birth
  • Mother’s maiden name
  • Credit card numbers
  • Bank account numbers
  • Driver’s license number
  • Address information, such as email addresses or street addresses, and telephone numbers for businesses or personal use

Q9. Which of the following statements are true about the principle of least privilege?
A. Principle of least privilege and separation of duties can be considered to be the same thing.

B. The principle of least privilege states that all users—whether they are individual contributors, managers, directors, or executives—should be granted only the level of privilege they need to do their job, and no more.

C. Programs or processes running on a system should have the capabilities they need to “get their job done,” but no root access to the system.

D. The principle of least privilege only applies to people.

Answer: B, C. The principle of least privilege states that all users—whether they are individual contributors, managers, directors, or executives—should be granted only the level of privilege they need to do their job, and no more. It also applies to programs or processes running on a system. These programs or processes should have the capabilities they need to “get their job done,” but no root access to the system.

Q10. What is a runbook?
A. A runbook is a collection of processes running on a system.

B. A runbook is a configuration guide for network security devices.

C. A runbook is a collection of best practices for configuring access control lists on a firewall and other network infrastructure devices.

D. A runbook is a collection of procedures and operations performed by system administrators, security professionals, or network operators.

Answer: D. A runbook is a collection of procedures and operations performed by system administrators, security professionals, or network operators.

Q11. Chain of custody is the way you document and preserve evidence from the time you started the cyber forensics investigation to the time the evidence is presented at court. Which of the following is important when handling evidence?
A. Documentation about how and when the evidence was collected

B. Documentation about how evidence was transported

C. Documentation about who had access to the evidence and how it was accessed

D. Documentation about the CVSS score of a given CVE

Answer: A, B, C. Chain of custody is the way you document and preserve evidence from the time you started the cyber forensics investigation to the time the evidence is presented at court. It is extremely important to be able to show clear documentation of the following:

  • How the evidence was collected
  • When it was collected
  • How it was transported
  • How is was tracked
  • How it was stored
  • Who had access to the evidence and how it was accessed

Q12. Which of the following statements are true about vulnerabilities?
A. A vulnerability is a threat on a system.

B. A vulnerability is an exploitable weakness in a system or its design.

C. Vulnerabilities can be found in protocols, operating systems, applications, hardware, and system designs.

D. Vulnerabilities are exploits that are discovered every day in software and hardware products.

Answer: B and C. A vulnerability is an exploitable weakness in a system or its design. Vulnerabilities can be found in protocols, operating systems, applications, hardware, and system designs. An exploit is software or a sequence of commands that takes advantage of a vulnerability in order to cause harm to a system or network.

Q13. On which of the following can exploit kits be run from?
A. Web servers
B. Email servers
C. NTP servers
D. Firewalls

Answer: A. Exploit kits can be uploaded and can run from web servers in order to spread malware and compromise other systems.

Q14. Which of the following are examples of exploit kits?
A. Angler
B. Mangler
C. Blackhole
D. Black ICE

Answer: A and C. Angler and Blackhole are examples of exploit kits.

Q15. Which of the following describe what a threat is?
A. Threats and vulnerabilities are the same.
B. A threat is an exploit against a patched vulnerability.
C. A threat is any potential danger to an asset.
D. A threat is a piece of software aimed at exploiting a vulnerability.

Answer: C. A threat is any potential danger to an asset.

Q16. What is an IoC?
A. An indicator of compromise
B. An indicator of containment
C. An intrusion operating control
D. An intrusion of compromise

Answer: A. IoC stands for indicator of compromise.

Q17. Which of the following are provided by threat intelligence feeds?
A. Indicators of compromise
B. IP addresses of attacking systems
C. The overall risk score of all vulnerabilities in the corporate network
D. The overall risk score of threats in the corporate network

Answer: A and B. Threat intelligence feeds typically include information such as indicators of compromise, known malicious domains, IP addresses of attacking systems, and other types of information.

Q18. The way you document and preserve evidence from the time you start the cyber forensics investigation to the time the evidence is presented in court is referred to as which of the following?
A. Chain of compromise
B. Custody of compromise
C. Chain of Forensics
D. Chain of custody

Answer: D. Chain of custody is the way you document and preserve evidence from the time you start the cyber forensics investigation to the time the evidence is presented in court.

Q19. What are decompilers?
A. Programs that take an executable binary file and attempt to produce readable high-level language code from it

B. Programs that take a non-executable binary file and attempt to produce compiled code from it

C. Programs that take a non-executable binary file and attempt to produce encrypted code from it

D. Programs that execute a binary file and attempt to crack the encryption of it

Answer: A. Decompilers are programs that take an executable binary file and attempt to produce readable high-level language code from it.

Q20. Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above

Answer: D. Mean time to repair (MTTR), mean time between failures (MTBF), and mean time to discover a security incident are all examples of metrics that can measure the effectiveness of a runbook.

Q21. What is PHI?
A. Protected HIPAA information
B. Protected health information
C. Personal health information
D. Personal human information

Answer: B. PHI stands for protected health information.

More Resources
More Resources

About the author

Scott

Leave a Comment