CCNA Cyber Ops FAQ: Security Principles
Q1. What is one of the primary benefits of a defense-in-depth strategy?
A. You can deploy advanced malware protection to detect and block advanced persistent threats.
B. You can configure firewall failover in a scalable way.
C. Even if a single control (such as a firewall or IPS) fails, other controls can still protect your environment and assets.
D. You can configure intrusion prevention systems (IPSs) with custom signatures and autotuning to be more effective in the network.
Q2. Which of the following planes is important to understand for defense in depth?
A. Management plane
B. Failover plane
C. Control plane
E. User/data plane
F. Services plane
Q3. Which of the following are examples of vulnerabilities?
A. Advanced threats
C. SQL injection
D. Command injection
E. Cross-site scripting (XSS)
F. Cross-site request forgery (CSRF)
Q4. What is the Common Vulnerabilities and Exposures (CVE)?
A. An identifier of threats
B. A standard to score vulnerabilities
C. A standard maintained by OASIS
D. A standard for identifying vulnerabilities to make it easier to share data across tools, vulnerability repositories, and security services
Q5. Which of the following is true when describing threat intelligence?
A. Threat intelligence’s primary purpose is to make money by exploiting threats.
B. Threat intelligence’s primary purpose is to inform business decisions regarding the risks and implications associated with threats.
C. With threat intelligence, threat actors can become more efficient to carry out attacks.
D. Threat intelligence is too difficult to obtain.
Q6. Which of the following is an open source feed for threat data?
A. Cyber Squad Threat Connect
B. BAE Detica CyberReveal
C. MITRE CRITs
D. Cisco AMP Threat Grid
Q7. What is the Common Vulnerability Scoring System (CVSS)?
A. A scoring system for exploits.
B. A tool to automatically mitigate vulnerabilities.
C. A scoring method that conveys vulnerability severity and helps determine the urgency and priority of response.
D. A vulnerability-mitigation risk analysis tool.
Q8. Which of the following are examples of personally identifiable information (PII)?
A. Social security number
B. Biological or personal characteristics, such as an image of distinguishing features, fingerprints, x-rays, voice signature, retina scan, and geometry of the face
D. Date of birth
Answer: A, B, D. The following are a few examples of PII:
- The individual’s name
- Social security number
- Biological or personal characteristics, such as an image of distinguishing features,
- fingerprints, x-rays, voice signature, retina scan, and geometry of the face
- Date and place of birth
- Mother’s maiden name
- Credit card numbers
- Bank account numbers
- Driver’s license number
- Address information, such as email addresses or street addresses, and telephone numbers for businesses or personal use
Q9. Which of the following statements are true about the principle of least privilege?
A. Principle of least privilege and separation of duties can be considered to be the same thing.
B. The principle of least privilege states that all users—whether they are individual contributors, managers, directors, or executives—should be granted only the level of privilege they need to do their job, and no more.
C. Programs or processes running on a system should have the capabilities they need to “get their job done,” but no root access to the system.
D. The principle of least privilege only applies to people.
Q10. What is a runbook?
A. A runbook is a collection of processes running on a system.
B. A runbook is a configuration guide for network security devices.
C. A runbook is a collection of best practices for configuring access control lists on a firewall and other network infrastructure devices.
D. A runbook is a collection of procedures and operations performed by system administrators, security professionals, or network operators.
Q11. Chain of custody is the way you document and preserve evidence from the time you started the cyber forensics investigation to the time the evidence is presented at court. Which of the following is important when handling evidence?
A. Documentation about how and when the evidence was collected
B. Documentation about how evidence was transported
C. Documentation about who had access to the evidence and how it was accessed
D. Documentation about the CVSS score of a given CVE
Answer: A, B, C. Chain of custody is the way you document and preserve evidence from the time you started the cyber forensics investigation to the time the evidence is presented at court. It is extremely important to be able to show clear documentation of the following:
- How the evidence was collected
- When it was collected
- How it was transported
- How is was tracked
- How it was stored
- Who had access to the evidence and how it was accessed
Q12. Which of the following statements are true about vulnerabilities?
A. A vulnerability is a threat on a system.
B. A vulnerability is an exploitable weakness in a system or its design.
C. Vulnerabilities can be found in protocols, operating systems, applications, hardware, and system designs.
D. Vulnerabilities are exploits that are discovered every day in software and hardware products.
Q13. On which of the following can exploit kits be run from?
A. Web servers
B. Email servers
C. NTP servers
Q14. Which of the following are examples of exploit kits?
D. Black ICE
Q15. Which of the following describe what a threat is?
A. Threats and vulnerabilities are the same.
B. A threat is an exploit against a patched vulnerability.
C. A threat is any potential danger to an asset.
D. A threat is a piece of software aimed at exploiting a vulnerability.
Q16. What is an IoC?
A. An indicator of compromise
B. An indicator of containment
C. An intrusion operating control
D. An intrusion of compromise
Q17. Which of the following are provided by threat intelligence feeds?
A. Indicators of compromise
B. IP addresses of attacking systems
C. The overall risk score of all vulnerabilities in the corporate network
D. The overall risk score of threats in the corporate network
Q18. The way you document and preserve evidence from the time you start the cyber forensics investigation to the time the evidence is presented in court is referred to as which of the following?
A. Chain of compromise
B. Custody of compromise
C. Chain of Forensics
D. Chain of custody
Q19. What are decompilers?
A. Programs that take an executable binary file and attempt to produce readable high-level language code from it
B. Programs that take a non-executable binary file and attempt to produce compiled code from it
C. Programs that take a non-executable binary file and attempt to produce encrypted code from it
D. Programs that execute a binary file and attempt to crack the encryption of it
Q20. Which of the following are metrics that can measure the effectiveness of a runbook?
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Mean time to discover a security incident
D. All of the above
Q21. What is PHI?
A. Protected HIPAA information
B. Protected health information
C. Personal health information
D. Personal human information