CCNA Cyber Ops FAQ: Threat Analysis

CCNA Cyber Ops FAQ: Threat Analysis

Q1. You must have adequate control mechanisms in order to enforce and ensure that data is only accessed by the individuals who should be allowed to access it and nobody else. Which of the following techniques can be used to prevent any attacks that could impact confidentiality?
A. Secure routing protocols
B. Network scanners
C. Encryption
D. Metasploit

Answer: C. Encryption is often used to maintain confidentiality. An example is the use of encryption in virtual private networks (VPNs).

Q2. Which of the following statements is not true about integrity protection?
A. Integrity protection encompasses only data and information.

B. Integrity protection encompasses more than just data; it not only protects data, but also operating systems, applications, and hardware from being altered by unauthorized individuals.

C. Integrity protection encompasses more than just data; it not only protects data, but also operating systems, applications, and hardware from being altered by authorized individuals.

D. Integrity protection can only be applied to protect operating systems, applications, and hardware from being altered by unauthorized individuals.

Answer: B. Integrity protection encompasses more than just data; it not only protects data, but also operating systems, applications, and hardware from being altered by unauthorized individuals.

Q3. Which of the following are examples of threat modeling techniques? (Select all that apply.)
A. STRIDE
B. STRIKE
C. DREAD
D. THREAD

Answer: A and C. STRIDE, DREAD, and attack trees are examples of threat modeling techniques.

Q4. Which of the following is not a component of DREAD?
A. Damage potential
B. Reproducibility
C. Prosecution
D. Discoverability

Answer: C. Damage potential, reproducibility, exploitability, affected users, and discoverability are the components of DREAD.

Q5. Which of the following is not a component of STRIDE?
A. SQL injection
B. Tampering
C. Repudiation
D. Information disclosure
E. Denial of service

Answer: A. Spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege are the components of STRIDE.

Q6. Which of the following are examples of attack vectors? (Select all that apply.)
A. A malicious email attachment or a malicious link on an email
B. Malicious web page content
C. A vulnerable or compromised network service used maliciously
D. The Common Vulnerability Scoring System (CVSS)

Answer: A, B, C. All three are examples of attack vectors.

Q7. Which of the following is not an example of a tool that can help analyze the attack surface of a system?
A. Web application scanner
B. Fuzzer
C. The Common Vulnerability Assessment Language (CVAL)
D. Network scanner

Answer: C. CVAL does not exist. The rest are examples of tools that can help analyze the attack surface of a system.

Q8. Which of the following is true about the attack complexity in terms of threat analysis?
A. The attack complexity is categorized as high when specialized access conditions or mitigating circumstances do not exist.

B. The attack complexity is categorized as low when specialized access conditions or mitigating circumstances do not exist.

C. The attack complexity is changed if the attacker fails to launch the attack.

D. The attack complexity is dependent on the attack scope.

Answer: B. The attack complexity is categorized as low when specialized access conditions or mitigating circumstances do not exist.

Q9. Which of the following is not true about privileges and user interaction in terms of threat analysis?
A. The risk is considered low if the attacker is required to have privileges or system credentials on the system, in order to launch the attack.

B. The risk is considered high if the attacker is already authorized or is required to have privileges on the system.

C. The risk is high if the attack does not require the attacker to be authenticated or have significant (for example, administrative) control over the vulnerable system.

D. CVSS version 3 also includes the requirements of privileges in its base metrics

Answer: B. The risk is considered low (not high) if the attacker is already authorized or is required to have privileges on the system.

Q10 What is an example of a vulnerability that could lead to an attack scope change?
A. VM injection
B. VM escape
C. Denial of service
D. SQL injection

Answer: B. A VM escape vulnerability is an example of a vulnerability that could lead to an attack scope change.
Q11. A denial-of-service attack against a web server affects which of the following?
A. Availability
B. Confidentiality
C. Integrity
D. Repudiation

Answer: A. A DoS attack against a web server affects availability; the attack by it self does not affect integrity, repudiation, or confidentiality.
Q12. An attacker is able to compromise a system and change files in the affected system. Which of the following is affected?
A. Availability
B. Confidentiality
C. Integrity
D. Repudiation

Answer: C. Integrity covers any changes to a system or its data.
Q13. An attacker is able to eavesdrop on the conversation between two users launching a man-in-the-middle attack. Which of the following is affected?
A. Availability
B. Confidentiality
C. Integrity
D. Repudiation

Answer: B. Confidentiality is the promise that data is not unveiled to unauthorized users, applications, or processes. Depending on the type of information, a higher level of confidentiality might be required, depending on how sensitive it is.
Q14. Which of the following is an example of an attack whose scope has been potentially changed?
A. An attack against a VM escape vulnerability
B. A denial-of-service attack
C. A spoofing attack
D. A man-in-the-middle attack

Answer: A. An attack against a VM escape vulnerability is an example of an attack whose scope has potentially been changed. This scope is defined in CVSSv3 and later.
Q15. Which of the following are examples of thread modeling techniques? (Select all that apply.)
A. STRIDE
B. DREAD
C. SREAD
D. SDL

Answer: A and B. STRIDE and DREAD are examples of thread modeling techniques.
Q16. Which of the following is not an attack vector?
A. Malicious web page content

B. A malicious email attachment or a malicious link on an email

C. DDoS

D. Social engineering conversation by a threat actor done in person or by phone, email, text, or instant messaging to obtain sensitive information from the user such as credentials, date of birth, account information, social security numbers, and so on.

Answer: C. Malicious web page content, malicious email attachments and malicious email links, and social engineering are all attack vectors. DDoS is a type of attack.

More Resources

About the author

Scott

Leave a Comment