CCNA Cyber Ops FAQ: The Art of Data and Event Analysis
Q1. Which of the following is the process of capturing, storing, and analyzing data so that it exists in only one form?
A. Data normalization
B. Data correlation
C. Big data analytics
D. Retrospective analysis
Q2 Which of the following is not a data normalization method used in the industry?
A. First normal form (1NF)
B. First data ingest (FDI)
C. Second normal form (2NF)
D. Third normal form (3NF)
Q3. Which of the following is not an element in the 5-tuple?
A. Source IP address
B. Source port
C. Protocol
D. IP option
Q4. Which of the following describes the security event log shown here?
A. NetFlow record
B. Traditional firewall syslog
C. WSA log
D. Intrusion prevention system (IPS) or intrusion detection system (IDS) log
Q5. Which of the following statements is true about retrospective analysis?
A. Cisco Talos uses threat intelligence from Cisco to perform retrospective analysis and protection. Cisco AMP also provides device and file trajectory capabilities to allow the security administrator to analyze the full spectrum of an attack.
B. Cisco AMP for Endpoints uses threat intelligence from Cisco to perform retrospective analysis and protection. However, Cisco AMP for Networks does not support device and file trajectory capabilities to allow the security administrator to analyze the full spectrum of an attack.
C. Cisco AMP uses threat intelligence from Cisco Talos to perform retrospective analysis and protection. Cisco AMP also provides device and file trajectory capabilities to allow the security administrator to analyze the full spectrum of an attack.
D. Cisco AMP uses threat intelligence from Cisco WSA to perform retrospective analysis and protection. Cisco WSA also provides device and file trajectory capabilities to allow the security administrator to analyze the full spectrum of an attack.
Q6. Which of the following can be combined with security event logs to identify compromised systems and communications to command and control (CnC) servers?
A. PII
B. PHI
C. AH/ESP
D. DNS
Q7. In which type of analysis do you know and obtain “facts” about the incident, breach, and affected applications?
A. Probabilistic
B. Compound
C. Deterministic
D. Dynamic
Q8. What is the type of security or event log or record described in the following table?
A. NetFlow record
B. IPS event
C. IDS event
D. Traditional firewall log
Q9. What type of security event log is the following?
A. A firewall syslog
B. IDS event
C. IPS event
D. NetFlow
Q10. Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)
A. Communication to CnC servers
B. Configuration issues
C. Malicious domains based on reputation
D. Routing problems
Q11. Cisco Advanced Malware Protection (AMP) for Networks and AMP for Endpoints provide mitigation capabilities that go beyond point-in-time detection. Which of the following is an example of this capability?
A. Hashing
B. DLP
C. Using threat intelligence to perform retrospective analysis and protection
D. Encryption
Q12. Which of the following is one of the main goals of data normalization?
A. To save duplicate logs for redundancy
B. To purge redundant data while maintaining data integrity
C. To correlate IPS and IDS logs with DNS
D. To correlate IPS/IDS logs with firewall logs
More Resources