CCNA Cyber Ops FAQ: Endpoint Security Technologies
Q1. What is a Trojan horse?
A. A piece of malware that downloads and installs other malicious content from the Internet to perform additional exploitation on an affected system.
B. A type of malware that executes instructions determined by the nature of the Trojan to delete files, steal data, and compromise the integrity of the underlying operating system, typically by leveraging social engineering and convincing a user to install such software.
C. A virus that replicates itself over the network infecting numerous vulnerable systems.
D. A type of malicious code that is injected into a legitimate application. An attacker can program a logic bomb to delete itself from the disk after it performs the malicious tasks on the system.
Q2. What is ransomware?
A. A type of malware that compromises a system and then often demands a ransom from the victim to pay the attacker in order for the malicious activity to cease or for the malware to be removed from the affected system
B. A set of tools used by an attacker to elevate his privilege to obtain root-level access in order to completely take control of the affected system
C. A type of intrusion prevention system
D. A type of malware that doesn’t affect mobile devices
Q3. Which of the following are examples of free antivirus software? (Select all that apply.)
A. McAfee Antivirus
B. Norton AntiVirus
C. ClamAV
D. Immunet
Q4. Host-based firewalls are often referred to as which of the following?
A. Next-generation firewalls
B. Personal firewalls
C. Host-based intrusion detection systems
D. Antivirus software
Q5. What is an example of a Cisco solution for endpoint protection?
A. Cisco ASA
B. Cisco ESA
C. Cisco AMP for Endpoints
D. Firepower Endpoint System
Q6. What is a graylist?
A. A list of separate things, such as hosts, applications, email addresses, and services, that are authorized to be installed or active on a system in accordance with a predetermined baseline.
B. A list of different entities that have been determined to be malicious.
C. A list of different objects that have not yet been established as not harmful or malicious.Once additional information is obtained, graylist items can be moved onto a whitelist or a blacklist.
D. A list of different objects that have not yet been established as not harmful or malicious. Once additional information is obtained, graylist items cannot be moved onto a whitelist or a blacklist.
A whitelist is a list of separate things, such as hosts, applications, email addresses, and services, that are authorized to be installed or active on a system in accordance to a predetermined baseline. A blacklist is a list of different entities that have been determined to be malicious.
Q7. Which of the following are examples of application file and folder attributes that can help with application whitelisting?
A. Application store
B. File path
C. Filename
D. File size
Q8. Which of the following are examples of sandboxing implementations?
A. Google Chromium sandboxing
B. Java Virtual Machine (JVM) sandboxing
C. HTML CSS and JavaScript sandboxing
D. HTML5 “sandbox” attribute for use with iframes
Q9. What are worms?
A. A type of malware that compromises a system and then often demands a ransom from the victim to pay the attacker in order for the malicious activity to cease or for the malware to be removed from the affected system.
B. Viruses that replicate themselves over the network, infecting numerous vulnerable systems. On most occasions, a worm will execute malicious instructions on a remote system without user interaction.
C. An exploit of a network infrastructure device vulnerability that installs a backdoor on the affected system.
D. An exploit of a firewall vulnerability that installs a backdoor on the affected system.
Q10. What is ransomware?
A. A type of malware that compromises a system and then often demands a ransom from the victim to pay the attacker in order for the malicious activity to cease or for the malware to be removed from the affected system.
B. A type of malware that is installed on a stolen laptop or mobile device.
C. A type of malware that compromises a system that has access to sensitive data and can replicate itself in other systems such as firewalls, IPSs, NetFlow collectors, and so on.
D. A type of malware that compromises a system that has access to sensitive data and can replicate itself in other systems such as routers and switches.
Q11. Which of the following are examples of system-based sandboxing implementations? (Select all that apply.)
A. Google Project Zero
B. Google Chromium sandboxing
C. Java JVM sandboxing
D. Threat Grid
Q12. Which of the following are benefits of system-based sandboxing?
A. It limits the development of an application inside ofa region of memory.
B. It limits the impact of security vulnerabilities and bugs in code to only run inside the “sandbox.”
C. It prevents software bugs and exploits of vulnerabilities from affecting the rest of the system and from installing persistent malware in the system.
D. It limits the communication of kernel modules within the system, controlling the flow of information and data exchange.
Q13. What is a limitation of application whitelisting?
A. The cost of application whitelisting technologies.
B. The ability to interact with other systems.
C. Scalability in low-power and low-resource IoT.
D. The continuous management of what is and is not on the whitelist.
Q14. Cisco AMP for Endpoints takes advantage of which of the following?
A. Telemetry from big data, continuous analysis, and advanced analytics provided by Cisco ESA and WSA in order to detect, analyze, and stop advanced malware across endpoints
B. Advanced analytics provided by antivirus software in order to detect, analyze, and stop advanced malware across endpoints
C. Telemetry from big data, continuous analysis, and advanced analytics provided by Cisco threat intelligence in order to detect, analyze, and stop advanced malware across endpoints
D. Telemetry from big data, continuous analysis, and advanced analytics provided by Cisco next-generation firewalls in order to detect, analyze, and stop advanced malware across endpoints.
Q15. Which of the following is an example of a host-based encryption technology that can help protect files as well as email?
A. Cisco AMP
B. Protected Guided Privacy (PGP)
C. Pretty Good Privacy (PGP)
D. Cisco WSA
Q16. What is an application blacklist?
A. A list of different entities that have been determined to be malicious
B. A list of different entities that have been determined to be false positives
C. A list of different malicious websites and hosts
D. A list of different domains that are known to host malware
Q17. Which of the following is software that can enable you to encrypt files on your hard disk drive?
A. BitCrypt
B. CryptoWall
C. CryptoLocker
D. BitLocker
Q18. To effectively protect your emails, you should make sure of which the following?
A. All your email messages are sent to a sandbox to be evaluated before reaching their destination.
B. The connection to your email provider or email server is actually encrypted.
C. Your actual email messages are encrypted.
D. Your stored, cached, or archived email messages are also protected.
More Resources