CCNA Cyber Ops FAQ: Fundamentals of Intrusion Analysis
Q1. Source and destination IP addresses are usually shown in NetFlow records and security events. What other artifacts are part of NetFlow records? (Select all that apply.)
A. Destination ports
B. Usernames
C. Signature IDs
D. Source ports
Q2. Which of the following are artifacts that are usually shown in IDS and IPS events? (Select all that apply.)
A. Signature IDs
B. Passwords
C. PII
D. Source and destination IP addresses
Q3. Which of the following regular expressions will match the word cat, bat, or rat?
A. [bcr]at
B. ^at
C. brc(at)
D. brc[at]
Q4. Which of the following regular expressions will match any IP address on the 10.1.2.0/24 network?
A. %10.1.2\.$
B. 10\.1\.2\..*
C. ^10.1.2.0
D. 10.[1..2].0
Q5. Which of the following is true about protocol header analysis?
A. Protocol header analysis has several drawbacks over IDS systems because it has less detection capabilities for both known and unknown attacks. This is because protocol header analysis tools cannot match traffic using signatures of security vulnerability exploits.
B. Protocol header analysis has several benefits over more primitive security techniques because it has better detection of both known and unknown attacks. This is done by matching traffic on signatures of security vulnerability exploits.
C. Protocol header analysis has several benefits over more primitive security techniques because it has better detection of both known and unknown attacks. This is done by alerting and blocking traffic on anomalies within the protocol transactions, instead of just simply matching traffic on signatures of security vulnerability exploits.
D. Protocol header analysis is a primitive security technique that does not allow an IDS or IPS device to match traffic using signatures of security vulnerability exploits.
Q6. Which of the following is an example of a packet capture program?
A. Wireshark
B. Packetshark
C. PacketReal
D. NetFlow
Q7. Refer to the following output of tcpdump. Which of the following statements are true of this packet capture? (Select all that apply.)
Q8. Refer to the following packet capture. Which of the following statements is true about this packet capture?
Click here to view code image
A. The host with the IP address 93.184.216.34 is the source.
B. The host omar.cisco.com is the destination.
C. This is a Telnet transaction that is timing out and the server is not responding.
D. The server omar.cisco.com is responding to 93.184.216.34 with four data packets.
Q9. Which of the following is a successful identification of a security attack or a malicious event?
A. True positive
B. True negative
C. False positive
D. False negative
Q10. Which of the following is when the intrusion detection device identifies an activity as acceptable behavior and the activity is actually acceptable?
A. True positive
B. True negative
C. False positive
D. False negative
Q11. Which of the following terms describes a situation in which a security device triggers an alarm but there is no malicious activity or an actual attack taking place?
A. True positive
B. True negative
C. False positive
D. False negative
Q12. Which of the following has been used to evade IDS and IPS devices?
A. SNMP
B. HTTP
C. TNP
D. Fragmentation
Q13. Which of the following is not an example of an element in an IDS alert or event?
A. Signature ID
B. Protocol ID or number
C. Flow record
D. Source and destination ports
Q14. Which of the following are not components of the 5-tuple of a flow in NetFlow? (Select all that apply.)
A. Source IP address
B. Flow record ID
C. Gateway
D. Source port
E. Destination port
More Resources