CCNA Cyber Ops FAQ: Network and Host Profiling
Q1. Which of the following is true about NetFlow?
A. NetFlow typically provides more details than sFlow.
B. NetFlow typically contains more details than packet capturing.
C. NetFlow is not available in virtual networking environments.
D. NetFlow is only used as a network performance measurement.
Q2. Which of the following is not used to establish a network baseline?
A. Determining the time to collect data
B. Selecting the type of data to collect
C. Developing a list of users on the network
D. Identifying the devices that can provide data
Q3. Which of the following is an advantage of port security over automated NAC?
A. Device profiling
B. Ease of deployment
C. Management requirements
D. Technology cost
Q4. What is the best definition of session duration in terms of network profiling?
A. The total time the user or device requests services from the network
B. The total time the user connects to the network
C. The total time a user or device connects to a network and later disconnects from it
D. The total time the user logs in to a system and logs out of the system
Q5. Which of the following is not a tool or option for monitoring a host session on the network?
A. Use firewall logs to monitor user connections to the network
B. Use NetFlow to monitor user connections to the network
C. Capture network packets and monitor user connections to the network
D. Use SNMP tools to monitor user connections to the network
Q6. Which of the following is not true about listening ports?
A. A listening port is a port held open by a running application in order to accept inbound connections.
B. Seeing traffic from a known port will identify the associated service.
C. Listening ports use values that can range between 1 and 65535.
D. TCP port 80 is commonly known for Internet traffic.
Q7. A traffic substitution and insertion attack does which of the following?
A. Substitutes the traffic with data in a different format but with the same meaning
B. Substitutes the payload with data in the same format but with a different meaning
C. Substitutes the payload with data in a different format but with the same meaning
D. Substitutes the traffic with data in the same format but with a different meaning
Q8. Which of the following is not a method for identifying running processes?
A. Reading network traffic from a SPAN port with the proper technology
B. Reading port security logs
C. Reading traffic from inline with the proper technology
D. Using port scanner technology
Q9. Which of the following is not a tool that can identify applications on hosts?
A. Web proxy
B. Application layer firewall
C. Using NBAR
D. Using NetFlow
Q10. Which of the following statements is incorrect?
A. Latency is a delay in throughput detected at the gateway of the network.
B. Throughput is typically measured in bandwidth.
C. A valley is when there is an unusually low amount of throughput compared to the normal baseline.
D. A peak is when there is a spike in throughput compared to the normal baseline
Q11. Which statement is true?
A. NetFlow provides more details than capturing network packets.
B. Capturing network packets provides more details than NetFlow.
C. Capturing packets provides the same data as NetFlow.
D. Technology cannot offer both packet capture and NetFlow capabilities.
Q12. Which of the following is not used to collect data for measuring throughput?
A. Pulling data from a SPAN port
B. Capturing data from a device that is in the line of traffic
C. Gathering the number of routers, switches, and hosts on the network
D. Capturing traffic from a gateway firewall
Q13. Which of the following protocols would provide the least value in explaining the type of device connected to a port?
Q14. What is the least valuable benefit for using session duration?
A. Triggering when a critical system goes down
B. Baselining network performance
C. Detecting network breaches
D. Identifying unusual network behavior
Q15. Which is not a reason for controlling asset address space?
A. Segmenting hosts
B. Network resource management
C. Protecting critical assets
D. Reducing costs
Q16. Which of the following is not an IPAM factor to consider?
A. IP address inventory
B. Endpoint posture
C. Dynamic IP address services management
D. IP name services management
Q17. Which of the following is not a value from profiling hosts on the network?
A. Identifying devices that are potentially compromised
B. Alerting to internal threats
C. Understanding bandwidth utilization
D. Identifying installed applications
Q18. Which of the following is not a method for identifying and securing listening ports?
A. Implementing firewall technology
B. Implementing strong access control policies
C. Periodically scanning the network for listening ports
D. Evaluating listening ports for risk
Q19. Which of the following is not a tool used for profiling host applications?
A. Nmap version scanning
B. Using content filters
C. Using NetFlow
D. Using NBAR
Q20. Which is not a tool for seeing running processes on a host?
C. ps -e
D. Task Manager