CCNA Cyber Ops FAQ: Network and Host Telemetry
Q1. Why you should enable Network Time Protocol (NTP) when you collect logs from network devices?
A. To make sure that network and server logs are collected faster.
B. Syslog data is useless if it shows the wrong date and time. Using NTP ensures that the correct time is set and that all devices within the network are synchronized.
C. By using NTP, network devices can record the time for certificate management.
D. NTP is not supported when collecting logs from network infrastructure devices.
Q2. Cisco ASA supports which of the following types of logging? (Select all that apply.)
A. Console logging
B. Terminal logging
C. ASDM logging
D. Email logging
E. External syslog server logging
Q3. Which of the following are examples of scalable, commercial, and open source log-collection and -analysis platforms? (Select all that apply.)
D. Elasticsearch, Logstash, and Kibana (ELK) Stack
Q4. Host-based firewalls are often referred to as which of the following?
A. Next-generation firewalls
B. Personal firewalls
C. Host-based intrusion detection systems
D. Antivirus software
Q5. What are some of the characteristics of next-generation firewall and next-generation IPS logging capabilities? (Select all that apply.)
A. With next-generation firewalls, you can only monitor malware activity and not access control policies.
B. With next-generation firewalls, you can monitor events for traffic that does not conform with your access control policies. Access control policies allow you to specify, inspect, and log the traffic that can traverse your network. An access control policy determines how the system handles traffic on your network.
C. Next-generation firewalls and next-generation IPSs help you identify and mitigate the effects of malware. The FMC file control, network file trajectory, and Advanced Malware Protection (AMP) can detect, track, capture, analyze, log, and optionally block the transmission of files, including malware files and nested files inside archive files.
D. AMP is supported by Cisco next-generation firewalls, but not by IPS devices.
Q6. Which of the following are characteristics of next-generation firewalls and the Cisco Firepower Management Center (FMC) in relation to incident management? (Select all that apply.)
A. They provide a list of separate things, such as hosts, applications, email addresses, and services, that are authorized to be installed or active on a system in accordance with a predetermined baseline.
B. These platforms support an incident life cycle, allowing you to change an incident’s status as you progress through your response to an attack.
C. You can create your own event classifications and then apply them in a way that best describes the vulnerabilities on your network.
D. You cannot create your own event classifications and then apply them in a way that best describes the vulnerabilities on your network
Q7. Which of the following are true regarding full packet capture?
A. Full packet capture demands great system resources and engineering efforts, not only to collect the data and store it, but also to be able to analyze it. That is why, in many cases, it is better to obtain network metadata by using NetFlow.
B. Full packet captures can be discarded within seconds of being collected because they are not needed for forensic activities.
C. NetFlow and full packet captures serve the same purpose.
D. Most sniffers do not support collecting broadcast and multicast traffic.
Q8. Which of the following are some useful attributes you should seek to collect from endpoints? (Select all that apply.)
A. IP address of the endpoint or DNS hostname
B. Application logs
C. Processes running on the machine
D. NetFlow data
Q9. SIEM solutions can collect logs from popular host security products, including which of the following?
A. Antivirus or antimalware applications
B. Cloud logs
C. NetFlow data
D. Personal firewalls
Q10. Which of the following are some useful reports you can collect from Cisco ISE related to endpoints? (Select all that apply.)
A. Web Server Log reports
B. Top Application reports
C. RADIUS Authentication reports
D. Administrator Login reports
Q11. Which of the following are open source packet-capture software? (Select all that apply.)
Q12. Which of the following is a big data analytics technology that’s used by several frameworks in security operation centers?
B. Next-generation firewalls
C. Next-generation IPS
Q13. Which of the following is not a host-based telemetry source?
A. Personal firewalls
B. Intrusion detection/prevention
C. Antivirus or antimalware
D. Router syslogs
Q14. Why can encryption cause problems when you’re analyzing data in packet captures?
A. Because encryption causes fragmentation
B. Because encryption causes packet loss
C. Because you cannot see the actual payload of the packet
D. Because encryption adds overhead to the network, and infrastructure devices cannot scale
Q15. What is Cisco Prime Infrastructure?
A. A next-generation firewall
B. A network management platform you can use to configure and monitor many network infrastructure devices in your network
C. A NetFlow generation appliance
D. A next-generation IPS solution
Q16. In what location (directory) do Linux-based systems store most of their logs, including syslog?
Q17. Cisco AVC uses which of the following technologies to provide deep packet inspection (DPI) technology to identify a wide variety of applications within the network traffic flow, using Layer 3 to Layer 7 data?
A. Cisco NetFlow
C. Cisco AMP
D. Cisco Network-Based Application Recognition Version 2 (NBAR2)
Q18. NBAR works with which of the following technologies to help ensure that the network bandwidth is best used to fulfill its main primary objectives?
A. Quality ofService (QoS)
D. Antimalware software
Q19. Traditional Cisco NetFlow records are usually exported via which of the following methods?
A. IPFIX records
B. TLS packets
C. UDP packets
D. HTTPS packets
Q20. Which of the following is not a NetFlow version?
A. Version 5
B. Version 7
C. Version 9