CCNA Cyber Ops FAQ: Security Monitoring Operational Challenges
Q1. Which of the following are benefits of encryption?
A. Malware communication
B. Privacy
C. Malware mitigation
D. Malware identification
Q2. Why can encryption be challenging to security monitoring?
A. Encryption introduces latency.
B. Encryption introduces additional processing requirements by the CPU.
C. Encryption can be used by threat actors as a method of evasion and obfuscation, and security monitoring tools might not be able to inspect encrypted traffic.
D. Encryption can be used by attackers to monitor VPN tunnels.
Q3. Network address translation (NAT) introduces challenges in the identification and attribution of endpoints in a security victim. The identification challenge applies to both the victim and the attack source. What tools are available to be able to correlate security monitoring events in environments where NAT is deployed?
A. NetFlow
B. Cisco Lancope Stealthwatch System
C. Intrusion Prevention Systems (IPS)
D. Encryption protocols
Q4. If the date and time are not synchronized among network and security devices, logs can become almost impossible to correlate. What protocol is recommended as a best practice to deploy to mitigate this issue?
A. Network address translation
B. Port address translation
C. Network Time Protocol (NTP)
D. Native Time Protocol (NTP)
Q5. What is a DNS tunnel?
A. A type of VPN tunnel that uses DNS.
B. A type of MPLS deployment that uses DNS.
C. DNS was not created for tunneling, but a few tools have used it to encapsulate data in the payload of DNS packets.
D. An encryption tunneling protocol that uses DNS’s UDP port 53.
Q6. Which of the following are examples of DNS tunneling tools? (Select all that apply.)
A. DeNiSe
B. dns2tcp
C. DNScapy
D. DNStor
Q7. What is Tor?
A. An encryption protocol.
B. A hashing protocol.
C. A VPN tunnel client.
D. Tor is a free tool that enables its users to surf the Web anonymously.
Q8. What is a Tor exit node?
A. The encrypted Tor network
B. The last Tor node or the “gateways” where the Tor encrypted traffic “exits” to the Internet
C. The Tor node that performs encryption
D. The Tor browser installed in your system in order to “exit” the Internet
Q9. What is a SQL injection vulnerability?
A. A type of vulnerability where an attacker can insert or “inject” a SQL query via the input data from the client to the application or database
B. A type of vulnerability where an attacker can “inject” a new password to a SQL server or the client
C. A type of DoS vulnerability that can cause a SQL server to crash
D. A type of privilege escalation vulnerability aimed at SQL servers
Q10. What are examples of peer-to-peer (P2P) tools?
A. LionShare
B. P2P NetFlow
C. Napster
D. Peercoin
Q11. What is Tor?
A. Tor is The Onion Router and is a free tool that enables its users to surf the Web anonymously.
B. Tor is The Onion Router and is a free tool that enables its users to send email in an encrypted way using PGP.
C. Tor is The Onion Router and is a free tool that enables its users to route packets anonymously by leveraging the EIGRP or OSPF routing protocol.
D. Tor is The Onion Router and is a free tool that enables its users to route packets anonymously by using BGP.
Q12. Why does NAT present a challenge to security monitoring?
A. NAT can present a challenge when performing security monitoring and analyzing logs because data can be encrypted as a result of the network address translation.
B. NAT can present a challenge when performing security monitoring and analyzing logs because data can be dropped as a result of the network address translation.
C. NAT can present a challenge when performing security monitoring and analyzing logs, NetFlow, and other data because device IP addresses can be seen in the logs as the “translated” IP address versus the “real” IP address.
D. NAT can present a challenge when performing security monitoring and analyzing logs because data can be fragmented as a result of the network address translation.
Q13. What is a Tor exit node?
A. A Tor exit node is the first Tor node or the “gateway” where the Tor encrypted traffic “exits” to the Internet.
B. A Tor exit node is the last Tor node or the “gateway” where the Tor encrypted traffic “exits” to the Internet.
C. A Tor exit node is the Tor node or the “gateway” where the Tor browser connects first.
D. A Tor exit node is an Internet routing entity that can define how the Tor browser exits the common Internet and connects to the darknet
Q14. Which of the following is an example of a DNS tunneling tool?
A. dig
B. nslookup
C. DNScapy
D. DNSSEC
Q15. Which of the following is an example of an encoding mechanism used by threat actors?
A. Base24 encoding
B. GRE tunnels
C. Hex tunnels
D. Base64 encoding
Q16. Why should NTP be enabled in infrastructure devices and for security monitoring?
A. Using NTP ensures that the correct time is set and that all devices within the network are synchronized. Also, it helps to reduce the amount of duplicate logs.
B. Using NTP ensures that the network tunneling protocol is implemented with the correct encryption algorithms.
C. Using NTP ensures that the network tunneling protocol is implemented with the correct hashing algorithms.
D.Using NTP ensures that the network tunneling protocol is implemented with the correct DNS names and NetFlow records.
More Resources