Download CCNA Cyber Ops Understanding Cisco Cybersecurity Fundamentals.selftesttraining.210-250.2019-07-11.1e.32q.vcex

Download Exam

File Info

Exam CCNA Cyber Ops Understanding Cisco Cybersecurity Fundamentals
Number 210-250
File Name CCNA Cyber Ops Understanding Cisco Cybersecurity Fundamentals.selftesttraining.210-250.2019-07-11.1e.32q.vcex
Size 44 Kb
Posted July 11, 2019
Downloads 31
Download CCNA Cyber Ops Understanding Cisco Cybersecurity Fundamentals.selftesttraining.210-250.2019-07-11.1e.32q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

Which of the following is true of privilege escalation?

  • A: vertical movement to a different level
  • B: horizontal movement to the same level
  • C: obtained without authorization
  • D: granted freely

Correct Answer: C

Privilege escalation occurs when someone obtains, without authorization, the rights and privileges of a different user. Privilege escalation usually occurs by logging in to a system using your valid user account and then finding a way to access files that you do not have permissions to access. This often involves invoking a program that can change your permissions, such as Set User ID (SUID), or invoking a program that runs in an administrative context. 
There are several methods of dealing with privilege escalation can lead to denial-of-service (DoS) attacks. An example of privilege escalation is gaining access to a file you should not access by changing the permissions of your valid account. 
Horizontal escalation is movement to an account on the same level, such as from a regular user another regular user. 
Vertical escalation is movement to an account on a different level, such as from a regular user to an administrator. 
Privilege escalation is never granted freely. It is an attack. 
Objective: Attack Methods
Sub-Objective: Define privilege escalation 
Reference: https://searchsecurity.techtarget.com/definition/privilege-escalation-attack




Question 2

Which of the following represents an exploitable, unpatched, and unmitigated weakness in software?

  • A: vulnerability
  • B: exploit
  • C: threat
  • D: breach

Correct Answer: A

A vulnerability is a susceptibility to a threat that exists in a system that has not been mitigated. Patching would be a form of mitigation if it were used to address the vulnerability  
When a security weakness or vulnerability exists in a system and threat actor takes advantage, the attack is considered an exploit. An example of a vulnerability is keeping ports open for nonessential services. 
A threat is an external danger to which a system may or may not be vulnerable. Is it a potential danger that could take advantage of a system it is vulnerable. An attacker picking the lock of the back entrance to a facility is an example of a threat, not a vulnerability. 
A breach is when an exploit is successful in providing unauthorized access to data. 
Objective: Security Concepts
Sub-Objective: Compare and contrast these concepts: Risk, Threat, Vulnerability, Exploit




Question 3

Which of the following describes a TCP injection attack?

  • A: Many TCP SYN packets are captures with the same sequence number, source, and destination IP address, but different payloads.
  • B: there is an abnormally high volume of scanning from numerous sources
  • C: many TCP SYN packets are captured with the same sequence number, but different source and destination IP addresses and different payloads
  • D: an attacker performs actions slower than normal

Correct Answer: A

A TCP injection attack occurs when the attacker injects data into a TCP packet. Evidence of this attack would be many TCP SYN packets captured with the same sequence number, source and destination IP address but different payloads. 
In a resource exhaustion attack, the goal is to overwhelm the IPS or IDS that it cannot keep up. Therefore, it uses an abnormally high volume of scanning from numerous sources. resource exhaustion occurs when a system runs out of limited resources, such as bandwidth, RAM, or hard drive space. Without the required storage space (as an example), the system can no longer perform as expected, and crashes. 
Timing attacks are those in which the operations are carried out at a much slower than normal pace to keep the IPS or IDS from assembling the operation in to a recognizable attack. 
Capturing many TCP SYN packets captured with the same sequence number, but different source and destination IP address and different payloads, is possible but unlikely. It would not represent a TCP injection attack. 
Objective: Attack Methods
Sub-Objective: Describe these evasion methods. Encryption and tunneling, Resource exhaustion, Traffic fragmentation, Protocol-level misinterpretation, traffic substitution and insertion, Pivot.
Reference: http://www.ciscopress.com/articles/article.asp?p=1728833&seqNum=3




Question 4

Which of the following is used to validate and in some cases revoke certificates?

  • A: PKI
  • B: DHCP
  • C: PGP
  • D: POP

Correct Answer: A

A public key infrastructure (PKI) contains software hardware and policies that allow digital certificates to be created, validated, or revoked. A digital signature provides integrity, authentication, and non-repudiation in electronic mail. A PKI typically consists of the following components: certificates, a key repository, a method for revoking certificates, and a method to evaluate a certificate chain, which security professionals can use to follow the possession of keys.
Pretty Good Privacy (PGP) is an email encryption system. PGP uses a web of trust to validate public key pairs. In a web of trust model, users sign their own key pairs. If a user wants to receive a file encrypted with PGP, the user must first supply the public key. 
Post Office Protocol (POP) is a client email program. It is used to retrieve email from the email server. 
Dynamic Host Configuration (DHCP) is a protocol that allows network administrators to centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organization’s network. DHCP can automatically assign a new IP address when a computer is plugged into a different location on the network. 
Objective: Cryptography
Sub-Objective: Describe the operation of a PKI
Reference: https://searchsecurity.techtarget.com/definition/PKI




Question 5

Which of the following describes a timing attack?

  • A: delays attack for an amount of time
  • B: waits for an opportune moment
  • C: performs actions slower than normal
  • D: performs actions faster than normal

Correct Answer: C

Timing attacks are those in which operations carried out are done much slower than normal to keep the IPS or IDS from assembling the operation into a recognizable attack. 
Performing actions faster than normal might even make it easier for the IPS or IDS to assemble the parts of the operation into a recognizable attack. 
Delaying the attack will have no bearing how easily the IPS may or may not recognize the attack. 
Attackers really have no way of recognizing or acting upon an opportune moment. 
Objective: Attack Methods
Sub-Objective: Describe these evasion methods: Encryption and tunneling, Resource exhaustion, Traffic fragmentation, Protocol-level misinterpretation, Traffic substitution and insertion, Pivot.




Question 6

Your organization uses both the users location and the time of a day when assessing a connection request.  
What type of access control model is this?

  • A: RBAC
  • B: DAC
  • C: ABAC
  • D: MAC

Correct Answer: C

This is an example of attribute-based access control (ABAC). In this model, attributes and their combinations are used to control access. There are several classes of attributes that might be included:
Environmental attributes – items such as location, time of day 
Object attributes – object type (medical record, bank account) 
Subject attributes – age, clearance, department, role, job title 
Action attribute – read, delete, view, approve 
Role-based access control (RBAC) provides a specific set of rights and permission based on the job role assigned to the user. 
Discretionary access control (DAC) prescribes that the owner of an asset (data) decides the sensitively of the resource and who has access. 
Mandatory access control (MAC) creates clearance levels and assigns clearance levels to data assets and to users. Subjects (users) can only access levels to which they have been given clearance and those below. 
Objective: Security Concepts
Sub-Objective: Compare and contrast these access control models: Discretionary access control, mandatory access control, Nondiscretionary access control




Question 7

Which of the following is a compilation of routine procedures and operations that the system administrator or operator carries out?

  • A: workflow
  • B: script
  • C: agenda
  • D: runbook

Correct Answer: D

A runbook is a compilation of routine procedures and operations that the system administrator or operator carries out. The runbook is typically divided into routine automated processes and routine manual processes. The effectiveness of a runbook can be measure by these metrics. 
Mean time to repair (MTTR) 
Mean time between failures (MTBF) 
Mean time to discover a security incident  
Mean time between failures (MTBF) is an estimate of the amount of time a piece of equipment will last and is usually determined by the equipment vendor or third party. 
Mean time to repair by the equipment of the amount of time it will take to fix a piece of equipment and return it to production. The owner of the equipment usually determines this amount of time. 
An agenda comprises items to be covered in a meeting. 
A workflow describes the movement of a piece of work through a process from one operation to another. 
While a script may a part of runbook, not all runbook operations are automated. Some are manual. 
Objective: Security Concepts
Sun-Objective: Describe these terms. Threat actor, Runbook automation (RBA), Chain of custody (evidentiary), Reverse engineering, Sliding window anomaly detection, PII, PHI.




Question 8

What occurs when you allow specific executable files while denying all others?

  • A: whitelisting
  • B: blacklisting
  • C: greylisting
  • D: redlisting

Correct Answer: A

When you whitelisting, you are creating a list of allowed applications while denying all others. Those approved applications are designated as whitelisted. These lists can also be used for domain name allowance with DNS. Several products are available that check for applications that are not on the whitelist, including attempts to install those applications. For example, the logs generated by the whitelisting product would tell you if someone had attempted to install a key logger. 
When blacklisting, you create a list of denied applications while allowing all others. These lists can also be used for domain name blocking with DNS. Blacklisting is an allow by default concept, where all software is allowed to execute unless it is on the Deny List. 
There is no form of filtering called redlisting or greylisting. 
Objective: Security Monitoring
Sub-Objective: Describe these NextGen IPS event types: Connection event, Intrusion event, Host or endpoint event, Network discovery event, NetFlow event.
Reference: https://www.schneier.com/blog/archives/2011/01/whitelisting_vs.html




Question 9

Which operation has as its goal the identification of all available services on a device?

  • A: port scan
  • B: banner grabbing
  • C: OS fingerprinting
  • D: ping scan

Correct Answer: A

A port scan identifies the open ports on a device, and thus the services available. 
A ping scan has as its goal identification of all live devices in the network. A smurf attack is an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system. 
Operating system (OS) fingerprinting has as its goal the identification of the operating system and version. Banner grabbing is a fingerprinting technique that relies on morphed or empty TCP packets that are sent over to a target machine. Telnet, Netcat, Nmap and other tools can be used to carry out banner grabbing. 
Banner grabbing also has as its goal the identification of the operating system and its version. Banner grabbing intercepts a text file sent by a server or a host. The text file includes OS information and in the case of a web server, perhaps the basic configuration info. The attacker can then exploit that information. 
Objective: Attack Methods
Sub-Objective: Describe these endpoint-based attacks: Duffer overflows, Command and control (C2), Malware, Rootkit, Port scanning, Host Profiling 
Reference: https://www.lifewire.com/introduction-to-port-scanning-2486802




Question 10

Quantitative and qualitative are two types of which of the following|?

  • A: risk analysis
  • B: business impact analysis
  • C: disaster recovery plan
  • D: heuristics

Correct Answer: A

Risk analysis come in two basic types. When scoring is used to rate risks rather than dollar figures to potential outcomes. 
A business impact analysis (BIA) focuses on critical business systems and the impact if they are lost to an outage. A BIA is created to identify the company’s vital functions and prioritize them based on need. It identifies vulnerabilities and threats and calculates the associated risks. 
A disaster recovery plan is a short term plan that is implemented when a large disaster event occurs. The plan is created to ensure that your company can resume operations in a timely manner. It mainly focuses on alternative procedures for processing transactions in the short term. it is carries out when the emergency occurs and immediately following the emergency. 
Heuristics is an approach that identifies malware based on the behavior it exhibits rather than a signature. A heuristics IDS uses artificial intelligence (AI) to detect intrusions. Analytics are performed on the actions taken, and the IDS takes action based on the logic in the AI. 
Objective: Security Concepts
Sub-Objective: Describe these security terms: Principle of least privilege, Risk scoring/risk weighting, Risk reduction, Risk assessment.
Reference: https://www.pmi.org/learning/library/qualitative-risk-assessment-cheaper-faster-3188










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files