My Daypo


Title of test:
CyberOps Day 4

Guide 4

(Other tests from this author)

Creation Date:


Number of questions: 50
Share the Test:
Share the Test:
Last comments
No comments about this test.
What are two characteristics of Ethernet MAC addresses? (Choose two.) MAC addresses use a flexible hierarchical structure. They are expressed as 12 hexadecimal digits. They are globally unique. They are routable on the Internet MAC addresses must be unique for both Ethernet and serial interfaces on a device.
Which three statements describe a DHCP Discover message? (Choose three.) All hosts receive the message, but only a DHCP server replies. Only the DHCP server receives the message. The source MAC address is 48 ones (FF-FF-FF-FF-FF-FF). The message comes from a server offering an IP address. The destination IP address is The message comes from a client seeking an IP address.
Which three security services are provided by digital signatures? (Choose three.) Provides nonrepudiation using HMAC functions Guarantees data has not changed in transit Provides data encryption Authenticates the source Provides confidentiality of digitally signed data Authenticates the destination.
Refer to the exhibit. A cybersecurity analyst is viewing packets forwarded by switch S2. What addresses will identify frames containing data sent from PCA to PCB? Src IP: Src MAC: 00-60-0F-B1-33-33 Dst IP: Dst MAC: 08-CB-8A-5C-BB-BB Src IP: Src MAC: 01-90-C0-E4-AA-AA Dst IP: Dst MAC: 08-CB-8A-5C-BB-BB Src IP: Src MAC: 00-60-0F-B1-33-33 Dst IP: Dst MAC: 08-CB-8A-5C-BB-BB Src IP: Src MAC: 00-60-0F-B1-33-33 Dst IP: Dst MAC: 00-D0-D3-BE-00-00.
Match the Security Onion tool with the description. Snort Wireshark OSSEC Sguil.
Match the server profile element to the description. (Not all options are used.) User accounts Listening ports Software environment Service accounts.
Match the monitoring tool to the definition. SIEM NetFlow Wireshark SNMP .
Match the attack tools with the description. (Not all options are used.) RainbowCrack Yersinia Nmap.
Match the security incident stakeholder with the role. HR Information Assurance IT Support Management Legal Department.
Match the security policy with the description. (Not all options are used.) Acceptable Use Policy (AUP) Identification and Authentication Policy (IAP) Network Maintenance Policy Remote Access Policy.
Match the attack to the definition. (Not all options are used.) Resource Utilization Attack ARP Cache Poisoning Amplification and Reflection.
Match the security organization with its security functions. (Not all options are used.) SANS MITRE FIRST .
After host A receives a web page from server B, host A terminates the connection with server B. Match each step to its correct option in the normal termination process for a TCP connection. (Not all options are used.) Step 1 Step 2 Step 3 Step 4.
Match the Windows 10 Registry key with its description. HKEY_USERS HKEY_CLASSES_ROOT HKEY_CURRENT_USERS HKEY_CURRENT_CONFIG.
Refer to the exhibit. What solution can provide a VPN between site A and site B to support the encapsulation of any Layer 3 protocol between the internal networks at each site? An IPsec tunnel Cisco SSL VPN A GRE tunnel A remote access tunnel.
Match the network service with the description. Syslog NetFlow NTP SNMP.
A client application needs to terminate a TCP communication session with a server. Place the termination process steps in the order that they will occur. (Nat all options are used.) Step 1 Step 2 Step 3 Step 4.
Match the attack surface with attack exploits. Software Attack Surface Network Attack Surface Human Attack Surface.
Match the Linux host-based firewall application with its description. TCP Wrappers iptables nftables.
Refer to the exhibit. If Host1 were to transfer a file to the server, what layers of the TCP/IP model would be used? only application and Internet layers application, transport, Internet, and network access layers only Internet and network access layers only application, transport, network, data link, and physical layer only application, Internet, and network access layers application, session, transport, network, data link, and physical layers.
Match the destination network routing table entry type with a definition. Local route interface Directly connected interface Dynamic route Static route.
Match the network monitoring data type with the description. Transaction Data Alert Data Static Data Session Data.
Place the seven steps defined in the Cyber Kill Chain in the correct order. step 1 step 2 step 3 step 4 step 5 step 6 step 7.
Match the category of attacks with the description. (Not all options are used.) DoS MITM Sniffer Attack.
Match the field in the Event table of Sguil to the description. sid ip_proto signature cid timestamp status.
Match the SIEM function to the description Aggregation Reporting Correlation Forensic Analysis.
Match the tabs of the Windows 10 Task Manager to their functions. (Not all options are used.) Details Performance Startup Services.
Match the common network technology or protocol with the description. (Not all options are used.) NTP DNS Syslog ICMP.
Match the SOC metric with the description. (Not all options apply.) MTTD MTTC MTTR.
Refer to the exhibit. An administrator is trying to troubleshoot connectivity between PC1 and PC2 and uses the tracert command from PC1 to do it. Based on the displayed output, where should the administrator begin troubleshooting? R1 PC2 SW2 R2 SW1.
Match the correct sequence of steps typically taken by a threat actor carrying out a domain shadowing attack. Step 1 Step 2 Step 3 Step 4 Step 5.
Refer to the exhibit. The switches have a default configuration. Host A needs to communicate with host D, but host A does not have the MAC address for the default gateway. Which network devices will receive the ARP request sent by host A? only host D only hosts A, B, C, and D only hosts B and C only hosts B, C, and router R1 only hosts A, B, and C only router R1.
Match the alert classification with the description. False positive False negative True positive True negative.
Refer to the exhibit. Which field in the Sguil event window indicates the number of times an event is detected for the same source and destination IP address? CNT Pr ST AlertID.
Refer to the exhibit. The IP address of which device interface should be used as the default gateway setting of host H1? R1: G0/0 R2: S0/0/0 R2: S0/0/1 R1: S0/0/0.
Match the network-based antimalware solution to the function. (Not all options are used.) Email security appliance Web security appliance Network admission control Advanced malware protection.
Refer to the exhibit. The PC is sending a packet to the Server on the remote network. Router R1 is performing NAT overload. From the perspective of the PC, match the NAT address type with the correct IP address. (Not all options are used.) Outside Global Inside Global Inside Local.
Match the attack vector with the description. Email Media Attrition Web.
Match the security management function with the description. Configuration management Asset management Vulnerability management Risk management.
Match the phase in the NIST incident response life cycle to the action Post-incident activities Preparation Detection and analysis Containment, eradication, and recovery.
Why is the Diffie-Hellman algorithm typically avoided for encrypting data? DH requires a shared key which is easily exchanged between sender and receiver. Most data traffic is encrypted using asymmetrical algorithm. DH runs too quickly to be implemented with a high level of security. The large numbers used by DH make it too slow for bulk data transfers.
Which classification indicates that an alert is verified as an actual security incident? false negative true positive false positive true negative.
The HTTP server has responded to a client request with a 200 status code. What does this status code indicate? The server understands the request, but the resource will not be fulfilled. The request was completed successfully. The server could not find the requested resource, possibly because of an incorrect URL. The request has been accepted for processing, but processing is not completed.
In a Linux operating system, which component interprets user commands and attempts to execute them? GUI daemon kernel shell.
What are two motivating factors for nation-state-sponsored threat actors? (Choose two.) industrial espionage showing off their hacking skills disruption of trade or infrastructure social or personal cause financial gain.
Match the antimalware approach to the description. (Not all options are used.) signature-based heuristics-based behavior-based agent-based.
Which type of data is used by Cisco Cognitive Intelligence to find a malicious activity that has bypassed security controls, or entered through unmonitored channels, and is operating inside an enterprise network? statistical session alert transaction.
Which is an example of social engineering? An unidentified person claiming to be a technician collecting user information from employees. An anonymous programmer directing a DDoS attack on a data center. A computer displaying unauthorized pop-ups and adware. The infection of a computer by a virus carried by a Trojan.
Which component is a pillar of the zero trust security approach that focuses on the secure access of devices, such as servers, printers, and other endpoints, including devices attached to IoT? workplace workforce workloads workflows.
A security analyst is reviewing the information contained in a Wireshark capture created during an attempted intrusion. The analyst wants to correlate the Wireshark information with the log files from two servers that may have been compromised. What type of information can be used to correlate the events found in these multiple data sets? logged-in user account ownership metadata ISP geolocation data ownership metadata IP five-tuples.
Report abuse Terms of use