Cyber OPS exam study guide
Which two statements are characteristics of a virus? - Answer A virus typically requires
end-user activation.
A virus can be dormant and then activate at a specific time or date.
What is a characteristic of a Trojan horse as it relates to network security? - Answer
Malware is contained in a seemingly legitimate executable program.
What technique is used in social engineering attacks? - Answer phishing
What is a purpose of implementing VLANs on a network? - Answer They can separate
user traffic.
A cybersecurity analyst is viewing packets forwarded by switch S2. What addresses will
identify frames containing data sent from PCA to PCB? - Answer Src IP:
192.168.1.212Src MAC: 00-60-0F-B1-33-33Dst IP: 192.168.2.101Dst MAC: 00-D0-D3-
BE-00-00
A cybersecurity analyst needs to collect alert data. What are three detection tools to
perform this task in the Security Onion architecture? (Choose three.) - Answer CapME
Wazuh
Zeek
Match the Security Onion tool with the description. - Answer *Snort - network based
intrusion detection system
*Wireshark- packet capture
*OSSEC - HIDS
*Sguil-high level cybersecurity analysis console
In network security assessments, which type of test is used to evaluate the risk posed
by vulnerabilities to a specific organization including assessment of the likelihood of
attacks and the impact of successful exploits on the organization? - Answer risk
analysis
Match the server profile element to the description. - Answer *User Accounts - the
parameters defining user access and behavior
*listening port - the TCP and UDP daemons and ports that are allowed to be open on
the server
*Software environment - the tasks, processes, and applications, that are permitted to
run on the server
,*service accounts - the definitions of the type of service that an application is allowed to
run on a given host
In addressing an identified risk, which strategy aims to shift some of the risk to other
parties? - Answer risk sharing
what is network tap? - Answer a passive device that forwards all traffic and physical
layer errors to an analysis device
Match the monitoring tool to the definition. - Answer SEIM - presents real-time reporting
and long term analysis of security events
Netflow - provides statistics on packets flowing through a cisco router or a multilayer
switch
WireShark - pcap files
SNMP- retrieves information on the operation of network devices
If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year would
be considered within its goal? - Answer Approximately 5 minutes per year.
(525,000 minutes a year * (1-.99999) = 5.256)
The HTTP server has responded to a client request with a 200 status code. What does
this status code indicate? - Answer The request was completed successfully.
What is an advantage for small organizations of adopting IMAP instead of POP? -
Answer Messages are kept in the mail servers until they are manually deleted from the
email client.
What debugging security tool can be used by black hats to reverse engineer binary files
when writing exploits - Answer WinDbg
Match the attack tools with the description. - Answer * Nmap - network scanning tool
used to probe network devices for open tcp/udp ports
* Yesenia - A packet crafting tool used to probe and test firewalls
*RaninbowCrack - used for password cracking
What are two features of ARP? - Answer If a host is ready to send a packet to a local
destination device and it has the IP address but not the MAC address of the destination,
it generates an ARP broadcast.
, If a device receiving an ARP request has the destination IPv4 address, it responds with
an ARP reply.
What is a property of the ARP table on a device? - Answer Entries in an ARP table are
time-stamped and are purged after the timeout expires.
What is the purpose of Tor? - Answer to allow users to browse the Internet
anonymously
Which two network protocols can be used by a threat actor to exfiltrate data in traffic
that is disguised as normal network traffic? (Choose two.) - Answer DNS
HTTP
What is a key difference between the data captured by NetFlow and data captured by
Wireshark? - Answer NetFlow collects metadata from a network flow whereas
Wireshark captures full data packets.
Which tool captures full data packets with a command-line interface only? - Answer
tcpdump
Which method can be used to harden a device? - Answer use SSH and disable the root
account access over SSH
In a Linux operating system, which component interprets user commands and attempts
to execute them? - Answer shell
A network administrator is configuring an AAA server to manage RADIUS
authentication. Which two features are included in RADIUS authentication? - Answer
single process for authentication and authorization
hidden passwords during transmission
What is privilege escalation? - Answer Vulnerabilities in systems are exploited to grant
higher levels of privilege than someone or some process should have.
An IT enterprise is recommending the use of PKI applications to securely exchange
information between the employees. In which two cases might an organization use PKI
applications to securely exchange information between users - Answer HTTPS web
service
802.1x authentication
What two assurances does digital signing provide about code that is downloaded from
the Internet? - Answer The code has not been modified since it left the software
publisher
Which two statements are characteristics of a virus? - Answer A virus typically requires
end-user activation.
A virus can be dormant and then activate at a specific time or date.
What is a characteristic of a Trojan horse as it relates to network security? - Answer
Malware is contained in a seemingly legitimate executable program.
What technique is used in social engineering attacks? - Answer phishing
What is a purpose of implementing VLANs on a network? - Answer They can separate
user traffic.
A cybersecurity analyst is viewing packets forwarded by switch S2. What addresses will
identify frames containing data sent from PCA to PCB? - Answer Src IP:
192.168.1.212Src MAC: 00-60-0F-B1-33-33Dst IP: 192.168.2.101Dst MAC: 00-D0-D3-
BE-00-00
A cybersecurity analyst needs to collect alert data. What are three detection tools to
perform this task in the Security Onion architecture? (Choose three.) - Answer CapME
Wazuh
Zeek
Match the Security Onion tool with the description. - Answer *Snort - network based
intrusion detection system
*Wireshark- packet capture
*OSSEC - HIDS
*Sguil-high level cybersecurity analysis console
In network security assessments, which type of test is used to evaluate the risk posed
by vulnerabilities to a specific organization including assessment of the likelihood of
attacks and the impact of successful exploits on the organization? - Answer risk
analysis
Match the server profile element to the description. - Answer *User Accounts - the
parameters defining user access and behavior
*listening port - the TCP and UDP daemons and ports that are allowed to be open on
the server
*Software environment - the tasks, processes, and applications, that are permitted to
run on the server
,*service accounts - the definitions of the type of service that an application is allowed to
run on a given host
In addressing an identified risk, which strategy aims to shift some of the risk to other
parties? - Answer risk sharing
what is network tap? - Answer a passive device that forwards all traffic and physical
layer errors to an analysis device
Match the monitoring tool to the definition. - Answer SEIM - presents real-time reporting
and long term analysis of security events
Netflow - provides statistics on packets flowing through a cisco router or a multilayer
switch
WireShark - pcap files
SNMP- retrieves information on the operation of network devices
If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year would
be considered within its goal? - Answer Approximately 5 minutes per year.
(525,000 minutes a year * (1-.99999) = 5.256)
The HTTP server has responded to a client request with a 200 status code. What does
this status code indicate? - Answer The request was completed successfully.
What is an advantage for small organizations of adopting IMAP instead of POP? -
Answer Messages are kept in the mail servers until they are manually deleted from the
email client.
What debugging security tool can be used by black hats to reverse engineer binary files
when writing exploits - Answer WinDbg
Match the attack tools with the description. - Answer * Nmap - network scanning tool
used to probe network devices for open tcp/udp ports
* Yesenia - A packet crafting tool used to probe and test firewalls
*RaninbowCrack - used for password cracking
What are two features of ARP? - Answer If a host is ready to send a packet to a local
destination device and it has the IP address but not the MAC address of the destination,
it generates an ARP broadcast.
, If a device receiving an ARP request has the destination IPv4 address, it responds with
an ARP reply.
What is a property of the ARP table on a device? - Answer Entries in an ARP table are
time-stamped and are purged after the timeout expires.
What is the purpose of Tor? - Answer to allow users to browse the Internet
anonymously
Which two network protocols can be used by a threat actor to exfiltrate data in traffic
that is disguised as normal network traffic? (Choose two.) - Answer DNS
HTTP
What is a key difference between the data captured by NetFlow and data captured by
Wireshark? - Answer NetFlow collects metadata from a network flow whereas
Wireshark captures full data packets.
Which tool captures full data packets with a command-line interface only? - Answer
tcpdump
Which method can be used to harden a device? - Answer use SSH and disable the root
account access over SSH
In a Linux operating system, which component interprets user commands and attempts
to execute them? - Answer shell
A network administrator is configuring an AAA server to manage RADIUS
authentication. Which two features are included in RADIUS authentication? - Answer
single process for authentication and authorization
hidden passwords during transmission
What is privilege escalation? - Answer Vulnerabilities in systems are exploited to grant
higher levels of privilege than someone or some process should have.
An IT enterprise is recommending the use of PKI applications to securely exchange
information between the employees. In which two cases might an organization use PKI
applications to securely exchange information between users - Answer HTTPS web
service
802.1x authentication
What two assurances does digital signing provide about code that is downloaded from
the Internet? - Answer The code has not been modified since it left the software
publisher
