Cisco CCNA CyberOps Associate
(Version 1.0) All Modules & Final Exam
Questions And Answers
Which personnel in a SOC are assigned the task of hunting for potential threats and
implementing threat detection tools? - ANS Tier 3 SME
What is a benefit to an organization of using SOAR as part of the SIEM system? - ANS
SOAR automates incident investigation and responds to workflows based on playbooks.
The term cyber operations analyst refers to which group of personnel in a SOC? - ANS Tier
1 personnel
What is a benefit to an organization of using SOAR as part of the SIEM system? - ANS
SOC Manager
Incident Reporter
Threat Hunter
Alert Analyst
Navigation Bar
An SOC is searching for a professional to fill a job opening. The employee must have
expert-level skills in networking, endpoint, threat intelligence, and malware reverse engineering
in order to search for cyber threats hidden within the network. Which job within an SOC requires
a professional with those skills? - ANS Threat Hunter
Which three are major categories of elements in a security operations center? (Choose three.) -
ANS technologies
people
processes
Which three technologies should be included in a SOC security information and event
management system? (Choose three.) - ANS security monitoring
threat intelligence
log management
Which KPI metric does SOAR use to measure the time required to stop the spread of malware
in the network? - ANS Time to Control
,How does a security information and event management system (SIEM) in a SOC help the
personnel fight against security threats? - ANS by combining data from multiple
technologies
Which organization is an international nonprofit organization that offers the CISSP certification?
- ANS (ISC) 2
Which example illustrates how malware might be concealed? - ANS An email is sent to the
employees of an organization with an attachment that looks like an antivirus update, but the
attachment actually consists of spyware
A group of users on the same network are all complaining about their computers running slowly.
After investigating, the technician determines that these computers are part of a zombie
network. Which type of malware is used to control these computers? - ANS spyware
Which regulatory law regulates the identification, storage, and transmission of patient personal
healthcare information? - ANS HIPAA
When a user turns on the PC on Wednesday, the PC displays a message indicating that all of
the user files have been locked. In order to get the files unencrypted, the user is supposed to
send an email and include a specific ID in the email title. The message also includes ways to
buy and submit bitcoins as payment for the file decryption. After inspecting the message, the
technician suspects a security breach occurred. What type of malware could be responsible? -
ANS ransomware
What are two examples of personally identifiable information (PII)? (Choose two.) - ANS
street address
credit card number
What is the dark web? - ANS It is part of the internet that can only be accessed with
special software.
Which statement describes cyberwarfare? - ANS It is Internet-based conflict that involves
the penetration of information systems of other nations.
What is the main purpose of cyberwarfare? - ANS to gain advantage over adversaries
What job would require verification that an alert represents a true security incident or a false
positive? - ANS Alert Analyst
Why do IoT devices pose a greater risk than other computing devices on a network? - ANS
Most IoT devices do not receive frequent firmware updates.
,A worker in the records department of a hospital accidentally sends a medical record of a
patient to a printer in another department. When the worker arrives at the printer, the patient
record printout is missing. What breach of confidentiality does this situation describe? - ANS
PHI
A user calls the help desk complaining that the password to access the wireless network has
changed without warning. The user is allowed to change the password, but an hour later, the
same thing occurs. What might be happening in this situation? - ANS rogue access point
What technology was created to replace the BIOS program on modern personal computer
motherboards? - ANS UEFI
An IT technician wants to create a rule on two Windows 10 computers to prevent an installed
application from accessing the public Internet. Which tool would the technician use to
accomplish this task? - ANS Windows Defender Firewall with Advanced Security
A user logs in to Windows with a regular user account and attempts to use an application that
requires administrative privileges. What can the user do to successfully use the application? -
ANS Right-click the application and choose Run as Administrator
Match the Windows command to the description - ANS renames a file: ren
creates a new directory: mkdir
changes the current directory: cd
lists files in a directory: dir
A user creates a file with .ps1 extension in Windows. What type of file is it? - ANS
PowerShell script
Which statement describes the function of the Server Message Block (SMB) protocol? - ANS
It is used to share network resources.
A technician has installed a third party utility that is used to manage a Windows 7 computer.
However, the utility does not automatically start whenever the computer is started. What can the
technician do to resolve this problem? - ANS Change the startup type for the utility to
Automatic in Services
Match the Windows 10 boot sequence after the boot manager (bootmgr.exe) loads. - ANS
Step one: The Windows boot loader Winload.exe loads
Step two: Ntosknl.exe and hal.dll are loaded
Step three: Winload.exe reads the registry, chooses a hardware profile, and loads the device
drivers.
Step four: Ntoskrnl.exe takes over the process.
Step five: Winlogon.exe is loaded and excutes the logon process.
, What is the purpose of using the net accounts command in Windows? - ANS to review the
settings of password and logon requirements for users
Which two commands could be used to check if DNS name resolution is working properly on a
Windows PC? (Choose two.) - ANS nslookup cisco.com
ping cisco.com
A PC user issues the netstat command without any options. What is displayed as the result of
this command? - ANS a list of all established active TCP connections
What are two advantages of the NTFS file system compared with FAT32? (Choose two.) - ANS
NTFS provides more security features.
NTFS supports larger files.
Match the Linux command to the function. (Not all options are used.) - ANS
hmodudodisplays the name of the current working directory: pwd
runs a command as another user: sudo
modifies file permissions: chmod
shuts down the system:
lists the processes that are currently running: ps
Match the octal value to the file permission description in Linux. (Not all options are used.) -
ANS write only: 010
read and execute: 101
read and write: 110
execute only: 001
write and execute
no access: 000
Why is Kali Linux a popular choice in testing the network security of an organization? - ANS
It is an open source Linux security distribution containing many penetration tools.
Which type of tool allows administrators to observe and understand every detail of a network
transaction? - ANS packet capture software
Match typical Linux log files to the function. - ANS used by RedHat and CentOS computers
and tracks authentication-related events:
/VAR/LOG/SECURE
(Version 1.0) All Modules & Final Exam
Questions And Answers
Which personnel in a SOC are assigned the task of hunting for potential threats and
implementing threat detection tools? - ANS Tier 3 SME
What is a benefit to an organization of using SOAR as part of the SIEM system? - ANS
SOAR automates incident investigation and responds to workflows based on playbooks.
The term cyber operations analyst refers to which group of personnel in a SOC? - ANS Tier
1 personnel
What is a benefit to an organization of using SOAR as part of the SIEM system? - ANS
SOC Manager
Incident Reporter
Threat Hunter
Alert Analyst
Navigation Bar
An SOC is searching for a professional to fill a job opening. The employee must have
expert-level skills in networking, endpoint, threat intelligence, and malware reverse engineering
in order to search for cyber threats hidden within the network. Which job within an SOC requires
a professional with those skills? - ANS Threat Hunter
Which three are major categories of elements in a security operations center? (Choose three.) -
ANS technologies
people
processes
Which three technologies should be included in a SOC security information and event
management system? (Choose three.) - ANS security monitoring
threat intelligence
log management
Which KPI metric does SOAR use to measure the time required to stop the spread of malware
in the network? - ANS Time to Control
,How does a security information and event management system (SIEM) in a SOC help the
personnel fight against security threats? - ANS by combining data from multiple
technologies
Which organization is an international nonprofit organization that offers the CISSP certification?
- ANS (ISC) 2
Which example illustrates how malware might be concealed? - ANS An email is sent to the
employees of an organization with an attachment that looks like an antivirus update, but the
attachment actually consists of spyware
A group of users on the same network are all complaining about their computers running slowly.
After investigating, the technician determines that these computers are part of a zombie
network. Which type of malware is used to control these computers? - ANS spyware
Which regulatory law regulates the identification, storage, and transmission of patient personal
healthcare information? - ANS HIPAA
When a user turns on the PC on Wednesday, the PC displays a message indicating that all of
the user files have been locked. In order to get the files unencrypted, the user is supposed to
send an email and include a specific ID in the email title. The message also includes ways to
buy and submit bitcoins as payment for the file decryption. After inspecting the message, the
technician suspects a security breach occurred. What type of malware could be responsible? -
ANS ransomware
What are two examples of personally identifiable information (PII)? (Choose two.) - ANS
street address
credit card number
What is the dark web? - ANS It is part of the internet that can only be accessed with
special software.
Which statement describes cyberwarfare? - ANS It is Internet-based conflict that involves
the penetration of information systems of other nations.
What is the main purpose of cyberwarfare? - ANS to gain advantage over adversaries
What job would require verification that an alert represents a true security incident or a false
positive? - ANS Alert Analyst
Why do IoT devices pose a greater risk than other computing devices on a network? - ANS
Most IoT devices do not receive frequent firmware updates.
,A worker in the records department of a hospital accidentally sends a medical record of a
patient to a printer in another department. When the worker arrives at the printer, the patient
record printout is missing. What breach of confidentiality does this situation describe? - ANS
PHI
A user calls the help desk complaining that the password to access the wireless network has
changed without warning. The user is allowed to change the password, but an hour later, the
same thing occurs. What might be happening in this situation? - ANS rogue access point
What technology was created to replace the BIOS program on modern personal computer
motherboards? - ANS UEFI
An IT technician wants to create a rule on two Windows 10 computers to prevent an installed
application from accessing the public Internet. Which tool would the technician use to
accomplish this task? - ANS Windows Defender Firewall with Advanced Security
A user logs in to Windows with a regular user account and attempts to use an application that
requires administrative privileges. What can the user do to successfully use the application? -
ANS Right-click the application and choose Run as Administrator
Match the Windows command to the description - ANS renames a file: ren
creates a new directory: mkdir
changes the current directory: cd
lists files in a directory: dir
A user creates a file with .ps1 extension in Windows. What type of file is it? - ANS
PowerShell script
Which statement describes the function of the Server Message Block (SMB) protocol? - ANS
It is used to share network resources.
A technician has installed a third party utility that is used to manage a Windows 7 computer.
However, the utility does not automatically start whenever the computer is started. What can the
technician do to resolve this problem? - ANS Change the startup type for the utility to
Automatic in Services
Match the Windows 10 boot sequence after the boot manager (bootmgr.exe) loads. - ANS
Step one: The Windows boot loader Winload.exe loads
Step two: Ntosknl.exe and hal.dll are loaded
Step three: Winload.exe reads the registry, chooses a hardware profile, and loads the device
drivers.
Step four: Ntoskrnl.exe takes over the process.
Step five: Winlogon.exe is loaded and excutes the logon process.
, What is the purpose of using the net accounts command in Windows? - ANS to review the
settings of password and logon requirements for users
Which two commands could be used to check if DNS name resolution is working properly on a
Windows PC? (Choose two.) - ANS nslookup cisco.com
ping cisco.com
A PC user issues the netstat command without any options. What is displayed as the result of
this command? - ANS a list of all established active TCP connections
What are two advantages of the NTFS file system compared with FAT32? (Choose two.) - ANS
NTFS provides more security features.
NTFS supports larger files.
Match the Linux command to the function. (Not all options are used.) - ANS
hmodudodisplays the name of the current working directory: pwd
runs a command as another user: sudo
modifies file permissions: chmod
shuts down the system:
lists the processes that are currently running: ps
Match the octal value to the file permission description in Linux. (Not all options are used.) -
ANS write only: 010
read and execute: 101
read and write: 110
execute only: 001
write and execute
no access: 000
Why is Kali Linux a popular choice in testing the network security of an organization? - ANS
It is an open source Linux security distribution containing many penetration tools.
Which type of tool allows administrators to observe and understand every detail of a network
transaction? - ANS packet capture software
Match typical Linux log files to the function. - ANS used by RedHat and CentOS computers
and tracks authentication-related events:
/VAR/LOG/SECURE
