Cisco CyberOPS Practice Test 1-100
Exam Questions And Answers
1:
Which ICMP message type is sent by the router if an IP packet TTL field reaches zero
Echo Reply
ICMP Time-Exceeded
Echo Request
Destination Unreachable - ANS ICMP Time-Exceeded<
2:
What range of IP addresses are usually assigned to hosts that fail to obtain an IP address via
DHCP
192.168.0/24
0.0/8
127.0/8
169.254/16 - ANS 169.254/16<
3:
Which statement best describes how a network-based malware protection feature detects a
possible event
Malware can be detected correctly by using reputation databases on both the firewall and/or
from the cloud.
Malware can be detected and stopped by using ACLs and the modular policy framework within
the firewall
Using virus signature files locally on the firewall, it will detect MD5 file hashes.
The firewall applies broad-based application and file control policies to detect
malware.appliance.
IDS signature files that are located on the firewall are used to detect the presence of malware. -
ANS The firewall applies broad-based application and file control policies to detect
malware.appliance.<
4:
Which one of the following options is the illegitimate DHCP server that is referred in context to a
DHCP server-based attack
,a target server
an erroneous server
a sitting duck server
a rogue DHCP server< - ANS a rogue DHCP server<
6:
• Which one of the following OSI layers defines how data is formatted for transmission and how
data accesses the physical layer
• transport
• presentation
• data link<
• physical - ANS • data link<
5:
• In most versions of Linux, there is a command that is called vi. What does the vi command do
• opens the vi text editor application
• The command does not exist.
• allows for 6 concurrent virtual connections
• opens a virtual interface connection - ANS • opens the vi text editor application<
7:
• Which method is a permissive security control in which only specified applications can run on
an end host, while all other applications are prevented
• application whitelisting<
• application blacklisting
• application recognition and detection
• application deep packets inspection - ANS • application whitelisting<
8:
• Which four encryption protocols and protective algorithms are identified in the NSA Suite B
specification
(Choose four.)
• ECDSA<
• SHA-2<
• ECDH<
• AES<
• 3DES
• Diffie-Hellman Group5
• MD5 - ANS • ECDSA<
, • SHA-2<
• ECDH<
• AES<
9:
• What is the key to the success of an MITM attack
• The hacked machine becomes overwhelmed with responses.
• The attacker waits until after a communication session is established.<
• TCP/IP bugs make it easy to crash older operating systems.
• Packet flooding consumes resources. - ANS • The attacker waits until after a
communication session is established.<
10:
• Which three are DNS vulnerabilities
(Choose three.)
• DNS resource utilization attacks<
• DNS amplification and reflection attacks<
• DNS cache poisoning attacks<
• DNS resolution interception
• TCP SYN flood - ANS • DNS resource utilization attacks<
• DNS amplification and reflection attacks<
• DNS cache poisoning attacks<
11:
• What are the two best ways to protect a device from a rootkit attack
(Choose two.)
• Do nothing, because rootkits are not common and are difficult to develop.
• Keep current with software updates and security patches from the vendor.<
• Maintain a strong password policy.
• Utilize anti-malware, anti-virus, and next generation firewall and IPS services within the
network.<
• - ANS • Keep current with software updates and security patches from the vendor.<
• Utilize anti-malware, anti-virus, and next generation firewall and IPS services within the
network.<
12:
• Which two techniques would an attacker utilize in order to have a client send packets to the
wrong gateway
(Choose two.)
Exam Questions And Answers
1:
Which ICMP message type is sent by the router if an IP packet TTL field reaches zero
Echo Reply
ICMP Time-Exceeded
Echo Request
Destination Unreachable - ANS ICMP Time-Exceeded<
2:
What range of IP addresses are usually assigned to hosts that fail to obtain an IP address via
DHCP
192.168.0/24
0.0/8
127.0/8
169.254/16 - ANS 169.254/16<
3:
Which statement best describes how a network-based malware protection feature detects a
possible event
Malware can be detected correctly by using reputation databases on both the firewall and/or
from the cloud.
Malware can be detected and stopped by using ACLs and the modular policy framework within
the firewall
Using virus signature files locally on the firewall, it will detect MD5 file hashes.
The firewall applies broad-based application and file control policies to detect
malware.appliance.
IDS signature files that are located on the firewall are used to detect the presence of malware. -
ANS The firewall applies broad-based application and file control policies to detect
malware.appliance.<
4:
Which one of the following options is the illegitimate DHCP server that is referred in context to a
DHCP server-based attack
,a target server
an erroneous server
a sitting duck server
a rogue DHCP server< - ANS a rogue DHCP server<
6:
• Which one of the following OSI layers defines how data is formatted for transmission and how
data accesses the physical layer
• transport
• presentation
• data link<
• physical - ANS • data link<
5:
• In most versions of Linux, there is a command that is called vi. What does the vi command do
• opens the vi text editor application
• The command does not exist.
• allows for 6 concurrent virtual connections
• opens a virtual interface connection - ANS • opens the vi text editor application<
7:
• Which method is a permissive security control in which only specified applications can run on
an end host, while all other applications are prevented
• application whitelisting<
• application blacklisting
• application recognition and detection
• application deep packets inspection - ANS • application whitelisting<
8:
• Which four encryption protocols and protective algorithms are identified in the NSA Suite B
specification
(Choose four.)
• ECDSA<
• SHA-2<
• ECDH<
• AES<
• 3DES
• Diffie-Hellman Group5
• MD5 - ANS • ECDSA<
, • SHA-2<
• ECDH<
• AES<
9:
• What is the key to the success of an MITM attack
• The hacked machine becomes overwhelmed with responses.
• The attacker waits until after a communication session is established.<
• TCP/IP bugs make it easy to crash older operating systems.
• Packet flooding consumes resources. - ANS • The attacker waits until after a
communication session is established.<
10:
• Which three are DNS vulnerabilities
(Choose three.)
• DNS resource utilization attacks<
• DNS amplification and reflection attacks<
• DNS cache poisoning attacks<
• DNS resolution interception
• TCP SYN flood - ANS • DNS resource utilization attacks<
• DNS amplification and reflection attacks<
• DNS cache poisoning attacks<
11:
• What are the two best ways to protect a device from a rootkit attack
(Choose two.)
• Do nothing, because rootkits are not common and are difficult to develop.
• Keep current with software updates and security patches from the vendor.<
• Maintain a strong password policy.
• Utilize anti-malware, anti-virus, and next generation firewall and IPS services within the
network.<
• - ANS • Keep current with software updates and security patches from the vendor.<
• Utilize anti-malware, anti-virus, and next generation firewall and IPS services within the
network.<
12:
• Which two techniques would an attacker utilize in order to have a client send packets to the
wrong gateway
(Choose two.)
