Cyber security Operations exam
Fundamentals UPDATED Study Guide
QUESTIONS AND CORRECT ANSWERS
Which three technologies should be included in a security information and
event management system in a soc - CORRECT ANSWERS Security
monitoring
Threat intelligence
Vulnerability tracking
How is a source IP address used in a standard ACL? - CORRECT ANSWERS
it is the criterion used to filter traffic
Why is Diffie-Hellman algorithm typically avoided for encrypting data? -
CORRECT ANSWERS The large numbers used by DH make it slow for
bulk data transfers
Which metric class in the CVSS Basic Metric Group identifies the impacts on
Confidentiality, Integrity and Availability? - CORRECT ANSWERS
Impact
How might DNS be used by a threat actor to create mayhem? - CORRECT
ANSWERS Collect personal information and encodes the data in
outgoing DNS queries
Refer to the exhibit. A network security specialist issues the command tcpdump
to capture events. What does the number 6337 indicate? - CORRECT
ANSWERS The process id of the tcpdump command
,What is the responsibility of the human resources department when handling a
security incident? - CORRECT ANSWERS Apply disciplinary measures
if an incident is caused by an employee
Malicious traffic is correctly identified as a threat. (malware) - CORRECT
ANSWERS true positive
Normal traffic is incorrectly identified as a threat. (email) - CORRECT
ANSWERS false positive
Uses a hierarchy of authoritative time sources to send term information between
devices on the network. - CORRECT ANSWERS NTP
Uses UDP port 514 for logging event messages from network devices and
endpoints. - CORRECT ANSWERS Syslog
Used by attackers to identify hosts on a network and the structure of the
network. - CORRECT ANSWERS ICMP
Which technique could be used by security personnel to analyse a suspicious
file in a safe environment?
sandboxing
blacklisting
baselining
whitelisting
, Navigation Bar - CORRECT ANSWERS sandboxing
Why does HTTPS technology add complexity to network security monitoring?
HTTPS dynamically changes the port number on the web server.
HTTPS conceals data traffic through end-to-end encryption.
HTTPS uses tunneling technology for confidentiality.
HTTPS hides the true source IP address using NAT/PAT. - CORRECT
ANSWERS HTTPS conceals data traffic through end to end encryption
Which type of firewall is a combination of various firewall types?
proxy
packet filtering
stateful
hybrid
Navigation Bar - CORRECT ANSWERS hybrid
What is the first line of defence when an organisation is using a defence-in-
depth approach to network security?
Fundamentals UPDATED Study Guide
QUESTIONS AND CORRECT ANSWERS
Which three technologies should be included in a security information and
event management system in a soc - CORRECT ANSWERS Security
monitoring
Threat intelligence
Vulnerability tracking
How is a source IP address used in a standard ACL? - CORRECT ANSWERS
it is the criterion used to filter traffic
Why is Diffie-Hellman algorithm typically avoided for encrypting data? -
CORRECT ANSWERS The large numbers used by DH make it slow for
bulk data transfers
Which metric class in the CVSS Basic Metric Group identifies the impacts on
Confidentiality, Integrity and Availability? - CORRECT ANSWERS
Impact
How might DNS be used by a threat actor to create mayhem? - CORRECT
ANSWERS Collect personal information and encodes the data in
outgoing DNS queries
Refer to the exhibit. A network security specialist issues the command tcpdump
to capture events. What does the number 6337 indicate? - CORRECT
ANSWERS The process id of the tcpdump command
,What is the responsibility of the human resources department when handling a
security incident? - CORRECT ANSWERS Apply disciplinary measures
if an incident is caused by an employee
Malicious traffic is correctly identified as a threat. (malware) - CORRECT
ANSWERS true positive
Normal traffic is incorrectly identified as a threat. (email) - CORRECT
ANSWERS false positive
Uses a hierarchy of authoritative time sources to send term information between
devices on the network. - CORRECT ANSWERS NTP
Uses UDP port 514 for logging event messages from network devices and
endpoints. - CORRECT ANSWERS Syslog
Used by attackers to identify hosts on a network and the structure of the
network. - CORRECT ANSWERS ICMP
Which technique could be used by security personnel to analyse a suspicious
file in a safe environment?
sandboxing
blacklisting
baselining
whitelisting
, Navigation Bar - CORRECT ANSWERS sandboxing
Why does HTTPS technology add complexity to network security monitoring?
HTTPS dynamically changes the port number on the web server.
HTTPS conceals data traffic through end-to-end encryption.
HTTPS uses tunneling technology for confidentiality.
HTTPS hides the true source IP address using NAT/PAT. - CORRECT
ANSWERS HTTPS conceals data traffic through end to end encryption
Which type of firewall is a combination of various firewall types?
proxy
packet filtering
stateful
hybrid
Navigation Bar - CORRECT ANSWERS hybrid
What is the first line of defence when an organisation is using a defence-in-
depth approach to network security?
