Sunday, January 6, 2019

CyberOps SECFND (210-250) Certification Practice Exam Answers

SECFND (210-250) Certification Practice Exam
Grade Score 95%

1.Which attack surface, defined by the SANS Institute, is delivered through the exploitation of vulnerabilities in web, cloud, or host-based applications?

2.Which security management plan specifies a component that involves tracking the location and configuration of networked devices and software across an enterprise?
patch management
asset management
risk management
vulnerability management

3.Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs?
social engineering
denial of service

4.Refer to the exhibit. Which technology would contain information similar to the data shown for infrastructure devices within a company?
syslog server
Apache server

5.Refer to the exhibit. A network administrator has written a standard access control list to prevent packets from the LAN from reaching the restricted LAN while permiting traffic from any other LAN. On what interface and in which direction should the access list be implemented on router R1?
interface G0/2 inbound
interface G0/2 outbound
interface G0/1 outbound
interface G0/0 inbound

6.Which two algorithms use a hashing function to ensure message integrity? (Choose two.)
7.What is a feature of an IPS?
It can stop malicious packets.
It has no impact on latency.
It is primarily focused on identifying possible incidents.
It is deployed in offline mode.

8.Refer to the exhibit. A security analyst is reviewing an alert message generated by Snort. What does the number 2100498 in the message indicate?
the id of the user that triggers the alert
the session number of the message
the message length in bits
the Snort rule that is triggered

9.Which Windows application is commonly used by a cybersecurity analyst to view Microsoft IIS access logs?
Event Viewer

10.Which security endpoint setting would be used by a security analyst to determine if a computer has been configured to prevent a particular application from running?

11.Which type of data is used by Cisco Cognitive Threat Analytics to find malicious activity that has bypassed security controls, or entered through unmonitored channels, and is operating inside an enterprise network?

12.Which two protocols are associated with the transport layer? (Choose two.)

13.Which type of firewall is a combination of various firewall types?
packet filtering

14.Refer to the exhibit. A user reports that resources can no longer be reached on the local network nor on the internet. A cybersecurity analyst investigates the issue by reviewing the routing table of the PC in question. What is the reason for the problem reported by the user?
incorrect subnet mask
incorrect host IP address
incorrect default gateway
incorrect route metric

15.What is an example of privilege escalation attack?
A DDoS attack is launched against a government server and causes the server to crash.
A threat actor performs an access attack and gains the administrator password.
A threat actor sends an email to an IT manager to request the root access.
A port scanning attack finds that the FTP service is running on a server that allows anonymous access.

16.What is the first line of defense when an organization is using a defense-in-depth approach to network security?
proxy server
edge router

17.Which technique could be used by security personnel to analyze a suspicious file in a safe environment?

18.What are two examples of DoS attacks? (Choose two.)
SQL injection
port scanning
buffer overflow
ping of death

19.What is the main goal of using different evasion techniques by threat actors?
to launch DDoS attacks on targets
to prevent detection by network and host defenses
to gain the trust of a corporate employee in an effort to obtain credentials
to identify vulnerabilities of target systems

20.Which data security component is provided by hashing algorithms?
key exchange

21.Which statement describes the function provided by the Tor network?
It distributes user packets through load balancing.
It conceals packet contents by establishing end-to-end tunnels.
It allows users to browse the Internet anonymously.
It manipulates packets by mapping IP addresses between two networks.

22.A user receives an email requesting verification of the password that is used to access bank files. What type of security threat is this?
social engineering

23.Which type of event is logged in Cisco Next-Generation IPS devices (NGIPS) using FirePOWER Services when changes have been detected in the monitored network?
network discovery
host or endpoint

24.Which risk management plan involves discontinuing an activity that creates a risk?
risk sharing
risk reduction
risk avoidance
risk retention

25.Which access control model applies the strictest access control and is often used in military and mission critical applications?

26.What technology supports asymmetric key encryption used in IPsec VPNs?

27.Why does HTTPS technology add complexity to network security monitoring?
HTTPS conceals data traffic through end-to-end encryption.
HTTPS uses tunneling technology for confidentiality.
HTTPS dynamically changes the port number on the web server.
HTTPS hides the true source IP address using NAT/PAT.

28.To which category of security attacks does man-in-the-middle belong?
social engineering

29.Refer to the exhibit. A security analyst is reviewing the logs of an Apache web server. Which action should the analyst take based on the output shown?
Notify the appropriate security administration for the country.
Notify the server administrator.
Restart the server.
Ignore the message.

30.What are three benefits of using symbolic links over hard links in Linux? (Choose three.)
They can link to a directory.
Symbolic links can be exported.
They can link to a file in a different file system.
They can be encrypted.
They can show the location of the original file.
They can be compressed.

31.Refer to the exhibit. Approximately what percentage of the physical memory is still available on this Windows system?

32.What is an example of a local exploit?
A buffer overflow attack is launched against an online shopping website and causes the server crash.
A threat actor tries to gain the user password of a remote host by using a keyboard capture software installed on it by a Trojan.
Port scanning is used to determine if the Telnet service is running on a remote server.
A threat actor performs a brute force attack on an enterprise edge router to gain illegal access.

33.How can NAT/PAT complicate network security monitoring if NetFlow is being used?
It disguises the application initiated by a user by manipulating port numbers.
It changes the source and destination MAC addresses.
It hides internal IP addresses by allowing them to share one or a few outside IP addresses.
It conceals the contents of a packet by encrypting the data payload.

34.What is an action that should be taken in the discovery step of the vulnerability management life cycle?
developing a network baseline
assigning business value to assets
documenting the security plan
determining a risk profile

35.Which tool captures full data packets with a command-line interface only?

36.Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?

37.What is a key difference between the data captured by NetFlow and data captured by Wireshark?
NetFlow collects metadata from a network flow whereas Wireshark captures full data packets.
NetFlow provides transaction data whereas Wireshark provides session data.
NetFlow data shows network flow contents whereas Wireshark data shows network flow statistics.
NetFlow data is analyzed by tcpdump whereas Wireshark data is analyzed by nfdump.

38.A security professional is making recommendations to a company for enhancing endpoint security. Which security endpoint technology would be recommended as an agent-based system to protect hosts against malware?

39.Which Windows tool can be used by a cybersecurity administrator to secure stand-alone computers that are not part of an active directory domain?
Windows Firewall
Local Security Policy
Windows Defender

40.Which firewall application runs on a Linux host and allows an administrator to configure network access rules as part of the Linux kernel?
TCP Wrapper

41.Which security function is provided by encryption algorithms?
key management

42.What is a purpose of implementing VLANs on a network?
They prevent Layer 2 loops.
They allow switches to forward Layer 3 packets without a router.
They eliminate network collisions.
They can separate user traffic.

43.What is the principle behind the nondiscretionary access control model?
It allows users to control access to their data as owners of that data.
It allows access based on attributes of the object be to accessed.
It applies the strictest access control possible.
It allows access decisions to be based on roles and responsibilities of a user within the organization.

44.What is the benefit of a defense-in-depth approach?
All network vulnerabilities are mitigated.
The effectiveness of other security measures is not impacted when a security mechanism fails.
Only a single layer of security at the network core is required.
The need for firewalls is eliminated.

45.Which attack is integrated with the lowest levels of the operating system of a host and attempts to completely hide the activities of the threat actor on the local system?
encryption and tunneling
traffic insertion
traffic substitution

46.Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)
port scanning
port redirection
cross-site scripting
SQL injection
trust exploitation

47.Which evasion method describes the situation that after gaining access to the administrator password on a compromised host, a threat actor is attempting to login to another host using the same credentials?
protocol-level misinterpretation
resource exhaustion
traffic substitution

48.What is a feature of asymmetrical encryption?
It encrypts bulk data quickly.
Different keys are used to encrypt and decrypt data.
Key lengths are short.
It requires fewer computations than symmetric encryption requires.

49.What is the function of ARP?
provides automatic IP address assignments to hosts
resolves domain names to IP addresses
sends error and operational information messages to hosts
maps IPv4 addresses to MAC addresses

50.Refer to the exhibit. A cybersecurity analyst is viewing captured packets forwarded on switch S1. Which device is the source of the captured packet?
ISP router
DNS server
DG router
web server

51Which network service is used by clients to resolve the IP address of a domain name?

52.A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?
arp -a
netstat -r
route print
ipconfig /all

53.Which access control model allows users to control access to data as an owner of that data?
discretionary access control
nondiscretionary access control
attribute-based access control
mandatory access control

54.A piece of malware has gained access to a workstation and issued a DNS lookup query to a CnC server. What is the purpose of this attack?
to masquerade the IP address of the workstation
to check the domain name of the workstation
to send stolen sensitive data with encoding
to request a change of the IP address

55.After complaints from users, a technician identifies that the college web server is running very slowly. A check of the server reveals that there are an unusually large number of TCP requests coming from multiple locations on the Internet. What is the source of the problem?
The server is infected with a virus.
A DDoS attack is in progress.
There is a replay attack in progress.
There is insufficient bandwidth to connect to the server.