CyberOps Associate 1.02 & CA v1.0 Modules 18 – 20: Network Defense Group Exam Answers Full 100% 2023 2024
These are both versions of NetAcad Cisco CA 1.02 and CyberOps Associate (Version 1.0) – Modules 18 – 20: Network Defense Group Exam Full 100% in 2023 and 2024 verified by experts with explanations and hints.
CyberOps - Associate 1.0 & 1.01 | |
Final Exam Answers | |
This Modules 18 - 20 | |
Modules 18 - 20 Exam Answers | Online Test |
Next Modules 21 - 23 | |
Modules 21 - 23 Exam Answers | Online Test |
-
Which AAA component can be established using token cards?
- accounting
- authorization
- auditing
- authentication
Answers Explanation & Hints: The authentication component of AAA is established using username and password combinations, challenge and response questions, and token cards. The authorization component of AAA determines which resources the user can access and which operations the user is allowed to perform. The accounting and auditing component of AAA keeps track of how network resources are used.
-
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
- integrity
- scalability
- availability
- confidentiality
Answers Explanation & Hints: Confidentiality ensures that data is accessed only by authorized individuals. Authentication will help verify the identity of the individuals.
-
When a security audit is performed at a company, the auditor reports that new users have access to network resources beyond their normal job roles. Additionally, users who move to different positions retain their prior permissions. What kind of violation is occurring?
- network policy
- least privilege
- audit
- password
Answers Explanation & Hints: Users should have access to information on a need to know basis. When a user moves from job role to job role, the same concept applies.
-
Passwords, passphrases, and PINs are examples of which security term?
- identification
- authorization
- authentication
- access
Answers Explanation & Hints: Authentication methods are used to strengthen access control systems. It is important to understand the available authentication methods.
-
Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?
- attribute-based access control (ABAC)
- discretionary access control (DAC)
- mandatory access control (MAC)
- Non-discretionary access control
Answers Explanation & Hints: Access control models are used to define the access controls implemented to protect corporate IT resources. The different types of access control models are as follows:Mandatory access control (MAC) – The strictest access control that is typically used in military or mission critical applications.
Discretionary access control (DAC) – Allows users to control access to their data as owners of that data. Access control lists (ACLs) or other security measures may be used to specify who else may have access to the information.
Non-discretionary access control – Also known as role-based access control (RBAC). Allows access based on the role and responsibilities of the individual within the organization.
Attribute-based access control (ABAC) – Allows access based on the attributes of the resource to be accessed, the user accessing the resource, and the environmental factors such as the time of day.
-
What is the principle behind the nondiscretionary access control model?
- It applies the strictest access control possible.
- It allows access decisions to be based on roles and responsibilities of a user within the organization.
- It allows users to control access to their data as owners of that data.
- It allows access based on attributes of the object be to accessed.
Answers Explanation & Hints: The nondiscretionary access control model used the roles and responsibilities of the user as the basis for access decisions.
-
Match the information security component with the description.
Explanation & Hint: - Confidentiality: Ensuring that data is accessible only to those with the required authorization. It matches the description “Only authorized individuals, entities, or processes can access sensitive information.”
- Integrity: Protecting data from unauthorized changes to ensure that it is reliable and correct. It corresponds to the description “Data is protected from unauthorized alteration.”
- Availability: Ensuring that information is available to authorized users when needed. This matches the description “Authorized users must have uninterrupted access to important resources and data.”
These three principles are often referred to as the CIA triad in information security.
-
When designing a prototype network for a new server farm, a network designer chooses to use redundant links to connect to the rest of the network. Which business goal will be addressed by this choice?
- security
- scalability
- availability
- manageability
Answers Explanation & Hints: Availability is one of the components of information security where authorized users must have uninterrupted access to important resources and data.
-
Which component of the zero trust security model focuses on secure access when an API, a microservice, or a container is accessing a database within an application?
- workforce
- workflow
- workload
- workplace
Answers Explanation & Hints: The workload pillar focuses on applications that are running in the cloud, in data centers, and other virtualized environments that interact with one another. It focuses on secure access when an API, a microservice, or a container is accessing a database within an application.
-
What is the purpose of the network security accounting function?
- to require users to prove who they are
- to determine which resources a user can access
- to keep track of the actions of a user
- to provide challenge and response questions
Answers Explanation & Hints: Authentication, authorization, and accounting are network services collectively known as AAA. Authentication requires users to prove who they are. Authorization determines which resources the user can access. Accounting keeps track of the actions of the user.
-
What are two characteristics of the RADIUS protocol? (Choose two.)
- encryption of the entire body of the packet
- the use of TCP port 49
- the use of UDP ports for authentication and accounting
- encryption of the password only
- the separation of the authentication and authorization processes
Answers Explanation & Hints: RADIUS is an open-standard AAA protocol using UDP port 1645 or 1812 for authentication and UDP port 1646 or 1813 for accounting. It combines authentication and authorization into one process.
-
Which term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it?
- authentication
- authorization
- accounting
- assigning permissions
Answers Explanation & Hints: Accounting records what users do and when they do it, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Accounting keeps track of how network resources are used.
-
In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks? (Choose three.)
- assets that need protection
- location of attacker or attackers
- threats to assets
- total number of devices that attach to the wired and wireless network
- vulnerabilities in the system
- past security breaches
Answers Explanation & Hints: In order to prepare for a security attack, IT security personnel must identify assets that need to be protected such as servers, routers, access points, and end devices. They must also identify potential threats to the assets and vulnerabilities in the system or design.
-
Match the term to the description.
Explanation & Hint: - Assets: These are the information or equipment valuable enough to an organization to warrant protection. They could include things like data, hardware, software, infrastructure, and personnel.
- Threats: These are potential dangers to a protected asset. Threats can be intentional, like cyber attacks, or unintentional, like natural disasters or human error.
- Vulnerabilities: These are weaknesses in a system or design that could be exploited by threats to cause harm or unauthorized access.
-
What is a characteristic of a layered defense-in-depth security approach?
- Three or more devices are used.
- Routers are replaced with firewalls.
- When one device fails, another one takes over.
- One safeguard failure does not affect the effectiveness of other safeguards.
Answers Explanation & Hints: When a layered defense-in-depth security approach is used, layers of security are placed through the organization—at the edge, within the network, and on endpoints. The layers work together to create the security architecture. In this environment, a failure of one safeguard does not affect the effectiveness of other safeguards.
-
What is the first line of defense when an organization is using a defense-in-depth approach to network security?
- IPS
- edge router
- firewall
- proxy server
Answers Explanation & Hints: A defense-in-depth approach uses layers of security measures starting at the network edge, working through the network, and finally ending at the network endpoints. Routers at the network edge are the first line of defense and forward traffic intended for the internal network to the firewall.
-
What is the benefit of a defense-in-depth approach?
- The effectiveness of other security measures is not impacted when a security mechanism fails.
- The need for firewalls is eliminated.
- All network vulnerabilities are mitigated.
- Only a single layer of security at the network core is required.
Answers Explanation & Hints: The benefit of the defense-in-depth approach is that network defenses are implemented in layers so that failure of any single security mechanism does not impact other secuirty measures.
-
Why is asset management a critical function of a growing organization against security threats?
- It serves to preserve an audit trail of all new purchases.
- It identifies the ever increasing attack surface to threats.
- It prevents theft of older assets that are decommissioned.
- It allows for a build of a comprehensive AUP.
Answers Explanation & Hints: Asset management is a critical component of a growing organization from a security aspect. Asset management consists of inventorying all assets, and then developing and implementing policies and procedures to protect them. As an organization grows, so does the attack surface in terms of security threats. Each of these assets can attract different threat actors who have different skill levels and motivations. Asset management can help mitigate these threats by inventorying the risks as the attack surface grows.
-
What is a characteristic of the security artichoke, defense-in-depth approach?
- Each layer has to be penetrated before the threat actor can reach the target data or system.
- Threat actors no longer have to peel away each layer before reaching the target data or system.
- Threat actors can no longer penetrate any layers safeguarding the data or system.
- Threat actors can easily compromise all layers safeguarding the data or systems.
Answers Explanation & Hints: In the security artichoke, defense-in-depth approach not every layer needs to be penetrated by the threat actor in order to get to the data or systems. Each layer provides a layer of protection while simultaneously providing a path to attack.
-
Match the type of business policy to the description.
Explanation & Hint: - Security Policy: This policy usually defines system requirements and objectives, rules, and requirements for users when they attach to or on the network. It’s designed to protect the integrity, confidentiality, and availability of data.
- Employee Policy: This type of policy often protects the rights of workers and the company interests. It outlines the responsibilities of employees and the expectations the company has for them, as well as what they can expect from the company.
- Company Policy: This may refer to a broader set of guidelines that can include various aspects like identifies salary, pay schedule, benefits, work schedule, vacations, etc. It’s essentially a comprehensive policy that covers a wide range of employee-related company procedures and rules.
-
Which two options are security best practices that help mitigate BYOD risks? (Choose two.)
- Use wireless MAC address filtering.
- Decrease the wireless antenna gain level.
- Keep the device OS and software updated.
- Only turn on Wi-Fi when using the wireless network.
- Only allow devices that have been approved by the corporate IT team.
- Use paint that reflects wireless signals and glass that prevents the signals from going outside the building.
Answers Explanation & Hints: Many companies now support employees and visitors attaching and using wireless devices that connect to and use the corporate wireless network. This practice is known as a bring-your-own-device policy or BYOD. Commonly, BYOD security practices are included in the security policy. Some best practices that mitigate BYOD risks include the following:Use unique passwords for each device and account.
Turn off Wi-Fi and Bluetooth connectivity when not being used. Only connect to trusted networks.
Keep the device OS and other software updated.
Backup any data stored on the device.
Subscribe to a device locator service with a remote wipe feature.
Provide antivirus software for approved BYODs.
Use Mobile Device Management (MDM) software that allows IT teams to track the device and implement security settings and software controls.
-
What is the purpose of mobile device management (MDM) software?
- It is used to create a security policy.
- It is used by threat actors to penetrate the system.
- It is used to identify potential mobile device vulnerabilities.
- It is used to implement security policies, setting, and software configurations on mobile devices.
Answers Explanation & Hints: Mobile device management (MDM) software is used with mobile devices so that corporate IT personnel can track the devices, implement security settings, as well as control software configurations.
-
What does the incident handling procedures security policy describe?
- It describes the procedure for auditing the network after a cyberattack.
- It describes the procedure for mitigating cyberattacks.
- It describes how security incidents are handled.
- It describes how to prevent various cyberattacks.
Answers Explanation & Hints: The incident handling procedures security policy describes how security incidents are handled.
-
What three goals does a BYOD security policy accomplish? (Choose three.)
- identify safeguards to put in place if a device is compromised
- describe the rights to access and activities permitted to security personnel on the device
- identify a list of websites that users are not permitted to access
- identify and prevent all heuristic virus signatures
- identify which employees can bring their own devices
- identify all malware signatures and synchronize them across corporate databases
Answers Explanation & Hints: A comprehensive BYOD policy should accomplish the following:
Identification of which employees can bring their own devices
Identification of which devices will be supported
Identification of the level of access employees are granted when using personal devices
Describe the rights to access and activities permitted to security personnel on the device
Identification of which regulations must be adhered to when using employee devices
Identification of safeguards to put in place if a device is compromised
-
How does AIS address a newly discovered threat?
- by enabling real-time exchange of cyberthreat indicators with U.S. Federal Government and the private sector
- by creating response strategies against the new threat
- by advising the U.S. Federal Government to publish internal response strategies
- by mitigating the attack with active response defense mechanisms
Answers Explanation & Hints: AIS responds to a new threat as soon as it is recognized by immediately sharing it with U.S. Federal Government and the private sector to help them protect their networks against that particular threat.
-
What is the primary purpose of the Forum of Incident Response and Security Teams (FIRST)?
- to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction strategies
- to provide vendor neutral education products and career services to industry professionals worldwide
- to offer 24×7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident response
- to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities
Answers Explanation & Hints: The primary purpose of the Forum of Incident Response and Security Teams (FIRST) is to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction between the teams.
-
What is the primary function of the Center for Internet Security (CIS)?
- to provide vendor-neutral education products and career services to industry professionals worldwide
- to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities
- to maintain a list of common vulnerabilities and exposures (CVE) used by security organizations
- to offer 24×7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident responses
Answers Explanation & Hints: CIS offers 24×7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident responses to state, local, tribal, and territorial (SLTT) governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC).
-
How does FireEye detect and prevent zero-day attacks?
- by keeping a detailed analysis of all viruses and malware
- by establishing an authentication parameter prior to any data exchange
- by only accepting encrypted data packets that validate against their configured hash values
- by addressing all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis
Answers Explanation & Hints: FireEye uses a three-pronged approach combining security intelligence, security expertise, and technology. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats.
-
Which organization defines unique CVE Identifiers for publicly known information-security vulnerabilities that make it easier to share data?
- Cisco Talos
- MITRE
- FireEye
- DHS
Answers Explanation & Hints: The United States government sponsored the MITRE Corporation to create and maintain a catalog of known security threats called Common Vulnerabilities and Exposures (CVE). The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.
-
Which statement describes Trusted Automated Exchange of Indicator Information (TAXII)?
- It is a dynamic database of real-time vulnerabilities.
- It is a set of specifications for exchanging cyber threat information between organizations.
- It is a signature-less engine utilizing stateful attack analysis to detect zero-day threats.
- It is the specification for an application layer protocol that allows the communication of CTI over HTTPS.
Answers Explanation & Hints: Trusted Automated Exchange of Indicator Information (TAXII) is the specification for an application layer protocol that allows the communication of CTI over HTTPS. TAXII is designed to support Structured Threat Information Expression (STIX).
-
What is CybOX?
- It is a specification for an application layer protocol that allows the communication of CTI over HTTPS.
- It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations.
- It is a catalog of known security threats called Common Vulnerabilities and Exposures (CVE) for publicly known cybersecurity vulnerabilities.
- It enables the real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector.
Answers Explanation & Hints: CybOX is a set of open standards that provide the specifications that aid in the automated exchange of cyberthreat intelligence information in a standardized format. It is a set of standardized schemata for specifying, capturing, characterizing, and communicating events and properties of network operations that support many cybersecurity functions.
-
What is the primary purpose of the Malware Information Sharing Platform (MISP) ?
- to exchange all the response mechanisms to known threats
- to publish all informational materials on known and newly discovered cyberthreats
- to enable automated sharing of IOCs between people and machines using the STIX and other exports formats
- to provide a set of standardized schemata for specifying and capturing events and properties of network operations
Answers Explanation & Hints: Malware Information Sharing Platform (MISP) is an open source platform that enables automated sharing of IOCs between people and machines using the STIX and other exports formats.
-
Match the threat intelligence sharing standards with the description.
Explanation & Hint: - STIX (Structured Threat Information eXpression): STIX is a language for describing cyber threat information in a standardized and structured manner.
- TAXII (Trusted Automated eXchange of Indicator Information): TAXII defines a set of services and message exchanges that enable sharing of actionable cyber threat information across organization and product/service boundaries. It is the protocol for the communication of CTI (Cyber Threat Intelligence).
- CybOX (Cyber Observable eXpression): CybOX is a standardized language for specifying, capturing, characterizing, and communicating events and properties of network operations.
CyberOps - Associate 1.0 & 1.01 | |
Final Exam Answers | |
This Modules 18 - 20 | |
Modules 18 - 20 Exam Answers | Online Test |
Next Modules 21 - 23 | |
Modules 21 - 23 Exam Answers | Online Test |