CYberops CCNA UPDATED ACTUAL
Questions and CORRECT Answers
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic
for multiple devices by modifying the IP header.Which technology makes this behavior
possible?
A. encapsulation
B. TOR
C. tunneling
D. NAT - CORRECT ANSWER✔✔- NAT
When communicating via TLS, the client initiates the handshake to the server and the server
responds back with its certificate for identification.Which information is available on the
server certificate?
A. server name, trusted subordinate CA, and private key
B. trusted subordinate CA, public key, and cipher suites
C. trusted CA name, cipher suites, and private key
D. server name, trusted CA, and public key - CORRECT ANSWER✔✔- server name, trusted
CA, and public key
A security engineer has a video of a suspect entering a data center that was captured on the
same day that files in the same data center were transferred to a competitor.Which type of
evidence is this?
A. best evidence
B. prima facie evidence
C. indirect evidence
D. physical evidence - CORRECT ANSWER✔✔- indirect evidence
Which two elements of the incident response process are stated in NIST Special Publication
800-61 r2? (Choose two.)
A detection and analysis
B post-incident activity
C vulnerability management
,D risk assessment
E vulnerability scoring - CORRECT ANSWER✔✔- detection and analysis
post-incident activity
Which utility blocks a host portscan?
A. HIDS
B. sandboxing
C. host-based firewall
D. antimalware - CORRECT ANSWER✔✔- host-based firewall
Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file - CORRECT ANSWER✔✔- opening a malicious file
Refer to the exhibit. What information is depicted
A. IIS data
B. NetFlow data
C. network discovery event
D. IPS event data - CORRECT ANSWER✔✔- NetFlow data
An intruder attempted malicious activity and exchanged emails with a user and received
corporate information, including email distribution lists. The intruder asked the user to
engage with a link in an email. When the fink launched, it infected machines and the intruder
was able to access the corporate network. Which testing method did the intruder use?
A. social engineering
B. eavesdropping
C. piggybacking
D. tailgating - CORRECT ANSWER✔✔- social engineering
, Which type of evidence supports a theory or an assumption that results from initial evidence?
A. probabilistic
B. indirect
C. best
D. corroborative - CORRECT ANSWER✔✔- corroborative
Which regular expression matches "color" and "colour"?
A. colo?ur
B. col[0−8]+our
C. colou?r
D. col[0−9]+our - CORRECT ANSWER✔✔- colou?r
A user received a malicious attachment but did not run it. Which category classifies the
intrusion?
A. weaponization
B. reconnaissance
C. installation
D. delivery - CORRECT ANSWER✔✔- delivery
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
A. context
B. session
C. laptop
D. firewall logs
E. threat actor - CORRECT ANSWER✔✔- context
threat actor
Which process is used when IPS events are removed to improve data integrity?
A. data availability
B. data normalization
Questions and CORRECT Answers
While viewing packet capture data, an analyst sees that one IP is sending and receiving traffic
for multiple devices by modifying the IP header.Which technology makes this behavior
possible?
A. encapsulation
B. TOR
C. tunneling
D. NAT - CORRECT ANSWER✔✔- NAT
When communicating via TLS, the client initiates the handshake to the server and the server
responds back with its certificate for identification.Which information is available on the
server certificate?
A. server name, trusted subordinate CA, and private key
B. trusted subordinate CA, public key, and cipher suites
C. trusted CA name, cipher suites, and private key
D. server name, trusted CA, and public key - CORRECT ANSWER✔✔- server name, trusted
CA, and public key
A security engineer has a video of a suspect entering a data center that was captured on the
same day that files in the same data center were transferred to a competitor.Which type of
evidence is this?
A. best evidence
B. prima facie evidence
C. indirect evidence
D. physical evidence - CORRECT ANSWER✔✔- indirect evidence
Which two elements of the incident response process are stated in NIST Special Publication
800-61 r2? (Choose two.)
A detection and analysis
B post-incident activity
C vulnerability management
,D risk assessment
E vulnerability scoring - CORRECT ANSWER✔✔- detection and analysis
post-incident activity
Which utility blocks a host portscan?
A. HIDS
B. sandboxing
C. host-based firewall
D. antimalware - CORRECT ANSWER✔✔- host-based firewall
Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file - CORRECT ANSWER✔✔- opening a malicious file
Refer to the exhibit. What information is depicted
A. IIS data
B. NetFlow data
C. network discovery event
D. IPS event data - CORRECT ANSWER✔✔- NetFlow data
An intruder attempted malicious activity and exchanged emails with a user and received
corporate information, including email distribution lists. The intruder asked the user to
engage with a link in an email. When the fink launched, it infected machines and the intruder
was able to access the corporate network. Which testing method did the intruder use?
A. social engineering
B. eavesdropping
C. piggybacking
D. tailgating - CORRECT ANSWER✔✔- social engineering
, Which type of evidence supports a theory or an assumption that results from initial evidence?
A. probabilistic
B. indirect
C. best
D. corroborative - CORRECT ANSWER✔✔- corroborative
Which regular expression matches "color" and "colour"?
A. colo?ur
B. col[0−8]+our
C. colou?r
D. col[0−9]+our - CORRECT ANSWER✔✔- colou?r
A user received a malicious attachment but did not run it. Which category classifies the
intrusion?
A. weaponization
B. reconnaissance
C. installation
D. delivery - CORRECT ANSWER✔✔- delivery
Which two elements are assets in the role of attribution in an investigation? (Choose two.)
A. context
B. session
C. laptop
D. firewall logs
E. threat actor - CORRECT ANSWER✔✔- context
threat actor
Which process is used when IPS events are removed to improve data integrity?
A. data availability
B. data normalization
