CyberOps Associate 1.0 Final Exam Questions with Correct Answers
8 views 0 purchase
Course
Cyber Ops Certification
Institution
Cyber Ops Certification
What are two problems that can be caused by a large number of ARP request and reply messages? (Choose two.) 1) All ARP request messages must be processed by all nodes on the local network.
2) The ARP request is sent as a broadcast, and will flood the entire subnet.
Refer to the exhibit. Which...
CyberOps Associate 1.0 Final Exam
Questions with Correct Answers
What are two problems that can be caused by a large number of ARP request and reply
messages? (Choose two.) ✅1) All ARP request messages must be processed by all
nodes on the local network.
2) The ARP request is sent as a broadcast, and will flood the entire subnet.
Refer to the exhibit. Which field in the Sguil application window indicates the priority of
an event or set of correlated events? ✅ST
Match the job titles to SOC personnel positions. (Not all options are used.) ✅Tier 1
Alert Analyst —> monitors incoming alerts & verifies that a true incident has occured
Tier 2 Incident Responder -> involved in deep investigation of incident
Tier 3 Subject Matter Expert -> involved in hunting for potential threads & implements
thread detection tools
If the default gateway is configured incorrectly on the host, what is the impact on
communications? ✅The host can communicate with other hosts on the local network,
but is unable to communicate with hosts on remote networks.
When a connectionless protocol is in use at a lower layer of the OSI model, how is
missing data detected and retransmitted if necessary? ✅Upper -layer connection -
oriented protocols keep track of the data received and can request retransmission from
the upper -level protocols on the sending host.
What is the prefix length notation for the subnet mask 255.255.255.224? ✅/27
Which network monitoring tool saves captured network frames in PCAP files?
✅Wireshark
What is the TCP mechanism used in congestion avoidance? ✅sliding window
What is the Internet? ✅It provides connections through interconnected global
networks.
Which protocol is used by the traceroute command to send and receive echo -requests
and echo -replies? ✅ICMP
1 / 3
What are two ICMPv6 messages that are not present in ICMP for IPv4? (Choose two.)
✅1) Neighbor Solicitation
2) Router Advertisement
What are two monitoring tools that capture network traffic and forward it to network
monitoring devices? (Choose two.) ✅1) SPAN
2) network tap
Which network monitoring tool is in the category of network protocol analyzers?
✅Wireshark
Based on the command output shown, which file permission or permissions have been
assigned to the other user group for the data.txt file? ✅read
What are three benefits of using symbolic links over hard links in Linux? (Choose three.)
✅1) They can link to a directory.
2) They can link to a file in a different file system.
3) They can show the location of the original file.
A network security specialist is tasked to implement a security measure that monitors
the status of critical files in the data center and sends an immediate alert if any file is
modified. Which aspect of secure communications is addressed by this security
measure? ✅data integrity
A network administrator is configuring an AAA server to manage TACACS+
authentication. What are two attributes of TACACS+ authentication? (Choose two.)
✅1) encryption for all communication
2) separate processes for authentication and authorization
In an attempt to prevent network attacks, cyber analysts share unique identifiable
attributes of known attacks with colleagues. What three types of attributes or indicators
of compromise are helpful to share? (Choose three.) ✅1) IP addresses of attack
servers
2) changes made to end system software
3) features of malware files
Which two types of messages are used in place of ARP for address resolution in IPv6?
(Choose two.) ✅1) neighbor solicitation
2 / 3
2) neighbor advertisement
What is indicated by a true negative security alert classification? ✅Normal traffic is
correctly ignored and erroneous alerts are not being issued.
Normal traffic is correctly ignored and erroneous alerts are not being issued. ✅It
compares the behavior of a host to an established baseline to identify potential
intrusions.
Match the description to the antimalware approach. (Not all options are used.)
✅signature -based - by recognizing various characteristics of known malware files
heuristics -based - by recognizing general features shared by various types of malware
behavior -based - through analysis of suspicious activities
Which two protocols are associated with the transport layer? (Choose two.) ✅1) UDP
2) TCP
A network administrator is creating a network profile to generate a network baseline.
What is included in the critical asset address space element? ✅the IP addresses or
the logical location of essential systems or data
What are the three impact metrics contained in the CVSS 3.0 Base Metric Group?
(Choose three.) ✅1) confidentiality
2) integrity
3) availability
What is a characteristic of DNS? ✅DNS servers can cache recent queries to reduce
DNS query traffic.
What are two differences between HTTP and HTTP/2? (Choose two.) ✅1) HTTP/2
uses a compressed header to reduce bandwidth requirements.
2) HTTP/2 uses multiplexing to support multiple streams and enhance efficiency.
A router has received a packet destined for a network that is in the routing table. What
steps does the router perform to send this packet on its way? Match the step to the task
performed by the router. ✅1) Both are deployed as sensors.
2) Both use signatures to detect malicious traffic. Powered by TCPDF (www.tcpdf.org)
3 / 3
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller twishfrancis. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.
