Last Updated on June 5, 2019 by Admin
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 8 Exam Online 2019
CCNA CyberOps 1.1 -- Chapter 8 Exam
Quiz-summary
0 of 21 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
Information
CCNA CyberOps 1.1 -- Chapter 8 Exam
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 21 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- Answered
- Review
-
Question 1 of 21
1. Question
3 pointsIn a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks? (Choose three.)Correct
Incorrect
In order to prepare for a security attack, IT security personnel must identify assets that need to be protected such as servers, routers, access points, and end devices. They must also identify potential threats to the assets and vulnerabilities in the system or design.
Hint
In order to prepare for a security attack, IT security personnel must identify assets that need to be protected such as servers, routers, access points, and end devices. They must also identify potential threats to the assets and vulnerabilities in the system or design. -
Question 2 of 21
2. Question
2 pointsWhich two areas must an IT security person understand in order to identify vulnerabilities on a network? (Choose two.)Correct
Incorrect
In order to identify security vulnerabilities, a cybersecurity expert must understand the applications being used and their associated vulnerabilities, as well as the hardware used.
Hint
In order to identify security vulnerabilities, a cybersecurity expert must understand the applications being used and their associated vulnerabilities, as well as the hardware used. -
Question 3 of 21
3. Question
1 pointsWhich device is usually the first line of defense in a layered defense-in-depth approach?Correct
Incorrect
The edge router connects an organization to a service provider. The edge router has a set of rules that specify which traffic is allowed or denied.
Hint
The edge router connects an organization to a service provider. The edge router has a set of rules that specify which traffic is allowed or denied. -
Question 4 of 21
4. Question
1 pointsHow does BYOD change the way in which businesses implement networks?Correct
Incorrect
A BYOD environment requires an organization to accommodate a variety of devices and access methods. Personal devices, which are not under company control, may be involved, so security is critical. Onsite hardware costs will be reduced, allowing a business to focus on delivering collaboration tools and other software to BYOD users.
Hint
A BYOD environment requires an organization to accommodate a variety of devices and access methods. Personal devices, which are not under company control, may be involved, so security is critical. Onsite hardware costs will be reduced, allowing a business to focus on delivering collaboration tools and other software to BYOD users. -
Question 5 of 21
5. Question
1 pointsWhat component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?Correct
Incorrect
Security policies specify requirements and provide a baseline for organizations. Security policies may include the following: Identification and authentication policies that specify authorized individuals that have access to network resources and verification procedures Password policies that ensure minimum requirements are met and authentication methods are being enforced and updated Remote access policies that identify how remote users can access a network and to what they are allowed to connect Acceptable use policies that identify network applications and network usage that are allowed within the organization
Hint
Security policies specify requirements and provide a baseline for organizations. Security policies may include the following: Identification and authentication policies that specify authorized individuals that have access to network resources and verification procedures Password policies that ensure minimum requirements are met and authentication methods are being enforced and updated Remote access policies that identify how remote users can access a network and to what they are allowed to connect Acceptable use policies that identify network applications and network usage that are allowed within the organization -
Question 6 of 21
6. Question
1 pointsWhich section of a security policy is used to specify that only authorized individuals should have access to enterprise data?Correct
Incorrect
The identification and authentication policy section of the security policy typically specifies authorized persons that can have access to network resources and identity verification procedures.
Hint
The identification and authentication policy section of the security policy typically specifies authorized persons that can have access to network resources and identity verification procedures. -
Question 7 of 21
7. Question
3 pointsWhat three items are components of the CIA triad? (Choose three.)Correct
Incorrect
The CIA triad contains three components: confidentiality, integrity, and availability. It is a guideline for information security for an organization.
Hint
The CIA triad contains three components: confidentiality, integrity, and availability. It is a guideline for information security for an organization. -
Question 8 of 21
8. Question
1 pointsWhat is the purpose of mobile device management (MDM) software?Correct
Incorrect
Mobile device management (MDM) software is used with mobile devices so that corporate IT personnel can track the devices, implement security settings, as well as control software configurations.
Hint
Mobile device management (MDM) software is used with mobile devices so that corporate IT personnel can track the devices, implement security settings, as well as control software configurations. -
Question 9 of 21
9. Question
1 pointsA web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?Correct
Incorrect
Confidentiality ensures that data is accessed only by authorized individuals. Authentication will help verify the identity of the individuals.
Hint
Confidentiality ensures that data is accessed only by authorized individuals. Authentication will help verify the identity of the individuals. -
Question 10 of 21
10. Question
1 pointsA company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?Correct
Incorrect
Availability ensures that network services are accessible and performing well under all conditions. By load balancing the traffic destined to the main web servers, in times of a huge volume of visits the systems will be well managed and serviced.
Hint
Availability ensures that network services are accessible and performing well under all conditions. By load balancing the traffic destined to the main web servers, in times of a huge volume of visits the systems will be well managed and serviced. -
Question 11 of 21
11. Question
1 pointsWhich type of access control applies the strictest access control and is commonly used in military or mission critical applications?Correct
Incorrect
Access control models are used to define the access controls implemented to protect corporate IT resources. The different types of access control models are as follows:Mandatory access control (MAC) – The strictest access control that is typically used in military or mission critical applications. Discretionary access control (DAC) – Allows users to control access to their data as owners of that data. Access control lists (ACLs) or other security measures may be used to specify who else may have access to the information. Non-discretionary access control – Also known as role-based access control (RBAC). Allows access based on the role and responsibilities of the individual within the organization. Attribute-based access control (ABAC) – Allows access based on the attributes of the resource to be accessed, the user accessing the resource, and the environmental factors such as the time of day.
Hint
Access control models are used to define the access controls implemented to protect corporate IT resources. The different types of access control models are as follows:Mandatory access control (MAC) – The strictest access control that is typically used in military or mission critical applications. Discretionary access control (DAC) – Allows users to control access to their data as owners of that data. Access control lists (ACLs) or other security measures may be used to specify who else may have access to the information. Non-discretionary access control – Also known as role-based access control (RBAC). Allows access based on the role and responsibilities of the individual within the organization. Attribute-based access control (ABAC) – Allows access based on the attributes of the resource to be accessed, the user accessing the resource, and the environmental factors such as the time of day. -
Question 12 of 21
12. Question
1 pointsWhich method is used to make data unreadable to unauthorized users?Correct
Incorrect
Network data can be encrypted using various cryptography applications so that the data is made unreadable to unauthorized users. Authorized users have the cryptography application so the data can be unencrypted.
Hint
Network data can be encrypted using various cryptography applications so that the data is made unreadable to unauthorized users. Authorized users have the cryptography application so the data can be unencrypted. -
Question 13 of 21
13. Question
1 pointsWhat is the principle of least privilege access control model?Correct
Incorrect
The principle of least privilege is an access control model that specifies a limited and as-needed approach to user access to data.
Hint
The principle of least privilege is an access control model that specifies a limited and as-needed approach to user access to data. -
Question 14 of 21
14. Question
1 pointsA company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?Correct
Incorrect
After a user is successfully authenticated (logged into the server), the authorization is the process of determining what network resources the user can access and what operations (such as read or edit) the user can perform.
Hint
After a user is successfully authenticated (logged into the server), the authorization is the process of determining what network resources the user can access and what operations (such as read or edit) the user can perform. -
Question 15 of 21
15. Question
1 pointsWhich statement describes a difference between RADIUS and TACACS+?Correct
Incorrect
TACACS+ uses TCP, encrypts the entire packet (not just the password), and separates authentication and authorization into two distinct processes. Both protocols are supported by the Cisco Secure ACS software.
Hint
TACACS+ uses TCP, encrypts the entire packet (not just the password), and separates authentication and authorization into two distinct processes. Both protocols are supported by the Cisco Secure ACS software. -
Question 16 of 21
16. Question
1 pointsWhich technology provides the framework to enable scalable access security?Correct
Incorrect
AAA network security services (authentication, authorization, and accounting) provide the primary framework to set up access control on a network device. It provides a higher degree of scalability than the con, aux, vty and privileged EXEC authentication commands alone by using centrally managed Cisco Secure ACS servers using TACACS+ and RADIUS protocols.
Hint
AAA network security services (authentication, authorization, and accounting) provide the primary framework to set up access control on a network device. It provides a higher degree of scalability than the con, aux, vty and privileged EXEC authentication commands alone by using centrally managed Cisco Secure ACS servers using TACACS+ and RADIUS protocols. -
Question 17 of 21
17. Question
1 pointsWhich AAA component can be established using token cards?Correct
Incorrect
The authentication component of AAA is established using username and password combinations, challenge and response questions, and token cards. The authorization component of AAA determines which resources the user can access and which operations the user is allowed to perform. The accounting and auditing component of AAA keeps track of how network resources are used.
Hint
The authentication component of AAA is established using username and password combinations, challenge and response questions, and token cards. The authorization component of AAA determines which resources the user can access and which operations the user is allowed to perform. The accounting and auditing component of AAA keeps track of how network resources are used. -
Question 18 of 21
18. Question
1 pointsWhat service determines which resources a user can access along with the operations that a user can perform?Correct
Incorrect
Authorization determines whether a user has certain access privileges.
Hint
Authorization determines whether a user has certain access privileges. -
Question 19 of 21
19. Question
3 pointsWhich three services are provided by the AAA framework? (Choose three.)Correct
Incorrect
The authentication, authorization, and accounting (AAA) framework provides services to help secure access to network devices.
Hint
The authentication, authorization, and accounting (AAA) framework provides services to help secure access to network devices. -
Question 20 of 21
20. Question
1 pointsIn threat intelligence communications, what set of specifications is for exchanging cyberthreat information between organizations?Correct
Incorrect
The two common threat intelligence-sharing standards are as follows: Structured Threat Information Expression (STIX) - This is a set of specifications for exchanging cyberthreat information between organizations. The Cyber Observable Expression (CybOX) standard has been incorporated into STIX. Trusted Automated Exchange of Indicator Information (TAXII) – This is the specification for an application layer protocol that allows the communication of CTI over HTTPS. TAXII is designed to support STIX.
Hint
The two common threat intelligence-sharing standards are as follows: Structured Threat Information Expression (STIX) - This is a set of specifications for exchanging cyberthreat information between organizations. The Cyber Observable Expression (CybOX) standard has been incorporated into STIX. Trusted Automated Exchange of Indicator Information (TAXII) – This is the specification for an application layer protocol that allows the communication of CTI over HTTPS. TAXII is designed to support STIX. -
Question 21 of 21
21. Question
3 pointsMatch the type of business policy to the description.
Sort elements
- defines system requirements and objectives, rules, and requirements for users when they attach to or on the network
- protects the rights of workers and the company interests
- identifies salary, pay schedule, benefits, work schedule, vacations, etc.
-
security
-
company
-
employee
Correct
Incorrect