Cisco CyberOps Review 2

Confidentiality, integrity, and availability

Confidentiality, identity, and availability

Confidentiality, integrity, and authorization

Confidentiality, identity, and authorization

Transmission Control Protocol

Reliable Data Protocol

Hypertext Transfer Protocol

User Datagram Protocol

Chain of evidence

Evidence chronology

Chain of custody

Record of safekeeping

Private host information

Protected health information

Personal health information

Protected host information

Internet Control Message Protocol

Address Resolution Protocol

Session Initiation Protocol

Transmission Control Protocol/Internet Protocol

Vulnerability

Threat

Exploit

Risk

Confirm the timing of network connections differentiated by

the TCP 5 tuple.

Audit applications used on a social networking website.

Determine user IDs involved in an instant message exchange.

Map internal private IP addresses to dynamically translated

external public IP addresses.

Identify a malware variant carried over an SMTP connection.

Discretion of the system administrator

Security policy defined by the owner of an object

Security policy defined by the system administrator

Role of a user within an organization

Alert data

Statistical data

Session data

Transaction data

Receiving a call from the IT department asking you to verify

your username/password to maintain your account

Receiving an invitation to your department s weekly WebEx

meeting

Sending a verbal request to an administrator to change the

password of an account the administrator recognizes

Receiving an email from MR requesting that you visit the

secure HR website and update your contract information

A unique trust model that establishes an encrypted

connection between devices in a private network

A model designed to protect systems by requiring

authentication for any device or person trying to access

the network

A model that creates a blacklist that includes all devices

that are not allowed to access resources

None of the above

Monitoring

Service privileges

Incident response and log auditing

Total traffic encryption

Maintains regular network traffic to avoid overloads

Enterprise data management system

Restricts user permissions to the minimum required

for their work

Keeps computing systems up to date to improve

protection

A person or group of people trying to perform malicious

acts against organizations, whether unintentionally or

intentionally

A very strong hacking tool that helps commit malicious

acts against organizations

Any malicious activity that occurs on mobile devices

Offensive security professionals who are experts in

attacking systems and breaking through defenses

A system designed to enrich the IT department s knowledge

of innovations in the field

External hardware designed to protect enterprise computing

systems by alerting the IT department about changes

Maps internal private IP addresses to dynamically translated

external public IP addresses

A technology used to automate IT operations management

A platform that provides testing environments for

unknown threats

Hardware that is installed on enterprise computers to

provide updates about security threats

A platform that gathers raw data to produce useable

information for automated security control systems

A unique trust platform that creates an encrypted

connection between devices in a private network

Helps improve enterprise networking processes by speeding

up network traffic

Collects data on security threats from a variety of sources and

responds to security incidents without human assistance

Collects data about user activity in the organization and

provides remote help for errors

A cybersecurity teamwork method for responding to events

Exploit

Threat

Zero trust

Vulnerability

A c ertification valued by cybersecurity professionals

Software designed to help a cybersecurity department

receive updates on the organization s security systems

A platform that provides testing environments for unknown

threats

A series of layered protection mechanisms used to protect

important data and information

Nondiscretionary access control

Role-based access control

Time-based access control

Rule-based access control

Rule based access control

Nondiscretionary access control

Discretionary access control

Mandatory access control

Mandatory access control

Role-based access control

Nondiscretionary access control

Time-based access control

Threat actor

Threat hunting

Reverse engineering

Malware analysis

Session headers

NetFlow flow information

Source and destination ports and IP addresses

Protocol information

ARP attack

Brute force attack

Spoofing attack

DDoS attack

VLAN hopping

A set of pages that currently reside in physical memory

A basic unit to which the operating system allocates

processor time

A set of virtual memory addresses

A database that stores low-level settings for the operating

system

TOR

NAT

Encapsulation

Tunneling

A program used to detect and remove unwanted malicious

software from the system

A program that provides real-time analysis of security alerts

generated by network hardware and applications

A program that scans a running application for vulnerabilities

Rules that allow network traffic to pass in and out

On-Path

Denial of Service

Distributed Denial of Service

Replay

ACK

SYN ACK

RST

PSH, ACK

Directed

Encoded

Stored

Reflected

Cascaded

1

2

4

8

Symmetric

Public

Private

Asymmetric

A program used for sniffing and filtering network traffic

A program used to detect and remove unwanted malicious

software from the system

A program used to ensure the privacy of a certificate

Technology used to automate IT operation management

Port numbers

MAC address

IP address

Interface name

Dynamic packet filtering

Filtering packets based on applications

Static packet filtering

VPN support

Dumpster diving

Denial of Service (DoS)

Phishing

Shoulder surfing

Applications and traffic in the network are controlled to

protect assets against attacks and manage bandwidth.

All documents are encrypted with a private key.

Establishes a platform to test environments for unknown

threats

Provides a database that stores low level settings for the

operating system

Information about the volume of computer storage usage

Data about existing threats on the network

Reports providing visibility of actual blocks and web usage

Reports pertaining to additional tools running online

In-depth analysis of information traffic

A report on the remaining storage volume for email use

Information about contacts frequently communicated with

via email

Probability that messages are legitimate or spam

Optimizes data traffic

Scrambles a message or information so that only authorized

parties can access it

Ensures that information is not lost along the way and data is

transferred more efficiently and securely

Compresses information and saves storage space

Hides an object from unwanted access

Ensures that sent or received information is correct

Ensures that no information leakage can occur

Checks if invalid characters are used

In depth analysis of information traffic

Encrypts all data with a private key

Improves service availability and helps prevent downtime

Stores low level settings for the operating system

DDoS

SQLi

Brute-force

SSRF

XSS

SQLi

Brute-force

MITM

Brute-force

SQLi

DDoS

XSS

VPN

Proxy server

Proxy chains

None of the above

SQLi

Social engineering

MITM

DDoS

Access control list

TOR

tcpdump

NetFlow

MITM

Command injection

SQLi

XSS

Tunneling

STP

P2P

PAT

Next-gen firewall

NetFlow

Web content filtering

Access control list

Last name sign

Signature algorithm ID

Serial name

Version number

X.509

Cipher suite

Key exchange

PKCS

Host based intrusion detection

Windows Defender

Wireshark

Network based intrusion detection

Host-based intrusion detection

Host-based firewall

Application-level allow/deny listing

System-based sandboxing

Application-level allow/deny listing

Host-based firewall

Host-based intrusion detection

Systems-based sandboxing

Application-level deny listing

Systems-based sandboxing

Application-level allow listing

Host-based firewall

Cross-site scripting

SQL Injection

DDoS

Command injection

MITM

Command injection

Buffer overflow

DDoS

Malware

Cross-site scripting

Buffer overflow

MITM

DDoS

Ransomware

SQL injection

Command injection

Insufficient network resources

Failure of full packet capture solution

Misconfiguration of a web filter

TCP injection

Exploit kit

Rootkit

Vulnerability kit

Script kiddie kit

Integrity validation

Due diligence

Need to know

Least privilege

Encryption

Large packet headers

Signature detection takes longer

SSL interception

/etc/log

/root/log

/lib/log

/var/log

A module for IIS that allows you to log into a database

A data source control to connect to your data source

A powerful, versatile tool that makes it possible to run

SQL like queries in log files

A powerful, versatile tool that verifies the integrity of

log files

Actual physical location of an object in memory

A set of virtual memory addresses the process can use

A set of pages that currently reside in physical memory

A system level memory protection feature built into the

operating system

Allow everything and deny specific executable files

Allow specific executable files and deny other executable files

Daily writing of application-based attacks on a whiteboard

Allow specific files and deny everything else

Input validation

Hash collision

Command injection

Integer overflow

On a particular endpoint as an agent or desktop application

On a dedicated proxy server monitoring egress traffic

On a span switch port

On a tap switch port

True positive

False negative

True negative

False positive

True positive

False negative

True negative

False positive

True positive

False negative

True negative

False positive

CloudDLP

OpenDNS

CloudLock

CloudSLS

Each station can transmit and receive at the same time.

It avoids collisions.

It makes use of backoff time.

It uses a collision avoidance algorithm to transmit data.

Mean time to repair (MTTR)

Mean time between failures (MTBF)

Mean time to discover a security incident

All of the above

NAT

NTP

RFC 1631

RFC 1918

Data mining

Host-based antivirus

Application visibility and control

Security information and event management

Intrusion detection system

Replay

On-Path

Dictionary

Known plaintext

Router

Repeater

Switch

Bridge

Action

Selector

Facility

Priority

Full packet capture

Transaction data

Statistical data

Session data

NTP

DNS

HTTP

IMAP

SMTP

32 bytes

60 bytes

64 bytes

20 bytes

Most passwords today are complex.

The password may not be in the list or dictionary.

The attack requires a lot of time and resources to succeed.

Brute force can only occur online.

Ping Flood

Brute force

SQLi

XSS

ICMP

POP3

ARP

IPv6

SQLi

XSS

DDoS

DNS Spoofing

Sustainability

Integrity

Confidentiality

Availability

AES

CES

DES

3DES

The document is hashed, and then the document is encrypted

with a private key.

The document is hashed, and then the hash is encrypted with

a private key.

The document is encrypted, and then the document is hashed

with a public key.

The document is hashed, and then the document is encrypted

with a public key.

SHA-512

RSA 4096

SHA-1

SHA-256

Daemon to execute scheduled commands

Parent directory name of a file path name

Macros for manipulating CPU sets

New process created by a parent process

Ensuring the privacy of a certificate

Revoking the validation of a certificate

Validating the authenticity of a certificate

Creating duplicate copies of a certificate

Changing ownership of a certificate

When changing to a different role

Upon termination of employment

As described in the asset return policy

When the lease for the laptop expires

To transfer traffic of multiple virtual LANs

To connect more than two switches

To enable the Spanning Tree Protocol

To encapsulate Layer 2 frames

Transport

Network

Data link

Application

From a Cisco ASA to the Cisco OpenDNS service

From a Cisco ASA to the Cisco WSA

From a Cisco ASA to the Cisco FMC

From a Cisco ISE session directory to other policy network

systems, such as Cisco IOS devices and the Cisco ASA

Smartphones that are available for emergency communication