SkillTestPro | CyberOps Associate Network Intrusion Analysis Questions

Cisco CyberOps Associate Practice Test 10

Cisco Certified CyberOps Associate

1 / 10

A company uses containers in its environment. Which of these security challenges is most specific to containers compared to traditional VMs or bare metal?

Kernel exploits affecting host OS

Container image vulnerability or unverified images

Patch management for operating system packages

User account permissions in Linux

Full disk encryption

2 / 10

Suppose you examine a PCAP and see a TCP stream that includes an HTTP POST to “/upload” with a large file transfer, followed within minutes by FTP connections to an external server. What might this pattern suggest?

Legitimate backups between trusted servers

Routine email attachments sent out

Normal web browsing plus download

Malware scanning endpoints

Data exfiltration using fallback channels

3 / 10

What is a behavior that would indicate evasion when monitoring encrypted traffic?

Lots of unencrypted HTTP traffic

Traffic on common ports with unusual payload lengths

Use of VPNs by all users outside work hours

DNS over HTTPS for internal servers

Regular email attachments

4 / 10

Which access control model would allow an organization to enforce rules like “employees can access financial data only during business hours” effectively?

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Role-Based Access Control (RBAC)

Time-based Access Control

Attribute-Based Access Control (ABAC)

5 / 10

A SOC is investigating an incident. They have memory dump, disk image, and log files. Which of these evidences is considered corroborative evidence?

Disk image with timestamps matching log entries

The memory dump showing running malware process

User’s browser history showing download URL

Log files indicating login from unusual IP

Hash of suspected malware sample

6 / 10

During monitoring of network flow data, you see many short flows (just a few packets) from internal hosts to external IPs on unusual ports, followed by no return traffic. What kind of activity might this be?

Normal web browsing behaviour

Data exfiltration via large file transfer

Port scanning or probing

Regular DNS lookups

Mail server relaying

7 / 10

A log source shows DNS queries from internal IPs to domains like “abcd1234.randomstring.com” which don’t resolve normally. What kind of threat does this pattern most likely suggest?

SQL injection

Buffer overflow exploit

Cross-site scripting (XSS)

Command and Control (C2) beaconing

Lateral movement

8 / 10

When evaluating the risk associated with a vulnerability, which CVSS metric reflects how much user interaction is needed for an exploit?

Attack Vector

Privileges Required

Scope

Temporal Metrics

User Interaction

9 / 10

You’re using a SIEM that flags a high number of TLS certificate handshake failures across multiple endpoints. Which of these interpretations is most plausible?

Certificate revocation lists are all up to date

An attacker is performing a man-in-the-middle attack

All endpoints have wrong system time

Network load balancer misconfiguration

Users just changed their passwords

10 / 10

A SOC analyst sees that user login events from a server are being logged in two different formats: one as “sshd: Accepted password” and another as “sshd: Accepted publickey”. What could this indicate in the context of host-based analysis?

Multiple authentication methods enabled

Incorrect server name resolution

Firewall blocking SSH traffic

Network intrusion via MITM attack

Anomaly in DNS lookup

Your score is

The average score is 70%