CyberOps Associate Incident Response Questions

Correct Answer: top
Explanation: The top command shows running processes and their PIDs in real time.

Correct Answer: Successful brute-force or privilege escalation
Explanation: Initial denied attempts followed by success suggest the attacker gained correct credentials or elevated privileges.

Correct Answer: HTTP POST requests with encoded payloads
Explanation: Attackers often hide stolen data in HTTP POST traffic since it resembles normal web traffic.

Correct Answer: Users should only have access required for their role
Explanation: Least Privilege reduces attack surface by limiting permissions.

Correct Answer: To validate security monitoring by simulating real attacks
Explanation: Red team exercises test defenses by mimicking actual attacker tactics.

Correct Answer: Cisco Umbrella
Explanation: Cisco Umbrella protects against threats at the DNS layer by blocking requests to malicious domains.

Correct Answer: Typosquatting
Explanation: Typosquatting registers domains similar to legitimate ones to trick users into entering credentials.

Correct Answer: Wireshark
Explanation: Wireshark is the most widely used GUI packet capture analysis tool.

Correct Answer: Persistence
Explanation: Persistence techniques allow attackers to maintain access across reboots or credential changes.

Correct Answer: IDS only detects, IPS can block
Explanation: IDS alerts on suspicious activity, while IPS actively prevents/block traffic.