Cisco CyberOps Associate practice test

Correct Answer: A host-based firewall
Explanation: A host-based firewall, configured to allow connections only from a specific IP address range, can enforce this policy directly on the server, providing granular access control.

Correct Answer: Exploitation
Explanation: In the exploitation phase, the attacker uses the weapon (malware) to exploit a vulnerability on the target system to gain control or execute malicious code.

Correct Answer: Master File Table (MFT)
Explanation: The Master File Table (MFT) in an NTFS file system contains metadata for all files, including timestamps for creation, modification, and last access.

Correct Answer: To manage and monitor an organization's security systems and respond to incidents.
Explanation: A SOC is a centralized unit within an organization that is responsible for monitoring and analyzing security events, responding to incidents, and managing security technology.

Correct Answer: Phishing
Explanation: Phishing is a form of social engineering where an attacker sends a fraudulent email, message, or text to trick a victim into revealing sensitive information.

Correct Answer: To collect and analyze log data from various sources to provide a centralized view of security events.
Explanation: A SIEM system is designed to centralize log data from multiple sources (firewalls, servers, endpoints) to correlate events and provide a unified platform for security analysis and incident detection.

Correct Answer: Creating a scheduled task or service to run a malicious executable
Explanation: Creating a scheduled task or a new service is a common technique for persistence, as it ensures that the malicious code runs every time the system starts up, even after a reboot.

Correct Answer: A flow analysis tool like NetFlow
Explanation: A flow analysis tool like NetFlow summarizes network conversations by recording source/destination IP addresses, ports, and protocols, which is ideal for a high-level overview of traffic patterns without capturing the full packet payload.

Correct Answer: To define the procedures and roles for handling security incidents.
Explanation: An Incident Response Plan (IRP) is a set of documented, pre-defined procedures that an organization follows to identify, contain, and recover from a security breach.

Correct Answer: A Network Intrusion Detection System (NIDS)
Explanation: A NIDS monitors network traffic for suspicious activity. A large number of DNS queries to a suspicious domain would be a network anomaly that a NIDS could detect and alert on, indicating a potential compromise and beaconing.