CyberOps Associate Threat Analysis Questions

Correct Answer: ICMP flood attack
Explanation: Repeated ICMP requests from one external host to many internal hosts suggest a ping flood or reconnaissance attempt.

Correct Answer: Security event logs
Explanation: Windows security logs include file access auditing events.

Correct Answer: NETCONF
Explanation: NETCONF runs over SSH and provides secure management of network configurations.

Correct Answer: Verifies the identity of entities in communications
Explanation: Certificates validate identity and support encryption with public key infrastructure (PKI).

Correct Answer: 200
Explanation: HTTP 200 OK indicates a successful client request.

Correct Answer: Cisco Stealthwatch
Explanation: Stealthwatch analyzes NetFlow to detect unusual traffic patterns and anomalies.

Correct Answer: Prefetch files
Explanation: Windows Prefetch files store execution details for faster program startup and can be used in forensics.

Correct Answer: Ransomware
Explanation: Ransomware holds data hostage by encryption and demands ransom for decryption.

Correct Answer: Data isolation between tenants
Explanation: In multi-tenant cloud, ensuring data is isolated between customers is a key concern.

Correct Answer: Aggregate and analyze logs
Explanation: SIEMs centralize log data and correlate events to identify security incidents.