Which two net commands are associated with network resource sharing? (Choose two)

Article
05/26/2022
6 minutes to read

Inhaltsverzeichnis Show

Consistent management layer
Terminology
The benefits of using Resource Manager
Understand scope
Resource groups
Resiliency of Azure Resource Manager
CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

To learn about Azure Resource Manager templates (ARM templates), see the ARM template overview. To learn about Bicep, see Bicep overview.

Consistent management layer

When you send a request through any of the Azure APIs, tools, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request before forwarding it to the appropriate Azure service. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools.

The following image shows the role Azure Resource Manager plays in handling Azure requests.

All capabilities that are available in the portal are also available through PowerShell, Azure CLI, REST APIs, and client SDKs. Functionality initially released through APIs will be represented in the portal within 180 days of initial release.

Terminology

If you're new to Azure Resource Manager, there are some terms you might not be familiar with.

resource - A manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources. Resource groups, subscriptions, management groups, and tags are also examples of resources.
resource group - A container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide which resources belong in a resource group based on what makes the most sense for your organization. See Resource groups.
resource provider - A service that supplies Azure resources. For example, a common resource provider is Microsoft.Compute, which supplies the virtual machine resource. Microsoft.Storage is another common resource provider. See Resource providers and types.
declarative syntax - Syntax that lets you state "Here's what I intend to create" without having to write the sequence of programming commands to create it. ARM templates and Bicep files are examples of declarative syntax. In those files, you define the properties for the infrastructure to deploy to Azure.
ARM template - A JavaScript Object Notation (JSON) file that defines one or more resources to deploy to a resource group, subscription, management group, or tenant. The template can be used to deploy the resources consistently and repeatedly. See Template deployment overview.
Bicep file - A file for declaratively deploying Azure resources. Bicep is a language that's been designed to provide the best authoring experience for infrastructure as code solutions in Azure. See Bicep overview.

For more definitions of Azure terminology, see Azure fundamental concepts.

The benefits of using Resource Manager

With Resource Manager, you can:

Manage your infrastructure through declarative templates rather than scripts.
Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
Redeploy your solution throughout the development lifecycle and have confidence your resources are deployed in a consistent state.
Define the dependencies between resources so they're deployed in the correct order.
Apply access control to all services because Azure role-based access control (Azure RBAC) is natively integrated into the management platform.
Apply tags to resources to logically organize all the resources in your subscription.
Clarify your organization's billing by viewing costs for a group of resources sharing the same tag.

Understand scope

Azure provides four levels of scope: management groups, subscriptions, resource groups, and resources. The following image shows an example of these layers.

You apply management settings at any of these levels of scope. The level you select determines how widely the setting is applied. Lower levels inherit settings from higher levels. For example, when you apply a policy to the subscription, the policy is applied to all resource groups and resources in your subscription. When you apply a policy on the resource group, that policy is applied to the resource group and all its resources. However, another resource group doesn't have that policy assignment.

For information about managing identities and access, see Azure Active Directory.

You can deploy templates to tenants, management groups, subscriptions, or resource groups.

Resource groups

There are some important factors to consider when defining your resource group:

All the resources in your resource group should share the same lifecycle. You deploy, update, and delete them together. If one resource, such as a server, needs to exist on a different deployment cycle it should be in another resource group.
Each resource can exist in only one resource group.
You can add or remove a resource to a resource group at any time.
You can move a resource from one resource group to another group. For more information, see Move resources to new resource group or subscription.
The resources in a resource group can be located in different regions than the resource group.
When you create a resource group, you need to provide a location for that resource group.

You may be wondering, "Why does a resource group need a location? And, if the resources can have different locations than the resource group, why does the resource group location matter at all?"

The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

If a resource group's region is temporarily unavailable, you can't update resources in the resource group because the metadata is unavailable. The resources in other regions will still function as expected, but you can't update them. This condition doesn't apply to global resources like Azure Content Delivery Network, Azure DNS, Azure Traffic Manager, and Azure Front Door.

For more information about building reliable applications, see Designing reliable Azure applications.
A resource group can be used to scope access control for administrative actions. To manage a resource group, you can assign Azure Policies, Azure roles, or resource locks.
You can apply tags to a resource group. The resources in the resource group don't inherit those tags.
A resource can connect to resources in other resource groups. This scenario is common when the two resources are related but don't share the same lifecycle. For example, you can have a web app that connects to a database in a different resource group.
When you delete a resource group, all resources in the resource group are also deleted. For information about how Azure Resource Manager orchestrates those deletions, see Azure Resource Manager resource group and resource deletion.
You can deploy up to 800 instances of a resource type in each resource group. Some resource types are exempt from the 800 instance limit. For more information, see resource group limits.
Some resources can exist outside of a resource group. These resources are deployed to the subscription, management group, or tenant. Only specific resource types are supported at these scopes.
To create a resource group, you can use the portal, PowerShell, Azure CLI, or an ARM template.

Resiliency of Azure Resource Manager

The Azure Resource Manager service is designed for resiliency and continuous availability. Resource Manager and control plane operations (requests sent to management.azure.com) in the REST API are:

Distributed across regions. Some services are regional.
Distributed across Availability Zones (and regions) in locations that have multiple Availability Zones.
Not dependent on a single logical data center.
Never taken down for maintenance activities.

This resiliency applies to services that receive requests through Resource Manager. For example, Key Vault benefits from this resiliency.

Next steps

Last Updated on January 29, 2021 by Admin

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019

- fame seeking
- financial gain
- political reasons
- status among peers
  
  Explanation:
  Cybercriminals are commonly motivated by money. Hackers are known to hack for status. Cyberterrorists are motivated to commit cybercrimes for religious or political reasons.

The major power grid in a country is experiencing frequent attacks from another country.
The central database of student grades is accessed and a few grades are modified illegally.
The internal emails related to the handling of an environmental disaster by a petroleum company appear on multiple websites.

The sales record files of recent years in a large company suddenly cannot be opened and an offer comes forward promising that the data could be restored for a hefty fee.

Explanation:

Hacktivists are typically hackers who protest against a variety of political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles and leaking sensitive information. Accessing school database and changing grades is probably made by a few script kiddies. Offers from someone to restore data for a hefty fee is a ransomware attack. Attacking the major power grid is typically conducted by a government.

people
processes
data center
technologies
database engine

Internet connection

Explanation:

The three major categories of elements of a security operations center are people, processes, and technologies. A database engine, a data center, and an Internet connection are components in the technologies category.

VPN connection
firewall appliance
threat intelligence
security monitoring
intrusion prevention

vulnerability tracking

Explanation:

Technologies in a SOC should include the following:Event collection, correlation, and analysis Security monitoring Security control Log management Vulnerability assessment Vulnerability tracking Threat intelligence

Firewall appliances, VPNs, and IPS are security devices deployed in the network infrastructure.

further investigating security incidents
serving as the point of contact for a customer
hunting for potential security threats and implementing threat detection tools
monitoring incoming alerts and verifying that a true security incident has occurred

Explanation:
In a typical SOC, the job of a Tier 2 incident responder involves deep investigation of security incidents.

NTFS allows faster access to external peripherals such as a USB drive.
NTFS supports larger partitions.
NTFS provides more security features.
NTFS allows faster formatting of drives.
NTFS is easier to configure.
NTFS allows the automatic detection of bad sectors.

Explanation:
The file system has no control over the speed of access or formatting of drives, and the ease of configuration is not file system-dependent.

Task Manager
Add or Remove Programs
Event Viewer

System Restore

Explanation:

Use the Task Manager Performance tab to see a visual representation of CPU and RAM utilization. This is helpful in determining if more memory is needed. Use the Applications tab to halt an application that is not responding.

A virus is on the classroom computers.
The computers are on different networks.
The Windows firewall is blocking the ping.

Port 25 is blocked and preventing the echo request from being transmitted.

Explanation:

Unsuccessful pings usually indicate a network problem which eliminates the virus option. In this case computers in the same classroom would also be on the same network. Port 25 is used used by the email SMTP protocol, not by ping.

net use
net stop
net start
net share

net accounts

Explanation:

The net command is a very important command. Some common net commands include these:

net accounts – sets password and logon requirements for users
net session – lists or disconnects sessions between a computer and other computers on the network
net share – creates, removes, or manages shared resources
net start – starts a network service or lists running network services
net stop – stops a network service
net use – connects, disconnects, and displays information about shared network resources
net view – shows a list of computers and network devices on the network

It can be acquired at no charge.
It is easier to use than other server operating systems.
More network applications are created for this environment.

The administrator has control over specific security functions, but not standard applications.

Explanation:

There are several reasons why Linux is a good choice for the SOC.Linux is open source. The command line interface is a very powerful environment. The user has more control over the operating system.

Linux allows for better network communication control.

allow USB auto-detection
allow default services to remain enabled
use SSH and disable the root account access over SSH

maintain use of the same passwords

Explanation:

The basic best practices for device hardening are as follows: Ensure physical security. Minimize installed packages. Disable unused services. Use SSH and disable the root account login over SSH. Keep the system updated. Disable USB auto-detection. Enforce strong passwords. Force periodic password changes. Keep users from re-using old passwords.

Review logs regularly.

read, write, execute
read
read, write

full access

Explanation:

The file permissions are always displayed in the user, group and other order. In the example displayed, the file has the following permissions: The dash (-) means that this is a file. For directories, the first dash would be replaced with a “d”. The first set of characters is for user permission (rwx). The user, sales, who owns the file can read, write and execute the file. The second set of characters is for group permissions (rw-). The group, staff, who owns the file can read and write to the file.

The third set of characters is for any other user or group permissions (r–). Any other user or group on the computer can only read the file.

chkrootkit
grep
ls

Explanation:

The ps command is used before the kill command to discover the PID for the specific process. The kill command requires root privileges, but listing the processes that use the ps command does not.

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 06

DD:DD:DD:DD:DD:DD
172.168.10.99
CC:CC:CC:CC:CC:CC
172.168.10.65
BB:BB:BB:BB:BB:BB

AA:AA:AA:AA:AA:AA

Explanation:

When a host sends information to a distant network, the Layer 2 frame header will contain a source and destination MAC address. The source address will be the originating host device. The destination address will be the router interface that connects to the same network. In the case of host A sending information to host B, the source address is AA:AA:AA:AA:AA:AA and the destination address is the MAC address assigned to the R2 Ethernet interface, BB:BB:BB:BB:BB:BB.

meeting the reliability requirements of applications, if any
multiplexing multiple communication streams from many users or applications on the same network
identifying the applications and services on the client and server that should handle transmitted data
directing packets towards the destination network
formatting data into a compatible form for receipt by the destination devices

conducting error detection of the contents in frames

Explanation:

The transport layer has several responsibilities. Some of the primary responsibilities include the following: Tracking the individual communication streams between applications on the source and destination hosts Segmenting data at the source and reassembling the data at the destination Identifying the proper application for each communication stream through the use of port numbers Multiplexing the communications of multiple users or applications over a single network

Managing the reliability requirements of applications

HTTP
FTP
DHCP

DNS

Explanation:

Domain Name Service translates names into numerical addresses, and associates the two. DHCP provides IP addresses dynamically to pools of devices. HTTP delivers web pages to users. FTP manages file transfers.

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 03

router DG
PC-A
router ISP
web server

DNS server

Explanation:

The Wireshark capture is a DNS response from the DNS server to PC-A. Because the packet was captured on the LAN that the PC is on, router DG would have encapsulated the response packet from the ISP router into an Ethernet frame addressed to PC-A and forwarded the frame with the MAC address of PC-A as the destination.

repeater
access point
WLAN controller
Ethernet switch

RADIUS authentication server

Explanation:

In addition to its roles as router, a typical SOHO wireless router acts as both a wireless access point and an Ethernet switch. RADIUS authentication is provided by an external server. A WLAN controller is used in enterprise deployments to manage groups of lightweight access points. A repeater is a device that enhances an incoming signal and retransmits it.

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 02

R1(config-std-nacl)# permit any R1(config-std-nacl)# deny 192.168.2.0 R1(config)# interface G0/2
R1(config-if)# ip access-group BLOCK_LAN2 out
R1(config-std-nacl)# deny 192.168.2.0
R1(config-std-nacl)# permit any
R1(config)# interface G0/2
R1(config-if)# ip access-group BLOCK_LAN2 out
R1(config-std-nacl)# deny 192.168.3.0 R1(config-std-nacl)# permit any R1(config)# interface G0/2
R1(config-if)# ip access-group BLOCK_LAN2 in

R1(config-std-nacl)# permit any R1(config-std-nacl)# deny 192.168.3.0 R1(config)# interface G0/2

R1(config-if)# ip access-group BLOCK-LAN2 in

Explanation:

The correct access list syntax requires that the deny source IP address (192.168.2.0) statement come before the permit statement so that only traffic sourced from the 192.168.2.0 LAN is denied. Then the access list must be applied on interface G0/2 in the outbound direction.

authorization
encryption
scalability
virtualization

Explanation:
Confidential and secure transfers of data with VPNs require data encryption.

It is the criterion that is used to filter traffic.
It is used to determine the default gateway of the router that has the ACL applied.
It is the address to be used by a router to determine the best path to forward packets.

It is the address that is unknown, so the ACL must be placed on the interface closest to the source address.

Explanation:

The only filter that can be applied with a standard ACL is the source IP address. An extended ACL is used to filter on such traffic as the source IP address, destination IP address, type of traffic, and type of message.

provides statistical analysis on packets flowing through a Cisco router or multilayer switch
provides a message format for communication between network device managers and agents
captures packets entering and exiting the network interface card

synchronizes the time across all devices on the network

Explanation:

SNMP is an application layer protocol that allows administrators to manage devices on the network by providing a messaging format for communication between network device managers and agents.

executes when software is run on a computer
is self-replicating
hides in a dormant state until needed by an attacker
infects computers by attaching to software code

travels to new computers without any intervention or knowledge of the user

Explanation:

Worms are self-replicating pieces of software that consume bandwidth on a network as they propagate from system to system. They do not require a host application, unlike a virus. Viruses, on the other hand, carry executable malicious code which harms the target machine on which they reside.

DoS
buffer overflow
Trojan horse

brute-force attack

Explanation:

A Trojan horse is software that does something harmful, but is hidden in legitimate software code. A denial of service (DoS) attack results in interruption of network services to users, network devices, or applications. A brute-force attack commonly involves trying to access a network device. A buffer overflow occurs when a program attempts to store more data in a memory location than it can hold.

A virus typically requires end-user activation.
A virus has an enabling vulnerability, a propagation mechanism, and a payload.
A virus replicates itself by independently exploiting vulnerabilities in networks.
A virus provides the attacker with sensitive data, such as passwords.

A virus can be dormant and then activate at a specific time or date.

Explanation:

The type of end user interaction required to launch a virus is typically opening an application, opening a web page, or powering on the computer. Once activated, a virus may infect other files located on the computer or other computers on the same network.

Port redirection attacks use a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN.
Password attacks can be implemented by the use of brute-force attack methods, Trojan horses, or packet sniffers.
Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or to exploit systems to execute malicious code.
To detect listening services, port scanning attacks scan a range of TCP or UDP port numbers on a host.

Trust exploitation attacks often involve the use of a laptop to act as a rogue access point to capture and copy all network traffic in a public location, such as a wireless hotspot.

Explanation:

An access attack tries to gain access to a resource using a hijacked account or other means. The five types of access attacks include the following:password – a dictionary is used for repeated login attempts trust exploitation – uses granted privileges to access unauthorized material port redirection – uses a compromised internal host to pass traffic through a firewall man-in-the-middle – an unauthorized device positioned between two legitimate devices in order to redirect or capture traffic

buffer overflow – too much data sent to a memory location that already contains data

phishing
Trojan horse
pivot
reconnaissance

rootkit

Explanation:

The following methods are used by hackers to avoid detection:Encryption and tunneling – hide or scramble the malware content Resource exhaustion – keeps the host device too busy to detect the invasion Traffic fragmentation – splits the malware into multiple packets Protocol-level misinterpretation – sneaks by the firewall Pivot – uses a compromised network device to attempt access to another device

Rootkit – allows the hacker to be undetected and hides software installed by the hacker

a passive device that forwards all traffic and physical layer errors to an analysis device
a feature supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device
a Cisco technology that provides statistics on packets flowing through a router or multilayer switch

a technology used to provide real-time reporting and long-term analysis of security events

Explanation:

A network tap is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and forwards all traffic, including physical layer errors, to an analysis device.

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 05

AAA
debug
ICMP

SNMP

Explanation:

The Simple Network Management Protocol is used by network devices to send and log messages to a syslog server in order to monitor traffic and network device events. The syslog service must be enabled on the server or a syslog server application must be installed in order to receive such traffic.

The iFrame allows the browser to load a web page from another source.
The attacker embeds malicious content in business appropriate files.
The attacker redirects traffic to an incorrect DNS server.
The iFrame allows multiple DNS subdomains to be used.

Explanation:
An inline frame or iFrame is an HTML element that allows the browser to load a different web page from another source.

access layer switch
firewall
internal router

IPS

Explanation:

A firewall is typically a second line of defense in a layered defense-in-depth approach to network security. The firewall typically connects to an edge router that connects to the service provider. The firewall tracks connections initiated within the company going out of the company and denies initiation of connections from external untrusted networks going to internal trusted networks.

accessibility
accounting
auditing
authentication

authorization

Explanation:

One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.

TACACS+ provides extensive accounting capabilities when compared to RADIUS.
The TACACS+ protocol allows for separation of authentication from authorization.
The RADIUS protocol encrypts the entire packet transmission.

RADIUS can cause delays by establishing a new TCP session for each authorization request.

Explanation:

One key difference between TACACS+ and RADIUS protocols is that TACACS+ provides flexibility by separating authentication and authorization processes. RADIUS, on the other hand, combines authentication and authorization as one process.

MD5
AES
3DES
SHA-1

HMAC

Explanation:

The task to ensure that only authorized personnel can open a file is data confidentiality, which can be implemented with encryption. AES and 3DES are two encryption algorithms. HMAC can be used for ensuring origin authentication. MD5 and SHA-1 can be used to ensure data integrity.

Two Cisco routers authenticate each other with CHAP.
A network administrator connects to a Cisco router with SSH.
User data is transmitted across the network after a VPN is established.

An office manager encrypts confidential files before saving them to a removable device.

Explanation:

The SSH protocol uses an asymmetric key algorithm to authenticate users and encrypt data transmitted. The SSH server generates a pair of public/private keys for the connections. Encrypting files before saving them to a storage device uses a symmetric key algorithm because the same key is used to encrypt and decrypt files. The router authentication with CHAP uses a symmetric key algorithm. The key is pre-configured by the network administrator. A VPN may use both an asymmetric key and a symmetric encryption algorithm. For example in an IPSec VPN implementation, the data transmission uses a shared secret (generated with an asymmetric key algorithm) with a symmetric encryption algorithm used for performance.

Symmetric algorithms are typically hundreds to thousands of times slower than asymmetric algorithms.
Symmetric encryption algorithms are used to authenticate secure communications. Asymmetric encryption algorithms are used to repudiate messages.
Symmetric encryption algorithms are used to encrypt data. Asymmetric encryption algorithms are used to decrypt data.

Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.

Explanation:

Asymmetric algorithms can use very long key lengths in order to avoid being hacked. This results in the use of significantly increased resources and time compared to symmetric algorithms.

DH requires a shared key which is easily exchanged between sender and receiver.
Most data traffic is encrypted using asymmetrical algorithms.
The large numbers used by DH make it too slow for bulk data transfers.

DH runs too quickly to be implemented with a high level of security.

Explanation:

Diffie-Hellman (DH) is an asymmetric mathematical algorithm that is too slow for encrypting large amounts of data. The longer key length and complexity of DH make it ideal for generating the keys used by symmetric algorithms. Symmetric algorithms typically encrypt the data, whereas DH creates the keys they use.

The code is authentic and is actually sourced by the publisher.
The code contains no errors.
The code was encrypted with both a private and public key.
The code has not been modified since it left the software publisher.

The code contains no viruses.

Explanation:

Digitally signing code provides several assurances about the code: The code is authentic and is actually sourced by the publisher. The code has not been modified since it left the software publisher.

The publisher undeniably published the code. This provides nonrepudiation of the act of publishing.

data storage
cloud computing
network bandwidth

CPU processing speed

Explanation:

With cloud computing, boundaries of enterprise networks are expanded to include locations on the Internet for which the enterprises are not responsible. Malicious software might access the internal network endpoints to attack internal networks.

It compares the operations of a host against well-defined security rules.
It compares the signatures of incoming traffic to a known intrusion database.
It compares the antimalware definitions to a central repository for the latest updates.

It compares the behaviors of a host to an established baseline to identify potential intrusion.

Explanation:

With the anomaly-based intrusion detection approach, a set of rules or policies are applied to a host. Violation of these policies is interpreted to be the result of a potential intrusion.

human attack surface
Internet attack surface
network attack surface

software attack surface

Explanation:

The SANS Institute describes three components of the attack surface:

Network Attack Surface – exploitation of vulnerabilities in networks
Software Attack Surface – exploitation of vulnerabilities in web, cloud, or host-based software applications
Human Attack Surface – exploitation of weaknesses in user behavior

Impact
Exploitability
Modified Base

Exploit Code Maturity

Explanation:

The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics:

Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit
Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability

Surveil or deny service from outside the corporate network.
Intercept and decrypt network traffic.
Change the timestamp on network messages in order to conceal the cyberattack.
Collect personal information and encode the data in outgoing DNS queries.

Explanation:
Malware could be used by a threat actor to collect stolen encoded data, decode it, and then gain access to corporate data such as a username/password database.

The devices introduce processing delays and privacy issues.
The devices must have preconfigured usernames and passwords for all users.
The devices require continuous monitoring and fine tuning.

Monthly service contracts with reputable web filtering sites can be costly.

Explanation:

HTTPS adds extra overhead to the HTTP-formed packet. HTTPS encrypts using Secure Sockets Layer (SSL). Even though some devices can perform SSL decryption and inspection, this can present processing and privacy issues.

setup logs
system logs
security logs

application logs

Explanation:

By default Windows keeps four types of host logs:

Application logs – events logged by various applications
System logs – events about the operation of drivers, processes, and hardware
Setup logs – information about the installation of software, including Windows updates
Security logs – events related to security, such as logon attempts and operations related to file or object management and access

access list monitoring
network monitoring
log analysis
usage-based network billing

QoS configuration

Explanation:

NetFlow efficiently provides an important set of services for IP applications including network traffic accounting, usage-based network billing, network planning, security, denial of service monitoring capabilities, and network monitoring.

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 04

This is a TCP DNS response to a client machine.
This is a UDP DNS response to a client machine.
This is a UDP DNS request to a DNS server.

This is a TCP DNS request to a DNS server.

Explanation:

The traffic flow shown has a source port of 53 and a destination port of 1025. Port 53 is used for DNS and because the source port is 53, this traffic is responding to a client machine from a DNS server. The IP PROTOCOL is 17 and specifies that UDP is being used and the TCP flag is set to 0.

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 01

the port that tcpdump is listening to
the process id of the tcpdump command
the number of transactions currently captured
the Snort signature id that tcpdump will watch and capture

Explanation:
After the tcpdump command is issued, the device displays the message, [1] 6337. The message indicates that the process with PID 6337was sent to the background.

An alert is verified to be an actual security incident.
Normal traffic is correctly ignored and erroneous alerts are not being issued.
An alert is incorrectly issued and does not indicate an actual security incident.
Exploits are not being detected by the security systems that are in place.

Explanation:
True negative classifications are desirable because they indicate that normal traffic is correctly not being identified as malicious traffic by security measures.

memory registers
log files
temp files
web browser cache

Explanation:
Volatile data is data stored in memory such as registers, cache, and RAM, or it is data that exists in transit. Volatile memory is lost when the computer loses power.

collection
examination
analysis

reporting

Explanation:

NIST describes the digital forensics process as involving the following four steps:

Collection – the identification of potential sources of forensic data and acquisition, handling, and storage of that data
Examination – assessing and extracting relevant information from the collected data. This may involve decompression or decryption of the data
Analysis – drawing conclusions from the data. Salient features, such as people, places, times, events, and so on should be documented
Reporting – preparing and presenting information that resulted from the analysis. Reporting should be impartial and alternative explanations should be offered if appropriate

to get a free malware package
to launch a DoS attack toward the target
to avoid detection by the target

to gain faster delivery of the attack on the target

Explanation:

When a threat actor prepares a weapon for an attack, the threat actor chooses an automated tool (weaponizer) that can be deployed through discovered vulnerabilities. Malware that will carry desired attacks is then built into the tool as the payload. The weapon (tool plus malware payload) will be delivered to the target system. By using a zero-day weaponizer, the threat actor hopes that the weapon will not be detected because it is unknown to security professionals and detection methods are not yet developed.

delivery
exploitation
action on objectives

command and control

Explanation:

The Cyber Kill Chain specifies seven steps (or phases) and sequences that a threat actor must complete to accomplish an attack:Reconnaissance – The threat actor performs research, gathers intelligence, and selects targets. Weaponization – The threat actor uses the information from the reconnaissance phase to develop a weapon against specific targeted systems. Delivery – The weapon is transmitted to the target using a delivery vector. Exploitation – The threat actor uses the weapon delivered to break the vulnerability and gain control of the target. Installation – The threat actor establishes a back door into the system to allow for continued access to the target. Command and Control (CnC) – The threat actor establish command and control (CnC) with the target system.

Action on Objectives – The threat actor is able to take action on the target system, thus achieving the original objective.

The data sets are compact for easy download.
The access fee is minimal.
The data is open and free to the public.
The database is sponsored and backed by governments.

Data is in a format that allows for manipulation.

Explanation:

The VERIS community database (VCDB) is open and free to the public. The VCDB uses metrics to describe incidents in a structured and repeatable way, thus allowing for data manipulation.

Coordinate the incident response with other stakeholders and minimize the damage of the incident.
Review the incident policies, plans, and procedures for local or federal guideline violations.
Perform actions to minimize the effectiveness of the attack and preserve evidence.
Apply disciplinary measures if an incident is caused by an employee.

Explanation:
The human resources department may be called upon to perform disciplinary measures if an incident is caused by an employee.

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 001

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 002

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 003

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 004

CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 005

Explanation:

Important elements of a network profile include:

Total throughput – the amount of data passing from a given source to a given destination in a given period of time
Session duration – the time between the establishment of a data flow and its termination
Ports used – a list of TCP or UDP processes that are available to accept data
Critical asset address space – the IP addresses or the logical location of essential systems or data