CCNA CBROPS M1-Security Concepts

1. Each company seeks to maintain these three aspects of the information system.
Which part of the CIA Triad guarantees the authenticity of data?


2. A ___________ is a system weakness or a design that can be exploited through a threat.
These are found in protocols themselves sometimes, as in the case of TCP / IP .

3. In data classification, it refers to the lowest classified data level in this system
These are data that must meet the requirements for confidentiality


4. In data classification, these data are very difficult to obtain and sometimes cost considerable to ensure their secrecy.
Usually, few people have access to this data based only on a requirement to know this information

5. It refers to a dictionary of publicly known information security vulnerabilities and exposures.

6. "DID"   security solutions  are designed to work across the risk spectrum are required in the organization to counter today's advanced threats and attacks. What does DID mean?

7. In security deployments, the continuum of attack is divided into three phases. What are those?  (choose 3).

8. During an attack, which of these products can help detect block and defend against attacks that have penetrated the network that are in progress?  (choose 3).

9. All viruses are malware, but not all malware is a virus. (True or False)

10. ________ is a new platform for the integration of multiple security technologies from a single point of view to ease of control, unified policy across on-site and cloud assets.
It is an open, cloud-based platform that connects the Cisco-integrated security portfolio to existing (non-Cisco) security products.

11. The _____________ centralizes the collection of threat data from a wide range of data sources and formats.
The volume of threat data can be overwhelming, so this is designed to aggregate data in one place and, most importantly, to present data in an intelligible and usable format.

12. It refers to the the pursuit of abnormal activity on servers and endpoints that may be evidence of compromise, intrusion, or data ex filtration. With this approach you're using humans to go "find stuff" versus waiting for technology to alert you.

13. Investigating malware is a process that requires a few steps to be taken.
These four stages are the pyramid that grows in complexity. What are these 4 stages?

14. _______________ are a modern mutation of the widespread global problem that has plagued most countries for decades.
These threat actors usually focus on disrupting critical services and causing harm.
Chief Goal: cause harm and destruction in order to further their cause.
Typical Targets: May target businesses, state machinery, and critical services that would cause the most harm, disruption, and destruction.

15. It is an important concept in the field of computer security, and is the practice of limiting users' access rights to the bare minimum permissions they need to perform their work.

16. ___________ is a function of the likelihood of a particular potential vulnerability being exercised by a particular threat source and the resulting impact of that adverse event on the organization.

17. It refers to potential risk to an asset.

18. This could manifest as anything from a weakness in the design of the system to the implementation of an operational procedure.

19. It refers to a piece of software, a tool, a technique, or a process that takes advantage of a weakness or flaw  that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system.

20. It is an overlay of networks and systems that use the Internet but require specific software and configurations to access it.

21. It refers to a cyber security approach that involves layering a number of defensive mechanisms to protect valuable data and information.
If one mechanism fails, another steps up immediately to thwart the attack.
This multi-layer approach, with intentional redundancies, increases the security of the system as a whole and addresses many different attack vectors.

22. It is considered as the strictest control under the available security controls.
The design of this has been defined and is primarily used by the government and the military.

23. This access control method enables each user to control access to their own data.
Instead of a security label, as in the case of MAC, each resource in this system has an access-list attached to it.

24. These access control method is based on the user's work function within the organization, and access is allowed or denied on the basis of a set of rules defined by the system administrator

25. This access control method intelligently filters TCP and UDP packets based on application layer log information.
It can be used for intranets, extranets and the Internet because of its inherent ability to distill packets (TCP and UDP) based on application protocol session information.

26. It is a next-generation authorization model that provides dynamic, context-aware and risk-smart access control.
It defines an access control paradigm by which access rights are granted to users with policies that combine parameters.

27. A security model that defines the rules that govern access to resource objects by the system administrator.
These rules may be parameters that allow access only to certain IP addresses, deny access to certain IP addresses, or something more specific, such as an IP address that is allowed unless it comes through a certain port (such as the port used for FTP access).

28. In AAA, it provides a method for identifying users, including login and password dialog, challenge and response, messaging support, and, depending on the security protocol you choose, encryption.
It identifies the user before allowing the user to access the network.

29. It defines what identity groups or individuals are allowed to do once they have been authenticated, including one-time authorization or authorization for each service, per-user account list and profile, user group support, and IP support, console commands, network connections, and Telnet and reverse Telnet connections

30. Is a method for collecting and sending security server information that is used for billing, auditing and reporting purposes, such as user identities, start and stop times, executed commands, and number of packets and bytes

31. It is a vendor agnostic, industry open standard that is designed to convey vulnerability severity and to help determine urgency and priority of response.
This system does not calculate the chances of being attacked, but the chances of being compromised in the event of an attack and potential severity of damage.

32. What are the 3 components to calculate  the CVSS score? (Choose 3).

33. In CVSS Scoring, It represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
It is composed of two sets of metrics: the exploitability metrics (attack vector, attack complexity, privileges required, user interaction, scope) and the impact metrics (confidentiality, integrity, availability).

34. In CVSS Scoring, It enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user's organization, which are measured in terms of complementary/alternative security controls in place, Confidentiality, Integrity, and Availability.

35. In CVSS Scoring, It measures the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence that one has in the description of a vulnerability.

36. In the cloud, what kind of challenges would you expect when it comes to data visibility in the cloud? (choose 2)

37. Regarding network data visibility, overlay networks in software defined networks does not pose any challenges to the network data visibility.

38. This feature secures users from maliciously or unintentionally emailing sensitive data from the network.

39. The flowchart inside the DLP engine represents the sequence of events that result in a risk factor from what minimum to a maximum number?

40. When you create content matching classifiers for custom DLP policies, you specify values that are used to determine the risk factor score. Which factors are being considered here? (Choose 4).

41. What are the components of a 5-tuple ?

42. In Host based IPS, what kind of detection approach are being used? (Choose 3)

43. It occurs when the IPS does not detect and report actual malicious activity.
The consequence can be catastrophic and signatures must be continuously updated as new exploits and hacking techniques are discovered.

44. It occurs when the IPS reports certain benign activity as malicious.
Human intervention is required to diagnose the event.

45. An abundance of this kind of alerts becomes a significant burden for IPS analysts.
These alerts can obscure the console and hide true positive alerts.
An analyst's time is limited, so wasting time analyzing these events is costly.
These kind of alerts should be regularly tuned out.

46. This kind of alert occurs when the network is attacked, but the IPS fails to detect it.
Much of the responsibility for these failures falls to the IPS vendor.
Vendors must work to ensure that their detection engines cannot be evaded by hackers, and they must continually provide updated rules.

47. Which of these options poses a limitation of Signature-based detection?

48. Which of these options poses a limitation of behavior-based detection?

49. These method is simple to implement and update for security vendors.
To this end, all anti-malware vendors maintained their library of known and identified threats.

50. It is developed with built-in intelligence to consider malware signature deviations and is capable of identifying whether incoming files could pose any threat to networks or systems.
This provides an effective way to secure end-user devices, network elements, and servers from any malicious or potentially malicious activity.