Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0
Question 1
A security specialist notices 100 HTTP GET and POST requests for multiple pages on the web servers. The agent in the requests contains PHP code that, if executed, creates and writes to a new PHP file on the webserver. Which event category is described?
- A. reconnaissance
- B. action on objectives
- C. installation
- D. exploitation
Answer : C
Question 2
What specific type of analysis is assigning values to the scenario to see expected outcomes?
- A. deterministic
- B. exploratory
- C. probabilistic
- D. descriptive
Answer : A
Question 3
When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?
- A. fragmentation
- B. pivoting
- C. encryption
- D. stenography
Answer : D
Question 4
Why is encryption challenging to security monitoring?
- A. Encryption analysis is used by attackers to monitor VPN tunnels.
- B. Encryption is used by threat actors as a method of evasion and obfuscation.
- C. Encryption introduces additional processing requirements by the CPU.
- D. Encryption introduces larger packet sizes to analyze and store.
Answer : B
Question 5
An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin. The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts. What is causing the lack of data visibility needed to detect the attack?
- A. The threat actor used a dictionary-based password attack to obtain credentials.
- B. The threat actor gained access to the system by known credentials.
- C. The threat actor used the teardrop technique to confuse and crash login services.
- D. The threat actor used an unknown vulnerability of the operating system that went undetected.
Answer : B
Question 6
A company receptionist received a threatening call referencing stealing assets and did not take any action assuming it was a social engineering attempt. Within
48 hours, multiple assets were breached, affecting the confidentiality of sensitive information. What is the threat actor in this incident?
- A. company assets that are threatened
- B. customer assets that are threatened
- C. perpetrators of the attack
- D. victims of the attack
Answer : C
Question 7
What is the relationship between a vulnerability and a threat?
- A. A threat exploits a vulnerability
- B. A vulnerability is a calculation of the potential loss caused by a threat
- C. A vulnerability exploits a threat
- D. A threat is a calculation of the potential loss caused by a vulnerability
Answer : A
Question 8
What is the principle of defense-in-depth?
- A. Agentless and agent-based protection for security are used.
- B. Several distinct protective layers are involved.
- C. Access control models are involved.
- D. Authentication, authorization, and accounting mechanisms are used.
Answer : B
Question 9
DRAG DROP -
Drag and drop the uses on the left onto the type of security system on the right.
Select and Place:
Answer : 
Question 10
What is the difference between the rule-based detection when compared to behavioral detection?
- A. Rule-Based detection is searching for patterns linked to specific types of attacks, while behavioral is identifying per signature.
- B. Rule-Based systems have established patterns that do not change with new data, while behavioral changes.
- C. Behavioral systems are predefined patterns from hundreds of users, while Rule-Based only flags potentially abnormal patterns using signatures.
- D. Behavioral systems find sequences that match a particular attack signature, while Rule-Based identifies potential attacks.
Answer : D
Question 11
A security incident occurred with the potential of impacting business services. Who performs the attack?
- A. threat actor
- B. malware author
- C. direct competitor
- D. bug bounty hunter
Answer : A
Reference:
https://www.paubox.com/blog/what-is-threat-actor/#:~:text=The%20term%20threat%20actor%20refers,CTA)%20when%20referencing%
20cybersecurity%20issues
Question 12
How does a certificate authority impact security?
- A. It authenticates domain identity when requesting an SSL certificate.
- B. It validates client identity when communicating with the server.
- C. It authenticates client identity when requesting an SSL certificate.
- D. It validates the domain identity of the SSL certificate.
Answer : D
Reference:
https://en.wikipedia.org/wiki/Certificate_authority
Question 13
Which data type is necessary to get information about source/destination ports?
- A. statistical data
- B. session data
- C. alert data
- D. connectivity data
Answer : D
Reference:
https://community.cisco.com/t5/application-networking/difference-between-session-connections-socket/td-p/2417074
Question 14
Which event is a vishing attack?
- A. obtaining disposed documents from an organization
- B. using a vulnerability scanner on a corporate network
- C. impersonating a tech support agent during a phone call
- D. setting up a rogue access point near a public hotspot
Answer : C
Reference:
https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html#~types-of-phishing-attacks
Question 15
DRAG DROP -
Drag and drop the security concept from the left onto the example of that concept on the right.
Select and Place:
Answer : 