Beruflich Dokumente
Kultur Dokumente
DD:DD:DD:DD:DD:DD
172.168.10.99
CC:CC:CC:CC:CC:CC
172.168.10.65
BB:BB:BB:BB:BB:BB
AA:AA:AA:AA:AA:AA
Explanation:
When a host sends information to a distant network, the Layer 2 frame header will contain a source an
be the originating host device. The destination address will be the router interface that connects to the
information to host B, the source address is AA:AA:AA:AA:AA:AA and the destination address is the
BB:BB:BB:BB:BB:BB.
CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 03
router DG
PC-A
router ISP
web server
DNS server
Explanation:
The Wireshark capture is a DNS response from the DNS server to PC-A. Because the packet was capt
have encapsulated the response packet from the ISP router into an Ethernet frame addressed to PC-A a
A as the destination.
CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 02
CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 05
AAA
debug
ICMP
SNMP
Explanation:
The Simple Network Management Protocol is used by network devices to send and log messages to a
device events. The syslog service must be enabled on the server or a syslog server application must be
CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 04
CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 01
Collection – the identification of potential sources of forensic data and acquisition, handling, and s
Examination – assessing and extracting relevant information from the collected data. This may in
Analysis – drawing conclusions from the data. Salient features, such as people, places, times, even
Reporting – preparing and presenting information that resulted from the analysis. Reporting shoul
offered if appropriate
52. Why would threat actors prefer to use a zero-day attack
in the Cyber Kill Chain weaponization phase?
to get a free malware package
to launch a DoS attack toward the target
to avoid detection by the target
to gain faster delivery of the attack on the target
Explanation:
When a threat actor prepares a weapon for an attack, the threat actor chooses an automated tool (weapo
vulnerabilities. Malware that will carry desired attacks is then built into the tool as the payload. The we
to the target system. By using a zero-day weaponizer, the threat actor hopes that the weapon will not b
professionals and detection methods are not yet developed.
53. A threat actor has gained administrative access to a
system and achieved the goal of controlling the system for a
future DDoS attack by establishing a communication channel
with a CnC owned by the threat actor. Which phase in the
Cyber Kill Chain model describes the situation?
delivery
exploitation
action on objectives
command and control
Explanation:
The Cyber Kill Chain specifies seven steps (or phases) and sequences that a threat actor must complete
actor performs research, gathers intelligence, and selects targets.
Weaponization – The threat actor uses the information from the reconnaissance phase to develop a we
Delivery – The weapon is transmitted to the target using a delivery vector.
Exploitation – The threat actor uses the weapon delivered to break the vulnerability and gain control o
Installation – The threat actor establishes a back door into the system to allow for continued access to t
Command and Control (CnC) – The threat actor establish command and control (CnC) with the target
Action on Objectives – The threat actor is able to take action on the target system, thus achieving the o
56. Match the phase in the NIST incident response life cycle
to the action.
CCNA Cybersecurity Operations (Version 1.1) – Final Exam Answers 2019 Full 100% 001