CCNA Cbrops Security Concepts Questions

24 of 99 questions · Page 2/2 · Cbrops Security Concepts topic · Answers revealed

76
Multi-Selecteasy

A security analyst is identifying potential vulnerabilities in the network. Which TWO of the following are examples of passive reconnaissance?

Select 2 answers
A.Vulnerability scan
B.Google search for company information
C.WHOIS lookup
D.Ping sweep
E.Port scanning
AnswersB, C

Google search uses public data without interacting with the target network.

Why this answer

Passive reconnaissance involves gathering information without directly interacting with the target systems. A Google search for company information (Option B) collects publicly available data from search engine caches and indexed pages, which does not send any packets to the target's network. A WHOIS lookup (Option C) queries public registration databases for domain ownership and contact details, again without touching the target's infrastructure.

Both methods rely on third-party sources and leave no trace on the target's systems.

Exam trap

Cisco often tests the distinction between passive and active reconnaissance by including 'vulnerability scan' as a distractor, because candidates may mistakenly think it is passive since it can be run with minimal privileges, but it always involves direct interaction with the target.

77
MCQeasy

Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?

A.Non-repudiation
B.Confidentiality
C.Integrity
D.Availability
AnswerC

Integrity ensures data remains unaltered by unauthorized actors.

Why this answer

Integrity ensures that data is not altered by unauthorized individuals or processes.

78
MCQmedium

A security analyst discovers that a server's configuration allows users to access files outside of their intended directory. In security terminology, what is this weakness called?

A.Exploit
B.Vulnerability
C.Threat
D.Risk
AnswerB

A vulnerability is a specific weakness in a system that can be exploited.

Why this answer

A vulnerability is a weakness that can be exploited.

79
MCQmedium

Which of the following is an example of a symmetric encryption algorithm?

A.SHA-256
B.RSA
C.AES
D.ECC
AnswerC

AES is a widely used symmetric cipher.

Why this answer

Symmetric encryption uses the same key for encryption and decryption. AES and 3DES are symmetric algorithms.

80
MCQhard

An organization wants to ensure that a user cannot deny having sent an email. Which security goal does this address?

A.Non-repudiation
B.Availability
C.Integrity
D.Confidentiality
AnswerA

Non-repudiation prevents denial of actions.

Why this answer

Non-repudiation ensures that a party cannot deny having performed a specific action, such as sending an email. This is typically achieved through digital signatures using asymmetric cryptography (e.g., RSA or ECDSA) and public key infrastructure (PKI), where the sender's private key creates a signature that can be verified by anyone with the sender's public key. The goal is to provide irrefutable proof of origin and integrity, preventing the sender from later claiming they did not send the message.

Exam trap

Cisco often tests the distinction between integrity and non-repudiation, where candidates mistakenly choose integrity because they associate hashing with proof of origin, but integrity alone does not link the data to a specific sender.

How to eliminate wrong answers

Option B (Availability) is wrong because availability ensures that systems and data are accessible when needed, often through redundancy and fault tolerance, not by preventing denial of actions. Option C (Integrity) is wrong because integrity guarantees that data has not been altered in transit or storage, typically via hashing (e.g., SHA-256) or checksums, but does not tie an action to a specific user. Option D (Confidentiality) is wrong because confidentiality protects data from unauthorized disclosure using encryption (e.g., AES or TLS), but does not provide proof of origin or prevent repudiation.

81
MCQmedium

A company's security policy requires that sensitive data be encrypted at rest using AES-256. Which type of encryption does AES-256 represent?

A.Hashing algorithm
B.Digital signature
C.Asymmetric encryption
D.Symmetric encryption
AnswerD

AES is a symmetric block cipher.

Why this answer

AES is a symmetric encryption algorithm, meaning the same key is used for encryption and decryption.

82
MCQeasy

A security analyst discovers that a malicious actor is using a technique to gather information about employees by searching social media sites. Which type of attack is being performed?

A.Active reconnaissance
B.Passive reconnaissance
C.Denial of Service
D.Social engineering
AnswerB

Passive reconnaissance collects information without directly engaging the target.

Why this answer

Reconnaissance attacks involve gathering information to identify vulnerabilities. Passive reconnaissance uses publicly available sources like social media.

83
MCQhard

An attacker intercepts communication between a client and a server, allowing the attacker to read, insert, and modify messages in both directions. Which type of network attack is this?

A.Denial of Service
B.ARP spoofing
C.DNS poisoning
D.Man-in-the-middle
AnswerD

MitM allows interception, reading, and modification of communications between two parties.

Why this answer

A man-in-the-middle (MitM) attack places the attacker between two parties to intercept and manipulate traffic.

84
MCQhard

A security analyst is investigating an incident where an employee received an email that appeared to be from the company's IT department, requesting the employee to verify their account by clicking a link and entering their credentials. The employee complied, and later the attacker used those credentials to access the corporate VPN. Which combination of attack types best describes this incident?

A.Pretexting and privilege escalation
B.Phishing and man-in-the-middle
C.Spear phishing and credential theft
D.Vishing and brute force
AnswerC

Spear phishing is the targeted email; credential theft is the result.

Why this answer

The email is a social engineering technique known as phishing. Since it targeted a specific employee with a tailored message (IT department), it is spear phishing. The attacker then used the credentials to access the VPN, which is a direct use of the stolen information, not a separate attack like MitM.

85
MCQeasy

A security analyst discovers that an attacker used a publicly available tool to scan a company's network for open ports and services. What type of attack is this?

A.Passive reconnaissance
B.Denial of Service
C.Social engineering
D.Active reconnaissance
AnswerD

Port scanning is active because it sends probes to the target.

Why this answer

Option D is correct because using a publicly available tool to scan a company's network for open ports and services involves directly interacting with the target systems by sending probes (e.g., TCP SYN packets, UDP datagrams) and analyzing responses. This constitutes active reconnaissance, as the attacker's actions generate traffic that can be detected by intrusion detection systems (IDS) or firewall logs, unlike passive methods that only observe existing traffic.

Exam trap

Cisco often tests the distinction between active and passive reconnaissance by presenting a scenario where a tool is used to 'scan' or 'probe' the network, and candidates mistakenly choose passive reconnaissance because they think 'scanning' is non-intrusive, but any direct interaction with the target (sending packets) is active.

How to eliminate wrong answers

Option A is wrong because passive reconnaissance involves gathering information without directly interacting with the target network, such as sniffing traffic or using public records (e.g., WHOIS, DNS lookups), not sending probes to identify open ports. Option B is wrong because a Denial of Service (DoS) attack aims to disrupt or degrade service availability by overwhelming resources (e.g., SYN flood, ICMP flood), not to enumerate open ports and services for later exploitation. Option C is wrong because social engineering exploits human psychology to manipulate individuals into divulging confidential information or performing actions, not technical scanning of network ports and services.

86
MCQeasy

An organization implements encryption for all sensitive data at rest and in transit to prevent unauthorized access. Which element of the CIA triad is being primarily addressed?

A.Non-repudiation
B.Integrity
C.Availability
D.Confidentiality
AnswerD

Encryption directly supports confidentiality by preventing unauthorized access.

Why this answer

Confidentiality ensures that data is not disclosed to unauthorized individuals or systems.

87
MCQmedium

A network analyst notices a high volume of traffic from a single external IP address to multiple internal hosts on port 443. The traffic includes incomplete TCP handshakes. Which type of reconnaissance is being performed?

A.Social engineering attack
B.Active reconnaissance via port scanning
C.Denial of Service attack
D.Passive reconnaissance using WHOIS
AnswerB

Port scanning sends probes to identify open ports, generating traffic and incomplete connections.

Why this answer

Active reconnaissance involves direct interaction with the target, such as port scanning, which generates traffic. Passive recon uses public data.

88
MCQmedium

An attacker sends an email posing as the company's IT department, asking employees to click a link and enter their credentials. Which type of social engineering attack is this?

A.Vishing
B.Phishing
C.Pretexting
D.Spear phishing
AnswerB

Phishing is a mass email attack impersonating a legitimate entity.

Why this answer

B is correct because the attack uses email as the delivery vector to trick recipients into revealing credentials, which is the classic definition of phishing. Phishing is a broad category of social engineering that employs deceptive electronic communications (typically email) to steal sensitive information.

Exam trap

Cisco often tests the distinction between phishing (mass, untargeted) and spear phishing (targeted), so the trap here is that candidates may confuse the generic email to all employees with a targeted attack, leading them to incorrectly choose spear phishing.

How to eliminate wrong answers

Option A is wrong because vishing (voice phishing) uses telephone calls or voice messages, not email. Option C is wrong because pretexting involves fabricating a scenario or identity to gain trust and extract information, but it does not specifically require an email with a link to harvest credentials. Option D is wrong because spear phishing is a targeted version of phishing aimed at a specific individual or organization, whereas the question describes a generic email sent to all employees, which is a mass phishing campaign.

89
MCQeasy

Which component of the NIST Cybersecurity Framework involves taking action to stop an ongoing attack?

A.Identify
B.Detect
C.Respond
D.Protect
AnswerC

Respond includes actions to address and mitigate attacks.

Why this answer

The Respond function includes activities to contain and mitigate incidents.

90
MCQhard

An organization must comply with a regulation that requires protecting the privacy of EU citizens' personal data. Which compliance framework applies?

A.HIPAA
B.ISO 27001
C.PCI DSS
D.GDPR
AnswerD

GDPR protects personal data of EU citizens.

Why this answer

The General Data Protection Regulation (GDPR) is the EU regulation specifically designed to protect the privacy and personal data of EU citizens. It applies to any organization that processes or controls the personal data of individuals in the EU, regardless of where the organization is based. This makes GDPR the correct compliance framework for the scenario described.

Exam trap

Cisco often tests the distinction between data privacy regulations (like GDPR) and data security standards (like PCI DSS or HIPAA), where candidates mistakenly apply a US-centric regulation to an EU privacy requirement.

How to eliminate wrong answers

Option A is wrong because HIPAA (Health Insurance Portability and Accountability Act) applies only to protected health information (PHI) in the United States, not to EU citizens' personal data. Option B is wrong because ISO 27001 is an international standard for information security management systems (ISMS), not a regulation that specifically addresses EU privacy requirements. Option C is wrong because PCI DSS (Payment Card Industry Data Security Standard) governs the security of credit card data, not the privacy of EU citizens' personal data.

91
MCQhard

In a PKI, what is the role of a Certificate Authority (CA)?

A.Generates private keys for users
B.Provides symmetric keys for session encryption
C.Encrypts data for secure transmission
D.Issues and validates digital certificates
AnswerD

CA issues certificates and validates their authenticity.

Why this answer

A CA issues, revokes, and manages digital certificates, establishing trust in the public key's ownership.

92
Multi-Selectmedium

Which THREE of the following are common types of malware?

Select 3 answers
A.Patch
B.Virus
C.Ransomware
D.Worm
AnswersB, C, D

A virus attaches to files and spreads.

Why this answer

A virus is a type of malware that replicates by attaching itself to legitimate executable files or scripts, requiring user action (e.g., opening an infected attachment) to spread. It is one of the classic and most common forms of malicious software, making option B correct.

Exam trap

Cisco often tests the distinction between security tools (like patches and firewalls) and actual malware types, leading candidates to mistakenly classify protective measures as malicious software.

93
MCQhard

A security analyst needs to verify that a downloaded software update has not been tampered with. The update's publisher provides a file containing a hash value. Which process should the analyst use to verify integrity?

A.Decrypt the file using the publisher's public key
B.Use a digital signature to sign the file
C.Compute the file's hash and compare it with the provided hash
D.Encrypt the file using the publisher's private key
AnswerC

Hash comparison verifies that the file has not been altered.

Why this answer

Option C is correct because verifying file integrity involves computing a cryptographic hash (e.g., SHA-256) of the downloaded file and comparing it to the hash provided by the publisher. If the hashes match, the file has not been altered; any tampering would produce a different hash value. This is a standard integrity check, not a confidentiality or authentication mechanism.

Exam trap

Cisco often tests the distinction between integrity (hash comparison) and authenticity (digital signatures), leading candidates to mistakenly choose digital signature verification when the question only asks about integrity.

How to eliminate wrong answers

Option A is wrong because decrypting a file with the publisher's public key would only work if the file were encrypted with the publisher's private key, which is used for confidentiality or non-repudiation, not for integrity verification of a hash. Option B is wrong because signing the file with a digital signature is a process the publisher performs to provide authenticity and integrity, but the analyst does not sign the file; the analyst verifies the signature using the publisher's public key. Option D is wrong because encrypting the file with the publisher's private key is not a standard integrity check; private key encryption is used for digital signatures or to prove origin, and the analyst would not have access to the publisher's private key.

94
Multi-Selectmedium

A security analyst is investigating a network breach. Which TWO activities are examples of passive reconnaissance? (Choose two.)

Select 2 answers
A.Reviewing LinkedIn profiles of employees
B.Sending ping sweeps to identify live hosts
C.Using a vulnerability scanner to find weaknesses
D.Searching WHOIS records for domain registration details
E.Performing a port scan on the target network
AnswersA, D

Social media review is a passive information gathering technique.

Why this answer

Passive reconnaissance involves gathering information without directly interacting with the target, such as searching public records and social media.

95
MCQmedium

An organization is required to protect cardholder data. Which compliance framework applies to this requirement?

A.ISO 27001
B.HIPAA
C.GDPR
D.PCI DSS
AnswerD

PCI DSS is the standard for protecting payment card data.

Why this answer

PCI DSS is the Payment Card Industry Data Security Standard, which applies to organizations that handle credit card data.

96
Multi-Selectmedium

An organization wants to protect sensitive data at rest and in transit. Which THREE cryptographic methods can provide confidentiality? (Choose three.)

Select 3 answers
A.Digital signature
B.Transport Layer Security (TLS)
C.Symmetric encryption
D.Hashing
E.Asymmetric encryption
AnswersB, C, E

TLS encrypts data in transit using symmetric and asymmetric methods.

Why this answer

Symmetric encryption, asymmetric encryption, and TLS (which uses both) provide confidentiality. Hashing does not.

97
MCQmedium

An attacker sends a fraudulent email that appears to come from the company's IT department, requesting that the recipient click a link and enter their login credentials. Which type of social engineering attack is this?

A.Vishing
B.Phishing
C.Pretexting
D.Spear phishing
AnswerB

Phishing is a broad term for fraudulent emails asking for credentials.

Why this answer

This is a phishing attack because the attacker uses a fraudulent email that impersonates a trusted entity (the IT department) to trick the recipient into clicking a malicious link and entering sensitive login credentials. Phishing is a broad category of social engineering that relies on deceptive electronic communications, typically email, to harvest credentials or deliver malware.

Exam trap

Cisco often tests the distinction between generic phishing and spear phishing, where the trap is that candidates confuse a broad phishing email with a targeted one, but the question lacks any indication of personalization or specific targeting, making 'Phishing' the correct choice over 'Spear phishing'.

How to eliminate wrong answers

Option A (Vishing) is wrong because vishing (voice phishing) uses voice calls or VoIP systems, not email, to deceive victims. Option C (Pretexting) is wrong because pretexting involves fabricating a scenario or false identity to obtain information, but it does not necessarily use a fraudulent email with a link to harvest credentials; it often relies on direct interaction or impersonation over phone or in person. Option D (Spear phishing) is wrong because spear phishing is a targeted form of phishing aimed at a specific individual or organization, often using personalized details; the question describes a generic email sent to a recipient without indicating targeting, so it fits the broader phishing category.

98
MCQmedium

Which compliance standard specifically applies to organizations that handle credit card information?

A.HIPAA
B.GDPR
C.ISO 27001
D.PCI DSS
AnswerD

PCI DSS governs credit card data security.

Why this answer

PCI DSS is the Payment Card Industry Data Security Standard for credit card data.

99
Multi-Selectmedium

A security engineer is analyzing a recent data breach. Which TWO are examples of active reconnaissance techniques? (Select two.)

Select 2 answers
A.Port scanning
B.Ping sweep
C.LinkedIn profiling
D.WHOIS lookup
E.Google dorking
AnswersA, B

Port scanning directly probes open ports on a target system.

Why this answer

Active reconnaissance involves direct interaction with the target. Port scanning and ping sweeps are active; WHOIS and Google searches are passive.

← PreviousPage 2 of 2 · 99 questions total

Ready to test yourself?

Try a timed practice session using only Cbrops Security Concepts questions.