CCNA Cybersecurity Operations (Version 1.1) - CyberOps Chapter 4 Exam Answers full pdf free download new question 2019-2020, 100% scored. Hammerspoon What is Hammerspoon? This is a tool for powerful automation of OS X. At its core, Hammerspoon is just a bridge between the operating system and a Lua scripting engine.
Last Updated on June 18, 2019 by
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019
Which PDU format is used when bits are received from the network medium by the NIC of a host?
- file
- frame
- packet
- segment
Explanation: When received at the physical layer of a host, the bits are formatted into a frame at the data link layer. A packet is the PDU at the network layer. A segment is the PDU at the transport layer. A file is a data structure that may be used at the application layer.
Which term is used to describe the process of placing one message format inside another message format?
- encoding
- segmentation
- encapsulation
- multiplexing
Explanation: The encapsulation process is performed at each OSI layer and is the process of placing one message format inside another message format.
What is the prefix length notation for the subnet mask 255.255.255.224?
- /25
- /26
- /27
- /28
Explanation: The binary format for 255.255.255.224 is 11111111.11111111.11111111.11100000. The prefix length is the number of consecutive 1s in the subnet mask. Therefore, the prefix length is /27.
Why does a Layer 3 device perform the ANDing process on a destination IP address and subnet mask?
- to identify the broadcast address of the destination network
- to identify the host address of the destination host
- to identify faulty frames
- to identify the network address of the destination network
Explanation: ANDing allows us to identify the network address from the IP address and the network mask.
A high school in New York (school A) is using videoconferencing technology to establish student interactions with another high school (school B) in Russia. The videoconferencing is conducted between two end devices through the Internet. The network administrator of school A configures the end device with the IP address 209.165.201.10. The administrator sends a request for the IP address for the end device in school B and the response is 192.168.25.10. Neither school is using a VPN. The administrator knows immediately that this IP will not work. Why?
- This is a loopback address.
- This is a link-local address.
- This is a private IP address.
- There is an IP address conflict.
Explanation: The IP address 192.168.25.10 is an IPv4 private address. This address will not be routed over the Internet, so school A will not be able to reach school B. Because the address is a private one, it can be used freely on an internal network. As long as no two devices on the internal network are assigned the same private IP, there is no IP conflict issue. Devices that are assigned a private IP will need to use NAT in order to communicate over the Internet.
Which three IP addresses are private ? (Choose three.)
- 10.1.1.1
- 172.32.5.2
- 192.167.10.10
- 172.16.4.4
- 192.168.5.5
- 224.6.6.6
Explanation: The private IP addresses are within these three ranges:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
Refer to the exhibit. Using the network in the exhibit, what would be the default gateway address for host A in the 192.133.219.0 network?
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 03
- 192.135.250.1
- 192.31.7.1
- 192.133.219.0
- 192.133.219.1
What is the purpose of the routing process?
- to encapsulate data that is used to communicate across a network
- to select the paths that are used to direct traffic to destination networks
- to convert a URL name into an IP address
- to provide secure Internet file transfer
- to forward traffic on the basis of MAC addresses
Refer to the exhibit. What is the global IPv6 address of the host in uncompressed format?
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 06
- 2001:0DB8:0000:0000:0000:0BAF:3F57:FE94
- 2001:0DB8:0000:0BAF:0000:0000:3F57:FE94
- 2001:DB80:0000:0000:BAF0:0000:3F57:FE94
- 2001:0DB8:0000:0000:0BAF:0000:3F57:FE94
Explanation: In the compressed format, the :: represents two contiguous hextets of all zeros. Leading zeros in the second, fifth, and sixth hextets have also been removed.
What is the purpose of ICMP messages?
- to inform routers about network topology changes
- to ensure the delivery of an IP packet
- to provide feedback of IP packet transmissions
- to monitor the process of a domain name to IP address resolution
Explanation: The purpose of ICMP messages is to provide feedback about issues that are related to the processing of IP packets.
Refer to the exhibit. A cybersecurity analyst is viewing captured ICMP echo request packets sent from host A to host B on switch S2. What is the source MAC address of Ethernet frames carrying the ICMP echo request packets?
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 01
- 00-60-0F-B1-D1-11
- 01-90-C0-E4-55-BB
- 00-D0-D3-BE-79-26
- 08-CB-8A-5C-D5-BA
Explanation: When router R1 receives the ICMP echo requests from host A it will forward the packets out interface G0/1 towards host B. However, before forwarding the packets, R1 will encapsulate them in a new Ethernet frame using the MAC address of interface G0/1 as the source and the MAC address of host B as the destination.
Refer to the exhibit. PC1 issues an ARP request because it needs to send a packet to PC2. In this scenario, what will happen next?
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 04
- PC2 will send an ARP reply with its MAC address.
- RT1 will send an ARP reply with its Fa0/0 MAC address.
- RT1 will send an ARP reply with the PC2 MAC address.
- SW1 will send an ARP reply with the PC2 MAC address.
- SW1 will send an ARP reply with its Fa0/1 MAC address.
Explanation: When a network device wants to communicate with another device on the same network, it sends a broadcast ARP request. In this case, the request will contain the IP address of PC2. The destination device (PC2) sends an ARP reply with its MAC address.
What are two features of ARP? (Choose two.)
- If a host is ready to send a packet to a local destination device and it has the IP address but not the MAC address of the destination, it generates an ARP broadcast.
- An ARP request is sent to all devices on the Ethernet LAN and contains the IP address of the destination host and its multicast MAC address.
- When a host is encapsulating a packet into a frame, it refers to the MAC address table to determine the mapping of IP addresses to MAC addresses.
- If no device responds to the ARP request, then the originating node will broadcast the data packet to all devices on the network segment.
- If a device receiving an ARP request has the destination IPv4 address, it responds with an ARP reply.
Explanation: When a node encapsulates a data packet into a frame, it needs the destination MAC address. First it determines if the destination device is on the local network or on a remote network. Then it checks the ARP table (not the MAC table) to see if a pair of IP address and MAC address exists for either the destination IP address (if the destination host is on the local network) or the default gateway IP address (if the destination host is on a remote network). If the match does not exist, it generates an ARP broadcast to seek the IP address to MAC address resolution. Because the destination MAC address is unknown, the ARP request is broadcast with the MAC address FFFF.FFFF.FFFF. Either the destination device or the default gateway will respond with its MAC address, which enables the sending node to assemble the frame. If no device responds to the ARP request, then the originating node will discard the packet because a frame cannot be created.
What are two potential network problems that can result from ARP operation? (Choose two.)
- Manually configuring static ARP associations could facilitate ARP poisoning or MAC address spoofing.
- On large networks with low bandwidth, multiple ARP broadcasts could cause data communication delays.
- Network attackers could manipulate MAC address and IP address mappings in ARP messages with the intent of intercepting network traffic.
- Large numbers of ARP request broadcasts could cause the host MAC address table to overflow and prevent the host from communicating on the network.
- Multiple ARP replies result in the switch MAC address table containing entries that match the MAC addresses of hosts that are connected to the relevant switch port.
Explanation: Large numbers of ARP broadcast messages could cause momentary data communications delays. Network attackers could manipulate MAC address and IP address mappings in ARP messages with the intent to intercept network traffic. ARP requests and replies cause entries to be made into the ARP table, not the MAC address table. ARP table overflows are very unlikely. Manually configuring static ARP associations is a way to prevent, not facilitate, ARP poisoning and MAC address spoofing. Multiple ARP replies resulting in the switch MAC address table containing entries that match the MAC addresses of connected nodes and are associated with the relevant switch port are required for normal switch frame forwarding operations. It is not an ARP caused network problem.
What happens if part of an FTP message is not delivered to the destination?
- The message is lost because FTP does not use a reliable delivery method.
- The FTP source host sends a query to the destination host.
- The part of the FTP message that was lost is re-sent.
- The entire FTP message is re-sent.
Explanation: Because FTP uses TCP as its transport layer protocol, sequence and acknowledgment numbers will identify the missing segments, which will be re-sent to complete the message.
What is a socket?
- the combination of the source and destination IP address and source and destination Ethernet address
- the combination of a source IP address and port number or a destination IP address and port number
- the combination of the source and destination sequence and acknowledgment numbers
- the combination of the source and destination sequence numbers and port numbers
Explanation: A socket is a combination of the source IP address and source port or the destination IP address and the destination port number.
Which two characteristics are associated with UDP sessions? (Choose two.)
- Destination devices receive traffic with minimal delay.
- Transmitted data segments are tracked.
- Destination devices reassemble messages and pass them to an application.
- Received data is unacknowledged.
- Unacknowledged data packets are retransmitted.
Explanation: TCP:
· Provides tracking of transmitted data segments
· Destination devices will acknowledge received data.
· Source devices will retransmit unacknowledged data.UDP
· Destination devices will not acknowledge received data
· Headers use very little overhead and cause minimal delay.
Which TCP mechanism is used to identify missing segments?
- FCS
- sequence numbers
- window size
- acknowledgments
Explanation: TCP segments are acknowledged by the receiver as they arrive. The receiver keeps track of the sequence number of received segments and uses the sequence number to reorder the segments and to identify any missing segments that need to be retransmitted.
Which transport layer feature is used to guarantee session establishment?
- UDP ACK flag
- TCP 3-way handshake
- UDP sequence number
- TCP port number
Explanation: TCP uses the 3-way handshake. UDP does not use this feature. The 3-way handshake ensures there is connectivity between the source and destination devices before transmission occurs.
How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?
- A DHCPDISCOVER message is sent with the IP address of the DHCP server as the destination address.
- A DHCPDISCOVER message is sent with a multicast IP address that all DHCP servers listen to as the destination address.
- A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.
- A DHCPDISCOVER message is sent with the IP address of the default gateway as the destination address.
Explanation: The DHCPDISCOVER message is sent by a DHCPv4 client and targets a broadcast IP along with the destination port 67. The DHCPv4 server or servers respond to the DHCPv4 clients by targeting port 68.
What part of the URL, http://www.cisco.com/index.html, represents the top-level DNS domain?
- .com
- www
- http
- index
Explanation: The components of the URL http://www.cisco.com/index.htm are as follows:
http = protocol
www = part of the server name
cisco = part of the domain name
index = file name
com = the top-level domain
What is the primary purpose of NAT?
- conserve IPv4 addresses
- increase network security
- allow peer-to-peer file sharing
- enhance network performance
Explanation: NAT was developed to conserve IPv4 addresses. A side benefit is that NAT adds a small level of security by hiding the internal network addressing scheme. However, there are some drawbacks of using NAT. It does not allow true peer-to-peer communication and it adds latency to outbound connections.
In NAT translation for internal hosts, what address would be used by external users to reach internal hosts?
- inside local
- inside global
- outside global
- outside local
Explanation: From the perspective of a NAT device, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.
Refer to the exhibit. A cybersecurity analyst is viewing captured packets forwarded on switch S1. Which device has the MAC address 50:6a:03:96:71:22?
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 02
- router DG
- router ISP
- DSN server
- web server
- PC-A
Explanation: The Wireshark capture is of a DNS query from PC-A to the DNS server. Because the DNS server is on a remote network, the PC will send the query to the default gateway router, router DG, using the MAC address of the router G0/0 interface on the router.
Which application layer protocol uses message types such as GET, PUT, and POST?
- DNS
- DHCP
- SMTP
- HTTP
- POP3
Explanation: The GET command is a client request for data from a web server. A PUT command uploads resources and content, such as images, to a web server. A POST command uploads data files to a web server.
Match the TCP/IP model layer with the function.
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 001
Match the compressed IPv6 address representation with the full IPv6 address. (Not all options are used.)
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 002
Refer to the exhibit. Consider a datagram that originates on the PC and that is destined for the web server. Match the IP addresses and port numbers that are in that datagram to the description. (Not all options are used.)
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 05
CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 4 Exam Answers 2019 Full 100% 003
Explanation: A TCP/IP segment that originated on the PC has 192.168.1.2 as the IP source address. 2578 is the only possible option for the source port number because the PC port number must be in the range of registered ports 1024 to 49151. The destination is the web server, which has the IP address 192.168.2.2, and the destination port number is 80 according to the HTTP protocol standard.
Individuals who have a valid authorized need to access DoD Public Key Infrastructure (PKI)- protected information but do not have access to a government site or government-furnished equipment will need to configure their systems to access PKI-protected content.
Accessing DoD PKI-protected information is most commonly achieved using the PKI certificates stored on your Common Access Card (CAC). The certificates on your CAC can allow you to perform routine activities such as accessing OWA, signing documents, and viewing other PKI-protected information online. For more information about your CAC and the information stored on it, visit http://www.cac.mil.
Before you begin, make sure you know your organization’s policies regarding remote use.
Cyber Ops For Macbook
Windows
To get started you will need:
- CAC
- Card reader
- Middleware (if necessary, depending on your operating system version)
You can get started using your CAC by following these basic steps:
- Get a card reader.
At this time, the best advice for obtaining a card reader is to work with your home component to get one. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a card reader. - Install middleware, if necessary.
You may need additional middleware, depending on the operating system you use. Please contact your CC/S/A for more information on the middleware requirements for your organization. You can find their contact information on our Contact Us tab. - Install DoD root certificates with InstallRoot (32-bit, 64-bit or Non Administrator).
In order for your machine to recognize your CAC certificates and DoD websites as trusted, run the InstallRoot utility (32-bit, 64-bit or Non Administrator) to install the DoD CA certificates on Microsoft operating systems. If you’re running an alternate operating system such as Mac OS or Linux, you can import certificates from the PKCS 7 bundle. The InstallRoot User Guide is available here. - Make certificates available to your operating system and/or browser, if necessary.
Pick your browser for specific instructions.
Mac
To get started you will need:
- CAC (see note below)
- Card reader
You can get started using your CAC on your Mac OS X system by following these basic steps:
- Get a card reader
Typically Macs do not come with card readers and therefore an external card reader is necessary. At this time, the best advice for obtaining a card reader is through working with your home component. In addition, please review the DoD CAC Reader Specifications for more information regarding card reader requirements. - Download and install the OS X Smartcard Services package
The OS X Smartcard Services Package allows a Mac to read and communicate with a smart card. In order for your machine to recognize your CAC certificates and DoD websites as trusted, the installer will load the DoD CA certificates on OS X. Please refer to this page for specific installation instructions. - Address the cross-certificate chaining Issue
These instructions walk through adjusting the trust settings on the Interoperability Root CA (IRCA) > DoD Root CA 2 and the US DoD CCEB IRCA 1 > DoD Root CA 2 certificates to prevent cross-certificate chaining issues. This can make it appear that your certificates are issued by roots other than the DoD Root CA 2 and can prevent access to DoD websites. - Configure Chrome and Safari, if necessary
Safari and Google Chrome rely on Keychain Access properly recognizing your CAC certificates.- In Finder, navigate to Go > Utilities and launch KeychainAccess.app
- Verify that your CAC certificates are recognized and displayed in Keychain Access
Note: CACs are currently made of different kinds of card stock. To determine what card stock you have, look at the back of your CAC above the magnetic strip. Most CACs are supported by the Smartcard Services package, however Oberthur ID One 128 v5.5 CACs are not. Third party middleware is available that will support these CACS; two such options are Thursby Software’s PKard and Centrify’s Express for Smart Card.
Linux
To get started you will need:
- CAC
- Card reader
- Middleware
You can get started using your CAC with Firefox on Linux machines by following these basic steps:
- Get a card reader.
At this time, the best advice for obtaining a card reader is to work with your home component to get one. In addition, please review the DoD CAC Reader Specifications for more information regarding the requirements for a card reader. - Obtain middleware.
You will need middleware for Linux to communicate with the CAC. The CoolKey PKCS#11 module provides access to the CAC and can be installed using Linux package management commands.- For Debian-based distributions, use the command apt-get install coolkey
- For Fedora-based distributions, use the command yum install coolkey. The CoolKey PKCS #11 module version 1.1.0 release 15 ships with RHEL 5.7 and above and is located at /usr/lib/pkcs11/libcoolkeypk11.so.
If you prefer to build CoolKey from source, instructions are included in the Configuring Firefox for the CAC guide.
- Configure Firefox to trust the DoD PKI and use the CAC.
To configure Firefox to communicate with the CAC, follow these steps to install the DoD root and intermediate CA certificates into the Firefox NSS trust store, load the CoolKey library, and ensure the Online Certificate Status Protocol (OCSP) is being used to perform revocation checking.
Next Steps
Cyber Ops For Mac Installer
Your internet browser is now configured to access DoD websites using the certificates on your CAC. Now that your machine is properly configured, please login and visit our End Users page for more information on using the PKI certificates on your CAC.