Cisco Certified CyberOps Associate Practice Exam: Test Your Knowledge 2025

What is the primary difference between symmetric and asymmetric encryption algorithms?

A security analyst is reviewing network traffic and notices communication on TCP port 443. What type of traffic is most likely being observed?

An organization is implementing a defense-in-depth security strategy. Which statement best describes this approach?

A CyberOps analyst needs to determine the risk level of a newly discovered vulnerability. The vulnerability has a CVSS base score of 9.2. How should this vulnerability be prioritized?

During a security investigation, an analyst observes HTTP traffic containing the string "../../etc/passwd" in a URL parameter. What type of attack is likely being attempted?

A security analyst is configuring a SIEM system to collect logs from various sources. What is the primary benefit of normalizing log data in the SIEM?

An analyst receives an alert that a workstation has made 10,000 DNS queries in the last hour to various unique domains. What type of malicious activity is most likely occurring?

A CyberOps analyst is investigating network traffic and needs to analyze packets in real-time. Which tool is most appropriate for this task?

An organization's IDS has generated multiple alerts for the same source IP address attempting to connect to various closed ports on a server. What type of reconnaissance activity is most likely occurring?

A security analyst is examining a pcap file and notices a TCP session with the SYN, SYN-ACK, and ACK flags set in sequence, followed by data transfer, and then FIN flags. What does this indicate?

An analyst is investigating a Windows system and needs to identify all processes currently running and their associated network connections. Which command-line tool provides this information?

A CyberOps analyst discovers a suspicious file on a Windows endpoint with a .dll extension in the System32 folder. What is the best initial step to determine if this file is malicious?

During a Linux system investigation, an analyst needs to examine which users have recently logged into the system. Which log file should be reviewed?

An analyst suspects a Windows system has been compromised and malware is persisting through reboots. Which Windows Registry locations are most commonly used for malware persistence? (Choose the most comprehensive answer)

A security operations center has implemented a NetFlow collector to monitor network traffic patterns. What is the primary limitation of NetFlow compared to full packet capture?

An organization's incident response plan defines four main phases. During which phase should the security team focus on identifying the scope and impact of a security incident?

A CyberOps analyst needs to preserve evidence from a potentially compromised system for forensic analysis. According to best practices, in what order should volatile data be collected?

During packet analysis, an analyst observes traffic with TTL values that decrease as packets traverse routers. A packet arrives with a TTL value of 0. What will happen to this packet?

An analyst is reviewing firewall logs and notices multiple connection attempts from various source IPs to a single internal host, all using destination port 3389. What service is being targeted, and what should be the immediate concern?

A security analyst is examining network traffic and identifies a pattern where a compromised internal host is making periodic HTTP POST requests to an external IP address at regular 60-second intervals. The POST data appears to be Base64-encoded. What type of malicious activity is most likely occurring?