Month End Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

CCOA ISACA Certified Cybersecurity Operations Analyst Questions and Answers

Questions 4

Which of the following should be the ULTIMATE outcome of adopting enterprise governance of information and technology in cybersecurity?

Options:

A.

Business resilience

B.

Risk optimization

C.

Resource optimization

D.

Value creation

Buy Now
Questions 5

Multi-factor authentication (MFA) BEST protects against which of the following attack vectors?

Options:

A.

Compromised credentials

B.

Social engineering

C.

Malware

D.

Ransomware

Buy Now
Questions 6

Target discovery and service enumeration would MOST likely be used by an attacker who has the initial objective of:

Options:

A.

corrupting process memory, likely resulting in system Instability.

B.

port scanning to identify potential attack vectors.

C.

deploying and maintaining backdoor system access.

D.

gaining privileged access in a complex network environment.

Buy Now
Questions 7

Which of the following is MOST helpful to significantly reduce application risk throughout the system development life cycle (SOLC)?

Options:

A.

Security by design approach

B.

Security through obscurity approach

C.

Peer code reviews

D.

Extensive penetration testing

Buy Now
Questions 8

Which of the following is MOST likely to outline and communicate the organization's vulnerability management program?

Options:

A.

Vulnerability assessment report

B.

Guideline

C.

Policy

D.

Control framework

Buy Now
Questions 9

In which phase of the Cyber Kill Chain" would a red team run a network and port scan with Nmap?

Options:

A.

Exploitation

B.

Delivery

C.

Reconnaissance

D.

Weaponization

Buy Now
Questions 10

For this question you must log into GreenboneVulnerability Manager using Firefox. The URL is:https://10.10.55.4:9392 and credentials are:

Username:admin

Password:Secure-gvm!

A colleague performed a vulnerability scan but did notreview prior to leaving for a family emergency. It hasbeen determined that a threat actor is using CVE-2021-22145 in the wild. What is the host IP of the machinethat is vulnerable to this CVE?

Options:

Buy Now
Questions 11

Which type of security model leverages the use of data science and machine learning (ML) to further enhance threat intelligence?

Options:

A.

Brew-Nash model

B.

Bell-LaPadula confidentiality model

C.

Security-ln-depth model

D.

Layered security model

Buy Now
Questions 12

The user of the Accounting workstation reported thattheir calculator repeatedly opens without their input.

The following credentials are used for thisquestion.

Username:Accounting

Password:1x-4cc0unt1NG-x1

Using the provided credentials, SSH to the Accountingworkstation and generate a SHA256 checksum of the filethat triggered RuleName Suspicious PowerShell usingeither certutil or Get-FileHash of the file causing theissue. Copy the hash and paste it below.

Options:

Buy Now
Questions 13

On the Analyst Desktop is a Malware Samples folderwith a file titled Malscript.viruz.txt.

What is the name of the service that the malware attempts to install?

Options:

Buy Now
Questions 14

An employee has been terminated for policy violations.Security logs from win-webserver01 have been collectedand located in the Investigations folder on theDesktop as win-webserver01_logs.zip.

Generate a SHA256 digest of the System-logs.evtx filewithin the win-webserver01_logs.zip file and providethe output below.

Options:

Buy Now
Questions 15

Which ruleset can be applied in the

/home/administrator/hids/ruleset/rules directory?

Double-click each image to view it larger.

CCOA Question 15

CCOA Question 15

CCOA Question 15

Options:

Buy Now
Questions 16

The CISO has received a bulletin from law enforcementauthorities warning that the enterprise may be at risk ofattack from a specific threat actor. Review the bulletin

named CCOA Threat Bulletin.pdf on the Desktop.

Which host IP was targeted during the following timeframe: 11:39 PM to 11:43 PM (Absolute) on August 16,2024?

Options:

Buy Now
Questions 17

The network team has provided a PCAP file withsuspicious activity located in the Investigations folderon the Desktop titled, investigation22.pcap.

What date was the webshell accessed? Enter the formatas YYYY-MM-DD.

Options:

Buy Now
Questions 18

Analyze the file titled pcap_artifact5.txt on the AnalystDesktop.

Decode the contents of the file and save the output in atext file with a filename of pcap_artifact5_decoded.txton the Analyst Desktop.

Options:

Buy Now
Questions 19

Which layer ofthe TCP/IP stack promotes the reliable transmission of data?

Options:

A.

Link

B.

Internet

C.

Application

D.

Transport

Buy Now
Questions 20

Your enterprise has received an alert bulletin fromnational authorities that the network has beencompromised at approximately 11:00 PM (Absolute) onAugust 19, 2024. The alert is located in the alerts folderwith filename, alert_33.pdf.

Use the IOCs to find the compromised host. Enter thehost name identified in the keyword agent.name fieldbelow.

Options:

Buy Now
Questions 21

The network team has provided a PCAP file withsuspicious activity located in the Investigations folderon the Desktop titled, investigation22.pcap.

What is the filename of the webshell used to control thehost 10.10.44.200? Your response must include the fileextension.

Options:

Buy Now
Questions 22

On the Analyst Desktop is a Malware Samples folderwith a file titled Malscript.viruz.txt.

Based on the contents of the malscript.viruz.txt, whichthreat actor group is the malware associated with?

Options:

Buy Now
Questions 23

The enterprise is reviewing its security posture byreviewing unencrypted web traffic in the SIEM.

How many unique IPs have received well knownunencrypted web connections from the beginning of2022 to the end of 2023 (Absolute)?

Options:

Buy Now
Questions 24

Following a ransomware incident, the network teamprovided a PCAP file, titled ransom.pcap, located in theInvestigations folder on the Desktop.

What is the full User-Agent value associated with theransomware demand file download. Enter your responsein the field below.

Options:

Buy Now
Questions 25

Which of the following is the BEST method of logical network segmentation?

Options:

A.

Encryption and tunneling

B.

IP address filtering and access control list (ACL)

C.

Virtual local area network (VLAN) tagging and isolation

D.

Physical separation of network devices

Buy Now
Questions 26

Cyber Analyst Password:

For questions that require use of the SIEM, pleasereference the information below:

https://10.10.55.2

Security-Analyst!

CYB3R-4n4ly$t!

Email Address:

ccoatest@isaca.org

Password:Security-Analyst!

The enterprise has been receiving a large amount offalse positive alerts for the eternalblue vulnerability. TheSIEM rulesets are located in

/home/administrator/hids/ruleset/rules.

What is the name of the file containing the ruleset foreternalblue connections? Your response must includethe file extension.

Options:

Buy Now
Questions 27

Following a ransomware incident, the network teamprovided a PCAP file, titled ransom.pcap, located in theInvestigations folder on the Desktop.

What is the name of the file containing the ransomwaredemand? Your response must include the fileextension.

Options:

Buy Now
Questions 28

Analyze the file titled pcap_artifact5.txt on the AnalystDesktop.

Decode the targets within the file pcap_artifact5.txt.

Select the correct decoded targets below.

10cal.com/exam

clOud-s3cure.com

c0c0nutf4rms.net

h3avy_s3as.biz

b4ddata.org

Options:

Buy Now
Questions 29

The enterprise is reviewing its security posture byreviewing unencrypted web traffic in the SIEM.

How many logs are associated with well knownunencrypted web traffic for the month of December2023 (Absolute)? Note: Security Onion refers to logsas documents.

Options:

Buy Now
Questions 30

Question 1 and 2

You have been provided with authentication logs toinvestigate a potential incident. The file is titledwebserver-auth-logs.txt and located in theInvestigations folder on the Desktop.

Which IP address is performing a brute force attack?

What is the total number of successful authenticationsby the IP address performing the brute force attack?

Options:

Buy Now
Questions 31

Your enterprise has received an alert bulletin fromnational authorities that the network has beencompromised at approximately 11:00 PM (Absolute) onAugust 19, 2024. The alert is located in the alerts folderwith filename, alert_33.pdf.

What is the name of the suspected malicious filecaptured by keyword process.executable at 11:04 PM?

Options:

Buy Now
Questions 32

The user of the Accounting workstation reported thattheir calculator repeatedly opens without their input.

Perform a query of startup items for the agent.nameaccounting-pc in the SIEM for the last 24 hours. Identifythe file name that triggered RuleName SuspiciousPowerShell. Enter your response below. Your responsemust include the file extension.

Options:

Buy Now
Questions 33

The CISO has received a bulletin from law enforcementauthorities warning that the enterprise may be at risk ofattack from a specific threat actor. Review the bulletin

named CCOA Threat Bulletin.pdf on the Desktop.

Which of the following domain name(s) from the CCOAThreat Bulletin.pdf was contacted between 12:10 AMto 12:12 AM (Absolute) on August 17, 2024?

Options:

Buy Now
Questions 34

Which of the following controls would BEST prevent an attacker from accessing sensitive data from files or disk images that have been obtained either physically or via the network?

Options:

A.

Next generation antivirus

B.

Data loss prevention (DLP)

C.

Endpoint detection and response (EOR)

D.

Encryption of data at rest

Buy Now
Questions 35

Which of the following is the BEST method for hardening an operating system?

Options:

A.

Implementing a host Intrusion detection system (HIOS)

B.

Manually signing all drivers and applications

C.

Removing unnecessary services and applications

D.

Applying only critical updates

Buy Now
Questions 36

Which of the following is the core component of an operating system that manages resources, implements security policies, and provides the interface between hardware and software?

Options:

A.

Kernel

B.

Library

C.

Application

D.

Shell

Buy Now
Questions 37

Which of the following is the PRIMARY security related reason to use a tree network topology rather than a bus network topology?

Options:

A.

It enables easier network expansion and scalability.

B.

It enables better network performance and bandwidth utilization.

C.

It is more resilient and stable to network failures.

D.

It Is less susceptible to data Interception and eavesdropping.

Buy Now
Questions 38

Which ofthe following is the PRIMARY purpose of load balancers in cloud networking?

Options:

A.

Distributing traffic between multiple servers

B.

Optimizing database queries

C.

Monitoring network traffic

D.

Load testing applications

Buy Now
Questions 39

Which of the following roles is responsible for approving exceptions to and deviations from the incident management team charter on an ongoing basis?

Options:

A.

Security steering group

B.

Cybersecurity analyst

C.

Chief information security officer (CISO)

D.

Incident response manager

Buy Now
Questions 40

The Platform as a Service (PaaS) model is often used to support which of the following?

Options:

A.

Efficient application development and management

B.

Local on-premise management of products and services

C.

Subscription-based pay peruse applications

D.

Control over physical equipment running application developed In-house

Buy Now
Questions 41

Which of the following is the MOST important reason to limit the number of users with local admin privileges on endpoints?

Options:

A.

Local admin users might Install unapproved software.

B.

Local admin accounts have elevated privileges that can be exploited by threat actors.

C.

local admin accounts require more administrative work in order to manage them properly.

D.

Local admin users might make unauthorized changes.

Buy Now
Exam Code: CCOA
Exam Name: ISACA Certified Cybersecurity Operations Analyst
Last Update: Apr 29, 2025
Questions: 139

PDF + Testing Engine

$87.15  $249

Testing Engine

$78.75  $225
buy now CCOA testing engine

PDF (Q&A)

$69.65  $199
buy now CCOA pdf