CND 1 - 100

Question 1

An attacker uses different types of password cracking techniques to crack the password and gain unauthorized access to a system. An attacker uses a file containing a list of commonly used passwords. They then upload this file into the cracking application that runs against the user accounts. Which of the following password cracking techniques is the attacker trying?

A. Hybrid

B. Rainbow table

C. Dictionary

D. Bruteforce

Answer 1

C

Question 2

Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

A. Pipe model

B. Hose model

C. AAA model

D. Hub-and-Spoke VPN model

Answer 2

A

Question 3

John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?

A. Packet Filtering

B. Circuit level gateway

C. Application level gateway

D. Stateful Multilayer Inspection

Answer 3

B

Question 4

Which of the following attack signature analysis techniques are implemented to examine the header information and conclude that a packet has been altered?

A. Composite signature-based analysis

B. Atomic signature-based analysis

C. Content-based signature analysis

D. Context-based signature analysis

Answer 4

D

Question 5

Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle’s company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be easy to implement and be network-wide. What type of solution would be best for Lyle?

A. He should choose a HIPS solution, as this is best suited to his needs.

B. Lyle would be best suited if he chose a NIPS implementation.

C. A NEPT implementation would be the best choice.

D. To better serve

Answer 5

B

Question 6

Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?

A. Based on a first come first served basis

B. Based on the type of response needed for the incident

C. Based on a potential technical effect of the incident

D. Based on approval from management

Answer 6

C

Question 6

Which of the following VPN topologies establishes a persistent connection between an organization’s main office and its branch offices using a third-party network or the Internet?

A. Hub-and-Spoke

B. Full Mesh

C. Point-to-Point

D. Star

Answer 6

A

Question 7

Which of the following is a best practice for wireless network security?

A. Do not placing packet filter between the AP and the corporate intranet

B. Using SSID cloaking

C. Do not changing the default SSID

D. Enabling the remote router login

Answer 7

B

Question 8

Smith is an IT technician that has been appointed to his company’s network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network vulnerability assessment plan?

A. Their first step is the acquisition of required documents, reviewing of security policies and compliance.

B. Their first step is to create an initial Executive report to show the management team.

C. Their first step is to make a hypothesis of what their final findings will be.

D. Their first step is to analyze the data they have currently gathered from the company or interviews.

Answer 8

A

Question 8

Daniel is giving training on designing and implementing a security policy in the organization. He is explaining the hierarchy of the security policy which demonstrates how policies are drafted, designed and implemented. What is the correct hierarchy for a security policy implementation?

A. Procedures, Policies, Laws, Standards and Regulations

B. Laws, Regulations, Policies, Standards and Procedures

C. Regulations, Policies, Laws, Standards and Procedures

D. Laws, Policies, Regulations, Procedures and Standards

Answer 8

B

Question 9

Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control measures for their files and folders. Which access control did Ross implement?

A. Mandatory access control

B. Non-discretionary access control

C. Discretionary access control

D. Role-based access control

Answer 9

C

Question 10

Fred is a network technician working for Johnson Services, a temporary employment agency in Boston. Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works. The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred’s supervisor wants to implement tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred’s boss wants a solution that will be placed on all computers throughout the company and monitored by Fred.

A. Fred’s boss wants Fred to monitor a NIPS system.

B. Fred’s boss wants to implement a HIDS solution.

C. Fred’s boss wants a NIDS implementation.

D. Fred’s boss wants to implement a HIPS solution.

Answer 10

B

Question 11

Which of the following can be used to suppress fire from Class K sources?

A. Water

B. Carbon dioxide

C. Foam

D. Dry Chemical

Answer 11

C

Question 12

Which of the following can be used to suppress fire from Class K sources?

A. Water

B. Carbon dioxide

C. Foam

D. Dry Chemical

Answer 12

C

Question 12

Larry is a network administrator working for a manufacturing company in Detroit. Larry is responsible for the entire company’s network which consists of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to cut back on costs and bring the email control internal. Larry likes this idea because it will give him more control over email. Larry wants to purchase a server for email but he does not want the server to be on the internal network because this might cause security risks. He decides to place the email server on the outside of the company’s internal firewall.

A. He is going to place the server in a Demilitarized Zone (DMZ).

B. He will put the email server in an IPSec zone.

C. For security reasons, Larry is going to place the email server in the company’s Logical Buffer Zone (LBZ).

D. Larry is going to put the email server in a hot-server zone.

Answer 12

A

Question 12

Management decides to implement a risk management system to reduce and maintain the organization’s risk at an acceptable level. Which of the following is the correct order in the risk management phase?

A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review

B. Risk Identification, Risk Assessment, Risk Monitoring & Review, Risk Treatment

C. Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment

D. Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification

Answer 12

A

Question 13

Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user’s email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures.

What is Stephanie working on?

A. Usability

B. Confidentiality

C. Availability

D. Data Integrity

Answer 13

D

Question 14

Blake is working on the company’s updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response.

Blake is outlining the level of severity for each type of incident in the plan. Unsuccessful scans and probes are at what severity level?

A. Extreme severity level

B. Low severity level

C. High severity level

D. Mid severity level

Answer 14

B

Question 15

Which Internet access policy starts with all services blocked and the administrator enables safe and necessary services individually, which provides maximum security and logs everything, such as system and network activities?

A. Internet access policy

B. Paranoid policy

C. Permissive policy

D. Prudent policy

Answer 15

D

Question 16

Daniel who works as a network administrator has just deployed an IDS in his organization’s network. He wants to calculate the False Positive rate for his implementation. Which of the following formulas will he use, to calculate the False Positive rate?

A. False Negative/True Negative+True Positive

B. False Positive/False Positive+True Negative

C. True Negative/False Negative+True Positive

D. False Negative/False Negative+True Positive

Answer 16

B

Question 17

As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2’s __________ integrity check mechanism provides security against a replay attack.

A. CBC-MAC

B. CRC-MAC

C. CBC-32

D. CRC-32

Answer 17

A

Question 18

Paul is a network security technician working on a contract for a laptop manufacturing company in Chicago. He has focused primarily on securing network devices, firewalls, and traffic traversing in and out of the network. He just finished setting up a server a gateway between the internal private network and the outside public network. This server will act as a proxy, limited amount of services, and will filter packets. What is this type of server called?

A. Session layer firewall.

B. SOCKS host.

C. Bastion host.

D. Edge transport server.

Answer 18

C

Question 18

The Circuit-level gateway firewall technology functions at which of the following OSI layer?

A. Transport layer

B. Data-link layer

C. Session layer

D. Network layer

Answer 18

C

Question 19

Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?

A. Incident Response Policy (IRP)

B. Issue Specific Security Policy (ISSP)

C. Enterprise Information Security Policy (EISP)

D. System Specific Security Policy (SSSP)

Answer 19

D

Question 20

Identify the password cracking attempt involving precomputed hash values stored as plaintext and used to crack the password.

A. Bruteforce

B. Rainbow table

C. Hybrid

D. Dictionary

Answer 20

B

Question 20

Ryan works as a network security engineer at an organization the recently suffered an attack. As a countermeasure, Ryan would like to obtain more information about the attacker and chooses to deploy a honeypot into the organizations production environment called Kojoney. Using this honeypot, he would like to emulate the network vulnerability that was attacked previously. Which type of honeypot is he trying to implement?

A. High interaction honeypots

B. Research honeypot

C. Low interaction honeypots

D. Pure honeypots

Answer 20

C

Question 21

John, the network administrator and he wants to enable the NetFlow feature in Cisco routers to collect and monitor the IP network traffic passing through the router. Which command will John use to enable NetFlow on an interface?

A. Router IP route

B. Router(Config-if) # IP route cache flow

C. Router# Netmon enable

D. Router# netflow enable

Answer 21

B

Question 22

The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of following physical security measures should the administrator use?

A. Mantrap

B. Bollards

C. Video surveillance

D. Fence

Answer 22

A

Question 23

Which of the following incident handling stage removes the root cause of the incident?

A. Eradication

B. Recovery

C. Detection

D. Containment

Answer 23

A

Question 24

James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep attack. Which of the following Wireshark filters will he use?

A. Icmp.type==8 or icmp.type==16

B. icmp.type==8 or icmp.type==0

C. icmp.type==8 and icmp.type==0

D. Icmp.type==0 and icmp.type==16

Answer 24

B

Question 25

Which of the following systems includes an independent NAS Head and multiple storage arrays?

A. FreeNAS

B. None of these

C. Gateway NAS System

D. Integrated NAS System

Answer 25

C

Question 26

You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your first reaction as a first responder?

A. Avoid Fear, Uncertainty and Doubt

B. Communicate the incident

C. Make an initial assessment

D. Disable Virus Protection

Answer 26

A

Question 27

The security network team is trying to implement a firewall capable of operating only in the session layer, monitoring the TCP inter-packet link protocol to determine when a requested session is legitimate or not. Using this type of firewall, they could be able to intercept the communication, making the external network see that the firewall is the source, and facing the user, who responds from the outside is the firewall itself. They are just limiting a requirements previous listed, because they already have a packet filtering firewall and they must add a cheap solution that meets the objective. What kind of firewall would you recommend?

A. Packet Filtering with NAT

B. Circuit Level Gateway

C. Application Proxies

D. Application Level Gateways

Answer 27

B

Question 28

If a network is at risk resulting from misconfiguration performed by unskilled and/or unqualified individuals, what type of threat is this?

A. External Threats

B. Unstructured Threats

C. Structured Threats

D. Internal Threats

Answer 28

B

Question 29

John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization’s network. Which of following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt? (Choose all that apply.)

A. tcp.flags=0x00

B. tcp.options.wscale_val==20

C. tcp.flags==0x2b

D. tcp.options.mss_val<1460

Answer 29

ACD

Question 29

Michael decides to view the ________ to track employee actions on the organization’s network.

A. Firewall policy

B. Firewall settings

C. Firewall log

D. Firewall rule set

Answer 29

C

Question 30

Which of the following acts as a verifier for the certificate authority?

A. Registration authority

B. Certificate authority

C. Directory management system

D. Certificate Management system

Answer 30

A

Question 31

Which phase of vulnerability management deals with the actions taken for correcting the discovered vulnerability?

A. Verification

B. Mitigation

C. Remediation

D. Assessment

Answer 31

C

Question 32

Nancy is working as a network administrator for a small company. Management wants to implement a RAID storage for their organization. They want to use the appropriate RAID level for their backup plan that will satisfy the following requirements:

It has a parity check to store all the information about the data in multiple drives

Help reconstruct the data during downtime.

Process the data at a good speed.

Should not be expensive.

The management team asks Nancy to research and suggest the appropriate RAID level that best suits their requirements. What RAID level will she suggest?

A. RAID 3.

B. RAID 1

C. RAID 0

D. RAID 10

Answer 32

A

Question 33

The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and you are now working on updating the Red Hat computers. What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all currently installed packages?

A. You should run the up2data -u command.

B. You should run the up2date –d -f -u command.

C. You should run the WSUS –d -f -u command.

D. You should type the sysupdate –d command.

Answer 33

B

Question 34

Dan and Alex are business partners working together. Their Business-Partner Policy states that they should encrypt their emails before sending to each other.

How will they ensure the authenticity of their emails?

A. Dan will use his digital signature to sign his mails while Alex will use Dan’s public key to verify the authenticity of the mails.

B. Dan will use his digital signature to sign his mails while Alex will use his private key to verify the authenticity of the mails.

C. Dan will use his private key to encrypt his mails while Alex will use his digital signature to verify the authenticity of the mails.

D. Dan will use his public key to encrypt his mails while Alex will use Dan’s digital signature to verify the authenticity of the mails.

Answer 34

A

Question 35

Which field is not included in the TCP header?

A. Acknowledgment number

B. Sequence number

C. Source port

D. Source IP address

Answer 35

D

Question 36

John wants to implement a packet filtering firewall in his organization’s network. What TCP/IP layer does a packet filtering firewall work on?

A. Network Interface layer

B. Application layer

C. IP layer

D. TCP layer

Answer 36

C

Question 37

What command is used to terminate certain processes in an Ubuntu system?

A. # netstat Kill [ Target Process]

B. #ps ax Kill

C. #grep Kill [Target Process]

D. #kill -9 [PID]

Answer 37

D

Question 38

A newly joined network administrator wants to assess the organization against possible risk. He notices the organization doesn’t have a __________ identified which helps measure how risky an activity is.

A. Risk Severity

B. Risk Matrix

C. Risk levels

D. Key Risk Indicator

Answer 38

B

Question 39

Sean has built a site-to-site VPN architecture between the head office and the branch office of his company. When users in the branch office and head office try to communicate with each other, the traffic is encapsulated. As the traffic passes though the gateway, it is encapsulated again. The header and payload both are encapsulated. This second encapsulation occurs only in the __________ implementation of a VPN.

A. Point-to-Point Mode

B. Transport Mode

C. Tunnel Mode

D. Full Mesh Mode

Answer 39

C

Question 40

Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company’s website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?

A. They need to use Nessus.

B. Snort is the best tool for their situation.

C. They could use Tripwire.

D. They can implement Wireshark.

Answer 40

C

Question 41

Chris is a senior network administrator. Chris wants to measure the Key Risk Indicator (KRI) to assess the organization. Why is Chris calculating the KRI for his organization? It helps Chris to:

A. Identifies adverse events

B. Facilitates backward viewing

C. Notifies when risk has reached threshold levels

D. Facilitates post incident management

Answer 41

C

Question 42

Which Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

A. Rule-Based Approach

B. Graph-Based Approach

C. Field-Based Approach

D. Automated Field Correlation

Answer 42

D

Question 43

Bryson is the IT manager and sole IT employee working for a federal agency in California. The agency was just given a grant and was able to hire on 30 more employees for a new extended project. Because of this, Bryson has hired on two more IT employees to train up and work. Both of his new hires are straight out of college and do not have any practical IT experience. Bryson has spent the last two weeks teaching the new employees the basics of computers, networking, troubleshooting techniques etc. To see how these two new hires are doing, he asks them at what layer of the OSI model do Network Interface Cards (NIC) work on. What should the new employees answer?

A. They should answer with the Presentation layer.

B. NICs work on the Session layer of the OSI model.

C. They should tell Bryson that NICs perform on the Physical layer.

D. The new employees should say that NICs perform on the Network layer.

Answer 43

C

Question 44

A US-based organization decided to implement a RAID storage technology for their data backup plan. John wants to setup a RAID level that requires a minimum of six drives but will meet high fault tolerance and with a high speed for the data read and write operations. What RAID level will John need to choose to meet this requirement?

A. RAID level 50

B. RAID level 1

C. RAID level 10

D. RAID level 5

Answer 44

A

Question 45

Ivan needs to pick an encryption method that is scalable even though it might be slower. He has settled on a method that works where one key is public and the other is private. What encryption method did Ivan settle on?

A. Ivan settled on the hashing encryption method.

B. Ivan settled on the asymmetric encryption method.

C. Ivan settled on the private encryption method.

D. Ivan settled on the symmetric encryption method.

Answer 45

B

Question 46

Identify the spread spectrum technique that multiplies the original data signal with a pseudo random noise spreading code.

A. ISM

B. FHSS

C. DSSS

D. OFDM

Answer 46

C

Question 47

Katie has implemented the RAID level that splits data into blocks and evenly writes the data to multiple hard drives but does not provide data redundancy. This type of RAID level requires a minimum of __________ in order to setup.

A. Two drives

B. Three drives

C. Six drives

D. Four drives

Answer 47

A

Question 48

Geon Solutions INC., had only 10 employees when it started. But as business grew, the organization had to increase the amount of staff. The network administrator is finding it difficult to accommodate an increasing number of employees in the existing network topology. So the organization is planning to implement a new topology where it will be easy to accommodate an increasing number of employees. Which network topology will help the administrator solve the problem of needing to add new employees and expand?

A. Mesh

B. Ring

C. Bus

D. Star

Answer 48

D

Question 49

The agency Jacob works for stores and transmits vast amounts of sensitive government data that cannot be compromised. Jacob has implemented EncapsulatingSecurity Payload (ESP) to encrypt IP traffic. Jacob wants to encrypt the IP traffic by inserting the ESP header in the IP datagram before the transport layer protocol header. What mode of ESP does Jacob need to use to encrypt the IP traffic?

A. Jacob should use ESP in pass-through mode.

B. Jacob should utilize ESP in tunnel mode.

C. He should use ESP in gateway mode.

D. He should use ESP in transport mode.

Answer 49

B

Question 50

Which among the following is used to limit the number of cmdlets or administrative privileges of administrator, user, or service accounts?

A. Just Enough Administration (EA)

B. User Account Control (UAC)

C. Windows Security Identifier (SID)

D. Credential Guard

Answer 50

A

Question 51

How is application whitelisting different from application blacklisting?

A. It allows all applications other than the undesirable applications

B. It allows execution of trusted applications in a unified environment

C. It allows execution of untrusted applications in an isolated environment

D. It rejects all applications other than the allowed applications

Answer 51

D

Question 52

Which of the following security models enable strict identity verification for every user or device attempting to access the network resources?

I. Zero-trust network model -II. Castle-and-Moat model -

A. Both I and II

B. I only

C. II only

D. None

Answer 52

B

Question 53

Which of the following security models enable strict identity verification for every user or device attempting to access the network resources?

I. Zero-trust network model

II. Castle-and-Moat model

A. Both I and II

B. I only

C. II only

D. None

Answer 53

B

Question 54

If Myron, head of network defense at Cyberdyne, wants to change the default password policy settings on the company’s Linux systems, which directory should he access?

A. /etc/logrotate.conf
B. /etc/hosts.allow
C. /etc/crontab
D. /etc/login.defs

Answer 54

D

Question 55

Which of the Windows security component is responsible for controlling access of a user to Windows resources?

A. Network Logon Service (Netlogon)
B. Security Accounts Manager (SAM)
C. Security Reference Monitor (SRM)
D. Local Security Authority Subsystem (LSASS)

Answer 55

D

Question 56

A company wants to implement a data backup method that allows them to encrypt the data ensuring its security as well as access it at any time and from any location. What is the appropriate backup method that should be implemented?

A. Cloud backup
B. Offsite backup
C. Hot site backup
D. Onsite backup

Answer 56

A

Question 57

Which of the following helps in viewing account activity and events for supported services made by AWS?

A. AWS CloudFormation
B. AWS Certificate Manager
C. AWS CloudHSM
D. AWS CloudTrial

Answer 57

D

Question 58

John is working as a network defender at a well-reputed multinational company. He wanted to implement security that can help him identify any future attacks that can be targeted toward his organization and take appropriate security measures and actions beforehand to defend against them. Which one of the following security defense techniques should be implement?

A. Reactive security approach
B. Retrospective security approach
C. Proactive security approach
D. Preventive security approach

Answer 58

C

Question 59

Which type of firewall consists of three interfaces and allows further subdivision of the systems based on specific security objectives of the organization?

A. Screened subnet
B. Bastion host
C. Unscreened subnet
D. Multi-homed firewall

Answer 59

D

Question 60

Which of the following is true regarding any attack surface?

A. Decrease in vulnerabilities decreases the attack surface
B. Increase in vulnerabilities decreases the attack surface
C. Decrease in risk exposures increases the attack surface
D. Decrease in vulnerabilities increases the attack surface

Answer 60

A

Question 61

Which type of attack is used to hack an IoT device and direct large amounts of network traffic toward a web server, resulting in overloading the server with connections and preventing any new connections?

A. XSS
B. DDoS
C. XCRF
D. Sniffing

Answer 61

B

Question 62

How is a “risk” represented?

A. Asset + threat
B. Motive (goal) + method
C. Asset + threat + vulnerability
D. Motive (goal) + method + vulnerability

Answer 62

C

Question 63

Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal advice to defend them against this allegation.

A. Evidence Manager
B. Incident Handler
C. Attorney
D. PR Specialist

Answer 63

C

Question 64

Sam, a network administrator, is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he use to view the traffic?

A. tcp.flags==0x000
B. tcp.flags==x0000
C. tcp.flags==000x0
D. tcp.flags==0000x

Answer 64

A

Question 65

An employee of a medical service company clicked a malicious link in an email sent by an attacker. Suddenly, employees of the company are not able to access billing information or client record as it is encrypted. The attacker asked the company to pay money for gaining access to their data. Which type of malware attack is described above?

A. Logic bomb
B. Rootkits
C. Trojan
D. Ransomware

Answer 65

D

Question 66

Which of the following defines the extent to which an interruption affects normal business operations and the amount of revenue lost due to that interruption?

A. RPO
B. RFO
C. RSP
D. RTO

Answer 66

D

Question 67

Identify the type of event that is recorded when an application driver loads successfully in Windows.

A. Success Audit
B. Error
C. Warning
D. Information

Answer 67

D

Question 68

Based on which of the following registry key, the Windows Event log audit configurations are recorded?

A. HKEY_LOCAL_MACHINE\SYSTEM\Services\EventLog\ < ErrDev >
B. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\EventLog\ < EntAppsvc >
C. HKEY_LOCAL_MACHINE\CurrentControlSet\Services\EventLog< ESENT >
D. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\ < Event Log >

Answer 68

D

Question 69

Richard has been working as a Linux system administrator at an MNC. He wants to maintain a productive and secure environment by improving the performance of the systems through Linux patch management. Richard is using Ubuntu and wants to patch the Linux systems manually. Which among the following command installs updates (new ones) for Debian-based Linux OSes?

A. sudo apt-get upgrade
B. sudo apt-get dist-update
C. sudo apt-get dist-upgrade
D. sudo apt-get update

Answer 69

C

Question 70

Which of the following connects the SDN controller and SDN networking devices and relays information from network services to network devices such as switches and routers?

A. Southbound API
B. Eastbound API
C. Westbound API
D. Northbound API

Answer 70

A

Question 71

Henry, head of network security at Gentech, has discovered a general report template that someone has reserved only for the CEO. Since the file has to be editable, viewable, and deletable by everyone, what permission value should he set?

A. 700
B. 777
C. 755
D. 600

Answer 71

B

Question 72

Which of the following is an example of MAC model?

A. Chinese Waterfall model
B. Clark-Beason integrity model
C. Access control matrix model
D. Bell-LaPadula model
Correct Answer: A

Answer 72

A

Question 73

How can a WAF validate traffic before it reaches a web application?

A. It uses a role-based filtering technique
B. It uses an access-based filtering technique
C. It uses a sandboxing filtering technique
D. It uses a rule-based filtering technique

Answer 73

D

Question 74

Jason has set a firewall policy that allows only a specific list of network services and denies everything else. This strategy is known as a ____________.

A. Default allow
B. Default access
C. Default accept
D. Default deny

Answer 74

D

Question 75

Management asked Adam to implement a system allowing employees to use the same credentials to access multiple applications. Adam should implement the _________ authentication technique to satisfy the request.

A. Single-sign-on
B. Smart card authentication
C. Two-factor authentication
D. Biometric

Answer 75

A

Question 76

John is a senior network security administrator working at a multinational company. He wants to block specific syscalls from being used by container binaries. Which Linux kernel feature restricts actions within the container?

A. Cgroups
B. LSMs
C. Seccomp
D. Userns

Answer 76

C

Question 76

Which of the following things need to be identified during attack surface visualization?

A. Attacker’s tools, techniques, and procedures
B. Authentication, authorization, and auditing in networks
C. Regulatory frameworks, standards and, procedures for organizations
D. Assets, topologies, and policies of the organization

Answer 76

A

Question 77

Which of the following is not part of the recommended first response steps for network defenders?

A. Restrict yourself from doing the investigation
B. Extract relevant data from the suspected devices as early as possible
C. Disable virus protection
D. Do not change the state of the suspected device

Answer 77

D

Question 78

Which among the following tools can help in identifying IoEs to evaluate human attack surface?

A. securiCAD
B. Amass
C. Skybox
D. SET

Answer 78

A

Question 79

In ______ method, event logs are arranged in the form of a circular buffer.

A. Non-wrapping method
B. LIFO method
C. Wrapping method
D. FIFO method

Answer 79

D

Question 80

Which of the following indicators refers to potential risk exposures that attackers can use to breach the security of an organization?

A. Indicators of attack
B. Key risk indicators
C. Indicators of exposure
D. Indicators of compromise

Answer 80

C

Question 81

Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?

A. Hash rule
B. Path rule
C. Internet zone rule
D. Certificate rule

Answer 81

A

Question 82

Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?

A. Application sandboxing
B. Deployment of WAFS
C. Application whitelisting
D. Application blacklisting

Answer 82

A

Question 83

Who is an IR custodian?

A. An individual responsible for conveying company details after an incident
B. An individual who receives the initial IR alerts and leads the IR team in all the IR activities
C. An individual who makes a decision on the classifications and the severity of the incident identified
D. An individual responsible for the remediation and resolution of the incident that occurred

Answer 83

B

Question 84

Which of the following attack surface increase when you keep USB ports enabled on your laptop unnecessarily?

A. Human attack surface
B. Network attack surface
C. Physical attack surface
D. Software attack surface

Answer 84

C

Question 85

Which among the following filter is used to detect a SYN/FIN attack?

A. tcp.flags==0x002
B. tcp.flags==0x004
C. tcp.flags==0x003
D. tcp.flags==0x001

Answer 85

D

Question 86

Leslie, the network administrator of Livewire Technologies, has been recommending multilayer inspection firewalls to deploy the company’s infrastructure. What layers of the TCP/IP model can it protect?

A. IP, application, and network interface
B. Network interface, TCP, and IP
C. Application, TCP, and IP
D. Application, IP, and network interface

Answer 86

D

Question 86

In _______ mechanism, the system or application sends log records either on the local disk or over the network.

A. Network-based
B. Pull-based
C. Push-based
D. Host-based

Answer 86

C

Question 87

Choose the correct order of steps to analyze the attack surface.

A. Identify the indicators of exposure->visualize the attack surface->simulate the attack->reduce the attack surface

B. Visualize the attack surface->simulate the attack->identify the indicators of exposure->reduce the attack surface

C. Identify the indicators of exposure->simulate the attack->visualize the attack surface->reduce the attack surface

D. Visualize the attack surface->identify the indicators of exposure->simulate the attack->reduce the attack surface

Answer 87

D

Question 88

Which BC/DR activity works on the assumption that the most critical processes are brought back from a remote location first, followed by the less critical functions?

A. Recovery
B. Restoration
C. Response
D. Resumption

Answer 88

A

Question 88

Which command list all ports available on a server?

A. sudo apt nst -tunIp
B. sudo netstat -tunIp
C. sudo apt netstate -Is tunIp
D. sudo ntstat -Is tunIp

Answer 88

B

Question 89

To provide optimum security while enabling safe/necessary services, blocking known dangerous services, and making employees accountable for their online activity, what Internet Access policy would Brian, the network administrator, have to choose?

A. Prudent policy
B. Paranoid policy
C. Promiscuous policy
D. Permissive policy

Answer 89

A

Question 90

Emmanuel works as a Windows system administrator at an MNC. He uses PowerShell to enforce the script execution policy. He wants to allow the execution of the scripts that are signed by a trusted publisher. Which of the following script execution policy setting this?

A. AllSigned
B. Restricted
C. RemoteSigned
D. Unrestricted

Answer 90

A