CND 100-200 Flashcards

1
Q

Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what command should he execute?

A. # update-rc.d -f [service name] remove
B. # service [service name] stop
C. # ps ax | grep [Target Process]
D. # kill -9 [PID]

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following refers to the data that is stored or processed by RAM, CPUs, or databases?

A. Data in Backup
B. Data at Rest
C. Data in Transit
D. Data is Use

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following data security technology can ensure information protection by obscuring specific areas of information?

A. Data retention
B. Data encryption
C. Data hashing
D. Data masking

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Elden is working as a network administrator at an IT company. His organization opted for a virtualization technique in which the guest OS is aware of the virtual environment in which it is running and communicates with the host machines for requesting resources. Identify the virtualization technique implemented by Elden’s organization.

A. Hybrid virtualization
B. Hardware-assisted virtualization
C. Full virtualization
D. Para virtualization

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Albert works as a Windows system administrator at an MNC. He uses PowerShell logging to identify any suspicious scripting activity across the network. He wants to record pipeline execution details as PowerShell executes, including variable initialization and command invocations. Which PowerShell logging component records pipeline execution details as PowerShell executes?

A. Module logging
B. Script block logging
C. Event logging
D. Transcript logging

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled. Which of the following command allows Sophie to do so?

A. Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol
B. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
C. Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol
D. Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can one identify the baseline for normal traffic?

A. When the SYN flag appears at the beginning and the FIN flag appears at the end of the connection
B. When the RST flag appears at the beginning and the ACK flag appears at the end of the connection
C. When the ACK flag appears at the beginning and the RST flag appears at the end of the connection
D. When the FIN flag appears at the beginning and the SYN flag appears at the end of the connection

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How is an “attack” represented?

A. Motive (goal) + method
B. Motive (goal) + method + vulnerability
C. Asset + Threat + Vulnerability
D. Asset + Threat

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Kelly is taking backups of the organization’s data. Currently, she is taking backups of only those files that are created or modified after the last backup. What type of backup is Kelly using?

A. Full backup
B. Incremental backup
C. Normal backup
D. Differential backup

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

dentify the virtualization level that creates a massive pool of storage areas for different virtual machines running on the hardware.

A. Fabric virtualization
B. Storage device virtualization
C. Server virtualization
D. File system virtualization

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Sam wants to implement a network-based IDS and finalizes an IDS solution that works based on pattern matching. Which type of network-based IDS is Sam implementing?

A. Behavior-based IDS
B. Anomaly-based IDS
C. Signature-based IDS
D. Stateful protocol analysis

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for disabling a service?

A. $ sudo system-ctl disable [service]
B. $ sudo systemctl disable [service]
C. $ sudo system.ctl disable [service]
D. $ sudo system ctl disable [service]

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny getting email notifications or any other communication, she mandates authentication before a connection establishment or message transfer occurs. What fundamental attribute of network defense is she enforcing?

A. Integrity
B. Non-repudiation
C. Confidentiality
D. Authentication

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following refers to a potential occurrence of an undesired event that can eventually damage and interrupt the operational and functional activities of an organization?

A. Attack
B. Risk
C. Threat
D. Vulnerability

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Damian is the chief security officer of Enigma Electronics. To block intruders and prevent any environmental accidents, he needs to set a two-factor authenticated keypad lock at the entrance, rig a fire suppression system, and link any video cameras at various corridors to view the feeds in the surveillance room. What layer of network defense-in-depth strategy is he trying to follow?

A. Physical
B. Perimeter
C. Policies and procedures
D. Host

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following statement holds true in terms of containers?

A. Container requires more memory space
B. Each container runs in its own OS
C. Container is fully isolated; hence, more secure
D. Process-level isolation happens; a container in hence less secure

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Byron, a new network administrator at FBI, would like to ensure that Windows PCs there are up-to-date and have less internal security flaws. What can he do?

A. Centrally assign Windows PC group policies
B. Dedicate a partition on HDD and format the disk using NTFS
C. Download and install latest patches and enable Windows Automatic Updates
D. Install antivirus software and turn off unnecessary services

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

hich subdirectory in /var/log directory stores information related to Apache web server?

A. /var/log/maillog/
B. /var/log/httpd/
C. /var/log/apachelog/
D. /var/log/lighttpd/

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following entities is responsible for cloud security?

A. Cloud consumer
B. Cloud provider
C. Both cloud consumer and provider
D. Cloud broker

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The _________ mechanism works on the basis of a client-server model.

A. Push-based
B. Host-based
C. Pull-based
D. Network-based

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which BC/DR activity includes action taken toward resuming all services that are dependent on business-critical applications?

A. Response
B. Recovery
C. Resumption
D. Restoration

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Peter works as a network administrator at an IT company. He wants to avoid exploitation of the cloud, particularly Azure services. Which of the following is a group of PowerShell scripts designed to help the network administrator understand how attacks happen and help them protect the cloud?

A. POSH-Sysmon
B. MicroBurst
C. SecurityPolicyDsc
D. Sysmon

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Syslog and SNMP are the two main _______ protocols through which log records are transferred.

A. Pull-based
B. Push-based
C. Host-based
D. Network-based

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is NOT an AWS Shared Responsibility Model devised by AWS?

A. Shared Responsibility Model for Container Services
B. Shared Responsibility Model for Infrastructure Services
C. Shared Responsibility Model for Abstract Services
D. Shared Responsibility Model for Storage Services

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Docker provides Platform-as-a-Service (PaaS) through ________ and delivers containerized software packages.

A. Server-level virtualization
B. Network-level virtualization
C. OS-level virtualization
D. Storage-level virtualization

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Mark is monitoring the network traffic on his organization’s network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?

A. tcp.dstport==7 and udp.srcport==7
B. tcp.srcport==7 and udp.dstport==7
C. tcp.dstport==7 and udp.dstport==7
D. tcp.srcport==7 and udp.srcport==7

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

John has implemented _________ in the network to restrict the number of public IP addresses in his organization and to enhance the firewall filtering technique.

A. VPN
B. Proxies
C. DMZ
D. NAT

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following creates passwords for individual administrator accounts and stores them in Windows AD?

A. LSASS
B. SRM
C. SAM
D. LAPS

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following statements holds true in terms of virtual machines?

A. Hardware-level virtualization takes place in VMs
B. OS-level virtualization takes place in VMs
C. All VMs share the host OS
D. VMs are light weight than containers

A

A

28
Q

In MacOS, how can the user implement disk encryption?

A. By enabling BitLocker feature
B. By executing dm-crypt command
C. By turning on Device Encryption feature
D. By enabling FileVault feature

A

D

29
Q

Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:

A. Cloud to service attack surface
B. User to service attack surface
C. User to cloud attack surface
D. Cloud to user attack surface

A

D

30
Q

Disaster Recovery is a

A. Operation-centric strategy
B. Security-centric strategy
C. Data-centric strategy
D. Business-centric strategy

A

C

31
Q

The CEO of Max Rager wants to send a confidential message regarding the new formula for its coveted soft drink, SuperMax, to its manufacturer in Texas. However, he fears the message could be altered in transit. How can he prevent this incident from happening and what element of the message ensures the success of this method?

A. Hashing; hash code
B. Symmetric encryption; secret key
C. Hashing; public key
D. Asymmetric encryption; public key

A

A

32
Q

How can an administrator detect a TCP null scan attempt on a UNIX server by using Wireshark?

A. By applying the filter tcp.flags==0x000
B. By applying the filter tcp.flags==0x004
C. By applying the filter tcp.flags==0x003
D. By applying the filter tcp.flags==0x002

A

A

33
Q

Which firewall technology can filter application-specific commands such as GET and POST requests?

A. Application proxy
B. Circuit-level gateways
C. Stateful multi-layer inspection
D. Application-level gateways

A

D

34
Q

Who is responsible for conveying company details after an incident?

A. IR officer
B. IR manager
C. PR specialist
D. IR custodians

A

C

35
Q

Identify the method involved in purging technique of data destruction.

A. Degaussing
B. Wiping
C. Incineration
D. Overwriting

A

A

36
Q

Which type of modulation technique is used in local area wireless networks (LAWNs)?

A. FHSS
B. DSSS
C. MIMO-OFDM
D. OFDM

A

A

37
Q

How is the chip-level security of an IoT device achieved?

A. Closing insecure network services
B. Changing the password of the router
C. Encrypting JTAG interface
D. Keeping the device on a flat network

A

C

38
Q

Which RAID level system provides very good data performance but does not offer fault tolerance and data redundancy?

A. RAID level 5
B. RAID level 3
C. RAID level 0
D. RAID level 1

A

C

39
Q

Hacktivists are threat actors, who can be described as _____________ .

A. People motivated by monetary gains
B. People motivated by religious beliefs
C. People having political or social agenda
D. Disgruntled/terminated employees

A

C

40
Q

Which of the following filters can be applied to detect an ICMP ping sweep attempt using Wireshark?

A. icmp.type==17
B. icmp.type==8
C. icmp.type==15
D. icmp.type==13

A

B

41
Q

Who offers formal experienced testimony in court?

A. Evidence documenter
B. Attorney
C. Expert witness
D. Incident analyzer

A

C

42
Q

Which type of training can create awareness among employees regarding compliance issues?

A. Training on data classification
B. Physical security awareness training
C. Social engineering awareness training
D. Security policy training

A

D

43
Q

Which among the following options represents professional hackers with an aim of attacking systems for profit?

A. Organized hackers
B. Script kiddies
C. Hacktivists
D. Cyber terrorists

A

A

44
Q

Identify the correct order for a successful black hat operation.

A. Reconnaissance, Gaining Access, Scanning, Maintaining Access, and Covering Tracks
B. Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks
C. Reconnaissance, Scanning, Gaining Access, Covering Tracks, and Maintaining Access
D. Scanning, Reconnaissance, Gaining Access, Maintaining Access, and Covering Tracks

A

B

45
Q

Which of the following indicators are discovered through an attacker’s intent, their end goal or purpose, and a series of actions that they must take before being able to successfully launch an attack?

A. Indicators of compromise
B. Key risk indicators
C. Indicators of exposure
D. Indicators of attack

A

D

46
Q

Who is responsible for executing the policies and plans required for supporting the information technology and computer systems of an organization?

A. Chief Information Officer (CIO)
B. Business and functional managers
C. Senior management
D. IT security practitioners

A

A

46
Q

According to standard IoT security practice, IoT Gateway should be connected to a ________ .

A. Secure router
B. Router that is connected to internal servers
C. Router that is connected to other subnets
D. Border router

A

D

47
Q

Which of the following refers to the clues, artifacts, or evidence that indicate a potential intrusion or malicious activity in an organization’s infrastructure?

A. Indicators of attack
B. Key risk indicators
C. Indicators of compromise
D. Indicators of exposure

A

C

48
Q

Which of the following provides enhanced password protection, secured IoT connections, and encompasses stronger encryption techniques?

A. WEP
B. WPA3
C. WPA
D. WPA2

A

B

49
Q

Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?

A. Always Encrypted
B. IsEncrypted Enabled
C. Allow Encrypted
D. NeverEncrypted disabled

A

A

50
Q

Clement is the CEO of an IT firm. He wants to implement a policy allowing employees with a preapproved set of devices from which the employees choose devices (laptops, smartphones, and tablets) to access company data as per the organization’s access privileges. Which among the following policies does Clement want to enforce?

A. CYOD policy
B. BYOD policy
C. COPE policy
D. COBO policy

A

A

51
Q

Which of the following filters can be used to detect UDP scan attempts using Wireshark?

A. icmp.type==8 or icmp.type==0
B. icmp.type==15
C. icmp.type==3 and icmp.code==3
D. icmp.type==13

A

C

52
Q

Which firewall can a network administrator use for better bandwidth management, deep packet inspection, and stateful inspection?

A. Circuit-level gateway firewall
B. Stateful multi-layer inspection firewall
C. Next-generation firewall
D. Network address translation

A

C

53
Q

John has been working as a network administrator at an IT company. He wants to prevent misuse of accounts by unauthorized users. He wants to ensure that no accounts have empty passwords. Which of the following commands does John use to list all the accounts with an empty password?

A. # awk -F: ‘($2 == “”) {print}’ /etc/shadow
B. # awk -D: ‘($2 == “”) {print}’ /etc/shadow
C. # awk -E: ‘($2 == “”) {print}’ /etc/shadow
D. # awk -C: ‘($2 == “”) {print}’ /etc/shadow

A

A

54
Q

Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?

A. Proactive approach
B. Reactive approach
C. Retrospective approach
D. Preventive approach

A

D

55
Q

Which form of access control is trust centric?

A. Application patch management
B. Application sandboxing
C. Application whitelisting
D. Application blacklisting

A

C

56
Q

What should an administrator do while installing a sniffer on a system to listen to all data transmitted over the network?

A. Set the system’s NIC to master mode
B. Set the system’s NIC to ad-hoc mode
C. Set the system’s NIC to managed mode
D. Set the system’s NIC to promiscuous mode

A

D

57
Q

Which encryption algorithm is used by WPA3 encryption?

A. RC4
B. AES-CCMP
C. AES-GCMP 256
D. RC4, TKIP

A

C

58
Q

Oliver is a Linux security administrator at an MNC. An employee named Alice has resigned from his organization and Oliver wants to disable this user in Ubuntu. Which of the following commands can be used to accomplish this?

A. usermod -L alice
B. usermod -J alice
C. usermod -K alice
D. usermod -M alice

A

A

59
Q

Which among the following is used by anti-malware systems and threat intelligence platforms to spot and stop malicious activities at an initial stage?

A. Indicators of attack
B. Key risk indicators
C. Indicators of compromise
D. Indicators of exposure

A

C

60
Q

Which risk management phase helps in establishing context and quantifying risks?

A. Risk identification
B. Risk assessment
C. Risk review
D. Risk treatment

A

B

61
Q

Which firewall technology provides the best of both packet filtering and application-based filtering and is used in Cisco Adaptive Security Appliances?

A. Stateful multilayer inspection
B. Application-level gateway
C. VPN
D. Network address translation

A

A

62
Q

Which type of antenna is based on the principle of a satellite dish and can pick up Wi-Fi signals from a distance of ten miles or more?

A. Parabolic Grid antenna
B. Omnidirectional antenna
C. Directional antenna
D. Yagi antenna

A

A

63
Q

Which firewall technology can be implemented in all (application, session, transport, network, and presentation) layers of the OSI model?

A. Circuit-level gateway
B. Packet filtering
C. VPN
D. Network address translation

A

B

64
Q

Which of the following is a windows in-built feature that provides filesystem-level encryption in the OS (starting from Windows 2000). except the Home version of Windows?

A. Bit Locker
B. EFS
C. Disk Utility
D. FileVault

A

B

65
Q

Rosa is working as a network defender at Linda Systems. Recently, the company migrated from Windows to MacOS. Rosa wants to view the security related logs of her system, where can she find these logs?

A. /Library/Logs/Sync
B. /private/var/log
C. /var/log/cups/access_log
D. ~/Library/Logs

A

B

66
Q

Which type of risk treatment process includes not allowing the use of laptops in an organization to ensure its security?

A. Eliminate the risk
B. Risk avoidance
C. Reduce the risk
D. Mitigate the risk

A

B

67
Q

Which type of information security policy addresses the implementation and configuration of technology and user behavior?

A. Acceptable use policy
B. Enterprise information security policy
C. Issue-specific security policy
D. System-specific security policy

A

D

68
Q

Who oversees all the incident response activities in an organization and is responsible for all actions of the IR team and IR function?

A. PR specialist
B. Attorney
C. IR officer
D. IR custodians

A

C

69
Q

What defines the maximum time period an organization is willing to lose data during a major IT outage event?

A. RPO
B. BC
C. RTO
D. DR

A

A