CND 100-200 Flashcards

Question 1

Q

Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what command should he execute?

A. # update-rc.d -f [service name] remove
B. # service [service name] stop
C. # ps ax | grep [Target Process]
D. # kill -9 [PID]

Question 2

Q

Which of the following refers to the data that is stored or processed by RAM, CPUs, or databases?

A. Data in Backup
B. Data at Rest
C. Data in Transit
D. Data is Use

Question 3

Q

Which of the following data security technology can ensure information protection by obscuring specific areas of information?

A. Data retention
B. Data encryption
C. Data hashing
D. Data masking

Question 4

Q

Elden is working as a network administrator at an IT company. His organization opted for a virtualization technique in which the guest OS is aware of the virtual environment in which it is running and communicates with the host machines for requesting resources. Identify the virtualization technique implemented by Elden’s organization.

A. Hybrid virtualization
B. Hardware-assisted virtualization
C. Full virtualization
D. Para virtualization

Question 5

Q

Albert works as a Windows system administrator at an MNC. He uses PowerShell logging to identify any suspicious scripting activity across the network. He wants to record pipeline execution details as PowerShell executes, including variable initialization and command invocations. Which PowerShell logging component records pipeline execution details as PowerShell executes?

A. Module logging
B. Script block logging
C. Event logging
D. Transcript logging

Question 6

Q

Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled. Which of the following command allows Sophie to do so?

A. Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocol
B. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
C. Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol
D. Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol

Question 7

Q

How can one identify the baseline for normal traffic?

A. When the SYN flag appears at the beginning and the FIN flag appears at the end of the connection
B. When the RST flag appears at the beginning and the ACK flag appears at the end of the connection
C. When the ACK flag appears at the beginning and the RST flag appears at the end of the connection
D. When the FIN flag appears at the beginning and the SYN flag appears at the end of the connection

Question 8

Q

How is an “attack” represented?

A. Motive (goal) + method
B. Motive (goal) + method + vulnerability
C. Asset + Threat + Vulnerability
D. Asset + Threat

Question 9

Q

Kelly is taking backups of the organization’s data. Currently, she is taking backups of only those files that are created or modified after the last backup. What type of backup is Kelly using?

A. Full backup
B. Incremental backup
C. Normal backup
D. Differential backup

Question 10

Q

dentify the virtualization level that creates a massive pool of storage areas for different virtual machines running on the hardware.

A. Fabric virtualization
B. Storage device virtualization
C. Server virtualization
D. File system virtualization

Question 11

Q

Sam wants to implement a network-based IDS and finalizes an IDS solution that works based on pattern matching. Which type of network-based IDS is Sam implementing?

A. Behavior-based IDS
B. Anomaly-based IDS
C. Signature-based IDS
D. Stateful protocol analysis

Question 12

Q

Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for disabling a service?

A. $ sudo system-ctl disable [service]
B. $ sudo systemctl disable [service]
C. $ sudo system.ctl disable [service]
D. $ sudo system ctl disable [service]

Question 13

Q

Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny getting email notifications or any other communication, she mandates authentication before a connection establishment or message transfer occurs. What fundamental attribute of network defense is she enforcing?

A. Integrity
B. Non-repudiation
C. Confidentiality
D. Authentication

Question 14

Q

Which of the following refers to a potential occurrence of an undesired event that can eventually damage and interrupt the operational and functional activities of an organization?

A. Attack
B. Risk
C. Threat
D. Vulnerability

Question 15

Q

Damian is the chief security officer of Enigma Electronics. To block intruders and prevent any environmental accidents, he needs to set a two-factor authenticated keypad lock at the entrance, rig a fire suppression system, and link any video cameras at various corridors to view the feeds in the surveillance room. What layer of network defense-in-depth strategy is he trying to follow?

A. Physical
B. Perimeter
C. Policies and procedures
D. Host

Question 16

Q

Which of the following statement holds true in terms of containers?

A. Container requires more memory space
B. Each container runs in its own OS
C. Container is fully isolated; hence, more secure
D. Process-level isolation happens; a container in hence less secure

Question 17

Q

Byron, a new network administrator at FBI, would like to ensure that Windows PCs there are up-to-date and have less internal security flaws. What can he do?

A. Centrally assign Windows PC group policies
B. Dedicate a partition on HDD and format the disk using NTFS
C. Download and install latest patches and enable Windows Automatic Updates
D. Install antivirus software and turn off unnecessary services

Question 18

Q

hich subdirectory in /var/log directory stores information related to Apache web server?

A. /var/log/maillog/
B. /var/log/httpd/
C. /var/log/apachelog/
D. /var/log/lighttpd/

Question 19

Q

Which of the following entities is responsible for cloud security?

A. Cloud consumer
B. Cloud provider
C. Both cloud consumer and provider
D. Cloud broker

Question 20

Q

The _________ mechanism works on the basis of a client-server model.

A. Push-based
B. Host-based
C. Pull-based
D. Network-based

Question 21

Q

Which BC/DR activity includes action taken toward resuming all services that are dependent on business-critical applications?

A. Response
B. Recovery
C. Resumption
D. Restoration

Question 22

Q

Peter works as a network administrator at an IT company. He wants to avoid exploitation of the cloud, particularly Azure services. Which of the following is a group of PowerShell scripts designed to help the network administrator understand how attacks happen and help them protect the cloud?

A. POSH-Sysmon
B. MicroBurst
C. SecurityPolicyDsc
D. Sysmon

Question 23

Q

Syslog and SNMP are the two main _______ protocols through which log records are transferred.

A. Pull-based
B. Push-based
C. Host-based
D. Network-based

Question 24

Q

Which of the following is NOT an AWS Shared Responsibility Model devised by AWS?

A. Shared Responsibility Model for Container Services
B. Shared Responsibility Model for Infrastructure Services
C. Shared Responsibility Model for Abstract Services
D. Shared Responsibility Model for Storage Services

Question 25

Q

Docker provides Platform-as-a-Service (PaaS) through ________ and delivers containerized software packages.

A. Server-level virtualization
B. Network-level virtualization
C. OS-level virtualization
D. Storage-level virtualization

Question 26

Q

Mark is monitoring the network traffic on his organization’s network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?

A. tcp.dstport==7 and udp.srcport==7
B. tcp.srcport==7 and udp.dstport==7
C. tcp.dstport==7 and udp.dstport==7
D. tcp.srcport==7 and udp.srcport==7

Question 27

Q

John has implemented _________ in the network to restrict the number of public IP addresses in his organization and to enhance the firewall filtering technique.

A. VPN
B. Proxies
C. DMZ
D. NAT

Question 28

Q

Which of the following creates passwords for individual administrator accounts and stores them in Windows AD?

A. LSASS
B. SRM
C. SAM
D. LAPS

Question 29

Q

Which of the following statements holds true in terms of virtual machines?

A. Hardware-level virtualization takes place in VMs
B. OS-level virtualization takes place in VMs
C. All VMs share the host OS
D. VMs are light weight than containers

Question 30

Q

In MacOS, how can the user implement disk encryption?

A. By enabling BitLocker feature
B. By executing dm-crypt command
C. By turning on Device Encryption feature
D. By enabling FileVault feature

Question 31

Q

Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a:

A. Cloud to service attack surface
B. User to service attack surface
C. User to cloud attack surface
D. Cloud to user attack surface

Question 32

Q

Disaster Recovery is a

A. Operation-centric strategy
B. Security-centric strategy
C. Data-centric strategy
D. Business-centric strategy

Question 33

Q

The CEO of Max Rager wants to send a confidential message regarding the new formula for its coveted soft drink, SuperMax, to its manufacturer in Texas. However, he fears the message could be altered in transit. How can he prevent this incident from happening and what element of the message ensures the success of this method?

A. Hashing; hash code
B. Symmetric encryption; secret key
C. Hashing; public key
D. Asymmetric encryption; public key

Question 34

Q

How can an administrator detect a TCP null scan attempt on a UNIX server by using Wireshark?

A. By applying the filter tcp.flags==0x000
B. By applying the filter tcp.flags==0x004
C. By applying the filter tcp.flags==0x003
D. By applying the filter tcp.flags==0x002

Question 35

Q

Which firewall technology can filter application-specific commands such as GET and POST requests?

A. Application proxy
B. Circuit-level gateways
C. Stateful multi-layer inspection
D. Application-level gateways

Question 36

Q

Who is responsible for conveying company details after an incident?

A. IR officer
B. IR manager
C. PR specialist
D. IR custodians

Question 37

Q

Identify the method involved in purging technique of data destruction.

A. Degaussing
B. Wiping
C. Incineration
D. Overwriting

Question 38

Q

Which type of modulation technique is used in local area wireless networks (LAWNs)?

A. FHSS
B. DSSS
C. MIMO-OFDM
D. OFDM

Question 39

Q

How is the chip-level security of an IoT device achieved?

A. Closing insecure network services
B. Changing the password of the router
C. Encrypting JTAG interface
D. Keeping the device on a flat network

Question 40

Q

Which RAID level system provides very good data performance but does not offer fault tolerance and data redundancy?

A. RAID level 5
B. RAID level 3
C. RAID level 0
D. RAID level 1

Question 41

Q

Hacktivists are threat actors, who can be described as _____________ .

A. People motivated by monetary gains
B. People motivated by religious beliefs
C. People having political or social agenda
D. Disgruntled/terminated employees

Question 42

Q

Which of the following filters can be applied to detect an ICMP ping sweep attempt using Wireshark?

A. icmp.type==17
B. icmp.type==8
C. icmp.type==15
D. icmp.type==13

Question 43

Q

Who offers formal experienced testimony in court?

A. Evidence documenter
B. Attorney
C. Expert witness
D. Incident analyzer

Question 44

Q

Which type of training can create awareness among employees regarding compliance issues?

A. Training on data classification
B. Physical security awareness training
C. Social engineering awareness training
D. Security policy training

Question 45

Q

Which among the following options represents professional hackers with an aim of attacking systems for profit?

A. Organized hackers
B. Script kiddies
C. Hacktivists
D. Cyber terrorists

Question 46

Q

Identify the correct order for a successful black hat operation.

A. Reconnaissance, Gaining Access, Scanning, Maintaining Access, and Covering Tracks
B. Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks
C. Reconnaissance, Scanning, Gaining Access, Covering Tracks, and Maintaining Access
D. Scanning, Reconnaissance, Gaining Access, Maintaining Access, and Covering Tracks

Question 47

Q

Which of the following indicators are discovered through an attacker’s intent, their end goal or purpose, and a series of actions that they must take before being able to successfully launch an attack?

A. Indicators of compromise
B. Key risk indicators
C. Indicators of exposure
D. Indicators of attack

Question 48

Q

Who is responsible for executing the policies and plans required for supporting the information technology and computer systems of an organization?

A. Chief Information Officer (CIO)
B. Business and functional managers
C. Senior management
D. IT security practitioners

Question 49

Q

According to standard IoT security practice, IoT Gateway should be connected to a ________ .

A. Secure router
B. Router that is connected to internal servers
C. Router that is connected to other subnets
D. Border router

Question 50

Q

Which of the following refers to the clues, artifacts, or evidence that indicate a potential intrusion or malicious activity in an organization’s infrastructure?

A. Indicators of attack
B. Key risk indicators
C. Indicators of compromise
D. Indicators of exposure

Question 51

Q

Which of the following provides enhanced password protection, secured IoT connections, and encompasses stronger encryption techniques?

A. WEP
B. WPA3
C. WPA
D. WPA2

Question 52

Q

Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?

A. Always Encrypted
B. IsEncrypted Enabled
C. Allow Encrypted
D. NeverEncrypted disabled

Question 53

Q

Clement is the CEO of an IT firm. He wants to implement a policy allowing employees with a preapproved set of devices from which the employees choose devices (laptops, smartphones, and tablets) to access company data as per the organization’s access privileges. Which among the following policies does Clement want to enforce?

A. CYOD policy
B. BYOD policy
C. COPE policy
D. COBO policy

Question 54

Q

Which of the following filters can be used to detect UDP scan attempts using Wireshark?

A. icmp.type==8 or icmp.type==0
B. icmp.type==15
C. icmp.type==3 and icmp.code==3
D. icmp.type==13

Question 55

Q

Which firewall can a network administrator use for better bandwidth management, deep packet inspection, and stateful inspection?

A. Circuit-level gateway firewall
B. Stateful multi-layer inspection firewall
C. Next-generation firewall
D. Network address translation

Question 56

Q

John has been working as a network administrator at an IT company. He wants to prevent misuse of accounts by unauthorized users. He wants to ensure that no accounts have empty passwords. Which of the following commands does John use to list all the accounts with an empty password?

A. # awk -F: ‘($2 == “”) {print}’ /etc/shadow
B. # awk -D: ‘($2 == “”) {print}’ /etc/shadow
C. # awk -E: ‘($2 == “”) {print}’ /etc/shadow
D. # awk -C: ‘($2 == “”) {print}’ /etc/shadow

Question 57

Q

Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?

A. Proactive approach
B. Reactive approach
C. Retrospective approach
D. Preventive approach

Question 58

Q

Which form of access control is trust centric?

A. Application patch management
B. Application sandboxing
C. Application whitelisting
D. Application blacklisting

Question 59

Q

What should an administrator do while installing a sniffer on a system to listen to all data transmitted over the network?

A. Set the system’s NIC to master mode
B. Set the system’s NIC to ad-hoc mode
C. Set the system’s NIC to managed mode
D. Set the system’s NIC to promiscuous mode

Question 60

Q

Which encryption algorithm is used by WPA3 encryption?

A. RC4
B. AES-CCMP
C. AES-GCMP 256
D. RC4, TKIP

Question 61

Q

Oliver is a Linux security administrator at an MNC. An employee named Alice has resigned from his organization and Oliver wants to disable this user in Ubuntu. Which of the following commands can be used to accomplish this?

A. usermod -L alice
B. usermod -J alice
C. usermod -K alice
D. usermod -M alice

Question 62

Q

Which among the following is used by anti-malware systems and threat intelligence platforms to spot and stop malicious activities at an initial stage?

A. Indicators of attack
B. Key risk indicators
C. Indicators of compromise
D. Indicators of exposure

Question 63

Q

Which risk management phase helps in establishing context and quantifying risks?

A. Risk identification
B. Risk assessment
C. Risk review
D. Risk treatment

Question 64

Q

Which firewall technology provides the best of both packet filtering and application-based filtering and is used in Cisco Adaptive Security Appliances?

A. Stateful multilayer inspection
B. Application-level gateway
C. VPN
D. Network address translation

Brainscape's Knowledge GenomeTM

CND 100-200 Flashcards

Brainscape's Knowledge Genome^TM