Cyber Operator

Question 1

In order to execute a file in Linux the file must _____.

Answer 1

Be executable, contain executable code, and you must have permission to execute it

Question 2

With a umask of 022, which of the following permissions are assigned when creating a new file?

Answer 2

rwxr-xr-x

Question 3

In Linux this file is used to store hashed passwords and readable only by root.

Answer 3

shadow

Question 4

This is a set of standards carrying out wireless local area networks.

Answer 4

IEEE 802.11

Question 5

Which Windows 7 command can be used to perform a soft shutdown?

Answer 5

shutdown /s /f /t 00

Question 6

A system that gathers and analyzes information from within a computer or a network, to identify
possible violations of security policy, including unauthorized access, as well as misuse is known as:

Answer 6

IDS

Question 7

What is the default MIP2 firewall state prior to being connected to the network?

Answer 7

enabled and not allowing incoming connections

Question 8

(U//FOUO) What are the three sub-missions of a Cyber Protection Team (CPT)?

Answer 8

Survey, Secure, Protect

Question 9

Which Windows command can be used to configure the IP address either statically or to use Dynamic
Host Configuration Protocol (DHCP)?

Answer 9

netsh

Question 10

(U//FOUO) Which document prioritizes and outlines the options and actions available, both technical
and procedural, to provide a greater level of mission assurance for the supported commander’s
mission through the consolidation of all squad recommendations?

Answer 10

Risk Mitigation Plan (RMP)

Question 11

How can you stop a TCPdump capture?

Answer 11

Use Control-C

Question 12

Which of the following is NOT contained in the CVA/Hunter Air Force Tactics, Techniques and
Procedures (AFTTP) 3-1?

Answer 12

Commercial Manuals

Question 13

What is the purpose of crew logs?

Answer 13

To maintain an accurate and detailed record of all significant events

Question 14

_____ focus primarily on qualitative analysis of ISR employment to determine ISR contribution to
mission objectives.

Answer 14

Measures of Effectiveness (MOE)

Question 15

A program in which malicious or harmful code is contained inside apparently harmless programming
or data in such a way that it can get control and do its chosen form of damage is known as what?

Answer 15

Trojan

Question 16

It is important to review _______________ during the sortie brief because it will affect the choice of
TTPs and the accomplishment of tactical tasks during sortie execution.

Answer 16

Intelligence Updates, Mission Partner Activity, Rules of Engagement, Crew and Mission Risks, All of the above

Question 17

In Linux, how are trusted and target IP addresses added or removed?

Answer 17

By editing the /etc/trusted.hosts and /etc/target.hosts files

Question 18

Techniques are __________.

Answer 18

Non-prescriptive ways or methods used to perform missions, functions or tasks

Question 19

_____ focus on task execution and quantitative mission achievement.

Answer 19

Measures of Performance (MOP)

Question 20

Which of the following is the Linux command for securely copying a file from a remote machine to
your home directory?

Answer 20

scp 10.10.20.100:/ios/data/assess/file.txt /home/usr/

Question 21

Null sessions are __________.

Answer 21

an anonymous (no user, no password) connection to a freely accessible remote share called IPC$ on
Windows-based servers.

Question 22

Software applications that run automated tasks and can be remotely controlled, normally used in
DDoS are commonly referred to as what?

Answer 22

Bots

Question 23

When validating DIP sensor processes what command verifies that the processes are running?

Answer 23

/usr/local/bin/checkstatus

Question 24

What type of malware spreads from computer to computer and has the capability to travel without
any human action?

Answer 24

Worm

Question 25

Which bit allows execution of an application as a member of this group?

Answer 25

SGID

Question 26

Which interceptor platform consists of a single laptop, is used by one crew member and can run
limited VMs concurrently?

Answer 26

Mobile Interceptor Platform (MIP)

Question 27

Which of the following Deployable Interceptor Platform (DIP) sub-components serves as a data
Collector and VM server?

Answer 27

DL-160

Question 28

In VMware what do you press to exit a virtual environment?

Answer 28

CONTROL+ALT

Question 29

Which of the following Deployable Interceptor Platform (DIP) sub-components is deployed on the
MPNet and primarily captures and stores network traffic?

Answer 29

Cywarfius sensor

Question 30

Which of the following are the default ports for web traffic?

Answer 30

80 and 443

Question 31

What is the TCPdump option that saves the packet data to a file?

Answer 31

-w

Question 32

(U//FOUO) Which Cyber Protection Team (CPT) squad analyzes the supporter commander’s identified
cyberspace dependencies, essential and critical assets and cyberspace key terrain (C-KT)?

Answer 32

Mission Protection

Question 33

A type of password cracking where a word list is used against a given encrypted password.

Answer 33

Dictionary Attack

Question 34

Which of the following is NOT a private or non-routable IP address?

Answer 34

172.168.1.1

Question 35

In Linux, user account information is contained in which file?

Answer 35

/etc/passwd

Question 36

Where are the Bro sensor logs kept?

Answer 36

DIP2

Question 37

Which vi command will bring you into insert mode?

Answer 37

I

Question 38

Which of the following is NOT a tasking document used for CVA/Hunter missions?

Answer 38

Task Management Tool (TMT) Tasker

Question 39

Which interceptor platform consists of Cywarfius sensors, Informaiton Operations Platform (IOP), and
fits in a hardened case?

Answer 39

Deployable Interceptor Platform (DIP)

Question 40

How is the encrypted partition unmounted?

Answer 40

Double click the “UnMount…” desktop icon

Question 41

PowerShell Cmdlets follow which naming convention?

Answer 41

Verb-noun

Question 42

A path that contains the root directory and all subdirectories of the location is called?

Answer 42

Absolute Path

Question 43

What could you use to redirect the output of a program to the input of another program on the
command line?

Answer 43

Pipe (|)

Question 44

Which of the following documents contains an abbreviated version of the amplified Ops Manual
Technical Order (TO-1)?

Answer 44

CVA/Hunter Cybercrew Checklists / Crew Aides

Question 45

Which command will allow you to run TCPdump to monitor activity on a particular subnet?

Answer 45

tcpdump -w traffic net 10.10.20.0/24

Question 46

Which of the following is NOT a rule for CVA/Hunter emergency procedures?

Answer 46

Act Immediately

Question 47

Which of the following is the default port for SMTP?

Answer 47

25

Question 48

What is a smurf attack?

Answer 48

Large amount of ICMP echo traffic to a network broadcast address with a spoofed source IP set to a victim
Host

Question 49

Which of the following is the default port for Telnet?

Answer 49

23

Question 50

In Windows, what command will enable the firewall and block incoming connections?

Answer 50

> netsh firewall set opmode enable disable

Question 51

What does the following nmap scan do. nmap -O 10.10.20.1

Answer 51

Determines the OS of the machine

Question 52

Traffic capture tools such as TCPdump and Wireshark provide _____ accountability of actions
performed on the weapon system.

Answer 52

Logical

Question 53

When validating GIP functionality which of the following are operator responsibilities during initial
weapon system configuration? (I) Verify connectivity to an operational VM; (II) Modify Access
Control Lists (ACLs); (III) Install ArchSight Linux management console;
(IV) Verify that an operational VM has the appropriate IP in accordance with SPINS

Answer 53

I and IV

Question 54

A file has an octal value of 755 this means:

Answer 54

The owner can read, write and execute; the group can read and execute; others can read and execute

Question 55

A coworker uses the smb_share.pl to create a share. You are on a windows machine and using the net use command to mount the share. What user do you use when attempting to mount the share?

Answer 55

root

Question 56

Which drive letter is used for the encrypted partition?

Answer 56

X:\

Question 57

Which of the following Deployable Interceptor Platform (DIP) sub-components primarily serves as a
deployable network intrusion detection system?

Answer 57

IOP

Question 58

What type of information in a tactical level mission tasking document describes communication
requirements and reporting?

Answer 58

Communication Contracts

Question 59

What could you use to redirect the output of a program to a file on the command line?

Answer 59

Greater than symbol (>)

Question 60

Which of the following is the Cisco IOS command to copy the running configuration to the starting
Configuration?

Answer 60

copy run start

Question 61

What is the Unix environment variable which automatically sets file permissions on newly created
Files?

Answer 61

UMASK

Question 62

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG),
information and mission impact pertaining to

Answer 62

SECRET

Question 63

Traceroute executes by ___________.

Answer 63

increasing the time-to-live value of each successive batch of packets sent

Question 64

A software system that consists of a program or combination of several programs designed to hide or
obscure the fact that a system has been compromised is known as what?

Answer 64

A rootkit

Question 65

(U//FOUO) Which Cyber Protection Team (CPT) squad detects, illuminates and defeats previously
unknown adversary activity within a specified area of responsibility?

Answer 65

Discovery and Counter Infiltration

Question 66

What is the SAM (Security Accounts Manager) file?

Answer 66

A database stored as a registry file containing users’ passwords in a hashed format

Question 67

What does the broadcast address do?

Answer 67

Allows for information to be sent to all machines on a given subnet

Question 68

A malfunction is designated an emergency when ___________.

Answer 68

individual troubleshooting efforts do not result in a weapon system fix.

Question 69

What is a Tactics Improvement Proposal (TIP)?

Answer 69

Comprehensive idea to improve the military capability of a fielded system, overcome a tactical deficiency or
meet an emerging operational need

Question 70

What does the following command do: C:> psexec \10.10.20.1 cmd

Answer 70

Launches an interactive command prompt

Question 71

FTP uses which of the following ports?

Answer 71

20 and 21

Question 72

Tactics are ______.

Answer 72

The employment and ordered arrangement of forces in relation to each other.

Question 73

Which vi command will delete one line?

Answer 73

dd

Question 74

Which of the following is NOT a primary purpose of a Tactics Improvement Proposal?

Answer 74

To request modification or acquisition of hardware or software

Question 75

Which of the following items must be covered in a change over brief?

Answer 75

Factors of the current operational/tactical situation, Critical reports and findings from ending sortie, Active and planned mission partner activity

Question 76

(U//FOUO) Which Cyber Protection Team (CPT) squad assesses an organization’s security posture
by closely resembling adversary offensive cyberspace activities in their processes and execution?

Answer 76

Cyber Threat Emulation

Question 77

What are the two major DIP assembly components?

Answer 77

Server (DIP1) and Sensor (DIP2)

Question 78

Two types of IDS are:

Answer 78

Network-based (NIDS) and host-based (HIDS)

Question 79

What is the iptable option to clear all firewall rules?

Answer 79

-F

Question 80

What is not a default chain for iptables?

Answer 80

ACCEPT

Question 81

Which of the following octal codes allow a file to execute as the owner of that file?

Answer 81

4777

Question 82

Which iptables target denies a packet and does not send back a rejection?

Answer 82

DROP

Question 83

What is the technique whereby the sender of a packet can specify the route that a packet should take
through the network?

Answer 83

Source routing

Question 84

Which of the following is NOT contained on the PEX sortie details report

Answer 84

Go/No Go Status

Question 85

According to the communication contract shown, once maintenance implements a fix, who is
responsible of assigning an operator to conduct an operational check to determine the weapon system
Status?

Answer 85

cyberspace operations controller

Question 86

How is the encrypted partition mounted?

Answer 86

Double click the “Mount X Drive” desktop icon and enter the password

Question 87

The accuracy of IPs and MAC addresses are of critical safety concern because _________ .

Answer 87

They are used as targeting information

Question 88

Which of the following is the Linux command for logging into 10.10.20.100 as assessor?

Answer 88

ssh assessor@10.10.20.100

Question 89

Which of the following are key elements in a tactical level mission tasking document?

Answer 89

CVA/Hunter IP Ranges, Rules of Engagement (RoE), Cyberspace Key Terrain (C-KT), Tactical Objectives, All of the Above

Question 90

Which vi command will allow you to save and quit?

Answer 90

:wq

Question 91

You want to create a new share using the smb_share.pl script. You attempt to execute the command
but is tells you the “command is not found”. What might be the cause?

Answer 91

You did not mount the encrypted partition

Question 92

Using Wireshark to follow a TCP Stream means:

Answer 92

You can view data from a TCP conversation

Question 93

Exploitation of a valid computer session where an attacker takes over a session between two
computers is known as what?

Answer 93

Session Hijacking

Question 94

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG), a
report on vulnerabilities associated with a specific NIPR AF information system has what
Classification?

Answer 94

CONFIDENTIAL

Question 95

Which bit allows the execution of an application as the owner of that file?

Answer 95

SUID

Question 96

Which of the following is the proper way to ensure you are green on your CIF Go/No Go?

Answer 96

complete and sign off the CIF in PEX before the sortie

Question 97

Which of the following Nmap commands would perform a ping sweep of 10.10.20.0/24 subnet,
without resolving IP addresses to hostnames?

Answer 97

nmap -n -sn 10.10.20.0/24

Question 98

In Linux, which of the following represent the current directory you are in?

Answer 98

A single dot (.)

Question 99

Which of the following is NOT a purpose of a sortie debrief?

Answer 99

Determine whom to attribute mission failures

Question 100

You just performed a FIN scan with nmap against a target. The machine sends back no response for
a particular port. This means that the port is _____.

Answer 100

Open

Question 101

Which command can be used to perform a soft shutdown of a Linux machine?

Answer 101

init 0

Question 102

Which directory normally holds log files?

Answer 102

/var/log

Question 103

For Ubuntu Linux, what command is used to turn off the firewall?

Answer 103

fw_iptables.pl allow -i eth0

Question 104

You are logged into the Linux side of the clone, which command gives you a root shell?

Answer 104

sudo -s

Question 105

What type of information in a tactical level mission tasking document describes the agreement with
the mission partner on what cybercrew actions are approved during CVA/Hunter missions?

Answer 105

Rules of Engagement (RoE)

Question 106

Which Linux command is used to connect to a share?

Answer 106

mount

Question 107

Which vi command will delete one character?

Answer 107

x

Question 108

With a umask of 002, which of the following permissions will be assigned when creating a new
Directory?

Answer 108

rwxrwxr-x

Question 109

Writing hidden messages in such a way that no-one, apart from the sender and intended recipient,
suspects the existense of the message, a form of security through obscurity is known as what?

Answer 109

Steganography

Question 110

Procedures are __________.

Answer 110

Standard, detailed steps that prescribe how to perform specific tasks.

Question 111

Which interceptor platform consists of Thin Clients, a BladeCenter, is use by multiple crew members
and contains multiple NICs plus Lights-out Management?

Answer 111

Garrison Interceptor Platform (GIP)

Question 112

Which of the following are NOT part of proper safety procedures?

Answer 112

Replace components inside the equipment to prevent mission failure.

Question 113

Which of the following is NOT a purpose of a CVA/Hunter cybercrew checklist / crew aid?

Answer 113

Replaces the amplified TO-1

Question 114

Which of the following octal codes allow a file to execute as the group of that file?

Answer 114

2777

Question 115

The environment variable that contains a list of directories the shell will look for commands is called:

Answer 115

PATH

Question 116

Which of the following steps come before accessing the Virtual Machines on the MIP2?

Answer 116

Mounting the encrypted drive

Question 117

On a Cisco IOS device, which of the following symbols corresponds to Privileged EXEC (enable)
Mode?

Answer 117

#

Question 118

How many usable IP addresses are there in a C class network?

Answer 118

254

Question 119

Which key do you use in vi to return to command mode?

Answer 119

Esc

Question 120

Which is the octal value for the owner can write; the group can read and execute; others can read?

Answer 120

254

Question 121

Which of the following is NOT a valid PowerShell command for viewing help information?

Answer 121

read-help

Question 122

Which command in Linux, displays the default gateway?

Answer 122

route

Question 123

Which of the following is the Linux command for securely logging into 10.10.20.100 as assessor?

Answer 123

ssh 10.10.20.100

Question 124

In Linux, a hidden file starts with a _____.

Answer 124

period

Question 125

A path that begins from the user’s current location is called:

Answer 125

Relative Path

Question 126

According to the communication contract shown what does the operations controller do when a crew
member notifies them via the chat program that they have a maintenance issue?

Answer 126

The operations controller communicates to both maintenance and the crew commander by issuing a
maintenance ticket.

Question 127

Admin$ serves as ____________.

Answer 127

the hidden share that points to the windows folder

Question 128

Which of the following does not describe the clone?

Answer 128

A computer you can install any software you need without authorization to complete your mission

Question 129

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG),
information pertaining to cyberspace operations functions and processes with reference to mission,
capability or location has what classification?

Answer 129

UNCLASSIFIED//FOR OFFICIAL USE ONLY

Question 130

Which Windows command is used to connect to a share?

Answer 130

net use

Question 131

Which port should be allowed through the firewall in order to enable file sharing?

Answer 131

445

Question 132

(U//FOUO) Which Cyber Protection Team (CPT) squad performs targeted evaluations to review the
effectiveness of the current cyber security program and provides reviews of cyber assets based on
DOD policies and regulations?

Answer 132

Cyber Readiness

Question 133

A type of attack where a multitude of compromised systems attack a single target, thereby causing
denial of service for users of the targeted system is known as what?

Answer 133

Distributed Denial Of Service

Question 134

When validating DIP sensor processes what running processes must be verified?
I. Bro
II. Snort
III. tcpdump
IV. nessus

Answer 134

I, II and III

Question 135

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG),
descriptions of cyberspace operations, functions, processes, systems and tools associated with
standard commercial capabilities without reference to mission, capability or location have what
Classification?

Answer 135

UNCLASSIFIED

Question 136

(U//FOUO) Which document outlines the residual mission risks and illustrates how CPT capabilities
will be integrated into and coordinated with the local cyberspace defenders to enhance the cyberspace
defense of a supported commander’s mission?

Answer 136

Mission Defense Plan (MDP)

Question 137

In Windows, which command can be used to change the hostname?

Answer 137

wmic

Question 138

Which of the following documents contains weapon system capabilities and limitations as well as
threat considerations?

Answer 138

CVA/Hunter Air Force Tactics, Techniques and Procedures 3-1

Question 139

In Red Hat Linux, what command will turn the firewall on and not allow incoming connections?

Answer 139

firewall

Question 140

The Xmas scan with nmap means:

Answer 140

The FIN, PSH, URG flags are set

Question 141

You press CONTROL+ALT+_____ to log into a locked Windows virtual machine.

Answer 141

INSERT

Question 142

Which command sets a file to be executable?

Answer 142

chmod +x file

Question 143

Which is the octal value such that the owner can read and execute;,the group can write and execute
and others can execute?

Answer 143

531

Question 144

You have just used the smb_share.pl script to create a shared directory for the team. Where is that
directory created on your system?

Answer 144

In the working directory

Question 145

A file has an octal value of 644 this means:

Answer 145

The owner can read and write; the group can read; others can read

Question 146

What is a “NTFS Alternate Data Stream”?

Answer 146

A separate buffer to hold information on a per file bases found on a Windows machine

Question 147

In classful network design, in which class network is 191.50.0.0 defined?

Answer 147

Class B

Question 148

If you are unable to successfully connect to a share using a Linux machine, which file could you
check to verify the share configurations?

Answer 148

/etc/samba/smb.conf

Question 149

Which of the following describes authorities for foreign intelligence operations?

Answer 149

Title 50

Question 150

Which of the following is the default port for DNS?

Answer 150

53

Question 151

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG),
association of an IP address which poses a threat to national security to a foreign nation is at what
Classification?

Answer 151

SECRET

Question 152

During a debrief, determining the debrief focal point (DFP) is ___________.

Answer 152

a process of determining aspects of mission planning and execution impeding achievement of tactical
Objectives.

Question 153

In Linux, which file contains the system’s network parameters such as IP address, subnet mask and
default gateway?

Answer 153

/etc/network/interfaces

Question 154

Which of the following documents describes general CVA/Hunter equipment maintenance
Procedures?

Answer 154

CVA/Hunter Technical Order (TO-2)

Question 155

Which netstat option displays all connections and listening ports?

Answer 155

-a

Question 156

Which of the following are default NETBIOS ports?

Answer 156

137, 139, and 445

Question 157

Which of the following is NOT a required element of a mission/sortie brief?

Answer 157

Crew Information Files (CIF)

Question 158

The Nmap option “-O” performs what function?

Answer 158

OS detection

Question 159

____ is an open-source and/or licensed signature driven IDS that requires specific syntax to be
followed in order for the signature to be deployed to the sensor successfully.

Answer 159

Snort

Question 160

Which of the following is NOT a reason to review weapon system status during a sortie brief?

Answer 160

The operator will be primarily responsible for fixing major weapon system issues.

Question 161

How is mounting to a local drive within a virtual machine accomplished using Vmware?

Answer 161

In the VMware GUI click ‘VM Setting’ then ‘Shared Folders’ and add the drive’s file path

Question 162

A type of password cracking where each possible combination of letters, numbers, and etc. are used
to find the passsword.

Answer 162

Brute Force

Question 163

On a Cisco IOS device, which of the following symbols corresponds to User EXEC mode?

Answer 163

>

Question 164

Which of the following is the default port for POP3?

Answer 164

110

Question 165

What are the responsibilities of an oncoming crew member during a crew change over brief?

Answer 165

Ensure change over checklists are accomplished, Ask questions as applicable to ensure mission effectiveness, Remain attentive to crew commander change over briefing, All of the above

Question 166

You are traveling with your clone. While boarding the plane, a flight attendant states that the laptop
must be stowed below. What should you do?

Answer 166

Remove the hard drive from the computer prior to handing over the laptop

Question 167

In Linux, you can search for a file with which two commands?

Answer 167

find and locate

Question 168

What is a SYN Flood?

Answer 168

Using up all processes on a particular system, starting a handshake but not finishing

Question 169

Software for privilege users is located in which directory?

Answer 169

sbin

Question 170

What type of virtual machine network adapter configuration creates a private network that is
completely contained within the host computer?

Answer 170

Host-Only

Question 171

Select the correct order of steps in a debrief. (I) Determine the Root Cause (RC) of the Debrief Focal
Point (DFP); (II) Develop the Lesson Learned (LL) with and Instructional Fix (IF) to address the
Root Cause (RC); (III) Determine Contributing Factors (CF) related to the Debrief Focal Point (DFP);
(IV) Reconstruct an event and identify the Debrief Focal; Point (DFP)

Answer 171

IV, III, I, II

Question 172

Which of the following is NOT a key element in a tactical level mission tasking document?

Answer 172

Tactics, Techniques and Procedures (TTPs)

Question 173

Tactics, Techniques and Procedures (TTPs) are _______ in nature.

Answer 173

authoritative

Question 174

What net command do you use to start the server service?

Answer 174

net start server

Question 175

TCP stands for

Answer 175

Transmission Control Protocol

Question 176

Which of the following best describes the order of precedence for iptables’ rules in Linux?

Answer 176

Individual reject, accept, block all

Question 177

Flooding a switch with numerous requests causing the switch to lose track of which MAC address is
on which port, thus causing it to reset into learning mode is known as what?

Answer 177

MAC Flooding

Question 178

Why is it important to keep operator notes and crew logs?

Answer 178

It provides a record of activity that can be reviewed to deconflict issues involving the crew and the mission
Partner

Question 179

Which is connection-oriented protocol?

Answer 179

TCP

Question 180

What Linux command prints the current network configuration to the screen?

Answer 180

ifconfig

Question 181

A type of computer security vulnerability typically found in web applications which allow code
injection by malicious web users into the pages viewed by others is known as:

Answer 181

cross-site scripting

Question 182

Which of the following is NOT an element of a mission/sortie brief?

Answer 182

Squadron Announcements

Question 183

What is a netmask?

Answer 183

A 32-bit number used to divide an IP address into subnets

Question 184

During a debrief, determining an instructional fix is ___________ .

Answer 184

a process of determining how to prevent a debrief focal point from happening again.

Question 185

The purpose of ___ is to serve as a network based IDS used to monitor MPNETs in a passive (nonblock)
Mode.

Answer 185

Bro

Question 186

Which properties of the Windows VM network device must be on in order to allow the creation of a
mission share?

Answer 186

“Client for Microsoft Networks” and “File and Printer Sharing for Microsoft Networks”

Question 187

In classful network design, which class is 126.0.0.0 network defined in?

Answer 187

Class A

Question 188

Which vi command will quit?

Answer 188

:q

Question 189

In Linux, what is the difference between permanent and temporary IP address configuration?

Answer 189

A permanent IP configuration ensures the host will reboot with the same IP whereas temporary does not

Question 190

Configuration files are normally located in which directory?

Answer 190

etc

Question 191

Which of the following is NOT part of the procedures to sign a crew information file (CIF)?

Answer 191

Email Stan Eval that CIF has been signed off

Question 192

Which of the following is the default port for SNMP?

Answer 192

161

Question 193

(U//FOUO) According to the AFSPC Cyberspace Operations Security Classification Guide (SCG),
information and mission impact pertaining to the availability of services or network outages for AF
information systems has what classification?

Answer 193

SECRET

Question 194

Which of the following IS a tasking document used for CVA/Hunter missions?

Answer 194

Cyber Tasking Order (CTO)

Question 195

During a debrief, event reconstruction is ____________

Answer 195

a process of looking back at the mission and determining the facts/observations

Question 196

What is a Teardrop DoS attack?

Answer 196

Sending mangled IP fragments with overlapping, oversized, payloads to the target machine

Question 197

In Windows, what command will enable the firewall and allow exceptions?

Answer 197

> netsh firewall set opmode enable enable

Question 198

In BASH script, which is an acceptable first line to the file?

Answer 198

!/bin/bash

Question 199

What is the Windows SAM?

Answer 199

A database stored as a registry file containing users passwords in a hashed format

Question 200

Which of the following is a tool that analyzes ICMP probe responses to perform OS fingerprinting?

Answer 200

xprobe2

Question 201

A covert channel is ______________.

Answer 201

the transfer of information hidden within the medium of a legitimate communications channel.

Question 202

Who is responsible for the configuration management of the MIP2 clone image?

Answer 202

A member of the maintenance flight

Question 203

Which of the following describes authorities for national guard?

Answer 203

Title 32

Question 204

You have mounted the encrypted partition in Linux, where is the ‘working directory’ located?

Answer 204

/ios/data/assess

Question 205

Which of the following commands will securely copy a file from your machine to a remote machine?

Answer 205

scp file user@remoteIP:/tmp

Question 206

The ___ is a collection of servers and devices that provide sustainment, maintenance, and support
for CVA/Hunter remote operation.

Answer 206

GIP

Question 207

How does a hub function?

Answer 207

Any message that comes in one port is sent to all ports

Question 208

(U//FOUO) Which Cyber Protection Team (CPT) squad conducts terrain mapping and works closely
with the organic network operators and defenders to plan, train, and deploy mitigations?

Answer 208

Cyber Support

Question 209

Linux is ____ .

Answer 209

case sensitive

Question 210

Which directory contains virtual files with kernel information?

Answer 210

proc

Question 211

What is Nessus?

Answer 211

A vulnerability scanner

Question 212

UDP Stands for ________.

Answer 212

User Datagram Protocol

Question 213

A malfunction is characterized by _____________.

Answer 213

Any weapon system component degradation limited to an individual’s VM or host.

Question 214

Which of the following provides authority for active duty warfighting?

Answer 214

Title 10

Question 215

A TCP Null scan with nmap means:

Answer 215

No flags are set

Question 216

Which of the following is not a Layer 3 protocol used by Cisco IOS devices?

Answer 216

STP

Question 217

Which of the following is a rule for CVA/Hunter emergency procedures?

Answer 217

Maintain Control

Question 218

A special text string for describing a search pattern is known as what?

Answer 218

Regular Expression

Question 219

What protocol is not vulnerable to sniffing?

Answer 219

ssh

Question 220

In Ubuntu Linux, what command is used to enable the firewall?

Answer 220

fw_iptables.pl enable -i eth0

Question 221

Broadcasting fake ARP messages with the aim is to associate the attacker’s MAC address with the IP
address of another node is known as what?

Answer 221

ARP Spoofing

Question 222

An intrusion detection system that is behaving actively, meaning it can block traffic in real-time, is
commonly referred to as:

Answer 222

Intrusion prevention system