CYSA Flashcards by Cyril Johnson

You need to add a new network route on a Linux host. Which command syntax should you use?
a. add route
b. nslookup
c. ifconfig route add
d. ip route add

D. ip route add

How well did you know this?

Not at all

Perfectly

Which type of VPN is firewall friendly?
a. IPsec
b. SSL
c. PPTP
d. L2TP

B. SSL

How well did you know this?

Not at all

Perfectly

Which IPsec configuration provides confidentiality?
a. IPsec does not provide confidentiality
b. Authentication header
c. Transport Mode
d. Encapsulating security payload

D. Encapsulating security payload

How well did you know this?

Not at all

Perfectly

You have used the ‘chrony’ package to configure an NTP server in Linux. Which command show connected time consumers?
a. chronyc activity
b. chronyc clients
c. date
d. timedatectl

B. chronyc clients

How well did you know this?

Not at all

Perfectly

You have created a new VLAN. The DHCP server exists on a separate network. You need to ensure that clients receive their IP configuration through DHCP. Which solution represents the least amount of administrative effort?
a. Enable a shorter DHCP lease interval
b. Configure a DHCP relay agent on the new VLAN
c. Install a new DHCP server on the new VLAN
d. Enable DNS forwarding

b. Configure a DHCP relay agent on the new VLAN

How well did you know this?

Not at all

Perfectly

Which type of DNS zone record resolves IP addresses to DNS names?
a. AAAA
b. A
c. PTR
d. CNAME

c. PTR

How well did you know this?

Not at all

Perfectly

How many bits exist in the IPv6 address space?
a. 32
b. 64
c. 128
d. 16

c. 128

How well did you know this?

Not at all

Perfectly

To which layer of the OSI model does traffic routing apply?
a. Layer 4 (Transport)
b. Layer 2 (Data Link)
c. Layer 3 (Network)
d. Layer 5 (Session)

c. Layer 3 (Network)

How well did you know this?

Not at all

Perfectly

Which port is normally used for NTP communication?
a. 123
b. 80
c. 110
d. 443

a. 123

How well did you know this?

Not at all

Perfectly

Which TCP/IP protocol resolves IP addresses to MAC addresses?
a. ARP
b. UDP
c. TCP
d. ICMP

a. ARP

How well did you know this?

Not at all

Perfectly

Which Wi-Fi authentication method facilitates central log event monitoring for network authentication?
a. WPA Enterprise
b. WPS
c. WPA PSK
d. WEP

a. WPA Enterprise

How well did you know this?

Not at all

Perfectly

Which benefits can be derived from creating VLANS?
a. Network integrity
b. Network encryption
c. Improved network throughput
d. Network traffic isolation

c. Improved network throughput
d. Network traffic isolation

How well did you know this?

Not at all

Perfectly

You need a VMware virtual machine’s virtual network adapter to connect directly to the physical network. Which type of network connection should the adapter be configured with?
a. VMnet5
b. Host-only
c. Bridged
d. NAT

c. Bridged

How well did you know this?

Not at all

Perfectly

You have created a new public IP address resource in the Microsoft Azure cloud, but your existing virtual machine does not show a public IP address. What is the problem?
a. The public IP address must be associated with the virtual machine network adapter
b. Cloud virtual machines cannot have public IP addresses
c. The public IP address must exist before the virtual machine is deployed
d. The Azure portal web page needs to be refreshed

c. The public address must exist before the virtual machine is deployed

How well did you know this?

Not at all

Perfectly

Your existing Microsoft Azure virtual network is currently configured with an IPv4 address range of 10.0.0.0/16. Future virtual machines deployed to this virtual network will be configured with addresses in the 192.168.0.0/24 IPv4 address range. What should you do to ensure the virtual machines will communicate correctly in the cloud?
a. Create a subnet using the 192.168.0.0/24 range
b. Add the 192.168.0.0/24 range to the virtual network
c. Create a new vnet using the 192.168.0.0/24 range
d. The 192.168.0.0/24 range cannot be used with vnets

a. Create a subnet using the 192.168.0.0/24
b. Add the 192.168.0.0/24 range to the virtual network

How well did you know this?

Not at all

Perfectly

Which Linux command can be used to display network interfaces and associated IP addresses?
a. lsmod
b. chmod
c. ipconfig
d. ip a

D. ip a

How well did you know this?

Not at all

Perfectly

Which DNS option digitally signs records in a DNS zone?
a. HTTPS
b. SSH
c. DNSSEC
d. Vendor class identifiers

c. DNSSEC

How well did you know this?

Not at all

Perfectly

You need to configure IPsec on a Windows server. Where should you configure this?
a. Add the IPsec settings in the Windows registry
b. Create an IPsec configuration in Active Directory
c. Add an inbound rule in Windows Defender
d. Add a Connection Security Rule in the Windows Defender advanced settings

d. Add a connection security rule in the Windows Defender advanced settings

How well did you know this?

Not at all

Perfectly

Which protocol removes the need for configuring IP settings on each station?
a. FTP
b. SSH
c. DNS
d. DHCP

d. DHCP

How well did you know this?

Not at all

Perfectly

You need to configure a default route through an Internet Gateway for your AWS environment. Which IP address should you specify when adding a new route to a routing table in AWS?
a. ::/1
b. 127.0.0.1
c. ::/0
d. 0.0.0.0/0

d. 0.0.0.0/0

How well did you know this?

Not at all

Perfectly

Which Wi-Fi authentication method forwards network connection request to a centralized authentication server?
a. WPA2 Enterprise
b. WEP
c. WPS
d. WPA2 PSK

a. WPA2 Enterprise

How well did you know this?

Not at all

Perfectly

You need to ensure that custom code running within a Microsoft Azure virtual machine has access to read blobs in an Azure storage account. What should you do FIRST?
a. Run the custom code in a Docker container
b. Configure a managed identify for the virtual machine
c. Assign storage account permissions to the virtual machine
d. Embed storage account credentials within the custom code

b. Configure a managed identify for the virtual machine

How well did you know this?

Not at all

Perfectly

Which authentication options are available when deploying a Linux virtual machine in the Microsoft Azure Cloud?
a. Username
b. Password
c. PKI
d. SSH public key authentication

d. SSH public key authentication

How well did you know this?

Not at all

Perfectly

Which type of cloud works best for multiple organizations with the same type of computing and security needs?
a. Public
b. Private
c. Hybrid
d. Community

d. Community

How well did you know this?

Not at all

Perfectly

You have deployed a database in the AWS cloud. Which type of cloud service model is this? a. PaaS b. IaaS c. XaaS d. SaaS

a. PaaS

You have created a CDN profile object in Azure but have not yet specified an origin location for content to be cached. What should you do? a. Create a storage account and link it to the CDN profile b. Import the .CSV CDN configuration file to the CDN profile c. Add an endpoint to the storage account d. Add an endpoint to the CDN profile

d. Add an endpoint to the CDN profile

Which is the default DNS suffix for Microsoft Azure web apps? a. Azurewebsites.net b. Azureedge.net c. Onmicrosoft.com d. Stor.azure.net

a. Azurewebsites.net

Which CCM-related item can be used as cloud security checklist? a. CAIQ b. SLO c. SLA d. ISO

a. CAIQ

What is the primary benefit of a Content Delivery Network? a. Application proxy b. Reduced network latency c. Increase user sign-in security d. Increased network latency

b. Reduced network latency

Your organization uses a PaaS database solution. In order to remain compliant with various security standards, the underlying server OS must be patched regularly. Who bears this responsibility? a. Auditors b. Cloud Tenant c. Cloud Service provider d. Auditors and cloud service provider

c. Cloud service provider

You are deploying a Microsoft Windows Server virtual machine in the Microsoft Azure cloud. All Windows virtual machines need to allow RDP and HTTPS connections from an on-premises network. Which strategy works best for setting OSI layer 4 rules to control traffic coming into the servers? a. Create a network security group and associated it with each VM network interface b. Create a route table and associate it with the VM subset c. Create a network security group and associate it with the VM subnet d. Create a route table and associate it with each VM network interface

b. Create a network security group and associate it with the VM subnet

Which detail differentiates application containers from virtual machines? a. Containers do not contain an entire full operating system b. Containers cannot have network listening ports enabld c. Containers have their own file system d. Containers require a host with special software installed

a. Containers do not contain an entire full operating system d. Containers require a host with special software installed

Which operating system component is recommended to be installed prior to installing Docker Desktop on Windows? a. Group Policy b. WSL c. RDP d. Web Server

b. WSL

Which Docker CLI command is used to view running containers? a. Docker rmi b. Docker images c. Dockers ps d. Dockers stop

c. docker ps

In which type of virtualization environment do users connect to a remote desktop using a thin client? a. Operating system virtualization b. Cloud computing c. Desktop virtualization d. Application virtualization

c. Desktop virtualization

You need to ensure that Microsoft Hyper-V guests can interact on the physical network. Which type of virtual network switch should you configure? a. Public b. Internal c. Private d. External

d. External

Which data security standard applies to cardholder data? a. HIPAA b. PCI DSS c. PIPEDA d. GDPR

b. PCI DSS

Which AWS service is used for data discovery and classification? a. EC2 b. GuardDuty c. Macie d. S3

c. Macie

Which data sensitivity regulation applies to European Union citizens private data? a. PCI DSS b. HIPAA c. GDPR d. PIPEDA

c. GDPR

You are reviewing the Amazon Web Service S3 Bucket SLA. Which metric is used to determine whether service credits will be awarded to customers? a. Daily uptime in seconds b. Monthly uptime percentage c. % CPU utilization d. Storage capacity

b. Monthly uptime percentage

Which data privacy regulation is directly related to the medical industry? a. HIPAA b. GDPR c. PIPEDA d. PCI DSS

a. HIPAA

Your organization is collecting information regarding political party affiliations for government statistic purposes. Which type of data is this? a. PHI b. SPI c. PCI d. PII

b. SPI

What prevents drone from operating in no-fly zones? a. Control range b. The operator c. Firmware d. Restricting chip

c. Firmware

You have installed Microsoft File Server Resource Manager on a Windows server. You would like to search for PII and set a flag to "Yes" or "No" when PII is detected. What is the first thing you should do? a. Run the classification rule b. Create a local property c. Set a classification schedule d. Set permissions for file scanning

b. Create a local property

You would like to enforce data loss prevention policies on user stations running word processor and spreadsheet programs. What should you do? a. Run the programs centrally from a server b. Set the policies to "enforce" c. Install ad configure DLP agents on client devices d. Nothing; DLP policies only work with cloud programs

c. Install and configure DLP agents on client devices

Which security framework addresses the most common web application vulnerabilities? a. CIS b. OWASP Top 10 c. CVE d. OSSINT

b. OWASP Top 10

Which OWASP Top 10 item addresses the problem of granting too many permissions to users? a. cryptographic failures b. Broken access control c. Injection d. Insecure design

b. Broken Access control

How do APTs differ from other common cybersecurity threats? a. Their CVE rating always falls between 1 and 5 b. Their CVSS rating always falls between 1 and 5 c. Threat actors commonly include highly skilled nation-state or organized crime members d. The malware propagates itself over the network

c. Threat actors commonly include highly skilled nation-state or organized crime members

Which MITRE ATT&CK categories includes determining whether Microsoft Active Directory is being used? a. Discovery b. Persistence c. Evasion d. Reconnaissance

a. Discovery

What should be done to address the organization's current security posture and realizing security goals? a. Perform a network scan b. Patch systems c. Perform a gap analysis d. Perform a vulnerability assessment

c. Perform a gap analysis

Which ISO/IEC standard focuses on information security management? a. 27001 b. 2022 c. 7001 d. 2000

a. 27001

Which format is used for CVE naming? a. Digits-Year-Score b. CVE-Year-Digits c. Year-Digits-CVE d. Score-Year-Digits

b. CVE-Year-Digits

Which type of security policy details how remote workers should connect to company private networks? a. Email policy b. Acceptable use policy c. VPN policy d. Social media policy

c. VPN policy

To which IT components do CIS security benchmarks apply? a. Operating Systems b. Identify federation c. Web servers d. Authentication factors

a. Operating Systems c. Web Servers

Which CVSS score represents the most serious threat? a. 10 b. 16 c. 5 d. 0

a. 10

Which risk management framework stems from a European agency? a. ISO b. NIST c. ENISA d. OSI

c. ENISA

Which Microsoft Windows Performance Monitor tool can be used to establish a performance baseline? a. Group Policy b. DCS c. RDP d. SLA

b. DCS

Which risk treatment applies when the level of risk is unacceptable? a. Risk Reduction b. Risk Transfer c. Risk Avoidance d. Risk Acceptance

c. Risk Avoidance

Which risk treatment is synonymous with risk retention? a. Risk Reduction b. Risk Transfer c. Risk Avoidance d. Risk Acceptance

d. Risk Acceptance

Which type of risk treatment applies security controls to reduce threat impact? a. Risk transfer b. Risk avoidance c. Risk reduction d. Risk acceptance

c. Risk Reduction

How does configuration management differ from change management? a. Configuration management applies solely to security controls, change management applies to long-term system desired performance b. Configuration management keeps systems performance at a desired level over time, change management is short-term c. Change management keeps systems performance at a desired level over time, configuration management is short-term d. Change management keeps systems performance above a specified level over time configuration management is short term

b. Configuration management keeps systems performace at a desired level over time, change management is short term

Cybersecurity insurance is considered to be which kind of risk treatment? a. Risk Avoidance b. Risk acceptance c. Risk Transfer d. Risk Reduction

c. Risk Transfer

Which items normally appear is a risk registry? a. Past security incidents b. Compliance mapping c. Owner d. Mitigation

c. Owner d. Mitigation

What is the purpose of calculating the Annual Loss Expectancy (ALE)? a. To determine compliance with applicable regulations b. To determine threat likelihood c. To determine the maximum cost that should be spent on mitigating security controls d. To determine the percentage of asset loss

c. To determine the maximum cost that should be spent on mitigating security controls

You are deploying a new antimalware program to user smartphones. Which type of security control is this? a. Administrative b. Compensating c. Detective d. Preventative

c. Detective

You have enabled Microsoft Azure account replication. When the primary region for the storage account is not reachable, what should you do? a. Failback to the primary region b. Failover to the primary region c. Nothing; replication is enabled d. Failover to the secondary region

d. Failover to the secondary region

Where are Azure backup items stored? a. Key Vault b. Recovery services vault c. Storage account d. Cosmos DB

b. Recovery Services vault

Which business continuity metric relates to the maximum tolerable amount of data loss? a. RTO b. SLA c. RPO d. MTTR

c. RPO

Which business continuity metric relates to the maximum tolerable amount of down time? a. RPO b. MTTR c. RTO d. SLA

c. RTO

After eradicating threats using IRP, which step is done next? a. Patch vulnerable systems b. Generate an incident summary report c. Verify that the threat has been eradicated d. Update the IRP

c. Verify that the threat has been eradicated

Which Cyber Kill Chain step relates to tricking users into installing malware on their devices? a. Installing b. Reconnaissance c. Delivery d. Weaponization

c. Delivery

What is the primary purpose of incident containment? a. Report generation b. Prevent spread c. Eradication d. Patching

b. Prevent Spread

What do incident response plans that strive to return disrupted systems to a functional state quickly adhere to? a. RPO b. GDPR c. RTO d. SLA

c. RTO

You are updating the incident response plan (IRP) for an automated assembly line process. Which IRP component will facilitate speedy escalations when needed? a. Revision history b. Definition of terms c. Eradication procedures d. Communication plan

d. Communication plan

After eradicating and verifying a malware outbreak on the network, you perform post-incident analysis to determine how quickly the IRP was applied. Which metric should you analyze? a. Recovery time objective b. Disk write bytes c. Disk read bytes d. Mean time to respond

d. mean time to respond

Which type of DNS record query is rare and could indicated command and control traffic? a. A b. AAAA c. TXT d. CNAME

c. TXT

Which pilar of the Diamond Model of Intrusion Analysis focuses on communication channels? a. Victim b. Infrastructure c. Capability d. Adversary

b. Infrastructure

Which Linux command is used to create a filesystem? a. Partrobe b. Mkfs c. Fdisk d. Mount

b. mkfs

Your windows server performance has degraded significantly. You need to determine if a specific is consuming most of the CPU time. Which tool should you use? a. Group Policy b. Task Manager c. Performance d. Regecit

b. Task Manager

Which hardware security component can be used to store BitLocker encryption keys? a. TPM b. PCI c. HSM d. SLA

a. TPM

What is wrong with this Linux command? sudo status service ssh a. 'ssh' is not a valid daemon name b. The words 'status' and 'service' must be interchanged c. 'sudo' must be removed d. 'service' should be 'serviceunit'

b. The words 'status' and 'service' must be interchanged

Which type of disk initialization is limited to 4 partitions? a. TPM b. GPT c. HSM d. MBR

d. MBR

Which tool can be used to view and modify the Windows registry? a. CertUtil b. RDP c. Regedit d. MMC

c. Regedit

Which Linux runlevel reboots a system? a. 6 b. 0 c. 5 d. 3

a. 6

Which Linux command can be used to view BIOS version information? a. lsusb b. cpuinfo c. lsblk d. dmidecode

d. dmidecode

How does a Windows data collector set (DCS) differ from using Performance Monitor? a. A DCS cannot monitor memory utilization b. A DCS can be scheduled c. Performance Monitor can be scheduled d. Performance Monitor cannot monitor memory utilization

b. A DSC can be scheduled

Which type of authentication is based on physical characteristics? a. Multifactor b. Something you have c. Biometric d. Something you know

c. Biometric

Which command is used to set a password for an LDAP user? a. ldappasswd b. slapcat c. slapd d. usermod

a. ldappasswd

Which server file stores SSH public keys for users? a. /etc/resolv.conf b. authorized_keys c. id_rsa d. id_rsa.pub

b. authorized_keys

Where are Microsoft Azure cloud user accounts configured? a. Within a virtual machine b. IAM c. Azure AD d. Microsoft Active Directory

c. Azure AD

You have configured Group Policy password settings in Active Directory. You want to test the settings on a domain-joined computer. Which command forces the computer to pull down the latest Group Policy settings? a. Gpupdate b. Ipconfig c. Certutil d. Gpedit.msc

a. gpupdate

Where are Linux user password hases stored? a. /etc/shadow b. /etc/pam.d c. /etc/passwd d. /etc/resolve.conf

a. /etc/shadow

What is the benefit of Microsoft Active Directory user accounts? a. Enhanced user sign-in security b. The accounts are replicated among domain controllers c. The accounts must be secured with MFA d. Ability to sign in from any domain-joined computer

b. The accounts are replicated among domain controllers d. Ability to sign in from any domain-joined computers

You need to verify that the OpenLDAP server daemon is running. What should you type? a. Sudo slapd status b. Sudo openldap status c. Sudo service openldap status d. Sudo service slapd status

d. sudo service slapd status

You are configuring MFA for an AWS IAM user. Which MFA device options are available? a. Smartcard b. Authenticator APP c. Hardware Token d. DVD

b. Authenticator App c. Hardware Token

Which configuration is commonly used to establish trust between an identify provider and a resource provider? a. The resource provider is configured with the identify provider private key b. The identity provider is configured with the resource provider public key c. The identify provider is configured with the identity provider public key d. The resource provider is configured with th identity provider public key

d. The resource provider is configuring with the identity provider public key

Microsoft Azure dynamic group membership constitutes which type of access control? a. MAC b. DAC c. RBAC d. ABAC

d. ABAC

You need to determine how an attacker has gained access to the file system of a Windows server. Which file system configurations should you check? a. Size of disk b. Shared folder permissions c. Compression d. NTFS permissions

b. Shared folder permissions d. NTFS permissions

Which security principal strives to grant only those permissions required to perform a specific task? a. Principle of least privilege b. Single sign-on c. Multifactor authentication d. Deference in-depth

a. Principle of least privilege

Which access control model uses the operating system to determine resource access? a. MAC b. DAC c. ABAC d. RBAC

a. MAC

You are using the Azure portal to configure RBAC. You have opened the properties of a resource group. What should you click on to configure, RBAC? a. Security b. Access Control (IAM) c. Properties d. Monitoring

b. Access control (IAM)

You are configuring Windows Dynamic Access Control. You have created a user claim, enabled the "Department" resource property, and you have created an Access Control Rule. What must you also do? a. Add the central rule to the server audit list b. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy c. Install File Server Resource Manager on file servers d. Install Routing and Remote Access on file servers

b. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy c. Install File Server Resource Manager on file servers

Which Linux command is sued to set file system permissions? a. Chmod b. Chgrp c. Visudo d. Chown

a. chmod

Which Linux command can be used to grant regular users the ability to run privilege commands? a. Visudo b. Grep c. Chmod d. Ps

a. visudo

BitLocker is designed to encrypt which types of objects? a. Folders b. Files c. File Systems d. Cloud Resources

c. File Systems

Hashing applies to which aspect of the CIA security triad? a. Authentication b. Availability c. Confidentiality d. Integrity

d. Integrity

Which term identifies encrypted data? a. Algorithm b. Plain Text c. Ciphertext d. Hash Value

c. Ciphertext

You need to order an HSM solution for your data center. Which options are available? a. PCIe card b. Cloud-based virtual machine c. Network-attached appliance d. Firmware chip added to server motherboard

a. PCIe card c. Network-attached appliance

You would like to securely generate and store keys for Microsoft Azure storage account encryption. Which type of Azure resources stores cryptographic items? a. Resource group b. Key vault c. Virtual machine d. Storage account

b. Key vault

Which Linux commands can be used to generate file hashes? a. Md5sum b. Sha265sum c. Sha5sum d. Md256sum

a. md5sum b. sha256sum

Which command line tool can be used to manage EFS? a. Chmod b. Certutil c. Sudo d. Cipher

d. Cipher

Which PowerShell cmdlet is used to generate file hashes? a. New-MD5Hash b. New-SHA256Hash c. Get-FileHash d. New-CryptHash

c. Get-FileHash

What is the default listening port number for HTTPS? a. 22 b. 25 c. 80 d. 443

d. 443

Which Microsoft PowerShell cmdlet is used generate a file hash? a. Get-FileHash b. Add-FileHash c. New-FileHash d. Set-FileHash

a. Get-FileHash

You have installed a Windows Private CA, but you do not see the option of working with certificate templates. Why is this? a. Certificate templates are not available for private Cas b. Your server is not joined to an Active Directory domain c. Your user account does not have sufficient permissions d. Certificate templated must be managed directly in the file system

b. Your server is not joined to an Active Directory domain

What is required to allow the enabling of an HTTPS binding? a. The server must be joined to an Active Directory domain b. A DNSSEC zone c. PKI certificate d. MFA token

b. A DNSSEC zone

You are managing a Windows 11 device. You would like to view existing computer and user certificates installed on the machine. What should you do? a. Run the Get-FileHash PowerShell cmdlet b. Start MMC and add the Certificates snapin c. Open the Group Policy editor and view certificates settings d. Windows 11 does not support PKI certificates

b. Start MMC and add the Certificates snapin

You must ensure a highly sensitive internal web site uses PKI client authentication. What must be done on the web server? a. The web server be configured with a public CA-issued certificate b. Enable the option to require client PKI certificates c. The web server must be configured with a private CA-issued ertificate d. Ensure the web server in configured to use HTTPS

b. Enable the option to require client PKI certificates d. Ensure the web server is configured to use HTTPS

Which PKI component issues certificates? a. CRL b. User c. CA d. Device

c. CA

What must be done for internal clients to trust private CA-issued certificates? a. The computers must be joined to an Active Directory domain b. Install the private CA trusted root certificate on each client device c. The private CA software must be installed on each client device d. Each client device must have a smartcard reader

b. Install the private CA trusted root certificate on each client device

Which PKI solutions allow for preventing the use of untrusted certificates? a. OCSP b. CA c. Chain of Trust d. CRL

a. OSCP d. CRL

Which snort command starts the snort engine of Linux? a. Snort -A console -I eth0 -c /etc/snort/snort.conf b. Snort -T console -I eth0 c. Snort -A console -I eth0 d. Snort -T console -I eth0 /etc/snort/snort.conf

Snort -A console -I eth0 -c /etc/snort/snort.conf

Which is reverse proxying similar in concept to? a. IPsec b. Packet Filtering c. Port Forwarding d. Load Balancing

d. Load Balancing

Which are commonly used to configure firewall rules on Linux hosts? a. ipconfig b. iptables c. Ufw d. ifconfig

b. iptables c. Ufw

Which type of firewall works up to layer 4 of the OSI model? a. Reverse proxy b. Packet filtering c. Content filtering d. Forward proxy

b. Packet Filtering

Your organization uses Microsoft Active Directory with domain joined computers. You need to deploy the same Windows Defender inbound rules to a subset of those computers. What should you do? a. Create a PowerShell script to create the rules; run the script on each computer b. Configure the rules on each computer c. Configure a GPO targeting the appropriate computers, create inbound rules in the GPO d. Configure the rules on one computer, export them, then import them to the remaining computers

c. Configure a GPO targeting the appropriate computers, create inbound rules in the GPO

Which additional feature does an IPS provide over an IDS? a. Enhanced security rule configuration b. Ability to send alerts when suspicious activity is detected c. Ability to stock attacks in progress d. Ability to log suspicious activity

c. Ability to stop attacks in progress

You need to configure the Squid proxy server. Which file should you edit? a. /var/squid/squid.conf b. /etc/snort/snort.conf c. /var/log/squid.conf d. /etc/squid/squid.conf

d. /etc/squid/squid.conf

To which types of Azure resources can network security groups be associated with? a. Network interfaces b. Vnets c. Subnets d. Virtual machines

a. Network interfaces c. Subnets

Which type of security solution is Azure Bastion? a. Proxy server b. Jump Box c. DDoS mitigation d. Packet filtering firewall

b. Jump Box

Which Windows Server feature is used to centralize update deployment? a. PKI b. AD c. GPO d. WSUS

d. WSUS

You would like a centralized and scalable option for applying updates to numerous Azure VMs. What should you create? a. Threat model b. Log analytics workspace c. Automation account d. WSUS workspace

c. Automation account

Which Windows solution can be used to manage Microsoft updates? a. WSUS b. IIS c. BitLocker d. EFS

a. WSUS

What is the default listening port for a WSUS server? a. 3389 b. 25 c. 443 d. 8530

d. 8530

Which command updates group policy on a single device? a. Gpuupdate b. Cipher c. Ipconfig d. Netsh

a. Gpupdate

What is the overall purpose of IT system hardening? a. Scale the system horizontally b. Reduce the attack surface c. Increase the attack surface d. Scale the system vertically

b. Reduce the attack surface

What can be done to harden an iSCSI SAN? a. Enable iSCSI target authentication b. Patch network printers c. Configure a dedicated iSCSI VLAN d. Enable iSCSI initiator authentication

a. Enable iSCSI target authentication c. Configure a dedicated iSCSI VLAN

What lets attackers know that infected machines are ready to retrieve instructions? a. Malware beaconing b. Command a control servers c. Host port scans d. DNS TXT queries

a. Malware beaconing

Which file extension is commonly used for Python scripts? a. PS1 b. SH c. BAT d. PY

d. PY

Which items could indicate malicious application activity? a. Missing log entries b. Changes to user app permissions c. Updates applies to hosts d. Periodic host reboots

a. Missing log entries b. Changes to user app permissions

Which regular expression symbol matches any one character? a. ;(semicolon) b. ,(comma) c. :(colon) d. .(dot)

d. .(dot)

Which type of threat actor promotes an ideology and does not normally conceal their malicious activities? a. Nation-state b. Organized crime c. Script Kiddie d. Hacktivist

d. Hacktivist

What do IT security baseline facilitate? a. The performance improvement of slow applications b. Detection of security anomalies c. The merger of two companies d. The reduction of security-relates costs

b. Detection of security anomalies

Which Kali Linux command is used to clone a site in an attempt to harvest user credentials? a. Setoolkit b. Chmod c. Hydra d. Nc

a. Setoolkit

Which malware analysis technique contain the malware? a. Configuring a reverse shell b. Detonate malware is a sandbox c. Debug the malware d. Apply updates

b. Detonate malware is a sandbox

Which scripting language uses a shebang line at the beginning of the script? a. Korn b. Bash c. Python d. PowerShell

b. Bash

Which type of malware appears benign but in fact is not? a. Trojan b. Ransomware c. Worm d. Virus

a. Trojan

Which type of attack attempts to trick users with what appears to be a legitimate email message? a. Reverse shell b. Phishing c. Ransomware d. APT

b. Phishing

What could indicate malicious activity on a host? a. Periodic host reboots b. Windows registry changes c. Update applies to hosts d. Web browser homepage changes

b. Windows registry changes d. Web browser home page changes

Which file extension is commonly used for PowerShell scripts? a. SH b. BAT c. PS1 d. PY

c. PS1

Which action can help prevent buffer overflows? a. Firewall rules b. The use of customer-managed encryption keys c. DDos mitigation d. Input validation

d. Input validation

What is the result of using the slowhttptest tool against a web site? a. The site home page is defaces b. An XSS page is placed on the server c. The server is rebooted d. The site stops responding

d. The site stops responding

What can be done to mitigate the possibility of reverse shell attacks? a. PKI certificates b. Antimalware scanner c. MFA d. Firewall rules

b. Antimalware scanner

What can be done to mitigate RDP brute-force attacks? a. Block port 3389 at the firewall b. Enable user MFA c. Install a PKI certificate on the server d. Do not expose servers with RDP to the Internet

b. Enable user MFA d. Do not expose servers with RDP to the Internet

Which XML tag should be limited in its inclusion for server-side apps? a. BODY b. ENTITY c. H1 d. HR

b. ENTITY

Which type of attack uses bots to flood a victim network with useless traffic? a. Privilege escalation b. Buffer overflow c. DDos d. DoS

c. DDoS

You need to ensure special characters are removed from a web form field. Which techniques should you use? a. Input sanitization b. Memory allocation checking c. Input Validation d. Fuzzing

c. Input Validation

Which type of XSS attack is remembered by the server? a. Reflected b. Refracted c. Persistent/stored d. MiTM

a. Reflected

What is the result of a SYN flood attack? a. Multiple closed sessions on the server b. Multiple injection attacks on the server c. Multiple buffer overflows on the server d. Multiple half-open connections on the server

d. Multiple half-open connections on the server

Which Wi-Fi protocols are depracted? a. SSL b. WEP c. TLS d. WPA3

b. WEP

Which techniques are the most effective in mitigating SQL injection attacks? a. Fuzzing b. Input Validation c. Input Sanitization d. Memory allocation checking

b. Input Validation c. Input Sanitization

Which command starts the BeEF service? a. Run beef b. Beef-xss -h c. Beef -start d. Start -start

b. Beef-xss -h

Which items can be analyzed using Joe Sandbox? a. Data Files b. URL c. Applications d. Network router

a. Data Files c. Application

What is the primary incentive for bug bounty hunters? a. Promotion of ideology b. Financial gain c. Peer recognition d. Espionage

b. Financial Gain

You are using a third-party network analysis tool on your Windows computer. Windows Virus & Threat Protection detects this as a threat and prevents the program from running. You need to run the program. What should you do? a. Add the tool as an allowed threat b. Disable Virus & Threat Protection real-time detection c. Update virus definitions d. Run the tool in a virtual machine

a. Add the tool as an allowed threat

What is the purpose of using the Tor Browser? a. To increase the speed of loading web pages b. Regular web content is not accessible c. Visited websites are unaware of the true origin of the connection d. Dark web content is accessible

c. Visited websites are unaware of the true origin of the connection d. Dark web content is accessible

Which type of items can be analyzed using the VirusTotal websites? a. Web component b. Network router c. URL d. File

c. URL d. File

Which items can indicate that an email message is fraudulent? a. Low resolution graphic logos b. Lack a digital signature c. Bad grammar d. corporate email addresses ending in Hotmail.com

c. Bad grammar d. corporate email addresses ending in Hotmail.com

Which types of artifacts can an Azure Blueprint consists of? a. Azure policy assignment b. Subscription c. ARM template d. Virtual machine

a. Azure policy assignment c. ARM template

In which file format does Zenmap save scans? a. CSV b. XML c. PDF d. TXT

b. XML

Which type of attacks is in effect when malicious actors use the Burpsuite? a. Man-in-the-middle b. Denial of service c. Brute force d. Distributed denial of service

a. Man-in-the-middle

Which term is commonly used to describe penetration testing? a. Scheduled testing b. Recurring testing c. Active testing d. Passive Testing

c. Active testing

Which type of SCADA component executes instructions on industrial devices? a. PLC b. DCS c. CAN d. ICS

a. PLC

How do vulnerability scanning tools differ from network scanning tools? a. Networks scanners cannot enumerate host ports b. Vulnerability scanners use a vulnerability database c. Vulnerability scanners cannot enumerate host ports d. Network scanners use a vulnerability database

b. Vulnerability scanners use a vulnerabilities database

Which term describes a collection of related Microsoft Azure policies? a. Policy group b. Subscription c. Initiative d. Resource Group

c. Initiative

Which nmap command line parameter attempts to identify the operating system? a. T b. A c. sU d. O

d. O

You need to run a vulnerability assessment against hosts that mimic an infected host. Which type of scan should you run? a. Non-credentialed b. Scheduled c. Credentialed d. Web Application

c. Credentialed

You have installed Nessus and would like to login to configure a scan. Which should you connect to? a. http://localhost:443 b. http://localhost:8834 c. http://localhost?443 d. http://localhost:80

http://localhost:8834

Which command allows you to interact with the Metasploit framework? a. Use b. Msfconsole c. msfadmin d. Exploit

b. msfconsole

Which data must be supplied when using the OWASP ZAP tool? a. The web application URL b. The web server type c. The web application PKI certification public key d. The web application PKI certification private key

a. The web application URL

Which threat hunting model takes a proactive approach? a. Hypothesis-based b. Custom c. Agile d. Intel-based

a. Hypothesis-based

Which software development methodology fits best with CI/CD? a. Waterfall b. PKI c. SDLC d. Agile

d. Agile

You are exploring a suspect disk image using Autopsy. You have come across a handful of files that you would like to revisit easily. What should you do? a. Tag the files b. Make a list of the file names c. Copy file hashes to the clipboard d. Export each file

a. Tag the files

To what does the "chain of custody" apply? a. Encryption b. Maximum assigned privilege assignments c. Evidence d. Digital signatures

c. Evidence

Which COBIT maturity level represents an effective and refined set of governance practices? a. 5 b. 0 c. 1 d. 3

a. 5

You are using Git for file version control. You need to create a standalone copy of a repository. What should you do? a. Create a fork b. Create a new repository c. Create a branch d. Create a clone

a. Create a fork

A software developer needs to modify code but would like to ensure that offer developers cannot modify that same segment of code. What should the developer do? a. Digitally sign the code b. Check the code out c. Export the code d. Check the code in

d. Check the code in

You are attempting to remove a legal hold policy that you have enabled for an Azure storage account container, but when you edit the policy, you cannot save changes to it. What is the problem? a. Legal hold tags have not been deleted b. You must wait for the legal hold time frame to expire c. Legal hold policies can never be removed after they have been set d. You lack the correct permissions

a. Legal hold tags have not deleted

Which type of digital evidence is considered the most volatile? a. File on DVDs b. RAM contents c. Files on a USB thumb drive d. Temporary swap files

b. RAM contents

What purpose does an IT-based honeypot provide? a. IT system decoy to require user SSO b. IT system decoy to track hacker activity c. IT system decoy to require user MFA d. IT system decoy to protect production data

b. IT system decoy to track hacker activity

Which Linux command show kernal log messages? a. Chmod b. Dmesg c. Logger d. Lsblk

b. dmesg

In which Windows log will user smartcard logon auditing appear? a. System b. Application c. Security d. Hardware

c. Security

What is the default port number used for Linux syslog forwarding? a. 389 b. 443 c. 514 d. 80

c. 514

Which is the default compression type used when logrotate compresses older logs? a. 7zip b. Bzip c. Gzip d. Zip

c. Gzip

Where are most Linux logs located in the file system? a. /var/logs b. /bin/logs c. /etc/logs d. /usr/logs

a. /var/logs

You have configured a honeypot listening on TCP port 80. Fron another station, which tool can you use to run a port scan to trigger honeypot alerts? a. Ping b. Nmap c. SSH d. Traceroute

b. Nmap

You are configuring Windows Event Viewer log forwarding for Windows clients joined to an Actie Directory domain. The logging server will reach out to clients to pull log data to itself. What must be done on each client machine? a. Run Winrm qc b. Run gpupdate /force c. The logging server must be added to the EventLogReaders group d. An Event Viewer subscription must be configured on each client

a. Run Winrm qc c. The logging server must be added to the EventLogReaders group

You need to restrict access to specific Splunk indexes for searching purposes. What should you create in Splunk? a. Role b. Policy Initiative c. Group d. User

a. Role

You are viewing a WireShark packet capture. To which OSI model layer does the IP header correspond to? a. 1 b. 3 c. 4 d. 2

b. 3

Which role does machine learning play in cyber security? a. Denial of service attack mitigation b. Threat hunting c. Conditional authentication d. Permissions restrictions

b. Threat hunting

You are managing a Linux system and need to capture SSH traffic regardless of the packet size. Which command should you use? a. Tcpdump -I ens33 -v -tcpport 22 -A -s0 b. TCPdump -I ens33 -v -port 22 -A -s0 c. Tcpdump -I ens33 -v -tcp 22 -A d. Tcpdump -I ens33 -v -port 22 -A -s0

b. tcpdump -I ens33 -v -port 22 -A -s0

What is the name of the default Splunk index? a. First b. Default c. Main d. Initial

c. Main

Which description defines a false poisitive? a. Benign item or activity is incorrectly identified as being malicious b. Current configuration does not detect malicious item or activity c. No alerts because problematic conditions are absent d. Correctly identified malicious item or activity truly exists

a. Benign item or activity is incorrectly identified as being malicious

Which Splunk command determine which local host items are tracked and sent to the Splunk server? a. Splunk monitor b. Splunk enable c. Splunk set d. Splunk add

a. Splunk monitor

Which phrase defines a situation where activity is determined to be acceptable, and it truly is? a. True negative b. False negative c. False positive d. True positive

a. True negative

Which network protocol is common in industrial control environments? a. Modbus b. HTTP c. PLC d. NFS

a. Modbus

Which is a core function of a SIEM system? a. CI/CD b. Applying patches c. Threat hunting d. Project management

c. Threat Hunting