CYSA Flashcards

1
Q

You need to add a new network route on a Linux host. Which command syntax should you use?
a. add route
b. nslookup
c. ifconfig route add
d. ip route add

A

D. ip route add

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of VPN is firewall friendly?
a. IPsec
b. SSL
c. PPTP
d. L2TP

A

B. SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which IPsec configuration provides confidentiality?
a. IPsec does not provide confidentiality
b. Authentication header
c. Transport Mode
d. Encapsulating security payload

A

D. Encapsulating security payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have used the ‘chrony’ package to configure an NTP server in Linux. Which command show connected time consumers?
a. chronyc activity
b. chronyc clients
c. date
d. timedatectl

A

B. chronyc clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You have created a new VLAN. The DHCP server exists on a separate network. You need to ensure that clients receive their IP configuration through DHCP. Which solution represents the least amount of administrative effort?
a. Enable a shorter DHCP lease interval
b. Configure a DHCP relay agent on the new VLAN
c. Install a new DHCP server on the new VLAN
d. Enable DNS forwarding

A

b. Configure a DHCP relay agent on the new VLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of DNS zone record resolves IP addresses to DNS names?
a. AAAA
b. A
c. PTR
d. CNAME

A

c. PTR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How many bits exist in the IPv6 address space?
a. 32
b. 64
c. 128
d. 16

A

c. 128

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

To which layer of the OSI model does traffic routing apply?
a. Layer 4 (Transport)
b. Layer 2 (Data Link)
c. Layer 3 (Network)
d. Layer 5 (Session)

A

c. Layer 3 (Network)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which port is normally used for NTP communication?
a. 123
b. 80
c. 110
d. 443

A

a. 123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which TCP/IP protocol resolves IP addresses to MAC addresses?
a. ARP
b. UDP
c. TCP
d. ICMP

A

a. ARP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which Wi-Fi authentication method facilitates central log event monitoring for network authentication?
a. WPA Enterprise
b. WPS
c. WPA PSK
d. WEP

A

a. WPA Enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which benefits can be derived from creating VLANS?
a. Network integrity
b. Network encryption
c. Improved network throughput
d. Network traffic isolation

A

c. Improved network throughput
d. Network traffic isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You need a VMware virtual machine’s virtual network adapter to connect directly to the physical network. Which type of network connection should the adapter be configured with?
a. VMnet5
b. Host-only
c. Bridged
d. NAT

A

c. Bridged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have created a new public IP address resource in the Microsoft Azure cloud, but your existing virtual machine does not show a public IP address. What is the problem?
a. The public IP address must be associated with the virtual machine network adapter
b. Cloud virtual machines cannot have public IP addresses
c. The public IP address must exist before the virtual machine is deployed
d. The Azure portal web page needs to be refreshed

A

c. The public address must exist before the virtual machine is deployed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your existing Microsoft Azure virtual network is currently configured with an IPv4 address range of 10.0.0.0/16. Future virtual machines deployed to this virtual network will be configured with addresses in the 192.168.0.0/24 IPv4 address range. What should you do to ensure the virtual machines will communicate correctly in the cloud?
a. Create a subnet using the 192.168.0.0/24 range
b. Add the 192.168.0.0/24 range to the virtual network
c. Create a new vnet using the 192.168.0.0/24 range
d. The 192.168.0.0/24 range cannot be used with vnets

A

a. Create a subnet using the 192.168.0.0/24
b. Add the 192.168.0.0/24 range to the virtual network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which Linux command can be used to display network interfaces and associated IP addresses?
a. lsmod
b. chmod
c. ipconfig
d. ip a

A

D. ip a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which DNS option digitally signs records in a DNS zone?
a. HTTPS
b. SSH
c. DNSSEC
d. Vendor class identifiers

A

c. DNSSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You need to configure IPsec on a Windows server. Where should you configure this?
a. Add the IPsec settings in the Windows registry
b. Create an IPsec configuration in Active Directory
c. Add an inbound rule in Windows Defender
d. Add a Connection Security Rule in the Windows Defender advanced settings

A

d. Add a connection security rule in the Windows Defender advanced settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which protocol removes the need for configuring IP settings on each station?
a. FTP
b. SSH
c. DNS
d. DHCP

A

d. DHCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You need to configure a default route through an Internet Gateway for your AWS environment. Which IP address should you specify when adding a new route to a routing table in AWS?
a. ::/1
b. 127.0.0.1
c. ::/0
d. 0.0.0.0/0

A

d. 0.0.0.0/0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which Wi-Fi authentication method forwards network connection request to a centralized authentication server?
a. WPA2 Enterprise
b. WEP
c. WPS
d. WPA2 PSK

A

a. WPA2 Enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You need to ensure that custom code running within a Microsoft Azure virtual machine has access to read blobs in an Azure storage account. What should you do FIRST?
a. Run the custom code in a Docker container
b. Configure a managed identify for the virtual machine
c. Assign storage account permissions to the virtual machine
d. Embed storage account credentials within the custom code

A

b. Configure a managed identify for the virtual machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which authentication options are available when deploying a Linux virtual machine in the Microsoft Azure Cloud?
a. Username
b. Password
c. PKI
d. SSH public key authentication

A

d. SSH public key authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which type of cloud works best for multiple organizations with the same type of computing and security needs?
a. Public
b. Private
c. Hybrid
d. Community

A

d. Community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
You have deployed a database in the AWS cloud. Which type of cloud service model is this? a. PaaS b. IaaS c. XaaS d. SaaS
a. PaaS
26
You have created a CDN profile object in Azure but have not yet specified an origin location for content to be cached. What should you do? a. Create a storage account and link it to the CDN profile b. Import the .CSV CDN configuration file to the CDN profile c. Add an endpoint to the storage account d. Add an endpoint to the CDN profile
d. Add an endpoint to the CDN profile
27
Which is the default DNS suffix for Microsoft Azure web apps? a. Azurewebsites.net b. Azureedge.net c. Onmicrosoft.com d. Stor.azure.net
a. Azurewebsites.net
28
Which CCM-related item can be used as cloud security checklist? a. CAIQ b. SLO c. SLA d. ISO
a. CAIQ
29
What is the primary benefit of a Content Delivery Network? a. Application proxy b. Reduced network latency c. Increase user sign-in security d. Increased network latency
b. Reduced network latency
30
Your organization uses a PaaS database solution. In order to remain compliant with various security standards, the underlying server OS must be patched regularly. Who bears this responsibility? a. Auditors b. Cloud Tenant c. Cloud Service provider d. Auditors and cloud service provider
c. Cloud service provider
31
You are deploying a Microsoft Windows Server virtual machine in the Microsoft Azure cloud. All Windows virtual machines need to allow RDP and HTTPS connections from an on-premises network. Which strategy works best for setting OSI layer 4 rules to control traffic coming into the servers? a. Create a network security group and associated it with each VM network interface b. Create a route table and associate it with the VM subset c. Create a network security group and associate it with the VM subnet d. Create a route table and associate it with each VM network interface
b. Create a network security group and associate it with the VM subnet
32
Which detail differentiates application containers from virtual machines? a. Containers do not contain an entire full operating system b. Containers cannot have network listening ports enabld c. Containers have their own file system d. Containers require a host with special software installed
a. Containers do not contain an entire full operating system d. Containers require a host with special software installed
33
Which operating system component is recommended to be installed prior to installing Docker Desktop on Windows? a. Group Policy b. WSL c. RDP d. Web Server
b. WSL
34
Which Docker CLI command is used to view running containers? a. Docker rmi b. Docker images c. Dockers ps d. Dockers stop
c. docker ps
35
In which type of virtualization environment do users connect to a remote desktop using a thin client? a. Operating system virtualization b. Cloud computing c. Desktop virtualization d. Application virtualization
c. Desktop virtualization
36
You need to ensure that Microsoft Hyper-V guests can interact on the physical network. Which type of virtual network switch should you configure? a. Public b. Internal c. Private d. External
d. External
37
Which data security standard applies to cardholder data? a. HIPAA b. PCI DSS c. PIPEDA d. GDPR
b. PCI DSS
38
Which AWS service is used for data discovery and classification? a. EC2 b. GuardDuty c. Macie d. S3
c. Macie
39
Which data sensitivity regulation applies to European Union citizens private data? a. PCI DSS b. HIPAA c. GDPR d. PIPEDA
c. GDPR
40
You are reviewing the Amazon Web Service S3 Bucket SLA. Which metric is used to determine whether service credits will be awarded to customers? a. Daily uptime in seconds b. Monthly uptime percentage c. % CPU utilization d. Storage capacity
b. Monthly uptime percentage
41
Which data privacy regulation is directly related to the medical industry? a. HIPAA b. GDPR c. PIPEDA d. PCI DSS
a. HIPAA
42
Your organization is collecting information regarding political party affiliations for government statistic purposes. Which type of data is this? a. PHI b. SPI c. PCI d. PII
b. SPI
43
What prevents drone from operating in no-fly zones? a. Control range b. The operator c. Firmware d. Restricting chip
c. Firmware
44
You have installed Microsoft File Server Resource Manager on a Windows server. You would like to search for PII and set a flag to "Yes" or "No" when PII is detected. What is the first thing you should do? a. Run the classification rule b. Create a local property c. Set a classification schedule d. Set permissions for file scanning
b. Create a local property
45
You would like to enforce data loss prevention policies on user stations running word processor and spreadsheet programs. What should you do? a. Run the programs centrally from a server b. Set the policies to "enforce" c. Install ad configure DLP agents on client devices d. Nothing; DLP policies only work with cloud programs
c. Install and configure DLP agents on client devices
46
Which security framework addresses the most common web application vulnerabilities? a. CIS b. OWASP Top 10 c. CVE d. OSSINT
b. OWASP Top 10
47
Which OWASP Top 10 item addresses the problem of granting too many permissions to users? a. cryptographic failures b. Broken access control c. Injection d. Insecure design
b. Broken Access control
48
How do APTs differ from other common cybersecurity threats? a. Their CVE rating always falls between 1 and 5 b. Their CVSS rating always falls between 1 and 5 c. Threat actors commonly include highly skilled nation-state or organized crime members d. The malware propagates itself over the network
c. Threat actors commonly include highly skilled nation-state or organized crime members
49
Which MITRE ATT&CK categories includes determining whether Microsoft Active Directory is being used? a. Discovery b. Persistence c. Evasion d. Reconnaissance
a. Discovery
50
What should be done to address the organization's current security posture and realizing security goals? a. Perform a network scan b. Patch systems c. Perform a gap analysis d. Perform a vulnerability assessment
c. Perform a gap analysis
51
Which ISO/IEC standard focuses on information security management? a. 27001 b. 2022 c. 7001 d. 2000
a. 27001
52
Which format is used for CVE naming? a. Digits-Year-Score b. CVE-Year-Digits c. Year-Digits-CVE d. Score-Year-Digits
b. CVE-Year-Digits
53
Which type of security policy details how remote workers should connect to company private networks? a. Email policy b. Acceptable use policy c. VPN policy d. Social media policy
c. VPN policy
54
To which IT components do CIS security benchmarks apply? a. Operating Systems b. Identify federation c. Web servers d. Authentication factors
a. Operating Systems c. Web Servers
55
Which CVSS score represents the most serious threat? a. 10 b. 16 c. 5 d. 0
a. 10
56
Which risk management framework stems from a European agency? a. ISO b. NIST c. ENISA d. OSI
c. ENISA
57
Which Microsoft Windows Performance Monitor tool can be used to establish a performance baseline? a. Group Policy b. DCS c. RDP d. SLA
b. DCS
58
Which risk treatment applies when the level of risk is unacceptable? a. Risk Reduction b. Risk Transfer c. Risk Avoidance d. Risk Acceptance
c. Risk Avoidance
59
Which risk treatment is synonymous with risk retention? a. Risk Reduction b. Risk Transfer c. Risk Avoidance d. Risk Acceptance
d. Risk Acceptance
60
Which type of risk treatment applies security controls to reduce threat impact? a. Risk transfer b. Risk avoidance c. Risk reduction d. Risk acceptance
c. Risk Reduction
61
How does configuration management differ from change management? a. Configuration management applies solely to security controls, change management applies to long-term system desired performance b. Configuration management keeps systems performance at a desired level over time, change management is short-term c. Change management keeps systems performance at a desired level over time, configuration management is short-term d. Change management keeps systems performance above a specified level over time configuration management is short term
b. Configuration management keeps systems performace at a desired level over time, change management is short term
62
Cybersecurity insurance is considered to be which kind of risk treatment? a. Risk Avoidance b. Risk acceptance c. Risk Transfer d. Risk Reduction
c. Risk Transfer
63
Which items normally appear is a risk registry? a. Past security incidents b. Compliance mapping c. Owner d. Mitigation
c. Owner d. Mitigation
64
What is the purpose of calculating the Annual Loss Expectancy (ALE)? a. To determine compliance with applicable regulations b. To determine threat likelihood c. To determine the maximum cost that should be spent on mitigating security controls d. To determine the percentage of asset loss
c. To determine the maximum cost that should be spent on mitigating security controls
65
You are deploying a new antimalware program to user smartphones. Which type of security control is this? a. Administrative b. Compensating c. Detective d. Preventative
c. Detective
66
You have enabled Microsoft Azure account replication. When the primary region for the storage account is not reachable, what should you do? a. Failback to the primary region b. Failover to the primary region c. Nothing; replication is enabled d. Failover to the secondary region
d. Failover to the secondary region
67
Where are Azure backup items stored? a. Key Vault b. Recovery services vault c. Storage account d. Cosmos DB
b. Recovery Services vault
68
Which business continuity metric relates to the maximum tolerable amount of data loss? a. RTO b. SLA c. RPO d. MTTR
c. RPO
69
Which business continuity metric relates to the maximum tolerable amount of down time? a. RPO b. MTTR c. RTO d. SLA
c. RTO
70
After eradicating threats using IRP, which step is done next? a. Patch vulnerable systems b. Generate an incident summary report c. Verify that the threat has been eradicated d. Update the IRP
c. Verify that the threat has been eradicated
71
Which Cyber Kill Chain step relates to tricking users into installing malware on their devices? a. Installing b. Reconnaissance c. Delivery d. Weaponization
c. Delivery
72
What is the primary purpose of incident containment? a. Report generation b. Prevent spread c. Eradication d. Patching
b. Prevent Spread
73
What do incident response plans that strive to return disrupted systems to a functional state quickly adhere to? a. RPO b. GDPR c. RTO d. SLA
c. RTO
74
You are updating the incident response plan (IRP) for an automated assembly line process. Which IRP component will facilitate speedy escalations when needed? a. Revision history b. Definition of terms c. Eradication procedures d. Communication plan
d. Communication plan
75
After eradicating and verifying a malware outbreak on the network, you perform post-incident analysis to determine how quickly the IRP was applied. Which metric should you analyze? a. Recovery time objective b. Disk write bytes c. Disk read bytes d. Mean time to respond
d. mean time to respond
76
Which type of DNS record query is rare and could indicated command and control traffic? a. A b. AAAA c. TXT d. CNAME
c. TXT
77
Which pilar of the Diamond Model of Intrusion Analysis focuses on communication channels? a. Victim b. Infrastructure c. Capability d. Adversary
b. Infrastructure
78
Which Linux command is used to create a filesystem? a. Partrobe b. Mkfs c. Fdisk d. Mount
b. mkfs
79
Your windows server performance has degraded significantly. You need to determine if a specific is consuming most of the CPU time. Which tool should you use? a. Group Policy b. Task Manager c. Performance d. Regecit
b. Task Manager
80
Which hardware security component can be used to store BitLocker encryption keys? a. TPM b. PCI c. HSM d. SLA
a. TPM
81
What is wrong with this Linux command? sudo status service ssh a. 'ssh' is not a valid daemon name b. The words 'status' and 'service' must be interchanged c. 'sudo' must be removed d. 'service' should be 'serviceunit'
b. The words 'status' and 'service' must be interchanged
82
Which type of disk initialization is limited to 4 partitions? a. TPM b. GPT c. HSM d. MBR
d. MBR
83
Which tool can be used to view and modify the Windows registry? a. CertUtil b. RDP c. Regedit d. MMC
c. Regedit
84
Which Linux runlevel reboots a system? a. 6 b. 0 c. 5 d. 3
a. 6
85
Which Linux command can be used to view BIOS version information? a. lsusb b. cpuinfo c. lsblk d. dmidecode
d. dmidecode
86
How does a Windows data collector set (DCS) differ from using Performance Monitor? a. A DCS cannot monitor memory utilization b. A DCS can be scheduled c. Performance Monitor can be scheduled d. Performance Monitor cannot monitor memory utilization
b. A DSC can be scheduled
87
Which type of authentication is based on physical characteristics? a. Multifactor b. Something you have c. Biometric d. Something you know
c. Biometric
88
Which command is used to set a password for an LDAP user? a. ldappasswd b. slapcat c. slapd d. usermod
a. ldappasswd
89
Which server file stores SSH public keys for users? a. /etc/resolv.conf b. authorized_keys c. id_rsa d. id_rsa.pub
b. authorized_keys
90
Where are Microsoft Azure cloud user accounts configured? a. Within a virtual machine b. IAM c. Azure AD d. Microsoft Active Directory
c. Azure AD
91
You have configured Group Policy password settings in Active Directory. You want to test the settings on a domain-joined computer. Which command forces the computer to pull down the latest Group Policy settings? a. Gpupdate b. Ipconfig c. Certutil d. Gpedit.msc
a. gpupdate
92
Where are Linux user password hases stored? a. /etc/shadow b. /etc/pam.d c. /etc/passwd d. /etc/resolve.conf
a. /etc/shadow
93
What is the benefit of Microsoft Active Directory user accounts? a. Enhanced user sign-in security b. The accounts are replicated among domain controllers c. The accounts must be secured with MFA d. Ability to sign in from any domain-joined computer
b. The accounts are replicated among domain controllers d. Ability to sign in from any domain-joined computers
94
You need to verify that the OpenLDAP server daemon is running. What should you type? a. Sudo slapd status b. Sudo openldap status c. Sudo service openldap status d. Sudo service slapd status
d. sudo service slapd status
95
You are configuring MFA for an AWS IAM user. Which MFA device options are available? a. Smartcard b. Authenticator APP c. Hardware Token d. DVD
b. Authenticator App c. Hardware Token
96
Which configuration is commonly used to establish trust between an identify provider and a resource provider? a. The resource provider is configured with the identify provider private key b. The identity provider is configured with the resource provider public key c. The identify provider is configured with the identity provider public key d. The resource provider is configured with th identity provider public key
d. The resource provider is configuring with the identity provider public key
97
Microsoft Azure dynamic group membership constitutes which type of access control? a. MAC b. DAC c. RBAC d. ABAC
d. ABAC
98
You need to determine how an attacker has gained access to the file system of a Windows server. Which file system configurations should you check? a. Size of disk b. Shared folder permissions c. Compression d. NTFS permissions
b. Shared folder permissions d. NTFS permissions
99
Which security principal strives to grant only those permissions required to perform a specific task? a. Principle of least privilege b. Single sign-on c. Multifactor authentication d. Deference in-depth
a. Principle of least privilege
100
Which access control model uses the operating system to determine resource access? a. MAC b. DAC c. ABAC d. RBAC
a. MAC
101
You are using the Azure portal to configure RBAC. You have opened the properties of a resource group. What should you click on to configure, RBAC? a. Security b. Access Control (IAM) c. Properties d. Monitoring
b. Access control (IAM)
102
You are configuring Windows Dynamic Access Control. You have created a user claim, enabled the "Department" resource property, and you have created an Access Control Rule. What must you also do? a. Add the central rule to the server audit list b. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy c. Install File Server Resource Manager on file servers d. Install Routing and Remote Access on file servers
b. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy c. Install File Server Resource Manager on file servers
103
Which Linux command is sued to set file system permissions? a. Chmod b. Chgrp c. Visudo d. Chown
a. chmod
104
Which Linux command can be used to grant regular users the ability to run privilege commands? a. Visudo b. Grep c. Chmod d. Ps
a. visudo
105
BitLocker is designed to encrypt which types of objects? a. Folders b. Files c. File Systems d. Cloud Resources
c. File Systems
106
Hashing applies to which aspect of the CIA security triad? a. Authentication b. Availability c. Confidentiality d. Integrity
d. Integrity
107
Which term identifies encrypted data? a. Algorithm b. Plain Text c. Ciphertext d. Hash Value
c. Ciphertext
108
You need to order an HSM solution for your data center. Which options are available? a. PCIe card b. Cloud-based virtual machine c. Network-attached appliance d. Firmware chip added to server motherboard
a. PCIe card c. Network-attached appliance
109
You would like to securely generate and store keys for Microsoft Azure storage account encryption. Which type of Azure resources stores cryptographic items? a. Resource group b. Key vault c. Virtual machine d. Storage account
b. Key vault
110
Which Linux commands can be used to generate file hashes? a. Md5sum b. Sha265sum c. Sha5sum d. Md256sum
a. md5sum b. sha256sum
111
Which command line tool can be used to manage EFS? a. Chmod b. Certutil c. Sudo d. Cipher
d. Cipher
112
Which PowerShell cmdlet is used to generate file hashes? a. New-MD5Hash b. New-SHA256Hash c. Get-FileHash d. New-CryptHash
c. Get-FileHash
113
What is the default listening port number for HTTPS? a. 22 b. 25 c. 80 d. 443
d. 443
114
Which Microsoft PowerShell cmdlet is used generate a file hash? a. Get-FileHash b. Add-FileHash c. New-FileHash d. Set-FileHash
a. Get-FileHash
115
You have installed a Windows Private CA, but you do not see the option of working with certificate templates. Why is this? a. Certificate templates are not available for private Cas b. Your server is not joined to an Active Directory domain c. Your user account does not have sufficient permissions d. Certificate templated must be managed directly in the file system
b. Your server is not joined to an Active Directory domain
116
What is required to allow the enabling of an HTTPS binding? a. The server must be joined to an Active Directory domain b. A DNSSEC zone c. PKI certificate d. MFA token
b. A DNSSEC zone
117
You are managing a Windows 11 device. You would like to view existing computer and user certificates installed on the machine. What should you do? a. Run the Get-FileHash PowerShell cmdlet b. Start MMC and add the Certificates snapin c. Open the Group Policy editor and view certificates settings d. Windows 11 does not support PKI certificates
b. Start MMC and add the Certificates snapin
118
You must ensure a highly sensitive internal web site uses PKI client authentication. What must be done on the web server? a. The web server be configured with a public CA-issued certificate b. Enable the option to require client PKI certificates c. The web server must be configured with a private CA-issued ertificate d. Ensure the web server in configured to use HTTPS
b. Enable the option to require client PKI certificates d. Ensure the web server is configured to use HTTPS
119
Which PKI component issues certificates? a. CRL b. User c. CA d. Device
c. CA
120
What must be done for internal clients to trust private CA-issued certificates? a. The computers must be joined to an Active Directory domain b. Install the private CA trusted root certificate on each client device c. The private CA software must be installed on each client device d. Each client device must have a smartcard reader
b. Install the private CA trusted root certificate on each client device
121
Which PKI solutions allow for preventing the use of untrusted certificates? a. OCSP b. CA c. Chain of Trust d. CRL
a. OSCP d. CRL
122
Which snort command starts the snort engine of Linux? a. Snort -A console -I eth0 -c /etc/snort/snort.conf b. Snort -T console -I eth0 c. Snort -A console -I eth0 d. Snort -T console -I eth0 /etc/snort/snort.conf
Snort -A console -I eth0 -c /etc/snort/snort.conf
123
Which is reverse proxying similar in concept to? a. IPsec b. Packet Filtering c. Port Forwarding d. Load Balancing
d. Load Balancing
124
Which are commonly used to configure firewall rules on Linux hosts? a. ipconfig b. iptables c. Ufw d. ifconfig
b. iptables c. Ufw
125
Which type of firewall works up to layer 4 of the OSI model? a. Reverse proxy b. Packet filtering c. Content filtering d. Forward proxy
b. Packet Filtering
126
Your organization uses Microsoft Active Directory with domain joined computers. You need to deploy the same Windows Defender inbound rules to a subset of those computers. What should you do? a. Create a PowerShell script to create the rules; run the script on each computer b. Configure the rules on each computer c. Configure a GPO targeting the appropriate computers, create inbound rules in the GPO d. Configure the rules on one computer, export them, then import them to the remaining computers
c. Configure a GPO targeting the appropriate computers, create inbound rules in the GPO
127
Which additional feature does an IPS provide over an IDS? a. Enhanced security rule configuration b. Ability to send alerts when suspicious activity is detected c. Ability to stock attacks in progress d. Ability to log suspicious activity
c. Ability to stop attacks in progress
128
You need to configure the Squid proxy server. Which file should you edit? a. /var/squid/squid.conf b. /etc/snort/snort.conf c. /var/log/squid.conf d. /etc/squid/squid.conf
d. /etc/squid/squid.conf
129
To which types of Azure resources can network security groups be associated with? a. Network interfaces b. Vnets c. Subnets d. Virtual machines
a. Network interfaces c. Subnets
130
Which type of security solution is Azure Bastion? a. Proxy server b. Jump Box c. DDoS mitigation d. Packet filtering firewall
b. Jump Box
131
Which Windows Server feature is used to centralize update deployment? a. PKI b. AD c. GPO d. WSUS
d. WSUS
132
You would like a centralized and scalable option for applying updates to numerous Azure VMs. What should you create? a. Threat model b. Log analytics workspace c. Automation account d. WSUS workspace
c. Automation account
133
Which Windows solution can be used to manage Microsoft updates? a. WSUS b. IIS c. BitLocker d. EFS
a. WSUS
134
What is the default listening port for a WSUS server? a. 3389 b. 25 c. 443 d. 8530
d. 8530
135
Which command updates group policy on a single device? a. Gpuupdate b. Cipher c. Ipconfig d. Netsh
a. Gpupdate
136
What is the overall purpose of IT system hardening? a. Scale the system horizontally b. Reduce the attack surface c. Increase the attack surface d. Scale the system vertically
b. Reduce the attack surface
137
What can be done to harden an iSCSI SAN? a. Enable iSCSI target authentication b. Patch network printers c. Configure a dedicated iSCSI VLAN d. Enable iSCSI initiator authentication
a. Enable iSCSI target authentication c. Configure a dedicated iSCSI VLAN
138
What lets attackers know that infected machines are ready to retrieve instructions? a. Malware beaconing b. Command a control servers c. Host port scans d. DNS TXT queries
a. Malware beaconing
139
Which file extension is commonly used for Python scripts? a. PS1 b. SH c. BAT d. PY
d. PY
140
Which items could indicate malicious application activity? a. Missing log entries b. Changes to user app permissions c. Updates applies to hosts d. Periodic host reboots
a. Missing log entries b. Changes to user app permissions
141
Which regular expression symbol matches any one character? a. ;(semicolon) b. ,(comma) c. :(colon) d. .(dot)
d. .(dot)
142
Which type of threat actor promotes an ideology and does not normally conceal their malicious activities? a. Nation-state b. Organized crime c. Script Kiddie d. Hacktivist
d. Hacktivist
143
What do IT security baseline facilitate? a. The performance improvement of slow applications b. Detection of security anomalies c. The merger of two companies d. The reduction of security-relates costs
b. Detection of security anomalies
144
Which Kali Linux command is used to clone a site in an attempt to harvest user credentials? a. Setoolkit b. Chmod c. Hydra d. Nc
a. Setoolkit
145
Which malware analysis technique contain the malware? a. Configuring a reverse shell b. Detonate malware is a sandbox c. Debug the malware d. Apply updates
b. Detonate malware is a sandbox
146
Which scripting language uses a shebang line at the beginning of the script? a. Korn b. Bash c. Python d. PowerShell
b. Bash
147
Which type of malware appears benign but in fact is not? a. Trojan b. Ransomware c. Worm d. Virus
a. Trojan
148
Which type of attack attempts to trick users with what appears to be a legitimate email message? a. Reverse shell b. Phishing c. Ransomware d. APT
b. Phishing
149
What could indicate malicious activity on a host? a. Periodic host reboots b. Windows registry changes c. Update applies to hosts d. Web browser homepage changes
b. Windows registry changes d. Web browser home page changes
150
Which file extension is commonly used for PowerShell scripts? a. SH b. BAT c. PS1 d. PY
c. PS1
151
Which action can help prevent buffer overflows? a. Firewall rules b. The use of customer-managed encryption keys c. DDos mitigation d. Input validation
d. Input validation
152
What is the result of using the slowhttptest tool against a web site? a. The site home page is defaces b. An XSS page is placed on the server c. The server is rebooted d. The site stops responding
d. The site stops responding
153
What can be done to mitigate the possibility of reverse shell attacks? a. PKI certificates b. Antimalware scanner c. MFA d. Firewall rules
b. Antimalware scanner
154
What can be done to mitigate RDP brute-force attacks? a. Block port 3389 at the firewall b. Enable user MFA c. Install a PKI certificate on the server d. Do not expose servers with RDP to the Internet
b. Enable user MFA d. Do not expose servers with RDP to the Internet
155
Which XML tag should be limited in its inclusion for server-side apps? a. BODY b. ENTITY c. H1 d. HR
b. ENTITY
156
Which type of attack uses bots to flood a victim network with useless traffic? a. Privilege escalation b. Buffer overflow c. DDos d. DoS
c. DDoS
157
You need to ensure special characters are removed from a web form field. Which techniques should you use? a. Input sanitization b. Memory allocation checking c. Input Validation d. Fuzzing
c. Input Validation
158
Which type of XSS attack is remembered by the server? a. Reflected b. Refracted c. Persistent/stored d. MiTM
a. Reflected
159
What is the result of a SYN flood attack? a. Multiple closed sessions on the server b. Multiple injection attacks on the server c. Multiple buffer overflows on the server d. Multiple half-open connections on the server
d. Multiple half-open connections on the server
160
Which Wi-Fi protocols are depracted? a. SSL b. WEP c. TLS d. WPA3
b. WEP
161
Which techniques are the most effective in mitigating SQL injection attacks? a. Fuzzing b. Input Validation c. Input Sanitization d. Memory allocation checking
b. Input Validation c. Input Sanitization
162
Which command starts the BeEF service? a. Run beef b. Beef-xss -h c. Beef -start d. Start -start
b. Beef-xss -h
163
Which items can be analyzed using Joe Sandbox? a. Data Files b. URL c. Applications d. Network router
a. Data Files c. Application
164
What is the primary incentive for bug bounty hunters? a. Promotion of ideology b. Financial gain c. Peer recognition d. Espionage
b. Financial Gain
165
You are using a third-party network analysis tool on your Windows computer. Windows Virus & Threat Protection detects this as a threat and prevents the program from running. You need to run the program. What should you do? a. Add the tool as an allowed threat b. Disable Virus & Threat Protection real-time detection c. Update virus definitions d. Run the tool in a virtual machine
a. Add the tool as an allowed threat
166
What is the purpose of using the Tor Browser? a. To increase the speed of loading web pages b. Regular web content is not accessible c. Visited websites are unaware of the true origin of the connection d. Dark web content is accessible
c. Visited websites are unaware of the true origin of the connection d. Dark web content is accessible
167
Which type of items can be analyzed using the VirusTotal websites? a. Web component b. Network router c. URL d. File
c. URL d. File
168
Which items can indicate that an email message is fraudulent? a. Low resolution graphic logos b. Lack a digital signature c. Bad grammar d. corporate email addresses ending in Hotmail.com
c. Bad grammar d. corporate email addresses ending in Hotmail.com
169
Which types of artifacts can an Azure Blueprint consists of? a. Azure policy assignment b. Subscription c. ARM template d. Virtual machine
a. Azure policy assignment c. ARM template
170
In which file format does Zenmap save scans? a. CSV b. XML c. PDF d. TXT
b. XML
171
Which type of attacks is in effect when malicious actors use the Burpsuite? a. Man-in-the-middle b. Denial of service c. Brute force d. Distributed denial of service
a. Man-in-the-middle
172
Which term is commonly used to describe penetration testing? a. Scheduled testing b. Recurring testing c. Active testing d. Passive Testing
c. Active testing
173
Which type of SCADA component executes instructions on industrial devices? a. PLC b. DCS c. CAN d. ICS
a. PLC
174
How do vulnerability scanning tools differ from network scanning tools? a. Networks scanners cannot enumerate host ports b. Vulnerability scanners use a vulnerability database c. Vulnerability scanners cannot enumerate host ports d. Network scanners use a vulnerability database
b. Vulnerability scanners use a vulnerabilities database
175
Which term describes a collection of related Microsoft Azure policies? a. Policy group b. Subscription c. Initiative d. Resource Group
c. Initiative
176
Which nmap command line parameter attempts to identify the operating system? a. T b. A c. sU d. O
d. O
177
You need to run a vulnerability assessment against hosts that mimic an infected host. Which type of scan should you run? a. Non-credentialed b. Scheduled c. Credentialed d. Web Application
c. Credentialed
178
You have installed Nessus and would like to login to configure a scan. Which should you connect to? a. http://localhost:443 b. http://localhost:8834 c. http://localhost?443 d. http://localhost:80
http://localhost:8834
179
Which command allows you to interact with the Metasploit framework? a. Use b. Msfconsole c. msfadmin d. Exploit
b. msfconsole
180
Which data must be supplied when using the OWASP ZAP tool? a. The web application URL b. The web server type c. The web application PKI certification public key d. The web application PKI certification private key
a. The web application URL
181
Which threat hunting model takes a proactive approach? a. Hypothesis-based b. Custom c. Agile d. Intel-based
a. Hypothesis-based
182
Which software development methodology fits best with CI/CD? a. Waterfall b. PKI c. SDLC d. Agile
d. Agile
183
You are exploring a suspect disk image using Autopsy. You have come across a handful of files that you would like to revisit easily. What should you do? a. Tag the files b. Make a list of the file names c. Copy file hashes to the clipboard d. Export each file
a. Tag the files
184
To what does the "chain of custody" apply? a. Encryption b. Maximum assigned privilege assignments c. Evidence d. Digital signatures
c. Evidence
185
Which COBIT maturity level represents an effective and refined set of governance practices? a. 5 b. 0 c. 1 d. 3
a. 5
186
You are using Git for file version control. You need to create a standalone copy of a repository. What should you do? a. Create a fork b. Create a new repository c. Create a branch d. Create a clone
a. Create a fork
187
A software developer needs to modify code but would like to ensure that offer developers cannot modify that same segment of code. What should the developer do? a. Digitally sign the code b. Check the code out c. Export the code d. Check the code in
d. Check the code in
188
You are attempting to remove a legal hold policy that you have enabled for an Azure storage account container, but when you edit the policy, you cannot save changes to it. What is the problem? a. Legal hold tags have not been deleted b. You must wait for the legal hold time frame to expire c. Legal hold policies can never be removed after they have been set d. You lack the correct permissions
a. Legal hold tags have not deleted
189
Which type of digital evidence is considered the most volatile? a. File on DVDs b. RAM contents c. Files on a USB thumb drive d. Temporary swap files
b. RAM contents
190
What purpose does an IT-based honeypot provide? a. IT system decoy to require user SSO b. IT system decoy to track hacker activity c. IT system decoy to require user MFA d. IT system decoy to protect production data
b. IT system decoy to track hacker activity
191
Which Linux command show kernal log messages? a. Chmod b. Dmesg c. Logger d. Lsblk
b. dmesg
192
In which Windows log will user smartcard logon auditing appear? a. System b. Application c. Security d. Hardware
c. Security
193
What is the default port number used for Linux syslog forwarding? a. 389 b. 443 c. 514 d. 80
c. 514
194
Which is the default compression type used when logrotate compresses older logs? a. 7zip b. Bzip c. Gzip d. Zip
c. Gzip
195
Where are most Linux logs located in the file system? a. /var/logs b. /bin/logs c. /etc/logs d. /usr/logs
a. /var/logs
196
You have configured a honeypot listening on TCP port 80. Fron another station, which tool can you use to run a port scan to trigger honeypot alerts? a. Ping b. Nmap c. SSH d. Traceroute
b. Nmap
197
You are configuring Windows Event Viewer log forwarding for Windows clients joined to an Actie Directory domain. The logging server will reach out to clients to pull log data to itself. What must be done on each client machine? a. Run Winrm qc b. Run gpupdate /force c. The logging server must be added to the EventLogReaders group d. An Event Viewer subscription must be configured on each client
a. Run Winrm qc c. The logging server must be added to the EventLogReaders group
198
You need to restrict access to specific Splunk indexes for searching purposes. What should you create in Splunk? a. Role b. Policy Initiative c. Group d. User
a. Role
199
You are viewing a WireShark packet capture. To which OSI model layer does the IP header correspond to? a. 1 b. 3 c. 4 d. 2
b. 3
200
Which role does machine learning play in cyber security? a. Denial of service attack mitigation b. Threat hunting c. Conditional authentication d. Permissions restrictions
b. Threat hunting
201
You are managing a Linux system and need to capture SSH traffic regardless of the packet size. Which command should you use? a. Tcpdump -I ens33 -v -tcpport 22 -A -s0 b. TCPdump -I ens33 -v -port 22 -A -s0 c. Tcpdump -I ens33 -v -tcp 22 -A d. Tcpdump -I ens33 -v -port 22 -A -s0
b. tcpdump -I ens33 -v -port 22 -A -s0
202
What is the name of the default Splunk index? a. First b. Default c. Main d. Initial
c. Main
203
Which description defines a false poisitive? a. Benign item or activity is incorrectly identified as being malicious b. Current configuration does not detect malicious item or activity c. No alerts because problematic conditions are absent d. Correctly identified malicious item or activity truly exists
a. Benign item or activity is incorrectly identified as being malicious
204
Which Splunk command determine which local host items are tracked and sent to the Splunk server? a. Splunk monitor b. Splunk enable c. Splunk set d. Splunk add
a. Splunk monitor
205
Which phrase defines a situation where activity is determined to be acceptable, and it truly is? a. True negative b. False negative c. False positive d. True positive
a. True negative
206
Which network protocol is common in industrial control environments? a. Modbus b. HTTP c. PLC d. NFS
a. Modbus
207
Which is a core function of a SIEM system? a. CI/CD b. Applying patches c. Threat hunting d. Project management
c. Threat Hunting