CYSA Flashcards
You need to add a new network route on a Linux host. Which command syntax should you use?
a. add route
b. nslookup
c. ifconfig route add
d. ip route add
D. ip route add
Which type of VPN is firewall friendly?
a. IPsec
b. SSL
c. PPTP
d. L2TP
B. SSL
Which IPsec configuration provides confidentiality?
a. IPsec does not provide confidentiality
b. Authentication header
c. Transport Mode
d. Encapsulating security payload
D. Encapsulating security payload
You have used the ‘chrony’ package to configure an NTP server in Linux. Which command show connected time consumers?
a. chronyc activity
b. chronyc clients
c. date
d. timedatectl
B. chronyc clients
You have created a new VLAN. The DHCP server exists on a separate network. You need to ensure that clients receive their IP configuration through DHCP. Which solution represents the least amount of administrative effort?
a. Enable a shorter DHCP lease interval
b. Configure a DHCP relay agent on the new VLAN
c. Install a new DHCP server on the new VLAN
d. Enable DNS forwarding
b. Configure a DHCP relay agent on the new VLAN
Which type of DNS zone record resolves IP addresses to DNS names?
a. AAAA
b. A
c. PTR
d. CNAME
c. PTR
How many bits exist in the IPv6 address space?
a. 32
b. 64
c. 128
d. 16
c. 128
To which layer of the OSI model does traffic routing apply?
a. Layer 4 (Transport)
b. Layer 2 (Data Link)
c. Layer 3 (Network)
d. Layer 5 (Session)
c. Layer 3 (Network)
Which port is normally used for NTP communication?
a. 123
b. 80
c. 110
d. 443
a. 123
Which TCP/IP protocol resolves IP addresses to MAC addresses?
a. ARP
b. UDP
c. TCP
d. ICMP
a. ARP
Which Wi-Fi authentication method facilitates central log event monitoring for network authentication?
a. WPA Enterprise
b. WPS
c. WPA PSK
d. WEP
a. WPA Enterprise
Which benefits can be derived from creating VLANS?
a. Network integrity
b. Network encryption
c. Improved network throughput
d. Network traffic isolation
c. Improved network throughput
d. Network traffic isolation
You need a VMware virtual machine’s virtual network adapter to connect directly to the physical network. Which type of network connection should the adapter be configured with?
a. VMnet5
b. Host-only
c. Bridged
d. NAT
c. Bridged
You have created a new public IP address resource in the Microsoft Azure cloud, but your existing virtual machine does not show a public IP address. What is the problem?
a. The public IP address must be associated with the virtual machine network adapter
b. Cloud virtual machines cannot have public IP addresses
c. The public IP address must exist before the virtual machine is deployed
d. The Azure portal web page needs to be refreshed
c. The public address must exist before the virtual machine is deployed
Your existing Microsoft Azure virtual network is currently configured with an IPv4 address range of 10.0.0.0/16. Future virtual machines deployed to this virtual network will be configured with addresses in the 192.168.0.0/24 IPv4 address range. What should you do to ensure the virtual machines will communicate correctly in the cloud?
a. Create a subnet using the 192.168.0.0/24 range
b. Add the 192.168.0.0/24 range to the virtual network
c. Create a new vnet using the 192.168.0.0/24 range
d. The 192.168.0.0/24 range cannot be used with vnets
a. Create a subnet using the 192.168.0.0/24
b. Add the 192.168.0.0/24 range to the virtual network
Which Linux command can be used to display network interfaces and associated IP addresses?
a. lsmod
b. chmod
c. ipconfig
d. ip a
D. ip a
Which DNS option digitally signs records in a DNS zone?
a. HTTPS
b. SSH
c. DNSSEC
d. Vendor class identifiers
c. DNSSEC
You need to configure IPsec on a Windows server. Where should you configure this?
a. Add the IPsec settings in the Windows registry
b. Create an IPsec configuration in Active Directory
c. Add an inbound rule in Windows Defender
d. Add a Connection Security Rule in the Windows Defender advanced settings
d. Add a connection security rule in the Windows Defender advanced settings
Which protocol removes the need for configuring IP settings on each station?
a. FTP
b. SSH
c. DNS
d. DHCP
d. DHCP
You need to configure a default route through an Internet Gateway for your AWS environment. Which IP address should you specify when adding a new route to a routing table in AWS?
a. ::/1
b. 127.0.0.1
c. ::/0
d. 0.0.0.0/0
d. 0.0.0.0/0
Which Wi-Fi authentication method forwards network connection request to a centralized authentication server?
a. WPA2 Enterprise
b. WEP
c. WPS
d. WPA2 PSK
a. WPA2 Enterprise
You need to ensure that custom code running within a Microsoft Azure virtual machine has access to read blobs in an Azure storage account. What should you do FIRST?
a. Run the custom code in a Docker container
b. Configure a managed identify for the virtual machine
c. Assign storage account permissions to the virtual machine
d. Embed storage account credentials within the custom code
b. Configure a managed identify for the virtual machine
Which authentication options are available when deploying a Linux virtual machine in the Microsoft Azure Cloud?
a. Username
b. Password
c. PKI
d. SSH public key authentication
d. SSH public key authentication
Which type of cloud works best for multiple organizations with the same type of computing and security needs?
a. Public
b. Private
c. Hybrid
d. Community
d. Community
You have deployed a database in the AWS cloud. Which type of cloud service model is this?
a. PaaS
b. IaaS
c. XaaS
d. SaaS
a. PaaS
You have created a CDN profile object in Azure but have not yet specified an origin location for content to be cached. What should you do?
a. Create a storage account and link it to the CDN profile
b. Import the .CSV CDN configuration file to the CDN profile
c. Add an endpoint to the storage account
d. Add an endpoint to the CDN profile
d. Add an endpoint to the CDN profile
Which is the default DNS suffix for Microsoft Azure web apps?
a. Azurewebsites.net
b. Azureedge.net
c. Onmicrosoft.com
d. Stor.azure.net
a. Azurewebsites.net
Which CCM-related item can be used as cloud security checklist?
a. CAIQ
b. SLO
c. SLA
d. ISO
a. CAIQ
What is the primary benefit of a Content Delivery Network?
a. Application proxy
b. Reduced network latency
c. Increase user sign-in security
d. Increased network latency
b. Reduced network latency
Your organization uses a PaaS database solution. In order to remain compliant with various security standards, the underlying server OS must be patched regularly. Who bears this responsibility?
a. Auditors
b. Cloud Tenant
c. Cloud Service provider
d. Auditors and cloud service provider
c. Cloud service provider
You are deploying a Microsoft Windows Server virtual machine in the Microsoft Azure cloud. All Windows virtual machines need to allow RDP and HTTPS connections from an on-premises network. Which strategy works best for setting OSI layer 4 rules to control traffic coming into the servers?
a. Create a network security group and associated it with each VM network interface
b. Create a route table and associate it with the VM subset
c. Create a network security group and associate it with the VM subnet
d. Create a route table and associate it with each VM network interface
b. Create a network security group and associate it with the VM subnet
Which detail differentiates application containers from virtual machines?
a. Containers do not contain an entire full operating system
b. Containers cannot have network listening ports enabld
c. Containers have their own file system
d. Containers require a host with special software installed
a. Containers do not contain an entire full operating system
d. Containers require a host with special software installed
Which operating system component is recommended to be installed prior to installing Docker Desktop on Windows?
a. Group Policy
b. WSL
c. RDP
d. Web Server
b. WSL
Which Docker CLI command is used to view running containers?
a. Docker rmi
b. Docker images
c. Dockers ps
d. Dockers stop
c. docker ps
In which type of virtualization environment do users connect to a remote desktop using a thin client?
a. Operating system virtualization
b. Cloud computing
c. Desktop virtualization
d. Application virtualization
c. Desktop virtualization
You need to ensure that Microsoft Hyper-V guests can interact on the physical network. Which type of virtual network switch should you configure?
a. Public
b. Internal
c. Private
d. External
d. External
Which data security standard applies to cardholder data?
a. HIPAA
b. PCI DSS
c. PIPEDA
d. GDPR
b. PCI DSS
Which AWS service is used for data discovery and classification?
a. EC2
b. GuardDuty
c. Macie
d. S3
c. Macie
Which data sensitivity regulation applies to European Union citizens private data?
a. PCI DSS
b. HIPAA
c. GDPR
d. PIPEDA
c. GDPR
You are reviewing the Amazon Web Service S3 Bucket SLA. Which metric is used to determine whether service credits will be awarded to customers?
a. Daily uptime in seconds
b. Monthly uptime percentage
c. % CPU utilization
d. Storage capacity
b. Monthly uptime percentage
Which data privacy regulation is directly related to the medical industry?
a. HIPAA
b. GDPR
c. PIPEDA
d. PCI DSS
a. HIPAA
Your organization is collecting information regarding political party affiliations for government statistic purposes. Which type of data is this?
a. PHI
b. SPI
c. PCI
d. PII
b. SPI
What prevents drone from operating in no-fly zones?
a. Control range
b. The operator
c. Firmware
d. Restricting chip
c. Firmware
You have installed Microsoft File Server Resource Manager on a Windows server. You would like to search for PII and set a flag to “Yes” or “No” when PII is detected. What is the first thing you should do?
a. Run the classification rule
b. Create a local property
c. Set a classification schedule
d. Set permissions for file scanning
b. Create a local property
You would like to enforce data loss prevention policies on user stations running word processor and spreadsheet programs. What should you do?
a. Run the programs centrally from a server
b. Set the policies to “enforce”
c. Install ad configure DLP agents on client devices
d. Nothing; DLP policies only work with cloud programs
c. Install and configure DLP agents on client devices
Which security framework addresses the most common web application vulnerabilities?
a. CIS
b. OWASP Top 10
c. CVE
d. OSSINT
b. OWASP Top 10
Which OWASP Top 10 item addresses the problem of granting too many permissions to users?
a. cryptographic failures
b. Broken access control
c. Injection
d. Insecure design
b. Broken Access control
How do APTs differ from other common cybersecurity threats?
a. Their CVE rating always falls between 1 and 5
b. Their CVSS rating always falls between 1 and 5
c. Threat actors commonly include highly skilled nation-state or organized crime members
d. The malware propagates itself over the network
c. Threat actors commonly include highly skilled nation-state or organized crime members
Which MITRE ATT&CK categories includes determining whether Microsoft Active Directory is being used?
a. Discovery
b. Persistence
c. Evasion
d. Reconnaissance
a. Discovery
What should be done to address the organization’s current security posture and realizing security goals?
a. Perform a network scan
b. Patch systems
c. Perform a gap analysis
d. Perform a vulnerability assessment
c. Perform a gap analysis
Which ISO/IEC standard focuses on information security management?
a. 27001
b. 2022
c. 7001
d. 2000
a. 27001
Which format is used for CVE naming?
a. Digits-Year-Score
b. CVE-Year-Digits
c. Year-Digits-CVE
d. Score-Year-Digits
b. CVE-Year-Digits
Which type of security policy details how remote workers should connect to company private networks?
a. Email policy
b. Acceptable use policy
c. VPN policy
d. Social media policy
c. VPN policy
To which IT components do CIS security benchmarks apply?
a. Operating Systems
b. Identify federation
c. Web servers
d. Authentication
factors
a. Operating Systems
c. Web Servers
Which CVSS score represents the most serious threat?
a. 10
b. 16
c. 5
d. 0
a. 10
Which risk management framework stems from a European agency?
a. ISO
b. NIST
c. ENISA
d. OSI
c. ENISA
Which Microsoft Windows Performance Monitor tool can be used to establish a performance baseline?
a. Group Policy
b. DCS
c. RDP
d. SLA
b. DCS
Which risk treatment applies when the level of risk is unacceptable?
a. Risk Reduction
b. Risk Transfer
c. Risk Avoidance
d. Risk Acceptance
c. Risk Avoidance
Which risk treatment is synonymous with risk retention?
a. Risk Reduction
b. Risk Transfer
c. Risk Avoidance
d. Risk Acceptance
d. Risk Acceptance
Which type of risk treatment applies security controls to reduce threat impact?
a. Risk transfer
b. Risk avoidance
c. Risk reduction
d. Risk acceptance
c. Risk Reduction
How does configuration management differ from change management?
a. Configuration management applies solely to security controls, change management applies to long-term system desired performance
b. Configuration management keeps systems performance at a desired level over time, change management is short-term
c. Change management keeps systems performance at a desired level over time, configuration management is short-term
d. Change management keeps systems performance above a specified level over time configuration management is short term
b. Configuration management keeps systems performace at a desired level over time, change management is short term
Cybersecurity insurance is considered to be which kind of risk treatment?
a. Risk Avoidance
b. Risk acceptance
c. Risk Transfer
d. Risk Reduction
c. Risk Transfer
Which items normally appear is a risk registry?
a. Past security incidents
b. Compliance mapping
c. Owner
d. Mitigation
c. Owner
d. Mitigation
What is the purpose of calculating the Annual Loss Expectancy (ALE)?
a. To determine compliance with applicable regulations
b. To determine threat likelihood
c. To determine the maximum cost that should be spent on mitigating security controls
d. To determine the percentage of asset loss
c. To determine the maximum cost that should be spent on mitigating security controls
You are deploying a new antimalware program to user smartphones. Which type of security control is this?
a. Administrative
b. Compensating
c. Detective
d. Preventative
c. Detective
You have enabled Microsoft Azure account replication. When the primary region for the storage account is not reachable, what should you do?
a. Failback to the primary region
b. Failover to the primary region
c. Nothing; replication is enabled
d. Failover to the secondary region
d. Failover to the secondary region
Where are Azure backup items stored?
a. Key Vault
b. Recovery services vault
c. Storage account
d. Cosmos DB
b. Recovery Services vault
Which business continuity metric relates to the maximum tolerable amount of data loss?
a. RTO
b. SLA
c. RPO
d. MTTR
c. RPO
Which business continuity metric relates to the maximum tolerable amount of down time?
a. RPO
b. MTTR
c. RTO
d. SLA
c. RTO
After eradicating threats using IRP, which step is done next?
a. Patch vulnerable systems
b. Generate an incident summary report
c. Verify that the threat has been eradicated
d. Update the IRP
c. Verify that the threat has been eradicated
Which Cyber Kill Chain step relates to tricking users into installing malware on their devices?
a. Installing
b. Reconnaissance
c. Delivery
d. Weaponization
c. Delivery
What is the primary purpose of incident containment?
a. Report generation
b. Prevent spread
c. Eradication
d. Patching
b. Prevent Spread
What do incident response plans that strive to return disrupted systems to a functional state quickly adhere to?
a. RPO
b. GDPR
c. RTO
d. SLA
c. RTO
You are updating the incident response plan (IRP) for an automated assembly line process. Which IRP component will facilitate speedy escalations when needed?
a. Revision history
b. Definition of terms
c. Eradication procedures
d. Communication plan
d. Communication plan
After eradicating and verifying a malware outbreak on the network, you perform post-incident analysis to determine how quickly the IRP was applied. Which metric should you analyze?
a. Recovery time objective
b. Disk write bytes
c. Disk read bytes
d. Mean time to respond
d. mean time to respond
Which type of DNS record query is rare and could indicated command and control traffic?
a. A
b. AAAA
c. TXT
d. CNAME
c. TXT
Which pilar of the Diamond Model of Intrusion Analysis focuses on communication channels?
a. Victim
b. Infrastructure
c. Capability
d. Adversary
b. Infrastructure
Which Linux command is used to create a filesystem?
a. Partrobe
b. Mkfs
c. Fdisk
d. Mount
b. mkfs
Your windows server performance has degraded significantly. You need to determine if a specific is consuming most of the CPU time. Which tool should you use?
a. Group Policy
b. Task Manager
c. Performance
d. Regecit
b. Task Manager
Which hardware security component can be used to store BitLocker encryption keys?
a. TPM
b. PCI
c. HSM
d. SLA
a. TPM
What is wrong with this Linux command?
sudo status service ssh
a. ‘ssh’ is not a valid daemon name
b. The words ‘status’ and ‘service’ must be interchanged
c. ‘sudo’ must be removed
d. ‘service’ should be ‘serviceunit’
b. The words ‘status’ and ‘service’ must be interchanged
Which type of disk initialization is limited to 4 partitions?
a. TPM
b. GPT
c. HSM
d. MBR
d. MBR
Which tool can be used to view and modify the Windows registry?
a. CertUtil
b. RDP
c. Regedit
d. MMC
c. Regedit
Which Linux runlevel reboots a system?
a. 6
b. 0
c. 5
d. 3
a. 6
Which Linux command can be used to view BIOS version information?
a. lsusb
b. cpuinfo
c. lsblk
d. dmidecode
d. dmidecode
How does a Windows data collector set (DCS) differ from using Performance Monitor?
a. A DCS cannot monitor memory utilization
b. A DCS can be scheduled
c. Performance Monitor can be scheduled
d. Performance Monitor cannot monitor memory utilization
b. A DSC can be scheduled
Which type of authentication is based on physical characteristics?
a. Multifactor
b. Something you have
c. Biometric
d. Something you know
c. Biometric
Which command is used to set a password for an LDAP user?
a. ldappasswd
b. slapcat
c. slapd
d. usermod
a. ldappasswd
Which server file stores SSH public keys for users?
a. /etc/resolv.conf
b. authorized_keys
c. id_rsa
d. id_rsa.pub
b. authorized_keys
Where are Microsoft Azure cloud user accounts configured?
a. Within a virtual machine
b. IAM
c. Azure AD
d. Microsoft Active Directory
c. Azure AD
You have configured Group Policy password settings in Active Directory. You want to test the settings on a domain-joined computer. Which command forces the computer to pull down the latest Group Policy settings?
a. Gpupdate
b. Ipconfig
c. Certutil
d. Gpedit.msc
a. gpupdate
Where are Linux user password hases stored?
a. /etc/shadow
b. /etc/pam.d
c. /etc/passwd
d. /etc/resolve.conf
a. /etc/shadow
What is the benefit of Microsoft Active Directory user accounts?
a. Enhanced user sign-in security
b. The accounts are replicated among domain controllers
c. The accounts must be secured with MFA
d. Ability to sign in from any domain-joined computer
b. The accounts are replicated among domain controllers
d. Ability to sign in from any domain-joined computers
You need to verify that the OpenLDAP server daemon is running. What should you type?
a. Sudo slapd status
b. Sudo openldap status
c. Sudo service openldap status
d. Sudo service slapd status
d. sudo service slapd status
You are configuring MFA for an AWS IAM user. Which MFA device options are available?
a. Smartcard
b. Authenticator APP
c. Hardware Token
d. DVD
b. Authenticator App
c. Hardware Token
Which configuration is commonly used to establish trust between an identify provider and a resource provider?
a. The resource provider is configured with the identify provider private key
b. The identity provider is configured with the resource provider public key
c. The identify provider is configured with the identity provider public key
d. The resource provider is configured with th identity provider public key
d. The resource provider is configuring with the identity provider public key
Microsoft Azure dynamic group membership constitutes which type of access control?
a. MAC
b. DAC
c. RBAC
d. ABAC
d. ABAC
You need to determine how an attacker has gained access to the file system of a Windows server. Which file system configurations should you check?
a. Size of disk
b. Shared folder permissions
c. Compression
d. NTFS permissions
b. Shared folder permissions
d. NTFS permissions
Which security principal strives to grant only those permissions required to perform a specific task?
a. Principle of least privilege
b. Single sign-on
c. Multifactor authentication
d. Deference in-depth
a. Principle of least privilege
Which access control model uses the operating system to determine resource access?
a. MAC
b. DAC
c. ABAC
d. RBAC
a. MAC
You are using the Azure portal to configure RBAC. You have opened the properties of a resource group. What should you click on to configure, RBAC?
a. Security
b. Access Control (IAM)
c. Properties
d. Monitoring
b. Access control (IAM)
You are configuring Windows Dynamic Access Control. You have created a user claim, enabled the “Department” resource property, and you have created an Access Control Rule. What must you also do?
a. Add the central rule to the server audit list
b. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy
c. Install File Server Resource Manager on file servers
d. Install Routing and Remote Access on file servers
b. Add the central access rule to a Central Access Policy (CAS), deploy the CAS using Group Policy
c. Install File Server Resource Manager on file servers
Which Linux command is sued to set file system permissions?
a. Chmod
b. Chgrp
c. Visudo
d. Chown
a. chmod
Which Linux command can be used to grant regular users the ability to run privilege commands?
a. Visudo
b. Grep
c. Chmod
d. Ps
a. visudo
BitLocker is designed to encrypt which types of objects?
a. Folders
b. Files
c. File Systems
d. Cloud Resources
c. File Systems
Hashing applies to which aspect of the CIA security triad?
a. Authentication
b. Availability
c. Confidentiality
d. Integrity
d. Integrity
Which term identifies encrypted data?
a. Algorithm
b. Plain Text
c. Ciphertext
d. Hash Value
c. Ciphertext
You need to order an HSM solution for your data center. Which options are available?
a. PCIe card
b. Cloud-based virtual machine
c. Network-attached appliance
d. Firmware chip added to server motherboard
a. PCIe card
c. Network-attached appliance
You would like to securely generate and store keys for Microsoft Azure storage account encryption. Which type of Azure resources stores cryptographic items?
a. Resource group
b. Key vault
c. Virtual machine
d. Storage account
b. Key vault
Which Linux commands can be used to generate file hashes?
a. Md5sum
b. Sha265sum
c. Sha5sum
d. Md256sum
a. md5sum
b. sha256sum
Which command line tool can be used to manage EFS?
a. Chmod
b. Certutil
c. Sudo
d. Cipher
d. Cipher
Which PowerShell cmdlet is used to generate file hashes?
a. New-MD5Hash
b. New-SHA256Hash
c. Get-FileHash
d. New-CryptHash
c. Get-FileHash
What is the default listening port number for HTTPS?
a. 22
b. 25
c. 80
d. 443
d. 443
Which Microsoft PowerShell cmdlet is used generate a file hash?
a. Get-FileHash
b. Add-FileHash
c. New-FileHash
d. Set-FileHash
a. Get-FileHash
You have installed a Windows Private CA, but you do not see the option of working with certificate templates. Why is this?
a. Certificate templates are not available for private Cas
b. Your server is not joined to an Active Directory domain
c. Your user account does not have sufficient permissions
d. Certificate templated must be managed directly in the file system
b. Your server is not joined to an Active Directory domain
What is required to allow the enabling of an HTTPS binding?
a. The server must be joined to an Active Directory domain
b. A DNSSEC zone
c. PKI certificate
d. MFA token
b. A DNSSEC zone
You are managing a Windows 11 device. You would like to view existing computer and user certificates installed on the machine. What should you do?
a. Run the Get-FileHash PowerShell cmdlet
b. Start MMC and add the Certificates snapin
c. Open the Group Policy editor and view certificates settings
d. Windows 11 does not support PKI certificates
b. Start MMC and add the Certificates snapin
You must ensure a highly sensitive internal web site uses PKI client authentication. What must be done on the web server?
a. The web server be configured with a public CA-issued certificate
b. Enable the option to require client PKI certificates
c. The web server must be configured with a private CA-issued ertificate
d. Ensure the web server in configured to use HTTPS
b. Enable the option to require client PKI certificates
d. Ensure the web server is configured to use HTTPS
Which PKI component issues certificates?
a. CRL
b. User
c. CA
d. Device
c. CA
What must be done for internal clients to trust private CA-issued certificates?
a. The computers must be joined to an Active Directory domain
b. Install the private CA trusted root certificate on each client device
c. The private CA software must be installed on each client device
d. Each client device must have a smartcard reader
b. Install the private CA trusted root certificate on each client device
Which PKI solutions allow for preventing the use of untrusted certificates?
a. OCSP
b. CA
c. Chain of Trust
d. CRL
a. OSCP
d. CRL
Which snort command starts the snort engine of Linux?
a. Snort -A console -I eth0 -c /etc/snort/snort.conf
b. Snort -T console -I eth0
c. Snort -A console -I eth0
d. Snort -T console -I eth0 /etc/snort/snort.conf
Snort -A console -I eth0 -c /etc/snort/snort.conf
Which is reverse proxying similar in concept to?
a. IPsec
b. Packet Filtering
c. Port Forwarding
d. Load Balancing
d. Load Balancing
Which are commonly used to configure firewall rules on Linux hosts?
a. ipconfig
b. iptables
c. Ufw
d. ifconfig
b. iptables
c. Ufw
Which type of firewall works up to layer 4 of the OSI model?
a. Reverse proxy
b. Packet filtering
c. Content filtering
d. Forward proxy
b. Packet Filtering
Your organization uses Microsoft Active Directory with domain joined computers. You need to deploy the same Windows Defender inbound rules to a subset of those computers. What should you do?
a. Create a PowerShell script to create the rules; run the script on each computer
b. Configure the rules on each computer
c. Configure a GPO targeting the appropriate computers, create inbound rules in the GPO
d. Configure the rules on one computer, export them, then import them to the remaining computers
c. Configure a GPO targeting the appropriate computers, create inbound rules in the GPO
Which additional feature does an IPS provide over an IDS?
a. Enhanced security rule configuration
b. Ability to send alerts when suspicious activity is detected
c. Ability to stock attacks in progress
d. Ability to log suspicious activity
c. Ability to stop attacks in progress
You need to configure the Squid proxy server. Which file should you edit?
a. /var/squid/squid.conf
b. /etc/snort/snort.conf
c. /var/log/squid.conf
d. /etc/squid/squid.conf
d. /etc/squid/squid.conf
To which types of Azure resources can network security groups be associated with?
a. Network interfaces
b. Vnets
c. Subnets
d. Virtual machines
a. Network interfaces
c. Subnets
Which type of security solution is Azure Bastion?
a. Proxy server
b. Jump Box
c. DDoS mitigation
d. Packet filtering firewall
b. Jump Box
Which Windows Server feature is used to centralize update deployment?
a. PKI
b. AD
c. GPO
d. WSUS
d. WSUS
You would like a centralized and scalable option for applying updates to numerous Azure VMs. What should you create?
a. Threat model
b. Log analytics workspace
c. Automation account
d. WSUS workspace
c. Automation account
Which Windows solution can be used to manage Microsoft updates?
a. WSUS
b. IIS
c. BitLocker
d. EFS
a. WSUS
What is the default listening port for a WSUS server?
a. 3389
b. 25
c. 443
d. 8530
d. 8530
Which command updates group policy on a single device?
a. Gpuupdate
b. Cipher
c. Ipconfig
d. Netsh
a. Gpupdate
What is the overall purpose of IT system hardening?
a. Scale the system horizontally
b. Reduce the attack surface
c. Increase the attack surface
d. Scale the system vertically
b. Reduce the attack surface
What can be done to harden an iSCSI SAN?
a. Enable iSCSI target authentication
b. Patch network printers
c. Configure a dedicated iSCSI VLAN
d. Enable iSCSI initiator authentication
a. Enable iSCSI target authentication
c. Configure a dedicated iSCSI VLAN
What lets attackers know that infected machines are ready to retrieve instructions?
a. Malware beaconing
b. Command a control servers
c. Host port scans
d. DNS TXT queries
a. Malware beaconing
Which file extension is commonly used for Python scripts?
a. PS1
b. SH
c. BAT
d. PY
d. PY
Which items could indicate malicious application activity?
a. Missing log entries
b. Changes to user app permissions
c. Updates applies to hosts
d. Periodic host reboots
a. Missing log entries
b. Changes to user app permissions
Which regular expression symbol matches any one character?
a. ;(semicolon)
b. ,(comma)
c. :(colon)
d. .(dot)
d. .(dot)
Which type of threat actor promotes an ideology and does not normally conceal their malicious activities?
a. Nation-state
b. Organized crime
c. Script Kiddie
d. Hacktivist
d. Hacktivist
What do IT security baseline facilitate?
a. The performance improvement of slow applications
b. Detection of security anomalies
c. The merger of two companies
d. The reduction of security-relates costs
b. Detection of security anomalies
Which Kali Linux command is used to clone a site in an attempt to harvest user credentials?
a. Setoolkit
b. Chmod
c. Hydra
d. Nc
a. Setoolkit
Which malware analysis technique contain the malware?
a. Configuring a reverse shell
b. Detonate malware is a sandbox
c. Debug the malware
d. Apply updates
b. Detonate malware is a sandbox
Which scripting language uses a shebang line at the beginning of the script?
a. Korn
b. Bash
c. Python
d. PowerShell
b. Bash
Which type of malware appears benign but in fact is not?
a. Trojan
b. Ransomware
c. Worm
d. Virus
a. Trojan
Which type of attack attempts to trick users with what appears to be a legitimate email message?
a. Reverse shell
b. Phishing
c. Ransomware
d. APT
b. Phishing
What could indicate malicious activity on a host?
a. Periodic host reboots
b. Windows registry changes
c. Update applies to hosts
d. Web browser homepage changes
b. Windows registry changes
d. Web browser home page changes
Which file extension is commonly used for PowerShell scripts?
a. SH
b. BAT
c. PS1
d. PY
c. PS1
Which action can help prevent buffer overflows?
a. Firewall rules
b. The use of customer-managed encryption keys
c. DDos mitigation
d. Input validation
d. Input validation
What is the result of using the slowhttptest tool against a web site?
a. The site home page is defaces
b. An XSS page is placed on the server
c. The server is rebooted
d. The site stops responding
d. The site stops responding
What can be done to mitigate the possibility of reverse shell attacks?
a. PKI certificates
b. Antimalware scanner
c. MFA
d. Firewall rules
b. Antimalware scanner
What can be done to mitigate RDP brute-force attacks?
a. Block port 3389 at the firewall
b. Enable user MFA
c. Install a PKI certificate on the server
d. Do not expose servers with RDP to the Internet
b. Enable user MFA
d. Do not expose servers with RDP to the Internet
Which XML tag should be limited in its inclusion for server-side apps?
a. BODY
b. ENTITY
c. H1
d. HR
b. ENTITY
Which type of attack uses bots to flood a victim network with useless traffic?
a. Privilege escalation
b. Buffer overflow
c. DDos
d. DoS
c. DDoS
You need to ensure special characters are removed from a web form field. Which techniques should you use?
a. Input sanitization
b. Memory allocation checking
c. Input Validation
d. Fuzzing
c. Input Validation
Which type of XSS attack is remembered by the server?
a. Reflected
b. Refracted
c. Persistent/stored
d. MiTM
a. Reflected
What is the result of a SYN flood attack?
a. Multiple closed sessions on the server
b. Multiple injection attacks on the server
c. Multiple buffer overflows on the server
d. Multiple half-open connections on the server
d. Multiple half-open connections on the server
Which Wi-Fi protocols are depracted?
a. SSL
b. WEP
c. TLS
d. WPA3
b. WEP
Which techniques are the most effective in mitigating SQL injection attacks?
a. Fuzzing
b. Input Validation
c. Input Sanitization
d. Memory allocation checking
b. Input Validation
c. Input Sanitization
Which command starts the BeEF service?
a. Run beef
b. Beef-xss -h
c. Beef -start
d. Start -start
b. Beef-xss -h
Which items can be analyzed using Joe Sandbox?
a. Data Files
b. URL
c. Applications
d. Network router
a. Data Files
c. Application
What is the primary incentive for bug bounty hunters?
a. Promotion of ideology
b. Financial gain
c. Peer recognition
d. Espionage
b. Financial Gain
You are using a third-party network analysis tool on your Windows computer. Windows Virus & Threat Protection detects this as a threat and prevents the program from running. You need to run the program. What should you do?
a. Add the tool as an allowed threat
b. Disable Virus & Threat Protection real-time detection
c. Update virus definitions
d. Run the tool in a virtual machine
a. Add the tool as an allowed threat
What is the purpose of using the Tor Browser?
a. To increase the speed of loading web pages
b. Regular web content is not accessible
c. Visited websites are unaware of the true origin of the connection
d. Dark web content is accessible
c. Visited websites are unaware of the true origin of the connection
d. Dark web content is accessible
Which type of items can be analyzed using the VirusTotal websites?
a. Web component
b. Network router
c. URL
d. File
c. URL
d. File
Which items can indicate that an email message is fraudulent?
a. Low resolution graphic logos
b. Lack a digital signature
c. Bad grammar
d. corporate email addresses ending in Hotmail.com
c. Bad grammar
d. corporate email addresses ending in Hotmail.com
Which types of artifacts can an Azure Blueprint consists of?
a. Azure policy assignment
b. Subscription
c. ARM template
d. Virtual machine
a. Azure policy assignment
c. ARM template
In which file format does Zenmap save scans?
a. CSV
b. XML
c. PDF
d. TXT
b. XML
Which type of attacks is in effect when malicious actors use the Burpsuite?
a. Man-in-the-middle
b. Denial of service
c. Brute force
d. Distributed denial of service
a. Man-in-the-middle
Which term is commonly used to describe penetration testing?
a. Scheduled testing
b. Recurring testing
c. Active testing
d. Passive Testing
c. Active testing
Which type of SCADA component executes instructions on industrial devices?
a. PLC
b. DCS
c. CAN
d. ICS
a. PLC
How do vulnerability scanning tools differ from network scanning tools?
a. Networks scanners cannot enumerate host ports
b. Vulnerability scanners use a vulnerability database
c. Vulnerability scanners cannot enumerate host ports
d. Network scanners use a vulnerability database
b. Vulnerability scanners use a vulnerabilities database
Which term describes a collection of related Microsoft Azure policies?
a. Policy group
b. Subscription
c. Initiative
d. Resource Group
c. Initiative
Which nmap command line parameter attempts to identify the operating system?
a. T
b. A
c. sU
d. O
d. O
You need to run a vulnerability assessment against hosts that mimic an infected host. Which type of scan should you run?
a. Non-credentialed
b. Scheduled
c. Credentialed
d. Web Application
c. Credentialed
You have installed Nessus and would like to login to configure a scan. Which should you connect to?
a. http://localhost:443
b. http://localhost:8834
c. http://localhost?443
d. http://localhost:80
http://localhost:8834
Which command allows you to interact with the Metasploit framework?
a. Use
b. Msfconsole
c. msfadmin
d. Exploit
b. msfconsole
Which data must be supplied when using the OWASP ZAP tool?
a. The web application URL
b. The web server type
c. The web application PKI certification public key
d. The web application PKI certification private key
a. The web application URL
Which threat hunting model takes a proactive approach?
a. Hypothesis-based
b. Custom
c. Agile
d. Intel-based
a. Hypothesis-based
Which software development methodology fits best with CI/CD?
a. Waterfall
b. PKI
c. SDLC
d. Agile
d. Agile
You are exploring a suspect disk image using Autopsy. You have come across a handful of files that you would like to revisit easily. What should you do?
a. Tag the files
b. Make a list of the file names
c. Copy file hashes to the clipboard
d. Export each file
a. Tag the files
To what does the “chain of custody” apply?
a. Encryption
b. Maximum assigned privilege assignments
c. Evidence
d. Digital signatures
c. Evidence
Which COBIT maturity level represents an effective and refined set of governance practices?
a. 5
b. 0
c. 1
d. 3
a. 5
You are using Git for file version control. You need to create a standalone copy of a repository. What should you do?
a. Create a fork
b. Create a new repository
c. Create a branch
d. Create a clone
a. Create a fork
A software developer needs to modify code but would like to ensure that offer developers cannot modify that same segment of code. What should the developer do?
a. Digitally sign the code
b. Check the code out
c. Export the code
d. Check the code in
d. Check the code in
You are attempting to remove a legal hold policy that you have enabled for an Azure storage account container, but when you edit the policy, you cannot save changes to it. What is the problem?
a. Legal hold tags have not been deleted
b. You must wait for the legal hold time frame to expire
c. Legal hold policies can never be removed after they have been set
d. You lack the correct permissions
a. Legal hold tags have not deleted
Which type of digital evidence is considered the most volatile?
a. File on DVDs
b. RAM contents
c. Files on a USB thumb drive
d. Temporary swap files
b. RAM contents
What purpose does an IT-based honeypot provide?
a. IT system decoy to require user SSO
b. IT system decoy to track hacker activity
c. IT system decoy to require user MFA
d. IT system decoy to protect production data
b. IT system decoy to track hacker activity
Which Linux command show kernal log messages?
a. Chmod
b. Dmesg
c. Logger
d. Lsblk
b. dmesg
In which Windows log will user smartcard logon auditing appear?
a. System
b. Application
c. Security
d. Hardware
c. Security
What is the default port number used for Linux syslog forwarding?
a. 389
b. 443
c. 514
d. 80
c. 514
Which is the default compression type used when logrotate compresses older logs?
a. 7zip
b. Bzip
c. Gzip
d. Zip
c. Gzip
Where are most Linux logs located in the file system?
a. /var/logs
b. /bin/logs
c. /etc/logs
d. /usr/logs
a. /var/logs
You have configured a honeypot listening on TCP port 80. Fron another station, which tool can you use to run a port scan to trigger honeypot alerts?
a. Ping
b. Nmap
c. SSH
d. Traceroute
b. Nmap
You are configuring Windows Event Viewer log forwarding for Windows clients joined to an Actie Directory domain. The logging server will reach out to clients to pull log data to itself. What must be done on each client machine?
a. Run Winrm qc
b. Run gpupdate /force
c. The logging server must be added to the EventLogReaders group
d. An Event Viewer subscription must be configured on each client
a. Run Winrm qc
c. The logging server must be added to the EventLogReaders group
You need to restrict access to specific Splunk indexes for searching purposes. What should you create in Splunk?
a. Role
b. Policy Initiative
c. Group
d. User
a. Role
You are viewing a WireShark packet capture. To which OSI model layer does the IP header correspond to?
a. 1
b. 3
c. 4
d. 2
b. 3
Which role does machine learning play in cyber security?
a. Denial of service attack mitigation
b. Threat hunting
c. Conditional authentication
d. Permissions restrictions
b. Threat hunting
You are managing a Linux system and need to capture SSH traffic regardless of the packet size. Which command should you use?
a. Tcpdump -I ens33 -v -tcpport 22 -A -s0
b. TCPdump -I ens33 -v -port 22 -A -s0
c. Tcpdump -I ens33 -v -tcp 22 -A
d. Tcpdump -I ens33 -v -port 22 -A -s0
b. tcpdump -I ens33 -v -port 22 -A -s0
What is the name of the default Splunk index?
a. First
b. Default
c. Main
d. Initial
c. Main
Which description defines a false poisitive?
a. Benign item or activity is incorrectly identified as being malicious
b. Current configuration does not detect malicious item or activity
c. No alerts because problematic conditions are absent
d. Correctly identified malicious item or activity truly exists
a. Benign item or activity is incorrectly identified as being malicious
Which Splunk command determine which local host items are tracked and sent to the Splunk server?
a. Splunk monitor
b. Splunk enable
c. Splunk set
d. Splunk add
a. Splunk monitor
Which phrase defines a situation where activity is determined to be acceptable, and it truly is?
a. True negative
b. False negative
c. False positive
d. True positive
a. True negative
Which network protocol is common in industrial control environments?
a. Modbus
b. HTTP
c. PLC
d. NFS
a. Modbus
Which is a core function of a SIEM system?
a. CI/CD
b. Applying patches
c. Threat hunting
d. Project management
c. Threat Hunting
