LPMQF HUNT 201

Question 1

PowerShell has a particular syntax, which of the following is NOT one of them?

Answer 1

Double spaced

Question 2

Which of the following does a BlueLight Torch Baseline scan address?

Answer 2

All hosts

Question 3

True/False: PowerShell Integrated Scripting Environment is one of the two PowerShell Environments.

Answer 3

TRUE

Question 4

Which of the following is NOT found in the C:\Tools\ directory

Answer 4

BlueLigHT

Question 5

Putty, md5deep, Sysinternals Suite, and nc are all open source tools used by ADCCO Operators

Answer 5

TRUE

Question 6

Which of the following is a process of a BlueLight Torch Baseline scan?

Answer 6

All of the above

Question 7

Within the Hunter environment, in which directory is the entire BlueLight Framework kept?

Answer 7

J:\BlueLight

Question 8

Which of the following does a BlueLight Torch Targeted scan address?

Answer 8

Suspicious Host

Question 9

True/False: The two PowerShell environments are the PowerShell Console and Visual Studio Express.

Answer 9

FALSE

Question 10

What command utilizes Windows Remote Management (WinRM) to access remote host information?

Answer 10

Invoke-Command

Question 11

Where is the ADCCO Encrypted container mounted?

Answer 11

J:\

Question 12

Which of the following is a process of a BlueLight Torch Baseline scan?

Answer 12

All of the Above

Question 13

What Cmdlet provides the ?man page? for a Cmdlet?

Answer 13

Get-Help

Question 14

Which data creates logs showing all connections (netflow information) on the network?

Answer 14

Bro

Question 15

In order to transfer encrypted files between Linux and Windows VM?s, which open source tool is used? (Choose the best answer)

Answer 15

WinSCP

Question 16

When the encrypted partition is mounted, with which application is there a soft link created within the Hunter environment?

Answer 16

Powershell

Question 17

Which of the following command formats does PowerShell use in constructing command syntax?

Answer 17

Verb-Noun

Question 18

True or False: All PowerShell data by default are objects.

Answer 18

TRUE

Question 19

True/False: Show Property is a valid method for viewing a PowerShell object?s properties?

Answer 19

FALSE

Question 20

What script is ran in the DAL (Defended Asset List) environment to create and randomize all the IPs which could be in the DAL?

Answer 20

J:\BlueLight\Torch\HostSOP\HostSOP.ps1

Question 21

True/False: Remote Netstat uses Windows PowerShell running as domain admin to execute on target hosts?

Answer 21

FALSE

Question 22

What command cannot be used to view help in PowerShell?

Answer 22

Read-Help

Question 23

Which of the characteristics of the HostSOP.ps1 script listed below is NOT valid?

Answer 23

Runs in a continuous loop

Question 24

True/False: SNORT is capable of using Open Source Intelligence Vulnerability Research Team (OSINT VRTs) signatures?

Answer 24

TRUE

Question 25

PowerShell has multiple types of output, which of the following is NOT one of them?

Answer 25

HTML-S

Question 26

_____________ is part of the BlueLigHT ADCCO Toolset. (Choose all that apply)

Answer 26

Both b and c

Question 27

In PowerShell, which of the following is NOT a cmdlet?

Answer 27

get_alias

Question 28

True/False: Get-Member allows viewing a PowerShell object?s properties?

Answer 28

TRUE

Question 29

True/False: The Mount and Umount scripts are located in the C:\Temp\Setup directory

Answer 29

FALSE

Question 30

If assistance is necessary with command syntax, what command would be used?

Answer 30

All of the above

Question 31

Which item below is a valid name of a PowerShell Cmdlet?

Answer 31

Measure-Command

Question 32

Which of the following would produce a ?man page? for Get-Process?

Answer 32

All of the Above