Certified Network Defender TEST F

Henry, head of network security at Gentech, has discovered a general report template that someone has reserved only for the CEO. Since the file has to be editable, viewable, and deletable by everyone, what permission value should he set?. 700. 777. 755. 600.

Which of the following provides a set of voluntary recommended cyber security features to include in network-capable IoT devices?. FGMA. GLBA. GCMA. NIST.

Which of the following is an example of MAC model?. Chinese Waterfall model. Clark-Beason integrity model. Access control matrix model. Bell-LaPadula model.

How can a WAF validate traffic before it reaches a web application?. It uses a role-based filtering technique. It uses an access-based filtering technique. It uses a sandboxing filtering technique. it uses a rule-based filtering technique.

Jason has set a firewall policy that allows only a specific list of network services and denies everything else. This strategy is known as a ____________. Default allow. Default access. Default accept. Default deny.

Management asked Adam to implement a system allowing employees to use the same credentials to access multiple applications. Adam should implement the _________ authentication technique to satisfy the request. Single-sign-on. Smart card authentication. Two-factor authentication. Biometric.

Which of the following things need to be identified during attack surface visualization?. Attacker’s tools, techniques, and procedures. Authentication, authorization, and auditing in networks. Regulatory frameworks, standards and, procedures for organizations. Assets, topologies, and policies of the organization.

John is a senior network security administrator working at a multinational company. He wants to block specific syscalls from being used by container binaries. Which Linux kernel feature restricts actions within the container?. Cgroups. LSMs. Seccomp. Userns.

Which of the following is not part of the recommended first response steps for network defenders?. Restrict yourself from doing the investigation. Extract relevant data from the suspected devices as early as possible. Disable virus protection. Do not change the state of the suspected device.

Which among the following tools can help in identifying IoEs to evaluate human attack surface?. securiCAD. Amass. Skybox. SET.

In ______ method, event logs are arranged in the form of a circular buffer. Non-wrapping method. LIFO method. Wrapping method. FIFO method.

Which of the following indicators refers to potential risk exposures that attackers can use to breach the security of an organization?. Indicators of attack. Key risk indicators. Indicators of exposure. Indicators of compromise.

Which of the following can be used to disallow a system/user from accessing all applications except a specific folder on a system?. Hash rule. Path rule. Internet zone rule. Certificate rule.

Which of the following helps prevent executing untrusted or untested programs or code from untrusted or unverified third-parties?. Application sandboxing. Deployment of WAFS. Application whitelisting. Application blacklisting.

Who is an IR custodian?. An individual responsible for conveying company details after an incident. An individual who receives the initial IR alerts and leads the IR team in all the IR activities. An individual who makes a decision on the classifications and the severity of the incident identified. An individual responsible for the remediation and resolution of the incident that occurred.

Which of the following attack surface increase when you keep USB ports enabled on your laptop unnecessarily?. Human attack surface. Network attack surface. Physical attack surface. Software attack surface.

Which among the following filter is used to detect a SYN/FIN attack?. tcp.flags==0x002. tcp.flags==0x004. tcp.flags==0x003. tcp.flags==0x001.

In _______ mechanism, the system or application sends log records either on the local disk or over the network. Network-based. Pull-based. Push-based. Host-based.

Choose the correct order of steps to analyze the attack surface. Identify the indicators of exposure->visualize the attack surface >simulate the attack->reduce the attack surface. Visualize the attack surface->simulate the attack->identify the indicators of exposure->reduce the attack surface. Identify the indicators of exposure->simulate the attack->visualize the attack surface->reduce the attack surface. Visualize the attack surface->identify the indicators of exposure->simulate the attack->reduce the attack surface.

Leslie, the network administrator of Livewire Technologies, has been recommending multilayer inspection firewalls to deploy the company’s infrastructure. What layers of the TCP/IP model can it protect?. IP, application, and network interface. Network interface, TCP, and IP. Application, TCP, and IP. Application, IP, and network interface.

To provide optimum security while enabling safe/necessary services, blocking known dangerous services, and making employees accountable for their online activity, what Internet Access policy would Brian, the network administrator, have to choose?. Prudent policy. Paranoid policy. Promiscuous policy. Permissive policy.

Which command list all ports available on a server?. sudo apt nst -tunIp. sudo netstat -tunIp. sudo apt netstate -Is tunIp. sudo ntstat -Is tunIp.

Which BC/DR activity works on the assumption that the most critical processes are brought back from a remote location first, followed by the less critical functions?. Recover. Restoration. Response. Resumption.

Emmanuel works as a Windows system administrator at an MNC. He uses PowerShell to enforce the script execution policy. He wants to allow the execution of the scripts that are signed by a trusted publisher. Which of the following script execution policy setting this?. AllSigned. Restricted. RemoteSigned. Unrestricted.

Fargo, head of network defense at Globadyne Tech, has discovered an undesirable process in several Linux systems, which causes machines to hang every 1 hour. Fargo would like to eliminate it; what command should he execute?. # update-rc.d -f [service name] remove. # service [service name] stop. # ps ax | grep [Target Process]. # kill -9 [PID].

Which of the following refers to the data that is stored or processed by RAM, CPUs, or databases?. Data in Backup. Data at Rest. Data in Transit. Data is Use.

Which of the following data security technology can ensure information protection by obscuring specific areas of information?. Data retention. Data encryption. Data hashing. Data masking.

Elden is working as a network administrator at an IT company. His organization opted for a virtualization technique in which the guest OS is aware of the virtual environment in which it is running and communicates with the host machines for requesting resources. Identify the virtualization technique implemented by Elden’s organization. Hybrid virtualization. Hardware-assisted virtualization. Full virtualization. Para virtualization.

Albert works as a Windows system administrator at an MNC. He uses PowerShell logging to identify any suspicious scripting activity across the network. He wants to record pipeline execution details as PowerShell executes, including variable initialization and command invocations. Which PowerShell logging component records pipeline execution details as PowerShell executes?. Module logging. Script block logging. Event logging. Transcript logging.

How can one identify the baseline for normal traffic?. When the SYN flag appears at the beginning and the FIN flag appears at the end of the connection. When the RST flag appears at the beginning and the ACK flag appears at the end of the connection. When the ACK flag appears at the beginning and the RST flag appears at the end of the connection. When the FIN flag appears at the beginning and the SYN flag appears at the end of the connection.

Sophie has been working as a Windows network administrator at an MNC over the past 7 years. She wants to check whether SMB1 is enabled or disabled. Which of the following command allows Sophie to do so?. Get-WindowsOptionalFeatures -Online -FeatureNames SMB1Protocolv. Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol. Get-WindowsOptionalFeature -Online -FeatureNames SMB1Protocol. Get-WindowsOptionalFeatures -Online -FeatureName SMB1Protocol.

How is an “attack” represented?. Motive (goal) + method. Motive (goal) + method + vulnerability. Asset + Threat + Vulnerability. Asset + Threat.

Kelly is taking backups of the organization's data. Currently, she is taking backups of only those files that are created or modified after the last backup. What type of backup is Kelly using?. Full backup. Incremental backup. Normal backup. Differential backup.

Identify the virtualization level that creates a massive pool of storage areas for different virtual machines running on the hardware. Fabric virtualization. Storage device virtualization. Server virtualization. File system virtualization.

Sam wants to implement a network-based IDS and finalizes an IDS solution that works based on pattern matching. Which type of network-based IDS is Sam implementing?. Behavior-based IDS. Anomaly-based IDS. Signature-based IDS. Stateful protocol analysis.

Steven is a Linux system administrator at an IT company. He wants to disable unnecessary services in the system, which can be exploited by the attackers. Which among the following is the correct syntax for disabling a service?. $ sudo system-ctl disable [service]. $ sudo systemctl disable [service]. $ sudo system.ctl disable [service]. $ sudo system ctl disable [service].

Simran is a network administrator at a start-up called Revolution. To ensure that neither party in the company can deny getting email notifications or any other communication, she mandates authentication before a connection establishment or message transfer occurs. What fundamental attribute of network defense is she enforcing?. Integrity. Non-repudiation. Confidentiality. Authentication.

Which of the following refers to a potential occurrence of an undesired event that can eventually damage and interrupt the operational and functional activities of an organization?. Attack. Risk. Threat. Vulnerability.

Damian is the chief security officer of Enigma Electronics. To block intruders and prevent any environmental accidents, he needs to set a two-factor authenticated keypad lock at the entrance, rig a fire suppression system, and link any video cameras at various corridors to view the feeds in the surveillance room. What layer of network defense-in-depth strategy is he trying to follow?. Physical. Perimeter. Policies and procedures. Host.

Which of the following statement holds true in terms of containers?. Container requires more memory space. Each container runs in its own OS. Container is fully isolated; hence, more secure. Process-level isolation happens; a container in hence less secure.

Byron, a new network administrator at FBI, would like to ensure that Windows PCs there are up-to-date and have less internal security flaws. What can he do?. Centrally assign Windows PC group policies. Dedicate a partition on HDD and format the disk using NTFS. Download and install latest patches and enable Windows Automatic Updates. Install antivirus software and turn off unnecessary services.

Which of the following entities is responsible for cloud security?. Cloud consumer. Cloud consumer. Both cloud consumer and provider. Cloud broker.

Which subdirectory in /var/log directory stores information related to Apache web server?. /var/log/maillog/. /var/log/httpd/. /var/log/apachelog/. /var/log/lighttpd/.

The _________ mechanism works on the basis of a client-server model. Push-based. Host-based. Pull-based. Network-based.

Which BC/DR activity includes action taken toward resuming all services that are dependent on business-critical applications?. Response. Recovery. Resumption. Restoration.

Peter works as a network administrator at an IT company. He wants to avoid exploitation of the cloud, particularly Azure services. Which of the following is a group of PowerShell scripts designed to help the network administrator understand how attacks happen and help them protect the cloud?. POSH-Sysmon. MicroBurst. SecurityPolicyDsc. Sysmon.

Syslog and SNMP are the two main _______ protocols through which log records are transferred. Pull-based. Push-based. Host-based. Network-based.

If an organization has decided to consume PaaS Cloud service model, then identify the organization's responsibility that they need to look after based on shared responsibility model. Data, interfaces, application, etc. Data, interfaces, application, middleware, OS, VM, virtual network, etc. Data, interfaces, application, middleware, OS, VM, virtual network, hypervisors, processing and memory, data storage, network interfaces, facilities and data centers, etc. Data, interfaces, etc.

Which of the following is NOT an AWS Shared Responsibility Model devised by AWS?. Shared Responsibility Model for Container Services. Shared Responsibility Model for Infrastructure Services. Shared Responsibility Model for Abstract Services. Shared Responsibility Model for Storage Services.

Docker provides Platform-as-a-Service (PaaS) through ________ and delivers containerized software packages. Server-level virtualization. Network-level virtualization. OS-level virtualization. Storage-level virtualization.

Mark is monitoring the network traffic on his organization's network. He wants to detect TCP and UDP ping sweeps on his network. Which type of filter will be used to detect this?. tcp.dstport==7 and udp.srcport==7. tcp.srcport==7 and udp.dstport==7. tcp.dstport==7 and udp.dstport==7. tcp.srcport==7 and udp.srcport==7.

John has implemented _________ in the network to restrict the number of public IP addresses in his organization and to enhance the firewall filtering technique. VPN. Proxies. DMZ. NAT.

Which of the following creates passwords for individual administrator accounts and stores them in Windows AD?. LSASS. SRM. SAM. LAPS.

Which of the following statements holds true in terms of virtual machines?. Hardware-level virtualization takes place in VMs. OS-level virtualization takes place in VMs. All VMs share the host OS. VMs are light weight than containers.

In MacOS, how can the user implement disk encryption?. By enabling BitLocker feature. By executing dm-crypt command. By turning on Device Encryption feature. By enabling FileVault feature.

Phishing-like attempts that present users a fake usage bill of the cloud provider is an example of a: Cloud to service attack surface. User to service attack surface. User to cloud attack surface. Cloud to user attack surface.

Disaster Recovery is a. Operation-centric strategy. Security-centric strategy. Data-centric strategy. Business-centric strategy.

The CEO of Max Rager wants to send a confidential message regarding the new formula for its coveted soft drink, SuperMax, to its manufacturer in Texas. However, he fears the message could be altered in transit. How can he prevent this incident from happening and what element of the message ensures the success of this method?. Hashing; hash code. Symmetric encryption; secret key. Hashing; public key. Asymmetric encryption; public key.

How can an administrator detect a TCP null scan attempt on a UNIX server by using Wireshark?. By applying the filter tcp.flags==0x000. By applying the filter tcp.flags==0x004. By applying the filter tcp.flags==0x003. By applying the filter tcp.flags==0x002.

Which firewall technology can filter application-specific commands such as GET and POST requests?. Application proxy. Circuit-level gateways. Stateful multi-layer inspection. Application-level gateways.

Who is responsible for conveying company details after an incident?. IR officer. IR manager. PR specialist. IR custodians.

Identify the method involved in purging technique of data destruction. Degaussing. Wiping. Incineration. Overwriting.

Which type of modulation technique is used in local area wireless networks (LAWNs)?. FHSS. DSSS. MIMO-OFDM. OFDM.

How is the chip-level security of an IoT device achieved?. Closing insecure network services. Changing the password of the router. Encrypting JTAG interface. Keeping the device on a flat network.

Which RAID level system provides very good data performance but does not offer fault tolerance and data redundancy?. RAID level 5. RAID level 3. RAID level 0. RAID level 1.

Which of the following is a data destruction technique that protects the sensitivity of information against a laboratory attack where an unauthorized individual uses signal processing recovery tools in a laboratory environment to recover the information?. Purging. Disposal. Destroying. Clearing.

Hacktivists are threat actors, who can be described as _____________ . People motivated by monetary gains. People motivated by religious beliefs. People having political or social agenda. Disgruntled/terminated employees.

Which of the following filters can be applied to detect an ICMP ping sweep attempt using Wireshark?. icmp.type==17. icmp.type==8. icmp.type==15. icmp.type==13.

Who offers formal experienced testimony in court?. Evidence documenter. Attorney. Expert witness. Incident analyzer.

Which type of training can create awareness among employees regarding compliance issues?. Training on data classification. Physical security awareness training. Social engineering awareness training. Security policy training.

Which among the following options represents professional hackers with an aim of attacking systems for profit?. Organized hackers. Script kiddies. Hacktivists. Cyber terrorists.

Which of following are benefits of using IoT devices in IoT-enabled environments? I) IoT device can be connected anytime II) IoT device can be connected at any place III) IoT devices connected to anything. I and II. II. I, II, and III. I.

Identify the correct order for a successful black hat operation. Reconnaissance, Gaining Access, Scanning, Maintaining Access, and Covering Tracks. Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks. Reconnaissance, Scanning, Gaining Access, Covering Tracks, and Maintaining Access. Scanning, Reconnaissance, Gaining Access, Maintaining Access, and Covering Tracks.

Which of the following indicators are discovered through an attacker’s intent, their end goal or purpose, and a series of actions that they must take before being able to successfully launch an attack?. Indicators of compromise. Key risk indicators. Indicators of exposure. Indicators of attack.

Which of the following is a drawback of traditional perimeter security?. Traditional VPNs follow identity-centric instead of trust-based network-centric approach. Traditional firewalls are static in nature. Traditional firewalls are dynamic in nature. Traditional perimeter security is identity-centric.

According to standard IoT security practice, IoT Gateway should be connected to a ________ . Secure router. Router that is connected to internal servers. Router that is connected to other subnets. Border router.

Who is responsible for executing the policies and plans required for supporting the information technology and computer systems of an organization?. Chief Information Officer (CIO). Business and functional managers. Senior management. IT security practitioners.

Which of the following refers to the clues, artifacts, or evidence that indicate a potential intrusion or malicious activity in an organization’s infrastructure?. Indicators of attack. Key risk indicators. Indicators of compromise. Indicators of exposure.

Which of the following provides enhanced password protection, secured IoT connections, and encompasses stronger encryption techniques?. WEP. WPA3. WPA. WPA2.

In ___________ method, windows event logs are arranged in the form of a circular buffer. Out-of Band Method. Overwriting Method. Non-Wrapping method. Wrapping method.

Which of the following is a database encryption feature that secures sensitive data by encrypting it in client applications without revealing the encrypted keys to the data engine in MS SQL Server?. Always Encrypted. IsEncrypted Enabled. Allow Encrypted. NeverEncrypted disabled.

Clement is the CEO of an IT firm. He wants to implement a policy allowing employees with a preapproved set of devices from which the employees choose devices (laptops, smartphones, and tablets) to access company data as per the organization’s access privileges. Which among the following policies does Clement want to enforce?. CYOD policy. BYOD policy. COPE policy. COBO policy.

Which of the following filters can be used to detect UDP scan attempts using Wireshark?. icmp.type==8 or icmp.type==0. icmp.type==15. icmp.type==3 and icmp.code==3. icmp.type==13.

Which firewall can a network administrator use for better bandwidth management, deep packet inspection, and stateful inspection?. Circuit-level gateway firewall. Stateful multi-layer inspection firewall. Next-generation firewall. Network address translation.

John has been working as a network administrator at an IT company. He wants to prevent misuse of accounts by unauthorized users. He wants to ensure that no accounts have empty passwords. Which of the following commands does John use to list all the accounts with an empty password?. # awk -F: '($2 == "") {print}' /etc/shadow. # awk -D: '($2 == "") {print}' /etc/shadow. # awk -E: '($2 == "") {print}' /etc/shadow. # awk -C: '($2 == "") {print}' /etc/shadow.

Implementing access control mechanisms, such as a firewall, to protect the network is an example of which of the following network defense approach?. Proactive approach. Reactive approach. Retrospective approach. Preventive approach.

Which scan attempt can penetrate through a router and a firewall that filter incoming packets with particular flags set and is not supported by Windows?. PING sweep attempt. TCP full connect scan attempt. TCP null scan attempt. ARP scan attempt.

Which form of access control is trust centric?. Application patch management. Application sandboxing. Application whitelisting. Application blacklisting.

John is the Vice-President of a BPO. He wants to implement a policy allowing employees to use and manage devices purchased by the organization but restrict the use of the device for business use only. Which among the following policies does John want to implement?. COPE policy. CYOD policy. BYOD policy. COBO policy.

Which phase of incident response process involves collection of incident evidence and sending them to forensic department for further investigation?. Incident containment. Incident recording and assignment. Eradication. Preparation for incident response.

What should an administrator do while installing a sniffer on a system to listen to all data transmitted over the network?. Set the system’s NIC to master mode. Set the system’s NIC to ad-hoc mode. Set the system’s NIC to managed mode. Set the system’s NIC to promiscuous mode.

Which encryption algorithm is used by WPA3 encryption?. RC4. AES-CCMP. AES-GCMP 256. RC4, TKIP.

Which category of suspicious traffic signatures includes SYN flood attempts?. Unauthorized access. Denial of Service. Informational. Reconnaissance.

Maximus Tech is a multinational company that uses Cisco ASA Firewalls for their systems. Jason is the one of the members of the team that checks the logs at Maximus Tech. As a part of his job, he is going through the logs and he came across a firewall log that looks like this: May 06 2018 21:27:27 asa 1: % ASA -5 – 11008: User ‘enable_15’ executed the ‘configure term’ command Based on the security level mentioned in the log, what did Jason understand about the description of this message?. Warning condition message. Critical condition message. Normal but significant message. Informational message.

Oliver is a Linux security administrator at an MNC. An employee named Alice has resigned from his organization and Oliver wants to disable this user in Ubuntu. Which of the following commands can be used to accomplish this?. usermod -L alice. usermod -J alic. usermod -K alice. usermod -M alice.

Which among the following is used by anti-malware systems and threat intelligence platforms to spot and stop malicious activities at an initial stage?. Indicators of attack. Key risk indicators. Indicators of compromise. Indicators of exposure.

Which of the following technologies can be used to leverage zero-trust model security?. Network function virtualization (NFV). Software-defined networking (SDN). Software-defined perimeter (SDP). Network virtualization (NV).

Which risk management phase helps in establishing context and quantifying risks?. Risk identification. Risk assessment. Risk review. Risk treatment.

WPA encryption in a wireless network uses _______ encryption protocol and a/an _______ integrity check. EAP, CRC-32. CCMP, AES-based. TKIP, 64-bit MIC. CCMP, CRC-32.

Which firewall technology provides the best of both packet filtering and application-based filtering and is used in Cisco Adaptive Security Appliances?. Stateful multilayer inspection. Application-level gateway. VPN. Network address translation.