Security + Lab Quizzes

Question 1

❔Performing gap analysis forces systems into compliance.
✅False
True

Question 2

❔When should gap analysis be performed? (Select all that apply)
when decommissioning legacy hardware
✅when first adopting a framework
✅when meeting a new industry or legal compliance requirement
✅after significant time has past

Question 3

❔What is the purpose of a gap analysis?
evaluating the level of compliance to a regulation or contractual obligation
determining the probability and likelihood of a threat causing harm to an asset
✅discovering the differences between the intended or expected configuration of a system and its actual operating configuration
exploring the source code of a open source application for flaws and vulnerabilities

Question 4

❔Which of the following statements is false in regard to gap analysis?
Security template selection should be specific to its product version and build number
Some variations from a baseline may be more secure
✅A single security template is sufficient to analyze all systems
Some variations from a baseline are less secure

Question 5

❔File access controls are classed as preventive in terms of functionality. What category of security control are file permissions?
✅Technical
Physical
Operational
Managerial

Question 6

What is the goal of directive controls?
Prohibition
Tracking
✅Compliance
Defense

Question 7

What are the dual purposes of corrective controls? (Select two)
Record evidence of user and event activities
✅Address an unwanted or less secure state or event
Provide guidance on proper user behavior
✅Return the system to a normal and generally secure condition

Question 8

❔What is the primary purpose of detective controls?
Give instructions
Restore a system back to preferred condition
✅Record information about activities
Compensate for a failed control
Stop unwanted activity from succeeding
Persuade a perpetrator to go elsewhere

Question 9

❔What is the primary purpose of directive controls?
Restore a system back to preferred condition
Record information about activities
Compensate for a failed control
Stop unwanted activity from succeeding
Persuade a perpetrator to go elsewhere
✅ Give instructions

Question 10

❔What nmap parameter option performs a scan which displays service identification?
✅-sV
–banner
-sS
-oS

Question 11

What are two primary response options to the discovery of an open port hosting an insecure service?
Perform a vulnerability scan
Require more complex passwords
✅Close the exposed port
✅Configure service encryption
Apply updates to the OS

Question 12

❔Which security framework does SET use to set up listeners?
✅Metasploit
Arachni
Maltego
SMTP binder

Question 13

❔What is the primary limitation or restriction in compromising a victim through a SET-crafted email and related exploit script/payload?
NAT traversal
✅Client-side security blocking execution
Server keyword filtering
Firewall blocking email messages with attachments

Question 14

❔Which of the following are true in regard to using SET? (Select all that apply)
SET payloads are allow-listed in most security filters
SET emails must be from a trusted email domain
✅SET can send messages to a single address or a large group of addresses
✅SET can send attachments or hyperlinks to malicious scripts or payloads
✅SET emails can use spoofed source addresses
✅SET demonstrates the power of combining technology with social engineering

Question 15

❔Where can a user encrypt a file in Windows? (select all that apply)
✅Command Prompt
Z-shell
✅File Explorer
✅PowerShell

Question 15

❔A DRA can be defined or established after a file is encrypted, and they can still recover access to the plaintext file if needed?
True
✅False

Question 16

❔The EFSRA.PFX file, which was imported into the system before the DRA was able to restore the plaintext version of the files, contains what?
✅The private key of the DRA
The symmetric key encrypting the file
The asymmetric key encrypting the storage device
The public key of the DRA

Question 17

❔What is the purpose of calculating a hash of files?
Maintaining availability
✅Detecting integrity violations
Confirming authorization
Blocking disclosure

Question 18

❔What is the primary reason to avoid the use of MD5?
Its algorithm is publicly viewable
Risk of brute force attack
Ease of key discovery
✅Propensity for collisions

Question 18

❔What is the benefit of performing a malware evaluation via a hash value rather than uploading a file?
Maintaining SCAP compliance
✅ Not disclosing the suspect file publicly
Detecting new threats
More accurate results

Question 19

❔If a portion of the scanning engines of an online threat analysis service detect a threat related to a submitted hash or file, is that suspicious object necessarily malicious?
✅ No
Yes

Question 20

❔What security measure is a password spraying attack attempting to avoid or bypass?
✅Account lockout
Complexity requirements
Maximum password age
Minimum password length

Question 20

❔What is password spraying?
Extracting password hashes for user accounts
✅Trying a known password against many user accounts
Trying numerous combinations of characters to discover a password
Guessing a password for a user account

Question 21

❔What aspects of a target’s password are a defense against brute force password cracking? (Select all that apply)
using well-known algorithms
✅longer length
ease to pronounce
✅increased complexity
greater age

Question 22

Which domain password policy settings has the greatest impact on strength (i.e., resistance to brute force attacks)? MaxPasswordAge ✅ MinPasswordLength ComplexityEnabled PasswordHistoryCount

Question 23

What symbolic representation could be applied to demofile.sh to enforce full access for the user owner, execute access for the group owner, but no access for others? u+rwx,g+x ✅u+rwx,g+x-rw,o-rwx 644 u+*,g-rw,o-*

Question 24

❔What command would return testfile.txt to its original permission settings of -rw-r--r--? chmod 420 testfile.txt chmod 446 testfile.txt ✅chmod 644 testfile.txt chmod 710 testfile.txt

Question 25

❔Windows Effective Access (i.e., effective permissions) are calculated based on what options or conditions? (Select all that apply) ✅Group membership ✅System/Workstation/Computer ✅Share permissions ✅User

Question 26

❔If a user has read, write, and modify on a file that they access through a share, what level of share permissions must they have to be able to alter the file's contents? ✅Change Read Full Control Modify

Question 27

❔What command line tool can be used to view and set Windows file permissions? dir cipher ✅icacls net file

Answer 27

🦊 What icacls actually does It manages: - NTFS permissions - Ownership - Integrity levels - Access control lists (ACLs) - Permission inheritance So while people sometimes guess it means “Integrity Control Access Control Lists,”

Question 28

What are the three main types of IPSec policies that can be configured? (Select 3) Request Permit ✅Enable ✅Block ✅Negotiate

Question 29

Which of the following are options for implementing encrypted tunnels for secure communications? (Select all that apply) ✅SSH ✅IPsec ✅TLS HTTP DNS ICMP FTP

Question 30

In the lab, why was PC10 unable to collect the packets from PC20 directed to the default gateway or the website? PC20 did not communicate with the default gateway or website The IPSec policy was in effect even before it was assigned PC10 has a filter to ignore all traffic from PC10 ✅The packets from PC20 were not sent to the PC10 interface

Question 30

Your company is implementing IPSec policies on all internal systems. However, the configuration change will be rolled out over a three-month period. What is the best choice for the IPSec policy during the initial implementation phase? ✅Allow fallback to unsecured communications if a secure connection can not be established Do not respond to IPSec initiation queries Accept unsecured communication, but always respond using IPsec Require all communications use IPSec

Question 31

How do you build a new image based on the Dockerfile in the current directory? docker images docker run -it --name MyContainer my-dummy-image docker ps -a ✅docker build -t my-dummy-image

Question 32

What command lists all available Docker images? docker ps -a ✅docker images docker start MyContainer docker stop MyContainer

Question 33

How do you specify a local image for building a container? Include the tag :latest after the image name Include the full path to the image file in the command ✅Include the tag listed by the docker images command Include the tag :local after the image name

Question 34

Devices connected to an external Hyper-V switch can connect with what other devices? Select all correct answers. ✅Other devices on the network. Cannot connect to any devices. ✅The host computer. ✅Other devices connected to the external switch.

Question 35

What is a best practice for backups? ✅Store essential backups offsite. Use the same media for backups that is used on the original system Backup should be destroyed after 6 months Keep all backups onsite.

Question 35

What is a true statement about a Hyper-V private virtual switch? Virtual machines connected to a private switch cannot connect to any devices. ✅Virtual machines connected to a private switch can connect only to other devices connected to the private switch. Virtual machines connected to a private switch can connect to the host computer? Virtual machines connected to a private switch can connect to all devices on the network.

Question 36

What is the primary means by which data can be sanitized? ✅Overwriting Deletion Removing partitions Formatting

Question 36

Which of the following are common forms of sanitization? (Select all that apply) ✅Zeroization ✅Writing random data Marking the clusters or blocks as bad Storing fragments contiguously Moving the file to other directories

Question 37

What is the term used to reference material on a storage device that might be recoverable? Archives Shadow copies Versioning ✅Remnants Backups

Question 37

What could be found in a website's access log as a representation of a space in an HTTP request? (Select 2) %3c ✅%20 %22 ✅+ (a plus sign)

Question 38

What is the SQL expression used to combine instructions or operations? SELECT INSERT ✅UNION FROM

Question 39

In SQLi, what is the most important character? asterisks equals octothorp backslash ✅ single quote

Question 40

Which of the following SQLi statements is used to return a result which includes the DBMS details? ✅' UNION SELECT @@version, NULL# ' UNION SELECT user, password FROM users# ' UNION SELECT table_name, column_name FROM information_schema.columns# ' UNION SELECT table_schema, table_name FROM information_schema.tables#

Question 41

What evidence in a website's log is most clearly IoC observables related to SQLi? percent-encoding an HTTP referrer ✅ORDER BY, UNION, SELECT, UPDATE, INSERT, DELETE, or DROP the HTTP response code of 200

Question 42

What types of entities provide threat intelligence feeds? (Select all that apply) ✅Commercial organizations ✅Government agencies Dark web groups ✅Open-source community groups

Question 43

What indicators are used to locate IoC entries on the AlienVault site? (Select all that apply) ✅ Domain ✅ Hostname OS type ✅ URL MAC ✅ FileHash ✅ IPv4 or IPv6

Question 44

What is a Google dork? A person who does not understand how to use keywords to search for content on Google A type of hacker to performs OSINT using only Google searches ✅ A search expression which may use advanced operators to discover security issues of indexed websites through a Google search A listing of symbols used to alter search functions when used in Google searches

Question 45

What is a Google dork? A person who does not understand how to use keywords to search for content on Google A type of hacker to performs OSINT using only Google searches ✅ A search expression which may use advanced operators to discover security issues of indexed websites through a Google search A listing of symbols used to alter search functions when used in Google searches

Question 46

Once a security template, baseline, or benchmark has been obtained from a third-party, what tasks are your responsibility? (Select two) ✅Tailoring to your system functions Providing support documentation ✅ Scoping to your business objectives Public dissemination

Question 47

Which of the following technology domains is NOT covered by CIS benchmarks? Cloud services Network devices ✅Internet of Things (IoT) devices Mobile devices

Question 48

Which of the following general types of network server application is NOT covered by benchmarks? Virtualization/container servers DNS servers Web servers Database servers ✅Email/messaging/communications servers

Question 49

What firewall rule is applied when no other rule matches a communication? ✅Implicit Ingress Egress Explicit

Question 50

What should drive or define the firewall rules implemented by an organization? ✅Baseline configuration Strategic threat feed Risk assessment Security framework

Question 51

What was the MITRE ATT&CK tactic identified by wazuh related to the deletion of an audit log? Persistence ✅Defense Evasion Privilege Escalation Lateral Movement

Question 52

Once the security team is made aware of a potentially violating incident, what is the next phase in Incident Response? Eradication Recovery ✅Analysis Lessons learned Preperation

Question 53

Which of the following are tools from The Sleuth Kit (TSK)? (select all that apply) ✅tsk_recover ✅fls ✅istat ✅mmls ✅fsstat

Question 54

What is the maximum number of primary partitions that can be defined on an MBR drive if logical drives are in use? 2 ✅3 4 1

Question 54

Potential signs of security breaches or malicious activities within an IT infrastructure are known as? ✅IoCs (Indicators of Compromise) Event records False positives Registry values

Question 55

What is a file system metadata structure that is used to store and organize file object information, such as file size, owner user, group IDs, permissions, and timestamps? ✅inode partition MBR sector

Question 56

From the "Mitre Att&ck Matrix" section of the Zeus.x86 analysis report, what attack technique groups (i.e., columns) does this malware demonstrate? (Select all that apply) ✅Command and Control ✅Credential Access ✅Lateral Movement ✅Privilege Escalation

Question 57

On what tab of the VirusTotal analysis report will you find information about execution parents and bundled files? COMMUNITY ✅RELATIONS DETAILS DETECTION BEHAVIOR

Question 57

What are the benefits of using a sandbox-based malware analysis tool? Quick analysis of suspicious files Analysis performed separate from production systems Automated evaluation of detonated code Detailed information about evaluated samples ✅ All of the above

Question 58

A playbook is often considered what type of security control? Deterrent Preventive Detective ✅Responsive

Question 58

SPAM filter ✅Encrypted protocols ✅Not trusting unsolicited instructions Intrusion detection system Firewall

Question 59

Copy the zip archive of the suspicious file to a quarantine system. ✅Determine the rogue process's name. Remove the suspicious file from the affected system(s). Perform an online malware analysis using the hash value of the suspicious file.

Question 60

Which of the following are true statements in regard to playbooks? (Select all that apply) ✅The most effective incident response playbooks are tailored to an organization's specific security needs. ✅When creating an incident response playbook, organizations should ensure they have the right level of detail and that all necessary stakeholders are involved. ✅Generally, a playbook is used by a person, and a runbook is used by a SOAR platform in response to an incident or alert. A playbook is designed to automate some of the routine tasks ordinarily performed by security personnel in response to a security incident.

Question 61

Which of the following commands would configure the system to automatically execute a script weekly at 4:15 AM? echo "15 4 * 1 * /bin/bash /root/ip_block.sh" | crontab - ✅echo "15 4 * * 1 /bin/bash /root/ip_block.sh" | crontab - echo "15 4 * * * /bin/bash /root/ip_block.sh" | crontab - echo "15 4 1 * * /bin/bash /root/ip_block.sh" | crontab -

Question 61

What command is used to add a firewall rule to block inbound communications from an IP address range referenced by $IP? iptables -A eth0 -s $IP -j DROP iptables -A INBOUND -s $IP -j DROP ✅iptables -A INPUT -s $IP -j DROP iptables -A INGRESS -s $IP -j DROP

Question 62

What issue must be addressed when automatically adding IP block rules from a threat feed using iptables? defining allow rules for internal IP addresses resolving FQDN to IP addresses only blocking known problematic IP addresses ✅ duplicate rules

Question 62

What is the point of the string "../../../../../../" used in an attack? ✅Use directory traversal to reach the root directory Use command obfuscation to avoid keyword filters Trick the system into granting access to the file using root privileges Use special characters to avoid metacharacter escaping

Question 62

How many "change to parent" operations are needed to create a relative URL reference to view the passwd file? 3 4 5 ✅6 7

Question 63

Searching Email records ✅Searching DNS records Searching Dark Web records Searching Domain registration records

Question 64

Which of the following characters can be used to stack commands in a command injection attack? (Select all that apply) / ✅&& ? ✅| + ✅; ^

Question 65

Exploiting systems using directory traversal, command injection, file upload, and web shell injection technique is typically performed during what phase of penetration testing? Scanning Reconnaissance ✅Post-exploit activities Gaining access Vulnerability detection,

Question 66

Limiting sessions to 6 hours or less ✅Blocking the execution of all unknown code ✅Strict egress firewall rules Require a biometric factor during authentication Using a VPN

Question 66

Injecting a web shell can be accomplished by taking advantage of what discovered vulnerability? Brute force password cracking ✅File upload Adversary in the middle (AitM) Directory traversal