INTERMEDIATE LEVEL QUIZ | CySA+ 002 Domain 3: Security Operations and Monitoring -

Quiz Summary

0 of 17 Questions completed

Questions:

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 17 Questions answered correctly

Your time:

You have reached 0 of 0 point(s), (0)

Average score
Your score

Categories

Not categorized 0%

Current
Review
Answered
Correct
Incorrect

Question 1 of 17

1. Question
1 point(s)
File fingerprinting, scanning, string searches, and disassembly are all used to identify malware. When these techniques are used, what is the identifying information called?
- Malware event logs
- Malware signature
- Malware registry keys
- Malware IP address
Correct

Incorrect
Question 2 of 17

2. Question
1 point(s)
You are the security analyst for your organization. You have noticed that an attacker has gotten past the network’s firewall by modifying the addressing information in IP packet headers to make it look like the packets are coming from a trusted source.

Which of the following is the MOST likely firewall evasion technique the attacker is using?
- Malicious code insertion
- Packet fragmentation
- IP spoofing
- DNS poisoning
Correct

Incorrect
Question 3 of 17

3. Question
1 point(s)
You are working with ACLs on your Windows machine and have created some complex permissions with many users and groups defined. Now you want to back up those permissions so that they can be restored in the event of a system failure. What is missing from the below command?
- The users and groups for which the ACLs are defined is not listed.
- There has been no file name specified.
- The administrator's password has to be included.
- The users for the specific ACLs have not been set.
Correct

Incorrect
Question 4 of 17

4. Question
1 point(s)
Which of the following should be implemented as protection against malware attacks?
- Remote blackhole filtering
- Blackholing internal attacks
- DNS sinkhole
- Redirection
Correct

Incorrect
Question 5 of 17

5. Question
1 point(s)
Which of the following is a mechanism that guards data going in and out of your network?
- Data loss prevention
- Rights management
- Tokenization
- Data states
Correct

Incorrect
Question 6 of 17

6. Question
1 point(s)
You have run the ls -l command the output generated reads:

-rwx r-x r– root mbuna

Which of the following statements is true?
- The others entity has read access only.
- The permissions listed are for a directory.
- The group entity is denied execute access.
- The others entity has read, write, and execute access.
Correct

Incorrect
Question 7 of 17

7. Question
1 point(s)
While reviewing your pfSense appliance logs, you notice the following.

What is happening?
- Normal DHCP traffic.
- There are too many DHCPDISCOVER events.
- There are two DHCP servers that are responding to DHCPREQUEST events.
- This documents the startup of a new dhcpd.leases file.
Correct

Incorrect
Question 8 of 17

8. Question
1 point(s)
Fabrice, a security analyst, is tasked with monitoring a company’s threat feed. Which of the following should he look for as part of his analysis?
- Scripts that the company uses regularly.
- The API the company employs.
- Bits of code that might be malicious.
- IP addresses that might be malicious.
Correct

Incorrect
Question 9 of 17

9. Question
1 point(s)
The following image is of DHCP logs on a pfSense appliance.

What is happening here?
- A host named kali is releasing and renewing its IP address with the appliance.
- There is not enough information here to describe what is happening.
- A host named hn1 is renewing its IP address with the host on IP address 10.10.10.1.
- A host found on IP address 10.10.10.183 has their own DHCP server to perform an on-path (man-in-the-middle) attack.
Correct

Incorrect
Question 10 of 17

10. Question
1 point(s)
When you create an event subscription, events are sent from one computer to another. What is the computer that receives the events called?
- Source computer
- Collector computer
- Destination computer
- Forwarder computer
Correct

Incorrect
Question 11 of 17

11. Question
1 point(s)
You are setting up a Windows machine as a collector to handle event subscriptions from other machines. You have dozens of machines to collect from, and you have configured the receiving machine.

What do you need to do next?
- Configure the machines that will forward logs to the collector using Group Policy.
- Configure the collector for collector-initiated subscriptions.
- Use syslog-ng on a Linux machine to handle incoming Windows logs.
- Configure each machine individually to use source-initiated subscriptions to send logs to the collector.
Correct

Incorrect
Question 12 of 17

12. Question
1 point(s)
Which of the following tools allows a domain owner to specify email servers that can send an email in the domain, and which servers are not allowed to send emails?
- SPF
- Maltego
- DKIM
- Phishing
Correct

Incorrect
Question 13 of 17

13. Question
1 point(s)
Which of the following firewall technologies operates on Layer 5 of the OSI model?
- Proxy server
- Stateful inspection
- Packet filtering
- Circuit-level gateway
Correct

Incorrect
Question 14 of 17

14. Question
1 point(s)
Which of the following BEST describes continuous integration?
- It allows any change that goes through all the production pipeline stages to be automatically released to customers.
- It is a collection of software programs that allow an organization's security team to collect various inputs they can monitor.
- It automatically deploys all the changes coders make into a production environment.
- It allows all integration changes to be automated and placed back into a shared mainline.
Correct

Incorrect
Question 15 of 17

15. Question
1 point(s)
In order to perform testing of various websites for your company, you are using Burpsuite. What function allows Burpsuite to collect so much information about a client/server communication stream?
- Burp Suite acts as a rogue DHCP device.
- Burp Suite uses community vulnerability lists to create tools that can exploit the CVEs.
- Burp Suite sniffs all traffic between two hosts.
- Burp Suite acts as a proxy.
Correct

Incorrect
Question 16 of 17

16. Question
1 point(s)
Which of the following is true about rule-writing?
- You should only use customized rules and not preconfigured ones.
- Rules should be generalized to capture as much information as possible.
- Rules could be as simple as looking for unsuccessful logins or could include more complex behavioral patterns.
- Security analysts are not tasked with rule-writing. This responsibility is reserved for network and security administrators.
Correct

Incorrect
Question 17 of 17

17. Question
1 point(s)
Tokenization is another effective tool in data loss prevention. Which of the following does tokenization do? (Select two.)
- Allows continued control access to the file, even when it's no longer in your system.
- Allows a security policy to travel with a specific file, even when copied or moved.
- Identifies sensitive files and embeds them within your security policies.
- Replaces actual data with a randomly generated alphanumeric character set.
- Protects data on its server with authentication and authorization protocols.
Correct

Incorrect

INTERMEDIATE LEVEL QUIZ | CySA+ 002 Domain 3: Security Operations and Monitoring

INTERMEDIATE LEVEL QUIZ | CySA+ 002 Domain 3: Security Operations and Monitoring

INTERMEDIATE LEVEL QUIZ | CySA+ 002 Domain 3: Security Operations and Monitoring

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question