Cybersecurity Essentials 3.0 Checkpoint Exam: OS and Endpoint Security Module 7 – 10 Exam Answers Full 100% 2023 2024

Cybersecurity Essentials 3.0 Checkpoint Exam: OS and Endpoint Security Module 7 – 10 Exam Answers Full 100% 2023 2024

Cybersecurity Essentials 3.0 Checkpoint Exam: OS and Endpoint Security Module 7 – 10 Exam Answers Full 100% 2023 2024

  1. What are two advantages of the NTFS file system compared with FAT32? (Choose two.)

    • NTFS provides more security features.
    • NTFS allows the automatic detection of bad sectors.
    • NTFS supports larger files.
    • NTFS allows faster formatting of drives.
    • NTFS allows faster access to external peripherals such as a USB drive.
    • NTFS is easier to configure.
      Explanation & Hint:

      The file system has no control over the speed of access or formatting of drives, and the ease of configuration is not file system-dependent.

  2. What would be a reason for a computer user to use the Task Manager Performance tab?

    • to increase the performance of the CPU
    • to view the services that are currently running on the PC
    • to check the CPU usage of the PC
    • to view the processes that are running and end a process if needed
      Explanation & Hint:

      The Performance tab is commonly used to check current computer performance. Two key areas that are shown are memory and CPU usage.

  3. What principle prevents the disclosure of information to unauthorized people, resources,  and processes?

    • integrity
    • confidentiality
    • availability
    • accounting
    • nonrepudiation
      Explanation & Hint:

      The security principle of confidentiality refers to the prevention of the disclosure of information to unauthorized people, resources, and processes.

  4. A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.)

    • Updates can be forced on systems immediately.
    • Patches can be written quickly.
    • Administrators can approve or deny patches.
    • Computers require a connection to the Internet to receive patches.
    • Updates cannot be circumvented.
    • Patches can be chosen by the user.
      Explanation & Hint:

      A centralized patch management system can speed up deployment of patches and automate the process. Other good reasons to using an automated patch update service include the following:

      • Administrators control the update process.
      • Reports are generated.
      • Updates are provided from a local server.
      • Users cannot circumvent the update process.

  5. What three tasks are accomplished by a comprehensive security policy? (Choose three.)

    • is not legally binding
    • gives security staff the backing of management
    • defines legal consequences of violations
    • useful for management
    • vagueness
    • sets rules for expected behavior
      Explanation & Hint:

      Policy sets the establishment of rules and guidelines for the business.

  6. What are three access control security services? (Choose three.)

    • repudiation
    • accounting
    • authorization
    • availability
    • authentication
    • access
      Explanation & Hint:

      This question refers to AAA authentication, authorization, and accountability.

  7. What is the function of the kernel of an operating system?

    • The kernel provisions hardware resources to meet software requirements.
    • It is an application that allows the initial configuration of a Cisco device.
    • The kernel links the hardware drivers with the underlying electronics of a computer.
    • It provides a user interface that allows users to request a specific task.
      Explanation & Hint:

      Operating systems function with a shell, a kernel, and the hardware. The shell interfaces with the users, allowing them to request specific tasks from the device. The kernel provisions resources from the hardware to meet software requirements. The hardware functions by using drivers and their underlying electronics. The hardware represents the physical components of the device.

  8. A user creates a file with .ps1 extension in Windows. What type of file is it?

    • PowerShell documentation
    • PowerShell cmdlet
    • PowerShell function
    • PowerShell script
      Explanation & Hint:

      The types of commands that PowerShell can execute include the following:

      • cmdlets – perform an action and return an output or object to the next command that will be executed
      • PowerShell scripts – files with a .ps1 extension that contain PowerShell commands that are executed
      • PowerShell functions – pieces of code that can be referenced in a script

  9. A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?

    • Implement a VLAN.
    • Implement RAID.
    • Implement a firewall.
    • Implement intrusion detection systems.
      Explanation & Hint:

      Protecting data confidentiality requires an understanding of the technologies used to protect data in all three data states.

  10. A PC user issues the netstat command without any options. What is displayed as the result of this command?

    • a local routing table
    • a network connection and usage report
    • a list of all established active TCP connections
    • a historical list of successful pings that have been sent
      Explanation & Hint:

      When used by itself (without any options), the netstat command will display all the active TCP connections that are available.

  11. What is the difference between an HIDS and a firewall?

    • An HIDS works like an IPS, whereas a firewall just monitors traffic.
    • A firewall allows and denies traffic based on rules and an HIDS monitors network traffic.
    • An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.
    • A firewall performs packet filtering and therefore is limited in effectiveness, whereas an HIDS blocks intrusions.
    • An HIDS blocks intrusions, whereas a firewall filters them.
      Explanation & Hint:

      In order to monitor local activity an HIDS should be implemented. Network activity monitors are concerned with traffic and not operating system activity.

  12. Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?

    • It is more secure than other server operating systems.
    • More network applications are created for this environment.
    • It is easier to use than other operating systems.
    • The administrator has more control over the operating system.
      Explanation & Hint:

      There are several reasons why Linux is a good choice for the SOC.

      • Linux is open source.
      • The command line interface is a very powerful environment.
      • The user has more control over the operating system.
      • Linux allows for better network communication control.

  13. Which statement describes the term iptables?

    • It is a DHCP application in Windows.
    • It is a DNS daemon in Linux.
    • It is a file used by a DHCP server to store current active IP addresses.
    • It is a rule-based firewall application in Linux.
      Explanation & Hint:

      Iptables is an application that allows Linux system administrators to configure network access rules.

  14. On a Windows host, which tool can be used to create and maintain blacklists and whitelists?

    • Local Users and Groups
    • Task Manager
    • Computer Management
    • Group Policy Editor
      Explanation & Hint:

      In Windows, blacklisting and whitelisting settings can be managed through the Group Policy Editor.

  15. Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file?

    ls –l analyst.txt
    -rwxrw-r– sales staff 1028 May 28 15:50 analyst.txt

    • read, write, execute
    • read, write
    • read only
    • write only
      Explanation & Hint:

      The file permissions are always displayed in the User, Group and Other order. In the example displayed, the file has the following permissions:

      • The dash () means that this is a file. For directories, the first dash would replaced with a “d”.
      • The first set of characters is for user permission (rwx). The user, sales, who owns the file can read, write and execute the file.
      • The second set of characters is for group permissions (rw-). The group, staff, who owns the file can read and write to the file.
      • The third set of characters is for any other user or group permissions (r–). Any other user or group on the computer can only read the file.

  16. Match typical Linux log files to the function.

    Match typical Linux log files to the function
    Match typical Linux log files to the function
    • stores information related to hardware devices and their drivers ==> /Var/log/dmesg
    • used by RedHat and CentOS computers and tracks authentication-related events ==> /Var/log/secure
    • used by Debian and Ubuntu computers and stores all authentication-related events ==> /Var/log/auth.log
    • contains generic computer activity logs, and is used to store informational and noncritical system messages ==> /Var/log/messages
      Explanation & Hint:

      Place the options in the following order:

      Used by RedHat and CentOS computers and tracks authentication-related events /Var/log/secure
      Contains generic computer activity logs, and is used to store informational and noncritical system messages /Var/log/messages
      Stores information related to hardware devices and their drivers /Var/log/dmesg
      Used by Debian and Ubuntu computers and stores all authentication-related events /Var/log/auth.log

  17. Which statement describes the policy-based intrusion detection approach?

    • It compares the signatures of incoming traffic to a known intrusion database.
    • It compares the antimalware definitions to a central repository for the latest updates.
    • It compares the operations of a host against well-defined security rules.
    • It compares the behaviors of a host to an established baseline to identify potential intrusion.
      Explanation & Hint:

      With the anomaly-based intrusion detection approach, a set of rules or policies are applied to a host. Violation of these policies is interpreted to be the result of a potential intrusion.

  18. Match the Linux command to the function. (Not all options are used.)

    Match the Linux command to the function. (Not all options are used.)
    Match the Linux command to the function. (Not all options are used.)
    • lists the processes that are currently running ==> Ps
    • runs a command as another user ==> Sudo
    • displays the name of the current working directory ==> Pwd
    • modifies file permissions ==> Chmod
      Explanation & Hint:

      Place the options in the following order:

      Displays the name of the current working directory Pwd
      Runs a command as another user Sudo
      Modifies file permissions Chmod
      Shuts down the system No answer available
      Lists the processes that are currently running Ps

  19. Match the Windows system tool with the description. (Not all options are used.)

    Match the Windows system tool with the description. (Not all options are used.)
    Match the Windows system tool with the description. (Not all options are used.)
    • selectively denies traffic on specified interfaces ==> Windows Firewall
    • a CLI environment used to run scripts and automate tasks ==> PowerShell
    • a hierarchical database of all system and user information ==> Regristry
    • maintains system logs ==> Event Viewer
      Explanation & Hint:

      Place the options in the following order:

      Provides virus and spyware protection No answer available
      A hierarchical database of all system and user information Regristry
      Selectively denies traffic on specified interfaces Windows Firewall
      A CLI environment used to run scripts and automate tasks PowerShell
      Maintains system logs Event Viewer
      Provides information on system resources and processes No answer available

  20. A client device has initiated a secure HTTP request to a web browser. Which well-known port address number is associated with the destination address?

    • 110
    • 80
    • 404
    • 443
      Explanation & Hint:

      Port numbers are used in TCP and UDP communications to differentiate between the various services running on a device. The well-known port number used by HTTPs is port 443.

  21. Why is Kali Linux a popular choice in testing the network security of an organization?

    • It is a network scanning tool that prioritizes security risks.
    • It can be used to test weaknesses by using only malicious software.
    • It can be used to intercept and log network traffic.
    • It is an open source Linux security distribution containing many penetration tools.
      Explanation & Hint:

      Kali is an open source Linux security distribution that is commonly used by IT professionals to test the security of networks.

  22. Match the antimalware approach to the description.

    Match the antimalware approach to the description
    Match the antimalware approach to the description
    • recognizes malware through analysis of suspicious actions ==> Behavior-based
    • recognizes general features shared by types of malware ==> Heuristics-based
    • recognizes characteristics of known malware files ==> Signature-based
      Explanation & Hint:

      Place the options in the following order:

      Recognizes characteristics of known malware files Signature-based
      Recognizes general features shared by types of malware Heuristics-based
      Recognizes malware through analysis of suspicious actions Behavior-based

  23. Which statement describes the Cisco Threat Grid Glovebox?

    • It is a network-based IDS/IPS.
    • It is a host-based intrusion detection system (HIDS) solution to fight against malware.
    • It is a sandbox product for analyzing malware behaviors.
    • It is a firewall appliance.
      Explanation & Hint:

      Cisco ThreatGrid Glovebox is a sandbox product for analyzing malware behaviors.

  24. What three methods help to ensure system availability? (Choose three.)

    • system backups
    • equipment maintenance
    • integrity checking
    • fire extinguishers
    • up-to-date operating systems
    • system resiliency
      Explanation & Hint:

      Equipment maintenance, system backups, and up-to-date operating systems all help ensure system availability.

  25. In the Linux shell, which character is used between two commands to instruct the shell to combine and execute these two commands in sequence?

    • #
    • %
    • |
    • $
      Explanation & Hint:

  26. Which two options are window managers for Linux? (Choose two.)

    • KDE
    • Kali
    • File Explorer
    • Gnome
    • PenTesting
      Explanation & Hint:

      The X Window System provides the basic framework for a GUI, but the GUI itself varies greatly between different distributions. Two window managers are Gnome and KDE.

  27. What are three states of data during which data is vulnerable? (Choose three.)

    • data decrypted
    • data in-process
    • stored data
    • data in-transit
    • purged data
    • data encrypted
      Explanation & Hint:

  28. Match the Windows command to the description.

    Match the Windows command to the description
    Match the Windows command to the description
    • renames a file ==> Ren
    • lists files in a directory ==> Dir
    • creates a new directory ==> Mkdir
    • changes the current directory ==> Cd
      Explanation & Hint:

      Place the options in the following order:

      Renames a file Ren
      Creates a new directory Mkdir
      Changes the current directory Cd
      Lists files in a directory Dir

  29. Match the network-based anti-malware solution to the function. (Not all options are used.)

    Match the network-based anti-malware solution to the function. (Not all options are used.)
    Match the network-based anti-malware solution to the function. (Not all options are used.)
    • provides filtering of SPAM and potentially malicious emails before they reach the endpoint ==> Email security appliance
    • permits only authorized and compliant systems to connect to the network ==> Network admission control
    • provides endpoint protection from viruses and malware ==> Advanced malware protection
    • provides filtering of websites and blacklisting before they reach the endpoint ==> Web security appliance
      Explanation & Hint:

      Place the options in the following order:

      Provides filtering of SPAM and potentially malicious emails before they reach the endpoint Email security appliance
      Provides filtering of websites and blacklisting before they reach the endpoint Web security appliance
      Permits only authorized and compliant systems to connect to the network Network admission control
      Provides dynamic IP addresses to authenticated endpoints No answer available
      Provides endpoint protection from viruses and malware Advanced malware protection

  30. What term describes a set of software tools designed to increase the privileges of a user or to grant access to the user to portions of the operating system that should not normally be allowed?

    • compiler
    • rootkit
    • package manager
    • penetration testing
      Explanation & Hint:

      A rootkit is used by an attacker to secure a backdoor to a compromised computer, grant access to portions of the operating system normally not permitted, or increase the privileges of a user.