10/23/24, 4:59 PM Individual Response

8.3.6 Practice Questions

Candidate: Damola Quadri (redFedora)
Date: 10/23/2024, 4:58:51 PM • Time Spent: 02:32
Score: 60% Passing Score: 80%

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 1/14
10/23/24, 4:59 PM Individual Response

Question 1. Incorrect

As a network administrator, you are tasked with implementing measures to secure and
control access to logical ports within your organization's computer system. You are
considering several strategies to accomplish this task.

Which of the following would be the MOST effective method to protect logical ports?

Implementing service hardening practices

Using secure protocols for data exchange

Regularly updating software

Implementing firewalls

Explanation

Implementing firewalls is the most effective method for protecting logical ports. They
examine network traffic and enforce security policies to allow or block specific connections
based on port numbers, source and destination addresses, and protocols. This directly
protects the logical ports from unauthorized access and attacks.

While service hardening is an important part of overall security, it primarily focuses on

ensuring that services running on logical ports are hardened against security threats. It does
not directly protect the logical ports themselves.

Using secure protocols is a good practice to ensure the security of data in transit. However, it
does not directly protect the logical ports from unauthorized access or attacks.

Regular software updates are important to fix security vulnerabilities. However, they do not
directly protect the logical ports from unauthorized access or attacks.

References

8.3.3 Linux Host Security Facts

q_linux_host_sec_firewalls_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 2/14
10/23/24, 4:59 PM Individual Response

Question 2. Correct

As a cybersecurity analyst, you are tasked with enhancing the endpoint security of your
organization's network. You are considering several strategies to accomplish this task.

Which of the following would be the MOST effective method to control incoming and
outgoing network traffic and detect potential attacks?

Implementing a strong password policy

Regularly updating all software and applications

Implementing host-based firewalls and IPS with default-deny policies

Regularly conducting penetration testing

Explanation

Implementing host-based firewalls and IPS with default-deny policies is the most effective
method, as it provides controls for incoming and outgoing network traffic and is essential for
detecting potential attacks. Default-deny policies block all traffic unless explicitly allowed,
ensuring that only approved services and applications can communicate.

While regularly updating all software and applications is a good practice to fix security
vulnerabilities, it does not directly control network traffic or detect potential attacks.

While a strong password policy is important for securing user accounts, it does not directly
control network traffic or detect potential attacks.

While penetration testing is important for identifying vulnerabilities in the network, it does
not provide real-time control of network traffic or detection of potential attacks.

References

8.3.3 Linux Host Security Facts

q_linux_host_sec_ips_solution_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 3/14
10/23/24, 4:59 PM Individual Response

Question 3. Incorrect

Which command should you use to display listening and non-listening sockets on your Linux
system? (Tip: enter the command as if in Command Prompt.)

netstat -tuln netstat -a

Explanation

Use netstat -a to identify listening and non-listening sockets on a Linux system. A socket is an
endpoint of a bidirectional communication flow across a computer network. Be aware of the
other common netstat options:

-l lists listening sockets.

-s displays statistics for each protocol.

-i displays a table of all network interfaces.

References

8.3.3 Linux Host Security Facts

q_linux_host_sec_netstat_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 4/14
10/23/24, 4:59 PM Individual Response

Question 4. Correct

You need to increase the security of your Linux system by finding and closing open ports.

Which of the following commands should you use to locate open ports?

nmap

netstat

nslookup

traceroute

Explanation

Use nmap to locate open ports. Open ports can provide information about which operating
system a computer uses and might provide entry points or information about ways to
formulate an attack. Use one of the following commands to scan for open ports:

nmap -sT scans for TCP ports.

nmap -sU scan for UDP ports.

The netstat command shows the status of listening and non-listening sockets. A socket is an
endpoint of a bidirectional communication flow across a computer network.

The nslookup command is used for name resolution requests.

The traceroute command tests and displays connectivity between devices.

References

8.3.3 Linux Host Security Facts

q_linux_host_sec_open_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 5/14
10/23/24, 4:59 PM Individual Response

Question 5. Incorrect

You want to make sure no unneeded software packages are running on your Linux server.

Select the command from the drop-down list that you can use to see all installed RPM
packages.

yum list rpm installed yum list installed

Explanation

Unneeded software takes disk space and could introduce security flaws. To see all the RPM
packages installed on your Linux server, run the following command:

yum list installed

After running this command, complete the following:

Research the function of any unrecognized RPM package to determine whether it is

necessary.

Use yum or rpm to uninstall unneeded packages.

References

8.3.3 Linux Host Security Facts

q_linux_host_sec_yum_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 6/14
10/23/24, 4:59 PM Individual Response

Question 6. Correct

Which action would you use in a rule to disallow a connection silently?

Forward

Reject

Accept

Drop

Explanation

The Drop action is used to disallow a connection silently; the sending system receives no
notice. The Reject action also disallows a connection but sends a TCP RST packet or an ICMP
port unreachable packet back to the system that sent the original packet.

Accept would allow the packet.

Forward is a chain, not an action in iptables.

Reject rejects the connection but will send a response back.

References

5.10.1 Router Security

5.10.2 Router ACLs

5.10.3 Router Security Facts

5.10.4 Configuring ACLs
5.10.5 Restrict Telnet and SSH Access

5.10.6 Permit Traffic

5.10.7 Block Source Hosts

6.4.2 Protocol Analyzer Facts

8.1.1 Operating System Hardening
8.3.1 Linux Host Security

8.3.2 Removing Unnecessary Services

8.3.3 Linux Host Security Facts
8.3.4 Configure iptables

8.3.5 Configure iptables Facts

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 7/14
10/23/24, 4:59 PM Individual Response

q_conf_iptables_drop_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 8/14
10/23/24, 4:59 PM Individual Response

Question 7. Correct

In which of the iptables default chains would you configure a rule to allow an external device
to access the HTTPS port on the Linux server?

Forward

Output

Accept

Input

Explanation

The Input chain would be where you would place the rule as it is used for inbound
connections.

The Output chain is for outbound connections.

The Forward chain sends connections through the Linux server to another device.

The Accept action can be used in a rule to allow a connection. However, it is not a chain.

References

5.10.1 Router Security

5.10.2 Router ACLs
5.10.3 Router Security Facts

5.10.4 Configuring ACLs

5.10.5 Restrict Telnet and SSH Access
5.10.6 Permit Traffic

5.10.7 Block Source Hosts

6.4.2 Protocol Analyzer Facts

8.1.1 Operating System Hardening

8.3.1 Linux Host Security
8.3.2 Removing Unnecessary Services

8.3.3 Linux Host Security Facts

8.3.4 Configure iptables

8.3.5 Configure iptables Facts

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3-… 9/14
10/23/24, 4:59 PM Individual Response

q_conf_iptables_input_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3… 10/14
10/23/24, 4:59 PM Individual Response

Question 8. Incorrect

Which type of packet would the sender receive if they sent a connection request to TCP port
25 on a server with the following command applied?

sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT

ICMP Unreachable Port

RST

SYN

ACK

Explanation

Because the packet is TCP and is blocked by the Reject action, the server would send a TCP
RST packet back to the sender.

ICMP Unreachable Port is sent by iptables if a UDP packet is blocked by the Reject action.

A SYN packet would indicate that the server is proceeding with the connection, which would
not happen with the Reject action. If it were allowed, the ACK would generally be sent with the
SYN to acknowledge the initial connection while the SYN starts the next part of the TCP three-
way handshake.

References

5.10.1 Router Security

5.10.2 Router ACLs

5.10.3 Router Security Facts
5.10.4 Configuring ACLs

5.10.5 Restrict Telnet and SSH Access

5.10.6 Permit Traffic
5.10.7 Block Source Hosts

6.4.2 Protocol Analyzer Facts

8.1.1 Operating System Hardening

8.3.1 Linux Host Security

8.3.2 Removing Unnecessary Services
8.3.3 Linux Host Security Facts
https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3… 11/14
10/23/24, 4:59 PM Individual Response

8.3.4 Configure iptables

8.3.5 Configure iptables Facts

q_conf_iptables_rst_secp8.question.fex

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3… 12/14
10/23/24, 4:59 PM Individual Response

Question 9. Correct

You have configured the following rules. What is the effect?

sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j

ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT

Block SMTP traffic

Allow SMTP traffic

Allow SSH traffic

Block SSH traffic

Explanation

These rules would allow inbound and outbound Simple Mail Transfer Protocol (SMTP)
connections on TCP port 25, the default port for SMTP.

These rules use the Accept action, so they would not block SMTP or Secure Shell (SSH).

SSH is on TCP port 22, so these rules would not affect SSH.

References

5.10.1 Router Security

5.10.2 Router ACLs

5.10.3 Router Security Facts

5.10.4 Configuring ACLs
5.10.5 Restrict Telnet and SSH Access
5.10.6 Permit Traffic
5.10.7 Block Source Hosts
6.4.2 Protocol Analyzer Facts

8.1.1 Operating System Hardening

8.3.1 Linux Host Security
8.3.2 Removing Unnecessary Services
8.3.3 Linux Host Security Facts
8.3.4 Configure iptables

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3… 13/14
10/23/24, 4:59 PM Individual Response

8.3.5 Configure iptables Facts

q_conf_iptables_smtp_secp8.question.fex

Question 10. Correct

Which command would you use to list all of the currently defined iptables rules?

sudo iptables -F

sudo iptables -L

sudo /sbin/iptables-save

sudo iptables -A INPUT -j DROP

Explanation

sudo iptables -L lists all of the currently defined rules.

sudo iptables -A INPUT -j DROP would drop all incoming traffic.

sudo /sbin/iptables-save saves changes to iptables on Ubuntu.

sudo iptables -F would flush all current rules from iptables.

References

8.3.5 Configure iptables Facts

q_conf_iptables_sudo_secp8.question.fex

Copyright © The Computing Technology Industry Association, Inc. All rights reserved.

https://labsimapp.testout.com/v6_0_645/exam-engine.html/487a8c6c-7ff1-4297-ae72-6e9edaae69e1/exam-session/40389073/7a30c2d0-3ccd-44b3… 14/14