1. Which pillar of identity relates to tracking the resources accessed by a user?

A. authorization
B. auditing
C. administration
D. authentication

Answer : B

2. When users attempt to access an application or a service, …………controls their level of access.
A. authorization
B. auditing
C. administration
D. authentication

Answer : A

3. …………….. a file makes the data in the file readable and usable to viewers that have the
appropriate key.
A. Archiving
B. Compressing
C. Deduplicating
D. Encrypting

Answer : D

4. Digitally signing a document requires a private key.

A. True
B. False

Answer : A

5. Verifying the authenticity of a digitally signed document requires the public key of the signer.
A. True
B. False

Answer : A

6. Verifying the authenticity of a digitally signed document requires the private key of the signer.
A. True
B. False

Answer: B

7. …………………… requires additional verification, such as a verification code sent to a mobile phone.
A. Multi-factor authentication (MFA)
B. Pass-through authentication
C. Password writeback
D. Single sign-on (SSO)

Answer: A
 8. Tamper protection is a capability in Microsoft Defender for Endpoint that helps protect certain
system settings, such as registry and system32 files, from being changed.
A. True
B. False

Answer: B

9. DirectAccess allows connectivity for remote users to organization network resources without the
need for traditional Virtual Private Network (VPN) connections.
A. True
B. False

Answer: A

10. Man-in-the-Middle (MitM) Attacks can be used as a way for initial access
A. True
B. False

Answer: A

11. Which of the following best describes Kerberoasting?

A. A method to gain unauthorized access to a network by exploiting weaknesses in the
Kerberos authentication protocol.
B. A technique used to decrypt hashed Kerberos tickets captured from network traffic.
C. An attack that targets weak service account passwords to extract their encrypted credentials.
D. A defense mechanism in Kerberos protocol to prevent unauthorized access to sensitive
resources.

Answer : C

12. BitLocker is used to:

A. Control what applications can be run on a system.
B. Encrypt disks and USB drives.
C. Encrypt communications at bit level in PTPP protocol.

Answer : B

13. A Group Policy (GPO) can be configured at which level (the higher):
A. Forest
B. Domain
C. OU
D. Object

Answer : B

14. At what phase of an attack OSINT will likely be used :

A. Passive reconnaissance
B. Active reconnaissance
C. Initial access
D. Persistence
Answer : A

15. SQL Injection is prevented by:

A. Using parameterized queries or prepared statements to separate SQL code from user input.
B. Employing input validation and sanitization to ensure that user inputs don't contain
malicious SQL commands.
C. Escaping user input to neutralize potential malicious characters.
D. All above choices

Answer : D

16. Account lockout policy can be configured to enable a disabled user account after a certain
duration.
A. True
B. False

Answer: B

17. Tickets used in Kerberos :

A. TGT for session management and TGS for service access
B. TGS for session management and TGT for service access
C. None of the above choices

Answer: A

18. A fine-grained password policy can be applied at a user level

A. True
B. False

Answer: A

19. DirectAccess is based on:

A. L2TP/IPSec
B. IPSec
C. HTTPS/TLS

Answer: C

20. What are properties of VPN connections?

A. Encapsulation, Authentication and Authorization
B. Encapsulation, Data Encryption and Authentication
C. Data Encryption, Authentication and Tunneling Protocol

Answer: B

21. What Options for VPN tunneling protocol that supports mobility of users ?
A. PPTP
B. L2TP
C. SSTP
D. IKEv2
Answer: D

22. Which of the following statements about Windows Firewall is true?

A. Windows Firewall only protects against inbound network traffic.
B. Windows Firewall is not configurable and operates only in the default settings.
C. Windows Firewall monitors and filters both inbound and outbound network traffic.
D. Windows Firewall is a feature exclusive to Windows Server editions.

Answer: C

23. Which protocol and port number combination is commonly associated with Remote Desktop
Protocol (RDP) and needs to be allowed through Windows Firewall for remote access to a
Windows system?
A. Protocol: TCP, Port: 3389
B. Protocol: UDP, Port: 80
C. Protocol: TCP, Port: 80
D. Protocol: UDP, Port: 3389

Answer: A

24. How many auditable events exist in advanced audit policies?

A. 43
B. 53
C. 63
D. 73

Answer: B

25. Which of the following tools in Active Directory can be used to track changes made to user
accounts, including modifications to attributes and group memberships?
A. Active Directory Users and Computers (ADUC)
B. Active Directory Administrative Center (ADAC)
C. Security Configuration Wizard (SCW)
D. Active Directory Audit Policy

Answer: D

26. What does the term "Account Lockout Threshold" refer to in Active Directory auditing?
A. The maximum number of login attempts before an account is disabled
B. The number of password changes required for an account to reset
C. The frequency at which account password expiration notifications are sent
D. The number of failed login attempts before an account is locked

Answer: D

27. Which of the following authentication methods is NOT supported by Web Application Proxy for
publishing internal web applications to external users?
A. Windows Integrated Authentication
B. Forms-based authentication
 C. Single Sign-On
D. Two-factor authentication

Answer: B

28. What is the purpose of using Registry Auditing in Windows for security purposes?
A. It prevents unauthorized changes to registry settings.
B. It encrypts sensitive registry keys to protect them from unauthorized access.
C. It monitors and logs changes made to registry keys for security analysis.
D. It automatically repairs registry errors and inconsistencies.

Answer: C

29. What is the primary objective of a Pass-the-Hash attack targeting Active Directory?
A. Extracting plaintext passwords from the Active Directory database
B. Obtaining and exploiting password hashes to gain unauthorized access
C. Initiating a Distributed Denial of Service (DDoS) attack on Active Directory servers
D. Intercepting LDAP queries between domain controllers

Answer: B

30. What is the primary risk associated with week account lockout password policies?
A. Brute-forcing user account passwords
B. Extracting sensitive information about Active Directory objects
C. Initiating a denial-of-service attack on domain controllers
D. Exploiting vulnerabilities in DNS servers

Answer: A

31. What does Server-Side Template Injection (SSTI) primarily exploit in web applications?
A. Vulnerabilities in user input validation
B. Weaknesses in server-side scripting languages
C. Misconfigurations in network firewalls
D. Issues with client-side JavaScript frameworks

Answer: B

32. Which of the following statements about asymmetric cryptography is true?

A. Both sender and receiver use the same key for encryption and decryption.
B. It uses a single key for both encryption and decryption processes.
C. Public and private keys are mathematically related but perform different functions.
D. Asymmetric encryption is faster and more efficient compared to symmetric encryption
methods.

Answer: C

33. What is the highest level of access in the Windows operating system that grants full control over
the system?
A. User
B. Administrator
 C. Guest
D. System

Answer: D

34. What security in Windows protects the system from the usage of vulnerable drivers for malicious
activities?
A. Microsoft vulnerable driver blocklist
B. Windows Defender Application Control policy (WDAC)
C. AppLocker

Answer: A

35. Which function of Mimikatz is commonly used to perform Pass-the-Hash (PtH) attacks in
Windows environments?
A. sekurlsa::logonpasswords
B. lsadump::sam
C. privilege::debug
D. sekurlsa::pth

Answer: D

36. What command to use to start BITS service on server SRV01 from command line?
A. sc.exe start BITS @srv01
B. sc.exe \\srv01 start BITS
C. net \\srv01 start BITS
D. net start BITS @srv01

Answer: B

37. What is the purpose of using John The Ripper tool?

A. Extract Kerberos tickets from memory
B. Force Kerberos tickets using NTLM hash
C. Decrypt hashes and recover clear password
D. Perform a password spraying attack on an account

Answer : C

38. AS-REP Roast attack targets:

A. “Domain Admins” group members
B. Account trusted for delegation
C. Service accounts that can impersonate other users
D. Account allowed to skip Kerberos Pre-Authentication

Answer: D

39. What tool that can be used to find interesting attacks paths using objects mapping?
A. SharpHound
B. BloodHound
C. Mimikatz
 D. Rubeus

Answer: B

40. In Windows environments, what feature is commonly used to securely store and manage
sensitive user credentials, such as passwords?
A. Credential Guard
B. Password Lockbox
C. Secure Password Vault
D. Access Control Lists (ACLs)

Answer: A