MOC - Last Hurrah

Create an image of a cyber security theme, showcasing a digital shield, binary code, and abstract representations of malware and networks.

MOC - Last Hurrah Quiz

Test your knowledge on cybersecurity and malware with our engaging MOC - Last Hurrah quiz! This quiz covers various aspects of security breaches, malware types, and effective response strategies.

  • Assess your understanding of malware attributes
  • Learn about proper security measures
  • Engage with multiple choice and checkbox questions
93 Questions23 MinutesCreated by SecuringData101
1. Select the common attack vectors from the following.
A. Email attachment
B. Popup windows
C. Deception
D. All the above
E. None of the above
2. Select one malware which is self-copying and replicate itself, that infects computers
Trojan
Ransomware
Virusus
Worms
3. Select 2 incident strategies for security breach from the list.
A) Disconnect from network.
B) Relocate the server to different location.
C) Law enforcement
D) Forensic analysis
E) Change the password of the administrator
4. Match the following
Match the following
Intrusion Detection System
Research and preparation
Virus Total
Ransomware
Is a service that allows you to submit a file for a malware scan
Type of malware which encrypts important data
Detecting breach evidence
One of the3phase attack in Timeline
5. Select 2 statements for principles of least privilege from the knowledge you gain from this course.
A) Use a single over privileged account.
B) Only use privileged accounts to perform administrative tasks
C) Use administrator account to perform administrative task
D) Avoid single over privileged account.
6. Select the settings to increase security for privileged accounts.
Logon hours
Late hours
Logon Workstation
Logoff hours
Admin workstation
7. You can configure user rights assignment in 2 ways; Add a user to the remote desktop user group and:
8. Select the built-in service account types.
Local System
Local service
Remote service
Database service
Network Service
Application service
9. Group managed service accounts passwords are managed by IT operation team
True
False
10. GMSA must require this following key.
Public key
Private key
KDS root key
11. Organizations want to give IT Operations personnel the ability to perform administrative tasks such as resetting user passwords, without giving them the ability to perform other tasks, such as creating or deleting accounts. How do you do that
A) Add the member of the IT operations personal to Administrator group.
B) Create a Group managed service account and link to the IP operations personnel.
C) Use delegation wizard to delegate the IT Operations personnel with specific task
12. Select the ways to secure Domain controller, select 2
A. Use the server core installation
B. Install windows server 2016
C. User RODC where security is not assured
D. Disable wired and wireless network.
13. LAPS is a password manager that uses active directory to manage and periodically change the passwords for local administrator accounts.
True
False
14. What is the powershell cmdlet used in LAPS to view the password
A. GET-AdmPwdPassword
B. GET-AdmPassword
C. GET-AdmPwd
D. GET-LAPSPassword
15. ________________________________Protects the password of the domain by storing them in a virtual container instead of storing in RAM.
A. Protected user group
B. Windows defender credential guard
C. Group managed service account
D. Microsoft managed service account
16. You can search for problematic accounts, where no sign-in has occurred for more than 90 days using?
A) Active directory users and computer
B) Active directory Federation services
C) Active directory Administrative center
D) Active directory domain and trust
17. Actions are performed by using a special machine local virtual account in Just enough administration True / false
True
False
18. What are the 2 important files in JEA
A. Role capability file
B. Visible function file
C. Session configuration file
D. Visible cmdlet file
19. The above 2 important files are automatically created in JEA. True / False
True
False
20. What are the limitation of JEA. Write one limitation
21. A server can have only one JEA endpoints True /False
True
False
22. What are extensions of JEA files
.psrc
.psbc
.pssc
.pasc
23. Helps a computer resist attacks and infection from malware, only software or firmware signed with approved keys are allowed to execute.
Dual boot
Antivirus
Secure boot
24. What are the components of PAM?
25. PAM process is implemented through temporary group membership True /False
True
False
26. What is the default TTL for PAM
Half and hour
1 hour
1 day
3 days
27. What is the tool which does same as ADDS with better Graphical user interface
A. Privileged access management
B. Microsoft identity management
C. Microsoft password manager
28. ESAE forest expansion
What scanning options are available when you use Windows Defender?
  1. Quick
  2. Full
  3. Custom
  4. ________
30. Other than the host server operating system, which two Microsoft products do you need to deploy before you deploy MIM 2016?
A) MSoffice 2016
B) SharePoint 2013 and
C) SQL Server 2008.
D) Exchange server 2016
31. What is shadow account?
A. A new account created without using the production source credentials.
B. An existing user account from a privileged domain
C. A copy of the account created in privileged domain, also exist in the production domain.
32. Shadow accounts are created automatically by PAM. True / False
True
False
33. What is the minimum number of forests required to deploy PAM?
2
3
4
34. What are the options available to control which application users can run?
35. Applocker uses _________service to verify a file attribute. App policies are not enforced if the service is not running.
Azure Identity
Application Identity
MIM
36. What are the rule actions available in applocker?
37. Which service provides the transport keys that are needed to unlock and run shielded VMs on affirmatively attested (or healthy) Hyper-V hosts?
38. What are the 2 modes used in Hosted Guard services?
39. A shielded VM is a generation 2 VM (supported on Windows Server 2012 and later)
True
False
40. To install guarded fabric to your existing windows server 2012
A. Update hyper-v host windows server 2016 Datacenter edition
B. Update hyper-V host to windows server 2012 datacenter edition
C. Update hyper-v host windows server enterprise edition
41. What is the Posweshell command To verify the host guardian Hyper-V support feature is enabled
A. Install -WindowsFeature –Name HostGuardianServiceRole
B. Get-WindowsFeature HostGuardian
C. Set-WindowsFeature HostGuardian
42. What is the tool available in SCT to view and compare your local policy and local registry.
A. Shielded VM
B. Host guardian Services
C. Policy Analyzer
D. GPO editor
43. What is abbreviation of SCT in windows server 2016
A. Session control toolkit
B. Self-certificate toolkit
C. Security compliance tool kit
44. Security baselines are used to do what?
A. Ensure that user and device configuration settings are compliant with the baseline.
B. Ensure that user configuration settings are complaint with the baseline.
C. Ensure that device configuration settings are compliant with the baseline.
45. Containers share the kernel of the host Operating System.
True
False
46. What are the 2 types of containers supported in windows server?
47. What is HAL in Hyper-V Virtualisation
48. What are the 2 modes in a container where the codes can run?
User mode
Kernel mode
Computer mode
Virtual mode
49. What are the options available to encrypt Files in Windows server 2016?
EFS
DFS
FRS
Bitlocker
50. You can use bitlocker without TPM. True or false
True
False
51. EFS encryption does not require a Certificate. True / false
True
False
52. What are the 2 methods used in EFS encryption?
Container
Virtual Machine
Hyper-V containers
Enables you to separate your applications from your infrastructure
Runs a complete operating system including the kernel
The container host doesn’t share its kernelwith other hyper-v contaners
Docker
Runs on the same O/S as the host
55. Cipher.exe
A. Is a PowerShell tool used to encrypt and decrypt the data
A. Is a command line tool used to encrypt and decrypt the data?
C. Is a Microsoft tool to decrypt the data.
56. Bitlocker provides a recovery mechanism with a _______digit recovery key
57
42
48
32
57. ____________________used in windows 2016 to enable quotas.
A. Bitlocker encryption
B. Encrypted File system
C. File service resource manager
D. File service replication manager
E. Distributed file system replication
58. What is the use of file screening template in FSRM?
A. Used to block files in a file server.
B. Used to allow files in a file server
C. Used to allow / block files in a file server.
59. Select the data governance technology that works along with NTFS permission and shared folder permission to grant or block user based on their identity.
A. Distributed File system
B. Data access control
A. Digital Access control
60. What are the 3 network profiles available in firewall
61. What is the designated port no for HTTPS
8080
80
443
4443
62. What are the 3 ways to deploy firewall rules?
63. IP sec is a tunnelling protocol which provides security for IP traffic only.
True
False
64. Message analyser is used to ________________________________
A. Send messages through email.
B. Capture network traffic and analyse.
C. Capture email messages and analyze
65. What is the risk associated with leaving SMB 1.x enabled in your environment?
A. If it is disabled in your environment, it could be vulnerable to attacks.
A. If it is enabled in your environment, it could be vulnerable to attacks.
66. Test -NetConnection PowerShell cmdlet is equivalent to Ping command. True or false
True
False
67. IP sec is predominantly used in VPN’s
True
False
68. What are the options available in protecting DNS. Write the missing option
A) DNS cache locking
B) DNS socket pool
69. What is the latest version of SMB, which supports both Kerberos authentication and connection restore?
SMB.1.0
SMB 2.0
SMB 3.1.1
70. What is the protocol used in DNSSec
SMB 3.0
DANE
DORA
71. What do you mean by DNS socket pool, what is the use of it.
A. Instead of using the predictable source port, it randomizes the port numbers
B. Overwriting information in DNS cache
C. Used to analyse the network traffic

You are the administrator of an Active Directory Domain Services (AD DS) domain. All server computers run Windows Server 2016. Some malicious software infects a specific network subnet. The malicious software performs DNS queries to the domain's DNS servers in an attempt to spread itself to other hosts.

You need to prevent the infected subnet from performing DNS queries to the domain's DNS servers. Your actions must not disrupt the DNS service in the rest of the subnets in the domain.

What technology should you configure?

A) Domain Name System Security Extensions (DNSSEC) on the DNS servers
B) DNS-based Authentication of Named Entities (DANE) on the DNS servers
C) DNS policies on the DNS servers
D) IP Address Management (IPAM) in the domain
  1. Your network contains an Active Directory domain named contoso.com. You create a Microsoft Operations Management Suite (OMS) workspace. You need to connect several computers directly to the workspace.

Which two pieces of information do you require?

A) the ID of the workspace
B) the name of the workspace
C) the URL of the workspace
D) the key of the workspace
74. The New-CI Policy cmdlet creates a Code Integrity policy as an .xml file. If you do NOT supply either driver files or rules what will happen?
A) The cmdlet performs a system scan
B) An exception/warning is shown because either one is required
C) Nothing
D) The cmdlet searches the Code Integrity Audit log for drivers
75. Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration. Windows Defender comes with a number of different Defender-specific cmdlets that you can run through PowerShell to automate common tasks. Which Cmdlet would you run first if you wanted to perform an offline scan?
A) Set-MpPreference -DisablePrivacyMode $true
B) Set-MpPreference -DisableRestorePoint $true
C) Start-MpScan
D) Start-MpWDOScan
76. A shielding data file (also called a provisioning data file or PDK file) is an encrypted file that a tenant or VM owner creates to protect important VM configuration information. A fabric administrator uses the shielding data file when creating a shielded VM, but is unable to view or use the information contained in the file. Which information can be stored in the shielding data file?
A) Administrator credentials
B) All of these
C) A Key Protector
D) Unattend.xml
  1. You are the administrator for your company. Your company is planning to deploy shielded virtual machines (VMs) to an external cloud platform that uses a guarded fabric with Trusted Platform Module (TPM)-attestation.

You are implementing an on-premises guarded host on a server that will run Windows Server 2016. You are evaluating the following two installation options for the guarded host server:

- Nano Server

- Desktop Experience

You need to identify any requirements that can only be met by using the Desktop Experience installation option for the on-premises guarded host.

Which capability can only be met by the Desktop Experience installation option?

A) Create new shielded VMs on premises and move the VMs to a guarded fabric.
B) Manage the server remotely by using PowerShell.
C) Implement measured boot sequence and code integrity policies.
D) Manage guarded hosts by using System Center Virtual Machine Manager (SCVMM) 2016.
  1. ______ enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network.

This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.

A) Credential Guard
B) JEA
C) EFS recovery agent
D) Network Unlock
  1. Your network contains an Active Directory domain. Microsoft Advanced Threat Analytics (ATA) is deployed to the domain. A database administrator named DBA1 suspects that her user account was compromised.

Which three events can you identify by using ATA?

A) Spam messages received by DBA1.
B) Phishing attempts that targeted DBA1
C) The last time DBA1 experienced a failed logon attempt
D) Domain computers into which DBA1 recently signed.
E) Servers that DBA1 recently accessed.
  1. This question relates to Windows Firewall and related technologies. These rules use IPsec to secure traffic while it crosses the network. You use these rules to specify that connections between two computers must be authenticated or encrypted.

What is the name for these rules?

A) Firewall Rules
B) Connection Security Rules
C) TCP Rules
D) DHP Rules
81. You are building a guarded fabric.You need to configure Admin-trusted attestation. Which cmdlet should you use?
A) Add-HgsAttestationHostGroup
B) Add-HgsAttestationTpmHost
C) Add-HgsAttestationCIPolicy
D) Add-HgsAttestationTpmPolicy
53. Hyper-V containers provide an extra isolation boundary where each container has its own copy of the operating-system binaries. True / False
True
False
Select 2 attacks types against application from the following
SQL injection
Adware
Distrusted operating system
Distributed denial of service
Spyware
What are the key target resources for attackers? Select 3 options from the following
Domain Controller
Databse servers
Email servers
DNS servers
DHCP servers
{"name":"MOC - Last Hurrah", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on cybersecurity and malware with our engaging MOC - Last Hurrah quiz! This quiz covers various aspects of security breaches, malware types, and effective response strategies.Assess your understanding of malware attributesLearn about proper security measuresEngage with multiple choice and checkbox questions","img":"https:/images/course2.png"}
Powered by: Quiz Maker