CPSA Github Questions with Complete Solutions, Exams of Advanced Education

CPSA Github Questions with Complete Solutions

Typology: Exams

2025/2026

Available from 04/10/2026

guidedexam
guidedexam šŸ‡ŗšŸ‡ø

2.5

(2)

6.9K documents

1 / 48

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CPSA Github Questions with
Complete Solutions46
Why can remote access VPNs not use Main Mode for IKE Phase-1 if the
authentication method is pre-shared key? - ANSWERS-Pre-shared key
authentication with Main Mode requires that the peer's IP is known before the
connection is established.
What is the blocksize of the DES encryption cipher? - ANSWERS-64 bits
What is this: 16:23:57.094021 IP 192.168.124.204.137 >
192.168.124.255.137: NBT UDP PACKET(137): QUERY; REQUEST;
BROADCAST - ANSWERS-A NetBIOS over TCP/IP name service broadcast
Which is the least secure encryption cipher of those listed below? -
ANSWERS-DES
Which file in a user's home directory controls the trust relationships for
Berkeley R services? - ANSWERS-.rhosts
Why can remote access servers not use aggressive mode for IKE Phase-1 if
the authentication method is pre-shared key? - ANSWERS-Because pre-
shared key authentication with aggressive mode does not provide identity
protection.
What is the key length of the AES encryption cipher? - ANSWERS-128 bits
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30

Partial preview of the text

Download CPSA Github Questions with Complete Solutions and more Exams Advanced Education in PDF only on Docsity!

CPSA Github Questions with

Complete Solutions

Why can remote access VPNs not use Main Mode for IKE Phase-1 if the authentication method is pre-shared key? - ANSWERS-Pre-shared key authentication with Main Mode requires that the peer's IP is known before the connection is established. What is the blocksize of the DES encryption cipher? - ANSWERS-64 bits What is this: 16:23:57.094021 IP 192.168.124.204.137 > 192.168.124.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST - ANSWERS-A NetBIOS over TCP/IP name service broadcast Which is the least secure encryption cipher of those listed below? - ANSWERS-DES Which file in a user's home directory controls the trust relationships for Berkeley R services? - ANSWERS-.rhosts Why can remote access servers not use aggressive mode for IKE Phase-1 if the authentication method is pre-shared key? - ANSWERS-Because pre- shared key authentication with aggressive mode does not provide identity protection. What is the key length of the AES encryption cipher? - ANSWERS-128 bits

What is this: 16:23:57.094021 IP 192.168.124.204.137 > 192.168.124.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST - ANSWERS-A NetBIOS over TCP/IP name service broadcast Which is the most secure encryption cipher of those listed below? - ANSWERS-AES Which file in a user's home directory controls the trust relationships for SSH?

  • ANSWERS-.ssh/authorized_keys Why can remote access VPNs not use aggressive mode for IKE Phase-1 if the authentication method is pre-shared key? - ANSWERS-Because pre-shared key authentication with aggressive mode does not provide identity protection. What is the key length of the Triple-DES encryption cipher? - ANSWERS- bits What is this: 16:23:57.094021 IP 192.168.124.204.137 > 192.168.124.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST - ANSWERS-A NetBIOS over TCP/IP name service broadcast Which is the most secure encryption cipher of those listed below? - ANSWERS-AES Which file in a user's home directory controls the trust relationships for FTP? - ANSWERS-.netrc Why can remote access servers not use Main Mode for IKE Phase-1 if the authentication method is pre-shared key? - ANSWERS-Because pre-shared key authentication with Main Mode requires that the peer's IP is known before the connection is established.

How do rwho clients query the rwho daemon using ONC/RPC? - ANSWERS- They can't. How do you establish a null session to a Windows host from a Windows command shell? - ANSWERS-NET USE \hostname\ipc$ "" /u:"" What is the purpose of the NET USE command in establishing a null session?

  • ANSWERS-To connect to a shared resource on a remote host. What is the purpose of the \hostname\ipc$ argument in the NET USE command? - ANSWERS-To specify the IPC$ share on the remote host. What is the purpose of the /u:"" argument in the NET USE command? - ANSWERS-To specify a null username. What is the purpose of the account lockout threshold? - ANSWERS-To determine the number of incorrect password attempts before an account is locked out. How many incorrect password attempts will cause the built-in administrator account to be locked out on a Windows 2003 system? - ANSWERS-The built-in administrator account will never be locked out. What is the purpose of the account lockout duration setting? - ANSWERS-To determine the duration of an account lockout. What is the purpose of the NET USE command in establishing a null session?
  • ANSWERS-To connect to a shared resource on a remote host.

What is the purpose of the \hostname\c$ argument in the NET USE command? - ANSWERS-To specify the C$ share on the remote host. What is the purpose of the /u:NULL argument in the NET USE command? - ANSWERS-There is no such argument in the NET USE command. What is the purpose of the /u:"" argument in the NET USE command? - ANSWERS-To specify a null username. What is the purpose of the account lockout threshold? - ANSWERS-To determine the number of incorrect password attempts before an account is locked out. How many incorrect password attempts will cause the built-in administrator account to be locked out on a Windows 2003 system? - ANSWERS-The built-in administrator account will never be locked out. What is the purpose of the account lockout duration setting? - ANSWERS-To determine the duration of an account lockout. What effect would an octal umask of 0027 have on the permissions of new files? - ANSWERS-Remove group write access, and remove all permissions for others. What is the name given to the field concerned with the security implications of electronic eminations from communications equipment? - ANSWERS- TEMPEST Which of these is not a valid IPv6 address? - ANSWERS-2001:0db8:1428:57ab

What is the octal representation of the permission 'rwxr-x---'? - ANSWERS- 750 What is the octal representation of the permission 'rwxrwx---'? - ANSWERS- 770 What is the octal representation of the permission 'rwxrwxr-x'? - ANSWERS- 775 What is the octal representation of the permission 'rwxr-xr-x'? - ANSWERS- 755 What is the octal representation of the permission 'rwxr-xrwx'? - ANSWERS- 765 What is the octal representation of the permission 'rwxrwxrwx'? - ANSWERS- 777 What is the potential consequence of exploiting a vulnerability in an FTP server? - ANSWERS-Gaining administrative access. What does the command "finger 0@hostname" display on a Solaris 8 system? - ANSWERS-Users with an empty GCOS field in the password file. What are the four potential risk treatments? - ANSWERS-Avoid, Reduce, Accept, and Transfer. What does "export" signify for an SSL cipher? - ANSWERS-Weak cipher acceptable for export under old US regulations.

What is the significance of the "export" label for an SSL cipher? - ANSWERS- Cipher that was permitted for export under old US regulations. What is the meaning of the "export" label for an SSL cipher? - ANSWERS- Cipher that was weak but allowed for export under old US regulations. What is an "export" cipher in SSL? - ANSWERS-Weak cipher permitted for export under old US regulations. Which protocol is not vulnerable to address spoofing if implemented correctly? - ANSWERS-TCP. Which of these protocols is not susceptible to address spoofing if implemented correctly? - ANSWERS-TCP. What effect does setting the RestrictAnonymous registry setting to 1 have on a Windows NT or 2000 system? - ANSWERS-Prevents enumeration of SAM accounts and names. What happens when the RestrictAnonymous registry setting is set to 1 on a Windows NT or 2000 system? - ANSWERS-Enumeration of SAM accounts and names is prevented. What is the impact of setting the RestrictAnonymous registry setting to 1 on a Windows NT or 2000 system? - ANSWERS-Prevents enumeration of SAM accounts and names. What does setting the RestrictAnonymous registry setting to 1 do on a Windows NT or 2000 system? - ANSWERS-Prevents enumeration of SAM accounts and names.

What RPC authentication mechanism does NFS v2 and v3 use? - ANSWERS- AUTH_SYS, using Unix UID and GID Which of these statements about the Windows built in administrator account is correct? - ANSWERS-It always has RID 500 What is the built-in administrator account in Windows called? - ANSWERS- Administrator What is the only member of the "Administrators" group? - ANSWERS-Built-in administrator account Can the built-in administrator account be renamed? - ANSWERS-No What is the SID (Security Identifier) of the built-in administrator account? - ANSWERS- What does the "Root Squash" option on an NFS export do? - ANSWERS-Makes the root user on the NFS client access files as nobody on the server. How can blind SQL injection be detected? - ANSWERS-The web server behaviour changes when a successful injection is performed. What does the phrase "Inherent Risk" mean in risk management? - ANSWERS-A risk that is implicitly associated with an activity or location. What is the cipher mode that uses a block cipher to generate a key stream? - ANSWERS-CFB

What is the digest length for the SHA1 hash function? - ANSWERS-160 bits What is the default password for the DBSNMP user on Oracle 9i? - ANSWERS- DBSNMP Which of these groups of tools are commonly used for packet crafting? - ANSWERS-hping2, hping3 and scapy The active directory database file is: - ANSWERS-NTDS.DIT Which nmap flag enables OS TCP/IP stack fingerprinting? - ANSWERS--O Which of the following is NOT an EAP method? - ANSWERS-EAP-RSA What is the significance of the string "SEP" in the configuration filename of a Cisco IP phone? - ANSWERS-It stands for Selsius Ethernet Phone, which was the original name of the Cisco IP phone. What does Cisco Ethernet Phone stand for? - ANSWERS-No one knows. What does SIP Enhanced Phone stand for? - ANSWERS-No one knows. What is an IP option? - ANSWERS-Record Route Which services are all ONC/RPC services? - ANSWERS-cmsd, kcms_server, sadmind, snmpXdmid When was the Apache chunked encoding vulnerability fixed in version 1.3? - ANSWERS-1.3.

What does the FTP authentication mechanism do? - ANSWERS-Selects the authentication method for the FTP server. What does FSMO stand for in Active Directory? - ANSWERS-Flexible Single Master Operations. What is the TCP port for Microsoft SQL Server in hidden mode? - ANSWERS-

What are the six base SIP methods? - ANSWERS-REGISTER, INVITE, ACK, CANCEL, BYE, OPTIONS Which scan would be most likely to discover a firewall that blocks all traffic to itself from the interface connected to the network you are scanning from? - ANSWERS-ARP scan You find a system that is offering the NFS RPC service. What is the logical next step? - ANSWERS-Run "showmount -e" to list the NFS exports. What is this: password 7 052D131D33556C081D021200 - ANSWERS-A password encoded with the reversible Cisco vigenere algorithm What identifies the superuser on a Unix or Linux system? - ANSWERS-Any user with UID 0 (zero) in the password file. What is the purpose of the REGISTER method in SIP? - ANSWERS-To register a user's current location.

What is the purpose of the INVITE method in SIP? - ANSWERS-To invite a user to participate in a call. What is the purpose of the ACK method in SIP? - ANSWERS-To confirm the successful receipt of a response to an INVITE request. What is the purpose of the CANCEL method in SIP? - ANSWERS-To cancel a pending request. What is the purpose of the BYE method in SIP? - ANSWERS-To terminate a call. What is the purpose of the OPTIONS method in SIP? - ANSWERS-To query the capabilities of a server. What is an ARP scan used for? - ANSWERS-To discover the MAC addresses of devices on a local network. What is a UDP port scan used for? - ANSWERS-To determine which UDP ports are open on a target system. What is a ping sweep used for? - ANSWERS-To discover which IP addresses are active on a network. What is an SNMP query used for? - ANSWERS-To gather information from network devices that support SNMP. What is a TCP port scan used for? - ANSWERS-To determine which TCP ports are open on a target system.

What is the primary legal reason for obtaining written permission before starting a test? - ANSWERS-To avoid breaching the Computer Misuse Act. Which of the following statements about the time protocols "time", "daytime" and "NTP" are correct? - ANSWERS-"time" represents the time as a 32-bit value, "daytime" uses an ASCII string, and "NTP" uses a 64-bit value. Which of these is not a valid IP address? - ANSWERS-192.168.300. What command would you use to list the installed patches on a Solaris system? - ANSWERS-showrev -a or showrev -p On a Unix system, what is the effect of the execute bit on a directory? - ANSWERS-It allows the directory to be traversed. What is this: 17:58:01.396446 CDPv2, ttl: 180s, Device-ID 'chestnut.nta- monitor.com', length 404 - ANSWERS-A CDP broadcast What are the four mandatory transform attributes for an IKE Phase-1 SA? - ANSWERS-Encryption Algorithm, Hash Algorithm, Authentication Method, Diffie Hellman Group What command would you use to list the installed packages on a Redhat or Fedora system? - ANSWERS-rpm -qa Where are the encrypted passwords stored on a FreeBSD system? - ANSWERS-/etc/master.passwd What is the purpose of the /etc/passwd file? - ANSWERS-It stores user account information.

How can you get shell access to an Internet accessible web server behind a firewall that only allows inbound TCP port 80? - ANSWERS-Run a shell on the webserver and connect its control channel back to a TCP port on your local system. What is the next logical step if you find TCP port 111 open on a Unix system?

  • ANSWERS-Run "rpcinfo -p" to enumerate the RPC services. What protocol and port does a normal DNS lookup use? - ANSWERS-UDP port

Which web application technology is expected to be most secure? - ANSWERS-A pure Java application. What is the purpose of the /etc/passwd file? - ANSWERS-It stores user account information. How can you get shell access to an Internet accessible web server behind a firewall that only allows inbound TCP port 80? - ANSWERS-Run a shell on the webserver and connect its control channel back to a TCP port on your local system. What is the next logical step if you find TCP port 111 open on a Unix system?

  • ANSWERS-Run "rpcinfo -p" to enumerate the RPC services. What protocol and port does a normal DNS lookup use? - ANSWERS-UDP port

Which web application technology is expected to be most secure? - ANSWERS-A pure Java application.

Which web application technology is expected to be most secure? - ANSWERS-A pure Java application. What is a Perl application running under MOD-Perl? - ANSWERS-A Perl application running under the MOD-Perl module. What is a Perl application running as CGI scripts? - ANSWERS-A Perl application running as Common Gateway Interface (CGI) scripts. What is a PHP3 application? - ANSWERS-An application written in PHP version

Which nmap command performs a half-open or "SYN" TCP portscan? - ANSWERS-nmap -n -P0 -v -sS -p1-1024 hostname Which command will perform a DNS zone transfer of the domain "company.com" from the nameserver at 10.0.0.1? - ANSWERS-dig @10.0.0. company.com axfr What is this: 17:57:57.850175 802.1d config 8064.00:0c:85:f1:3f:80. root 8064.00:0b:46:48:29:80 pathcost 19 age 1 max 20 hello 2 fdelay 15 - ANSWERS-A Spanning Tree Protocol broadcast Which of these is not an ICMP message type? - ANSWERS-Host unreachable What version of NFS includes strong security, including strong authentication and encryption? - ANSWERS-version 4

What is a Perl application running under MOD-Perl? - ANSWERS-A Perl application running under the MOD-Perl module. What is a Perl application running as CGI scripts? - ANSWERS-A Perl application running as Common Gateway Interface (CGI) scripts. What is a PHP3 application? - ANSWERS-An application written in PHP version

Which nmap command performs a half-open or "SYN" TCP portscan? - ANSWERS-nmap -n -P0 -v -sS -p1-1024 hostname Which command will perform a DNS zone transfer of the domain "company.com" from the nameserver at 10.0.0.1? - ANSWERS-dig @10.0.0. company.com axfr What is this: 17:57:57.850175 802.1d config 8064.00:0c:85:f1:3f:80. root 8064.00:0b:46:48:29:80 pathcost 19 age 1 max 20 hello 2 fdelay 15 - ANSWERS-A Spanning Tree Protocol broadcast Which of these is not an ICMP message type? - ANSWERS-Host unreachable What version of NFS includes strong security, including strong authentication and encryption? - ANSWERS-version 4 What is a Perl application running under MOD-Perl? - ANSWERS-A Perl application running under the MOD-Perl module. What is a Perl application running as CGI scripts? - ANSWERS-A Perl application running as Common Gateway Interface (CGI) scripts.