The SecOps Group CNSP Exam Practice Test Instant Access

Question 1

Which one of the following services is not a UDP-based protocol?

ASNMP

BNTP

CIKE

DSSH

Answer : D

Protocols are defined by their transport layer usage (TCP or UDP), impacting their security and performance characteristics.

Why D is correct: SSH (Secure Shell) uses TCP (port 22) for reliable, connection-oriented communication, unlike the UDP-based options. CNSP contrasts TCP and UDP protocol security.

Why other options are incorrect:

A: SNMP uses UDP (ports 161, 162) for lightweight network management.

B: NTP uses UDP (port 123) for time synchronization.

C: IKE (IPsec key exchange) uses UDP (ports 500, 4500).

Question 2

What is the response from an open UDP port which is not behind a firewall?

AICMP message showing Port Unreachable

BNo response

CA SYN packet

DA FIN packet

Answer : B

UDP's connectionless nature means it lacks inherent acknowledgment mechanisms, affecting its port response behavior.

Why B is correct: An open UDP port does not respond unless an application explicitly sends a reply. Without a firewall or application response, the sender receives no feedback, per CNSP scanning guidelines.

Why other options are incorrect:

A: ICMP Port Unreachable indicates a closed port, not an open one.

C: SYN packets are TCP-specific, not UDP.

D: FIN packets are also TCP-specific.

Question 3

Which of the following techniques can be used to bypass network segmentation during infrastructure penetration testing?

ADNS tunneling

BVLAN hopping

CCovert channels

DAll of the above

Answer : D

Network segmentation isolates network zones for security, but certain techniques can circumvent these controls, a focus of CNSP penetration testing.

Why D is correct:

A: DNS tunneling encodes data in DNS queries, bypassing segmentation via legitimate DNS traffic.

B: VLAN hopping exploits switch misconfigurations (e.g., double tagging) to access other VLANs.

C: Covert channels use hidden communication paths (e.g., timing channels) to evade segmentation.

All are valid techniques per CNSP for testing segmentation controls.

Why other options are incomplete: A, B, or C alone exclude other viable methods, making D the comprehensive answer.

Question 4

What is the response from a closed TCP port which is not behind a firewall?

AICMP message showing Port Unreachable

BA FIN and an ACK packet

CA RST and an ACK packet

DA SYN and an ACK packet

Answer : C

TCP uses a structured handshake, and its response to a connection attempt on a closed port follows a specific protocol when unobstructed by a firewall.

Why C is correct: A closed TCP port responds with a RST (Reset) and ACK (Acknowledgment) packet to terminate the connection attempt immediately. CNSP highlights this as a key scanning indicator.

Why other options are incorrect:

A: ICMP Port Unreachable is for UDP, not TCP.

B: FIN/ACK is for closing active connections, not rejecting new ones.

D: SYN/ACK indicates an open port during the TCP handshake.

Question 5

Which of the following is not a DDoS attack?

ASYN Flood

BNTP Amplification

CUDP Flood

DBrute Force

Answer : D

DDoS (Distributed Denial of Service) attacks aim to overwhelm a target's resources with excessive traffic, disrupting availability, whereas other attack types target different goals.

Why D is correct: Brute force attacks focus on guessing credentials (e.g., passwords) to gain unauthorized access, not on denying service. CNSP classifies it as an authentication attack, not a DDoS method.

Why other options are incorrect:

A: SYN Flood exhausts TCP connection resources, a classic DDoS attack.

B: NTP Amplification leverages amplified responses to flood targets, a DDoS technique.

C: UDP Flood overwhelms a system with UDP packets, another DDoS method.

Question 6

What kind of files are "Dotfiles" in a Linux-based architecture?

ALibrary files

BDriver files

CSystem files

DHidden files

Answer : D

In Linux, file visibility is determined by naming conventions, impacting how files are listed or accessed in the file system.

Why D is correct: 'Dotfiles' are files or directories with names starting with a dot (e.g., .bashrc), making them hidden by default in directory listings (e.g., ls requires -a to show them). They are commonly used for user configuration, as per CNSP's Linux security overview.

Why other options are incorrect:

A: Library files (e.g., in /lib) aren't inherently hidden.

B: Driver files (e.g., kernel modules in /lib/modules) aren't dotfiles by convention.

C: System files may or may not be hidden; 'dotfiles' specifically denotes hidden status.

Question 7

What is the response from a closed UDP port which is not behind a firewall?

AICMP message showing Destination Unreachable

BA RST packet

CNo response

DNone of the above

Answer : A

UDP is a connectionless protocol, and its behavior when a packet reaches a port depends on whether the port is open or closed. Without a firewall altering the response, the standard protocol applies.

Why A is correct: When a UDP packet is sent to a closed port, the host typically responds with an ICMP Type 3 (Destination Unreachable), Code 3 (Port Unreachable) message, indicating no service is listening. CNSP notes this as a key indicator in port scanning.

Why other options are incorrect:

B: RST packets are TCP-specific, not used in UDP.

C: No response occurs for open UDP ports unless an application replies, not closed ports.

D: A is correct, so 'none of the above' is invalid.

The SecOps Group CNSP Certified Network Security Practitioner Exam Practice Test