CNX-001 Free Practice Test

A network security administrator needs to set up a solution to: Gather all data from log files in a single location.
Correlate the data to generate alerts.
Which of the following should the administrator implement?

1. A. Syslog
2. B. Event log monitoring
3. C. Log management
4. D. SIEM

Correct Answer: D
A Security Information and Event Management system centralizes log collection from disparate sources and applies correlation rules to generate actionable alerts.

Security policy states that all inbound traffic to the environment needs to be restricted, but all external outbound traffic is allowed within the hybrid cloud environment. A new application server was recently set up in the cloud. Which of the following would most likely need to be configured so that the server has the appropriate access set up? (Choose two.)

1. A. Application gateway
2. B. IPS
3. C. Port security
4. D. Firewall
5. E. Network security group
6. F. Screened subnet

Correct Answer: DE
A perimeter firewall enforces the organization??s ??deny inbound by default, allow all outbound?? policy at the edge of the cloud environment, while an Azure-style NSG applies the same rule set at the VM/subnet level. Together they ensure no inbound connections slip through and that outbound traffic remains unrestricted.

An organization with an on-premises data center is adopting additional cloud-based solutions. The organization wants to keep communication secure between remote employees' devices and workloads. Which of the following ZTA featuresbestachieves this goal?

1. A. Secure service edge
2. B. Cloud access security broker
3. C. Principle of least privilege
4. D. Identity as the perimeter

Correct Answer: D
Shifting to ??identity as the perimeter?? means that each remote user and device??s identity (and context) becomes the basis for granting secure, encrypted access directly to workloads, regardless of the underlying network, ensuring communications are authenticated and authorized per-session.

An administrator logged in to a cloud account on a shared machine but forgot to log out after the session ended. Which of the following types of security threats does this action pose?

1. A. IP spoofing
2. B. Zero-day
3. C. On-path attack
4. D. Privilege escalation

Correct Answer: C
By leaving an active session open on a shared machine, an attacker with access to that machine can intercept or hijack the administrator??s session tokens or credentials - classic on-path behavior - allowing them to impersonate the admin without needing elevated exploits.

A network security engineer must secure a web application running on virtual machines in a public cloud. The virtual machines are behind an application load balancer. Which of the following technologies should the engineer use to secure the virtual machines? (Choose two.)

1. A. CDN
2. B. DLP
3. C. IDS
4. D. WAF
5. E. SIEM
6. F. NSG

Correct Answer: DF
WAF: Protects the web application by inspecting incoming HTTP/HTTPS requests at the load balancer, blocking SQL injection, XSS, and other common web attacks.
NSG: Enforces network-layer controls on the VMs?? subnets or interfaces, allowing only approved ports and IP ranges to reach the application servers.