Defensive cybersecurity technologies — Quiz

Defensive cybersecurity technologies

1. A systems administrator is setting up a firewall for a small office and needs a solution with a user-friendly web interface, built-in VPN support, and regular security updates. Which open-source tool best fits these requirements? (Choose one answer) a) UFW (Uncomplicated Firewall) b) iptables c) OPENsense d) OPNsense

2. When comparing Suricata and Zeek (Bro), what is a primary differentiator in their functionality? (Choose one answer) a) Suricata is host-based, while Zeek is network-based b) Suricata focuses on real-time intrusion prevention, while Zeek specializes in generating structured logs for forensic analysis c) Suricata focuses on real-time intrusion prevention, while Zeek specializes in generating detailed logs for forensic analysis d) Zeek can actively block threats, while Suricata cannot

3. A security analyst needs to perform a deep, protocol-level inspection of live network traffic with the ability to decrypt TLS sessions. Which tool is the most suitable for this task? (Choose one answer) a) tcpdump b) Wireshark c) Snort d) Fail2Ban

4. Which open-source tool provides a comprehensive all-in-one platform that combines HIDS, SIEM, and compliance monitoring features, often integrated with the Elastic Stack? (Choose one answer) a) TheHive b) OSSEC c) Wazuh d) Velociraptor

5. What is the key operational difference between a Web Application Firewall (WAF) and a packet-filtering firewall like iptables or PF? (Choose one answer) a) WAFs are always host-based, while packet-filtering firewalls are always network-based b) Packet-filtering firewalls are easier to configure than WAFs c) WAFs operate at the network layer (L3), while packet-filtering firewalls operate at the application layer (L7) d) WAFs operate at the application layer (L7) to protect web apps, while packet-filtering firewalls operate primarily at the network and transport layers (L3/L4)