SECURITY BLUE TEAM LEVEL 1 EXAM
QUESTIONS AND CORRECT ANSWERS
(VERIFIED ANSWERS) PLUS RATIONALES
2026 Q&A | INSTANT DOWNLOAD PDF
1.
Question:
Which Windows Event ID indicates a failed logon attempt?
A. 4624
B. 4625
C. 4688
D. 4634
Answer: B. 4625
Rationale: Event ID 4625 specifically logs failed login attempts, useful for detecting brute-force
attacks.
2.
Question:
What is the main purpose of a SIEM system?
A. Blocking malware
B. Collecting and analyzing logs
C. Encrypting data
D. Managing firewalls
Answer: B. Collecting and analyzing logs
Rationale: SIEM systems centralize log collection and enable analysis for threat detection.
3.
Question:
Which protocol uses port 443 by default?
,A. HTTP
B. FTP
C. HTTPS
D. SSH
Answer: C. HTTPS
Rationale: HTTPS operates over port 443 and provides encrypted web communication.
4.
Question:
What type of attack involves overwhelming a system with traffic?
A. Phishing
B. SQL Injection
C. DDoS
D. Man-in-the-Middle
Answer: C. DDoS
Rationale: Distributed Denial of Service attacks flood systems to make them unavailable.
5.
Question:
Which tool is commonly used for packet analysis?
A. Splunk
B. Wireshark
C. Metasploit
D. Nessus
Answer: B. Wireshark
Rationale: Wireshark captures and analyzes network packets in real time.
6.
Question:
What is the function of a firewall?
,A. Store logs
B. Filter network traffic
C. Detect malware signatures
D. Encrypt emails
Answer: B. Filter network traffic
Rationale: Firewalls control incoming and outgoing traffic based on rules.
7.
Question:
Which phase of incident response involves identifying the threat?
A. Recovery
B. Detection
C. Eradication
D. Lessons Learned
Answer: B. Detection
Rationale: Detection is when a potential incident is discovered and analyzed.
8.
Question:
Which command is used to view active network connections in Windows?
A. ipconfig
B. netstat
C. ping
D. tracert
Answer: B. netstat
Rationale: Netstat displays active connections and listening ports.
9.
Question:
What is an example of social engineering?
, A. Brute-force attack
B. Phishing email
C. Port scanning
D. Malware injection
Answer: B. Phishing email
Rationale: Phishing manipulates users into revealing sensitive information.
10.
Question:
Which file contains hashed passwords in Linux?
A. /etc/passwd
B. /etc/shadow
C. /var/log/auth.log
D. /home/user
Answer: B. /etc/shadow
Rationale: Password hashes are stored securely in /etc/shadow.
11.
Question:
What does the principle of least privilege mean?
A. Users have full access
B. Users get minimum necessary access
C. Only admins can log in
D. No restrictions apply
Answer: B. Users get minimum necessary access
Rationale: This reduces risk by limiting access rights.
12.
Question:
Which type of malware spreads without user interaction?
QUESTIONS AND CORRECT ANSWERS
(VERIFIED ANSWERS) PLUS RATIONALES
2026 Q&A | INSTANT DOWNLOAD PDF
1.
Question:
Which Windows Event ID indicates a failed logon attempt?
A. 4624
B. 4625
C. 4688
D. 4634
Answer: B. 4625
Rationale: Event ID 4625 specifically logs failed login attempts, useful for detecting brute-force
attacks.
2.
Question:
What is the main purpose of a SIEM system?
A. Blocking malware
B. Collecting and analyzing logs
C. Encrypting data
D. Managing firewalls
Answer: B. Collecting and analyzing logs
Rationale: SIEM systems centralize log collection and enable analysis for threat detection.
3.
Question:
Which protocol uses port 443 by default?
,A. HTTP
B. FTP
C. HTTPS
D. SSH
Answer: C. HTTPS
Rationale: HTTPS operates over port 443 and provides encrypted web communication.
4.
Question:
What type of attack involves overwhelming a system with traffic?
A. Phishing
B. SQL Injection
C. DDoS
D. Man-in-the-Middle
Answer: C. DDoS
Rationale: Distributed Denial of Service attacks flood systems to make them unavailable.
5.
Question:
Which tool is commonly used for packet analysis?
A. Splunk
B. Wireshark
C. Metasploit
D. Nessus
Answer: B. Wireshark
Rationale: Wireshark captures and analyzes network packets in real time.
6.
Question:
What is the function of a firewall?
,A. Store logs
B. Filter network traffic
C. Detect malware signatures
D. Encrypt emails
Answer: B. Filter network traffic
Rationale: Firewalls control incoming and outgoing traffic based on rules.
7.
Question:
Which phase of incident response involves identifying the threat?
A. Recovery
B. Detection
C. Eradication
D. Lessons Learned
Answer: B. Detection
Rationale: Detection is when a potential incident is discovered and analyzed.
8.
Question:
Which command is used to view active network connections in Windows?
A. ipconfig
B. netstat
C. ping
D. tracert
Answer: B. netstat
Rationale: Netstat displays active connections and listening ports.
9.
Question:
What is an example of social engineering?
, A. Brute-force attack
B. Phishing email
C. Port scanning
D. Malware injection
Answer: B. Phishing email
Rationale: Phishing manipulates users into revealing sensitive information.
10.
Question:
Which file contains hashed passwords in Linux?
A. /etc/passwd
B. /etc/shadow
C. /var/log/auth.log
D. /home/user
Answer: B. /etc/shadow
Rationale: Password hashes are stored securely in /etc/shadow.
11.
Question:
What does the principle of least privilege mean?
A. Users have full access
B. Users get minimum necessary access
C. Only admins can log in
D. No restrictions apply
Answer: B. Users get minimum necessary access
Rationale: This reduces risk by limiting access rights.
12.
Question:
Which type of malware spreads without user interaction?
