Infosys Certified Cyber Defender
Practice with real exam-pattern questions for Infosys Certified Cyber Defender. Each question includes a detailed explanation to help you understand the concept, not just memorise the answer. Try 10 questions free — no login required.
Full question bank for this exam + 1,357+ others. Cancel anytime.
Join Premium10 Infosys Certified Cyber Defender practice questions with answers
Real Lex exam-pattern multiple-choice questions for the Infosys Certified Cyber Defender certification. Each question includes the correct answer. The full question bank is available to Premium members.
- Question 1
After seeing a password-guessing alert in the SIEM, which of the following actions can be used to “contain” the attack? (Choose TWO)
- ✓
Locking of or resetting user passwords of compromised user accounts
Correct - B
Blocking SSH connections from IP from where the password guessing originated
- C
Blocking outbound port 22 connections from a web server to the Internet (i.e. SRC=Apache Webserver, DST.IP=Any, DST.PORT=22)
- D
Installing file integrity monitoring software on the web server, to detect future tampering of website files
- ✓
- Question 2
Problem Statement: An attacker attacks a known public Apache web server. The attacker gains access to the web server and uploads scripts that send the server’s crucial data to the attacker every minute to maintain access to the server. Finally, the attacker shuts the Apache service at one-minute intervals. Based on the above scenario, answer the following question. The attacker performs a port-scanning operation that targets a web server to gather data about open ports on the system and possibly to identify the service behind these ports. The port scanning operation performed in this scenario is a technique involved in which of the following phases?
- ✓
Reconnaissance
Correct - B
Exploitation
- C
Delivery
- D
Weaponization
- ✓
- Question 3
Following a password guessing alert in the SIEM, which of the following places (log sources/viewers) can be investigated to prove the password guessing was successful? (Choose TWO)
- ✓
Authentication events in Apache Web Server, seen through /var/log/auth.log file inside the Apache Web Server
Correct - B
Authentication events in Apache Web Server, seen through centralized logging (i.e via SIEM/Syslog)
- C
Authentication events in Apache Web Server, seen through /var/log/apache/access.log file inside the Apache Web Server
- D
Access events in Apache Web Server (/var/log/apache/access.log)
- ✓
- Question 4
Which of the following security controls would have helped in preventing the website defacement attack? (Choose TWO)
- ✓
Having a backup of the website directory
Correct - B
Enforcing a strong password policy for all user accounts
- C
Firewall rule to block port 22 access from the Internet to the web server
- D
Disabling the www-data user account
- ✓
- Question 5
Problem Statement: An attacker attacks a known public Apache web server. The attacker gains access to the web server and uploads scripts that send the server’s crucial data to the attacker every minute to maintain access to the server. Finally, the attacker shuts the Apache service at one-minute intervals. Based on the above scenario, answer the following question. Which authentication-based services were running on the web server that the attacker used as a target to gain access?
- ✓
LDAP
Correct - B
SSH
- C
HTTPS
- D
SAML
- ✓
- Question 6
After executing a successful SQL injection attack on the website, which of the services below were stopped by an adversary?
- ✓
Kerberos Key Distribution Center
Correct - B
DNS
- C
DHCP
- D
Inter-site Messaging Service
- ✓
- Question 7
During the investigation, you discover a file named "SERVICES-User055-KlOut.txt" in the user's temporary directory. What does this file likely contain?
- ✓
A list of recently installed applications on the user's machine.
Correct - B
A log of system errors encountered by the user.
- C
Encrypted network traffic captured by the attacker.
- D
The user's browsing history from the past few days.
- E
The user's keystrokes captured by the keylogger process
- ✓
- Question 8
Why did the attacker do SSH protocol fuzzing?
- ✓
To successfully crack users’ passwords who can log in via SSH
Correct - B
To repetitively send a large volume of attack traffic to the server so that the server would crash
- C
To discover SSH service details such as version number
- D
To enable port 22 on the target webserver
- ✓
- Question 9
Which of the following alerts was seen on the SIEM?
- ✓
Website Crawling
Correct - B
Ping Sweep
- C
Malicious file detected
- D
Port Scanning
- ✓
- Question 10
Problem Statement: An attacker attacks a known public Apache web server. The attacker gains access to the web server and uploads scripts that send the server’s crucial data to the attacker every minute to maintain access to the server. Finally, the attacker shuts the Apache service at one-minute intervals. Based on the above scenario, answer the following question. The repetitive behavior of the Apache service stop command indicates that a scheduled task is being used to stop the service in fixed-time intervals. Which task scheduler application is used to control the Apache service?
- ✓
Windows Task Scheduler
Correct - B
At Utility
- C
Cron job
- D
ScheduleMe
- ✓
More in Security
Infosys Certified CyberArk Defender
Infosys Certified Offensive Security Professional
Infosys Certified Associate in Cyber Defense Center
Pay once. Clear every cert this year.
One subscription, full Telegram channel access, every PDF posted during your membership.
- Full access to all 1,357+ certifications
- Monthly updated question banks
- Telegram private channel access
- Cancel anytime
- Everything in Monthly
- Save ₹2,100 vs monthly billing
- Priority answer key requests
- Best for increasing DQ score fast
- Everything in Quarterly
- Lifetime channel access — no renewals
- All future certifications included
- Priority response from admin team
Common questions, straight answers.
A monthly-updated Telegram channel where we post real exam-pattern question banks and detailed answer keys for 1,357+ Infosys Lex certifications. You join once, you get every PDF posted during your membership.
Right after payment on our Graphy page, you'll receive a private invite link to the Telegram channel. Access is instant — usually under 30 seconds.
We compile question banks from the actual Lex test pattern, sourced and verified by 180K+ community members who've recently cleared these exams. Match rate is consistently 85–95%.
Every single month. When Infosys rolls out new versions of certifications, we post updated dumps within 7–10 days. You'll see channel activity weekly.
Clearing certifications is one of the highest-weighted DQ factors. Members typically clear 3–5 certifications in their first 3 months, which moves DQ scores up by a full band.