KeyTrain's Key Training — System Hygiene — free practice exam
20 original practice questions aligned to official exam domains. Run a timed, domain-weighted quiz in your browser — no login required.
Exam domains
| Domain | Weight |
|---|---|
| Patch management | 20% |
| Outdated software | 20% |
| Configuration drift | 20% |
| Update compliance | 20% |
| Unsupported operating systems | 20% |
Sample practice questions
- Browser extensions with broad permissions haven't updated in two years. Risk?
- CIS benchmark scan: SSH PermitRootLogin yes on new cloud VMs. Fix?
- CISA adds a VPN vendor CVE to KEV; your appliance is two versions behind. Priority?
- A critical app requires Java 8 with no vendor roadmap; server sits in the DMZ. Mitigation?
- Critical CVE has exploit in the wild; patch available. Servers are 30 days behind. FIRST priority?
- CSPM reports public SSH open on a prod instance that Terraform should manage privately. Fix?
- AD GPO reports different password policy on one OU. Likely impact?
- Inventory finds Java 8 on 400 endpoints for one legacy app. BEST approach?
- Only 62% of laptops meet the 14-day critical patch SLA. Best program improvement?
- MDM shows 15% iOS devices below minimum OS. Enforcement action?
- Medical devices run embedded OS with no vendor patches. BEST documentation?
- Medical devices run Windows 7 embedded with no vendor patch path. Control?
- Which metric BEST measures update compliance?
- SCADA systems run Windows 7 embedded. Security recommendation?
- Servers miss updates because change freeze lasts six months. Risk acceptance should note?
- Terraform plan shows manual firewall holes on prod not in code. What does this indicate?
- Test environment lacks patches 'because it is not prod.' Risk?
- Vendor ends support for your firewall OS next month. Priority?
- Windows Server 2012 R2 remains for one app. Compensating control?
- WSUS shows 95% compliance but Nessus still flags missing KBs. Likely cause?