All Practice Exams
100+ Free HTB CJCA Practice Questions
HTB Certified Junior Cybersecurity Associate practice questions are available now; exam metadata is being verified.
✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0
What is the key difference between symmetric and asymmetric encryption?
A
B
C
D
to track
Same family resources
Explore More Hack The Box Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
2026 Statistics
Key Facts: HTB CJCA Exam
5 days
Practical Exam Window
Hack The Box
100%
Practical (No MCQ Component)
Hack The Box
20 modules
Junior Cybersecurity Analyst Path Length
HTB Academy
50%
Tier 0 Modules Available Free
HTB Academy
~$490/yr
Silver Annual Subscription (includes voucher)
Hack The Box
6 domains
Exam Coverage Areas
HTB CJCA Curriculum
The HTB CJCA is Hack The Box's beginner-friendly hybrid certification (offensive + defensive) mapped to the 20-module Junior Cybersecurity Analyst job-role path. The practical 5-day exam involves compromising machines and analyzing security logs/alerts. Half the preparatory modules are free on HTB Academy. The Silver Annual subscription (~$490/year) includes one exam voucher. This practice bank covers all six domains: Linux/Windows fundamentals, networking/Wireshark, Elastic SIEM/KQL, security monitoring/event logs, intro pentesting, and incident handling.
Sample HTB CJCA Practice Questions
Try these sample questions to test your HTB CJCA exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.
1Which layer of the OSI model is responsible for logical addressing and routing packets between networks?
A.Data Link layer
B.Transport layer
C.Network layer
D.Session layer
Explanation: The Network layer (Layer 3) handles logical addressing (IP addresses) and routes packets across different networks. Routers operate at this layer, using routing tables to determine the best path for packet delivery. The Data Link layer handles physical MAC addressing within the same network segment.
2A Linux file has permissions `-rwxr-x---`. Which group of users can execute this file?
A.Only the file owner
B.The file owner and group members
C.The file owner, group members, and others
D.Anyone on the system
Explanation: The permission string `-rwxr-x---` breaks down as: owner (rwx = read/write/execute), group (r-x = read/execute), others (--- = no permissions). Both the owner and group members have the execute bit set, so both can execute the file. Others have no permissions at all.
3Which TCP flag combination is used during the TCP three-way handshake to initiate a connection?
A.SYN, SYN-ACK, ACK
B.SYN, ACK, FIN
C.RST, SYN, ACK
D.PSH, URG, ACK
Explanation: A TCP three-way handshake consists of: (1) Client sends SYN to request a connection, (2) Server responds with SYN-ACK acknowledging the request and synchronizing its own sequence number, (3) Client sends ACK to complete the connection. This establishes a reliable, bidirectional connection before data transfer begins.
4In Wireshark, which display filter would show only HTTP traffic on port 80?
A.port == 80
B.ip.port == 80
C.http.port == 80
D.tcp.port == 80
Explanation: In Wireshark display filters, `tcp.port == 80` correctly filters packets where either the source or destination TCP port is 80. This captures HTTP traffic. Wireshark does not use the bare `port` syntax (that is a capture filter syntax), and `http.port` and `ip.port` are not valid Wireshark display filter fields.
5What does the CIA triad stand for in information security?
A.Confidentiality, Integrity, Availability
B.Control, Integrity, Authentication
C.Compliance, Identity, Authorization
D.Confidentiality, Identification, Access
Explanation: The CIA triad — Confidentiality, Integrity, and Availability — is the core model for information security policy. Confidentiality ensures data is accessible only to authorized parties. Integrity ensures data is accurate and unmodified. Availability ensures systems and data are accessible when needed by authorized users.
6Which Linux command displays the current user's id and group memberships?
A.whoami
B.passwd
C.groups
D.id
Explanation: The `id` command displays the current user's UID (user ID), GID (primary group ID), and all supplementary group memberships. For example: `uid=1000(john) gid=1000(john) groups=1000(john),27(sudo)`. This is useful for privilege escalation enumeration. `whoami` only shows the username without IDs.
7What is the primary purpose of a SIEM (Security Information and Event Management) system?
A.To aggregate, correlate, and analyze security log data from multiple sources
B.To block network intrusions in real time using signature matching
C.To perform vulnerability scanning on network endpoints
D.To encrypt sensitive data at rest and in transit
Explanation: A SIEM aggregates log data from across an organization (firewalls, endpoints, servers, applications), normalizes it, and correlates events to detect security incidents. It provides centralized visibility, alerting, and reporting. SIEMs are the backbone of SOC operations. Real-time blocking is done by IPS/firewalls, not SIEMs.
8In Windows, which Event ID indicates a successful logon?
A.4624
B.4625
C.4648
D.4720
Explanation: Windows Security Event ID 4624 records a successful account logon. This is one of the most fundamental events for SOC analysts monitoring authentication. Event ID 4625 is a failed logon. Monitoring both together helps detect brute-force attacks: repeated 4625 events followed by a 4624 indicate a successful brute force.
9Which nmap flag is used to perform a SYN (stealth) scan?
A.-sT
B.-sU
C.-sS
D.-sV
Explanation: The `-sS` flag performs a TCP SYN (half-open) scan. Nmap sends a SYN packet and waits for a response without completing the three-way handshake. Open ports respond with SYN-ACK; closed ports respond with RST. Because the connection is never fully established, it is less likely to be logged by some older applications and is faster than a full connect scan.
10What does the Elastic KQL query `event.category: "network" AND destination.port: 443` return?
A.Network events destined for port 443
B.All events where the source port is 443
C.All HTTPS certificate validation events
D.Events from the network category on any port except 443
Explanation: Kibana Query Language (KQL) uses `field: value` syntax with boolean operators. This query combines two conditions with AND: `event.category: "network"` (network-category events) AND `destination.port: 443` (destination port is 443). The result is network events going to port 443, typically HTTPS traffic. KQL searches are case-insensitive for field values.
About the HTB CJCA Practice Questions
Verified exam format metadata for HTB Certified Junior Cybersecurity Associate is pending. The practice questions above remain available while official exam length, timing, passing score, fee, and administrator details are reviewed.