NCAE Mapping Hub
Overview Scoreboard Data Roles Exercised Checklists Lessons Skill Drills Practice Terminal Progress

Skill drills

The drill gallery exposes the 150 mapped exam questions from CSCD 240 (Spring 2026, three exam sets). Each question is tagged to DCWF work roles, DCWF tasks, NCAE Knowledge Unit outcomes and topics, lecture modules, labs, CTFd challenges, and where applicable the O*NET tasks and NCAE CyberGames error modes it anticipates. Hover any chip on a drill page to read the mapping justification; click through to the authority record.

Reset Showing 150 drills
CSCD240-E1-A-Q01 trace_multi medium Apply navigation 2 pts
pwd is /home/ssteiner/labs/lab1; home is /home/ssteiner. For each cd, show pwd after. Assume return to starting pwd.
CSCD240-E1-A-Q02 performance easy Apply io 2 pts
Give a single command that does a long listing of the current directory and scrolls the output one page at a time.
CSCD240-E1-A-Q03 performance easy Apply io-redirection 2 pts
Cause executable grader to run with stdout redirected to report.txt. pwd is part of PATH.
CSCD240-E1-A-Q04 short_answer easy Remember permissions 2 pts
Given -rw-r-x--x 2 ssteiner faculty 4096 Apr 14 09:30 notes.sh — what does the - as first symbol mean?
CSCD240-E1-A-Q05 essay easy Understand permissions-anatomy 2 pts
Describe what r, w, x, and - mean and what each group of three symbols means.
CSCD240-E1-A-Q06 short_answer easy Remember permissions 2 pts
First symbol d — what does this mean?
CSCD240-E1-A-Q07 short_answer easy Remember permissions 2 pts
First symbol l — what does this mean?
CSCD240-E1-A-Q08 short_answer easy Remember permissions 2 pts
What does 4096 refer to in the ls -l line?
CSCD240-E1-A-Q09 short_answer easy Remember permissions 2 pts
Who owns this file?
CSCD240-E1-A-Q10 short_answer easy Remember permissions 2 pts
What group does this file belong to?
CSCD240-E1-A-Q11 performance easy Apply permissions-chmod 2 pts
Change permissions of notes.sh: owner rwx, group rx, other none. Use octal.
CSCD240-E1-A-Q12 performance medium Apply permissions-chmod 2 pts
Using only letters, remove write permission from the owner on notes.sh.
CSCD240-E1-A-Q13 performance medium Apply search-find 2 pts
Somewhere in the filesystem there is a file config.ini. Locate it.
CSCD240-E1-A-Q14 performance hard Apply grep-recursive 2 pts
Show the filenames containing "printf" in all .c files in home directory and subdirs.
CSCD240-E1-A-Q15 performance medium Apply env-path 2 pts
Add /opt/tools/bin to PATH for the current shell.
CSCD240-E1-A-Q16 performance easy Apply file-ops 2 pts
Copy report.txt from current dir into subdirectory archive.
CSCD240-E1-A-Q17 performance medium Apply process-listing 2 pts
Display PID and full process info for all processes containing "python".
CSCD240-E1-A-Q18 essay medium Understand process-definition 2 pts
Define what a process is.
CSCD240-E1-A-Q19 essay medium Understand job-vs-process 2 pts
Define what a job is and explain how jobs differ from processes.
CSCD240-E1-A-Q20 performance easy Apply background 2 pts
Execute firefox and allow the shell to be used for other activities.
CSCD240-E1-A-Q21 predict_output medium Apply jobs-output 2 pts
Firefox running in background; nothing else. What does typing jobs print?
CSCD240-E1-A-Q22 trick hard Analyze reading-comprehension 2 pts
3 jobs: 1) firefox 2) gedit 3) code. Bring kate to foreground — give the command.
CSCD240-E1-A-Q23 performance medium Apply signal 2 pts
./daemon &. Terminate the JOB daemon (no other jobs active).
CSCD240-E1-A-Q24 performance medium Apply process-termination 2 pts
./daemon &. Terminate the PROCESS via PID (PID=7291). Show PID discovery AND kill.
CSCD240-E1-A-Q25 performance easy Apply alias 2 pts
Create alias ll for long listing with human-readable file sizes.
CSCD240-E1-A-Q26 performance medium Apply rm-recursive 2 pts
Using absolute path, remove subdirectory scratch under /home/ssteiner. Not in home dir.
CSCD240-E1-A-Q27 performance easy Apply file-ops 2 pts
Remove empty subdirectory tmp under /home/ssteiner. You are in home dir.
CSCD240-E1-A-Q28 performance medium Apply globbing 2 pts
Files: data, data1, data12, data2. Display only data1 and data12 via ls.
CSCD240-E1-A-Q29 performance medium Apply regex 2 pts
contacts.txt has Name<tab>number lines. Print only those whose number ends with 6.
CSCD240-E1-A-Q30 performance medium Apply archive 2 pts
Create gzip-compressed tarball backup.tar.gz of all .txt files in pwd.
CSCD240-E1-A-Q31 essay medium Understand quoting 2 pts
var="Stu Steiner". A) echo "Hello $var" B) echo 'Hello $var'. Explain difference and output.
CSCD240-E1-A-Q32 essay medium Understand help-system 2 pts
Explain man and --help. When to use each?
CSCD240-E1-A-Q33 performance easy Apply sys-id 2 pts
SSH-in; confirm machine name, kernel version, and architecture in one command.
CSCD240-E1-A-Q34 performance medium Apply grep 2 pts
Print lines of access.log containing 403 with their line numbers.
CSCD240-E1-A-Q35 performance medium Apply redir-stderr 2 pts
Send only stderr of "scan /etc/shadow" to errors.log; keep stdout on terminal.
CSCD240-E1-A-Q36 performance medium Apply redir-merge 2 pts
Send BOTH stdout and stderr of build.sh into build.log.
CSCD240-E1-A-Q37 performance medium Apply field-extract 2 pts
data.csv has comma-separated records. Print just the second column.
CSCD240-E1-A-Q38 performance medium Apply pipeline-distinct 2 pts
Count distinct lines in visitors.txt (unsorted input).
CSCD240-E1-A-Q39 essay medium Understand assignment 2 pts
A) FOO=bar B) FOO = bar. Which is valid? One-sentence explanation of the error.
CSCD240-E1-A-Q40 essay hard Analyze evaluation-order 2 pts
sort data.txt > data.txt — what happens to data.txt and why?
CSCD240-E1-A-Q41 essay hard Understand setuid 2 pts
Explain the setuid bit in 1-2 sentences using the term "effective user ID".
CSCD240-E1-A-Q42 performance medium Apply chmod-recursive 2 pts
Recursively change permissions in current dir so group and other have no write permission.
CSCD240-E1-A-Q43 performance easy Apply history-expansion 2 pts
Forgot sudo on previous command. Re-run with sudo prepended without retyping.
CSCD240-E1-A-Q44 short_answer easy Remember history 2 pts
Bash keystroke that begins reverse-incremental history search.
CSCD240-E1-A-Q45 performance medium Apply command-substitution 2 pts
Print "Backup taken on <today>" using $(date +%Y-%m-%d) as the date.
CSCD240-E1-A-Q46 performance easy Apply env 2 pts
Display every environment variable currently defined in your shell.
CSCD240-E1-A-Q47 performance hard Apply priority 2 pts
PID 9142 — reduce priority (increase nice value to +10) without stopping it.
CSCD240-E1-A-Q48 performance easy Apply metadata 2 pts
Show detailed metadata for /etc/passwd: inode, all three timestamps, octal perms.
CSCD240-E1-A-Q49 performance medium Understand type-vs-which 2 pts
Tell if cd is a builtin, alias, function, or external program.
CSCD240-E1-A-Q50 performance hard Apply log-pipeline 2 pts
auth.log line format "2026-04-14 08:31 FAIL user=alex src=10.x". Print top-3 FAIL source IPs, count first, most-frequent first.
CSCD240-E1-B-Q01 trace_multi medium Apply navigation 2 pts
pwd=/home/operator/target/foothold, home=/home/operator. For each cd: cd, cd ../pivot, cd ~/intel, cd ../../.., cd /tmp
CSCD240-E1-B-Q02 performance easy Apply recon 2 pts
Landing on a target; identify host kernel + architecture in one command.
CSCD240-E1-B-Q03 performance easy Remember recon 2 pts
Print your current username.
CSCD240-E1-B-Q04 performance easy Remember recon 2 pts
Print the groups your user belongs to.
CSCD240-E1-B-Q05 short_answer easy Remember permissions 2 pts
First symbol - on /usr/bin/passwd means what?
CSCD240-E1-B-Q06 short_answer medium Remember permissions-special 2 pts
Owner triad shows rws instead of rwx. Name the bit.
CSCD240-E1-B-Q07 essay medium Understand setuid-effect 2 pts
What does the setuid bit cause when the file is executed? Use "effective user ID".
CSCD240-E1-B-Q08 short_answer medium Understand setuid-chain 2 pts
Who owns /usr/bin/passwd in the ls -l line? Why does that matter for setuid?
CSCD240-E1-B-Q09 performance medium Apply octal-special 2 pts
Convert rwsr-xr-x to 4-digit octal including special bits.
CSCD240-E1-B-Q10 performance hard Apply enum-setuid 2 pts
Locate every setuid-root file on the filesystem; suppress permission-denied noise.
CSCD240-E1-B-Q11 performance medium Apply harden 2 pts
Remove setuid bit from /opt/app/runner without changing other permissions.
CSCD240-E1-B-Q12 performance medium Apply ownership 2 pts
Change owner AND group of /opt/app/runner to svc_app:svc_app in ONE command.
CSCD240-E1-B-Q13 performance medium Apply harden 2 pts
Recursively set permissions on ~/secrets/ so only owner has any access.
CSCD240-E1-B-Q14 performance hard Apply enum-misconfig 2 pts
Find every world-writable regular file under /var (common misconfig indicator).
CSCD240-E1-B-Q15 performance medium Apply redir 2 pts
Send only stderr of "scan /etc/shadow" to errors.log; leave stdout on terminal.
CSCD240-E1-B-Q16 performance medium Apply redir 2 pts
Send BOTH stdout and stderr of build.sh to build.log.
CSCD240-E1-B-Q17 essay hard Analyze evaluation-order 2 pts
sort auth.log > auth.log — what happens, one-sentence why?
CSCD240-E1-B-Q18 performance medium Apply log-search 2 pts
Print every line of auth.log containing "Failed password" (case-insensitive), with line numbers.
CSCD240-E1-B-Q19 performance hard Apply log-pipeline 2 pts
Top 5 source IPs in FAIL lines of auth.log, where IP is field 5.
CSCD240-E1-B-Q20 performance hard Apply log-pipeline 2 pts
Count distinct usernames on FAIL lines of auth.log where username is "user=<name>".
CSCD240-E1-B-Q21 performance easy Apply field-extract 2 pts
Print the second column of data.csv (comma-separated).
CSCD240-E1-B-Q22 performance medium Apply regex-alt 2 pts
Print lines of fw.log matching DENY OR DROP (extended regex).
CSCD240-E1-B-Q23 performance medium Apply grep-recursive 2 pts
Recursively search /etc for any file containing "password=" and print only filenames.
CSCD240-E1-B-Q24 essay medium Understand process-def 2 pts
Define process including PID and memory.
CSCD240-E1-B-Q25 essay medium Understand job-vs-process 2 pts
Define job and distinguish from process.
CSCD240-E1-B-Q26 performance easy Apply ps 2 pts
List every process system-wide with PID, PPID, user, and command line.
CSCD240-E1-B-Q27 performance easy Apply process-filter 2 pts
Show every process whose command line contains "cron".
CSCD240-E1-B-Q28 performance hard Apply proc-forensics 2 pts
Suspect PID 31337 is a reverse shell. Print its full command line and working directory.
CSCD240-E1-B-Q29 predict_output medium Apply jobs-output 2 pts
./beacon &. What exact line does jobs print?
CSCD240-E1-B-Q30 trick hard Analyze trick 2 pts
Jobs: 1) beacon 2) tunnel 3) listener. Bring exfil to foreground.
CSCD240-E1-B-Q31 performance easy Apply signals 2 pts
Process 31337 refuses SIGTERM. Terminate unconditionally.
CSCD240-E1-B-Q32 performance medium Apply signals 2 pts
Send SIGHUP to PID 4112 to reload daemon config.
CSCD240-E1-B-Q33 performance easy Apply forensics-stat 2 pts
Print all metadata for /etc/passwd: inode, perms in octal, all three timestamps.
CSCD240-E1-B-Q34 performance easy Apply forensics-file 2 pts
Identify the data type of sample.bin (ELF, ASCII, gzip, etc).
CSCD240-E1-B-Q35 performance medium Apply forensics-time 2 pts
Print last-modification time of /var/log/syslog in machine-readable (seconds-epoch or ISO) format.
CSCD240-E1-B-Q36 performance medium Apply forensics-timeline 2 pts
List the 5 most recently modified files in /tmp (newest first).
CSCD240-E1-B-Q37 performance hard Apply forensics-hex 2 pts
Print a hex + ASCII side-by-side dump of the first 256 bytes of sample.bin.
CSCD240-E1-B-Q38 performance medium Apply forensics-strings 2 pts
List every printable ASCII string length≥8 inside sample.bin.
CSCD240-E1-B-Q39 essay medium Understand quoting 2 pts
var="Red Team". A) echo "Go $var" B) echo 'Go $var'. Output + explain difference.
CSCD240-E1-B-Q40 essay medium Understand assignment 2 pts
A) FOO=bar B) FOO = bar. Which valid; explain error.
CSCD240-E1-B-Q41 performance medium Apply command-subst 2 pts
Print "Backup taken on <today>" using $(date +%F).
CSCD240-E1-B-Q42 performance medium Apply env-path 2 pts
Append /opt/tools/bin to PATH for current shell.
CSCD240-E1-B-Q43 performance easy Apply shell-config 2 pts
Reload ~/.bashrc without opening a new terminal.
CSCD240-E1-B-Q44 performance easy Apply alias 2 pts
Alias lsm = ls -lah --sort=time.
CSCD240-E1-B-Q45 essay medium Understand help-system 2 pts
Contrast man vs --help. When to use each.
CSCD240-E1-B-Q46 performance medium Apply type 2 pts
Show whether cd is a builtin / alias / function / external.
CSCD240-E1-B-Q47 performance easy Apply history 2 pts
Re-run the previous command with sudo prepended without retyping.
CSCD240-E1-B-Q48 short_answer easy Remember history 2 pts
Bash keystroke to begin reverse-incremental history search.
CSCD240-E1-B-Q49 performance medium Apply history-hygiene 2 pts
Delete the in-memory command history for the current shell.
CSCD240-E1-B-Q50 performance medium Apply archive-evidence 2 pts
Create gzip-compressed tarball evidence.tar.gz of every .log in /var/log/.
CSCD240-E1-C-Q01 multiple_choice easy Remember forensics 2 pts
Which command returns inode, permission bits, size, and all three timestamps of a file?
CSCD240-E1-C-Q02 multiple_choice medium Apply umask 2 pts
After umask 027, a newly-created regular file gets which octal?
CSCD240-E1-C-Q03 multiple_choice easy Remember ps 2 pts
Which command lists every process system-wide in BSD-style output with full command line?
CSCD240-E1-C-Q04 multiple_choice hard Understand setuid 2 pts
A -rwsr-xr-x file owned by root. Execution causes what?
CSCD240-E1-C-Q05 multiple_choice easy Remember redir 2 pts
Which redirection sends only stderr of a command to a file err.log?
CSCD240-E1-C-Q06 multiple_choice easy Remember cmd-subst 2 pts
Recommended modern syntax for command substitution?
CSCD240-E1-C-Q07 multiple_choice easy Remember permissions 2 pts
First character of ls -l that identifies a symbolic link?
CSCD240-E1-C-Q08 multiple_choice medium Remember signals 2 pts
Which signal cannot be caught, blocked, or ignored?
CSCD240-E1-C-Q09 multiple_choice easy Remember quoting 2 pts
NAME=ops. echo '$NAME' prints what?
CSCD240-E1-C-Q10 multiple_choice medium Remember discovery 2 pts
Which command shows whether cd is a builtin, alias, function, or external?
CSCD240-E1-C-Q11 multiple_choice medium Remember log-follow 2 pts
A log file is continuously updated. Which command shows new lines as written?
CSCD240-E1-C-Q12 multiple_choice hard Apply glob 2 pts
Which glob matches filenames starting with "log" and ending with any digit?
CSCD240-E1-C-Q13 multiple_choice medium Apply enum-misconfig 2 pts
Find every regular file under /var that is world-writable?
CSCD240-E1-C-Q14 multiple_choice easy Remember shell-config 2 pts
Reload ~/.bashrc in current shell without opening new terminal?
CSCD240-E1-C-Q15 multiple_choice medium Apply pipeline-distinct 2 pts
Which pipeline counts distinct values in column 1 of a CSV?
CSCD240-E1-C-Q16 multiple_choice hard Remember permissions-special 2 pts
What does the sticky bit on a directory do?
CSCD240-E1-C-Q17 multiple_choice easy Apply find 2 pts
Which command searches the filesystem for a file by name, suppressing permission-denied errors?
CSCD240-E1-C-Q18 multiple_choice medium Remember octal-special 2 pts
chmod 4755 /opt/app/runner — which bit was set?
CSCD240-E1-C-Q19 multiple_choice medium Remember forensics-strings 2 pts
Which command lists printable ASCII strings of length ≥8 inside binary.bin?
CSCD240-E1-C-Q20 multiple_choice easy Remember env 2 pts
Which single command displays the current value of PATH?
CSCD240-E1-C-Q21 multiple_choice medium Apply forensics-time 2 pts
Which find predicate matches files modified within the last 24 hours?
CSCD240-E1-C-Q22 performance easy Apply chmod-octal 2 pts
Set /opt/svc/agent to owner rwx, group rx, other none using octal.
CSCD240-E1-C-Q23 performance medium Apply harden 2 pts
Remove the setuid bit from /opt/svc/agent using symbolic form, leaving other perms.
CSCD240-E1-C-Q24 performance medium Apply harden 2 pts
Recursively change perms under ~/secrets so group and other have no access.
CSCD240-E1-C-Q25 performance medium Apply grep 2 pts
Print every line of auth.log containing "Failed password" (case-insensitive) with line numbers.
CSCD240-E1-C-Q26 performance hard Apply log-pipeline 2 pts
Top 5 source IPs appearing on FAIL lines of auth.log (IP = field 5).
CSCD240-E1-C-Q27 performance hard Apply log-pipeline 2 pts
List unique usernames appearing on FAIL lines of auth.log (user=<name>).
CSCD240-E1-C-Q28 performance medium Apply proc 2 pts
Show full command line of PID 4523 by reading from /proc.
CSCD240-E1-C-Q29 performance easy Apply signals 2 pts
Send SIGHUP (signal 1) to PID 7120 so the daemon reloads config.
CSCD240-E1-C-Q30 performance medium Apply forensics-timeline 2 pts
List 10 most-recently modified files in /var/log/ (newest first).
CSCD240-E1-C-Q31 performance medium Apply archive 2 pts
Create gzipped tarball ir-evidence.tar.gz of every .log in /var/log/.
CSCD240-E1-C-Q32 performance medium Apply env-path 2 pts
Append /opt/ir/bin to PATH for current shell only.
CSCD240-E1-C-Q33 performance hard Apply forensics-hex 2 pts
Hex + ASCII side-by-side dump of first 128 bytes of sample.bin.
CSCD240-E1-C-Q34 performance easy Apply alias 2 pts
Define alias mvi for mv -i (interactive prompt).
CSCD240-E1-C-Q35 performance easy Apply archive-extract 2 pts
Extract the archive case-123.tar.gz into the current directory.
CSCD240-E1-C-Q36 performance medium Apply forensics-time 2 pts
Print ISO-8601 modification time of /etc/passwd.
CSCD240-E1-C-Q37 performance easy Apply ps 2 pts
Show all processes owned by user apache, system-wide.
CSCD240-E1-C-Q38 performance easy Apply shell-compound 2 pts
Write the separator so both commands run regardless of success, then example date and hostname.
CSCD240-E1-C-Q39 performance medium Apply redir-merge 2 pts
Send BOTH stdout and stderr of make into merged.log (full example).
CSCD240-E1-C-Q40 scenario hard Analyze evaluation-order 2 pts
sort /var/log/audit.log > /var/log/audit.log — state and why.
CSCD240-E1-C-Q41 scenario hard Analyze threat-reasoning 2 pts
-rwsrwxrwx root root .xhelper in /tmp. Why alarming?
CSCD240-E1-C-Q42 scenario hard Analyze chmod-recursive-trap 2 pts
chmod -R 644 /etc/ssh — what broke and why?
CSCD240-E1-C-Q43 scenario hard Analyze incident-response 2 pts
PID 2211 spawns thousands of sh processes/min. Steps to stop without killing vital processes.
CSCD240-E1-C-Q44 scenario medium Analyze debug-pipeline 2 pts
cat access.log | grep admin | wc -l returns 0 when log has admin hits. Two reasons?
CSCD240-E1-C-Q45 scenario hard Analyze integrity 2 pts
Verify /opt/ids/analyze has not been silently replaced — which find predicate and which file-metadata command (no crypto)?
CSCD240-E1-C-Q46 scenario hard Analyze malicious-alias 2 pts
.bashrc contains alias ls='rm -rf'. Consequence if planted and user opens a new shell?
CSCD240-E1-C-Q47 scenario medium Understand ssh-perms 2 pts
-rw------- on .ssh and drwx------ on .config — which is typical for an SSH private key and why?
CSCD240-E1-C-Q48 scenario easy Apply bash-syntax 2 pts
ENV_VAR = "production" produced "ENV_VAR: command not found". Error + correction.
CSCD240-E1-C-Q49 scenario easy Apply safety 2 pts
About to run rm -rf ~/workspace/*. Preflight command to see what would match?
CSCD240-E1-C-Q50 scenario hard Analyze ir-process 2 pts
IR runbook: capture terminal session output of every IR command. Name the command and why it matters for chain of custody.