Cyber Security Final Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following policies would cover what you should do in case of a data breach?

Sensitive data handling policy

Any attack involving human interaction of some kind is referred to as:

Social engineering

A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?

Specific/measurable/attainable/relevant/timely

Which of the following best describes a non-disclosure agreement?

A common legal contract outlining confidential material that will be shared during the assessment

Which of the following best describes a supply chain?

A company that provides materials to another company to manufacture a product

Which of the following best describes a script kiddie?

A hacker who uses scripts written by much more talented individuals

Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to?

A lawyer should be consulted on which laws to adhere to and both parties agree

Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?

A member of the purple team

Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?

Add the cloud host to the scope of work

During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using?

Avoidance

Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action?

BYOD policy

Which type of penetration test is required to ensure an organization is following federal laws and regulations?

Compliance-based

Which of the following best describes the rules of engagement document?

Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data

Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?

Ethical hacking

Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing?

External (i think)

Which of the following best describes a goal-based penetration test?

Focuses on the end results. The hacker determines the methods

Which of the following is the third step in the ethical hacking methodology?

Gain Access

Which of the following elements is generally considered the weakest link in an organization's security?

Human

During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?

Ignore the records and move on

You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed? (has picture)

Internal

Which of the following is considered a mission-critical application?

Medical database

Which of the following is a common corporate policy that would be reviewed during a penetration test?

Password policy

Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system?

Physical attack

During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?

Reach out to an attorney for legal advice

A client asking for small deviations from the scope of work is called?

Scope Creep

Which of the following best describes social engineering?

The art of deceiving and manipulating others into doing what you want

Which of the following best describes a gray box penetration test?

The ethical hacker has partial information about the target or network

Which of the following is a limitation of relying on regulations?

They rely heavily on password policies

You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off- site location. Which of the following would be the best backup and storage option?

Use incremental backups and store them in a locket fireproof safe

Which type of threat actor only uses skills and knowledge for defensive purposes?

White hat


Conjuntos de estudio relacionados

Employee Safety Course: Rights and Responsibilities

View Set

Lesson 1: Agent Requirements: Getting Started

View Set

Genetics Exam 2 Human Genome Project

View Set