final exam
219. Which of the following is a deception instrument? a. WAF b. Sinkhole c. Forward proxy d. Reverse proxy
b. Sinkhole
1. Which of the following is the most versatile cloud model? a. IaaS b. PaaS c. SaaS d. XaaS
IaaS
119. Which of the following is a major objective of packet analysis? a. Assess and secure networks b. Ensure physical security c. Calculate employee work hours d. Estimate network cost
a. Assess and secure networks
222. In a security review meeting, you proposed a demilitarized zone for one of your company's data centers. You were then asked to explain the objective of having a DMZ in the data centers. Which of the following should be your answer? a. A DMZ will separate the secure facilities from unknown and potentially hostile outsiders. b. A DMZ will allow employees to relax between working hours and be more vigilant while working. c. A DMZ will open up a discussion about enterprise strategies to a broader employee base. d. A DMZ will monitor network traffic so that the cybersecurity team can focus on other threats.
a. A DMZ will separate the secure facilities from unknown and potentially hostile outsiders.
163. What is a Type I hypervisor? a. A hypervisor that runs directly on computer hardware b. A hypervisor that runs on host operating system c. A hypervisor that uses binary files for virtualization d. A hypervisor that runs on security devices
a. A hypervisor that runs directly on computer hardware
276. Which of the following best describes an acceptable use policy? a. A policy that defines the actions users may perform while accessing systems and networking equipment b. A policy that allows only the minimum number of privileges necessary to perform a job or function should be allocated c. A policy that defines the tasks associated with hiring a new employee d. A policy that addresses assigning labels based on the use and importance of information
a. A policy that defines the actions users may perform while accessing systems and networking equipment
262. Which of the following can be used to mitigate a limitation of public sharing centers in OSINT? a. AIS b. KRI c. HTTPS d. TTP
a. AIS
293. Which of the following helps achieve data privacy in an enterprise network? a. Access control schemes b. Digital forensics c. Cloud Forensics d. Cyber Kill Chain
a. Access control schemes
30. Suzanne is a cybersecurity expert. She was approached by Alex with a complaint that his payment information has leaked even though he has not made any online payments or shared information with anyone. Suzanne concluded that attackers most likely bumped a portable reader against Alex's smartphone to make an NFC connection and steal the payment information stored on the phone.What should Suzanne suggest to Alex to prevent this type of attack from happening in the future? a. Alex should always turn the NFC off while he's in a crowded area. b. Alex should remain aware of the people around him while making NFC payments. c. Alex should configure his device pairing so one device can only send and the other onlyreceive. d. Alex should protect his smartphone with a unique password or strong PIN.
a. Alex should always turn the NFC off while he's in a crowded area.
51. Suzanne is a cybersecurity expert. She was approached by Alex with a complaint that his payment information has leaked even though he has not made any online payments or shared information with anyone. Suzanne concluded that attackers most likely bumped a portable reader against Alex's smartphone to make an NFC connection and steal the payment information stored on the phone.What should Suzanne suggest to Alex to prevent this type of attack from happening in the future? a. Alex should always turn the NFC off while he's in a crowded area. b. Alex should remain aware of the people around him while making NFC payments. c. Alex should configure his device pairing so one device can only send and the other onlyreceive. d. Alex should protect his smartphone with a unique password or strong PIN.
a. Alex should always turn the NFC off while he's in a crowded area.
183. Which of the following can protect a password digest from attackers? a. Argon2 b. Keystroke dynamics c. Secure key d. Password vault
a. Argon2
10. What is the primary goal of penetration testing? a. Attempt to uncover deep vulnerabilities and then manually exploit them b. Scan a network for open FTP ports c. Perform SYN DOS attack towards a server in a network d. Attempt to perform an automated scan to discover vulnerabilities
a. Attempt to uncover deep vulnerabilities and then manually exploit them
158. What is the primary goal of penetration testing? a. Attempt to uncover deep vulnerabilities and then manually exploit them b. Scan a network for open FTP ports c. Perform SYN DOS attack towards a server in a network d. Attempt to perform an automated scan to discover vulnerabilities
a. Attempt to uncover deep vulnerabilities and then manually exploit them
189. You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don't.Which of the following access control schemes should you choose? a. Attribute-based access control b. Rule-based access control c. Role-based access control d. Mandatory access control
a. Attribute-based access control
76. In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources.Which of the following should you suggest? a. Attribute-based access control b. Rule-based access control c. Role-based access control d. Mandatory access control
a. Attribute-based access control
22. Jane, an IT security expert whose services are sought by XYZ Company, has recommended implementing CTR mode in the network. What is one requirement that needs to be fulfilled for computers to communicate when the CTR mode is implemented? a. Both sender and receiver should have access to a counter. b. Sender should have access to a counter. c. Receiver should have access to a counter. d. Neither sender nor receiver need access to a counter.
a. Both sender and receiver should have access to a counter.
297. Which threat actors sell their knowledge to other attackers or governments? a. Brokers b. Cyberterrorists c. Competitors d. Criminal syndicates
a. Brokers
39. Which of the following is an example of a request forgery malware? a. CSRF b. DLL injection c. Ransomware d. SQL injection
a. CSRF
159. Which of the following is a combination of encryption, authentication, and MAC algorithms, like a collection of instructions on securing a network? a. Cipher suite b. TLS c. Stream cipher d. SSH
a. Cipher suite
80. Which of the following is a combination of encryption, authentication, and MAC algorithms, like a collection of instructions on securing a network? a. Cipher suite b. TLS c. Stream cipher d. SSH
a. Cipher suite
41. Wireless data networks are particularly susceptible to which type of attack? a. Ciphertext attack b. Downgrade attack c. Collision attack d. Birthday attack
a. Ciphertext attack
109. Which of the following protects SNMP-managed devices from unauthorized access? a. Community string b. Resource records c. X.500 d. X.500 lite
a. Community string
205. Blockchain relies on which cryptographic algorithm to make it computationally infeasible to try to replace a block or insert a new block of information without the approval of all entities involved? a. Cryptographic hash algorithms b. Symmetric cryptographic algorithms c. RSA algorithm d. Asymmetric cryptographic algorithms
a. Cryptographic hash algorithms
218. Which control discourages security violations before their occurrence? a. Deterrent control b. Preventive control c. Corrective control d. Compensating control
a. Deterrent control
290. Which of the following can be achieved using availability zones in cloud computing? a. Fault tolerance b. Less redundancy c. More visibility d. Lower cost
a. Fault tolerance
167. Which mobile device location-based policy is used to identify geographical location by analyzing media files? a. Geo-tagging b. Geolocation c. Geofencing d. Impossible travel
a. Geo-tagging
195. Which mobile device location-based policy is used to identify geographical location by analyzing media files? a. Geo-tagging b. Geolocation c. Geofencing d. Impossible travel
a. Geo-tagging
224. Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs.Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols? a. Hacktivist b. Insider c. State actor d. Script kiddy
a. Hacktivist
291. Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs.Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols? a. Hacktivist b. Insider c. State actor d. Script kiddy
a. Hacktivist
165. Which of the following is considered an industry-specific cybersecurity regulation? a. Health Insurance Portability and Accountability Act of 1996 (HIPAA) b. Sarbanes-Oxley Act of 2002 (SOX) c. Personal Information Protection and Electronic Documents Act (PIPEDA) d. Gramm-Leach-Bliley Act (GLB)
a. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
82. Which of the following is the most versatile cloud model? a. IaaS b. PaaS c. SaaS d. XaaS
a. IaaS
289. What is a variation of a common social engineering attack targeting a specific user? a. Spear phishing b. Redirection c. Spam d. Watering holes
a. Spear phishing
166. Which of the following contains the field that indicates the function of the packet and an identifier field used to match requests and responses and the type of data being transported along with the data itself? a. TKIP b. EAP c. CCMP d. DHCP
a. TKIP
104. You are working as a cloud administrator, and are asked to migrate a virtual machine to a more capable physical machine, as the demand for the service hosted on the VM increased past its limit. As your enterprise still uses conventional switches, migration took time and resulted in customer dissatisfaction. How should you mitigate this issue in the future? a. Implement a software-defined network b. Implement software-defined visibility c. Create containers in the virtual machine d. Use virtual desktop infrastructure
a. Implement a software-defined network
255. You are working as a cloud administrator, and are asked to migrate a virtual machine to a more capable physical machine, as the demand for the service hosted on the VM increased past its limit. As your enterprise still uses conventional switches, migration took time and resulted in customer dissatisfaction. How should you mitigate this issue in the future? a. Implement a software-defined network b. Implement software-defined visibility c. Create containers in the virtual machine d. Use virtual desktop infrastructure
a. Implement a software-defined network
202. Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform? a. Jurisdictional applicability b. High legal expenses c. Time elapsed before noticing an incident d. Total unavailability of digital evidence
a. Jurisdictional applicability
213. Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform? a. Jurisdictional applicability b. High legal expenses c. Time elapsed before noticing an incident d. Total unavailability of digital evidence
a. Jurisdictional applicability
90. In an interview, you are given the following scenario:David sent a message to Tina saying, "There is no school today!" For some reason, the message showed up on Tina's device as, "Come to the school ASAP!" You (the candidate) are asked to name the type of attack that would cause this situation.Which of the following should you identify? a. MITM b. DDoS c. Macro attack d. DNS hijacking
a. MITM
74. Which of the following is a subset of artificial intelligence? a. Machine learning b. Data science c. Artificial intelligence algorithm d. Machine intelligence
a. Machine learning
258. Which of the following can be done to obfuscate sensitive data? a. Masking b. Pulping c. Degaussing d. Shredding
a. Masking
66. Keily is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase? a. Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations b. Lack of OS hardening, network design flaw, lack of application hardening, weak passwords, misconfigurations, and SQL Injections c. Lack of OS hardening, network design flaw, lack of application hardening, misconfigurations, and brute force d. Lack of OS hardening, network design flaw, weak passwords, and misconfigurations
a. Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations
11. You are assigned to install multiple physical paths between devices and the SAN so that an interruption in one path will not affect communication. Which of the following techniques should you implement to manage the risk of interruption? a. Multipath b. NIC teaming c. PDU d. UPS
a. Multipath
284. Which characteristic of cryptography makes information obscure or unclear, and by which the original information becomes impossible to be determined? a. Obfuscation b. Nonrepudiation c. Authentication d. Integrity
a. Obfuscation
97. Which of the following is defined as a structure for governing all the elements involved in digital certificate management? a. PKI b. Web of trust model c. M-of-N control d. CA
a. PKI
161. You work for an enterprise that provides various cybersecurity services. You are assigned to examine an enterprise's network and suggest security measures modifications, if necessary. On examining the network, you find that the enterprise hosts most of its computing resources on a cloud platform and few resources on-premises, and both seem to have secure settings implemented. You also find that the enterprise computers use the Windows XP operating system.Which of the following vulnerabilities should you insist on fixing first? a. Platform vulnerability b. Configuration vulnerability c. Zero-day vulnerability d. Third-party vulnerability
a. Platform vulnerability
142. After reviewing the data collection procedures in your organization, a court ordered you to issue a document that specifies how the organization uses the collected personal information. This document must be displayed to the user before allowing them to share personal data. Which of the following documents should you prepare? a. Privacy notice b. Terms of agreement c. Data minimization d. Pseudo-anonymization
a. Privacy notice
155. Which of the following RAID configurations have no fault tolerance? a. RAID level 0 b. RAID level 1 c. RAID level 5 d. RAID level 10
a. RAID level 0
186. What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user? a. Replay b. Trojan c. Buffer overflow d. Device driver manipulation
a. Replay
187. Which of the following protocols can be used for secure video and voice calling? a. SRTP b. S/MIME c. VPN d. SNMP
a. SRTP
197. Which of the following is a Linux/UNIX-based command interface and protocol? a. SSH b. HTTPS c. SSL d. S/MIME
a. SSH
296. Which of the following terms best describes the process in which a user believes that the browser connection they are using is secure and the data sent is encrypted when in reality, the connection is insecure, and the data is sent in plaintext? a. SSL stripping b. Revocation c. SQL injection d. API attack
a. SSL stripping
204. What is meant by "infrastructure as code" in SecDevOps? a. SecDevOps method of managing software and hardware using principles of developing code b. SecDevOps method of managing the infrastructure as a service c. SecDevOps method of managing the infrastructure as a software d. SecDevOps method of managing code as infrastructure
a. SecDevOps method of managing software and hardware using principles of developing code
6. Your company has hired a contractor to build fences surrounding the office building perimeter and install signs that say "premises under 24-hour video surveillance." When do these controls occur? a. The fence and the signs should both be installed before an attack b. The fence should be built before an attack, and the signs erected after an attack c. The fence should be built after an attack, and the signs installed before an attack d. The fence and the signs should both be installed after an attack
a. The fence and the signs should both be installed before an attack
281. Which of the following is a primary difference between a red team and a white team? a. The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing. b. The red team uses an automated vulnerability scanning tool to find vulnerabilities, whereas the white team defines the rules of penetration testing. c. The red team uses an automated vulnerability scanning tool to find vulnerabilities, whereas the white team decides which tool to use in automated vulnerability scanning. d. The red team provides real-time feedback to enhance the threat detection capability, whereas the white team defines the rules of penetration testing.
a. The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing.
40. Which encryption is a chip on the motherboard of a computer that provides cryptographic services? a. Trusted platform module b. Hardware security module c. Self-encrypting hard disk drives d. File and File system cryptography
a. Trusted platform module
144. In an interview, the interviewer asks you to boot a PC. Before the boot process begins, an interface asks you to choose between Windows 10 and Ubuntu Linux. The interviewer then asks you to identify the type of VR monitor program being used. What should your reply be? a. Type I hypervisor b. Type II hypervisor c. Container d. Type III hypervisor
a. Type I hypervisor
207. In an interview, the interviewer asks you to boot a PC. A hypervisor screen appears at the start of the boot process. The interviewer then asks you to identify the type of VM monitor program being used. What should your reply be? a. Type I hypervisor b. Type II hypervisor c. Container d. Type III hypervisor
a. Type I hypervisor
212. What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation? a. Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data b. Using Cisco Firepower for computationally identifying and categorizing opinions, usually expressed in response to textual data, to determine the writer's attitude toward a particular topic c. Using SIEM for combining many logs into one record based on IP addresses, usernames, and port numbers d. Using Wireshark for detecting hidden and persistent threats from a network
a. Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data
27. There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing? a. Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them. b. Vulnerability scanning checks a network for outdated versions of services. Penetration testing is attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them. c. Vulnerability scanning is performed by manually scanning a network for known vulnerabilities. Penetration testing is attempting to manually scan a network for known vulnerability signatures using an advanced scanning tool. d. Vulnerability scanning checks a network for op
a. Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them.
228. Which of the following is the most efficient means of discovering wireless signals? a. War flying b. War chalking c. War cycling d. Wardriving
a. War flying
182. Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users' sessions. Which of the following is the most appropriate action for you to take? a. You should implement cryptography using OpenSSL. b. You should encrypt the session ID displayed on the URL. c. You should provide each user a unique static session ID. d. You should mention "log off after visit" on the web app.
a. You should implement cryptography using OpenSSL.
65. You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply? a. You should implement keystroke dynamics. b. You should implement fingerprint authentication. c. You should implement iris scanning. d. You should implement facial recognition.
a. You should implement keystroke dynamics.
225. As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply? a. You should set up a DNS sinkhole. b. You should set up a host-based firewall. c. You should set up a proxy server. d. You should set up a virtual private network.
a. You should set up a DNS sinkhole.
283. As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply? a. You should set up a DNS sinkhole. b. You should set up a host-based firewall. c. You should set up a proxy server. d. You should set up a virtual private network.
a. You should set up a DNS sinkhole.
277. After encountering a network attack in your enterprise network, the chief network security engineer assigned you a project. The project was to create a vulnerable network that is similar to your enterprise network and entices the threat actor to repeat the attack. This is to analyze the behavior and techniques the attacker is using to ensure better defenses to your enterprise network in the future. Which of the following appliances should you use? a. You should use a honeypot. b. You should set up network access control. c. You should use a proxy server. d. You should set up behavioral IDS monitoring.
a. You should use a honeypot.
175. In an interview, you are asked to change the permissions of a file on a Linux system so that the file can only be accessed by its owner. Which of the following tools should you use? a. chmod b. grep c. Nessuss d. Cuckoo
a. chmod
177. In an interview, you are asked to change the permissions of a file on a Linux system so that the file can only be accessed by its owner. Which of the following tools should you use? a. chmod b. grep c. Nessuss d. Cuckoo
a. chmod
244. Which of the following authentication methods belongs in the "something you have" category? a. Keystroke dynamics b. Security key c. Picture password d. Gait recognition
b. Security key
21. Which monitoring methodology will trigger the IDS if any application tries to scan multiple ports? a. Signature-based monitoring b. Heuristic monitoring c. Anomaly-based monitoring d. Behavior-based monitoring
b. Heuristic monitoring
157. Which of the following best describes a faraday cage? a. A Faraday cage is used to dispose of electronic waste. b. A Faraday cage is an enclosure used to block electromagnetic fields. c. A Faraday cage blocks suspicious packets from entering an electronic device. d. A Faraday cage is used to charge the electronic devices.
b. A Faraday cage is an enclosure used to block electromagnetic fields.
115. You are asked to construct a server cluster to provide resilience to the webserver hosted by your enterprise. Which of the following clustering systems should you implement to ensure the standby server only works when the other server fails? a. Symmetric b. Asymmetric c. Independent d. Unique
b. Asymmetric
245. Which type of attack can give an attacker access to a device and allow them to copy personal information using an unauthorized radio frequency connection? a. Bluejacking b. Bluesnarfing c. RFID attack d. NFC attack
b. Bluesnarfing
4. Sigma Technology is a company based in Singapore, with branches in 24 countries. It needs multiple CAs in different locations to verify and sign digital certificates for the company. They are looking for an option where, even in the absence of a CA, other CAs can issue the certificates. Additionally, they are also looking for CAs who will overlook other CAs in different locations. In such a scenario, which PKI trust model should they use? a. Distributed trust model b. Bridge trust model c. Hierarchical trust model d. Web of trust model
b. Bridge trust model
215. Which of the following documents provide alternative modes of operation for interrupted business activities? a. Business impact analysis b. Business continuity plan c. Continuous data protection d. Disaster Recovery plan
b. Business continuity plan
96. In which of the following mobile device connectivity methods are transmitters connected through a mobile telecommunication switching office (MTSO) that controls all of the transmitters in the cellular network and serves as the link between the cellular network and the wired telephone world? a. Wi-Fi b. Cellular c. Infrared d. Bluetooth
b. Cellular
280. While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform? a. STIX b. IOC c. Telnet d. HTTP
b. IOC
285. A company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred.Which of the following actions would help achieve this objective? a. Checking the green web b. Checking the dark web c. Checking the surface web d. Implementing TCP/IP protocol across the network
b. Checking the dark web
152. Zyan works for ABC Technology. The enterprise wants to provide smartphones to all its employees. They can choose from a limited list of approved mobile devices. But they need to pay for the device themselves. The company will pay them a monthly stipend. Which deployment method should Zyan suggest to meet his company's needs? a. Virtual desktop infrastructure (VDI) b. Choose your own device (CYOD) c. Corporate-owned personally enabled (COPE) d. Corporate-owned device (COD)
b. Choose your own device (CYOD)
31. "Computer workstations must be locked when the workspace is unoccupied and turned off at the end of the business day." "Laptops must be either locked with a locking cable or locked in a drawer or filing cabinet."Which policy includes these directives? a. Least privilege b. Clean desk space c. Onboarding and offboarding d. Acceptable use policy
b. Clean desk space
73. James is a black hat hacker employed as an authorized officer at Apple. He has credentials and signed a non-disclosure agreement to perform advanced penetration testing on the iOS 6.1.6 operating system, and has already gained low-level access to the mobile device using a backdoor. Which of the following actions should James take to design/create his own custom firmware to exploit underlying vulnerabilities and gain a higher level of access to a UNIX shell with root privileges, essentially allowing them to do anything on the device? a. Copy the source code of the open-source BlackArch tool and build custom software from it b. Clone and inherit the source code of the open-source software "P0sixspwn" c. Copy the source code of open-source Mimikatz and build custom software from it d. Clone and inherit the source code of the open-source software "Pwnage"
b. Clone and inherit the source code of the open-source software "P0sixspwn"
107. Windows picture password belongs to which of the following? a. Behavioral biometrics b. Cognitive biometrics c. Physiological biometrics d. Psychological biometrics
b. Cognitive biometrics
14. Windows picture password belongs to which of the following? a. Behavioral biometrics b. Cognitive biometrics c. Physiological biometrics d. Psychological biometrics
b. Cognitive biometrics
81. In a multifactor authentication-enabled facility, you are asked the following question: "What type of food was served on your child's first birthday?" Which of the following is the authentication method used here? a. Physiological biometrics b. Cognitive biometrics c. Behavioral biometrics d. Security key authentication
b. Cognitive biometrics
203. A learning management system application has been written in Python. While running the application code, the specific program or application that converts the program into machine language is called what? a. Operating system b. Compiler c. Application software d. Antimalware
b. Compiler
275. In an interview, the interviewer introduced the following scenario:An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur.Which of the following should you choose? a. Physical access vulnerability b. Configuration vulnerability c. Zero-day vulnerability d. Third-party vulnerability
b. Configuration vulnerability
57. You are a security consultant. An enterprise client contacted you because their mail domain is blocked due to an unidentified entity using it to send spam. How should you advise them to prevent this from happening in the future? a. Configure the POP to monitor incoming and outgoing emails b. Configure the SMTP relay to limit relays to only local users c. Configure the POP3 so that it listens on port 25 d. Configure the IMAP to store emails on the email server
b. Configure the SMTP relay to limit relays to only local users
294. In an interview, Tom was asked to give a brief on how containers perform virtualization. How should Tom reply? a. Containers use Type I hypervisors for virtualization b. Containers use OS components for virtualization c. Containers use dedicated physical storage for virtualization d. Containers use hardware hypervisors for virtualization
b. Containers use OS components for virtualization
220. Which of the following is NOT a part of business continuity planning? a. Resumption planning b. Contingency actions c. Emergency response d. Disaster recovery
b. Contingency actions
234. Which of the following is NOT a part of business continuity planning? a. Resumption planning b. Contingency actions c. Emergency response d. Disaster recovery
b. Contingency actions
210. Marcus is an information security architect at a product-based IT firm. He is responsible for developing policies for the most-secure mobile device enterprise-deploying model. The company will decide the level of choice and freedom for employees. Employees are supplied company-chosen and paid-for devices that they can use for both professional and personal activities. This action is performed under which enterprise deployment model? a. Bring your own device (BYOD) b. Corporate-owned, personally enabled (COPE) c. Corporate-owned device (COD) d. Choose your own device (CYOD)
b. Corporate-owned, personally enabled (COPE)
164. In a practical test, Steve was asked to securely connect different on-premises computing devices with a database deployed in the cloud. What action is Steve taking? a. Using cloud access security broker b. Creating a virtual network c. Using next-generation secure web gateway d. Using a simple network management protocol
b. Creating a virtual network
112. Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation? a. DNS server logs b. DHCP server logs c. Firewall logs d. Email server logs
b. DHCP server logs
208. Which of the following protocol can be used for secure routing and switching? a. DNSSEC b. IPsec c. HTTPS d. HTTP
b. IPsec
168. Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation? a. DNS server logs b. DHCP server logs c. Firewall logs d. Email server logs
b. DHCP server logs
300. Who implements access control based on the security level determined by the data owner? a. Data privacy officer b. Data custodian c. Data controller d. Data processor
b. Data custodian
105. Under which vulnerability can an attacker steal information from a user's phone using a device to connect to the phone without physically touching it? a. Eavesdropping b. Data theft c. Man-in-the-middle d. Device theft
b. Data theft
17. Which probe is designed exclusively to monitor the RF for transmissions and can only monitor the airwaves? a. Access point probe b. Dedicated probe c. Desktop probe d. Wireless device probe
b. Dedicated probe
36. Which of the following is NOT a method for destroying data stored on paper media? a. Shredding b. Degaussing c. Pulping d. Pulverizing
b. Degaussing
178. You are a security expert asked to protect the webservers hosted in your building from exposure to anyone other than server admins. Which of the following physical security method should you implement to achieve this? a. Protected cable distribution b. Demilitarized zones c. Vault d. Faraday cage
b. Demilitarized zones
270. Alex needs to find a method that can change a single character of plaintext into multiple characters of ciphertext.Which method should Alex use? a. Steganography b. Diffusion c. Obfuscation d. Confusion
b. Diffusion
116. Malik and Chris are shopping for shoes on an e-commerce website and need to enter their credit card details. Which of the following can assure them that they are using the retailer's authentic website and not an imposter's look-alike site that will steal their credit card details? a. Digital signature b. Digital certificate c. Hash digest d. SSL
b. Digital certificate
286. Malik and Chris are shopping for shoes on an e-commerce website and need to enter their credit card details. Which of the following can assure them that they are using the retailer's authentic website and not an imposter's look-alike site that will steal their credit card details? a. Digital signature b. Digital certificate c. Hash digest d. SSL
b. Digital certificate
214. John receives an encrypted document using asymmetric cryptography from Alex. Which process should Alex use along with asymmetric cryptography so that John can be sure that the received document is real, from Alex, and unaltered? a. Elliptic curve cryptography b. Digital signature algorithm c. Rivest-Shamir-Alderman d. Symmetric cryptography
b. Digital signature algorithm
45. In which type of RFID attack can unauthorized users listen to communications between RFID tags and readers? a. Unauthorized tag access b. Eavesdropping c. Fake tags d. Data theft
b. Eavesdropping
226. Which type of wireless attack is designed to capture wireless transmissions coming from legitimate users? a. Rogue access point b. Evil twin c. Intercepting wireless data d. Wireless denial of service attacks
b. Evil twin
63. Which type of wireless attack is designed to capture wireless transmissions coming from legitimate users? a. Rogue access point b. Evil twin c. Jamming d. Wireless denial of service attacks
b. Evil twin
138. The following statements regarding centralized administration concepts are presented to you in an interview in which only one of them is correct. Which of these is correct? a. Directory service is an XML standard that allows secure web domains to exchange user authentication and authorization data. b. Extensible authentication protocol is a framework to transport authentication protocols. c. The transport protocol used by RADIUS is TCP. d. A RADIUS client can be defined as a desktop or a wireless laptop requesting authentication.
b. Extensible authentication protocol is a framework to transport authentication protocols.
162. Amaya is looking for a hardware chip or integrated circuit (IC) that can be programmed by the user to carry out one or more logical operations, can be reprogrammed when needed, and can be configured by either the user or designer. Which option should Amaya select? a. 8051 microcontroller b. Field-programmable gate array (FPGA) c. Raspberry Pi d. Arduino
b. Field-programmable gate array (FPGA)
122. Which of the following is the most secure encryption solution to adopt for a Google Android mobile device? a. Full disk encryption b. File-based encryption c. Symmetric key encryption d. Asymmetric key encryption
b. File-based encryption
46. Which of the following is the most secure encryption solution to adopt for a Google Android mobile device? a. Full disk encryption b. File-based encryption c. Symmetric key encryption d. Asymmetric key encryption
b. File-based encryption
128. A security breach recently occurred in your enterprise. During the incident investigation, you are asked to examine network-based device logs. Which of the following network devices should you examine first? a. NIDS and NIPS b. Firewall c. DNS d. Routers and switches
b. Firewall
235. Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the application.What process did Mary use? a. Code signing b. Fuzzing c. Dead coding d. Camouflaged coding
b. Fuzzing
231. You have been asked to implement a block cipher mode of operation that requires both the sender and receiver of the message to have access to a synchronous counter that adds an AAD to the transmission. Which operating block cipher mode should you use? a. ECB b. GCM c. CBC d. CTR
b. GCM
232. Photoplethysmography uses which type of light to measure heart rate on a wearable device? a. Red b. Green c. Infrared d. Ultraviolet
b. Green
217. What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware, and intrusion detection systems are implemented in all the computers on the network? a. Implement an antivirus solution in all systems and servers b. Implement hardening at endpoints with patch management and operating system safeguards c. Disable operating system patch updates to prevent malicious attacks d. Disable connections on the Wi-Fi network
b. Implement hardening at endpoints with patch management and operating system safeguards
69. Threat actors focused on financial gain often attack which of the following main target categories? a. Product lists b. Individual users c. Social media assets d. REST services
b. Individual users
143. Jordan has been asked by his organization to help them choose a mobile device communication channel for their new mobile device build. Which of the following mobile device communication channels should Jordan NOT suggest to his company? a. Wi-Fi b. Infrared c. Cellular d. USB
b. Infrared
24. In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Which of the following actions should you take? a. Provide security awareness training for all users b. Install motion detection sensors in strategic areas c. Post signs indicating the area is under video surveillance d. Build fences that surround the perimeter of the building
b. Install motion detection sensors in strategic areas
49. Which of the following is an authentication system that issues a ticket after verifying the credentials by which you can authenticate other services? a. RADIUS b. Kerberos c. TACACS+ d. SAML
b. Kerberos
20. Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed? a. Only look at the highest priority vulnerability b. Look at the priority and the accuracy of the vulnerability c. Only look at the accuracy of the vulnerability d. Escalate the situation to a higher analyst
b. Look at the priority and the accuracy of the vulnerability
274. Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed? a. Only look at the highest priority vulnerability b. Look at the priority and the accuracy of the vulnerability c. Only look at the accuracy of the vulnerability d. Escalate the situation to a higher analyst
b. Look at the priority and the accuracy of the vulnerability
106. Walter's organization is in the beginning stages of a new project. His team is tasked with finding a tool that must have the following features, allowing it to be remotely managed by the organization:1. It must be able to apply default device settings.2. It must be able to approve or quarantine new mobile devices.3. It must be able to configure emails, calendars, contacts, and Wi-Fi profile settings.4. It must be able to detect and restrict jailbroken and rooted devices.Which tool should Walter's team suggest, and why? a. MAM, because it provides a high level of control over apps. b. MDM, because it allows remote management and over the air updates. c. MCM, because it allows management over hundreds of devices at once. d. UEM, because it allows remote management and works best across all mobile OSs.
b. MDM, because it allows remote management and over the air updates.
123. Which of the following is performed during the incident response phase? a. Configuring access control schemes b. Making configuration changes c. Performing incident response exercises d. Performing digital forensics
b. Making configuration changes
64. Which of the following access control schemes is most secure? a. Discretionary access control b. Mandatory access control c. Role-based access control d. Rule-based access control
b. Mandatory access control
233. Which one of the following is the most appropriate explanation of photoplethysmography? a. Measuring blood pressure by tracking changes in green light absorption, since human blood absorbs green light b. Measuring heart rate by tracking changes in green light absorption, since human blood absorbs green light c. Measuring heart rate by tracking changes in UV light absorption, since human blood absorbs UV light d. Measuring blood pressure by tracking changes in infrared light absorption, since human blood absorbs infrared light
b. Measuring heart rate by tracking changes in green light absorption, since human blood absorbs green light
151. Why are mobile devices critical to a digital forensics investigation? a. Evidence can be easily retrieved from mobile devices. b. Mobile devices are almost continually in a user's possession. c. Mobile device forensics tools are less expensive than digital forensic workstations. d. Mobile devices are widely used by diverse user groups.
b. Mobile devices are almost continually in a user's possession.
100. Which of the following best describes east-west traffic? a. Movement of data from a router to an enterprise switch b. Movement of data from one server to another within a data center c. Movement of data from one unsecured endpoint to another d. Movement of data from an unsecured endpoint to a server outside a data center
b. Movement of data from one server to another within a data center
118. Which wireless technology will John use to provide wide-range cellular service that focuses on indoor coverage, low cost, long battery life, high connection density, and has a low-power wide-area network? a. Cellular IoT baseband b. Narrowband IoT c. Zigbee d. Subscriber identity module
b. Narrowband IoT
129. Which of the following is an agreement that ensures an employee does not misuse enterprise data? a. Data protection agreement b. Nondisclosure agreement c. Acceptable use policy d. Impossible travel policy
b. Nondisclosure agreement
141. What is the secure coding technique that organizes data within the database for minimum redundancy? a. Stored procedure b. Normalization c. Code signing d. Dead code
b. Normalization
200. What is the secure coding technique that organizes data within the database for minimum redundancy? a. Stored procedure b. Normalization c. Code signing d. Dead code
b. Normalization
180. Alliance Consulting, a company based in France, is shutting down. Louis, the owner of the company, applied to revoke his digital certificate. He is very busy with the other details of shutting the company down and needs to be able to check the certificate's status quickly and easily. Which of the following will help him get a real-time lookup of the certificate's status? a. CRL b. OCSP c. CSR d. EV
b. OCSP
127. Which of the following policies propose using non-disclosure agreements (NDA)? a. Acceptable use policy b. Onboarding and offboarding c. Mandatory vacation d. Separation of duties
b. Onboarding and offboarding
229. Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam's company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates.Which of the following authentication methods should Sam apply? a. PIN and face recognition b. PIN and gait recognition c. PIN and fingerprint scanner d. PIN and password
b. PIN and gait recognition
130. Which of the following techniques is the best fit for monitoring traffic on switches with large volumes of traffic? a. Port mirroring b. Port TAP c. Port spanning d. Signature-based monitoring
b. Port TAP
61. Fatima is responsible for conducting business transactions for XYZ Company, and she only had the stored private key. She is on leave and currently unavailable, and the organization needs to complete an urgent business transaction. Which of the following methods should enable the organization to access Fatima's private key and digital certificate? a. Escrow b. Recovery c. Revocation d. Renewal
b. Recovery
134. Which risk remains after additional controls are applied? a. Inherent risk b. Residual risk c. Control risk d. Internal risk
b. Residual risk
77. Which risk remains after additional controls are applied? a. Inherent risk b. Residual risk c. Control risk d. Internal risk
b. Residual risk
93. What is a jump box used for? a. Deceiving threat actors by intentionally creating vulnerable devices b. Restricting access to a demilitarized zone c. Switching from a public IP to a private IP d. Bypassing a firewall by generating a log entry
b. Restricting access to a demilitarized zone
117. You are a security administrator for an enterprise. You were asked to implement a cloud app security function in your enterprise network so that login attempts from identified threat actors can be restricted. Which of the following cloud app security function should you use? a. Impossible travel b. Risky IP address c. Suspicious inbox forwarding d. Activity performed by a terminated user
b. Risky IP address
257. Sherlin is the owner of a cosmetics store. She wanted to introduce a wireless network in the store, but her employees were against it. Sherlin ended up purchasing an inexpensive wireless router and secretly connected it to the wired network. Unfortunately, this unknowingly provided open access to the wireless signal.What type of attack has Sherlin made her store's network vulnerable to? a. Evil twin b. Rogue access point c. Jamming d. Wireless denial of service attacks
b. Rogue access point
9. Sherlin is the owner of a cosmetics store. She wanted to introduce a wireless network in the store, but her IT department was against it. Sherlin ended up purchasing an inexpensive wireless router and secretly connected it to the wired network. Unfortunately, this unknowingly provided open access to the wireless signal.What type of attack has Sherlin made her store's network vulnerable to? a. Evil twin b. Rogue access point c. Jamming d. Wireless denial of service attacks
b. Rogue access point
237. You are the chief security administrator in your enterprise. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Which of the following training techniques should you use? a. Computer-based training b. Role-based awareness training c. Gamification d. Capture the flag
b. Role-based awareness training
241. Which of the following allows high-speed storage and transmission of large volumes of data? a. RAID b. SAN c. NIC teaming d. PDU
b. SAN
13. During an investigation, it was found that an attacker did the following:Intercepted the request from the user to the server and established an HTTPS connection between the attacker's computer and the server while having an unsecured HTTP connection with the user. This gave the attacker complete control over the secure webpage.Which protocol helped facilitate this attack? a. S/MIME b. SSL c. SSH d. ECB
b. SSL
3. During an investigation, it was found that an attacker did the following:Intercepted the request from the user to the server and established an HTTPS connection between the attacker's computer and the server while having an unsecured HTTP connection with the user. This gave the attacker complete control over the secure webpage.Which protocol helped facilitate this attack? a. S/MIME b. SSL c. SSH d. ECB
b. SSL
88. Which of the following is the earliest and most general cryptographic protocol? a. SSH b. SSL c. TLS d. HTTPS
b. SSL
75. What is the name of the process where a website validates user input before the application uses the input? a. Tokening b. Sanitizing c. Authorizing d. Eliminating
b. Sanitizing
252. A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take? a. Scan all devices, each for a very short time b. Scan the most important devices for as long as it takes for each device c. Scan only infrastructure devices for a very short time d. Scan all endpoint devices
b. Scan the most important devices for as long as it takes for each device
62. A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take? a. Scan all devices, each for a very short time b. Scan the most important devices for as long as it takes for each device c. Scan only infrastructure devices for a very short time d. Scan all endpoint devices
b. Scan the most important devices for as long as it takes for each device
156. Which of the following sets consists of only the core features of a mobile or computing device? a. Small form factor, mobile operating system, wireless data network interface for internet access, global positioning system (GPS), local non-removable data storage b. Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local nonremovable data storage c. Small form factor, mobile operating system, wireless data network interface internet access, app stores, removable storage media d. Small form factor, mobile operating system, microphone and/or digital camera, app stores, local non-removable data storage
b. Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local nonremovable data storage
58. Which attack embeds malware-distributing links in instant messages? a. Spam b. Spim c. Phishing d. Tailgating e. Incorrect. Spam involves sending millions of unsolicited emails to a large number of companies and/or recipients. f. Correct. Spim is spam delivered through an IM service instead of email. g. Incorrect. Phishing is the social engineering process of sending email messages or displaying a web announcement that falsely claims to be from a legitimate enterprise to trick a user into giving information or taking action. h. Incorrect. Once an authorized person opens the door, one or more individuals can follow behind and also enter. This is known as tailgating.
b. Spim
102. Which algorithm encrypts and decrypts data using the same key? a. Hash algorithm b. Symmetric cryptographic algorithm c. Rivest-Shamir-Adleman algorithm d. Asymmetric cryptographic algorithm
b. Symmetric cryptographic algorithm
78. Which algorithm encrypts and decrypts data using the same key? a. Hash algorithm b. Symmetric cryptographic algorithm c. Rivest-Shamir-Adleman algorithm d. Asymmetric cryptographic algorithm
b. Symmetric cryptographic algorithm
147. Which of the following protocols are used to secure HTTP? a. TLS and SSH b. TLS and SSL c. TLS and SRTP d. SSH and SSL
b. TLS and SSL
199. What is a risk to data when training a machine learning (ML) application? a. ML algorithm security b. Tainted training data for machine learning c. API attack on the device d. Improper exception handling in the ML program
b. Tainted training data for machine learning
25. Mike, an employee at your company, approached you seeking help with his virtual machine. He wants to save the current state of the machine to roll back to the saved state in case of a malfunction. Which of the following techniques can help Mike? a. Apply sandboxing to save the virtual machine state b. Take snapshots to save the virtual machine state c. Use containers to save the virtual machine state d. Use LDAP to save the virtual machine state
b. Take snapshots to save the virtual machine state
133. Which alert utility can identify theft in a smart meter? a. Meter readings b. Tamper protection c. Servicing d. Emergency communication
b. Tamper protection
278. Which of the following sensors is best suited for fire detection? a. Proximity sensor b. Temperature detection sensor c. Motion detection sensor d. Noise detection sensor
b. Temperature detection sensor
83. Which of the following are categories of vulnerabilities in mobile device connections that can also be exploited by threat actors? a. Tethering, USB-on-the-go (OTG), malicious USB cable, location tracking b. Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots c. Tethering, USB-on-the-go (OTG), limited updates, hotspots d. Limited updates, USB-on-the-go (OTG), malicious USB cable, hotspots
b. Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots
84. Which of the following are categories of vulnerabilities in mobile device connections that can also be exploited by threat actors? a. Tethering, USB-on-the-go (OTG), malicious USB cable, location tracking b. Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots c. Tethering, USB-on-the-go (OTG), limited updates, hotspots d. Limited updates, USB-on-the-go (OTG), malicious USB cable, hotspots
b. Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots
239. How do NACs ensure that a device is safe to connect to a secure network? a. The NAC encrypts all of the data on an unknown device before connecting it to the secured network. b. The NAC issues a health certificate, only allowing healthy devices to connect to the secured network. c. The NAC ensures the safety of the device by deleting all suspicious files. d. The NAC moves suspicious data on an unknown device onto an external storage device.
b. The NAC issues a health certificate, only allowing healthy devices to connect to the secured network.
85. Which of the following describes the action of an SQL injection into a database server? a. The SQL injection inserts specially created extensible markup language to manipulate the database taking control of the database giving control to the attacker to manipulate the database. b. The SQL injection inserts specially created structured query language statements to manipulate the database server, giving control of the database to the attacker, who can then manipulate the database. c. The SQL injection inserts code into the DLL running process, causing the program to function differently than intended. d. The SQL injection is specially created code inserted into a legitimate program, which then lies dormant unless a special logical event triggers it.
b. The SQL injection inserts specially created structured query language statements to manipulate the database server, giving control of the database to the attacker, who can then manipulate the database.
193. What does the end of service notice indicate? a. The enterprise is halting the manufacturing of a product. b. The enterprise will no longer offer support services for a product. c. The service-level agreement with a vendor has expired. d. The nondisclosure agreement with a service vendor has expired.
b. The enterprise will no longer offer support services for a product.
70. What does the end-of-service notice indicate? a. The enterprise is halting the manufacturing of a product. b. The enterprise will no longer offer support services for a product. c. The service-level agreement with a vendor has expired. d. The nondisclosure agreement with a service vendor has expired.
b. The enterprise will no longer offer support services for a product.
247. A source computer's ability to reach a specified destination computer can be tested using which of the following? a. curl b. ping c. ipconfig d. ifconfig
b. ping
236. Robert has two cryptographic keys, and he needs to determine which of them is less prone to being attacked. The cryptoperiod is limited and equal for both the keys. The first key has a length of 2 and uses 16 characters, while the other key has a length of 3 and uses 15 characters. Which of the following is the best conclusion for Robert to come to? a. The first key is more secure than the second key. b. The second key is more secure than the first key. c. Both the keys are equally secure. d. Neither of the keys are secure because they both have a limited cryptoperiod.
b. The second key is more secure than the first key.
125. Which of the following best describes trusted location in MS Office? a. Trusted location is used to lock important files. b. Trusted location allows you to run macros-enabled files with no security restrictions. c. Trusted location allows you to prevent infected files from damaging the system. d. Trusted location is the place where operating system files are stored.
b. Trusted location allows you to run macros-enabled files with no security restrictions.
71. Which of the following best describes trusted location in MS Office? a. Trusted location is used to lock important files. b. Trusted location allows you to run macros-enabled files with no security restrictions. c. Trusted location allows you to prevent infected files from damaging the system. d. Trusted location is the place where operating system files are stored.
b. Trusted location allows you to run macros-enabled files with no security restrictions.
273. You are performing digital forensics in an enterprise that recently experienced a security breach. You successfully retrieved all volatile data, and your next focus is hard drives. How should you collect evidence from the hard drives without tainting any evidence? a. Use the cache files b. Use mirror image backups c. Use screenshots d. Use drive file slack
b. Use mirror image backups
288. You are performing digital forensics in an enterprise that recently experienced a security breach. You successfully retrieved all volatile data, and your next focus is hard drives. How should you collect evidence from the hard drives without tainting any evidence? a. Use the cache files b. Use mirror image backups c. Use screenshots d. Use drive file slack
b. Use mirror image backups
160. Pat is asked to automate critical security functions like responding to detected threat patterns in an enterprise network. Which of the following should be done by Pat? a. Use a software-defined network b. Use software-defined visibility c. Use virtual desktop infrastructure d. Implement subnetting
b. Use software-defined visibility
19. Pat is asked to automate critical security functions like responding to detected threat patterns in an enterprise network. Which of the following should be done by Pat? a. Use a software-device network b. Use software-device visibility c. Use virtual desktop infrastructure d. Implement subnetting
b. Use software-device visibility
194. Which of the following outlines the process of a proxy server? a. User - internet - reverse proxy - forward proxy - user b. User - forward proxy - Internet - reverse proxy - server c. User - reverse proxy - Internet - forward proxy - server d. User - forward proxy - user - reverse proxy - Internet
b. User - forward proxy - Internet - reverse proxy - server
145. Which security protocol encrypts transmissions by using a shared secret key combined with an initialization vector (IV) that changes each time a packet is encrypted? a. WPS b. WEP c. MAC d. WPA
b. WEP
248. Sam is asked to help his company design a wireless network for their new location.Which of the following protocols has the strongest wireless security, supports a longer bit of encryption, and improved interaction capabilities with the internet of things (IoT) devices? a. WPA2 b. WPA3 c. WPA d. WEP
b. WPA3
132. In which of the following attacks, exemplified by jamming and RTS duration field attacks, do attackers use intentional interference to flood the RF spectrum with enough interference to prevent a device from effectively communicating with the AP? a. Disassociation attack b. Wireless denial of service attacks c. Evil twin d. Intercepting wireless data
b. Wireless denial of service attacks
135. In a security review meeting, you proposed using a windowed token with a time-based one-time password (TOTP) to authenticate enterprise employees, and you were asked to explain the working of TOTP.Which of the following should be your reply? a. With a windowed token with TOTP, a one-time code is generated by the windowed token. The windowed token sends the code to the server. The user enters the code generated by the windowed token. The user gets an authentication for the correct code. b. With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match. c. With a windowed token with TOTP, a one-time code is generated by the server. The server sends the code to the windowed token. The user enters the code. T
b. With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match.
150. In a security review meeting, you are asked to take appropriate security measures to mitigate IP spoofing attacks against the enterprise network. Which of the following methods should you apply? a. You should set up a proxy server. b. You should set up an ACL. c. You should set up a VPN. d. You should set up a DLP.
b. You should set up an ACL.
292. A machine where the operating system runs an application on top of an operating system is called _______. a. a sandbox b. a virtual machine c. a quarantine d. application whitelisting
b. a virtual machine
55. In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose? a. #International$ b. earthwaterforesttreemanworldkid c. n2(f!%^*%:(r)!#$ d. honesty
b. earthwaterforesttreemanworldkid
60. In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose? a. #International$ b. earthwaterforesttreemanworldkid c. n2(f!%^*%:(r)!#$ d. honesty
b. earthwaterforesttreemanworldkid
279. In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE? a. 100,000,000/0.75 * 100 b. 100,000,000/100 * 0.75 c. 100,000,000 * 0.75 d. 100,000,000 * 0.75/.01
c. 100,000,000 * 0.75
188. Which of the following best describes a mantrap? a. A mantrap separates threat actors from defenders. b. A mantrap cools a server room by trapping body heat. c. A mantrap is a small space with two separate sets of interlocking doors. d. A mantrap is a challenge given to cybersecurity experts.
c. A mantrap is a small space with two separate sets of interlocking doors.
265. In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct? a. A HMAC-based one-time password (HOTP) changes after a set period of time. b. Physiological biometrics is relating to the way in which the mind functions. c. A person's vein can be used to uniquely authenticate an individual. d. A windowed token displays a static code.
c. A person's vein can be used to uniquely authenticate an individual.
37. You want to examine every future login attempt made on the enterprise devices. Which of the following windows group policy settings should you enable to make sure every login attempt is logged? a. Network location b. Password history c. Account audits d. Password reuse
c. Account audits
5. You are asked to configure your firewall in such a way that the traffic from source address range 117.112.10.25 through 117.112.15.100 is allowed, while traffic from 117.112.12.25 through 117.112.13.25 is denied, and traffic from 117.112.12.200 through 117.112.13.10 is allowed. How should you configure the firewall? a. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; allow 117.112.12.200 through 117.112.13.10 b. Deny 117.112.12.200 through 117.112.13.10; deny 117.112.12.25 through 117.112.13.25; allow 117.112.10.25 through 117.112.15.100 c. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10 d. Allow 117.112.12.200 through 117.112.13.10; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.10.25 through 117.112.15.100
c. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10
28. Which penetration testing consultants are not given any knowledge of the network nor any elevated privileges? a. Gray box b. White box c. Black box d. Bug bounty
c. Black box
89. Which threat actors violate computer security for personal gain? a. White hat hackers b. Gray hat hackers c. Black hat hackers d. Red hat hackers
c. Black hat hackers
256. Shawn is approached by a medical staff team with a request to research and introduce a type of device that will help them record and transmit specific patient details.Which technology would help the team measure and monitor blood pressure and then send those patient details from the device to a phone as a message in case of emergencies? a. NFC b. RFID c. Bluetooth d. WLAN network
c. Bluetooth
2. Sherry needs to suggest a technology that can enable smartphones or laptops to control multiple devices like speakers, mice, etc., within a 100-meter distance. The device should also be connected without any wired connection.Which technology should Sherry suggest? a. NFC technology can be used to connect mobile devices to speakers b. RFID technology can be used to connect laptop mouse without any wired connection c. Bluetooth technology can be used to connect devices without any wired connection d. WLANs can be used to connect mobile devices to speakers
c. Bluetooth technology can be used to connect devices without any wired connection
176. Which of the following types of malware allows the attacker to launch attacks from the infected computer to other computers? a. Cryptomalware b. Keylogger c. Bot d. Backdoor
c. Bot
50. Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as? a. Zombie b. Payload c. Bot herder d. Botnet
c. Bot herder
32. The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d."Which of the following types of attack is this? a. Dictionary attack b. Brute force attack c. Rule attack d. Password spraying
c. Rule attack
86. Which of the following best describes the cloud access security broker? a. CASB allows secure access to the data stored in the cloud from any device. b. CASB secures the data stored in the cloud by restricting unauthorized access. c. CASB ensures the security policies of the enterprise extend to its data in the cloud. d. CASB is a virtual alternative to a physical firewall.
c. CASB ensures the security policies of the enterprise extend to its data in the cloud.
192. While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid.What is Andel likely a victim of? a. Keyloggers b. Spyware c. CSRF d. RAT
c. CSRF
47. While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid.What is Andel likely a victim of? a. Keyloggers b. Spyware c. CSRF d. RAT
c. CSRF
153. You are a data steward. You have been asked to restrict User A, who has an access clearance of "top secret" in a MAC-enabled network, from accessing files with the access label "secret." This, in turn, does not affect any other user.What action should you take? a. Change the access label of the files to "confidential" b. Change the access label of the files to "top secret" c. Change the access clearance of User A to "confidential" d. Change the access clearance of User A to "secret"
c. Change the access clearance of User A to "confidential"
260. You are a data steward. You have been asked to restrict User A, who has an access clearance of "top secret" in a MAC-enabled network, from accessing files with the access label "secret." This, in turn, does not affect any other user.What action should you take? a. Change the access label of the files to "confidential" b. Change the access label of the files to "top secret" c. Change the access clearance of User A to "confidential" d. Change the access clearance of User A to "secret"
c. Change the access clearance of User A to "confidential"
264. Which attack sees an attacker attempt to determine the hash function's input strings that produce the same hash result? a. Known ciphertext attack b. Downgrade attack c. Collision attack d. Birthday attack
c. Collision attack
54. Marnus is working as a cloud administrator, and he has been asked to perform segmentation on specific cloud networks. Which of the following should be done by Marnus? a. Remove individual accounts on file servers, machines, or authentication servers to restrict access and free up disc space, ports, and certificates. b. Create a virtual network that connects services and resources such as virtual machines and database applications. c. Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them. d. Use automated inspection and integration services for authentication, authorization, encryption,availability, and policy compliance.
c. Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them.
223. Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process? a. MITRE ATT&CK b. The Diamond Model of Intrusion Analysis c. Cyber Kill Chain d. Command and Control
c. Cyber Kill Chain
251. Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process? a. MITRE ATT&CK b. The Diamond Model of Intrusion Analysis c. Cyber Kill Chain d. Command and Control
c. Cyber Kill Chain
139. During an interview, you are provided the following scenario:The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network.Which of the following attacks should you choose? a. DDoS attack b. MAC cloning c. DNS hijacking d. Session replay attack
c. DNS hijacking
266. You are the security manager of an ISP, and you are asked to protect the name server from being hijacked. Which of the following protocols should you use? a. SFTP b. FTPS c. DNSSEC d. IMAP
c. DNSSEC
101. Which of the following is a state of data, where data is transmitted across a network? a. Data in processing b. Data at rest c. Data in transit d. 3DES
c. Data in transit
42. Which of the following is a state of data, where data is transmitted across a network? a. Data in processing b. Data at rest c. Data in transit d. 3DES
c. Data in transit
44. After a disaster disrupted your organization's functioning, you were assigned to determine the sequence for reinstating systems. Which of the following documents should you refer to when deciding the restoration order? a. Business impact analysis b. Single point of failure c. Data recovery plan d. COOP plan
c. Data recovery plan
259. Which of the following is a feature of secrets management? a. Decreased latency b. Data availability c. Default encryption d. Data redundancy
c. Default encryption
267. What should be done when the information life cycle of the data collected by an organization ends? a. Mask the data b. Tokenize the data c. Destroy the data d. Protect the data
c. Destroy the data
7. What should be done when the information life cycle of the data collected by an organization ends? a. Mask the data b. Tokenize the data c. Destroy the data d. Protect the data
c. Destroy the data
253. Which of the following statements about domain reputation is correct? a. Domain reputation will be high if the enterprise has access to a huge volume of resources. b. Domain reputation will be low if the enterprise has access to a huge volume of resources. c. Domain reputation will be low if the domain is used for distributing malware or launching attacks. d. Domain reputation will be high if the domain is used for distributing malware or launching attacks.
c. Domain reputation will be low if the domain is used for distributing malware or launching attacks.
59. Which of the following statements about domain reputation is correct? a. Domain reputation will be high if the enterprise has access to a huge volume of resources. b. Domain reputation will be low if the enterprise has access to a huge volume of resources. c. Domain reputation will be low if the domain is used for distributing malware or launching attacks. d. Domain reputation will be high if the domain is used for distributing malware or launching attacks.
c. Domain reputation will be low if the domain is used for distributing malware or launching attacks.
111. Which of the following is a physical social engineering technique? a. Pharming b. Watering hole c. Dumpster diving d. Hoaxes
c. Dumpster diving
174. Under which of the following modes does the ciphertext depend only on the plaintext and the key, independent of the previous ciphertext blocks? a. GCM b. CRT c. ECB d. CBC
c. ECB
230. What is the difference between protecting against eavesdropping and protecting against a man-in-the-middle (MITM) attack? a. Eavesdropping can be prevented by strong passwords and PINs, while MITM attacks can be prevented by being aware of one's surroundings while using NFC technology. b. Eavesdropping can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time, while MITM can be prevented by using strong passwords and PINs. c. Eavesdropping can be prevented by being aware of one's surroundings while using NFC technology, while MITM attack can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time. d. Eavesdropping can be prevented by turning off NFC while in public, while MITM attack can be protected by using strong passwords and PINs.
c. Eavesdropping can be prevented by being aware of one's surroundings while using NFC technology, while MITM attack can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time.
216. Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report? a. Fingerprint scanning is the safest available authentication method. b. Fingerprint scanners have the lowest false acceptance rate among other authentication methods. c. Fingerprint scanners can be used for trickery in rare cases. d. Fingerprint scanners have the highest false rejection rate among other authentication methods.
c. Fingerprint scanners can be used for trickery in rare cases.
250. In a security review meeting, you are asked to appropriately handle the enterprise's sensitive data. How should you configure the security of the data? a. Give access only to users with the highest level of pre-approved authentication b. Give access only to users who have a need-to-know qualification c. Give access only to employees who need and have been approved to access it d. Give access to any current employees or contractors
c. Give access only to employees who need and have been approved to access it
15. Which endpoint application runs on an endpoint device that only detects an attack in an endpoint device? a. HIPS b. EDR c. HIDS d. Cookies
c. HIDS
154. In an interview, you are asked about the role played by virtual machines in load balancing. Which of the following should be your reply? a. If the load on a virtual machine increases, the RAM or disk space of the VM can be extended until the load is balanced. b. If the load on a virtual machine increases, the virtual machine can balance the load by rejecting low-priority requests. c. If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities. d. If the virtual machine's load increases, the virtual machines can balance the load by denying further access.
c. If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities.
198. An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker's instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials.Which of the following social engineering techniques was used here? a. Hoaxes and impersonation b. Spam and phishing c. Impersonation and phishing d. Hoaxes and spam
c. Impersonation and phishing
146. Kia recently noticed that when she browses her favorite online shopping site, she is immediately redirected to a competitor's site. What is happening here, and what is the best option for Kia to fix this situation? a. Kia has installed spyware, and she has to close the browser and reboot the system to correct the problem. b. Kia has accidentally installed a virus. She must close the browser and run a good antivirus program before browsing the website for shopping again. c. Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser. d. Kia must reinstall a fresh copy of the operating system and all applications.
c. Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser.
23. Which of the following types of platforms is known for its vulnerabilities due to age? a. On-premises platform b. Cloud platform c. Legacy platform d. Online platform
c. Legacy platform
221. Which of the following is a process where a key is divided into a specific number of parts and distributed to multiple people, with some of them having the same parts of the key? a. Renewal b. Revocation c. M-of-N control d. Key escrow
c. M-of-N control
26. Which of the following is a process where a key is divided into a specific number of parts and distributed to multiple people, with some of them having the same parts of the key? a. Renewal b. Revocation c. M-of-N control d. Key escrow
c. M-of-N control
53. Which protocol should John select to prevent unwanted network access and be configured to permit traffic only from specific addresses and provide security? a. WEP b. WPS c. MAC d. WPA
c. MAC
94. Which of the following protocols allows John to prevent unwanted network access, provide security, and be configured to permit traffic only from specific addresses ? a. WEP b. WPS c. MAC d. WPA
c. MAC
227. Which of the following tools can be used to protect containers from attack? a. Software-defined visibility b. Software-defined networking c. Security-Enhanced Linux d. Virtual machine manager
c. Security-Enhanced Linux
52. A company has approached you for their product testing, and you agree to do it. First, you have to install the necessary plugins for the software through the browser, install the software, and run the software again.What procedure should you adopt to ensure that you don't compromise the browser and the computer's operating system? a. Make sure that the browser's CSP policy is set, then quarantine the software file, then access the software using an active directory, use a sandbox to run the software. b. Make sure that the antivirus/antispyware is run on the plugins, run the software in the sandbox, check the CSP options before running the software, and send a secure cookie to the server. c. Making sure that the OS's security options are deployed, run the antivirus/antispyware on the files downloaded, run the software on HSTS/HTTPS mode, and then send a secure cookie to the server. d. Deploy the OS securities,
c. Making sure that the OS's security options are deployed, run the antivirus/antispyware on the files downloaded, run the software on HSTS/HTTPS mode, and then send a secure cookie to the server.
190. Spectrum Technologies uses SHA-256 to share confidential information. The enterprise reported a breach of confidential data by a threat actor. You are asked to verify the cause of the attack that occurred despite implementing secure cryptography in communication. Which type of attack should you consider first, and why? a. Known ciphertext attack; the attacker can create the cryptographic keys from ciphertext because of the SHA-256 algorithm. b. Downgrade attack; SHA-256 is vulnerable to downgrades in the operating system to earlier versions, allowing threat actors to easily attack. c. Misconfiguration attack; the company should have configured a higher security hash algorithm rather than using the less-secure SHA-256. d. Collision attacks; the threat actor has created a malicious file with the same digest using SHA-256.
c. Misconfiguration attack; the company should have configured a higher security hash algorithm rather than using the less-secure SHA-256.
271. Containment is most effective when the network is properly designed. Which of the following contributes to effective network design? a. Access control list b. Access control scheme c. Network segmentation d. SOAR runbooks
c. Network segmentation
184. Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company's critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly? a. Yes. Dave has successfully created a COOP plan using an "all-hazards approach." b. No. Dave's COOP plan should not include how and where employees and resources will be relocated in case of a natural disaster. c. No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure. d. No. Dave's COOP plan should not include how data will be recovered in case a terrorist attack shuts down public networks.
c. No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.
272. What is the fastest-running vulnerability scan, and why does this type of scan run so fast? a. Intrusive scans can provide a deeper insight into the system by accessing the installed software by examining the software's configuration settings and current security posture. b. Credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests. c. Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests. d. Non-intrusive scans find deep vulnerabilities that would have otherwise gone unnoticed.
c. Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests.
98. What is an officially released software security update intended to repair a vulnerability called? a. Firmware b. Vector c. Patch d. Default
c. Patch
12. Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming? a. Phishing involves sending millions of generic email messages to a large volume of users, whereas pharming targets specific users by sending emails customized to the recipients, including their names and personal information. b.Phishing involves sending customized emails to recipients, including their names and personal information, to make the message appear legitimate, whereas pharming is a variant of phishing that specifically targets wealthy individuals or senior executives within a business. c. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converte
c. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP.
99. What do servers connected in a cluster use to communicate with each other? a. Shared disk connection b. Public cluster connection c. Private cluster connection d. Independent cluster connection
c. Private cluster connection
137. Which data category can be accessed by any current employee or contractor? a. Confidential b. Critical c. Proprietary d. PHI
c. Proprietary
254. Which of the following digital certificates are self-signed and do not depend on the higher-level certificate authority (CA) for authentication? a. Intermediate digital certificates b. Domain digital certificates c. Root digital certificates d. User digital certificates
c. Root digital certificates
48. Which type of malware can hide its agenda inside other processes, making it undetectable, and what is it usually used for? a. RAT, an executable program that gives unauthorized remote access to a user's computer b. Trojan, an executable program that pretends to perform a harmless activity while doing something malicious c. Rootkit, a malware that uses the lower layers of the operating system or undocumented functions to make alterations to the operating system's processes d. Backdoor, which gives access to a computer, program, or service that overrides any normal security protections
c. Rootkit, a malware that uses the lower layers of the operating system or undocumented functions to make alterations to the operating system's processes
113. The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d."Which of the following types of attack is this? a. Dictionary attack b. Brute force attack c. Rule attack d. Password spraying
c. Rule attack
124. Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system:On booting the computer, the following message was flashing on the computer screen with the IRS logo:"This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of
c. Smitha's computer is compromised by ransomware.
209. Which of the following is associated with port security? a. Tokenization b. Masking c. Spanning-tree protocol d. Split tunnel
c. Spanning-tree protocol
87. Which of the following uses vulnerable applications to modify Microsoft registry keys? a. Quarantine b. Executable files attack c. System tampering d. Process spawning control
c. System tampering
295. The risk of DDoS attacks, SQL injection attacks, phishing, etc., is classified under which threat category? a. Compliance b. Operational c. Technical d. Strategic
c. Technical
43. An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack? a. The attacker is using an integer overflow attack that will change the state of the local drive's memory. b. The attacker is using a buffer overflow to initiate an integer overflow attack that can allow access to private data on the local drive. c. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine. d. The attacker is using a buffer overflow to initiate an integer overflow attack that will give them access to the machine's OS code.
c. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine.
287. In an interview, you are asked to explain the major objective of having resilience in an organization. How should you respond? a. The major objective of resilience in an organization is to attract more customers. b. The major objective of resilience in an organization is to achieve the yet-unachieved. c. The major objective of resilience in an organization is to provide uninterrupted services. d. The major objective of resilience in an organization is to enhance the end-user experience.
c. The major objective of resilience in an organization is to provide uninterrupted services.
263. A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation? a. This is a software keylogger attack, as it is sharing the information every three hours to the attacker. b. This is a hardware keylogger attack; it is only periodically sharing the information and is a manual transfer of information by a human agent. c. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared. d. This is a hardware keylogger attack, as video capture functionality and periodic transfer of data are not pos
c. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.
268. Which of the following is an example of evidence collected from metadata? a. Drive file slack b. RAM slack c. Time stamp d. Chain of custody
c. Time stamp
181. Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode? a. To deny any authentication process when a security breach occurs b. To securely manage different instances of the desktop c. To prevent malware from tricking users by spoofing what appears on the screen d. To manage virtualized desktops in a secure manner
c. To prevent malware from tricking users by spoofing what appears on the screen
56. You are a cloud administrator, and you are asked to configure a VPC such that backend servers are not publicly accessible. What should you do to achieve this goal? a. Deploy backend servers in different availability zones b. Deploy the backend servers on premises c. Use private subnets for backend servers d. Implement audit logging on backend servers
c. Use private subnets for backend servers
79. You are a cloud administrator, and you are asked to configure a VPC such that backend servers are not publicly accessible. What should you do to achieve this goal? a. Deploy backend servers in different availability zones b. Deploy the backend servers on premises c. Use private subnets for backend servers d. Implement audit logging on backend servers
c. Use private subnets for backend servers
172. Your enterprise recently decided to hire new employees as work-from-home interns. For the new employees to work from home, you need to create a network that will allow them to securely access enterprise data from remote locations.Which of the following protocols should you use? a. S/MIME b. FTPS c. VPN d. SNMP
c. VPN
282. Which of the following tools can be used for virtual machine sprawl avoidance? a. Virtual desktop infrastructure b. Software-defined visibility c. Virtual machine manager d. Virtual machine escape protection
c. Virtual machine manager
8. Which of the following tools can be used for virtual machine sprawl avoidance? a. Virtual desktop infrastructure b. Software-defined visibility c. Virtual machine manager d. Virtual machine escape protection
c. Virtual machine manager
169. A cybercriminal attempts to trick a computer's user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage.What should the user implement to avoid this situation? a. CSP b. HSTS c. X-Frame d. X-XSS
c. X-Frame
68. You are the cybersecurity chief of an enterprise. A risk analyst new to your company has come to you about a recent report compiled by the team's lead risk analyst. According to the new analyst, the report overemphasizes the risk posed by employees who currently have broad network access and puts too much weight on the suggestion to immediately limit user access as much as possible. According to the new analyst, not only does the report not mention the risk posed by a hacktivist group that has successfully attacked other companies in the same industry, it doesn't mention data points related to those breaches and your company's risk of being a future target of the group. How should you address this issue so that future reports and risk analyses are more accurate and cover as many risks as needed? a. You should implement qualitative risk assessment. b. You should implement quantitative risk assessment. c. You sh
c. You should implement risk control self-assessment.
238. You are a senior security admin in your enterprise. You have been asked to perform an incident response exercise so that you and your colleagues can analyze every possible scenario in case of an attack in the most realistic manner.Which of the following actions should you take? a. You should conduct a tabletop exercise. b. You should walk through the proposed recovery procedures. c. You should run a plausible simulated attack on the network. d. You should challenge an attacker to breach enterprise security.
c. You should run a plausible simulated attack on the network.
206. The head of cybersecurity at your enterprise has asked you to set up an IDS that can create the baseline of all system activities and raise an alarm whenever any abnormal activities take place, without waiting to check the underlying cause. Which of the following actions should you take? a. You should set up an IDS with behavior-based monitoring methodology. b. You should set up an IDS with heuristic monitoring methodology. c. You should set up an IDS with anomaly-based monitoring methodology. d. You should set up an IDS with signature-based monitoring methodology.
c. You should set up an IDS with anomaly-based monitoring methodology.
35. The head of cybersecurity at your enterprise has asked you to set up an IDS that can create the baseline of all system activities and raise an alarm whenever any abnormal activities take place, without waiting to check the underlying cause. Which of the following actions should you take? a. You should set up an IDS with behavior-based monitoring methodology. b. You should set up an IDS with heuristic monitoring methodology. c. You should set up an IDS with anomaly-based monitoring methodology. d. You should set up an IDS with signature-based monitoring methodology.
c. You should set up an IDS with anomaly-based monitoring methodology.
196. You are a cybersecurity investigator and you're asked to query log files for faster analysis. Which of the following log management tools should you use? a. nxlog b. rsyslog c. journalctl d. syslog-ng
c. journalctl
240. You are analyzing the settings for your network's firewall. There is currently a log-only rule set for the source address 112.101.2.4. Which of the following has created a log entry in the firewall? a. A rule is set to bypass all packets from 112.101.2.4. b. A rule is set to bypass all packets from 112.101.1.1 through 112.101.2.5. c. A rule is set to deny all packets from 112.101.1.1 through 112.101.2.11. d. A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22.
d. A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22.
18. Sara is asked to create a controller for light sensors. When the light falls on the sensor, it needs to indicate when a particular object is moved from its original position. For this, she needs a credit card-sized motherboard with a microcontroller on it. Which option should she select? a. SoC b. Raspberry Pi c. FPGA d. Arduino
d. Arduino
95. Sara is asked to create a controller for light sensors. When the light falls on the sensor, it needs to indicate when a particular object is moved from its original position. For this, she needs a credit card-sized motherboard with a microcontroller on it. Which option should she select? a. SoC b. Raspberry Pi c. FPGA d. Arduino
d. Arduino
110. Which of the following best describes bash? a. Bash is a physical security measure. b. Bash is computer hardware. c. Bash is a network assessment tool. d. Bash is a command language interpreter.
d. Bash is a command language interpreter.
121. Which of the following best describes skimming? a. Altering the condition of a secure key by using hardware b. Altering the condition of a secure key by using software c. Intercepting the OTP to gain unauthorized access d. Capturing information from the magnetic stripe of a smartcard
d. Capturing information from the magnetic stripe of a smartcard
16. You have been hired as a security administrator. While analyzing your organization's personnel policies, you notice the presence of multiple orphaned accounts. How should you handle this situation? a. Change the 'accounts password ages b. Change the domain group policy for password complexity c. Change the domain group policy for password history d. Change the account expiration settings
d. Change the account expiration settings
131. In an interview, you are asked to differentiate between data protection and data privacy. How should you differentiate between data protection and data privacy? a. Data protection involves unauthorized data access, while data privacy secures data against authorized access. b. Data protection secures data against unauthorized access, while data privacy secures data against authorized access. c. Data protection secures data against authorized access, while data privacy involves unauthorized data access. d. Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access.
d. Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access.
38. When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. Which of the following techniques should you use to destroy the data? a. Delete the data b. Pulverize the data c. Shred the data d. Degauss the data
d. Degauss the data
72. When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. Which of the following techniques should you use to destroy the data? a. Delete the data b. Pulverize the data c. Shred the data d. Degauss the data
d. Degauss the data
114. Kane was transferring files from a file transfer protocol (FTP) server to his local machine simultaneously. He sniffed the traffic to find that only the control port commands are encrypted, and the data port is not encrypted. What protocol did Kane use to transfer the files? a. FTP b. TFTP c. SFTP d. FTPS
d. FTPS
185. Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network? a. Tailgating b. Phishing c. Vishing d. Footprinting
d. Footprinting
140. Which encryption method in BitLocker prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer? a. Filesystem cryptography b. Blockchain c. GNU privacy guard d. Full disk encryption
d. Full disk encryption
103. An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks.As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network? a. Implement BIOS supplemented with CMOS b. Use computers with flash memory for booting instead of BIOS c. Implement a Norton Antivirus solution d. Implement measured boot with UEFI
d. Implement measured boot with UEFI
29. Which cloud app security features check the last login's location and current login attempts to restrict login if found suspicious? a. Geo-tagging b. Geolocation c. Geofencing d. Impossible travel
d. Impossible travel
171. Which of the following describes a memory leak attack? a. Memory leak attacks take advantage of the token generated and sent to the user's browser by the website as part of the authentication. b. In a memory leak attack, an attacker changes the variable's value to something outside the range the programmer had intended. c. A memory leak occurs when a process attempts to store data beyond a fixed-length storage buffer's boundaries. d. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.
d. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.
170. How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance? a. It performs a fast initial scan that identifies open ports and responsive software. b. It identifies configuration and security postures within the network. c. It focuses the full scan by first comparing network configurations against known vulnerability databases. d. It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.
d. It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.
34. Which of the following is a disadvantage of the secure boot process? a. It does not validate the boot process. b. It requires an operating system like Microsoft OS to ensure secure boot. c. It slows down considerably, affecting the performance of the computer. d. It makes third party non-vendor-approved software difficult to implement.
d. It makes third party non-vendor-approved software difficult to implement.
136. In an interview, you are asked to analyze the following statements regarding secure network designs and choose the correct one. Which of the following should you choose? a. Zero trust is designed to make a system trusted. b. Workgroup switches reside at the top of the hierarchy and carry traffic between switches. c. When VLAN members on the same switch communicate with each other, the switch uses tags to transfer the packets. d. Load balancers can detect and stop protocol attacks directed at a server or application.
d. Load balancers can detect and stop protocol attacks directed at a server or application.
33. In an interview, you are asked to analyze the following statements regarding secure network designs and choose the correct one. Which of the following should you choose? a. Zero trust is designed to make a system trusted. b. Workgroup switches reside at the top of the hierarchy and carry traffic between switches. c. Switches can transfer packets when VLAN members on one switch need to communicate with members connected to another switch. d. Load balancers can detect and stop protocol attacks directed at a server or application.
d. Load balancers can detect and stop protocol attacks directed at a server or application.
299. Which of the following is used to create a sequence of numbers whose output is close to a random number? a. GnuPG b. RSA c. DSA d. PRNG
d. PRNG
91. Which of the following is used to create a sequence of numbers whose output is close to a random number? a. GnuPG b. RSA c. DSA d. PRNG
d. PRNG
243. Which of the following best describes an extranet? a. Additional network bandwidth being allocated b. Public network accessed by proper authorization c. Private network accessed by the public d. Private network only accessed by an authorized party
d. Private network only accessed by an authorized party
92. What does ransomware do to an endpoint device? a. Ransomware infects the endpoint devices and launches attacks on the infected endpoint and other devices connected to the network. b. Ransomware attacks the endpoint device without the consent of the user or the device, discreetly collecting and transmitting information, causing harm to the end user. c. Ransomware gets accidentally installed in the endpoint device as software along with other programs during the installation process. This happens when the user's installation and download options are overlooked, thus affecting the user application adversely. d. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
d. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
269. One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware? a. Disaster recovery plan b. Public cluster connection c. Private cluster connection d. Revert to a known state
d. Revert to a known state
67. One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware? a. Disaster recovery plan b. Public cluster connection c. Private cluster connection d. Revert to a known state
d. Revert to a known state
261. Which of the following network-based device logs are the least important when performing an incident investigation? a. Firewalls b. Web servers c. DHCP servers d. Routers and Switches
d. Routers and Switches
149. You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit? a. Discretionary access control b. Mandatory access control c. Role-based access control d. Rule-based access control
d. Rule-based access control
179. You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit? a. Discretionary access control b. Mandatory access control c. Role-based access control d. Rule-based access control
d. Rule-based access control
201. You are asked to transfer a few confidential enterprise files using the file transfer protocol (FTP). For ensuring utmost security, which variant of FTP should you choose? a. TFTP b. FTP c. FTPS d. SFTP
d. SFTP
173. Which of the following best describes a Fake RAID? a. Hardware RAID assisted by BIOS b. Software RAID c. Hardware RAID d. Software RAID assisted by BIOS
d. Software RAID assisted by BIOS
249. Which function in cryptography takes a string of any length as input and returns a string of any requested variable length? a. Filesystem b. BitLocker c. Steganography d. Sponge
d. Sponge
211. Which technology under wireless communication is an integrated circuit that securely stores information used to identify and authenticate the IoT device? a. Zigbee b. Narrowband IoT c. Cellular IoT baseband d. Subscriber identity module
d. Subscriber identity module
246. Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database:'whatever' AND email IS NULL;What has been accessed by the attacker running this SQL injection? a. The attacker accessed the data of specific users. b. The attacker accessed the entirety of email address data from all users in the database. c. The attacker has used the SQL injection to delete the table in the database. d. The attacker has determined the names of different types of fields in the database.
d. The attacker has determined the names of different types of fields in the database.
191. What action does a BPDU guard take when a BPDU is received from an endpoint and not a switch? a. The port remains active, and the traffic will be forwarded to another port. b. The port is disabled, and no traffic will be sent by the port while it can still receive traffic. c. The port remains active, and no traffic will be received by the port, but it can still send traffic. d. The port is disabled, and no traffic will be sent or received by the port.
d. The port is disabled, and no traffic will be sent or received by the port.
148. Several websites use URLs similar to one of the most globally popular websites, attempting to attract traffic if a user misspells the popular website's URL. What is this social engineering technique called? a. Pharming b. Spam c. Tailgating d. Typo squatting
d. Typo squatting
120. Alex is working for Alpha Technology as a system administrator. The enterprise's sales team uses multiple external drives, often containing confidential data, that they carry between their offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen or lost, and why? a. Use steganography because it gives remote access to the drive, and Alex can remotely disable the drive. b. Use HSM because it allows Alex to track the device and stop the user from using the device. c. Implement blockchain in the enterprise because it allows Alex to access the drive's location and remotely disable it. d. Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.
d. Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.
298. The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled "secret," transactions.xlsx is labeled "top secret," and employees.xlsx is labeled "confidential." You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx.How should you configure the user clearance? a. User A: top secret; User B: secret b. User A: confidential; User B: top secret c. User A: confidential; User B: secret d. User A: top secret; User B: confidential
d. User A: top secret; User B: confidential
108. Which wireless probe can be designed by configuring a laptop computer to scan and record wireless signals within its range at regular intervals and report the information to a centralized database? a. Access point probe b. Dedicated probes c. Desktop probe d. Wireless device probe
d. Wireless device probe
126. Which of the following is a third-party network analysis tool? a. netstat b. curl c. hping d. nmap
d. nmap
242. Which of the following log management tools has content filtering? a. nxlog b. rsyslog c. journalctl d. syslog-ng
d. syslog-ng