SEC 110 Final
The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d." Which of the following types of attack is this? a. Dictionary attack b. Rule attack c. Brute force attack d. Password spraying
b. Rule attack
Which of the following devices can perform cryptographic erase? a. HSM b. SED c. TPM d. USB device encryption
b. SED (Self-Encrypting Drive)
Which of the following is defined as a structure for governing all the elements involved in digital certificate management? a. Web of trust model b. CA c. M-of-N control d. PKI
d. PKI (Public key infrastructure)
Which data category can be accessed by any current employee or contractor? a. Proprietary b. Critical c. Confidential d. PHI
a.Proprietary
Which of the following computing platforms is highly vulnerable to attacks? a. On-premises b. Cloud c. Hybrid d. Legacy
d.Legacy
Pat is asked to automate critical security functions like responding to detected threat patterns in an enterprise network. Which of the following should be done by Pat? a. Use virtual desktop infrastructure b. Implement subnetting c. Use software-device visibility d. Use a software-device network
c.Use software-device visibility
Which of the following RAID configurations have no fault tolerance? a. RAID level 0 b. RAID level 5 c. RAID level 10 d. RAID level 1
a. RAID level 0
In a security review meeting, you proposed a demilitarized zone for one of your company's data centers. You were then asked to explain the objective of having a DMZ in the data centers. Which of the following should be your answer? a. A DMZ will separate the secure facilities from unknown and potentially hostile outsiders. b. A DMZ will open up a discussion about enterprise strategies to a broader employee base. c. A DMZ will allow employees to relax between working hours and be more vigilant while working. d. A DMZ will monitor network traffic so that the cybersecurity team can focus on other threats.
a. A DMZ will separate the secure facilities from unknown and potentially hostile outsiders.
Which of the following correctly differentiates between a man-in-the-middle (MITM) attack and a man-in-the-browser (MITB)? a. A MITM attack occurs between two endpoints, whereas a MITB attack occurs between a browser and underlying computer. b. A MITM attack can only analyze the intercepted packet, whereas a MITB attack can modify the intercepted packet. c. A MITM attack occurs between two endpoints, whereas a MITB attack occurs between a browser and web server. d. A MITM attack can modify the intercepted packet, whereas a MITB attack can only analyze it.
a. A MITM attack occurs between two endpoints, whereas a MITB attack occurs between a browser and underlying computer.
Which of the following best describes a mantrap? a. A mantrap is a small space with two separate sets of interlocking doors. b. A mantrap is a challenge given to cybersecurity experts. c. A mantrap separates threat actors from defenders. d. A mantrap cools a server room by trapping body heat.
a. A mantrap is a small space with two separate sets of interlocking doors.
Which specific type of attack occurs when a threat actor redirects network traffic by modifying the local host file to send legitimate traffic anywhere they choose? a. DNS poisoning b. DNS hijacking c. On-path browser attack d. Port stealing
a. DNS poisoning
Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability? a. A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software. b. A zero-day vulnerability results from users improperly configuring software, whereas a configuration vulnerability results from the developers improperly configuring the software. c. A zero-day vulnerability results from improper hardware configurations, whereas a configuration vulnerability results from improper software configuration. d. A zero-day vulnerability is an easily fixable vulnerability recognized by a software developer, whereas a configuration vulnerability is a major vulnerability present in a system exploited by a threat actor before the software developer can fix it.
a. A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software.
"Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts." "All computers and laptops should be secured with a password-protected screensaver, setting the automatic activation feature set at 10 minutes or less, or logging off when the host is unattended." Which policy includes these directives? a. Acceptable use policy b. Onboarding and offboarding c. Least Privilege d. Separation of duties
a. Acceptable use policy
Which of the following best describes bash? a. Bash is a command language interpreter. b. Bash is computer hardware. c. Bash is a physical security measure. d. Bash is a network assessment tool.
a. Bash is a command language interpreter.
Sigma Technology is a company based in Singapore, with branches in 24 countries. It needs multiple CAs in different locations to verify and sign digital certificates for the company. They are looking for an option where, even in the absence of a CA, other CAs can issue the certificates. Additionally, they are also looking for CAs who will overlook other CAs in different locations. In such a scenario, which PKI trust model should they use? a. Bridge trust mode b. Hierarchical trust model c. Distributed trust model d. Web of trust model
a. Bridge trust mode
Which of the following best describes the cloud access security broker? a. CASB ensures the security policies of the enterprise comply with the cloud. b. CASB allows secure access to the data stored in the cloud from any device. c. CASB is a virtual alternative to a physical firewall. d. CASB secures the data stored in the cloud by restricting unauthorized access.
a. CASB ensures the security policies of the enterprise comply with the cloud.
A company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred. Which of the following actions would help achieve this objective? a. Checking the dark web b. Checking the surface web c. Implementing TCP/IP protocol across the network d. Checking the green web
a. Checking the dark web
What is the primary difference between credentialed and non-credentialed scans? a. Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials. b. Credentialed scans are legal, while non-credentialed scans are illegal. c. Credentialed scans are performed by pen testers, while non-credentialed scans are performed by authorized officers. d. Credentialed scans use advanced scanning tools, while non-credentialed scans do not use tools.
a. Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials.
Which unit is used by quantum computers, making them faster and more efficient than normal computers? a. Qubit b. Mole c. Candela d. Ampere
a. Qubit
When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. Which of the following techniques should you use to destroy the data? a. Degauss the data b. Pulverize the data c. Delete the data d. Shred the data
a. Degauss the data
Which of the following is part of the OS security configuration? a. Disabling default passwords and unnecessary ports b. Installing the latest version of OS c. Giving all users administrator privileges d. Enabling the most secure OS platform
a. Disabling default passwords and unnecessary ports
Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the application. What process did Mary use? a. Fuzzing b. Code signing c. Dead coding d. Camouflaged coding
a. Fuzzing
You are a security administrator asked to restrict employees in your organization from accessing their social media accounts at their workplace. Which of the following mobile device location-based policies should you use to accomplish this? a. Geofencing b. Geolocation c. Geo-tagging d. Geomapping
a. Geofencing
The protection of which of the following data type is mandated by HIPAA? a. Health information b. Proprietary data c. Public data d. Personally identifiable information
a. Health information
Which of the following best describes east-west traffic? a. Movement of data from one server to another within a data center b. Movement of data from an unsecured endpoint to a server outside a data center c. Movement of data from one unsecured endpoint to another d. Movement of data from a router to an enterprise switch
a. Movement of data from one server to another within a data center
Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming? a. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP. b. Phishing involves digging through trash receptacles to find information that can be useful in an attack, whereas pharming involves sending millions of unsolicited emails to a large volume of users. c. Phishing involves sending millions of generic email messages to a large volume of users, whereas pharming targets specific users by sending emails customized to the recipients, including their names and personal information. d. Phishing involves sending customized emails to recipients, including their names and personal information, to make the message appear legitimate, whereas pharming is a variant of phishing that specifically targets wealthy individuals or senior executives within a business.
a. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP.
You work for an enterprise that provides various cybersecurity services. You are assigned to examine an enterprise's network and suggest security measures modifications, if necessary. On examining the network, you find that the enterprise hosts most of its computing resources on a cloud platform and few resources on-premises, and both seem to have secure settings implemented. You also find that the enterprise computers use the Windows XP operating system. Which of the following vulnerabilities should you insist on fixing first? a. Platform vulnerability b. Zero-day vulnerability c. Third-party vulnerability d. Configuration vulnerability
a. Platform vulnerability
Which of the following is a social engineering method that attempts to influence the subject before the event occurs? a. Prepending b. Redirection c. Watering hole d. Spear phishing
a. Prepending
Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats? a. Purple team b. Red team c. Blue team d. White team
a. Purple team
Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next? a. Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next. b. Robert used mimikatz for tailgating, and should perform phishing next. c. Robert used mimikatz for footprinting, and should install a backdoor next. d. Robert used mimikatz for phishing, and should perform lateral movement next.
a. Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next.
You are the chief security administrator in your enterprise. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Which of the following training techniques should you use? a. Role-based awareness training b. Gamification c. Computer-based training d. Capture the flag
a. Role-based awareness training
During an investigation, it was found that an attacker did the following: Intercepted the request from the user to the server and established an HTTPS connection between the attacker's computer and the server while having an unsecured HTTP connection with the user. This gave the attacker complete control over the secure webpage. Which protocol helped facilitate this attack? a. SSL b. SSH c. ECB d. S/MIME
a. SSL (Secure Sockets Layer)
Which of the following is a deception instrument? a. Sinkhole b. WAF c. Forward proxy d. Reverse proxy
a. Sinkhole
Mike, an employee at your company, approached you seeking help with his virtual machine. He wants to save the current state of the machine to roll back to the saved state in case of a malfunction. Which of the following techniques can help Mike? a. Take snapshots to save the virtual machine state b. Use containers to save the virtual machine state c. Use LDAP to save the virtual machine state d. Apply sandboxing to save the virtual machine state
a. Take snapshots to save the virtual machine state
An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack? a. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine. b. The attacker is using a buffer overflow to initiate an integer overflow attack that will give them access to the machine's OS code. c. The attacker is using an integer overflow attack that will change the state of the local drive's memory. d. The attacker is using a buffer overflow to initiate an integer overflow attack that can allow access to private data on the local drive.
a. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine.
Which of the following is a primary difference between a red team and a white team? a. The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing. b. The red team provides real-time feedback to enhance the threat detection capability, whereas the white team defines the rules of penetration testing. c. The red team uses an automated vulnerability scanning tool to find vulnerabilities, whereas the white team defines the rules of penetration testing. d. The red team uses an automated vulnerability scanning tool to find vulnerabilities, whereas the white team decides which tool to use in automated vulnerability scanning.
a. The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing.
Samira is developing a virtual private chat application for ABC Consulting. The following are requirements provided by the organization while making the application: 1. All the communications should happen within the same network, host-to-host. 2. The information shared through this app should be kept confidential. Hence, the whole IP packet should be encrypted, giving access to only authorized personnel. 3. There should be a private network for host-to-host communication Which of the following modes should Sara consider for encryption in this project? a. Tunnel mode b. Transport mode c. GCM mode d. Counter mode
a. Tunnel mode
A vulnerability assessment engineer performed vulnerability scanning on active directory servers and discovered that the active directory server is using a lower version of Kerberos. To alert management to the risk behind using a lower version of Kerberos, he needs to explain what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can the attacker perform after exploiting vulnerabilities in Kerberos? a. Use privilege escalation b. Use a lateral movement c. Use a vertical movement d. Use DLL injection
a. Use privilege escalation
Which of the following outlines the process of a proxy server? a. User - forward proxy - Internet - reverse proxy - user b. User - forward proxy - user - reverse proxy - Internet c. User - reverse proxy - Internet - forward proxy - user d. User - internet - reverse proxy - forward proxy - user
a. User - forward proxy - Internet - reverse proxy - user
A cybercriminal attempts to trick a computer's user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage. What should the user implement to avoid this situation? a. X-Frame b. CSP c. HSTS d. X-XSS
a. X-Frame
You are working as a security admin in an enterprise. While you were analyzing different password attacks, you found that whenever an individual user's password gets cracked, another user with the same password residing in the same password digest file also has their account compromised. How should you prevent this from happening in the future? a. You should add salt to the passwords before hashing. b. You should tell the users not to use the same passwords. c. You should store the digest files in a password vault. d. You should run key stretching algorithms on the passwords.
a. You should add salt to the passwords before hashing.
A source computer's ability to reach a specified destination computer can be tested using which of the following? a. ping b. ipconfig c. curl d. ifconfig
a. ping
While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid. What is Andel likely a victim of? a. CSRF b. Spyware c. Keyloggers d. RAT
a.CSRF (Cross-Site Request Forgery)
Who implements access control based on the security level determined by the data owner? a. Data custodian b. Data privacy officer c. Data controller d. Data processor
a.Data custodian
Under which vulnerability can an attacker steal information from a user's phone using a device to connect to the phone without physically touching it? a. Data theft b. Device theft c. Eavesdropping d. Man-in-the-middle
a.Data theft
Which mobile device location-based policy is used to identify geographical location by analyzing media files? a. Geo-tagging b. Impossible travel c. Geofencing d. Geolocation
a.Geo-tagging
Zara has been instructed to organize an event where top companies will come and give a webinar. Since the event is large and the number of people attending is substantial, Zara needs to ensure that there are no disturbances. She thinks preventing devices from communicating and calls from being made or received is the easiest solution. Which factor should Zara use to achieve this? a. Jamming b. Evil twin c. Rogue access point d. Disassociation
a.Jamming
In an interview, you were asked to briefly describe how emails containing malware or other contents are prevented from being delivered. Which of the following should be your reply? a. Mail gateways prevent unwanted mails from being delivered. b. LDAP prevents unwanted mails from being delivered. c. SMTP relays prevent unwanted mails from being delivered. d. X.500 prevents unwanted mails from being delivered.
a.Mail gateways prevent unwanted mails from being delivered.
What is the secure coding technique that organizes data within the database for minimum redundancy? a. Normalization b. Stored procedure c. Dead code d. Code signing
a.Normalization
Sarah needs to send an email with important documents to her client. Which of the following protocols ensures that the email is secure? a. S/MIME b. SSH c. SSL d. SHTTP
a.S/MIME (Secure/Multipurpose Internet Mail Extension)
David is asked to test a new configuration on a virtual machine; if it does not work, it should roll back to the older state. What should David do before testing the new configuration so he can roll it back to the previous state if needed? a. Take a snapshot of the virtual machine before testing the configuration b. Take a screenshot of the virtual machine before testing the configuration c. Use sandboxing in the virtual machine before testing the configuration d. Enable "roll back" on the previous configuration before testing the new configuration
a.Take a snapshot of the virtual machine before testing the configuration
Which of the following best describes a network hardware security module? a. A network hardware security module is a deception instrument used to deceive threat actors by intentionally deploying vulnerable devices. b. A network hardware security module is a trusted network computer that performs cryptographic operations. c. A network hardware security module is an intrusion detection system that detects any intrusion in a network. d. A network hardware security module is a hardware firewall that monitors incoming and outgoing traffic of a network.
b. A network hardware security module is a trusted network computer that performs cryptographic operations.
Sara is asked to create a controller for light sensors. When the light falls on the sensor, it needs to indicate when a particular object is moved from its original position. For this, she needs a credit card-sized motherboard with a microcontroller on it. Which option should she select? a. SoC b. Arduino c. Raspberry Pi d. FPGA
b. Arduino
Which of the following is an external perimeter defense method? a. Demilitarized zone (DMZ) b. Barrier c. Fire suppression d. Electronic lock
b. Barrier
Which of the following documents provide alternative modes of operation for interrupted business activities? a. Continuous data protection b. Business continuity plan c. Disaster Recovery plan d. Business impact analysis
b. Business continuity plan
Which of the following is a state of data, where data is transmitted across a network? a. 3DES b. Data in transit c. Data in processing d. Data at rest
b. Data in transit
John has been appointed as a product manager at a large mobile device manufacturing company. He is designing the core features included in their flagship mobile device that will be launched during the holiday shopping season. Which of the following features should he primarily include? a. Global positioning system (GPS) b. Data synchronization with a remote server or separate device c. Digital camera d. Microphone
b. Data synchronization with a remote server or separate device
Which of the following types of risk control occurs during an attack? a. Physical control b. Detective control c. Deterrent control d. Preventive control
b. Detective control
ABC Enterprises plans to upgrade its internal confidential communication channel for the senior management team, which is geographically spread out, to enhance communication speed and security. They have decided to use cryptography to achieve this but can't decide on which model. The CEO has come to you for your suggestion on whether to use RSA or ECC. What should you recommend to the CEO, and why? a. RSA, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes, making it secure and the communication exchange extremely fast. b. ECC, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes making it secure and the communication exchange extremely fast. c. ECC, as it uses three rounds of encryption. It employs 48 iterations in its encryptions, using different keys each for each round. This makes the message extremely secure while making the communication exchange extremely fast. d. RSA, as it uses three rounds of encryption. It employs 48 iterations in its encryptions, using different keys each for each round. This makes the message extremely secure while making the communication exchange extremely fast.
b. ECC, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes making it secure and the communication exchange extremely fast.
Amaya is looking for a hardware chip or integrated circuit (IC) that can be programmed by the user to carry out one or more logical operations, can be reprogrammed when needed, and can be configured by either the user or designer. Which option should Amaya select? a. 8051 microcontroller b. Field-programmable gate array (FPGA) c. Raspberry Pi d. Arduino
b. Field-programmable gate array (FPGA)
Which cloud app security features check the last login's location and current login attempts to restrict login if found suspicious? a. Geo-tagging b. Impossible travel c. Geofencing d. Geolocation
b. Impossible travel
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance? a. It performs a fast initial scan that identifies open ports and responsive software. b. It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels. c. It focuses the full scan by first comparing network configurations against known vulnerability databases. d. It identifies configuration and security postures within the network.
b. It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.
Which of the following is a legal complication related to forensics that should be considered when creating a cloud platform? a. Total unavailability of digital evidence b. Jurisdictional applicability c. High legal expenses d. Time elapsed before noticing an incident
b. Jurisdictional applicability
Kia recently noticed that when she browses her favorite online shopping site, she is immediately redirected to a competitor's site. What is happening here, and what is the best option for Kia to fix this situation? a. Kia must reinstall a fresh copy of the operating system and all applications. b. Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser. c. Kia has installed spyware, and she has to close the browser and reboot the system to correct the problem. d. Kia has accidentally installed a virus. She must close the browser and run a good antivirus program before browsing the website for shopping again.
b. Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser.
Which protocol should John select to prevent unwanted network access and be configured to permit traffic only from specific addresses and provide security? a. WPA b. MAC c. WEP d. WPS
b. MAC
Which of the following types of risk would organizations being impacted by an upstream organization's vulnerabilities be classified as? a. Multi-network risk b. Multiparty risk c. External risk d. Legacy risk
b. Multiparty risk
What is the power supply device that can ensure a correct and constant power level is delivered to a server? a. SAN b. Online UPS c. Offline UPS d. Dual power supply
b. Online UPS
You want to manage your passwords for different accounts to optimally secure passwords from compromise. Which of the following password management methods should you use? a. Password vault b. Password key c. Password generator d. Password digest
b. Password key
What do servers connected in a cluster use to communicate with each other? a. Independent cluster connection b. Private cluster connection c. Public cluster connection d. Shared disk connection
b. Private cluster connection
Which of the following is a form of malware attack that uses specialized communication protocols? a. Bot b. RAT c. Keylogger d. Spyware
b. RAT
What does ransomware do to an endpoint device? a. Ransomware gets accidentally installed in the endpoint device as software along with other programs during the installation process. This happens when the user's installation and download options are overlooked, thus affecting the user application adversely. b. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded. c. Ransomware attacks the endpoint device without the consent of the user or the device, discreetly collecting and transmitting information, causing harm to the end user. d. Ransomware infects the endpoint devices and launches attacks on the infected endpoint and other devices connected to the network.
b. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
What is the name of the process where a website validates user input before the application uses the input? a. Tokening b. Sanitizing c. Eliminating d. Authorizing
b. Sanitizing
Which of the following authentication methods belongs in the "something you have" category? a. Keystroke dynamics b. Security key c. Gait recognition d. Picture password
b. Security key
Which alert utility can identify theft in a smart meter? a. Meter readings b. Tamper protection c. Emergency communication d. Servicing
b. Tamper protection
In an interview, you are asked to explain the major objective of having resilience in an organization. How should you respond? a. The major objective of resilience in an organization is to achieve the yet-unachieved. b. The major objective of resilience in an organization is to provide uninterrupted services. c. The major objective of resilience in an organization is to attract more customers. d. The major objective of resilience in an organization is to enhance the end-user experience.
b. The major objective of resilience in an organization is to provide uninterrupted services.
Which of the following uses hardware encryption technology to secure stored data and ensures the inseparability of SEDs among vendors? a. Qubits b. Pad c. Key d. Opal
d. Opal
In an interview, the interviewer asks you to boot a PC. Before the boot process begins, an interface asks you to choose between Windows 10 and Ubuntu Linux. The interviewer then asks you to identify the type of VR monitor program being used. What should your reply be? a. Container b. Type I hypervisor c. Type II hypervisor d. Type III hypervisor
b. Type I hypervisor
Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake. What type of malicious activity will this be considered? a. Spamming b. Vishing c. Spimming d. Whaling
b. Vishing
William downloaded some free software to help him with photo editing. A few days later, William noticed several personal photographs were modified and posted to various social media pages with obscene comments. He also noticed that there were videos of him that were morphed and circulated on adult websites. The videos were obviously taken using his webcam. What should William do to fix his problem and prevent it from happening again in the future? a. William should run an antivirus program and scan for all known worms, then download a worm-removal program to ensure all infected files are fully removed from his system. To prevent this in the future, he should run the backdoor check every time he installs a new program. b. William should run an antimalware program and scan for all known RATs, then quarantine and remove the infected file(s). To prevent this in the future, he should only download software from trusted websites. c. William should run an antivirus program and scan for all known backdoor viruses, then remove the infected file(s). To prevent this in the future, he should run the backdoor check every time he installs a new program. d. William should disable his network devices, then run an antimalware program to scan for keyloggers while his computer is not connected to the internet and delete all infected files. To prevent this in the future, William should never download free software off the internet.
b. William should run an antimalware program and scan for all known RATs, then quarantine and remove the infected file(s). To prevent this in the future, he should only download software from trusted websites.
In a security review meeting, you are asked to take appropriate security measures to mitigate IP spoofing attacks against the enterprise network. Which of the following methods should you apply? a. You should set up a DLP. b. You should set up an ACL. c. You should set up a proxy server. d. You should set up a VPN.
b. You should set up an ACL.
In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose? a. #International$ b. earthwaterforesttreemanworldkid c. honesty d. n2(f!%^*%:(r)!#$
b. earthwaterforesttreemanworldkid
Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as? a. Zombie b. Bot herder c. Payload d. Botnet
b.Bot herder
In an interview, the interviewer introduced the following scenario: An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur. Which of the following should you choose? a. Physical access vulnerability b. Configuration vulnerability c. Zero-day vulnerability d. Third-party vulnerability
b.Configuration vulnerability
Which of the following sensors is best suited for fire detection? a. Noise detection sensor b. Temperature detection sensor c. Motion detection sensor d. Proximity sensor
b.Temperature detection sensor
Which of the following attacks is considered easy, allowing threat actors to access user data and read through passwords and PINs, and why is it considered so? a. A jamming attack, because this attack can be achieved using mobile phone networks. b. A disassociation attack, because the device gets disconnected from the network and can be hacked easily. c. A WLAN consumer attack, because many users fail to properly configure security on their home WLANs. d. A WDoS attack, because WLANs are less secure and can easily be hacked.
c. A WLAN consumer attack, because many users fail to properly configure security on their home WLANs.
You are analyzing the settings for your network's firewall. There is currently a log-only rule set for the source address 112.101.2.4. Which of the following has created a log entry in the firewall? a. A rule is set to bypass all packets from 112.101.1.1 through 112.101.2.5. b. A rule is set to deny all packets from 112.101.1.1 through 112.101.2.11. c. A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22. d. A rule is set to bypass all packets from 112.101.2.4.
c. A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22
You are asked to configure your firewall in such a way that the traffic from source address range 117.112.10.25 through 117.112.15.100 is allowed, while traffic from 117.112.12.25 through 117.112.13.25 is denied, and traffic from 117.112.12.200 through 117.112.13.10 is allowed. How should you configure the firewall? a. Deny 117.112.12.200 through 117.112.13.10; deny 117.112.12.25 through 117.112.13.25; allow 117.112.10.25 through 117.112.15.100 b. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; allow 117.112.12.200 through 117.112.13.10 c. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10 d. Allow 117.112.12.200 through 117.112.13.10; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.10.25 through 117.112.15.100
c. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary? a. Purple team b. Red team c. Blue team d. White team
c. Blue team
Zyan works for ABC Technology. The enterprise wants to provide smartphones to all its employees. They can choose from a limited list of approved mobile devices. But they need to pay for the device themselves. The company will pay them a monthly stipend. Which deployment method should Zyan suggest to meet his company's needs? a. Virtual desktop infrastructure (VDI) b. Corporate-owned device (COD) c. Choose your own device (CYOD) d. Corporate-owned personally enabled (COPE)
c. Choose your own device (CYOD)
Wireless data networks are particularly susceptible to which type of attack? a. Collision attack b. Birthday attack c. Ciphertext attack d. Downgrade attack
c. Ciphertext attack
Which of the following protects SNMP-managed devices from unauthorized access? a. X.500 b. X.500 lite c. Community string d. Resource records
c. Community string
Sansa is a network security administrator at an enterprise. She is asked to take appropriate steps to defend against a MAC address spoofing attack in the enterprise network. Which of the following methods should Sansa apply? a. Configure the switch so that no changes can be done once a port is assigned to a MAC address b. Close all unused ports in the switch so that old MAC addresses are not allowed c. Configure the switch so that only one port can be assigned per MAC address d. Increase the capacity of CAM to allow for an increased volume of MAC addresses
c. Configure the switch so that only one port can be assigned per MAC address
You are the security manager of an ISP, and you are asked to protect the name server from being hijacked. Which of the following protocols should you use? a. SFTP b. FTPS c. DNSSEC d. IMAP
c. DNSSEC
After a disaster disrupted your organization's functioning, you were assigned to determine the sequence for reinstating systems. Which of the following documents should you refer to when deciding the restoration order? a. COOP plan b. Business impact analysis c. Data recovery plan d. Single point of failure
c. Data recovery plan
John receives an encrypted document using asymmetric cryptography from Alex. Which process should Alex use along with asymmetric cryptography so that John can be sure that the received document is real, from Alex, and unaltered? a. Symmetric cryptography b. Rivest-Shamir-Alderman c. Digital signature algorithm d. Elliptic curve cryptography
c. Digital signature algorithm
A company has multiple CAs and intermediate CAs issuing digital certificates in different departments, with no one cross-checking their work. Which PKI trust model should the company use? a. Bridge trust model b. Web of trust model c. Distributed trust model d. Hierarchical trust model
c. Distributed trust model
What is meant by "the chain of trust" in boot security? a. Each step in the boot sequence relies on the confirmation of the hardware root of trust. b. Each step in the boot sequence relies on the operating system logs of the previous boot sequence for boot security. c. Each step in the boot sequence relies on the confirmation from the previous boot sequence step. d. Each step in the boot sequence follows its own process independently, trusting the previous sequence step.
c. Each step in the boot sequence relies on the confirmation from the previous boot sequence step.
Melvin is moving his small business from his basement to an office building now that he has five full-time employees. What type of enterprise AP should he choose when setting up the new office's WLAN? a. Controller AP b. Captive portal AP c. Fat AP d. Standalone AP
c. Fat AP
Your enterprise recently approved using fingerprint scanners to authenticate employees who access restricted areas. You are assigned to conduct a study on how secure fingerprint authentication is. Which of the following should you report? a. Fingerprint scanning is the safest available authentication method. b. Fingerprint scanners have the lowest false acceptance rate among other authentication methods. c. Fingerprint scanners can be used for trickery in rare cases. d. Fingerprint scanners have the highest false rejection rate among other authentication methods.
c. Fingerprint scanners can be used for trickery in rare cases.
Which of the following tools can be used to secure multiple VMs? a. Antivirus b. Intrusion detection system c. Firewall virtual appliance d. Firewall
c. Firewall virtual appliance
Which encryption method in BitLocker prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer? a. Blockchain b. GNU privacy guard c. Full disk encryption d. Filesystem cryptography
c. Full disk encryption
Ram's enterprise is hosting a web app that requires authentication. Recently, the password digest files of other enterprises were stolen, and the attackers cracked the passwords with ease. As such, Ram was asked to implement additional security measures for the web app's passwords. Which of the following methods should Ram apply? a. He should use a password key. b. He should use a password vault. c. He should use Key stretching. d. He should add salts to the hashes.
c. He should use Key stretching.
XYZ University wants to set up a VPN network to connect to the internet and ensure that all their data is safe. They have asked you to recommend the correct communication protocol to use. Which of the following protocols should you recommend and why? a. SSH, because it is used to secure communications between a browser and a web server. This ensures data is safe in communications across the network. b. TLS, because it is used to secure communications between a browser and a web server. This ensures data is safe in communications across the network. c. IPsec, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties. d. HTTPS, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties.
c. IPsec, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties.
What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware, and intrusion detection systems are implemented in all the computers on the network? a. Implement an antivirus solution in all systems and servers b. Disable operating system patch updates to prevent malicious attacks c. Implement hardening at endpoints with patch management and operating system safeguards d. Disable connections on the Wi-Fi network
c. Implement hardening at endpoints with patch management and operating system safeguards
Simon is working in a telecom firm. Being an HOD, he was asked to suggest a lock pattern for their mobile devices with the following features: The device should have a prerecord of its user's walking and other body movement patterns, and on sensing any change in the regular movements, should be able to lock the device. Which lock pattern should Simon suggest? a. Trusted face b. Trusted places c. On-body detection d. Trusted devices
c. On-body detection
Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database: 'whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection? a. The attacker has used the SQL injection to delete the table in the database. b. The attacker accessed the data of specific users. c. The attacker has determined the names of different types of fields in the database. d. The attacker accessed the entirety of email address data from all users in the database.
c. The attacker has determined the names of different types of fields in the database.
Which protocol is used to prevent looping in a switch? a. SSTP b. SSL c. STP d. SMTP
c. STP
Zain, a telecom engineer, plans to relocate a particular AP antenna to a new location. Which of the following configuration options will he use to adjust frequency bands, optimum channels, and available spectrum for data transfer? a. Signal strength settings b. Wi-Fi analyzers c. Spectrum selection d. Antenna placement
c. Spectrum selection
Which function in cryptography takes a string of any length as input and returns a string of any requested variable length? a. BitLocker b. Steganography c. Sponge d. Filesystem
c. Sponge
As a cybersecurity specialist, you are asked to defend the web app hosted by your enterprise from web application attacks like cross-site scripting, SQL injections, etc. Which of the following actions should you take? a. You should install an NGFW. b. You should install a proxy server. c. You should install a WAF. d. You should install an NAT.
c. You should install a WAF.
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily? a. GLB b. FISMA c. SOX d. PCIDSS
d. PCIDSS
ABC Technologies had its computer network compromised through a cybersecurity breach. A cybersecurity expert was employed to analyze and identify what caused the attack and the damage caused by the attack. He checked an available database for this purpose and found the threat actor behind the attack. He also found out the cybercriminal has been attempting to sell the company's valuable data on the internet. Which are the most probable methods used by the cybersecurity expert to get to this stage of the investigation? a. The cybersecurity expert checked the threat maps and used TAXII. b. The cybersecurity expert used STIX and checked with CISCP. c. The cybersecurity expert checked with CISCP and also investigated the dark web. d. The cybersecurity expert checked the threat maps and used the MAR report.
c. The cybersecurity expert checked with CISCP and also investigated the dark web.
Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators' solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications. What type of attack is this? a. This is an AI attack. b. This is a backdoor attack. c. This is an API attack. d. This is a device driver manipulation attack.
c. This is an API attack
Which of the following best describes trusted location in MS Office? a. Trusted location is the place where operating system files are stored. b. Trusted location is used to lock important files. c. Trusted location allows you to run macros-enabled files with no security restrictions. d. Trusted location allows you to prevent infected files from damaging the system.
c. Trusted location allows you to run macros-enabled files with no security restrictions
Which encryption is a chip on the motherboard of a computer that provides cryptographic services? a. Self-encrypting hard disk drives b. Hardware security module c. Trusted platform module d. File and File system cryptography
c. Trusted platform module
Which of the following is a motherboard chip that provides cryptographic services? a. Hardware security module b. Windowed token c. Trusted platform module d. Security key
c. Trusted platform module
Several websites use URLs similar to one of the most globally popular websites, attempting to attract traffic if a user misspells the popular website's URL. What is this social engineering technique called? a. Pharming b. Spam c. Typo squatting d. Tailgating
c. Typo squatting
You are working as a security expert in an e-commerce enterprise. Your company recently decided on a short-term collaboration with a small business named BuyMe, and the following issue arose. Whenever your customers purchase any product from BuyMe, the e-commerce website redirects them to the BuyMe website, asking for additional authentication. This results in customers abandoning their purchases. To solve this issue, both enterprises agree to use a single authentication process wherein the users, once logged in to your website, can purchase from BuyMe without additional steps. How should you implement this without storing the customers' credentials on the BuyMe server? a. Use TACACS+ b. Use RADIUS authentication c. Use SAML d. Use Using Kerberos authentication
c. Use SAML
The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled "secret," transactions.xlsx is labeled "top secret," and employees.xlsx is labeled "confidential." You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx. How should you configure the user clearance? a. User A: confidential; User B: top secret b. User A: confidential; User B: secret c. User A: top secret; User B: confidential d. User A: top secret; User B: secret
c. User A: top secret; User B: confidential
What is the inbuild application available to prevent threat actors from modifying the registry in a Windows 10 operating system? a. Window 10 user interface b. Windows 10 registry editor c. Windows 10 tamper protection d. Windows 10 command prompt
c. Windows 10 tamper protection
Bob has been asked to do research into increasing the accuracy in identifying rogue APs in his enterprise. Which rogue AP system detection probe will allow his company's IT department to monitor the airwaves for traffic, scan and record wireless signals within its range (even when the device is idle or not receiving any transmission), and then report this information to a centralized database? a. Desktop probe b. Dedicated probes c. Wireless device probe d. Access point probe
c. Wireless device probe
Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users' sessions. Which of the following is the most appropriate action for you to take? a. You should provide each user a unique static session ID. b. You should mention "log off after visit" on the web app. c. You should implement cryptography using OpenSSL. d. You should encrypt the session ID displayed on the URL.
c. You should implement cryptography using OpenSSL.
As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply? a. You should set up a virtual private network. b. You should set up a proxy server. c. You should set up a DNS sinkhole. d. You should set up a host-based firewall.
c. You should set up a DNS sinkhole
You are asked to configure your enterprise network in such a way that the customer support team gets a higher priority in the network and can conduct customer video calls without any connectivity issues. Which of the following methods should you apply? a. You should set up load balancers to give higher priority to the customer support team. b. You should set up a VPN to give higher priority to the customer support team. c. You should set up quality of service to give higher priority to the customer support team. d. You should set up masking to give higher priority to the customer support team.
c. You should set up quality of service to give higher priority to the customer support team.
You are assigned to destroy the data stored in electrical storage by degaussing. You need to ensure that the drive is destroyed. What should you do before degaussing so that the destruction can be verified? a. You should burn the disk before degaussing. b. You should perform data masking before degaussing. c. You should wipe the data before degaussing. d. You should delete the data before degaussing.
c. You should wipe the data before degaussing
Why was the BIOS framework relocated to flash memory from a complementary metal-oxide-semiconductor (CMOS) in later development? a. Flash memory solves the problem of poor CMOS performance during the low-battery process, which hampered the BIOS function. b. Using CMOS, when in ROM, BIOS could not correctly locate the address of the OS, which is not a problem with flash memory. c. Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS. d. Unlike a CMOS, flash memory prevents malicious activities from taking place within the framework.
c.Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS.
A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court's website was hacked, and the content was replaced with the text "Equal justice for all." Which of the following type of threat actors attacked the court's site? a. Insiders b. Cyberterrorists c. Hacktivists d. State actors
c.Hacktivists
Which of the following is considered an industry-specific cybersecurity regulation? a. Personal Information Protection and Electronic Documents Act (PIPEDA) b. Sarbanes-Oxley Act of 2002 (SOX) c. Health Insurance Portability and Accountability Act of 1996 (HIPAA) d. Gramm-Leach-Bliley Act (GLB)
c.Health Insurance Portability and Accountability Act of 1996 (HIPAA)
One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware? a. Disaster recovery plan b. Public cluster connection c. Revert to a known state d. Private cluster connection
c.Revert to a known state
In an interview, Max was asked to tell one difference between a software firewall and a virtual firewall. How should Max answer? a. Virtual firewalls are cost-free, whereas software firewalls are paid services. b. Virtual firewalls are used on almost all devices, whereas software firewalls are mostly used by enterprises. c. Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud. d. Software firewalls can protect all the endpoints in a network, whereas virtual firewalls can protect only one device.
c.Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud.
Why are jamming attacks generally rare? a. The transmitter is not very powerful and must be close to the target b. They can't get around new IEEE amendments that fully protect WLANs c. They require expensive, sophisticated equipment d. They can't identify WLAN RF signals from other device signals
c.They require expensive, sophisticated equipment
Which type of attack can give an attacker access to a device and allow them to copy personal information using an unauthorized radio frequency connection? a. NFC attack b. Bluejacking c. RFID attack d. Bluesnarfing
d. Bluesnarfing
Justin works for an automobile manufacturer. The company is designing a new car that enables the users to use the car as a mobile office. To achieve this, the car must provide an internet connection as an access point, mirror a smartphone screen on the LED dash display, and have a hands-free system where drivers can use voice controls to browse their phone's contact list, make and receive hands-free phone calls, and use navigation apps. Which technology should he use and why? a. RFID devices, because they establish two-way communication between devices, which can be used to provide hands-free features with voice control. b. NFC, because it is used to transmit information between devices by a small tag that can help provide hands-free features and an internet connection. c. WLAN, because it can be connected to the car's internal computer system to provide internet and screen mirroring features. d. Bluetooth, because it can be used to pair devices, allowing for hands-free and screen mirroring features.
d. Bluetooth, because it can be used to pair devices, allowing for hands-free and screen mirroring features.
Jane, an IT security expert whose services are sought by XYZ Company, has recommended implementing CTR mode in the network. What is one requirement that needs to be fulfilled for computers to communicate when the CTR mode is implemented? a. Receiver should have access to a counter. b. Sender should have access to a counter. c. Neither sender nor receiver need access to a counter. d. Both sender and receiver should have access to a counter.
d. Both sender and receiver should have access to a counter.
Which threat actors sell their knowledge to other attackers or governments? a. Competitors b. Criminal syndicates c. Cyberterrorists d. Brokers
d. Brokers
Tyler is a cybersecurity expert assigned to look after the security of a public DNS server. One day, during his usual inspection of the DNS server, he found that the DNS table has been altered, resulting in URL redirection for some users. What type of attack has Tyler discovered? a. DNS poisoning b. DDoS c. XSS d. DNS hijacking
d. DNS hijacking
Which of the following is a process where a private key is split into two halves, encrypted, and stored separately for future use? a. Renewal b. Revocation c. Destruction d. Escrow
d. Escrow
Which endpoint application runs on an endpoint device that only detects an attack in an endpoint device? a. EDR b. Cookies c. HIPS d. HIDS
d. HIDS
While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform? a. HTTP b. STIX c. Telnet d. IOC
d. IOC (Indicator of compromise)
Which of the following protocol can be used for secure routing and switching? a. DNSSEC b. HTTPS c. HTTP d. IPsec
d. IPsec
You are working as a cloud administrator, and are asked to migrate a virtual machine to a more capable physical machine, as the demand for the service hosted on the VM increased past its limit. As your enterprise still uses conventional switches, migration took time and resulted in customer dissatisfaction. How should you mitigate this issue in the future? a. Implement software-defined visibility b. Use virtual desktop infrastructure c. Create containers in the virtual machine d. Implement a software-defined network
d. Implement a software-defined network
You decided to test a potential malware application by sandboxing. However, you want to ensure that if the application is infected, it will not affect the host operating system. What should you do to ensure that the host OS is protected? a. Deactivate the host OS while the guest OS is running b. Implement a secure network gateway c. Assign different virtual networks for the guest OS and host OS d. Implement virtual machine escape protection
d. Implement virtual machine escape protection
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed? a. Only look at the accuracy of the vulnerability b. Only look at the highest priority vulnerability c. Escalate the situation to a higher analyst d. Look at the priority and the accuracy of the vulnerability
d. Look at the priority and the accuracy of the vulnerability
Which of the following is a process where a key is divided into a specific number of parts and distributed to multiple people, with some of them having the same parts of the key? a. Revocation b. Renewal c. Key escrow d. M-of-N control
d. M-of-N control
You are assigned to install multiple physical paths between devices and the SAN so that an interruption in one path will not affect communication. Which of the following techniques should you implement to manage the risk of interruption? a. UPS b. NIC teaming c. PDU d. Multipath
d. Multipath
Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company's critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly? a. No. Dave's COOP plan should not include how and where employees and resources will be relocated in case of a natural disaster. b. Yes. Dave has successfully created a COOP plan using an "all-hazards approach." c. No. Dave's COOP plan should not include how data will be recovered in case a terrorist attack shuts down public networks. d. No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.
d. No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.
Which of the following techniques is the best fit for monitoring traffic on switches with large volumes of traffic? a. Port spanning b. Signature-based monitoring c. Port mirroring d. Port TAP
d. Port TAP
What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user? a. Device driver manipulation b. Buffer overflow c. Trojan d. Replay
d. Replay
While preparing a continuity plan, you were asked to choose a technique by which the backup data stored on the cloud can be accessed from any location. Which of the following techniques should you choose? a. Restore the data to a cold site b. Restore the data to a hot site c. Restore the data to a warm site d. Restore the data to virtual machines
d. Restore the data to virtual machines
You are a security administrator for an enterprise. You were asked to implement a cloud app security function in your enterprise network so that login attempts from identified threat actors can be restricted. Which of the following cloud app security function should you use? a. Impossible travel b. Activity performed by a terminated user c. Suspicious inbox forwarding d. Risky IP address
d. Risky IP address
Which of the following is the earliest and most general cryptographic protocol? a. HTTPS b. TLS c. SSH d. SSL
d. SSL
What is a risk to data when training a machine learning (ML) application? a. Improper exception handling in the ML program b. API attack on the device c. ML algorithm security d. Tainted training data for machine learning
d. Tainted training data for machine learning
How do NACs ensure that a device is safe to connect to a secure network? a. The NAC moves suspicious data on an unknown device onto an external storage device. b. The NAC encrypts all of the data on an unknown device before connecting it to the secured network. c. The NAC ensures the safety of the device by deleting all suspicious files. d. The NAC issues a health certificate, only allowing healthy devices to connect to the secured network.
d. The NAC issues a health certificate, only allowing healthy devices to connect to the secured network.
Robert has two cryptographic keys, and he needs to determine which of them is less prone to being attacked. The cryptoperiod is limited and equal for both the keys. The first key has a length of 2 and uses 16 characters, while the other key has a length of 3 and uses 15 characters. Which of the following is the best conclusion for Robert to come to? a. Neither of the keys are secure because they both have a limited cryptoperiod. b. Both the keys are equally secure. c. The first key is more secure than the second key. d. The second key is more secure than the first key.
d. The second key is more secure than the first key.
A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation? a. This is a hardware keylogger attack; it is only periodically sharing the information and is a manual transfer of information by a human agent. b. This is a hardware keylogger attack, as video capture functionality and periodic transfer of data are not possible with a software keylogger. c. This is a software keylogger attack, as it is sharing the information every three hours to the attacker. d. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.
d. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.
Windows switches to Secure Desktop Mode when the UAC prompt appears. What is the objective of Secure Desktop Mode? a. To securely manage different instances of the desktop b. To deny any authentication process when a security breach occurs c. To manage virtualized desktops in a secure manner d. To prevent malware from tricking users by spoofing what appears on the screen
d. To prevent malware from tricking users by spoofing what appears on the screen
Which encryption device you can use that has the following features? 1. It should allow administrators to remotely prohibit accessing the data on a device until it can verify the user status. 2. It can lock user access completely or even instruct the drive to initiate a self-destruct sequence to destroy all data. a. HSM b. TPM c. AES d. USB device encryption
d. USB device encryption
Anola is the security administrator in XYZ consulting. She is asked to suggest a deployment method where the data is stored in a completely secure, centralized server and accessed by authorized employees using their own devices. Which deployment should Anola choose? a. Choose your own device (CYOD) b. Corporate-owned personally-enabled (COPE) c. Corporate-owned device (COD) d. Virtual desktop infrastructure (VDI)
d. Virtual desktop infrastructure (VDI)
John and Sarah are working for Star Alliance. John had to send certain confidential data and messages to Sarah online. The use of which of the following will ensure that the message's sender is, in fact, John? a. Physical signature b. Public key c. Digital signature d. Digital certificate
d.Digital certificate
Your enterprise's employees prefer a kinesthetic learning style for increasing their security awareness. How should you train them? a. Conduct discussions on security awareness b. Provide access to presentations describing security risks c. Host a series of enterprise security lectures for the employees d. Give employees a hands-on experience of various security constraints
d.Give employees a hands-on experience of various security constraints
Which characteristic of cryptography makes information obscure or unclear, and by which the original information becomes impossible to be determined? a. Nonrepudiation b. Integrity c. Authentication d. Obfuscation
d.Obfuscation
Fatima is responsible for conducting business transactions for XYZ Company, and she only had the stored private key. She is on leave and currently unavailable, and the organization needs to complete an urgent business transaction. Which of the following methods should enable the organization to access Fatima's private key and digital certificate? a. Escrow b. Revocation c. Renewal d. Recovery
d.Recovery
Which of the following digital certificates are self-signed and do not depend on the higher-level certificate authority (CA) for authentication? a. User digital certificates b. Intermediate digital certificates c. Domain digital certificates d. Root digital certificates
d.Root digital certificates