Cyber Security Study Set Final

Which alert utility can identify theft in a smart meter? a. Meter readings b. Tamper protection c. Servicing d. Emergency communication

Tamper protection (Correct. Tamper protection can alert a utility in the event of tampering or theft.)

Which of the following is a configuration vulnerability? a. Weakest link b. Weak encryption c. Zero day d. Direct Access

b. Weak Encryption (Weak encryption is a configuration vulnerability caused by a user selecting an encryption scheme with a known weakness or a key value that is too short or by a user not changing the default configuration settings.)

John has been appointed as a product manager at a large mobile device manufacturing company. He is designing the core features included in their flagship mobile device that will be launched during the holiday shopping season. Which of the following features should he primarily include? a. Global positioning system (GPS) b. Data synchronization with a remote server or separate device c. Microphone d. Digital camera

Data synchronization with a remote server or separate device (Correct. Data synchronization capabilities with a remote server or a separate computer/mobile device are a core feature of mobile devices.)

ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages and data between offices to communicate important market information, employee decisions, financial decisions, etc., for management consideration and senior-level decision making. Since these decisions impact the local employees and global businesses, they suspect that these data may be prone to attacks from threat actors internally and externally. While one of the senior systems administrators suggested implementing steganography to achieve this objective, the IT Department head at another branch suggested implementing cryptography. The management team has now called you for expert advice to select the best method to implement in the enterprise.What should your advice be, and why? a. Steganography should be implemented because it allows information to be viewed only by authorized users and checks whether information has been altered or changed by anybody. It also makes the information unclear so that even if other users see the information, they will not understand it. Steganography is a more advanced technology than cryptography. These features make steganography the right choice for the enterprise to implement. b. Steganography should be implemented because it provides functionality to verify and ensure that the message is from an authentic sender. It also makes the message unclear, even if the message is intercepted by a threat actor and identified from the file where steganography is implemented, making it very secure. c. Cryptography should be implemented because it embeds the actual message in a different message before transmission. This makes the information difficult to identify and helps identify the sender, making it very secure and the right choice to implement for the enterprise. d. Cryptography should be implemented because it allows information to be viewed only by authorized users and checks whether the information has been altered or changed by anybody. It also makes the information unclear, even if other users see it. Cryptography is a more advanced technology than steganography. These features make cryptography the right choice for the enterprise to implement.

D. Cryptography provides confidentiality, integrity, and obfuscation, making it very secure in comparison to steganography.

Which of the following is a Linux/UNIX-based command interface and protocol? a. SSH b. HTTPS c. SSL d. S/MIME

SSH (Correct. Secure shell (SSH) is a Linux/UNIX-based command interface and protocol for securely accessing a remote computer.)

Which of the following tools can be used to scan 16 IP addresses for vulnerabilities? a. Nessus Essentials b. Nessus c. QualysGuard d. App Scan

a. Nessus Essentials (Nessus has a free version called Nessus Essentials that scans 16 IP addresses.)

Which of the following methods can be used to destroy data on paper? a. Degaussing b. Wiping c. Pulping d. Masking

c. Pulping

Attackers have taken over a site commonly used by an enterprise's leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so taking this site will allow for attacks on many organizations.Which type of malicious activity is this? a. Spear phishing b. Hoax c. Watering Hole d. Vishing

c. Watering Hole (A watering hole attack is directed towards a smaller group of specific individuals, such as the top executives working for a manufacturing company. These executives all tend to visit a common website, such as a parts supplier to the manufacturer. An attacker who wants to target this group of executives tries to determine the common website they frequent and then infects it with malware that will make its way onto the group's computers.)

Which of the following is a subset of artificial intelligence? a. Machine learning b. Data science c. Artificial intelligence algorithm d. Machine intelligence

d. Machine Learning

Which of the following is the earliest and most general cryptographic protocol? a. SSH b. SSL c. TLS d. HTTPS

b. SSL (Correct. Secure sockets layer (SSL) is the earliest and most widespread cryptographic protocol developed by Netscape in 1994 in response to the growing concern over internet security.)

During an investigation, it was found that an attacker did the following:Intercepted the request from the user to the server and established an HTTPS connection between the attacker's computer and the server while having an unsecured HTTP connection with the user. This gave the attacker complete control over the secure webpage.Which protocol helped facilitate this attack? a. S/MIME b. SSL c. SSH d. ECB

b. SSL (Correct. Secure sockets layer (SSL) is used to create an encrypted data path between a client and a server, which is vulnerable to attacks. The user's browser sends an unsecured HTTP request to the webserver. The server responds via HTTP and redirects the browser to a secure page, instructing it to use the secure protocol HTTPS. The user's browser then sends a secure HTTPS request, and the secure session begins.)

Which of the following types of risk would organizations being impacted by an upstream organization's vulnerabilities be classified as? a. Legacy risk b. Multiparty risk c. External risk d. Multi-network risk

B. Multiparty Risk

Which of the following sensors is best suited for fire detection? a. Proximity sensor b. Temperature detection sensor c. Motion detection sensor d. Noise detection sensor

B.Temperature detection sensor

Which of the following is a process where a key is divided into a specific number of parts and distributed to multiple people, with some of them having the same parts of the key? a. Renewal b. Revocation c. M-of-N control d. Key escrow

C. M-of-N control (Correct. M-of-N control is a recovery process in which the key is divided into a specific number of parts and distributed to multiple people, known as the N group, with some of them having the same parts of the key. While recovering the key, a smaller subset of the group, known as the M group, must meet and agree that the key should be recovered. If a majority of the M group can agree, they can then piece the key together.)

Which of the following sets only lists additional features of a mobile device or a computing device? A. Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), small form factor B. Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), removable storage media C. Local non-removable data storage, microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), removable storage media D. App stores microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), removable storage media

Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), removable storage media (Correct. Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), and removable storage media are additional, non-core features of a mobile device.)

Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actors from hijacking users' sessions. Which of the following is the most appropriate action for you to take? a. You should implement cryptography using OpenSSL. b. You should encrypt the session ID displayed on the URL. c. You should provide each user a unique static session ID. d. You should mention "log off after visit" on the web app.

You should implement cryptography using OpenSSL. (Correct. By implementing cryptography using OpenSSL, session hijacking can be prevented by encrypting data in transit.)

Harry works at an automobile parts manufacturer. They sell these parts to retailers and deposit the proceeds in their bank. Using these funds, Harry pays the suppliers and employees. The Accounts Department maintains a ledger of all transactions of materials bought and sold. Similarly, the quality department and operations department also maintain a ledger of all transactions. Over the years, this process has become quite cumbersome, as growing data create confusion. Harry is looking at simplifying the process and has contacted you for a solution.Using which technology can this process be simplified and confusions avoided? a. Blockchain b. TPM c. HSM d. SED

A. Blockchain (Correct. Blockchain is a shared, immutable ledger that facilitates recording transactions and tracking assets in a business network. At a high level, blockchain technology allows a network of computers to agree at regular intervals on a distributed ledger's true state. It is a system in which a record of transactions is maintained across several computers linked in a peer-to-peer network.)

XYZ University wants to set up a VPN network to connect to the internet and ensure that all their data is safe. They have asked you to recommend the correct communication protocol to use. Which of the following protocols should you recommend and why? a. IPsec, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties. b. HTTPS, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties. c. TLS, because it is used to secure communications between a browser and a web server. This ensures data is safe in communications across the network. d. SSH, because it is used to secure communications between a browser and a web server. This ensures data is safe in communications across the network.

A. IPsec, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties. (Correct. IPsec authenticates the packets and ensures that no specific attacks took place to alter the packet's contents. Additionally, it maintains confidentiality and manages the keys.)

Which attack sees an attacker attempt to determine the hash function's input strings that produce the same hash result? a. Known ciphertext attack b. Downgrade attack c. Collision attack d. Birthday attack

Collision attack (Correct. A collision attack attempts to find two input strings of a hash function that produces the same hash result.)

Sansa is a network security administrator at an enterprise. She is asked to take appropriate steps to defend against a MAC address spoofing attack in the enterprise network. Which of the following methods should Sansa apply? a. Configure the switch so that no changes can be done once a port is assigned to a MAC address b. Increase the capacity of CAM to allow for an increased volume of MAC addresses c. Close all unused ports in the switch so that old MAC addresses are not allowed D. Configure the switch so that only one port can be assigned per MAC address

D. Configure the switch so that only one port can be assigned per MAC address (Correct. To prevent MAC address spoofing, you should configure the switch so that only one port can be assigned per MAC address.)

Which of the following best describes an extranet? a. Additional network bandwidth being allocated b. Public network accessed by proper authorization c. Private network accessed by the public d. Private network only accessed by an authorized party

D. Private network only accessed by an authorized party

Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next? a. Robert used mimikatz for tailgating, and should perform phishing next. b. Robert used mimikatz for phishing, and should perform lateral movement next. c. Robert used mimikatz for footprinting, and should install a backdoor next. d. Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next.

D. Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next. (Mimikatz is used for credential harvesting, which will dump all the credentials stored in the OS's memory. If an account with higher privilege, such as a domain admin or an enterprise admin, is discovered, then privilege escalation is performed to gain access to the account with elevated privileges.)

Which of the following is a state of data, where data is transmitted across a network? a. Data in processing b. Data at rest c. Data in transit d. 3DES

Data in transit (Correct. Data in transit (also called data in motion) are actions that transmit data across a network, such as an email sent across the internet.)

Alex needs to find a method that can change a single character of plaintext into multiple characters of ciphertext.Which method should Alex use? a. Steganography b. Diffusion c. Obfuscation d. Confusion

Diffusion Correct. Diffusion changes a single character of plaintext into multiple characters of ciphertext.

In a security review meeting, you proposed a demilitarized zone for one of your company's data centers. You were then asked to explain the objective of having a DMZ in the data centers. Which of the following should be your answer? a. A DMZ will separate the secure facilities from unknown and potentially hostile outsiders. b. A DMZ will allow employees to relax between working hours and be more vigilant while working. c. A DMZ will open up a discussion about enterprise strategies to a broader employee base. d. A DMZ will monitor network traffic so that the cybersecurity team can focus on other threats.

a. A DMZ will separate the secure facilities from unknown and potentially hostile outsiders. (Correct. A demilitarized zone is used for separating secure facilities from unknown and potentially hostile outsiders.)

Which of the following best describes a host-based firewall? a. A host-based firewall is a software firewall that protects a single endpoint device. b. A host-based firewall is a hardware firewall that protects a single endpoint device. c. A host-based firewall is a software firewall that protects multiple endpoint devices. d. A host-based firewall is a hardware firewall that protects multiple endpoint devices.

a. A host-based firewall is a software firewall that protects a single endpoint device. (Correct. A host-based firewall is a software-based firewall and can protect only the installed device.)

Wilson has requested your help to suggest an encryption method that will provide the highest security against attacks. Which encryption process should you suggest? a. AES b. RC4 c. Blowfish d. 3DES

a. AES (Correct. The advanced encryption standard (AES) is a symmetric algorithm that performs three steps on every block of plaintext. To date, no attack has been successful against AES.)

What is the primary goal of penetration testing? a. Attempt to uncover deep vulnerabilities and then manually exploit them b. Scan a network for open FTP ports c. Perform SYN DOS attack towards a server in a network d. Attempt to perform an automated scan to discover vulnerabilities

a. Attempt to uncover deep vulnerabilities and then manually exploit them (The primary goal of penetration testing is to uncover deep vulnerabilities and then manually exploit them.)

Which specific type of attack occurs when a threat actor redirects network traffic by modifying the local host file to send legitimate traffic anywhere they choose? a. DNS poisoning b. DNS hijacking c. On-path browser attack d. Port stealing

a. DNS poisoning (Correct. Domain name system (DNS) poisoning enables a threat actor to redirect traffic by modifying the host file, permitting attackers to send legitimate traffic anywhere they choose.)

Which issue can arise from security updates and patches? a. Difficulty patching firmware b. Difficulty updating settings c. Difficulty resetting passwords d. Difficulty installing databases

a. Difficulty Patching firmware (Updating firmware to address a vulnerability can often be difficult and requires specialized steps. Furthermore, some firmware cannot be patched.)

Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs. Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols? a. Hacktivist b. Insider c. State actor d. Script kiddy

a. Hacktivist (A hacktivist is strongly motivated by ideology for the sake of their principles or beliefs.)

The protection of which of the following data type is mandated by HIPAA? a. Health information b. Personally identifiable information c. Proprietary data d. Public data

a. Health information (Correct. The Health Insurance Portability and Accountability Act (HIPAA) mandates that protected health information is kept secure.)

You work for an enterprise that provides various cybersecurity services. You are assigned to examine an enterprise's network and suggest security measures modifications, if necessary. On examining the network, you find that the enterprise hosts most of its computing resources on a cloud platform and few resources on-premises, and both seem to have secure settings implemented. You also find that the enterprise computers use the Windows XP operating system.Which of the following vulnerabilities should you insist on fixing first? a. Platform vulnerability b. Configuration vulnerability c. Zero-day vulnerability d. Third-party vulnerability

a. Platform Vulnerability (Platform vulnerability is present in the network, as the enterprise's computers use a legacy operating system.)

Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity? a. Risk management framework (RMF) b. Cybersecurity framework (CSF) c. ISO 27001 d. CIS Controls

a. Risk management framework (NIST's cybersecurity framework (CSF) is used as a measuring stick for companies to use to compare their cybersecurity practices against the threats they face.)

Which of the following devices can perform cryptographic erase? a. SED b. HSM c. TPM d. USB device encryption

a. SED (Correct. Self-encrypting drives (SEDs) can protect all files stored on them. If the authentication process fails, the drive can be configured to simply deny any access to the drive or even perform a cryptographic erase on specified blocks of data.)

Which of the following protocols can be used for secure video and voice calling? a. SRTP b. S/MIME c. VPN d. SNMP

a. SRTP (Correct. The secure real-time transfer protocol (SRTP) provides encryption, authentication, and integrity for voice and video technology.)

ABC Technologies had its computer network compromised through a cybersecurity breach. A cybersecurity expert was employed to analyze and identify what caused the attack and the damage caused by the attack. He checked an available database for this purpose and found the threat actor behind the attack. He also found out the cybercriminal has been attempting to sell the company's valuable data on the internet. Which are the most probable methods used by the cybersecurity expert to get to this stage of the investigation? a. The cybersecurity expert checked with CISCP and also investigated the dark web. b. The cybersecurity expert checked the threat maps and used TAXII. c. The cybersecurity expert checked the threat maps and used the MAR report. d. The cybersecurity expert used STIX and checked with CISCP.

a. The cybersecurity expert checked with CISCP and also investigated the dark web. (CISCP can be used by the expert to check the TTP database to identify the threat actors behind the attack. Monitoring the dark web can give information on the sale of illegal data on the internet through the dark web by threat actors.)

Which encryption is a chip on the motherboard of a computer that provides cryptographic services? a. Trusted platform module b. Hardware security module c. Self-encrypting hard disk drives d. File and File system cryptography

a. Trusted platform module The trusted platform module (TPM) provides cryptographic services and is an internal device, unlike a hardware security module (HSM). TPM is a chip on the motherboard of the computer that provides cryptographic services.

Which of the following provides confidentiality services? a. Unauthentication mode b. Authentication mode c. Stream cipher mode d. Transport mode

a. Unauthentication mode (Correct. Unauthentication mode provides services such as confidentiality.)

What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation? a. Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data b. Using Cisco Firepower for computationally identifying and categorizing opinions, usually expressed in response to textual data, to determine the writer's attitude toward a particular topic c. Using SIEM for combining many logs into one record based on IP addresses, usernames, and port numbers d. Using Wireshark for detecting hidden and persistent threats from a network

a. Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data (Sentiment analysis is the interpretation and classification of emotions (positive, negative, and neutral) within text data using text analysis techniques. Sentiment analysis has been used when tracking threat actor posts in discussion forums with other attackers to better determine threat actors' behaviors and mindsets. SIEM tool is used to perform this analysis.)

Which of the following is the most efficient means of discovering wireless signals? a. War flying b. War chalking c. War cycling d. Wardriving

a. War Flying (War flying is the most efficient means of discovering a Wi-Fi signal. War flying uses drones, which are officially known as unmanned aerial vehicles. Because they can quickly cover a wider area, are not limited to streets and sidewalks, and can easily fly over security perimeters such as fences, drones are the preferred means of finding Wi-Fi signals.)

What is the inbuild application available to prevent threat actors from modifying the registry in a Windows 10 operating system? a. Windows 10 tamper protection b. Window 10 user interface c. Windows 10 registry editor d. Windows 10 command prompt

a. Windows 10 tamper protection (Windows 10 tamper protection prevents malicious applications from accessing the registry, providing the operating system with real-time protection.)

As a cybersecurity specialist, you are asked to defend the web app hosted by your enterprise from web application attacks like cross-site scripting, SQL injections, etc. Which of the following actions should you take? a. You should install a WAF. b. You should install an NAT. c. You should install an NGFW. d. You should install a proxy server.

a. You should install a WAF. (Correct. A web application firewall (WAF) can defend the web app from different attacks like cross-site scripting and SQL injections.)

As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply? a. You should set up a DNS sinkhole. b. You should set up a host-based firewall. c. You should set up a proxy server. d. You should set up a virtual private network.

a. You should set up a DNS sinkhole. (Correct. When a Distributed denial of service (DDoS) attack is sensed in a network, the traffic is redirected to a DNS sinkhole that will never give the command-and-control server any response, as the packets will be dropped when they reach the DNS sinkhole.)

After encountering a network attack in your enterprise network, the chief network security engineer assigned you a project. The project was to create a vulnerable network that is similar to your enterprise network and entices the threat actor to repeat the attack. This is to analyze the behavior and techniques the attacker is using to ensure better defenses to your enterprise network in the future. Which of the following appliances should you use? a. You should use a honeypot. b. You should set up network access control. c. You should use a proxy server. d. You should set up behavioral IDS monitoring.

a. You should use a honeypot. (Correct. A honeypot can be used to mimic the original network and discover and analyze attack patterns.)

In an interview, you are asked to change the permissions of a file on a Linux system so that the file can only be accessed by its owner. Which of the following tools should you use? a. chmod b. grep c. Nessuss d. Cuckoo

a. chmod (Correct. File permissions in Linux can be set using chmod.)

Which of the following statements correctly defines jamming? a. An attacker creates false deauthentication or disassociation management frames that appear to come from another client device, causing the client to disconnect from the AP. b. An attacker intentionally floods the RF spectrum with extraneous RF signal "noise" that creates interference and prevents communications. c. An attacker circumvents the security protections in the company's network, accessing the network behind the firewall. d. An attacker tries to mimic an authorized AP, so a user's mobile device such as a laptop or tablet unknowingly connects to the evil twin instead.

b. An attacker intentionally floods the RF spectrum with extraneous RF signal "noise" that creates interference and prevents communications. (Correct. Jamming occurs when an attacker intentionally floods the radio frequency (RF) spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occurring.)

Which type of attack can give an attacker access to a device and allow them to copy personal information using an unauthorized radio frequency connection? a. Bluejacking b. Bluesnarfing c. RFID attack d. NFC attack

b. Bluesnarfing (Correct. Bluesnarfing is a type of attack that uses unauthorized access to steal information from a wireless device through a Bluetooth connection. In a Bluesnarfing attack, the attacker can copy emails, calendars, contact lists, cell phone pictures, or videos by connecting to the Bluetooth device without the owner's knowledge or permission.)

You are a security consultant. An enterprise client contacted you because their mail domain is blocked due to an unidentified entity using it to send spam. How should you advise them to prevent this from happening in the future? a. Configure the POP to monitor incoming and outgoing emails b. Configure the SMTP relay to limit relays to only local users c. Configure the POP3 so that it listens on port 25 d. Configure the IMAP to store emails on the email server

b. Configure the SMTP relay to limit relays to only local users (Correct. Simple mail transfer protocol (SMTP) open relays caused the attack in this scenario, as the attacker could spam without being detected. The mail relay should be turned off altogether so that all users send and receive email from the local SMTP server or limit relays to only local users.)

Which of the following is a virtualization instance that uses OS components for virtualization? a. Hypervisor b. Container c. Host OS d. VM escape protection

b. Container (Correct. Containers use OS components like binary files and libraries for virtualization.)

What type of APs can be managed by wireless LAN controllers (WLCs)? a. Fat AP b. Controller AP c. Captive portal APs d. Standalone APs

b. Controller AP (Correct. Controller APs can be managed through a dedicated wireless LAN controller (WLC). The WLC is a single device that can be configured and then used to automatically distribute the settings to all controller APs. A remote office WLAN controller manages multiple WLCs at remote sites from a central location.)

In a practical test, Steve was asked to securely connect different on-premises computing devices with a database deployed in the cloud. What action is Steve taking? a. Using cloud access security broker b. Creating a virtual network c. Using next-generation secure web gateway d. Using a simple network management protocol

b. Creating a virtual network (Correct. Steve is being asked to create a virtual network and connect resources.)

Which probe is designed exclusively to monitor the RF for transmissions and can only monitor the airwaves? a. Access point probe b. Dedicated probe c. Desktop probe d. Wireless device probe

b. Dedicated Probe

You are a security expert asked to protect the webservers hosted in your building from exposure to anyone other than server admins. Which of the following physical security method should you implement to achieve this? a. Protected cable distribution b. Demilitarized zones c. Vault d. Faraday cage

b. Demilitarized zones (Correct. Demilitarized zones (DMZ) separate threat actors from defenders. DMZs can be used to isolate webservers to prevent malicious actions.)

Malik and Chris are shopping for shoes on an e-commerce website and need to enter their credit card details. Which of the following can assure them that they are using the retailer's authentic website and not an imposter's look-alike site that will steal their credit card details? a. Digital signature b. Digital certificate c. Hash digest d. SSL

b. Digital certificate (Correct. Digital certificates are electronic credentials that bind the certificate owner's identity to a pair of electronic encryption keys, one public and one private, that can be used to encrypt and sign information digitally. This technology can assure them that the site is safe, as it is signed by a trusted third party.)

Which of the following contains the field that indicates the function of the packet and an identifier field used to match requests and responses and the type of data being transported along with the data itself? a. TKIP b. EAP c. CCMP d. DHCP

b. EAP (Correct. An extensible authentication protocol (EAP) packet contains a field that indicates the packet's function (such as response or request) and an identifier field used to match requests and responses. Response and request packets also have a field that indicates the type of data being transported (such as an authentication protocol) along with the data itself.)

Which cookie is created by the website a user is currently browsing to store the customer's browsing preference information? a. Session cookie b. First-party cookie c. Third-party cookie d. Secure cookie

b. First-Party Cookie

Photoplethysmography uses which type of light to measure heart rate on a wearable device? a. Red b. Green c. Infrared d. Ultraviolet

b. Green (Green LED lights are used when the wearer is exercising by flashing green light onto the wrist hundreds of times per second. Human blood absorbs the green light. The heart rate can be determined by measuring the changes found in the green light absorption, and this method is called photoplethysmography.)

Which monitoring methodology will trigger the IDS if any application tries to scan multiple ports? a. Signature-based monitoring b. Heuristic monitoring c. Anomaly-based monitoring d. Behavior-based monitoring

b. Heuristic monitoring (Correct. Heuristic monitoring triggers the IDS if any application tries to scan multiple ports.)

What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware, and intrusion detection systems are implemented in all the computers on the network? a. Implement an antivirus solution in all systems and servers b. Implement hardening at endpoints with patch management and operating system safeguards c. Disable operating system patch updates to prevent malicious attacks d. Disable connections on the Wi-Fi network

b. Implement hardening at endpoints with patch management and operating system safeguards (Patches are normally software codes that arrest identified vulnerabilities in the operating system codes. Updating the patches along with operating system safeguards hardens the protective cover for the network and computers.)

In which of the following mobile device connectivity methods are light waves used as a communication channel? a. Wi-Fi b. Infrared c. Cellular d. USB

b. Infrared (Instead of using radio frequency (RF) as the communication media, some devices can use infrared light. Infrared light has a longer wavelength than the visible light spectrum.)

In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Which of the following actions should you take? a. Provide security awareness training for all users b. Install motion detection sensors in strategic areas c. Post signs indicating the area is under video surveillance d. Build fences that surround the perimeter of the building

b. Install motion detection sensors in strategic areas (Correct. Installing motion detection sensors is a detective control that can identify threats that have reached the system.)

Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed? a. Only look at the highest priority vulnerability b. Look at the priority and the accuracy of the vulnerability c. Only look at the accuracy of the vulnerability d. Escalate the situation to a higher analyst

b. Look at the priority and the accuracy of the vulnerability (Looking at the priority and the accuracy of the vulnerability is the most appropriate approach for Alice.)

Which of the following tools allow a mobile device to be managed remotely by an organization and typically involve a server sending out management commands to mobile devices? a. SIEM b. MDM c. Threat hunting d. DLP

b. MDM Mobile device management (MDM) tools allow a device to be managed remotely by an organization. MDM provides a high degree of control over the device.)

Which of the following best describes east-west traffic? a. Movement of data from a router to an enterprise switch b. Movement of data from one server to another within a data center c. Movement of data from one unsecured endpoint to another d. Movement of data from an unsecured endpoint to a server outside a data center

b. Movement of data from one server to another within a data center (Correct. East-west traffic refers to the movement of data from one server to another within a data center.)

Simon is working in a telecom firm. Being an HOD, he was asked to suggest a lock pattern for their mobile devices with the following features: The device should have a prerecord of its user's walking and other body movement patterns, and on sensing any change in the regular movements, should be able to lock the device. Which lock pattern should Simon suggest? a. Trusted face b. On-body detection c. Trusted devices d. Trusted places

b. On-body detection (On-body detection learns the user's walking patterns, and if it detects a different walking style, it locks the device.)

Which of the following can prevent macros attacks? a. VBA b. Protected view c. Private DNS server d. PowerShell

b. Protected view (Correct. Protected view allows users to open suspicious files in a protected view so that macros embedded in the file do not automatically run.)

How does pseudo-anonymization contribute to data privacy? a. Pseudo-anonymization limits the collection of personal information. b. Pseudo-anonymization obfuscates sensitive data elements. c. Pseudo-anonymization ensures data remains within its borders. d. Pseudo-anonymization stores whole data in encrypted form.

b. Pseudo-anonymization obfuscates sensitive data elements.

Sherlin is the owner of a cosmetics store. She wanted to introduce a wireless network in the store, but her employees were against it. Sherlin ended up purchasing an inexpensive wireless router and secretly connected it to the wired network. Unfortunately, this unknowingly provided open access to the wireless signal.What type of attack has Sherlin made her store's network vulnerable to? a. Evil twin b. Rogue access point c. Jamming d. Wireless denial of service attacks

b. Rogue access point (Correct. A rogue AP is an unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks. For example, although firewalls are typically used to restrict specific attacks from entering a network, an attacker who can access the network through a rogue AP is behind the firewall.)

You are the chief security administrator in your enterprise. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Which of the following training techniques should you use? a. Computer-based training b. Role-based awareness training c. Gamification d. Capture the flag

b. Role-based awareness training (Correct. Role-based training involves specialized training customized to the specific role that an employee holds in the organization. This technique best fits in this scenario because so many different levels of employees are involved.)

Zain, a telecom engineer, plans to relocate a particular AP antenna to a new location. Which of the following configuration options will he use to adjust frequency bands, optimum channels, and available spectrum for data transfer? a. Signal strength settings b. Spectrum selection c. Antenna placement d. Wi-Fi analyzers

b. Spectrum selection (Correct. Some access points provide the ability to adjust frequency spectrum settings such as the frequency band, channel selection, and channel width.)

Which of the following are categories of vulnerabilities in mobile device connections that can also be exploited by threat actors? a. Tethering, USB-on-the-go (OTG), malicious USB cable, location tracking b. Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots c. Tethering, USB-on-the-go (OTG), limited updates, hotspots d. Limited updates, USB-on-the-go (OTG), malicious USB cable, hotspots

b. Tethering, USB-on-the-go (OTG), malicious USB cable, hotspots (Tethering, USB-on-the-go (OTG), malicious USB cable, and hotspots are all categories of vulnerabilities in mobile device connections that can also be exploited by threat actors.)

A vulnerability assessment engineer performed vulnerability scanning on active directory servers and discovered that the active directory server is using a lower version of Kerberos. To alert management to the risk behind using a lower version of Kerberos, he needs to explain what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can the attacker perform after exploiting vulnerabilities in Kerberos? a. Use DLL injection b. Use privilege escalation c. Use a lateral movement d. Use a vertical movement

b. Use privilege escalation (Correct. After compromising a low-level user account, privilege escalation is the only possible way to gain access to a highly privileged user, such as a domain admin or enterprise admin, so that the red teamer can do more damage to the network.)

In an application development model, which of the following uses a sequential development process? a. Agile development b. Waterfall development c. Rapid application development d. DevOps deployment

b. Waterfall development (Waterfall development follows a sequential model of application development.)

Bob has been asked to do research into increasing the accuracy in identifying rogue APs in his enterprise. Which rogue AP system detection probe will allow his company's IT department to monitor the airwaves for traffic, scan and record wireless signals within its range (even when the device is idle or not receiving any transmission), and then report this information to a centralized database? a. Access point probe b. Wireless device probe c. Desktop probe d. Dedicated probes

b. Wireless device probe (Correct. Standard wireless devices, such as portable laptop computers, can be configured to act as wireless probes. At regular intervals during the normal course of operation, the device can scan and record wireless signals within its range and report this information to a centralized database. The scanning is performed when the device is idle and not receiving any transmissions. Using several mobile devices as wireless device probes can provide a high degree of accuracy in identifying rogue access points.)

Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system: On booting the computer, the following message was flashing on the computer screen with the IRS logo: "This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of the law. You may make a secure payment by clicking on the following link. If you face any issues, you may reach out to us at [email protected]." The message will not close, nor is there access to applications or files on the computer; however, James can open shared files and folders on Smitha's computer through the network. What is your inference about the problem faced by Smitha on her computer? a. Smitha's computer is compromised by spyware. b. Smitha's computer is compromised by crypto malware. c. Smitha's computer is compromised by ransomware. d. Smitha's computer is compromised by a PUP.

c. Smitha's computer is compromised by ransomware. (Ransomware pretends to block the computer, giving a seemingly valid reason and instructing the user to pay a fine before being allowed to use the device. James's observations of Smitha's computer shows it is most likely compromised by a ransomware attack.)

In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE? a. 100,000,000/0.75 * 100 b. 100,000,000/100 * 0.75 c. 100,000,000 * 0.75 d. 100,000,000 * 0.75/.01

c. 100,000,000 * 0.75

Which of the following statements correctly describes the disadvantage of a hardware-based keylogger? a. A hardware-based keylogger can easily be detected in a network by an antivirus. b. A hardware-based keylogger can be detected by an antivirus when it scans for ports. c. A hardware-based key logger must be physically installed and removed without detection. d. A hardware-based keylogger's data can be easily erased by the antimalware software installed in the device.

c. A hardware-based keylogger must be physically installed and removed without detection. (Since hardware-based key loggers need to be physically connected to and removed from the endpoint, the attacker is vulnerable to being detected and apprehended.)

Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability? a. A zero-day vulnerability results from improper hardware configurations, whereas a configuration vulnerability results from improper software configuration. b. A zero-day vulnerability is an easily fixable vulnerability recognized by a software developer, whereas a configuration vulnerability is a major vulnerability present in a system exploited by a threat actor before the software developer can fix it. c. A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software. d. A zero-day vulnerability results from users improperly configuring software, whereas a configuration vulnerability results from the developers improperly configuring the software.

c. A zero-day vulnerability is uncovered first by threat actors, who exploit it to penetrate systems. A configuration vulnerability occurs when a user misconfigures the system or fails to configure it past the default settings.

You are asked to configure your firewall in such a way that the traffic from source address range 117.112.10.25 through 117.112.15.100 is allowed, while traffic from 117.112.12.25 through 117.112.13.25 is denied, and traffic from 117.112.12.200 through 117.112.13.10 is allowed. How should you configure the firewall? a. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; allow 117.112.12.200 through 117.112.13.10 b. Deny 117.112.12.200 through 117.112.13.10; deny 117.112.12.25 through 117.112.13.25; allow 117.112.10.25 through 117.112.15.100 c. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10 d. Allow 117.112.12.200 through 117.112.13.10; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.10.25 through 117.112.15.100

c. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10 (Correct. Here, 117.112.10.25 through 117.112.15.100 is allowed, 117.112.12.25 through 117.112.13.25 is denied, and among them, 117.112.12.200 through 117.112.13.10 is allowed to meet the criteria.)

Which of the following sensors help generate security alerts to physicians regarding patient health? a. Accelerometer b. Proximity sensor c. BAN d. SoC

c. BAN (A body area network (BAN) can monitor electrocardiogram (EKG) impulses, blood pressure, glucose, and other human biological functions and alert physicians to any anomalies.)

Sherry needs to suggest a technology that can enable smartphones or laptops to control multiple devices like speakers, mice, etc., within a 100-meter distance. The device should also be connected without any wired connection.Which technology should Sherry suggest? a. NFC technology can be used to connect mobile devices to speakers b. RFID technology can be used to connect laptop mouse without any wired connection c. Bluetooth technology can be used to connect devices without any wired connection d. WLANs can be used to connect mobile devices to speakers

c. Bluetooth technology can be used to connect devices without any wired connection (Correct. Bluetooth is a wireless technology that uses short-range RF transmissions. It enables users to connect wirelessly to a wide range of computing and telecommunications devices by providing rapid "on-the-fly" connections between Bluetooth-enabled devices. This can be of use in medical and health services.)

While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid. What is Andel likely a victim of? a. Keyloggers b. Spyware c. CSRF d. RAT

c. CSRF (Cross-site request forgeries (CSRF) trick users who have authenticated "tokens" on a specific website into loading another, malicious, webpage that then inherits (steals) the user's identity and privileges. The stolen credentials can then be used to perform functions on the attacker's behalf; in this case, changing Andel's email credentials so only the attacker can access his account.)

Marnus is working as a cloud administrator, and he has been asked to perform segmentation on specific cloud networks. Which of the following should be done by Marnus? a. Remove individual accounts on file servers, machines, or authentication servers to restrict access and free up disc space, ports, and certificates. b. Create a virtual network that connects services and resources such as virtual machines and database applications. c. Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them. d. Use automated inspection and integration services for authentication, authorization, encryption,availability, and policy compliance.

c. Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them. (Correct. Segmentation sets rules for accessing different services.)

Which of the following best describes DLP? a. DLP is used to control access to digital assets. b. DLP is a protocol used to transfer data within switches. c. DLP is used to prevent leakage of confidential data. d. DLP is a VPN protocol.

c. DLP is used to prevent leakage of confidential data. (Correct. DLP is used to prevent the leakage of confidential data.)

During an interview, you are provided the following scenario:The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network.Which of the following attacks should you choose? a. DDoS attack b. MAC cloning c. DNS hijacking d. Session replay attack

c. DNS hijacking (Correct. The enterprise network is highly vulnerable to a DNS hijacking attack because the ISP DNS server is accessible to the public.)

Which of the following is part of the OS security configuration? a. Enabling the most secure OS platform b. Installing the latest version of OS c.Disabling default passwords and unnecessary ports d. Giving all users administrator privileges

c. Disabling default passwords and unnecessary ports (Disabling default passwords and unnecessary ports are the primary steps for OS security configuration.)

You are a cyber forensic expert wanting to protect devices retrieved from a crime scene from being remotely wiped of evidence. Which of the following physical security equipment should you use so that inbound and outbound signals cannot be sent or received? a. Cable locks b. Protected cable distribution c. Faraday bags d. Mantraps

c. Faraday bags (Correct. Faraday bags are often used in crime scene investigations. Phones, tablets, or laptops found on scene are placed in faraday bags, thus eliminating inbound and outbound signals and preventing the devices from being remotely wiped of evidence.)

In a security review meeting, you are asked to appropriately handle the enterprise's sensitive data. How should you configure the security of the data? a. Give access only to users with the highest level of pre-approved authentication b. Give access only to users who have a need-to-know qualification c. Give access only to employees who need and have been approved to access it d. Give access to any current employees or contractors

c. Give access only to employees who need and have been approved to access it

Your enterprise's employees prefer a kinesthetic learning style for increasing their security awareness. How should you train them? a. Conduct discussions on security awareness b. Provide access to presentations describing security risks c. Give employees a hands-on experience of various security constraints d. Host a series of enterprise security lectures for the employees

c. Give employees a hands-on experience of various security constraints (Correct. Hands-on approaches are good for kinesthetic learning, which is preferred by the employees.)

Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here? a. Kate has installed a Trojan. b. Kate has installed a backdoor. c. Kate has installed a potentially unwanted program (PUP). d. Kate has installed an injection.

c. Kate has installed a potentially unwanted program (PUP). (Correct. An additional program was installed along with the program Katie intended to install because she overlooked the opt-out check box.)

Which of the following computing platforms is highly vulnerable to attacks? a. On-premises b. Cloud c. Legacy d. Hybrid

c. Legacy (Old and outdated computing resources used in legacy platforms make them highly vulnerable.)

Terrence, an executive VP of IT at Sigma Bank, noticed that yesterday, there was a major attack on several thousands of bank employees' computers located at geographically different locations where files and data from the computers got deleted. It was also noticed that several confidential files containing customer data were deleted from the bank's server in multiple locations, and the CEO's emails were deleted from the mail server. Since the bank was compliant with cybersecurity measures, Terrence suspects an internal hand in this activity. While going through the records of all employees working in the IT security of the bank, both past and present, he notices that there is an employee, Chris, who has enough experience to launch this attack, was unhappy with his annual review last year, and had left the bank three months ago. If Terrence were able to single Chris out as the one responsible for the attack, what kind of an attack would this be? a. Keylogger b. Spyware c. Logic-bomb d. Backdoor

c. Logic-bomb A logic bomb is a malicious code added to a genuine program and avoids detection unless a logical event triggers it. Given the scenario, this is the most probable attack orchestrated by this threat actor.

Which protocol should John select to prevent unwanted network access and be configured to permit traffic only from specific addresses and provide security? a. WEP b. WPS c. MAC d. WPA

c. MAC (Correct. The media access control address (MAC) is a hardware address that uniquely identifies each network node. It is a unique 48-bit number "burned" into the network interface card adapter when it is manufactured. MAC filtering is a security measure to prevent unwanted network access by hackers.)

Which of the following techniques is a method of passive reconnaissance? War driving b. War flying c. Open Source Intelligence (OSINT) d. Port scanning

c. Open Source Intelligence (OSINT) OSINT is used to search online for publicly accessible information. It is a method of passive reconnaissance.

Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming? a. Phishing involves sending millions of generic email messages to a large volume of users, whereas pharming targets specific users by sending emails customized to the recipients, including their names and personal information. b. Phishing involves sending customized emails to recipients, including their names and personal information, to make the message appear legitimate, whereas pharming is a variant of phishing that specifically targets wealthy individuals or senior executives within a business. c. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP. d. Phishing involves digging through trash receptacles to find information that can be useful in an attack, whereas pharming involves sending millions of unsolicited emails to a large volume of users.

c. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action. Pharming is a redirection technique that attempts to exploit a URL by converting its corresponding IP address. A threat actor may install malware on a user's computer that redirects traffic away from its intended target to a fake website instead.

Which type of malware can hide its agenda inside other processes, making it undetectable, and what is it usually used for? a. RAT, an executable program that gives unauthorized remote access to a user's computer b. Trojan, an executable program that pretends to perform a harmless activity while doing something malicious c. Rootkit, a malware that uses the lower layers of the operating system or undocumented functions to make alterations to the operating system's processes d. Backdoor, which gives access to a computer, program, or service that overrides any normal security protections

c. Rootkit, a malware that uses the lower layers of the operating system or undocumented functions to make alterations to the operating system's processes (A rootkit hides its presence between lower layers and therefore is undetectable for normal antimalware software.)

Amtel University decides to keep a record of their student data in a backup server. The administrator contacts you to identify the right command interface protocol to be used in this. Which command interface protocol should you advise? a. SSL b. TLS c. SSH d. HTTPS

c. SSH (Correct. Secure shell (SSH) is an encrypted alternative to the Telnet protocol used to access remote computers. SSH is a Linux/UNIX-based command interface and protocol for securely accessing a remote computer. SSH can be used as a tool for secure network backups.)

Which of the following tools can be used to protect containers from attack? a. Software-defined visibility b. Software-defined networking c. Security-Enhanced Linux d. Virtual machine manager

c. Security-Enhanced Linux (Correct. Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.)

Which of the following uses vulnerable applications to modify Microsoft registry keys? a. Quarantine b. Executable files attack c. System tampering d. Process spawning control

c. System tampering (System tampering attacks occur when a vulnerable application is used by the threat actor to modify key operating system areas like registry keys, startup files, etc.)

Which of the following correctly differentiates between Tcpreplay and Tcpdump? a. Tcpdump is a packet capture tool with GUI, whereas Tcpreplay is a packet capture tool without GUI. b. Tcpdump is a packet capture tool without GUI, whereas Tcpreplay is a packet capture tool with GUI. c. Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network. d. Tcpdump can analyze, edit, and load the edited packet back to the network, whereas Tcpreplay can only be used to analyze the packets.

c. Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network. (Correct. Tcpdump is a command line packet analyzer. It displays TCP/IP packets and other packets being transmitted or received over a network. Tcpreplay is a tool for editing packets and then "replaying" the packets back onto the network to observe their behavior.)

Which of the following tools can be used for virtual machine sprawl avoidance? a. Virtual desktop infrastructure b. Software-defined visibility c. Virtual machine manager d. Virtual machine escape protection

c. Virtual machine manager (Correct. A virtual machine (VM) manager can provide a dashboard of the status of the VMs for sprawl avoidance.)

An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack? a. The attacker is using an integer overflow attack that will change the state of the local drive's memory. b. The attacker is using a buffer overflow to initiate an integer overflow attack that can allow access to private data on the local drive. c. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine. d. The attacker is using a buffer overflow to initiate an integer overflow attack that will give them access to the machine's OS code.

c. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine. (An integer overflow attack can be used to initiate a buffer overflow, allowing an attacker to take over a machine.)

Kelly is asked to choose a mobile management tool that provides a single management interface for all applications, content, and device management. Which of the following is the best one-step solution? a. Mobile content management (MCM) tool b. Mobile device management (MDM) tool c. Unified environment management (UEM) tool d. Mobile application management (MAM) tool

c. Unified environment management (UEM) tool (The unified endpoint management (UEM) has the capabilities of MDM, MAM, and MCM unified as a group or class of software tools with a single management interface for mobile devices and computer devices. It provides capabilities for managing and securing mobile devices, applications, and content.)

Your enterprise recently decided to hire new employees as work-from-home interns. For the new employees to work from home, you need to create a network that will allow them to securely access enterprise data from remote locations.Which of the following protocols should you use? a. S/MIME b. FTPS c. VPN d. SNMP

c. VPN (Correct. Creating a virtual private network using VPN protocol allows remote access with encryption and authentication.)

In an interview, you were asked to briefly describe how emails containing malware or other contents are prevented from being delivered. Which of the following should be your reply? a. SMTP relays prevent unwanted mails from being delivered. b. X.500 prevents unwanted mails from being delivered. c. Mail gateways prevent unwanted mails from being delivered. d. LDAP prevents unwanted mails from being delivered

c.Mail gateways prevent unwanted mails from being delivered.

Which cryptographic method should Susanne use to ensure that a document can be encrypted with a key and decrypted with a different key? a. Public b. Ephemeral c. Symmetric d. Asymmetric

d. Asymmetric (Correct. Asymmetric cryptography keys can work in both directions. A document encrypted with a public key can be decrypted with the corresponding private key. Similarly, a document encrypted with a private key can be decrypted with its public key.)

You have been assigned to decide the process used for software application development at your company. Since the products need to be developed and deployed as each module is completed, you chose to go with agile application development. Your manager has requested you consider SecDevOps. Which of the following is a significant and key feature of using SecDevOps that can be considered for selecting this project's development model? a. Quarantine b. Rigid process c. Reuse of code d. Automation

d. Automation (Automation is a key feature in SecDevOps.)

A new e-commerce startup with global operations is looking for a method to manage its supply-chain data for production. Instead of using bar codes, scanners, paper forms, and individual databases, making the system difficult to use, which method should be used to quickly track shipments? a. File and file system cryptography b. USB device encryption c. Full disk encryption d. Blockchain

d. Blockchain (Correct. Blockchain is a system in which a record of transactions made is maintained across several computers that are linked. It can be used for tracking assets in a business network.)

Which of the following types of risk control occurs during an attack? a. Deterrent control b. Preventive control c. Physical control d. Detective control

d. Detective control (Correct. Detective control is used to identify an attack while the attack is occurring.)

Which of the following is an attack vector used by threat actors to penetrate a system? a. Phishing b. Intimidation c. Urgency d. Email

d. Email (Almost 94 percent of all malware is delivered through email to an unsuspecting user. The goal is to trick the user into opening an attachment that contains malware or click on a hyperlink that takes the user to a fictitious website.)

Which of the following tools can be used to secure multiple VMs? a. Firewall b. Intrusion detection system c. Antivirus d. Firewall virtual appliance

d. Firewall virtual appliance

Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network? a. Tailgating b. Phishing c. Vishing d. Footprinting

d. Footprinting (Footprinting is the process of collecting as much information about the target system as possible to find ways to penetrate the system. Information such as IP address, whois records, DNS information, operating system, employee email id, phone numbers, etc., comes under this.)

Which of the following describes a memory leak attack? a. Memory leak attacks take advantage of the token generated and sent to the user's browser by the website as part of the authentication. b. In a memory leak attack, an attacker changes the variable's value to something outside the range the programmer had intended. c. A memory leak occurs when a process attempts to store data beyond a fixed-length storage buffer's boundaries. d. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.

d. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack. (In a memory leak attack, the threat actor exploits developer-created loopholes in a program, freeing memory, which is then used by the threat actor.)

Which of the following is a disadvantage of the secure boot process? a. It does not validate the boot process. b. It requires an operating system like Microsoft OS to ensure secure boot. c. It slows down considerably, affecting the performance of the computer. d. It makes third party non-vendor-approved software difficult to implement.

d. It makes third party non-vendor-approved software difficult to implement. (In a secure boot process, nonsystem vendor-approved hardware or software would not be initialized by the boot sequence, thereby affecting the implementation of such third-party software or custom hardware.)

What does ransomware do to an endpoint device? a. Ransomware infects the endpoint devices and launches attacks on the infected endpoint and other devices connected to the network. b. Ransomware attacks the endpoint device without the consent of the user or the device, discreetly collecting and transmitting information, causing harm to the end user. c. Ransomware gets accidentally installed in the endpoint device as software along with other programs during the installation process. This happens when the user's installation and download options are overlooked, thus affecting the user application adversely. d. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.

d. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded. (Ransomware is an imprison malware that takes control of the endpoint device, affecting the device's performance until the user pays a ransom to the attacker.)

Which of following is a characteristic of electronic code book (ECB) mode? a. Only one character is processed at a time. b. It requires access to a synchronous counter for both the sender and receiver of the message. c. Each block of plaintext is XORed with the previous block of ciphertext before being encrypted, making it susceptible to attacks. d. Two identical plaintext blocks are encrypted into two identical ciphertext blocks, making them susceptible to attacks.

d. Two identical plaintext blocks are encrypted into two identical ciphertext blocks, making them susceptible to attacks. (Correct. In electronic code book (ECB) mode, two identical plaintext blocks are encrypted into identical ciphertext blocks, making it susceptible to attacks.)

Several websites use URLs similar to one of the most globally popular websites, attempting to attract traffic if a user misspells the popular website's URL. What is this social engineering technique called? a. Pharming b. Spam c. Tailgating d. Typo squatting

d. Typo Squatting (Typo squatting involves creating websites with URLs similar to websites with high traffic in an attempt to redirect users who mistype the intended URL.)

Which HTTP response header should be used to prevent attackers from displaying their content on a website? a. HSTS b. CSP c. X-XSS d. X-Frame-Option

d. X-Frame-Option

Which of the following is a standard format for digital certificates? a. JPG b. .cer c. MPEG-4 Part 14 d. X.509

d. X.509 (Correct. The X.509 is the standard format for digital certificates introduced more than 20 years ago and was adapted for internet use. The current version is version 3.)