ITC563
What is the minimum key size in Elliptical Curve Cryptography (ECC)?
160-bits
How many keys are required in asymmetric encryption?
2
What is the key length of the Data Encryption Standard (DES) algorithm?
56-bit
Which of the following statements are true for artificial intelligence (AI)? [Choose all that apply]
A self-driving car is an example of AI AI focuses on the broad idea of making a system execute a task Machine Learning or ML is a subset of AI
Which of the following is achieved by Security Orchestration, Automation, Response (SOAR)?
Automation
Which of the following type of attack is a pre-cursor to the collision attack?
Birthday
In which of the following tests does the tester not need to have prior knowledge of the system's internal design or features?
Black Box Testing
Password spraying cyber-attack can be categorized as which of the following type of attack?
Brute-force
Which of the following allows organizations to identify and remediate vulnerabilities before the public is aware of it, thus reducing the spread and intensity of abuse?
Bug bounty Programs
Which of the following ensures that only authorized parties can view protected information?
Confidentiality
Which of the following types of attacks are possible on the building automation systems - the building's heating, ventilation and air conditioning (HVAC) systems? [Choose all that apply]
Cross-site scripting Buffer overflow Path traversal Hardcoded secrets Authentication bypass
Footprinting and gathering information about the target is performed in which phase of penetration testing?
Discovery
Which of the following is a condition that is shown as a result when it does not exist?
False Positive
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks were mainly for what purpose?
Fame
Which type of malware relies on LOLBins?
Fileless virus
Which type of sensors can be included in an Internet of Things (IoT) device? [Choose all that apply]
Gyro Accelerometer Temperature Acceleration Humidity
Which of the following of the CIA Triad ensures that information is correct, and no unauthorized person has altered it?
Integrity
Which of the following type of vulnerability scan can also attempt to exploit the vulnerabilities?
Intrusive
Which of the following testing strategies will be performed by a gradual process of gaining access to a network component, infrastructure, or an application layer to minimize detection?
Lateral Movement
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
Which of the following is not used to describe those who attack computer systems?
Malicious Agent
Which of the following method of threat hunting includes disrupt, deny, destroy, and degrade actions?
Maneuvuring
Which of the following is not a reason a legacy platform has not been updated?
No compelling reason for any updates
Which of the following algorithms are examples of lightweight cryptography? [Choose all that apply]
OTR TWINE
Which of the following is not an issue with patching?
Patches address zero-day vulnerabilities
Which of the following terms refers to attacking or taking control of a system through another compromised system?
Pivoting
What is the first step in penetration testing and what is its importance?
Planning, because a lack of planning can result in legal issues.
Which of the following are examples of embedded systems? [Choose all that apply]
Printers Automatic Teller Machine (ATM) Automobiles Digital Cameras Digital Watches
Which of the following malware does not harm the system but only targets the data?
Ransomware
What are the two primary phases of penetration testing in order?
Reconnaissance, penetration
Which of the following is NOT typically a feature of a SIEM?
Remediation
Which of the following groups have the lowest level of technical knowledge?
Script Kiddies
Which of the following is true regarding the relationship between security and convenience?
Security and convenience are inversely proportional.
Which of the following is used for continuous monitoring of logs?
Security information and event management (SIEM)
Which of the following is not true regarding security?
Security is a war that must be won at all costs.
What is the term used to describe the connectivity between an organization and a third party?
System integration
In asymmetric key encryption, what is the next step when a client initiates a session with a web server that is configured with a certificate?
The web server sends a certificate to the web browser
How do vendors decide which should be the default settings on a system?
Those settings that provide the means by which the user can immediately begin to use the product.
What is an objective of state-sponsored attackers?
To spy on citizens
Which of the following digital features are included in vehicles? [Choose all that apply]
USB Bluetooth Near Field Communication GPS
Which of the following vulnerabilities can exist in System control and Data Acquisition (SCADA)? [Choose all that apply]
Unmonitored system Poor update management Inadequate input validation Weak passwords
Which of the following is a full knowledge penetration testing?
White box testing
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?
White hat hacker
A USB can be used to drop which of the following types of malware? [Choose all that apply]
Worms, backdoor, trojan, keyboard loggers
Which tool is most commonly associated with state actors?
advanced persistent threat (APT)
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
brokers
Which of the following is not a recognized attack vector?
on-prem
Which of the following groups use advanced persistent threats?
state actors
