SEC-110 Final
Which of the following vulnerabilities involves connecting a flash drive infected with malware to a mobile device? a. Hotspots b. Tethering c. Malicious USB cable d. USB-on-the-go (OTG)
d - USB-on-the-go (OTG)
After reviewing the data collection procedures in your organization, a court ordered you to issue a document that specifies how the organization uses the collected personal information. This document must be displayed to the user before allowing them to share personal data. Which of the following documents should you prepare? a. Pseudo-anonymization b. Terms of agreement c. Data minimization d. Privacy notice
xxx
As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply? a. You should set up a DNS sinkhole. b. You should set up a host-based firewall. c. You should set up a proxy server. d. You should set up a virtual private network.
xxx
Which attack sees an attacker attempt to determine the hash function's input strings that produce the same hash result? a. Collision attack b. Downgrade attack c. Known ciphertext attack d. Birthday attack
a -Collision attack
Which of the following best describes a preimage attack? a. Comparing a known digest with an unknown digest b. Embedding password-logging malware in an image file c. Cracking picture-based passwords d. Cracking the password by trying all possible alphanumeric combinations
a -Comparing a known digest with an unknown digest
Under which of the following modes does the ciphertext depend only on the plaintext and the key, independent of the previous ciphertext blocks? a. ECB b. CRT c. GCM d. CBC
a -ECB
Which of the following offensive tools can be used by penetration testers post-exploitation or successful compromise of a user account in a network that dumps passwords from memory and hashes, PINs, and Kerberos tickets, and thus are used for privilege escalation attacks? a. Mimikatz and hashcat b. Powershell and procdump c. Ophcrack and John-the-Ripper d. Tor and NMAP
a -Mimikatz and hashcat
In a security review meeting, you proposed a demilitarized zone for one of your company's data centers. You were then asked to explain the objective of having a DMZ in the data centers. Which of the following should be your answer? a. A DMZ will monitor network traffic so that the cybersecurity team can focus on other threats. b. A DMZ will separate the secure facilities from unknown and potentially hostile outsiders. c. A DMZ will open up a discussion about enterprise strategies to a broader employee base. d. A DMZ will allow employees to relax between working hours and be more vigilant while working.
b - A DMZ will separate the secure facilities from unknown and potentially hostile outsiders.
Sheena wants to make sure that her browser activity is safe and prevent others from intercepting her data as it is transmitted over the browser. What should Sheena do to achieve this objective? a. Make sure that the content security policy is in place b. Only visit websites that are hosted over HTTPS or HSTS c. Send a secure cookie over the browser to the server d. Fill all her forms through hidden fields only
b - Only visit websites that are hosted over HTTPS or HSTS
Sarah needs to send an email with important documents to her client. Which of the following protocols ensures that the email is secure? a. SSH b. S/MIME c. SHTTP d. SSL
b -S/MIME
Which of the following is the most efficient means of discovering wireless signals? a. War cycling b. War flying c. War chalking d. Wardriving
b -War flying
After encountering a network attack in your enterprise network, the chief network security engineer assigned you a project. The project was to create a vulnerable network that is similar to your enterprise network and entices the threat actor to repeat the attack. This is to analyze the behavior and techniques the attacker is using to ensure better defenses to your enterprise network in the future. Which of the following appliances should you use? a. You should set up behavioral IDS monitoring. b. You should use a honeypot. c. You should set up network access control. d. You should use a proxy server.
b -You should use a honeypot.
Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process? a. The Diamond Model of Intrusion Analysis b. Cyber Kill Chain c. MITRE ATT&CK d. Command and Control
xxx
Pat is asked to automate critical security functions like responding to detected threat patterns in an enterprise network. Which of the following should be done by Pat? a. Use software-device visibility b. Implement subnetting c. Use a software-device network d. Use virtual desktop infrastructure
a -Use software-device visibility
Which function in cryptography takes a string of any length as input and returns a string of any requested variable length? a. Sponge b. BitLocker c. Steganography d. Filesystem
a? Sponge
David is asked to test a new configuration on a virtual machine; if it does not work, it should roll back to the older state. What should David do before testing the new configuration so he can roll it back to the previous state if needed? a. Take a snapshot of the virtual machine before testing the configuration b. Take a screenshot of the virtual machine before testing the configuration c. Use sandboxing in the virtual machine before testing the configuration d. Enable "roll back" on the previous configuration before testing the new configuration
a? Take a snapshot of the virtual machine before testing the configuration
Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake. What type of malicious activity will this be considered? a. Vishing b. Spimming c. Spamming d. Whaling
a? Vishing
The head of cybersecurity at your enterprise has asked you to set up an IDS that can create the baseline of all system activities and raise an alarm whenever any abnormal activities take place, without waiting to check the underlying cause. Which of the following actions should you take? a. You should set up an IDS with signature-based monitoring methodology. b. You should set up an IDS with anomaly-based monitoring methodology. c. You should set up an IDS with heuristic monitoring methodology. d. You should set up an IDS with behavior-based monitoring methodology.
a? You should set up an IDS with signature-based monitoring methodology.
Which of the following provides confidentiality services? a. Transport mode b. Unauthentication mode c. Stream cipher mode d. Authentication mode
b?? -Authentication mode d?xxxx
John and Sarah are working for Star Alliance. John had to send certain confidential data and messages to Sarah online. The use of which of the following will ensure that the message's sender is, in fact, John? a. Digital signature b. Public key c. Digital certificate d. Physical signature
c -Digital certificate
A company has multiple CAs and intermediate CAs issuing digital certificates in different departments, with no one cross-checking their work. Which PKI trust model should the company use? a. Bridge trust model b. Hierarchical trust model c. Distributed trust model d. Web of trust model
c -Distributed trust model
As a cybersecurity specialist, you are asked to defend the web app hosted by your enterprise from web application attacks like cross-site scripting, SQL injections, etc. Which of the following actions should you take? a. You should install a proxy server. b. You should install an NGFW. c. You should install a WAF. d. You should install an NAT.
c -You should install a WAF.
In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply? a. You should perform skimming. b. You should perform a brute force attack. c. You should perform a dictionary attack. d. You should perform a rule attack.
c -You should perform a dictionary attack
You are a cybersecurity investigator who needs query log files for faster analysis during an incident investigation. Which of the following log management tools should you use? a. syslog-ng b. nxlog c. journalctl d. rsyslog
c -journalctl
How does the single sign-on enhance secure authentication? a. Implementing a single sign-on will reduce the probability of a brute force attack. b. Implementing a single sign-on will reduce the time required for authentication. c. Implementing a single sign-on will reduce the number of passwords needing to be remembered. d. Implementing a single sign-on will make the entity completely invulnerable.
c Implementing a single sign-on will reduce the number of passwords needing to be remembered.
Which protocol is used to prevent looping in a switch? a. SMTP b. SSL c. STP d. SSTP
c? STP
Which attack embeds malware-distributing links in instant messages? a. Spam b. Phishing c. Spim d. Tailgating
c? Spim
Which of the following helps achieve data privacy in an enterprise network? a. Cloud Forensics b. Cyber Kill Chain c. Digital forensics d. Access control schemes
d -Access control schemes
You are a security expert asked to protect the webservers hosted in your building from exposure to anyone other than server admins. Which of the following physical security method should you implement to achieve this? a. Vault b. Protected cable distribution c. Faraday cage d. Demilitarized zones
d -Demilitarized zones
Which type of wireless attack is designed to capture wireless transmissions coming from legitimate users? a. Rogue access point b. Wireless denial of service attacks c. Evil twin d. Intercepting wireless data
xxx
In an interview, you are asked to change the permissions of a file on a Linux system so that the file can only be accessed by its owner. Which of the following tools should you use? a. Nessuss b. grep c. Cuckoo d. chmod
d -chmod
Which wireless probe is designed to scan and record wireless signals within its range at regular intervals and report the information to a centralized database? a. Dedicated probes b. Access point probe c. Wireless device probe d. Desktop probe
xxx
Why are jamming attacks generally rare? a. The transmitter is not very powerful and must be close to the target b. They can't identify WLAN RF signals from other device signals c. They require expensive, sophisticated equipment d. They can't get around new IEEE amendments that fully protect WLANs
xxx
You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise's strong password policy, which of the following methods will be the easiest for you to use when retrieving the password? a. Dictionary attack b. Rule attack c. Brute force attack d. Hybrid attack
xxx
You are analyzing the settings for your network's firewall. There is currently a log-only rule set for the source address 112.101.2.4. Which of the following has created a log entry in the firewall? a. A rule is set to bypass all packets from 112.101.2.4. b. A rule is set to bypass all packets from 112.101.1.1 through 112.101.2.5. c. A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22. d. A rule is set to deny all packets from 112.101.1.1 through 112.101.2.11.
xxx
You are assigned to install multiple physical paths between devices and the SAN so that an interruption in one path will not affect communication. Which of the following techniques should you implement to manage the risk of interruption? a. PDU b. NIC teaming c. Multipath d. UPS
xxx
You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don't.Which of the following access control schemes should you choose? a. Mandatory access control b. Rule-based access control c. Attribute-based access control d. Role-based access control
xxx
Which of the following is an attack vector used by threat actors to penetrate a system? a. Intimidation b. Phishing c. Email d. Urgency
xxx
You are a security admin for an enterprise, and you were asked to ensure high availability of data using redundancy. Which of the following action should you perform? a. Store the same data in different devices across different locations b. Store different types of data on different devices in a single location c. Store different types of data on different devices across different locations d. Store the same data in different devices in a single location
a - Store the same data in different devices across different locations
Which of the following best describes skimming? a. Capturing information from the magnetic stripe of a smartcard b. Altering the condition of a secure key by using software c. Altering the condition of a secure key by using hardware d. Intercepting the OTP to gain unauthorized access
a -Capturing information from the magnetic stripe of a smartcard
Which of the following protocols can be used for secure video and voice calling? a. SRTP b. S/MIME c. SNMP d. VPN
a -SRTP
Which of the following is a Linux/UNIX-based command interface and protocol? a. SSL b. SSH c. HTTPS d. S/MIME
b -SSH
Which of the following devices can perform cryptographic erase? a. HSM b. USB device encryption c. SED d. TPM
c -SED
One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware? a. Disaster recovery plan b. Public cluster connection c. Private cluster connection d. Revert to a known state
d? Revert to a known state
You are working as a security admin in an enterprise and have been asked to choose an access control method so that all users can access multiple systems without crossing their limit of access. Which of the following access control methods is the best fit? a. Discretionary access control b. Role-based access control c. Mandatory access control d. Rule-based access control
d? Rule-based access control
What action does a BPDU guard take when a BPDU is received from an endpoint and not a switch? a. The port is disabled, and no traffic will be sent or received by the port. b. The port remains active, and no traffic will be received by the port, but it can still send traffic. c. The port remains active, and the traffic will be forwarded to another port. d. The port is disabled, and no traffic will be sent by the port while it can still receive traffic.
a - The port is disabled, and no traffic will be sent or received by the port.
Which of the following statements correctly describes the disadvantage of a hardware-based keylogger? a. A hardware-based keylogger must be physically installed and removed without detection. b. A hardware-based keylogger can easily be detected in a network by an antivirus. c. A hardware-based keylogger's data can be easily erased by the antimalware software installed in the device. d. A hardware-based keylogger can be detected by an antivirus when it scans for ports.
a -A hardware-based keylogger must be physically installed and removed without detection.
Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network? a. Footprinting b. Tailgating c. Phishing d. Vishing
a -Footprinting
Which encryption method in BitLocker prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer? a. Full disk encryption b. GNU privacy guard c. Filesystem cryptography d. Blockchain
a -Full disk encryption
Your enterprise's employees prefer a kinesthetic learning style for increasing their security awareness. How should you train them? a. Give employees a hands-on experience of various security constraints b. Conduct discussions on security awareness c. Host a series of enterprise security lectures for the employees d. Provide access to presentations describing security risks
a -Give employees a hands-on experience of various security constraints
A manager working in ABC Consulting shared a list of employees from his team who were eligible for an extra week off. Later, he claimed that he has never shared this list. Which principle or functionality of a secured communication can be used to substantiate or verify the manager's claim? a. Nonrepudiation b. Steganography c. Hashing d. Obfuscation
a -Nonrepudiation
Which of the following is defined as a structure for governing all the elements involved in digital certificate management? a. PKI b. CA c. M-of-N control d. Web of trust model
a -PKI
A web application with an SQL server database is found to be compromised by an attacker. On examination, the email IDs of the database have been found modified. This was due to improper validation in the input fields exploited by the attacker.What is the probable attack in the above scenario? a. SQL Injection b. XML Injection c. XSS d. SSRF
a -SQL Injection
Zain, a telecom engineer, plans to relocate a particular AP antenna to a new location. Which of the following configuration options will he use to adjust frequency bands, optimum channels, and available spectrum for data transfer? a. Spectrum selection b. Signal strength settings c. Antenna placement d. Wi-Fi analyzers
a -Spectrum selection
Which of the following human characteristic is used for authentication? a. Veins b. Facial expression c. Breathing pattern d. Height
a -Veins
You are a senior security admin in your enterprise. You have been asked to perform an incident response exercise so that you and your colleagues can analyze every possible scenario in case of an attack in the most realistic manner. Which of the following actions should you take? a. You should run a plausible simulated attack on the network. b. You should walk through the proposed recovery procedures. c. You should challenge an attacker to breach enterprise security. d. You should conduct a tabletop exercise.
a -You should run a plausible simulated attack on the network.
Kane was transferring files from a file transfer protocol (FTP) server to his local machine simultaneously. He sniffed the traffic to find that only the control port commands are encrypted, and the data port is not encrypted. What protocol did Kane use to transfer the files? a. FTPS b. TFTP c. SFTP d. FTP
a FTPS
What does the end-of-service notice indicate? a. The nondisclosure agreement with a service vendor has expired. b. The enterprise will no longer offer support services for a product. c. The service-level agreement with a vendor has expired. d. The enterprise is halting the manufacturing of a product.
b - The enterprise will no longer offer support services for a product.
Which of the following sensors help generate security alerts to physicians regarding patient health? a. BAN b. SoC c. Accelerometer d. Proximity sensor
a? BAN
Marnus is working as a cloud administrator, and he has been asked to perform segmentation on specific cloud networks. Which of the following should be done by Marnus? a. Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them. b. Remove individual accounts on file servers, machines, or authentication servers to restrict access and free up disc space, ports, and certificates. c. Create a virtual network that connects services and resources such as virtual machines and database applications. d. Use automated inspection and integration services for authentication, authorization, encryption,availability, and policy compliance.
a? Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them.
Which of the following is a feature of a fileless virus? a. Fileless viruses are hard to detect. b. Fileless viruses grant limited control. c. Fileless viruses are easy to defend. d. Fileless viruses are persistent.
a? Fileless viruses are hard to detect.
Peter is a design engineer at a mobile device manufacturing company. He is designing the core components included in their flagship mobile device being launched during year-end 2020. Peter wants to design a tablet component that would detect vibrations and movements and determine the device's orientation so that the screen image is always displayed upright. Which of the following are materials he should use for developing this component? a. Piezoelectric, piezoresistive, and capacitive components b. Silicon layered with tantalum and palladium transistors c. Silicon transducer d. MOSFET (MOS field-effect transistor) amplifiers
a? Piezoelectric, piezoresistive, and capacitive components
The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d."Which of the following types of attack is this? a. Rule attack b. Brute force attack c. Password spraying d. Dictionary attack
a? Rule attack
XYZ University wants to set up a VPN network to connect to the internet and ensure that all their data is safe. They have asked you to recommend the correct communication protocol to use. Which of the following protocols should you recommend and why? a. HTTPS, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties. b. IPsec, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties. c. TLS, because it is used to secure communications between a browser and a web server. This ensures data is safe in communications across the network. d. SSH, because it is used to secure communications between a browser and a web server. This ensures data is safe in communications across the network.
b - IPsec, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties.
Which of following is a characteristic of electronic code book (ECB) mode? a. Only one character is processed at a time. b. Two identical plaintext blocks are encrypted into two identical ciphertext blocks, making them susceptible to attacks. c. It requires access to a synchronous counter for both the sender and receiver of the message. d. Each block of plaintext is XORed with the previous block of ciphertext before being encrypted, making it susceptible to attacks.
b - Two identical plaintext blocks are encrypted into two identical ciphertext blocks, making them susceptible to attacks.
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary? a. Red team b. Blue team c. Purple team d. White team
b -Blue team
Jane, an IT security expert whose services are sought by XYZ Company, has recommended implementing CTR mode in the network. What is one requirement that needs to be fulfilled for computers to communicate when the CTR mode is implemented? a. Sender should have access to a counter. b. Both sender and receiver should have access to a counter. c. Neither sender nor receiver need access to a counter. d. Receiver should have access to a counter.
b -Both sender and receiver should have access to a counter
In which of the following mobile device connectivity methods are transmitters connected through a mobile telecommunication switching office (MTSO) that controls all of the transmitters in the cellular network and serves as the link between the cellular network and the wired telephone world? a. Bluetooth b. Cellular c. Infrared d. Wi-Fi
b -Cellular
ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages and data between offices to communicate important market information, employee decisions, financial decisions, etc., for management consideration and senior-level decision making. Since these decisions impact the local employees and global businesses, they suspect that these data may be prone to attacks from threat actors internally and externally. While one of the senior systems administrators suggested implementing steganography to achieve this objective, the IT Department head at another branch suggested implementing cryptography. The management team has now called you for expert advice to select the best method to implement in the enterprise.What should your advice be, and why? a. Cryptography should be implemented because it embeds the actual message in a different message before transmission. This makes the information difficult to identify and helps identify the sender, making it very secure and the right choice to implement for the enterprise. b. Cryptography should be implemented because it allows information to be viewed only by authorized users and checks whether the information has been altered or changed by anybody. It also makes the information unclear, even if other users see it. Cryptography is a more advanced technology than steganography. These features make cryptography the right choice for the enterprise to implement. c. Steganography should be implemented because it provides functionality to verify and ensure that the message is from an authentic sender. It also makes the message unclear, even if the message is intercepted by a threat actor and identified from the file where steganography is implemented, making it very secure. d. Steganography should be implemented because it allows information to be viewed only by authorized users and checks whether information has been altered or changed by anybody. It also makes the information unclear so that even if other users see the information, they will not understand it. Steganography is a more advanced technology than cryptography. These features make steganography the right choice for the enterprise to implement.
b -Cryptography should be implemented because it allows information to be viewed only by authorized users and checks whether the information has been altered or changed by anybody. It also makes the information unclear, even if other users see it. Cryptography is a more advanced technology than steganography. These features make cryptography the right choice for the enterprise to implement.
In an interview, you are asked to differentiate between data protection and data privacy. How should you differentiate between data protection and data privacy? a. Data protection involves unauthorized data access, while data privacy secures data against authorized access. b. Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access. c. Data protection secures data against unauthorized access, while data privacy secures data against authorized access. d. Data protection secures data against authorized access, while data privacy involves unauthorized data access.
b -Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access.
A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court's website was hacked, and the content was replaced with the text "Equal justice for all."Which of the following type of threat actors attacked the court's site? a. Insiders b. Hacktivists c. State actors d. Cyberterrorists
b -Hacktivists
Which of the following is considered an industry-specific cybersecurity regulation? a. Personal Information Protection and Electronic Documents Act (PIPEDA) b. Health Insurance Portability and Accountability Act of 1996 (HIPAA) c. Gramm-Leach-Bliley Act (GLB) d. Sarbanes-Oxley Act of 2002 (SOX)
b -Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Which of the following tools allow a mobile device to be managed remotely by an organization and typically involve a server sending out management commands to mobile devices? a. DLP b. MDM c. Threat hunting d. SIEM
b -MDM
Which wireless technology will John use to provide wide-range cellular service that focuses on indoor coverage, low cost, long battery life, high connection density, and has a low-power wide-area network? a. Subscriber identity module b. Narrowband IoT c. Zigbee d. Cellular IoT baseband
b -Narrowband IoT
What is the fastest-running vulnerability scan, and why does this type of scan run so fast? a. Credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests. b. Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests. c. Non-intrusive scans find deep vulnerabilities that would have otherwise gone unnoticed. d. Intrusive scans can provide a deeper insight into the system by accessing the installed software by examining the software's configuration settings and current security posture.
b -Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests.
Which of the following correctly differentiates between Tcpreplay and Tcpdump? a. Tcpdump can analyze, edit, and load the edited packet back to the network, whereas Tcpreplay can only be used to analyze the packets. b. Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network. c. Tcpdump is a packet capture tool without GUI, whereas Tcpreplay is a packet capture tool with GUI. d. Tcpdump is a packet capture tool with GUI, whereas Tcpreplay is a packet capture tool without GUI.
b -Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network.
Your company has hired a contractor to build fences surrounding the office building perimeter and install signs that say "premises under 24-hour video surveillance." When do these controls occur? a. The fence should be built after an attack, and the signs installed before an attack b. The fence and the signs should both be installed before an attack c. The fence and the signs should both be installed after an attack d. The fence should be built before an attack, and the signs erected after an attack
b -The fence and the signs should both be installed before an attack
In an interview, you were asked to explain the steps involved in a successful authentication by a RADIUS server. How should you answer? a. The access point (AP) prompts the user for credentials. On entering the credentials, the AP sends a request to the supplicant. The supplicant sends an authentication request to the RADIUS server.If verified, the server sends an authentication acknowledgment to the AP. The user is then authorized to join the network. b. The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network. c. The access point (AP) sends a request to the supplicant. The supplicant prompts the user for the credentials. On entering the credentials, the supplicant sends an authentication request to the RADIUS server. If verified, the server sends an authentication acknowledgment to the supplicant, and the user is authorized to join the network. d. The supplicant prompts the user for the credentials. On entering the credentials, the supplicant sends a request to the access point (AP). The AP then sends an authentication request to the RADIUS server.If verified, the server sends an authentication acknowledgment to the AP. The user is then authorized to join the network.
b -The supplicant sends a request to the access point (AP). The AP prompts the user for credentials. Once credentials are entered, the AP sends an authentication request to the RADIUS server. If verified, the server sends the authentication acknowledgment to the AP. The user is then authorized to join the network.
Why can the accuracy of data collected from users not be verified? a. Different types of data are collected from every single user. b. Users have no right to correct or control the information gathered. c. Data is being used for increasingly essential decisions. d. Data is collected from a vast number of users.
b -Users have no right to correct or control the information gathered.
Which technology allows scattered users to be logically grouped even when they are connected to different physical switches? a. VPN b. VLAN c. WAN d. LAN
b VLAN
Which of the following techniques is the best fit for monitoring traffic on switches with large volumes of traffic? a. Port mirroring b. Signature-based monitoring c. Port TAP d. Port spanning
c -Port TAP
What is the name of the process where a website validates user input before the application uses the input? a. Tokening b. Authorizing c. Sanitizing d. Eliminating
b? Authorizing
Which issue can arise from security updates and patches? a. Difficulty installing databases b. Difficulty patching firmware c. Difficulty updating settings d. Difficulty resetting passwords
b? Difficulty patching firmware
Which of the following access control schemes is most secure? a. Discretionary access control b. Mandatory access control c. Role-based access control d. Rule-based access control
b? Mandatory access control
What is a risk to data when training a machine learning (ML) application? a. Improper exception handling in the ML program b. Tainted training data for machine learning c. ML algorithm security d. API attack on the device
b? Tainted training data for machine learning
The files in James's computer were found spreading within the device without any human action. As an engineer, you were requested to identify the problem and help James resolve it. During file code inspection, you noticed that certain types of files in the computer have similar codes.You found that the problem is coming from a set of codes that are not part of the actual files, appended at the bottom of the file. You also noticed a transfer control code written at the beginning of the files giving control to the code at the bottom of the file.Which type of infection is this a characteristic of? a. This is a typical characteristic of files infected by keystrokes in an endpoint. b. This is a typical characteristic of an endpoint device infected with a file-based virus attack. c. This is a typical characteristic of a spyware infection in the endpoint device. d. This is a typical characteristic exhibited by files attacked by ransomware in the device.
b? This is a typical characteristic of an endpoint device infected with a file-based virus attack.
In an interview, you were asked to choose the least vulnerable password from the following list. Which of the following should you choose? a. #International$ b. earthwaterforesttreemanworldkid c. honesty d. n2(f!%^*%:(r)!#$
b? earthwaterforesttreemanworldkid
You have been assigned to decide the process used for software application development at your company. Since the products need to be developed and deployed as each module is completed, you chose to go with agile application development. Your manager has requested you consider SecDevOps. Which of the following is a significant and key feature of using SecDevOps that can be considered for selecting this project's development model? a. Reuse of code b. Quarantine c. Automation d. Rigid process
c -Automation
Which threat actors sell their knowledge to other attackers or governments? a. Criminal syndicates b. Cyberterrorists c. Brokers d. Competitors
c -Brokers
Which of the following is a combination of encryption, authentication, and MAC algorithms, like a collection of instructions on securing a network? a. TLS b. Stream cipher c. Cipher suite d. SSH
c -Cipher suite
In a multifactor authentication-enabled facility, you are asked the following question: "What type of food was served on your child's first birthday?" Which of the following is the authentication method used here? a. Physiological biometrics b. Security key authentication c. Cognitive biometrics d. Behavioral biometrics
c -Cognitive biometrics
A learning management system application has been written in Python. While running the application code, the specific program or application that converts the program into machine language is called what? a. Antimalware b. Application software c. Compiler d. Operating system
c -Compiler
Who implements access control based on the security level determined by the data owner? a. Data controller b. Data privacy officer c. Data custodian d. Data processor
c -Data custodian
ABC Enterprises plans to upgrade its internal confidential communication channel for the senior management team, which is geographically spread out, to enhance communication speed and security. They have decided to use cryptography to achieve this but can't decide on which model. The CEO has come to you for your suggestion on whether to use RSA or ECC.What should you recommend to the CEO, and why? a. RSA, as it uses three rounds of encryption. It employs 48 iterations in its encryptions, using different keys each for each round. This makes the message extremely secure while making the communication exchange extremely fast. b. ECC, as it uses three rounds of encryption. It employs 48 iterations in its encryptions, using different keys each for each round. This makes the message extremely secure while making the communication exchange extremely fast. c. ECC, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes making it secure and the communication exchange extremely fast. d. RSA, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes, making it secure and the communication exchange extremely fast.
c -ECC, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes making it secure and the communication exchange extremely fast.
Which of the following is a disadvantage of the secure boot process? a. It requires an operating system like Microsoft OS to ensure secure boot. b. It does not validate the boot process. c. It makes third party non-vendor-approved software difficult to implement. d. It slows down considerably, affecting the performance of the computer.
c -It makes third party non-vendor-approved software difficult to implement.
Which of the following policies restrict employees from being in a position to manipulate security configurations by limiting the time they spend with control of those configurations? a. Clean disk space b. Separation of duties c. Job rotation d. Mandatory vacation
c -Job rotation
Which of the following is an agreement that ensures an employee does not misuse enterprise data? a. Data protection agreement b. Acceptable use policy c. Nondisclosure agreement d. Impossible travel policy
c -Nondisclosure agreement
Alliance Consulting, a company based in France, is shutting down. Louis, the owner of the company, applied to revoke his digital certificate. He is very busy with the other details of shutting the company down and needs to be able to check the certificate's status quickly and easily. Which of the following will help him get a real-time lookup of the certificate's status? a. EV b. CRL c. OCSP d. CSR
c -OCSP
In an interview, you are asked to explain the major objective of having resilience in an organization. How should you respond? a. The major objective of resilience in an organization is to enhance the end-user experience. b. The major objective of resilience in an organization is to achieve the yet-unachieved. c. The major objective of resilience in an organization is to provide uninterrupted services. d. The major objective of resilience in an organization is to attract more customers.
c -The major objective of resilience in an organization is to provide uninterrupted services.
Your company is considering updating several electronic devices used in the enterprise network. The third-party service provider that your company approached says that they require access to the enterprise network in order to implement the updates. As the chief information security officer, you are asked to analyze the requirement and submit a report on potential vulnerabilities when giving a third-party access to the network.Which of the following vulnerabilities should you list as the most likely to affect the enterprise network? a. Weak encryption b. Zero day c. Weakest link d. Default settings
c -Weakest link
Which of the following best describes a Fake RAID? a. Hardware RAID b. Software RAID c. Software RAID assisted by BIOS d. Hardware RAID assisted by BIOS
c Software RAID assisted by BIOS
John needs to add an algorithm for his company communication process, in which encryption uses two keys. One is the public key, and the other one is a private key. Which algorithm will be suitable to achieve this? a. Symmetric cryptographic b. Lightweight cryptographic c. Asymmetric cryptographic d. Private key cryptographic
c? Asymmetric cryptographic
What is the primary difference between credentialed and non-credentialed scans? a. Credentialed scans use advanced scanning tools, while non-credentialed scans do not use tools. b. Credentialed scans are performed by pen testers, while non-credentialed scans are performed by authorized officers. c. Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials. d. Credentialed scans are legal, while non-credentialed scans are illegal.
c? Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials.
You are working as a cloud administrator, and are asked to migrate a virtual machine to a more capable physical machine, as the demand for the service hosted on the VM increased past its limit. As your enterprise still uses conventional switches, migration took time and resulted in customer dissatisfaction. How should you mitigate this issue in the future? a. Use virtual desktop infrastructure b. Implement software-defined visibility c. Implement a software-defined network d. Create containers in the virtual machine
c? Implement a software-defined network
Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators' solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications.What type of attack is this? a. This is an AI attack. b. This is a backdoor attack. c. This is an API attack. d. This is a device driver manipulation attack.
c? This is an API attack.
In an application development model, which of the following uses a sequential development process? a. DevOps deployment b. Rapid application development c. Waterfall development d. Agile development
c? Waterfall development
Which of the following attacks is considered easy, allowing threat actors to access user data and read through passwords and PINs, and why is it considered so? a. A jamming attack, because this attack can be achieved using mobile phone networks. b. A disassociation attack, because the device gets disconnected from the network and can be hacked easily. c. A WDoS attack, because WLANs are less secure and can easily be hacked. d. A WLAN consumer attack, because many users fail to properly configure security on their home WLANs.
d -A WLAN consumer attack, because many users fail to properly configure security on their home WLANs.
Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability? a. A zero-day vulnerability is an easily fixable vulnerability recognized by a software developer, whereas a configuration vulnerability is a major vulnerability present in a system exploited by a threat actor before the software developer can fix it. b. A zero-day vulnerability results from improper hardware configurations, whereas a configuration vulnerability results from improper software configuration. c. A zero-day vulnerability results from users improperly configuring software, whereas a configuration vulnerability results from the developers improperly configuring the software. d. A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software.
d -A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software.
Which penetration testing consultants are not given any knowledge of the network nor any elevated privileges? a. White box b. Bug bounty c. Gray box d. Black box
d -Black box
Which of the following protocol can be used for secure routing and switching? a. DNSSEC b. HTTP c. HTTPS d. IPsec
d -IPsec
Several quantitative tools like mean time between failure (MTBF), mean time to recovery (MTTR), mean time to failure (MTTF), and failure in time (FIT) can be used to predict the likelihood of the risk. Which of these tools perform similar functions? a. MTBF and MTTF b. FIT and MTTR c. MTTF and MTTR d. MTBF and FIT
d -MTBF and FIT
Which of the following is a subset of artificial intelligence? a. Artificial intelligence algorithm b. Data science c. Machine intelligence d. Machine learning
d -Machine learning
Which of the following best describes east-west traffic? a. Movement of data from an unsecured endpoint to a server outside a data center b. Movement of data from a router to an enterprise switch c. Movement of data from one unsecured endpoint to another d. Movement of data from one server to another within a data center
d -Movement of data from one server to another within a data center
Which of the following tools can be used to scan 16 IP addresses for vulnerabilities? a. QualysGuard b. App Scan c. Nessus d. Nessus Essentials
d -Nessus Essentials
Which characteristic of cryptography makes information obscure or unclear, and by which the original information becomes impossible to be determined? a. Authentication b. Nonrepudiation c. Integrity d. Obfuscation
d -Obfuscation
Which of the following uses hardware encryption technology to secure stored data and ensures the inseparability of SEDs among vendors? a. Pad b. Key c. Qubits d. Opal
d -Opal
Which of the following is a social engineering method that attempts to influence the subject before the event occurs? a. Watering hole b. Spear phishing c. Redirection d. Prepending
d -Prepending
John is instructed by his CEO to introduce an employee attendance system that replaces the current manual-sign register. The system cannot use a power supply and must adhere to COVID-19 protection protocols.What method should John use for this system? a. Bluetooth b. WLAN network c. NFC d. RFID
d -RFID
Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next? a. Robert used mimikatz for phishing, and should perform lateral movement next. b. Robert used mimikatz for footprinting, and should install a backdoor next. c. Robert used mimikatz for tailgating, and should perform phishing next. d. Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next.
d -Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next.
Which of the following tools can be used to protect containers from attack? a. Virtual machine manager b. Software-defined networking c. Software-defined visibility d. Security-Enhanced Linux
d -Security-Enhanced Linux
ABC Technologies had its computer network compromised through a cybersecurity breach. A cybersecurity expert was employed to analyze and identify what caused the attack and the damage caused by the attack. He checked an available database for this purpose and found the threat actor behind the attack. He also found out the cybercriminal has been attempting to sell the company's valuable data on the internet. Which are the most probable methods used by the cybersecurity expert to get to this stage of the investigation? a. The cybersecurity expert checked the threat maps and used the MAR report. b. The cybersecurity expert used STIX and checked with CISCP. c. The cybersecurity expert checked the threat maps and used TAXII. d. The cybersecurity expert checked with CISCP and also investigated the dark web.
d -The cybersecurity expert checked with CISCP and also investigated the dark web.
Which operation is carried out by proactively searching security logs for cyber threats that have thus far gone undetected. a. Vulnerability hunting b. Vulnerability scanning c. Data hunting d. Threat hunting
d -Threat hunting
Alex is working for Alpha Technology as a system administrator. The enterprise's sales team uses multiple external drives, often containing confidential data, that they carry between their offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen or lost, and why? a. Use steganography because it gives remote access to the drive, and Alex can remotely disable the drive. b. Implement blockchain in the enterprise because it allows Alex to access the drive's location and remotely disable it. c. Use HSM because it allows Alex to track the device and stop the user from using the device. d. Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.
d -Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.
Attackers have taken over a site commonly used by an enterprise's leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so taking this site will allow for attacks on many organizations.Which type of malicious activity is this? a. Vishing b. Spear phishing c. Hoax d. Watering hole
d -Watering hole
In an interview, you are asked to configure a DNS server on a Linux machine. After successfully configuring the DNS server, you are asked to examine it using a client machine. After changing the nameserver of the client's machine to a newly created server, which of the following commands should you run to validate the DNS server to ensure it is working properly? a. nslookup www.google.com b. ifconfig www.google.com c. ping www.google.com d. dig www.google.com
d -dig www.google.com
John receives an encrypted document using asymmetric cryptography from Alex. Which process should Alex use along with asymmetric cryptography so that John can be sure that the received document is real, from Alex, and unaltered? a. Rivest-Shamir-Alderman b. Elliptic curve cryptography c. Symmetric cryptography d. Digital signature algorithm
d Digital signature algorithm (b?xxxxx -Elliptic curve cryptography)
Which of the following best describes a network hardware security module? a. A network hardware security module is an intrusion detection system that detects any intrusion in a network. b. A network hardware security module is a hardware firewall that monitors incoming and outgoing traffic of a network. c. A network hardware security module is a deception instrument used to deceive threat actors by intentionally deploying vulnerable devices. d. A network hardware security module is a trusted network computer that performs cryptographic operations.
d? A network hardware security module is a trusted network computer that performs cryptographic operations.
Which of the following sets consists of only the core features of a mobile or computing device? a. Small form factor, mobile operating system, microphone and/or digital camera, app stores, local non-removable data storage b. Small form factor, mobile operating system, wireless data network interface for internet access, global positioning system (GPS), local non-removable data storage c. Small form factor, mobile operating system, wireless data network interface internet access, app stores, removable storage media d. Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local non-removable data storage
d? Small form factor, mobile operating system, wireless data network interface for internet access, app stores, local non-removable data storage
The devices in your enterprise are configured with mandatory access control in which salaries.xlsx is labeled "secret," transactions.xlsx is labeled "top secret," and employees.xlsx is labeled "confidential." You were asked to configure the user clearance so that User A can access all three files, while User B can only access employees.xlsx. How should you configure the user clearance? a. User A: confidential; User B: secret b. User A: confidential; User B: top secret c. User A: top secret; User B: secret d. User A: top secret; User B: confidential
d? User A: top secret; User B: confidential
You want to implement an authentication method so that different password attacks, like dictionary attacks, brute force attacks, etc., will not result in unauthorized access to the web application hosted by your enterprise. You want to do this by not using any specialized hardware or making any changes to the user's activity during the authentication process. Which of the following methods should you apply? a. You should implement fingerprint authentication. b. You should implement iris scanning. c. You should implement facial recognition. d. You should implement keystroke dynamics.
d? You should implement keystroke dynamics.
"Computer workstations must be locked when the workspace is unoccupied and turned off at the end of the business day." "Laptops must be either locked with a locking cable or locked in a drawer or filing cabinet." Which policy includes these directives? a. Acceptable use policy b. Onboarding and offboarding c. Least privilege d. Clean desk space
d?? -Clean desk space a?xxxxxxxxxx
Which monitoring methodology will trigger the IDS if any application tries to scan multiple ports? a. Signature-based monitoring b. Heuristic monitoring c. Anomaly-based monitoring d. Behavior-based monitoring
xxx
Which of the following RAID configurations have no fault tolerance? a. RAID level 1 b. RAID level 5 c. RAID level 10 d. RAID level 0
xxx
An attacker has changed the value of a variable used when copying files from one cloud server to a local drive. What is the most likely motive behind the attack? a. The attacker is using an integer overflow attack to initiate a buffer overflow that can allow them to take over the machine. b. The attacker is using a buffer overflow to initiate an integer overflow attack that will give them access to the machine's OS code. c. The attacker is using a buffer overflow to initiate an integer overflow attack that can allow access to private data on the local drive. d. The attacker is using an integer overflow attack that will change the state of the local drive's memory.
xxx
An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks.As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network? a. Implement a Norton Antivirus solution b. Implement BIOS supplemented with CMOS c. Implement measured boot with UEFI d. Use computers with flash memory for booting instead of BIOS
xxx
Containment is most effective when the network is properly designed. Which of the following contributes to effective network design? a. SOAR runbooks b. Access control list c. Network segmentation d. Access control scheme
xxx
In a security review meeting, you proposed using a windowed token with a time-based one-time password (TOTP) to authenticate enterprise employees, and you were asked to explain the working of TOTP.Which of the following should be your reply? a. With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match. b. With a windowed token with TOTP, a one-time code is generated by the server. The server sends the code to the windowed token. The user enters the code. The user gets authenticated for the correct code. c. With a windowed token with TOTP, a one-time code is generated by the windowed token. The windowed token sends the code to the server. The user enters the code generated by the windowed token. The user gets an authentication for the correct code. d. With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using a variant of the specific algorithm. The user enters the code. The user is authenticated if the codes match.
xxx
Justin works for an automobile manufacturer. The company is designing a new car that enables the users to use the car as a mobile office. To achieve this, the car must provide an internet connection as an access point, mirror a smartphone screen on the LED dash display, and have a hands-free system where drivers can use voice controls to browse their phone's contact list, make and receive hands-free phone calls, and use navigation apps.Which technology should he use and why? a. Bluetooth, because it can be used to pair devices, allowing for hands-free and screen mirroring features. b. RFID devices, because they establish two-way communication between devices, which can be used to provide hands-free features with voice control. c. NFC, because it is used to transmit information between devices by a small tag that can help provide hands-free features and an internet connection. d. WLAN, because it can be connected to the car's internal computer system to provide internet and screen mirroring features.
xxx
Kelly is asked to choose a mobile management tool that provides a single management interface for all applications, content, and device management. Which of the following is the best one-step solution? a. Mobile content management (MCM) tool b. Mobile device management (MDM) tool c. Unified environment management (UEM) tool d. Mobile application management (MAM) tool
xxx
Melvin is moving his small business from his basement to an office building now that he has five full-time employees. What type of enterprise AP should he choose when setting up the new office's WLAN? a. Fat AP b. Captive portal AP c. Controller AP d. Standalone AP
xxx
Sigma solutions use hash algorithms in the communications between departments while transferring confidential files. A human resource employee informed you that one of the employees' salary statements sent from her end looks tampered with and requested your help.Which of the following tasks would enable you to identify whether the file is tampered with or not, and how will you make the determination? a. Check the digest for the file size. If the digest file size is different from that of the original digest, it can be concluded that the file has been tampered with. b. Check the file digest for alternate values. If the digest's alternate value is the same in the entire digest, the file can be confirmed to be not tampered with. c. Check whether the original plaintext can be generated from the digest. If the original values can be generated and match the original file, the file has not been tampered with. d. Check the digest of the file with the original digest. If the values are different, it can be confirmed that the file has been tampered with.
xxx
Star Technology is working on a project that needs a communication mode specializing in encryption, where only authorized parties should understand the information. The company also requires accuracy, completeness, and reliability of data throughout the project. The company has contacted you for an ideal cipher mode solution without using a counter. Which mode should you suggest? a. GCM b. HTTPS c. CTR d. CBC
xxx
The protection of which of the following data type is mandated by HIPAA? a. Public data b. Personally identifiable information c. Proprietary data d. Health information
xxx
What is an officially released software security update intended to repair a vulnerability called? a. Default b. Firmware c. Patch d. Vector
xxx
What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation? a. Using SIEM for combining many logs into one record based on IP addresses, usernames, and port numbers b. Using Cisco Firepower for computationally identifying and categorizing opinions, usually expressed in response to textual data, to determine the writer's attitude toward a particular topic c. Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data d. Using Wireshark for detecting hidden and persistent threats from a network
xxx
Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test? a. A vulnerability scan can be done when a regulatory body requires it or on a pre-determined schedule. b. A vulnerability scan is usually automated. c. A vulnerability scan identifies deep vulnerabilities. d. A vulnerability scan is usually a manual process.
xxx
Which of the following is a layer 2 attack? a. DNS poisoning b. DNS hijacking c. ARP poisoning d. DDoS
xxx
Which protocol should John select to prevent unwanted network access and be configured to permit traffic only from specific addresses and provide security? a. WEP b. WPA c. WPS d. MAC
xxx
Which type of threat actor would benefit the most from accessing your enterprise's new machine learning algorithm research and development program? a. Competitors b. Shadow IT c. Criminal syndicates d. Brokers
xxx
Which of the following differentiates an access point probe and a dedicated probe? a. A dedicated probe only monitors RF transmissions, while an access probe can serve as both a probe and an access point that can provide roaming to wireless users. b. A dedicated probe is a standard wireless device that can be configured to act as a wireless probe. In contrast, an access point probe is a wireless adapter plugged into a desktop computer to monitor the RF in the area for transmissions. c. A dedicated probe has the ability t to serve as both a probe and an access point that can provide roaming to wireless users. In contrast, an access point probe only monitors RF transmissions. d. A dedicated probe is a wireless adapter plugged into a desktop computer to monitor the RF in the area for transmissions. In contrast, an access probe is a standard wireless device that can be configured to act as a wireless probe.
a -A dedicated probe only monitors RF transmissions, while an access probe can serve as both a probe and an access point that can provide roaming to wireless users.
Which of the following statements describe a quantum computer? a. A quantum computer is a computer that relies on qubits that can be both 0 and 1 at the same time. b. A quantum computer is a computer that uses the structure of physical gadgets with sensors, software, and other technologies to connect and swap data with other devices and systems over the internet. c. A quantum computer is a computer with a chip on its motherboard that provides cryptographic services, includes a true random number generator, and supports fully asymmetric encryption. d. A quantum computer uses encrypted hardware until the correct password is provided and all data copied to the computer is automatically encrypted.
a -A quantum computer is a computer that relies on qubits that can be both 0 and 1 at the same time.
Blockchain relies on which cryptographic algorithm to make it computationally infeasible to try to replace a block or insert a new block of information without the approval of all entities involved? a. Cryptographic hash algorithms b. Asymmetric cryptographic algorithms c. RSA algorithm d. Symmetric cryptographic algorithms
a -Cryptographic hash algorithms
Sean is an information security architect at a financial firm. As his first project, he must design and build an efficient, sure-shot, yet cost-effective solution to detect and prevent bank credit card fraud. How should Sean proceed? a. Design a solution that keeps track of dates, times, locations of transactions, and geolocation of the authorized cell phone. When a user makes a purchase at a store, the bank can immediately check that the cell phone and the bank card are in the same place. If they are, the purchase is considered legitimate. But if they are not, then the payment is rejected. b. Design a solution that is confined to and hardcoded with a specific place and specific time. If the user makes a transaction at a different place or time, it will be considered an outlier and trigger an alert. c. Design advanced credit card fraud detection solutions using data science and machine learning models trained with millions of historical credit card and debit card transaction data to better detect financial fraud. d. Design a security awareness training program to educate bank customers on phishing and vishing attacks and teach them how to avoid sharing sensitive debit and credit card information via unsolicited telephone calls or emails.
a -Design a solution that keeps track of dates, times, locations of transactions, and geolocation of the authorized cell phone. When a user makes a purchase at a store, the bank can immediately check that the cell phone and the bank card are in the same place. If they are, the purchase is considered legitimate. But if they are not, then the payment is rejected.
Which of the following types of risk control occurs during an attack? a. Detective control b. Physical control c. Preventive control d. Deterrent control
a -Detective Control
Which of the following access management controls best fits a home network? a. Discretionary access control b. Rule-based access control c. Role-based access control d. Mandatory access control
a -Discretionary access control
Which of the following is a physical social engineering technique? a. Dumpster diving b. Hoaxes c. Watering hole d. Pharming
a -Dumpster diving
Which mobile device location-based policy is used to identify geographical location by analyzing media files? a. Geo-tagging b. Geofencing c. Impossible travel d. Geolocation
a -Geo-tagging
Which cloud app security features check the last login's location and current login attempts to restrict login if found suspicious? a. Impossible travel b. Geofencing c. Geo-tagging d. Geolocation
a -Impossible travel
Spectrum Technologies uses SHA 256 to share confidential information. The enterprise reported a breach of confidential data by a threat actor. You are asked to verify the cause of the attack that occurred despite implementing secure cryptography in communication. Which type of attack should you consider first, and why? a. Misconfiguration attack; the company should have configured a higher security hash algorithm rather than using the less-secure SHA 256. b. Known ciphertext attack; the attacker can create the cryptographic keys from ciphertext because of the SHA 256 algorithm. c. Downgrade attack; SHA 256 is vulnerable to downgrades in the operating system to earlier versions, allowing threat actors to easily attack. d. Collision attacks; the threat actor has created a malicious file with the same digest using SHA 256.
a -Misconfiguration attack; the company should have configured a higher security hash algorithm rather than using the less-secure SHA 256.
Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company's critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly? a. No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure. b. No. Dave's COOP plan should not include how data will be recovered in case a terrorist attack shuts down public networks. c. No. Dave's COOP plan should not include how and where employees and resources will be relocated in case of a natural disaster. d. Yes. Dave has successfully created a COOP plan using an "all-hazards approach."
a -No. Dave's COOP plan should not include how critical services and processes will be affected by an IT system failure.
Which feature of cryptography is used to prove a user's identity and prevent an individual from fraudulently reneging on an action? a. Nonrepudiation b. Authentication c. Confidentiality d. Obfuscation
a -Nonrepudiation
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily? a. PCIDSS b. GLB c. FISMA d. SOX
a -PCIDSS
Kainat is asked to suggest a cipher in which the entire alphabet is rotated (as in, A=N, B=O), making it difficult to identify.Which cipher should she suggest? a. ROT13 b. 3DES c. AES d. XOR
a -ROT113
What does ransomware do to an endpoint device? a. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded. b. Ransomware gets accidentally installed in the endpoint device as software along with other programs during the installation process. This happens when the user's installation and download options are overlooked, thus affecting the user application adversely. c. Ransomware infects the endpoint devices and launches attacks on the infected endpoint and other devices connected to the network. d. Ransomware attacks the endpoint device without the consent of the user or the device, discreetly collecting and transmitting information, causing harm to the end user.
a -Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
While preparing a continuity plan, you were asked to choose a technique by which the backup data stored on the cloud can be accessed from any location. Which of the following techniques should you choose? a. Restore the data to virtual machines b. Restore the data to a hot site c. Restore the data to a cold site d. Restore the data to a warm site
a -Restore the data to virtual machines
What is a jump box used for? a. Restricting access to a demilitarized zone b. Switching from a public IP to a private IP c. Bypassing a firewall by generating a log entry d. Deceiving threat actors by intentionally creating vulnerable devices
a -Restricting access to a demilitarized zone
Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company's IM account. Even though no one has clicked on the messages, they are spreading throughout the network. Which type of malicious activity is this? a. Spimming b. Vishing c. Spear phishing d. Whaling
a -Spimming
Which technology under wireless communication is an integrated circuit that securely stores information used to identify and authenticate the IoT device? a. Subscriber identity module b. Narrowband IoT c. Zigbee d. Cellular IoT baseband
a -Subscriber identity module
The risk of DDoS attacks, SQL injection attacks, phishing, etc., is classified under which threat category? a. Technical b. Strategic c. Compliance d. Operational
a -Technical
Which of the following tools can be used for virtual machine sprawl avoidance? a. Virtual machine manager b. Virtual desktop infrastructure c. Software-defined visibility d. Virtual machine escape protection
a -Virtual machine manager
There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing? a. Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them. b. Vulnerability scanning is performed by manually scanning a network for known vulnerabilities. Penetration testing is attempting to manually scan a network for known vulnerability signatures using an advanced scanning tool. c. Vulnerability scanning checks a network for open ports and services. Penetration testing is attempting to manually scan a network for known vulnerability signatures using an advanced scanning tool. d. Vulnerability scanning checks a network for outdated versions of services. Penetration testing is attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them.
a -Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them.
In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE? a. 100,000,000 x 0.75 b. 100,000,000/100 x 0.75 c. 100,000,000/0.75 x 100 d. 100,000,000 x 0.75/.01
a 100,000,000 x 0.75
What is another term commonly used to define cross-site request forgery (CSRF): a. Client-side request forgery b. Server-side request forgery c. Client-server request forgery d. Cross-server request forgery
a?? -Client-side request forgery c?xxxxxxx
Which of the following describes the action of an SQL injection into a database server? a. The SQL injection inserts specially created extensible markup language to manipulate the database taking control of the database giving control to the attacker to manipulate the database. b. The SQL injection inserts specially created structured query language statements to manipulate the database server, giving control of the database to the attacker, who can then manipulate the database. c. The SQL injection is specially created code inserted into a legitimate program, which then lies dormant unless a special logical event triggers it. d. The SQL injection inserts code into the DLL running process, causing the program to function differently than intended.
b - The SQL injection inserts specially created structured query language statements to manipulate the database server, giving control of the database to the attacker, who can then manipulate the database.
An employee at your enterprise is caught violating company policies by transferring confidential data to his private email. As a security admin, you are asked to prevent this from happening in the future. Which of the following actions should you perform? a. You should set up an ACL. b. You should set up a DLP. c. You should set up a VPN. d. You should set up a NAC.
b - You should set up a DLP.
Which of the following best describes a mantrap? a. A mantrap is a challenge given to cybersecurity experts. b. A mantrap is a small space with two separate sets of interlocking doors. c. A mantrap cools a server room by trapping body heat. d. A mantrap separates threat actors from defenders.
b -A mantrap is a small space with two separate sets of interlocking doors.
Shawn is approached by a medical staff team with a request to research and introduce a type of device that will help them record and transmit specific patient details. Which technology would help the team measure and monitor blood pressure and then send those patient details from the smartphone to a phone as a message in case of emergencies? a. RFID b. Bluetooth c. WLAN network d. NFC
b -Bluetooth
Which of the following is a virtualization instance that uses OS components for virtualization? a. VM escape protection b. Container c. Hypervisor d. Host OS
b -Container
Which of the following contains the field that indicates the function of the packet and an identifier field used to match requests and responses and the type of data being transported along with the data itself? a. CCMP b. EAP c. DHCP d. TKIP
b -EAP
Which of the following is the most secure encryption solution to adopt for a Google Android mobile device? a. Full disk encryption b. File-based encryption c. Asymmetric key encryption d. Symmetric key encryption
b -File-based encryption
You have been asked to implement a block cipher mode of operation that requires both the sender and receiver of the message to have access to a synchronous counter that adds an AAD to the transmission. Which operating block cipher mode should you use? a. ECB b. GCM c. CTR d. CBC
b -GCM
While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform? a. HTTP b. IOC c. Telnet d. STIX
b -IOC
An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker's instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials. Which of the following social engineering techniques was used here? a. Hoaxes and impersonation b. Impersonation and phishing c. Spam and phishing d. Hoaxes and spam
b -Impersonation and phishing
What is a variation of a common social engineering attack targeting a specific user? a. Watering holes b. Spear phishing c. Redirection d. Spam
b -Spear phishing
Which of the following sensors is best suited for fire detection? a. Noise detection sensor b. Temperature detection sensor c. Proximity sensor d. Motion detection sensor
b -Temperature detection sensor
Robert has two cryptographic keys, and he needs to determine which of them is less prone to being attacked. The cryptoperiod is limited and equal for both the keys. The first key has a length of 2 and uses 16 characters, while the other key has a length of 3 and uses 15 characters. Which of the following is the best conclusion for Robert to come to? a. The first key is more secure than the second key. b. The second key is more secure than the first key. c. Neither of the keys are secure because they both have a limited cryptoperiod. d. Both the keys are equally secure.
b -The second key is more secure than the first key.
Which of the following is an example of evidence collected from metadata? a. Drive file slack b. Time stamp c. RAM slack d. Chain of custody
b -Time stamp
Which of the following outlines the process of a proxy server? a. User - reverse proxy - Internet - forward proxy - user b. User - forward proxy - Internet - reverse proxy - user c. User - forward proxy - user - reverse proxy - Internet d. User - internet - reverse proxy - forward proxy - user
b -User - forward proxy - Internet - reverse proxy - user
Sam is asked to help his company design a wireless network for their new location. Which of the following protocols has the strongest wireless security, supports a longer bit of encryption, and improved interaction capabilities with the internet of things (IoT) devices? a. WEP b. WPA3 c. WPA d. WPA2
b -WPA3
A machine where the operating system runs an application on top of an operating system is called _______. a. application whitelisting b. a virtual machine c. a quarantine d. a sandbox
b -a virtual machine
You are asked to transfer a few confidential enterprise files using the file transfer protocol (FTP). For ensuring utmost security, which variant of FTP should you choose? a. FTP b. SFTP c. TFTP d. FTPS
b SFTP
Which of the following is NOT a part of business continuity planning? a. Emergency response b. Contingency actions c. Disaster recovery d. Resumption planning
b?? -Contingency actions c?xxxxxx
Malik and Chris are shopping for shoes on an e-commerce website and need to enter their credit card details. Which of the following can assure them that they are using the retailer's authentic website and not an imposter's look-alike site that will steal their credit card details? a. Hash digest b. Digital certificate c. Digital signature d. SSL
b??xx -Digital certificate
Which of the following best describes a faraday cage? a. A Faraday cage is used to dispose of electronic waste. b. A Faraday cage blocks suspicious packets from entering an electronic device. c. A Faraday cage is an enclosure used to block electromagnetic fields. d. A Faraday cage is used to charge the electronic devices.
c -A Faraday cage is an enclosure used to block electromagnetic fields.
Which of the following best describes an acceptable use policy? a. A policy that addresses assigning labels based on the use and importance of information b. A policy that allows only the minimum number of privileges necessary to perform a job or function should be allocated c. A policy that defines the actions users may perform while accessing systems and networking equipment d. A policy that defines the tasks associated with hiring a new employee
c -A policy that defines the actions users may perform while accessing systems and networking equipment
Which of the following devices is similar to Raspberry Pi? a. SoC b. Real-time operating system c. Arduino d. FPGA
c -Arduino
Which of the following best describes bash? a. Bash is a network assessment tool. b. Bash is computer hardware. c. Bash is a command language interpreter. d. Bash is a physical security measure.
c -Bash is a command language interpreter.
Which of the following documents provide alternative modes of operation for interrupted business activities? a. Business impact analysis b. Continuous data protection c. Business continuity plan d. Disaster Recovery plan
c -Business continuity plan
Your company recently purchased routers with new and updated features and deployed them in the highly secure enterprise network without changing the default settings. A few days later, the enterprise network suffered a data breach, and you are assigned to prepare a report on the data breach. Which of the following vulnerabilities should you identify as the source of the breach? a. Third-party vulnerability b. Zero-day vulnerability c. Configuration vulnerability d. Platform vulnerability
c -Configuration vulnerability
Which specific type of attack occurs when a threat actor redirects network traffic by modifying the local host file to send legitimate traffic anywhere they choose? a. On-path browser attack b. Port stealing c. DNS poisoning d. DNS hijacking
c -DNS poisoning
You are the security manager of an ISP, and you are asked to protect the name server from being hijacked. Which of the following protocols should you use? a. IMAP b. FTPS c. DNSSEC d. SFTP
c -DNSSEC
Who ensures the enterprise complies with data privacy laws and its own privacy policies? a. Data custodian/steward b. Data owner c. Data privacy officer d. Data controller
c -Data privacy officer
After a disaster disrupted your organization's functioning, you were assigned to determine the sequence for reinstating systems. Which of the following documents should you refer to when deciding the restoration order? a. Single point of failure b. COOP plan c. Data recovery plan d. Business impact analysis
c -Data recovery plan
Why is maintaining a hot recovery site is important for e-commerce businesses? a. E-commerce businesses should be available all over the world. b. E-commerce businesses will have a significant number of customers. c. E-commerce businesses cannot risk significant downtime. d. E-commerce businesses should provide high security for users' private data.
c -E-commerce businesses cannot risk significant downtime.
What is NOT a principle of agile development? a. Satisfy the customer through early and continuous delivery b. Pay continuous attention to technical excellence c. Follow rigid sequential processes d. Business people and developers work together
c -Follow rigid sequential processes
In an interview, you are asked about the role played by virtual machines in load balancing. Which of the following should be your reply? a. If the load on a virtual machine increases, the RAM or disk space of the VM can be extended until the load is balanced. b. If the virtual machine's load increases, the virtual machines can balance the load by denying further access. c. If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities. d. If the load on a virtual machine increases, the virtual machine can balance the load by rejecting low-priority requests.
c -If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities.
Which of the following describes a memory leak attack? a. In a memory leak attack, an attacker changes the variable's value to something outside the range the programmer had intended. b. Memory leak attacks take advantage of the token generated and sent to the user's browser by the website as part of the authentication. c. In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack. d. A memory leak occurs when a process attempts to store data beyond a fixed-length storage
c -In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.
While analyzing a security breach, you found the attacker followed these attack patterns: The attacker initially tried the commonly used password "passw0rd" on all enterprise user accounts and then started trying various intelligible words like "passive," "partner," etc. Which of the following attacks was performed by the attacker? a. Initially, a brute force attack and then a password spraying attack. b. Initially, a dictionary attack and then a rule attack. c. Initially, a password spraying attack and then a brute force attack. d. Initially, a brute force attack and then a dictionary attack.
c -Initially, a password spraying attack and then a brute force attack.
In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Which of the following actions should you take? a. Post signs indicating the area is under video surveillance b. Build fences that surround the perimeter of the building c. Install motion detection sensors in strategic areas d. Provide security awareness training for all users
c -Install motion detection sensors in strategic areas
Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here? a. Kate has installed a backdoor. b. Kate has installed an injection. c. Kate has installed a potentially unwanted program (PUP). d. Kate has installed a Trojan.
c -Kate has installed a potentially unwanted program (PUP).
Which of the following is an authentication system that issues a ticket after verifying the credentials by which you can authenticate other services? a. RADIUS b. TACACS+ c. Kerberos d. SAML
c -Kerberos
In a security review meeting, you are asked to make sure that the cybersecurity team is constantly updated on the tactics used by threat actors when they interact with systems during an attack. To which of the following attack frameworks will you refer to meet the goal? a. Cyber Kill Chain b. SEAndroid c. MITRE ATT&CK d. The Diamond Model of Intrusion Analysis
c -MITRE ATT&CK
Which of the following is a form of malware attack that uses specialized communication protocols? a. Keylogger b. Spyware c. RAT d. Bot
c -RAT
Fatima is responsible for conducting business transactions for XYZ Company, and she only had the stored private key. She is on leave and currently unavailable, and the organization needs to complete an urgent business transaction. Which of the following methods should enable the organization to access Fatima's private key and digital certificate? a. Revocation b. Escrow c. Recovery d. Renewal
c -Recovery
Which risk remains after additional controls are applied? a. Internal risk b. Control risk c. Residual risk d. Inherent risk
c -Residual risk
You are a security administrator for an enterprise. You were asked to implement a cloud app security function in your enterprise network so that login attempts from identified threat actors can be restricted. Which of the following cloud app security function should you use? a. Suspicious inbox forwarding b. Impossible travel c. Risky IP address d. Activity performed by a terminated user
c -Risky IP address
Which of the following uses vulnerable applications to modify Microsoft registry keys? a. Quarantine b. Executable files attack c. System tampering d. Process spawning control
c -System tampering
Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database: 'whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection? a. The attacker accessed the entirety of email address data from all users in the database. b. The attacker accessed the data of specific users. c. The attacker has determined the names of different types of fields in the database. d. The attacker has used the SQL injection to delete the table in the database.
c -The attacker has determined the names of different types of fields in the database.
During an investigation, it was found that an attacker did the following:Intercepted the request from the user to the server and established an HTTPS connection between the attacker's computer and the server while having an unsecured HTTP connection with the user. This gave the attacker complete control over the secure webpage. Which protocol helped facilitate this attack? a. SSH b. ECB c. SSL d. S/MIME
c SSL
Which encryption device you can use that has the following features? 1. It should allow administrators to remotely prohibit accessing the data on a device until it can verify the user status. 2. It can lock user access completely or even instruct the drive to initiate a self-destruct sequence to destroy all data. a. TPM b. AES c. HSM d. USB device encryption
d - USB device encryption
Suzanne is a cybersecurity expert. She was approached by Alex with a complaint that his payment information has leaked even though he has not made any online payments or shared information with anyone. Suzanne concluded that attackers most likely bumped a portable reader against Alex's smartphone to make an NFC connection and steal the payment information stored on the phone. What should Suzanne suggest to Alex to prevent this type of attack from happening in the future? a. Alex should configure his device pairing so one device can only send and the other onlyreceive. b. Alex should remain aware of the people around him while making NFC payments. c. Alex should protect his smartphone with a unique password or strong PIN. d. Alex should always turn the NFC off while he's in a crowded area.
d -Alex should always turn the NFC off while he's in a crowded area.
Which cryptographic method should Susanne use to ensure that a document can be encrypted with a key and decrypted with a different key? a. Ephemeral b. Symmetric c. Public d. Asymmetric
d -Asymmetric
You are asked to construct a server cluster to provide resilience to the webserver hosted by your enterprise. Which of the following clustering systems should you implement to ensure the standby server only works when the other server fails? a. Unique b. Independent c. Symmetric d. Asymmetric
d -Asymmetric
Which threat actors violate computer security for personal gain? a. Red hat hackers b. Gray hat hackers c. White hat hackers d. Black hat hackers
d -Black hat hackers
Which of the following protects SNMP-managed devices from unauthorized access? a. X.500 b. X.500 lite c. Resource records d. Community string
d -Community string
In an interview, you are asked to differentiate between data protection and data privacy. How should you differentiate between data protection and data privacy? a. Data protection secures data against unauthorized access, while data privacy secures data against authorized access. b. Data protection involves unauthorized data access, while data privacy secures data against authorized access. c. Data protection secures data against authorized access, while data privacy involves unauthorized data access. d. Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access.
d -Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access.
You are a security administrator asked to restrict employees in your organization from accessing their social media accounts at their workplace. Which of the following mobile device location-based policies should you use to accomplish this? a. Geomapping b. Geolocation c. Geo-tagging d. Geofencing
d -Geofencing
Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs. Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers' information until they ensure more secure protocols? a. Script kiddy b. State actor c. Insider d. Hacktivist
d -Hacktivist
Which of the following protocols is embedded in a computer's operating system or communication hardware to secure internet communications? a. TLS b. SSH c. SRTP d. IPsec
d -IPsec
Which one of the following is the most appropriate explanation of photoplethysmography? a. Measuring blood pressure by tracking changes in green light absorption, since human blood absorbs green light b. Measuring heart rate by tracking changes in UV light absorption, since human blood absorbs UV light c. Measuring blood pressure by tracking changes in infrared light absorption, since human blood absorbs infrared light d. Measuring heart rate by tracking changes in green light absorption, since human blood absorbs green light
d -Measuring heart rate by tracking changes in green light absorption, since human blood absorbs green light
You are a security administrator asked to create a certificate signing request (CSR) to secure your enterprise's website. Which of the following tools should you use to accomplish this? a. Cuckoo b. sn1per c. Nessus d. OpenSSL
d -OpenSSL
Which of the following is used to create a sequence of numbers whose output is close to a random number? a. RSA b. DSA c. GnuPG d. PRNG
d -PRNG
An attacker collected many usernames from a website and tried to login into the accounts using the password "passw0rd". What type of attack was this? a. Password phishing b. Brute force attack c. Pass the hash attack d. Password spraying
d -Password spraying
Which of the following is the advantage of penetration testing over vulnerability scanning? a. Penetration testing performs SYN DOS attacks towards a server in a network, while vulnerability scanning only discovers versions of the running services. b. Penetration testing performs automated scans to discover vulnerabilities and prevent penetration, while vulnerability scanning requires manually scanning for vulnerabilities. c. Penetration testing scans a network for open FTP ports to prevent penetration, while vulnerability scanning only discovers versions of the running services. d. Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities.
d -Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities.
What do servers connected in a cluster use to communicate with each other? a. Public cluster connection b. Shared disk connection c. Independent cluster connection d. Private cluster connection
d -Private cluster connection
What is meant by "infrastructure as code" in SecDevOps? a. SecDevOps method of managing code as infrastructure b. SecDevOps method of managing the infrastructure as a software c. SecDevOps method of managing the infrastructure as a service d. SecDevOps method of managing software and hardware using principles of developing code
d -SecDevOps method of managing software and hardware using principles of developing code
Which of the following authentication methods belongs in the "something you have" category? a. Picture password b. Gait recognition c. Keystroke dynamics d. Security key
d -Security key
Several websites use URLs similar to one of the most globally popular websites, attempting to attract traffic if a user misspells the popular website's URL. What is this social engineering technique called? a. Tailgating b. Spam c. Pharming d. Typo squatting
d -Typo squatting
You are working as a security expert in an e-commerce enterprise. Your company recently decided on a short-term collaboration with a small business named BuyMe, and the following issue arose. Whenever your customers purchase any product from BuyMe, the e-commerce website redirects them to the BuyMe website, asking for additional authentication. This results in customers abandoning their purchases. To solve this issue, both enterprises agree to use a single authentication process wherein the users, once logged in to your website, can purchase from BuyMe without additional steps. How should you implement this without storing the customers' credentials on the BuyMe server? a. Use TACACS+ b. Use Using Kerberos authentication c. Use RADIUS authentication d. Use SAML
d -Use SAML