ITN260 Midterm
A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court's website was hacked, and the content was replaced with the text "Equal justice for all." Which of the following type of threat actors attacked the court's site? a. Hacktivists b. State actors c. Cyberterrorists d. Insiders
a. Hacktivists
Which of the following is a social engineering method that attempts to influence the subject before the event occurs? a. Redirection b. Prepending c. Spear phishing d. Watering hole
b. Prepending
Which of the following is used to create a sequence of numbers whose output is close to a random number? a. GnuPG b. RSA c. DSA d. PRNG
d. PRNG
An organization has decided to switch security responsibilities from a third party to internal security personnel due to the recent hike in demand for a provided service. As a result, you have been hired by the organization as a cybersecurity specialist. Which of the following will be your initial action for achieving enhanced security in the organization? a. Consult a third party for penetration testing b. Penetration test the entire network with no third-party involvement c. Announce a bounty for identifying bugs d. Perform an automated scan on the entire network
d. Perform an automated scan on the entire network
Which cookie is created by the website a user is currently browsing to store the customer's browsing preference information? a. First-party cookie b. third-party cookie c. Session cookie d. Secure cookie
a. First-party cookie
What is NOT a principle of the agile model? a. Follow rigid sequential processes b. Pay continuous attention to technical excellence c. Business people and developers work together d. Satisfy the customer through early and continuous delivery
a. Follow rigid sequential processes
Which of the following protocols can be used as a tool for secure network backups? a. SSL b. TLS c. SSH d. HTTPS
c. SSH
Blockchain relies on which cryptographic algorithm to make it computationally infeasible to try to replace a block or insert a new block of information without the approval of all entities involved? a. Cryptographic hash algorithms b. Symmetric cryptographic algorithms c. RSA algorithm d. Asymmetric cryptographic algorithms
a. Cryptographic hash algorithms
Which of the following best describes a faraday cage? a. A Faraday cage is an enclosure used to block electromagnetic fields b. A Faraday cage is used to dispose of electronic waste. c. A Faraday cage blocks suspicious packets from entering an electronic device. d. A Faraday cage is used to charge the electronic devices.
a. A faraday cage is an enclosure used to block electromagnetic fields
Which of the following best describes a host-based firewall? a. A host-based firewall is a software firewall that protects a single endpoint device b. A host-based firewall is a software firewall that protects multiple endpoint devices c. A host-based firewall is a hardware firewall that protects a single endpoint device d. A host-based firewall is a hardware firewall that protects multiple endpoint devices
a. A host-based firewall is a software firewall that protects a single endpoint device
Which of the following statements describe a quantum computer? a. A quantum computer is a computer that relies on qubits that can be both 0 and 1 at the same time b. A quantum computer uses encrypted hardware until the correct password is provided and all data copied to the computer is automatically encrypted c. A quantum computer is a computer that uses the structure of physical gadgets with sensors, software, and other technologies to connect and swap data with other devices and systems over the internet d. A quantum computer is a computer with a chip on its motherboard that provides cryptographic services, includes a true random number generator, and supports fully asymmetric encryption
a. A quantum computer is a computer that relies on qubits that can be both 0 and 1 at the same time
Which of the following is a characteristic of a vulenrability scan that is not a characteristic of a penetration test? a. A vulnerability scan is usually automated b. A vulnerability scan is usually a manual process c. A vulnerability scan can be done when a regulatory body requires it or on a pre-determinded schedule d. a vulnerability scan identifies deep vulnerabilities
a. A vulnerability scan is usually automated
Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability? a. A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software. b. A zero-day vulnerability results from improper hardware configurations, whereas a configuration vulnerability results from improper software configuration. c. A zero-day vulnerability results from users improperly configuring software, whereas a configuration vulnerability results from the developers improperly configuring the software. d. A zero-day vulnerability is an easily fixable vulnerability recognized by a software developer, whereas a configuration vulnerability is a major vulnerability present in
a. A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat acots, whereas a configuration vulnerability is caused by improper settings in hardware or software
Tyler is a cybersecurity expert assigned to look after the security of a public DNS server. One day, during his usual inspection of the DNS server, he found that the DNS tabke has been altered, resulting in URL redirection for some users. What type of attack has Tyler discovered? a. DNS hijacking b. DNS poisoning c. XSS d. DDoS
a. DNS hijacking
Wilson has requested your help to suggest an encryption method that will provide the highest security against attacks. Which encryption process should you suggest? a. AES b. RC4 c. Blowfish d. 3DES
a. AES
What are the primary features of a security information event management (SIEM) tool? a. Aggregation, correlation, event deduplication, time synchronization, and alerting b. Aggregation, deep packet investigation, and policy creation c. Filtering, alerting, packet dropping, packet capturing, and traffic analyzing d. Bandwidth monitoring, alerting, and volume measuring
a. Aggregation, correlation, event deduplication, time synchronization, and alerting
John needs to add an algorithm for his company communication process, which encryption uses two keys. One is the public key, and the other one is a private key. Which algorithm will be suitable to achieve this? a. Asymmetric cryptographic b. Private key cryptographic c. Lightweight cryptographic d. Symmetric cryptographic
a. Asymmetric cryptography
Harry works at an automobile parts manufacturer. They sell these parts to retailers and deposit the proceeds in their bank. Using these funds, Harry pays the suppliers and employees. The Accounts Department maintains a ledger of all transactions of materials bought and sold. Similarly, the quality department and operations department also maintain a ledger of all transactions. Over the years, this process has become quite cumbersome, as growing data create confusion. Harry is looking at simplifying the process and has contacted you for a solution. Using which technology can this process be simplified and confusions avoided? a. Blockchain b. TPM c. HSM d. SED
a. Blockchain
Which threat actors sell their knowledge to other attackers or governments? a. Brokers b. Criminal syndicates c. Cyberterrorists d. Competitors
a. Brokers
Wireless data networks are particularly susceptible to which type of attack? a. Ciphertext attack b. Downgrade attack c. Collision attack d. Birthday attack
a. Ciphertext attack
In an interview, the interviewer introduced the following scenario:An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur. Which of the following should you choose? a. Configuration vulnerability b. Physical access vulnerability c. Third-party vulnerability d. Zero-day vulnerability
a. Configuration vulnerability
You are a security expert asked to protect the webservers hosted in your building from exposure to anyone other than server admins. Which of the following physical security methos should you implement ot achieve this? a. Demilitarized zones b. Vault c. Faraday cage d. Protected cable distribution
a. Demilitarized zones
Which of the following statements about domain reputation is correct? a. Domain reputation will be low if the domain is used for distributing malware or launching attacks b. Domain reputation will be high if the enterprise has access to a huge volume of resources c. Domain reputation will be high if the domain is used for distributing malware or launching attacks d. Domain reputation will be low if the enterprise has access to a huge volume of resources
a. Domain reputation will be low if the domain is used for distributing malware or launching attacks
What is meant by "the chain of trust" in boot security? a. Each step in the boot sequence relies on the confirmation from the previous boot sequence step. b. Each step in the boot sequence relies on the operating system logs of the previous boot sequence for boot security. c. Each step in the boot sequence follows its own process independently, trusting the previous sequence step. d. Each step in the boot sequence relies on the confirmation of the hardware root of trust
a. Each step in the boot sequence relies on the confirmation from the previous boot sequence step
Which of the following is an attack vector used by threat actors to penetrate a system? a. Email b. Urgency c. Phishing d. Intimidation
a. Email
Which of the following is the most common method for delivering malware? a. Email b. Removable media c. Identity theft d. Social media
a. Email
You are a cyber forensic expert wanting to protect devices retrieved from a crime scene from being remotely wiped of evidence. Which of the following physical security equipment should you use so that inbound and outbound signals cannot be sent or received? a. Faraday bags b. Protected cable distribution c. Mantraps d. Cable locks
a. Faraday bags
Which of the following penetration testing consultants have imited knowledge of the network and some elevated privileges? a. Gray box b. White box c. Black box d. Bug bounty
a. Gray box
Which of the following protocols is embedded in a computer's operating system or communication hardware to secure internet communications? a. IPsec b. SSH c. TLS d. SRTP
a. IPsec
XYZ University wants to set up a VPN network to connect to the internet and ensure that all their data is safe. They have asked you to recommend the correct communication protocol to use. Which of the following protocols should you recommend and why? a. IPsec, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties. b. HTTPS, because it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties. c. TLS, because it is used to secure communications between a browser and a web server. This ensures data is safe in communications across the network. d. SSH, because it is used to secure communications betwe
a. IPsec, becuase it authenticates that the packets received were sent from the source and ensures that no other party can view the contents. It manages the keys to ensure that they are not intercepted or used by unauthorized parties
An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker's instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials. Which of the following social engineering techniques was used here? a. Impersonation and phishing b. Hoaxes and spam c. Hoaxes and impersonation d. Spam and phishing
a. Impersonation and phishing
Threat actos focused on financial gain often attack which of the following main target categories? a. Individual users b. Social media assets c. REST services d. Product lists
a. Individual users
Which type of intrusion detection system can also block attacks? a. Inline b. Preline c. Postline d. Passive
a. Inline
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance? a. It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels. b. It performs a fast initial scan that identifies open ports and responsive software. c. It identifies configuration and security postures within the network. d. It focuses the full scan by first comparing network configurations against known vulnerability databases.
a. It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels
Which of the following is a disadvantage of the secure boot process? a. It makes third party non-vendor-approved software difficult to implement. b. It does not validate the boot process. c. It slows down considerably, affecting the performance of the computer. d. It requires an operating system like Microsoft OS to ensure secure boot.
a. It makes third party non-vendor-approved software difficult to implement
In an interview, you are asked ot analyze the following statements regarding secure network designs and choose the correct one. Which of the following should you choose? a. Load balancers can detect and stop protocol attacks directed at a server or application b. Workgroup switches reside at the top of the hierarchy and carry traffic between switches c. When VLAN members on the same switch communicate with each other, the switch uses tags to transfer the packets d. Zero trust is designed to make a system trusted
a. Load balancers can detect and sotp protocol attacks directed at a server or application
Max found someone is impersonating him after discovering that data sent to him was always being received by someone else in his enterprise network. He informed the network administrator about the issue. While inspecting the switch, the administrator discovered that the threat actor was another employee at the same enterprise. As a senior security consultant, which of the following attacks should you mention in the charge sheet? a. MAC cloning attack b. DNS poisoning c. DDoS attacl d. MITB attack
a. MAC cloning attack
Keily is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase? a. Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations b. Lack of OS hardening, network design flaw, lack of application hardening, misconfigurations, and brute force c. Lack of OS hardening, network design flaw, lack of application hardening, weak passwords, misconfigurations, and SQL Injections d. Lack of OS hardening, network design flaw, weak passwords, and misconfigurations
a. Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations
What is the secure coding technique that organizes data within the database for minimum redundancy? a. Normalization b. Stored procedure c. Dead code d. Code signing
a. Normalization
Which characteristic of cryptography makes informaiton obscure or unclear, and by which the original information becomes impossible to be determined? a. Obfuscation b. Nonrepudiation c. Authentication d. Integrity
a. Obfuscation
Which characteristic of cryptography makes information obscure or unclear, and by which the original information becomes impossible to be determined? a. Obfuscation b. Nonrepudiation c. Authentication d. Integrity
a. Obfuscation
Which of the following is defined as a structure for governing all the elements involved in digital certificate management? a. PKI b. Web of trust model c. M-of-N control d. CA
a. PKI
What is an officially released software security update intended to repair a vulnerability called? a. Patch b. Firmware c. Vector d. Default
a. Patch
Which of the following best describes an extranet? a. Private network only accessed by an authorized party b. Additional network bandwidth being allocated c. Private network accessed by the public d. Public network accessed by proper authorization
a. Private network only accessed by an authorized party
What is a jump box used for? a. Restricting access to a demilitarized zone b. bypassing a firewall by generating a log entry c. Deceiving threat actors by interntionally creating vulnerable devices d. Switching from a public IP to a private IP
a. Restricting access to a demilitarized zone
While examining the results of a vulnerability scan, you are asked to tackle false positives and false negatives to ensure the accuracy of the result. Which of the following actions will you take? a. Review logs b. Start a threat hunt c. Perform a penetration test d. Maneuver attackers
a. Review logs
Which of the following devices can perform cryptographic erase? a. SED b. HSM c. TPM d. USB device encryption
a. SED
Which of the following terms best describes the process in which a user believes that the browser connection they are using is secure and the data sent is encrypted when in reality, the connnection is insecure, and the data is sent in plaintext? a. SSL stripping b. Revocation c. SQL injection d. API attack
a. SSL stripping
Which protocol is used to prevent looping in a switch? a. STP b. SMTP c. SSL d. SSTP
a. STP
In cybersecurity, a threat actor is an individual or an entity responsible for cyber incidents against the technical equipment of enterprises and users. How should you differentiate an attack by a script kiddie from that of a gray hat hacker? a. Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world b. Script kiddies lack the technical knowledge to carry out attacks, so they hire a hacker to do it, whereas gray hat hackers violate computer security to fulfill their financial needs c. Script kiddies are hired to probe systems for weaknesses and then privately provide that information back to the organization, whereas gray hat hackers break into systems for ideological or political reasons d. Script kiddies construct efficient scripts to perform attacks to fulfill thei
a. Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world
In an interview, Max was asked to tell one difference between a software firewall and a virtual firewall. How should Max answer? a. Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud b. Software firewalls can protect all the endpoints in a network, whereas virtual firewalls can protect only one device c. Virtual firewalls are cost-free, whereas software firewalls are paid services d. Virtual firewalls are used on almost all devices, whereas software firewalls are mostly used by enterprises
a. Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud
Which attack embeds malware-distributing links in instant messages? a. Spim b. Phishing c. Tailgating d. Spam
a. Spim
Which of the following uses vulnerable applications to modify Microsoft registry keys? a. System tampering b. Quarantine c. Executable files attack d. Process spawning control
a. System tampering
As a cybersecurity expert, you are asked to take adequat measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply? a. You should set up a DNS shinkhole b. You should set up a virtual private network c. You should set up a proxy server d. You should set up a host-based firewall
a. You should set up a DNS sinkhole
Which of the following is a primary difference between a red team and a white team? a. The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing. b. The red team provides real-time feedback to enhance the threat detection capability, whereas the white team defines the rules of penetration testing. c. The red team uses an automated vulnerability scanning tool to find vulnerabilities, whereas the white team decides which tool to use in automated vulnerability scanning. d. The red team uses an automated vulnerability scanning tool to find vulnerabilities, whereas the white team defines the rules of penetration testing.
a. The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing
Which operation is carried out by proactively searching security logs for cyber threats that have thus far gone undetected. a. Threat hunting b. Data hunting c. Vulnerability scanning d. Vulnerability hunting
a. Threat hunting
Which encryption is a chip on the motherboard of a computer that provides cryptographic services? a. Trusted platform module b. Hardware security module c. Self-encrypting hard disk drives d. File and File system cryptography
a. Trusted platform module
Several websites use URLs similar to one of the most globally popular websites, attempting to attract traffic if a user misspells the popular website's URL. What is this social engineering technique called? a. Typo squatting b. Pharming c. Span d. Tailgating
a. Typo squatting
Which encryption device you can use that has has the following features? 1. It should allow administrators to remotely prohibit accessing the data on a device until it can verify the user status 2. It can lock user access completely or even instruct the drive to initiate a self-destruct sequence to destroy all data a. USB device encryption b. HSM c. TPM d. AES
a. USB device encryption
Which of the following provides confidentiality services? a. Unauthentication mode b. Authentication mode c. Stream cipher mode d. Transport mode
a. Unauthentication mode
Which of the following outlines the process of a proxy server? a. User - forward proxy - Internet - reverse proxy - server b. User - internet - reverse proxy - forward proxy - user c. User - reverse proxy - Internet - forward procy - server d. User - forward proxy - user - reverse proxy - Internet
a. User - forward proxy - Internet - reverse proxy - server
Which of the following is the most efficient means of discovering wireless signals? a. War flying b. War chalking c. Wardriving d. War cycling
a. War flying
Attackers have taken over a site commonly used by an enterprise's leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so infecting this site will allow for attacks on many organizations. What type of malicious activity is this? a. Watering hole b. Hoax c. Vishing d. Spear phishing
a. Watering hole
Which of the following is a configuration vulnerability? a. Weak encryption b. Direct access c. Zero day d. Weakest link
a. Weak encryption
You are asked to configure your enterprise network in such a way that the customer support team gets a higher priority in the network and can conduct customer video calls without any connectivity issues. Which of the following methods should you apply? a. You should set up quality of service to give higher priority to the customer support team b. You should set up a VPN to give higher priority to the customer support team c. You should set up load balancers to give higher priority to the customer support team d. You should set up masking to give higher priority to the customer support team
a. You should set up quality of service to give higher priority to the customer support team
Which of the following correctly differentiates between a man-in-the-middle (MITM) attack and a man-in-the-browser (MITB)? a. A MITM attack occures between two endpoints, whereas a MITB attack occurs between a browser and web server b. A MITM attack occurs between two endpoints, whereas a MITB attack ocurs between a browser and underlying computer c. A MITM attack can only analyze the intercepted packet, whereas a MITB attack can modify the intercepted packet d. a MITM attack can modify the intercepted packet, whereas a MITB attack can only analyze it
b. A MITM attack attack occurs between two endpoints, whereas a MITB attack occurs between a browser and underlying computer
Which of the following best describes a mantrap? a. A mantrap cools a server room by trapping body heat b. A mantrap is a small space with two separate sets of interlocking doors c. A mantrap is a challenge given to cybersecurity experts d. A mantrap separates threat actors from defenders
b. A mantrap is a small space with two separate sets of interlocking doors
Which of the following can be used to mitigate a limitation of public sharing centers in OSINT? a. HTTPS b. AIS c. TTP d. KRI
b. AIS
Which of the following is an external perimeter defense method? a. Fire supression b. Barrier c. Demilitarized zone (DMZ) d. Electronic lock
b. Barrier
Which threat actors violate computer security for personal gain? a. Gray hat hackers b. Black hat hackers c. White hat hackers d. Red hat hackers
b. Black hat hackers
Sigma Technology is a company based in Singapore, with branches in 24 countries. It needs multiple CAs in different locations to verify and sign digital certificates for the company. They are looking for an option where, even in the absence of a CA, other CAs can issue the certificates. Additionally, they are also looking for CAs who will overlook other CAs in different locations. In such a scenario, which PKI trust model should they use? a. Distributed trust model b. Bridge trust mode c. Hierarchical trust model d. Web of trust model
b. Bridge trust mode
A learning management system application has bee written in Python. While running the application code, the specific program or application that converts the program into machine language is called what? a. Operating system b. Compiler c. Application software d. Antimalware
b. Compiler
What is the primary difference between credentialed and non-credentialed scans? a. Credentialed scans use advanced scanning tools, while non-credentialed scans do not use tools. b. Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials. c. Credentialed scans are legal, while non-credentialed scans are illegal. d. Credentialed scans are performed by pen testers, while non-credentialed scans are performed by authorized officers.
b. Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials
Which issue can arise from security updates and patches? a. Difficulty resetting passwords b. Difficulty patching firmware c. Difficulty updating settings d. Difficulty installing databases
b. Difficulty patching firmware
Alex needs to find a method that can change a single character of plaintext into multiple characters of ciphertext. Which method should Alex use? a. Steganography b. Diffusion c. Obfuscation d. Confusion
b. Diffusion
John and Sarah are working for Star Alliance. John had to send certain confidential data and messages to Sarah online. the use of which of the following will ensure that the message's sender is, in fact, John? a. Digital signature b. Digital certificate c. Public key d. Physical signature
b. Digital certificate
Malik and Chris are shopping for shoes on an e-commerce website and need to enter their credit card details. Which of the following can assure them that they are using the retailer's authentic website and not an imposter's look-alike site that will steal their credit card details? a. Digital signature b. Digital certificate c. Hash digest d. SSL
b. Digital certificate
John receives an encrypted document using asymmetric cryptography from Alex. Which process should Alex use along with asymmetric cryptography so that John can be sure that the received document is real, from Alex, and unaltered? a. Elliptic curve cryptography b. Digital signature algorithm c. Rivest-Shamir-Alderman d. Symmetric cryptography
b. Digital signature algorithm
Which of the following is a process where a private key is split into two halves, encrypted, and stored separately for future use? a. Revocation b. Escrow c. Renewal d. Destruction
b. Escrow
Why was the BIOS framework relocated to flash memory from a complementary metal-oxide-semiconductor (CMOS) in later development? a. Using CMOS, when in ROM, BIOS could not correctly locate the address of the OS, which is not a problem with flash memory b. Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS c. Flash memory solves the problem of poor CMOS performance during the low-battery process, which hampered the BIOS function d. Unlike a CMOS, flash memory prevents malicious activities from taking place within the framework
b. Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS
You have been asked to implement a block cipher mode of operation that requires both the sender and receiver of the message to have access to a synchronous counter that adds an AAD to the transmission. Which operating block cipher mode should you use? a. ECB b. GCM c. CBC d. CTR
b. GCM
While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform? a. STIX b. IOC c. Telnet d. HTTP
b. IOC
Which of the following types of platforms is known for its vulnerabilities due to age? a. On-premises platform b. Legacy platform c. Online platform d. Cloud platform
b. Leagacy platform
A manager working in ABC Consulting shared a list of employees from his team who were eligible for an extra week off. Later, he claimed that he has never shared this list. Which principle or functionality of a secured communication can be used to substantiate or verify the manager's claim? a. Obfuscation b. Nonrepudiation c. Steganography d. Hashing
b. Nonrepudiation
Which feature of cryptography is used to prove a user's identity and prevent an individual from fraudulently reneging on an action? a. Confidentiality b. Nonrepudiation c. Ofuscation d. Authenticaiton
b. Nonrepudiation
Alliance Consulting, a company based in France, is shutting down. Louis, the owner of the company, applied to revoke his digital certificate. He is very busy with the other details of shutting down the company down and needs to be able to check the certificate's status quickly and easily. Which of the following will help him get a real-time lookup of the certificate's status? a. CRL b. OCSP c. CSR d. EV
b. OSCP
Kainat is asked to suggest a cipher in which the entire alphabet is rotated (as in, A=N, B=O), making it difficult to identify. Which cipher should she suggest? a. 3DES b. ROT13 c. XOR d. AES
b. ROT13
Fatima is responsible for conducting business transactions for XYZ Company, and she only had the stored private key. She is on leave and currently unavailable, and the organization needs to complete an urgent business transaction. Which of the following methods should enable the organization to access Fatima's private key and digital certificate? a. Escrow b. Recovery c. Revocation d. Renewal
b. Recovery
Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system. Which task should he perform next? a. Robert should install a backdoor next. b. Robert should perform privilege escalation using a high-privileged account next. c. Robert should perform phishing next. d. Robert should perform lateral movement next.
b. Robert should perform privilege escalation using high-priveleged account next
Which of the following technologies can be used together for data management in security infrastructure and collecting and analyzing data. a. Firewall and IDS b. SIEM and SOAR c. SIEM and IPS d. SOAR and packet sniffer
b. SIEM and SOAR
During an investigation, it was found that an attacker did the following: Intercepted the request from the user to the server and established an HTTPS connection between the attacker's computer and the server while having an unsecured HTTP connection with the user. This gave the attacker complete control over the secure webpage. Which protocol helped facilitate this attack? a. S/MIME b. SSL c. SSH d. ECB
b. SSL
Which of the following is the earliest and most general cryptographic protocol? a. SSH b. SSL c. TLS d. HTTPS
b. SSL
What is meant by "infrastructure as code" in SecDevOps? a. SecDevOps method of managing code as infrastructure b. SecDevOps method of managing software and hardware using principles of developing code c. SecDevOps method of managing the infrastructure as a service d. SecDevOps method of managing the infrastructure as a software
b. SecDevOps method of managing software and hardware using principles of developing code
Which of the following is a deception instrument? a. Forward proxy b. Sinkhole c. WAF d. Reverse proxy
b. Sinkhole
Which of the following is associated with port security? a. Split tunnel b. Spanning-tree protocol c. Masking d. Tokenization
b. Spanning-tree protocol
What is a variation of a common social engineering attack targeting a specific user? a. Watering holes b. Spear phishing c. Redirection d. Spam
b. Spear phishing
Which of the following protocols are used to secure HTTP? a. TLS and SSH b. TLS and SSL c. TLS and SRTP d. SSH and SSL
b. TLS and SSL
What action does a BPDU guard take when a BPDU is received from an endpoint and not a switch? a. The port is disabled, and no traffic will be sent by the port while it can still receive traffic b. The port is disabled, and no traffic will be sent or received by the port c. The port remains active, and no traffic will be received by the port, but it can still send traffic d. The port remains active, and the traffic will be forwarded to another port
b. The port is disabled, and no traffic will be sent or received by the port
Robert has two cryptographic keys, and he needs to determine which of them is less prone to being attacked. The cryptoperiod is limited and equal for both the keys. The first key has a length of 2 and uses 16 characters, while the other key has a length of 3 and uses 15 characters. Which of the following is the best conclusion for Robert to come to? a. The first key is more secure than the second key. b. The second key is more secure than the first key. c. Both the keys are equally secure. d. Neither of the keys are secure because they both have a limited cryptoperiod.
b. The second key is more secure than the first key
Which of the following best describes trusted location in MS Office? a. Trusted location is used to lock important files. b. Trusted location allows you to run macros-enabled files with no security restrictions. c. Trusted location allows you to prevent infected files from damaging the system. d. Trusted location is the place where operating system files are stored.
b. Trusted locaiton allows you to run macros-enabled files with no security restrictions
Samira is developing a virtual private chat application for ABC Consulting. The following are requirements provided by the organizaiton while making the application: 1. All the comunications should happen within the same network, network-to-network 2. The information shared through this app should be kept confidential. Hence, the whole IP packet should be encrypted, giving access to only authorized personnel 3. There should be a private network for network-to-network communciaiton Which fo the following modes should Sara consider for encryption in this project? a. Transport mode b. Tunnel mode c. GCM mode d. Counter mode
b. Tunnel mode
Which of the following best describes VBA? a. VBA is a hardware network security device b. VBA is an event-driven programming language c. VBA is a network assessment tool d. VBA is a command language interpreter
b. VBA is an event-driven programming language
Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake. What type of malicious activity will this be considered? a. Spamming b. Vishing c. Spimming d. Whaling
b. Vishing
What is the inbuild application available to prevent threat actors from modifying the registry in a Windows 10 operating system? a. Windows 10 registry editor b. Windows 10 tamper protection c. Windows 10 user interface d. Windows 10 command prompt
b. Windows 10 tamper protection
Your enterprise is hosting a web app that has limited security. As a security administrator, you are asked to take appropriate measures to restrict threat actos from hijacking users' sessions. Which of the following is the most appropriate action for you to take? a. You should mention "log off after visit" on the web app b. You should implement cryptography using OpenSSL c. You should provide each user a unique static session ID d. You should encrypt the session ID displayed on the URL
b. You should implement cryptography using OpenSSL
An employee at your enterprise is caught violating company policies by transferring confidential data to his private email. As a security admin, you are asked to prevent this from happening in the future. Which of the following actions should you perform? a. You should set up a VPN b. You should set up a DLP c. You should set up a NAC d. You should set up an ACL
b. You should set up a DLP
In an interview, you are asked to configure a DNS server on a Linux michaine. After successfully configuring the DNS server, you are asked to examine it using a client machine. After changing the nameserver of the client's machine to a newly created server, which of the following commands should you run to validate the DNS server to ensure it is working properly? a. ifconfig www.google.com b. dig www.google.com c. ping www.google.com d. nslookup www.google.com
b. dig www.google.com
A source computer's avility to reach a specified destination computer can be tested using which of the following? a. ifconfig b. ping c. curl d. ipconfig
b. ping
You are a security administrator asked to create a certificate signing request (CSR) to secure your enterprise's website. Which of the following should you use to accomplish this? a. Cuckoo b. snlper c. Nessus d. OpenSSL
d. OpenSSL
Which of the following is a layer 2 attack? a. DNS poisoning b. DNS hijacking c. ARP poisoning d. DDoS
c. ARP poisoning
You are asked to configure your firewall in such a way that the traffic from source address range 117.112.10.25 through 117.112.15.100 is allowed, while traffic from 117.112.12.25 through 117.112.13.25 is denied, and traffic from 117.112.12.200 through 117.112.13.10 is allowed. How should you configure the firewall? a. Deny 117.112.12.200 through 117.112.13.10; deny 117.112.12.25 through 117.112.13.25; allow 117.112.10.25 through 117.112.15.100 b. Allow 117.112.12.200 through 117.112.13.10; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.10.25 through 117.112.15.100 c. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10 d. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; allow 117.112.12.200 through 117.112.13.10
c. Allow 117.112.10.25 through 117.112.15.100; deny 117.112.12.25 through 117.112.13.25; force-allow 117.112.12.200 through 117.112.13.10
You oversee your company's physical security, and you are asked to protect their CCTV cameras. The cameras are installed along the pathway, mounted on poles. They need protection from being physically handled by potential intruders. Which of the following fencing deterrents should you use? a. Rotating spikes b. Roller barrier c. Anticlimb collar d. Bollards
c. Anticlimb collar
What is the primary goal of penetration testing? a. Attempt to perform an automated scan to discover vulnerabilities b. Scan a network for open FTP ports c. Attempt to uncover deep vulnerabilities and then manually exploit them d. Perform SYN DOS attack towards a server in a network
c. Attempt to uncover deep vulnerabilities and then manually exploit them
You have been assigned to decide the process used for software application development at your company. Since the products need to be developed and deployed as each module is completed, you chose to go with agile application development. Your manager has requested you consider SecDevOps. Which of the following is a significant and key feature of using SecDevOps that can be considered for selecting this project's development model? a. Quaratine b. Rigid process c. Automation d. Reuse of code
c. Automation
Which of the following best describes bash? a. Bash is a network assessment tool b. Bash is computer hardware c. Bash is a command language interpreter d. Bash is a physical security measure
c. Bash is a command language interpreter
Star Technology is working on a project that needs a communication mode specializing in encryption, where only authorized parties should understand the information. The ocmpany also requires accuracy, completeness, and reliability of data throughout the project. The company has contact you for an ideal cipher mode solution. Which mode should you suggest? a. SSH b. HTTPS c. CBC d. S/MIME
c. CBC
Which of the following is a catalog used by vulnerability scanning software to identify vulnerabilities? a. SOAR b. SIEM c. CVE d. CVSS
c. CVE
Which attack sees an attacker attempt to determine the hash function's input strings that produce the same hash result? a. Known ciphertext attack b. downgrade attack c. Collision attack d. Birthday attack
c. Collision attack
Which specific type of attack occurs when a threat actor redirects network traffic by modifying the local host file to send legitimate traffic anywhere they choose? a. On-path browser attack b. DNS hijacking c. DNS poisoning d. Port stealing
c. DNS poisoning
Which of the following is a state of data, where data is transmitted across a network? a. Data in processing b. Data at rest c. Data in transit d. 3DES
c. Data in transit
Which of the following is part of the OS security configuration? a. Giving all users administrator privileges b. Installing the latest version of OS c. Disabling default passwords and unnecessary ports d. enabling the most secure OS platform
c. Disabling default passwords and unnecessary ports
Which of the following is a physical social engineering technique? a. Hoaxes b. Watering hole c. Dumpster diving d. Pharming
c. Dumpster diving
Under which of the following modes does the ciphertext depend only on the plaintext and the key, independent of the previous ciphertext blocks? a. GCM b. CRT c. ECB d. CBC
c. ECB
An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks. As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network? a. Implement BIOS supplemented with CMOS b. Implement a Norton Antivirus solution c. Implement measured boot with UEFI d. Use computers with flash memory for booting instead of BIOS
c. Implement measured boot with UEFI
ABC Enterprises plans to upgrade its internal confidential communication channel for the senior management team, which is geographically spread out, to enhance communication speed and security. They have decided to use cryptography to achieve this but can't decide on which model. The CEO has come to you for your suggestion on whether to use RSA or ECC.What should you recommend to the CEO, and why? a. RSA, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes, making it secure and the communication exchange extremely fast. b. RSA, as it uses three rounds of encryption. It employs 48 iterations in its encryptions, using different keys each for each round. This makes the message extremely secure while making the communication exchange extremely fast. c. ECC, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes making it secure and the communica
c. ECC, as it uses sloping curves to generate keys. This makes it very secure for smaller key sizes making it secure and the communication exchane extremely fast
Which of the following is physical security equipment for computer hardware? a. Alarmed carrier PDS b. Robot sentry c. Faraday cage d. Bollards
c. Faraday cage
Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the applicaiton. What process did Mary use? a. Dead coding b. Comouflaged coding c. Fuzzing d. Code signing
c. Fuzzing
Which monitoring methodology will trigger the IDS if any application tries to scan multiple ports? a. Anomaly-based monitoring b. Signature-based monitoring c. Heuristic monitoring d. Behavior-based monitoring
c. Heuristic monitoring
What additional measure should be enacted to increase the security on a computer network after secure boot, protective measures from attacks like antimalware, and intrusion detection systems are implemented in all the computers on the network? a. Implement an antivirus solution in all systems and servers b. Disable operating system patch updates to prevent malicious attacks c. Implement hardening at endpoints with patch management and operating system safeguards d. Disable connections on the Wi-Fi network
c. Implement hardening at endpoints with patch management and operating system safegaurds
A company monitors the network activity of the organization and stores the logs in a database. You have been asked to identify whether there are any malicious activities in the network. Which of the following can denote the upper and lower bounds of their varioius network activites? a. TTP b. Threat maps c. KRI d. OSI model
c. KRI
Which of the following is a process where a key is divided into a specific number of parts and distributed ot multiple, with some of them having the same parts of the key? a. Renewal b. Revocation c. M-of-N control d. Key escrow
c. M-of-N control
In an interview, you are given the following scenario: David sent a message to Tina saying, "There is no school today!" For some reason, the message shoed up on Tina's device as, "Come to the school ASAP!" You (the candidate) are asked to name the type of attack that would cause this situation. Which of the following should you identify? a. Macro attack b. DNS hijacking c. MITM d. DDoS
c. MITM
A company has approached you for their product testing, and you agree to do it. First, you have to install the necessary plugins for the software through the browser, install the software, and run the software again. What procedure should you adopt to ensure that you don't compromise the browser and the computer's operating system? a. Make sure that the browser's CSP policy is set, then quarantine the software file, then access the software using an active directory, use a sandbox to run the softwre b. Deploy the OS securities, check for vulnerabilities in the plugins, quarantine the software before installing, and send a secure cookie to the server c. Making sure that the OS's security options are deployed, run the antivirus/antispyware on the files downloaded, run the software on HSTS/HTTPS mode, and then send a secure cookie to the server d. Make sure that the antivirus/antispyware is run on the plugins, run the s
c. Making sure that the OS's security options are deployed, run the antivirus/antispyware on the files downloaded, run the software on HSTS/HTTPS mode, and then send a secure cookie to the server
Spectrum Technologies uses SHA-256 to share confidential information. The enterprise reported a breach of confidential data by a threat actor. You are asked to verify the cause of the attack that occurred despite implementing secure cryptography in communication. Which type of attack should you consider first, and why? a. Known ciphertext attack; the attacker can create the cryptographic keys from ciphertext because of the SHA-256 algorithm b. Downgrade attack; SHA-256 is vulnerable to downgrades in the operating system to earlier versions, allowing threat actos to easily attack c. Misconfiguration attack; the company should have configured a higher security hash algorithm rather than using the less-secure SHA-256 d. Collsion attacks; the threat actor has created a malicious file with the same digest using SHA-256
c. Misconfiguration attack; the company should have configured a higher security has algorithm rather than using the less-secure SHA-256
Which of the following best describes east-west traffic? a. Movement of data from a router to an enterprise switch b. Movement of data from an unsecured endpoint to a server outside a data center c. Movement of data from one server to another within a data center d. Movement of data from one unsecured endpoint to another
c. Movement of data from one server to another within a data center
Which of the following tools can be used to scan 16 IP addresses for vulnerabilities? a. App scan b. QualysGuard c. Nessus Essentials d. Nessus
c. Nessus Essentials
What is the fastest-running vulnerability scan, and why does this type of scan run so fast? a. Non-intrusive scans find deep vulnerabilities that would have otherwise gone unnoticed. b. Intrusive scans can provide a deeper insight into the system by accessing the installed software by examining the software's configuration settings and current security posture. c. Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests. d. Credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests.
c. Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests
Which of the following uses hardware encryption technology to secure stored data and ensures the inseparability of SEDs among vendors? a. Pad b. Key c. Opal d. Qubits
c. Opal
Which of the following techniques is a method of passive reconnaissance? a. War flying b. War driving c. Open Source Intelligence (OSINT) d. Port scanning
c. Open Source Intelligence (OSINT)
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily? a. SOX b. GLB c. PCIDSS d. FISMA
c. PSIDSS
John is a project manager with an IT firm, and his current project of developing an ERP application is in the development stage. Currently, the application is not yet mature or stable enough to be placed in a test environment. Which of the following secure coding review techniques is applicable for his project? a. Perform a structured manual analysis of code b. Perform a static binary code analysis c. Perform static code analysis d. Perform dynamic code analysis
c. Perform static code analysis
Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming? a. Phishing involves sending customized emails to recipients, including their names and personal information, to make the message appear legitimate, whereas pharming is a variant of phishing that specifically targets wealthy individuals or senior executives within a business. b. Phishing involves sending millions of generic email messages to a large volume of users, whereas pharming targets specific users by sending emails customized to the recipients, including their names and personal information. c. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted i
c. Phishing involves sending an email message or displaying a web announcement that falsely claims to be form a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP
Which of the following can prevent macros attacks? a. Private DNS server b. VBA c. Protected view d. PowerShell
c. Protected view
Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats? a. White team b. Blue team c. Purple team d. Red team
c. Purple team
Ronald is a software architect at MindSpace Software. He has been approached to develop a critical applicaition for a finance company. The company has asked him to ensure that the employed coding process is secure. They have also requested that the project be completed in a few months, with a minimum version of the identified functionalities provided. The other functionalities can be developed later and added to the software while the application is live. Which development process would be ideal for Ronald to employe to achieve this objective? a. Ronald can employ a waterfall model to meet the requirements by testing the code at every phase of development b. Ronald can employe an agile development model to meet the requirements with penetration testing done on the modules c. Ronald can employ the SecDevOps model to meet the requirements of the client d. Ronald can employe the rapid development model to meet the requi
c. Ronald can employ the SecDevOps model to meet the requirements of the client
Which of the following digital certificates are self-signed and do not depend on the higher-level certificate authority (CA) for authenticaiton? a. Intermediate digital certificates b. Domain digital certificates c. Root digital certificates d. User digital certificates
c. Root digital certificates
Sarah needs to send an email with important documents to her client. Which of the following protocols ensures that the email is secure? a. SSH b. SSL c. S/MIME d. SHTTP
c. S/MIME
Amtel University decides to keep a record of their student data in a backup server. The administrator contacts you to identify the right command interface protocol to be used in this. Which command interface protocol should you advise? a. SSL b. TLS c. SSH d. HTTPS
c. SSH
A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take? a. Scan all devices, each for a very short time b. Scan all endpoint devices c. Scan the most important devices for as long as it takes for each device d. Scan only infrastructure devices for a very short time
c. Scan the most important devices for as long as it takes for each device
Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company's IM account. Even though no one has clicked on the messages, they are spreading throughout the network. Which type of malicious activity is this? a. Spear phishing b. Whaling c. Spimming d. Vishing
c. Spimming
Which fo the following correctly differentiates between Tcpreplay and Tcpdump? a. Tcpdump can analyze, edit, and load the edited packet back to the network, whereas Tcpreplay can only be used to analyze the packets b. Tcpdump is a packet capture tool without GUI, whereas Tcpreplay is a packet capture tool with GUI c. Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network d. Tcpdump is a packet capture tool with GUI, whereas Tcpreplay is a packet capture tool without GUI
c. Tcpdump can only be used to analyze the packets, whereas Tcpreplay can analyze, edit, and load the edited packet back to the network
How do NACs ensure that a device is safe to connect to a secure network? a. The NAC ensures the safety of the device by deleting all suspicious files b. The NAC encrypts all of the data on an unknown device before connecting it to the secured network c. The NAC issues a health certificate, only allowing healthy devices to connect to the secured network d. The NAC moves suspicious data on an unknown device onto an external storage device
c. The NAC issues a health certificate, only allowing healthy devices to connect to the secured network
Which technology allows scattered users to be logically grouped even when they are connected to different physical switches? a. WAN b. VPN c. VLAN d. LAN
c. VLAN
Which of the following is NOT an attack on cryptography? a. Algorithm attack b. Collission attack c. Watering hole attack d. Birthday attack
c. Watering hole attack
A cybercriminal attempts to trick a computer's user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage. What should the user implement to avoid this situation? a. CSP b. HSTS c. X-Frame d. X-XSS
c. X-Frame
Which HTTP response header should be used to prevent attackers from displaying their content on a website? a. HSTS b. X-XSS c. X-Frame-Option d. CSP
c. X-Frame-Option
As a cybersecurity specialist, you are asked to defend the web app hosted by your enterprise from web application attacks like cross-site scripting, SQL injections, etc. Which of the following actions should you take? a. You should install a NGFW b. You should install an NAT c. You should install a WAF d. You should install a proxy server
c. You should install a WAF
After encountering a network attack in your enterprise network, the chief network security engineer assigned you a project. The project was to create a vulnerable network that is similar to your enterprise network and entices the threat actor to repeat the attack. This is to analyze the bahvior and techniques the attacker is using to ensure better defenses to your enterprise network in the future. Which of the following applicances should you use? a. You should set up a network access control b. You should use a proxy server c. You should use a honeynet d. You should set up behavioral IDS monitoring
c. You should use a honeynet
In an interview, you are asked to change the permissions of a file on a Linux system so that the file can only be accessed by its owner. Which of the following tools should you use? a. Nessuss b. grep c. chmod d. Cuckoo
c. chmod
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary? a. Purple team b. White team c. Red team d. Blue team
d. Blue team
Which of the following best describes a network address translation? a. A network address translation (NAT) is a device that combines several security functions like packet filtering, anty-spam, anti-phishing, anti-spyware, encryption, intrusion protection, and web filtering b. A network address translation (NAT) blocks specific websites or attacks that attempt to exploit known vulnerabilities in specific client software c. A network address translation (NAT) can detect applications using deep packet inspection by examining the packet payloads and determining if they are carrying any malware d. A network address translation (NAT) enables a private IP network to connect to the internet
d. A network address translation (NAT) enables a private IP network to connect to the internet
Which of the following best describes a network hardware security module? a. A network hardware security module is a hardware firewall that monitors incoming and outgoing traffic of a network b. A network hardware security module is an intrusion detection system that detects any intrusion in a network c. A network hardware security module is a deception instrument used to deceive threat actos by intentionally deploying vulnerable devices d. A network hardware security module is a trusted network computer that performs cryptographic operations
d. A network hardware security module is a trusted network computer that performs cryptographic operations
You are analyzing the settings for your network's firewall. There is currently a log-only rule set for the source address 112.101.2.4. Which of the following configuration may create a log entry? a. A rule is set to deny all packets from 112.101.1.1 through 112.101.2.11 b. A rule is set to bypass all packets from 112.101.1.1 through 112.101.2.5 c. A rule is set to bypass all packets from 112.101.2.4 d. A rule is set to allow all packets from 112.101.2.1 through 112.101.2.22
d. A rule is set to allow all packets from 112.101.2.1
Which of the following is a major objective of a packet analysis? a. Ensure physical security b. Estimate network cost c. Calculate employee work hours d. Assess and secure networks
d. Assess and secure networks
Which cryptographic method should Susanne use to ensure that a document can be encrypted with a key and decrypted with a different key? a. Public b. Ephemeral c. Symmetric d. Asymmetric
d. Asymmetric
Which penetration testing consultatns are not given any knowledge of the network nor any elevated privileges? a. bug bountry b. White box c. Gray box d. Black box
d. Black box
A new e-commerce startup with global operations is looking for a method to manage its supply-chain data for production. Instead of using bar codes, scanners, paper forms, and individual databases, making the system difficult to use, which method should be used to quickly track shipments? a. File and file system cryptography b. USB device encryption c. Full disk encryption d. Blockchain
d. Blockchain
Sigma Solutions use hash algorithms in the communications between departments while transferring confidential files. A human resource employee informed you tat one of the employees' salary statements sent from her end looks tampered with and requested your help. Which of the following tasks would enable you to identify whether the file is tampered with or not, and how will you make the determination? a. Check the dgest for the file size. If the digest file size is different from that of the original digest, it can be concluded that the file has been tampered with. b. Check whether the original plaintext can be generated from the digest. If the original values can be generated and match the original file, the file has not been tampered with c. Check the file digest for alternate values. If the digest's alternate value is the same in the entire digest, the file can be confirmed to be not tampered with. d. Check the dig
d. Check the digest of the file with the original digest. if the values are different, it can be confirmed that the file has been tampered with.
A company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred. Which of the following actions would help achieve this objective? a. Checking the green web b. Cehcking the surface web c. Implementing TCP/IP protocols across the network d. Checking the dark web
d. Checking the dark web
Your company recently purchased routers with new and updated features and deployed them in the highly secure enterprise network without changing the default settings. A few days later, the enterprise network suffered a data breach, and you are assigned to prepare a report on the data breach. Which of the following vulnerabilities should you identify as the source of the breach? a. Platform vulnerability b. Zero-day vulnerability c. Third-party vulnerability d. Configuration vulnerability
d. Configuration vulnerability
Sansa is a network security administrator at an enterprise. She is asked to take appropriate steps to defend against a MAC address spoofing attack in the enterprise network. Which of the following methods should Sansa apply? a. Increase the capacity of CAM to allow for an increased volume of MAC addresses b. Configure the switch so that no changes can be done once a port is assigned to a MAC address c. Close all unused ports in the switch so that old MAC addresses are not allowed d. Configure the switch so that only one port can be assigned per MAC address
d. Configure the switch so that only one port can be assigned per MAC address
ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages and data between offices to communicate important market information, employee decisions, financial decisions, etc., for management consideration and senior-level decision making. Since these decisions impact the local employees and global businesses, they suspect that the data may be prone to attacks from threat actors internally and externally. While one of the senior systems administrators suggested implementing steganography to achieve this objective, the IT Department head at another branch suggested implementing cryptography. The management team has now called you for expert advice to select the best method to implement in the enterprise.What should your advice be, and why? a. Steganography should be implemented because it allows information to be viewed only by authorized users and checks whether information has been
d. Cryptography should be implemented becuase it allows information to be viewed only by authorized users and checks whether the information has been altered or changed by anyody. It also makes the informaiton unlear, even if other users see it. Cryptography is a more advanced technology than steganography. These features make cryptography the right choice for the enterprise to implement.
Which of the following best describes DLP? a. DLP is a VPN protocol b. DLP is a protocol used to transfer data within switches c. DLP is used to control access to digital assets d. DLP is used to prevent leakage of confidential data
d. DLP is used to prevent leakage of confidential data
During an interview, you are provided the following scenario: The enterprise that you recently joined is using the ISP DNS server to resolve domain names. You are asked which specific attack will need to be mitigated first to secure the enterprise network. Which of the following attacks should you choose? a. MAC cloning b. Session replay attack c. DDoS attack d. DNS hijacking
d. DNS hijacking
Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network? a. Tailgating b. Vishing c. Phishing d. Footprinting
d. Footprinting
Which encryption method in BitLocker prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer? a. Filesystemcryptography b. Blockchain c. GNU privacy guard d. Full disk encryption
d. Full disk encryption
Which endpoint application runs on an endpoint device that only detects an attack in an endpoint device? a. Cookies b. HIPS c. EDR d. HIDS
d. HIDS
Hacktivists and state actors are huge threats to government systems. What is the main difference between hacktivists and state actors? a. Hacktivists are covertly sponsored by a government to attack its foes, whereas state actors misuse a computer system or network for personal, social, or political reasons b. Hacktivists attack a nation's network and computer infrastructure to cause disruption and panic among citizens, whereas state actors attack their own enterprise network for political revenge or personal gain c. Hacktivists attack their own enterprise network for political revenge or personal gain, whereas state actors attack a nation's network and computer infrastructure to cause disruption and panic among citizens. d. Hacktivists misuse a computer system or network for socially or politically motivated reasons, whereas state actors are covertly sponsored by a government to attack its foes.
d. Hacktivists misuse a computer system or network for socially or politcally motivated reasons, wheras state actors are covertly sponsored by a government to attack its foes
Which of the following computing platforms is highly vulnerable to attacks? a. Hybrid b. On-premises c. Cloud d. Legacy
d. Legacy
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed? a. Escalate the situation to a higher analyst b. Only look at the accuracy of the vulnerability c. Only look at the highest priority vulnerability d. Look at the priority and the accuracy of the vulnerability
d. Look at the priority and the accuracy of the vulnerability
Sheena wants to make sure that her browser activity is safe and prevent others from intercepting her data as it is transmitted over the browser. What should Sheena do to achieve this objective? a. Send a secure cookie over the browser to the server b. Make sure that the content security policy is in place c. Fill all her forms through hidden fields only d. Only visit websites that are hosted over HTTPS or HSTS
d. Only visit websites that are hosted over HTTPS or HSTS
You work for an enterprise that provides various cybersecurity services. You are assigned to examine an enterprise's network and suggest security measures modifications, if necessary. On examining the network, you find that the enterprise hosts most of its computing resources on a cloud platform and few resources on-premises, and both seem to have secure settings implemented. You also find that the enterprise computers use the Windows XP operating system. Which of the following vulnerabilities should you insist on fixing first? a. Configuration vulnerability b. Third-part vulnerability c. Zero-day vulnerability d. Platform vulnerability
d. Platform vulnerability
Which of the following techniques is the best fit for monitoring traffic on switches with large volumes of traffic? a. Signature-based monitoring b. Port spanning c. Port mirroring d. Port TAP
d. Port TAP
Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity? a. CIS Controls b. Cybersecurity framework (CSF) c. ISO 27001 d. Risk management framework (RMF)
d. Risk management framework (RMF)
Daniel accidentally installed a vulnerable application. Which of the following system exploitations would NOT be caused by the vulnerable application? a. Process spawning control b. Executable files attack c. System tampering d. Social engineering and phishing attacks
d. Social engineering and phishing attacks
Which function in cryptography takes a string of any length as input and returns a string of any requested variable length? a. Filesystem b. BitLocker c. Steganography d. Sponge
d. Sponge
Which of the following sensors is best suited for fire detection? a. Noise detection sensor b. Motion dection sensor c. Proximity sensor d. Temperature detection sensor
d. Temeprature detection sensor
Which are the most probable methods used by the cybersecurity expert to get to this stage of the investigation? a. The cybersecurity expert checked the threat maps and used the MAR report. b. The cybersecurity expert checked the threat maps and used TAXII. c. The cybersecurity expert used STIX and checked with CISCP. d. The cybersecurity expert checked with CISCP and also investigated the dark web.
d. The cybersecurity expert checked with CISCP and also investigated the dark web
Which of the following is a characteristic of electronic code book (ECB) mode? a. Only one characte is processed at a time b. It requires access to a synchronous counter for both the sender and receiver of the message c. Each block of plaintext is XORed with the previous block of ciphertext f before being encrypted, making it susceptible to attacks d. Two identical plaintext blocks are encrypted into two indentical ciphertext blocks, making them susceptible to attacks
d. Two identical plaintext blocks are encrypted into two identical ciphertext blocks, making them susceptible to attacks
Alex is working for Alpha Technology as a system administrator. The enterprise's sales team uses multiple external drives, often containing confidential data, that they carry between their offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen or lost, and why? a. Use steganography because it gives remote access to the drive, and Alex can remotely disable the drive. b. Use HSM because it allows Alex to track the device and stop the user from using the device. c. Implement blockchain in the enterprise because it allows Alex to access the drive's location and remotely disable it. d. Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.
d. Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user
Maze must establish a communication channel between two data centers. After conducting a study, she came up with the idea of establishing a wired connection between them since they have to communicate in unencryted form. Considering the security requirements, Maze proposed using an alarmed carrier PDS over a hardened carrier PDS. Why would Maze make this suggestion in her proposal? a. Data transmission between buildings wouldn't be possible if they used a hardened carrier PDS b. Network speeds would be slowed too much if they used a hardened carrier PDS c. Using a hardened carrier PDS would restrict their ability to transfer large amounts of data d. Using a hardened carrier PDS would require someone to conduct periodic visual inspections
d. Using a hardened carrier PDS would require someone to conduct periodic visual inspections
There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing? a. Vulnerability scanning is performed by manually scanning a network for known vulnerabilities. Penetration testing is attempting to manually scan a network for known vulnerability signatures using an advanced scanning tool. b. Vulnerability scanning checks a network for outdated versions of services. Penetration testing is attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them. c. Vulnerability scanning checks a network for open ports and services. Penetration testing is attempting to manually scan a network for known vulnerability signatures using an advanced scanning tool. d. Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signa
d. Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them
In application development model, which of the following uses a sequential design process? a. DevOps deployment b. Agile development c. Rapid application development d. Waterfall development
d. Waterfall development
Which of the following is a standard format for digital certificates? a. JPG b. .cer c. MPEG-4 Part 14 d. X.509
d. X.509
The head of cybersecurity at your enterprise has asked you to set p an IDS that can create the baseline of all system activities and raise an alarm whenever any abnormal activities take place, without waiting to check the underlying cause. Which of the following actions should you take? a. You should set up an IDS with signature-based monitoring methodology b. You should set up an IDS with heuristic monitoring methodology c. You should set up an IDS with behavior-based monitoring methodology d. You should set up an IDS with anomaly-based monitoring methodology
d. You should set up an IDS with anomaly-based monitoring methodology
Which of the following is a third-party network analysis tool? a. netstat b. hping c. curl d. nmap
d. nmap