Cyber Security Final Exam
Which of the following policies would cover what you should do in case of a data breach?
Sensitive data handling policy
Any attack involving human interaction of some kind is referred to as:
Social engineering
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?
Specific/measurable/attainable/relevant/timely
Which of the following best describes a non-disclosure agreement?
A common legal contract outlining confidential material that will be shared during the assessment
Which of the following best describes a supply chain?
A company that provides materials to another company to manufacture a product
Which of the following best describes a script kiddie?
A hacker who uses scripts written by much more talented individuals
Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to?
A lawyer should be consulted on which laws to adhere to and both parties agree
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?
A member of the purple team
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?
Add the cloud host to the scope of work
During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using?
Avoidance
Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action?
BYOD policy
Which type of penetration test is required to ensure an organization is following federal laws and regulations?
Compliance-based
Which of the following best describes the rules of engagement document?
Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?
Ethical hacking
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing?
External (i think)
Which of the following best describes a goal-based penetration test?
Focuses on the end results. The hacker determines the methods
Which of the following is the third step in the ethical hacking methodology?
Gain Access
Which of the following elements is generally considered the weakest link in an organization's security?
Human
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?
Ignore the records and move on
You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed? (has picture)
Internal
Which of the following is considered a mission-critical application?
Medical database
Which of the following is a common corporate policy that would be reviewed during a penetration test?
Password policy
Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system?
Physical attack
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?
Reach out to an attorney for legal advice
A client asking for small deviations from the scope of work is called?
Scope Creep
Which of the following best describes social engineering?
The art of deceiving and manipulating others into doing what you want
Which of the following best describes a gray box penetration test?
The ethical hacker has partial information about the target or network
Which of the following is a limitation of relying on regulations?
They rely heavily on password policies
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off- site location. Which of the following would be the best backup and storage option?
Use incremental backups and store them in a locket fireproof safe
Which type of threat actor only uses skills and knowledge for defensive purposes?
White hat
