InfoSec MindTap Chapter 1-15 Practice tests
Which of the following is true for KRI?
A KRI exceeding its normal bounds is not always an indicator of compromise.
In an interview, you were asked to analyze the following statements regarding secure network designs and choose the correct one. Which of the following should you choose?
A NAC examines an endpoint before it can connect to the network, denying access to any device that does not meet specific criteria
What is a firewall?
A firewall is a network security system that monitors and controls all incoming and outgoing traffic.
Which of the following requires a carrier to be infected with a file-based virus?
A human to transfer these files from an infected computer
Which of the following correctly describes the action of a logic bomb?
A logic bomb is a malicious code added to a legitimate program that evades detection until a specific event activates it.
What is a session ID?
A session ID is a unique number that a web server assigns to a specific user for the duration of the user's visit.
Which of the following describes state actors using advanced tools to infect a system to silently and slowly extract data?
Advanced persistent threat (APT)
Which of the following is a broad term used for cybersecurity risks in artificial intelligence (AI) and machine learning (ML)?
Adversarial AI
In a security review meeting, Nathan proposed using a software-defined network for easy reconfiguration and enhanced security. How will an SDN enhance the security of Nathan's enterprise network?
An SDN can ensure that all network traffic is routed through a firewall.
Which of the following correctly describes the related monitoring methodology?
Anomaly monitoring is susceptible to false positives by relying on normal behaviors.
Which of the following best describes two-person integrity control?
Assigning two security guards to protect the building
What does the spanning-tree protocol use to recognize the best path?
BPDU
You want to configure your firewall in a way that incoming traffic from a trusted source address gets through at the fastest possible rate. Which rule action should you choose?
Bypass
Your organization is planning to be a part of the CISCP program as a partner. As an information security expert in your company, you are approached by your CEO, who wants to understand how the speed limit of public information centers like CISCP is handled. How should you explain how this speed limit is handled to him?
CISCP implements AIS, which resolves the speed limit issue of public information centers.
In which of the following mobile device deployment models are employees supplied a chosen device paid for by their company for both professional and personal use?
COPE
Craig needs to ensure that both sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged. Which cipher mode would Craig use to achieve this?
CTR
In his technical job interview, Mohan asks about the company policy regarding smartphones. He is told that employees may choose from a limited list of approved devices, but he must pay for the device himself. The company will provide him with a monthly stipend to offset the cost. Which type of enterprise deployment model does this company support?
CYOD
Which of the following mobile device connection methods has a coverage area divided into hexagon-shaped cell transmitters that can measure up to 10 square miles installed in every city?
Cellular telephony network
Jack is appointed on a security farm as an information security officer. The network of the company comprises many varieties of operating systems and application software. During an external security audit, a gap was discovered: The company does not have any framework or governing guidelines to define security defenses for protecting the operating systems, underlying services, and application software. Which framework or set of guidelines should Jack adopt to cover this gap?
Center of Internet Security (CIS) Benchmarks
Which of the following is responsible for issuing digital certificates?
Certificate authority (CA)
Which of the following contains the set of rules that govern the operation of a PKI?
Certificate policy (CP)
In which cipher mode is each block of plaintext XORed with the previous block of ciphertext before being encrypted?
Cipher block chaining (CBC)
What is the attack by which attackers use strong algorithms and capture large sets of ciphertexts to analyze and then inject their own frames?
Ciphertext attack
Which organization's goal is to define and raise awareness of best practices that help secure cloud computing environments?
Cloud Security Alliance (CSA)
Alice is a vulnerability assessment consultant. She was assigned to scan all database servers for vulnerabilities, during which she found a bunch of vulnerabilities. What are the most appropriate parameters that she should consider while prioritizing the top vulnerabilities that need to be fixed?
Common vulnerability scoring system (CVSS) score and true positivity
Unsecure protocols are classified as which type of vulnerability?
Configuration vulnerability
Which of the following HTTP response headers provides protection against injection attacks?
Content security policy
Which of the following vulnerability scans are slower but can provide a deeper insight into the system by accessing a wider range of the installed software and examine the software's configuration settings and current security posture?
Credentialed vulnerability Scans
Which of the following malware types attacks the endpoint device; encrypts files, making them unreadable; and demands the user make payments to retrieve the files?
Cryptomalware
Recently, a computerized electrical power supply unit failed due to a cyberattack. This resulted in a power grid disruption for an entire region of the country. In your study on the attack, how should you categorize the threat actor(s)?
Cyberterrorist
You are assigned to hunt for traces of a dangerous DNS attack in a network. You need to capture DNS attacks that can compromise the command-and-control activities of all devices in the network. What type of DNS attack should you look for?
DNS hijacking
You are working as a cybersecurity administrator for your country's government. You are asked to block certain websites in your country deemed critical of those in power. Which of the following methods should you use?
DNS poisoning
Which protocol has the data origin authentication and data integrity protection feature?
DNSSEC
John is planning to send a critical company document online to Edwin. There is a high risk that John's competitor, Sam, might intervene in this exchange by making malicious changes to the document before Edwin receives it, tricking Edwin into thinking that this document is from John. Which technology should John use to ensure that this type of fraud does not take place?
Digital certificate
In which attack does an attacker force the system to abandon the current higher-security mode of operation and instead "fall back" to implementing an older, less secure mode?
Downgrade attack
Adrian is working on a project in a refinery. He must deploy IoT devices that will alert the central control system when pressure increases in the petrol pipes. What is the best computing location for this project?
Edge
Which feature of a security information and event management (SIEM) tool can help filter multiple alerts detected by different devices for the same event into a single alarm?
Event duplication
Which of the following ensures alerts are generated when existing log data is changed?
File integrity monitor
As a cybersecurity expert, you were assigned to interview prospective employees. The following statements are made by an interviewee on various network security technologies. Which of the following should you accept as a correct statement?
File integrity monitors are also used for detecting malware.
Ramesh is very active on social media. He visits a lot of pages and views a lot of photos. He also uploads most of his photos to social media sites such as Facebook and Instagram. By doing this, he can become a victim of which of the following risks?
GPS tagging
Which of the following is the process of identifying the geographical location of a mobile device?
Geolocation
Which of the following encryption methods is external to the device and provides cryptographic services?
HSM
Ramesh is looking for an external device solution where software-based malware won't compromise data. Ramesh has shortlisted a device that meets the criteria and includes an onboard random number generator and key storage facility while backing up sensitive material in encrypted form. Which of the following has Ramesh selected for his solution?
Hardware security module (HSM)
The CEO of a 10-person organization has asked Rick to implement digital certificates while keeping the cost low. Which of the following model should Rick implement?
Hierarchical trust model
Which of the following is a specialized network security appliance?
Honeypot
Pooja wants to make a list of confinement tools to ensure her operating system is protected from unknown file and application hazards. Which of the following should NOT be used as a confinement tool?
Honeypots
Through which of the following mobile connection vulnerabilities can attackers eavesdrop on data transmissions and view sensitive information?
Hotspots
An enterprise's application server and web server are hosted by a cloud service provider, and their database server is in their cloud establishment. Which type of cloud is used by the enterprise?
Hybrid cloud
Which of the following is a social engineering attack that uses social media and other sources to achieve its goal?
Hybrid warfare influence campaign
Max's email client allows him to organize email into folders on the mail server, read email on different devices, and work with email while offline. Which of the following protocols is used in Max's email client for incoming mail?
IMAP
Which secure protocol allows users without any specialized training for specific security procedures to use security tools by executing programs and applications without depending on underlying communications protocols and not requiring programs and software to be modified while using it?
IP security (IPsec)
What is it called when a threat actor takes information for the purpose of impersonating someone?
Identity theft
Johann is heading a project team creating a hospital accounting application using an RDBMS. When the application is tested by the company's software testing team, it is noticed that the application shows vulnerabilities when incorrect values are entered. What should Johann implement to ensure that the incorrect input vulnerabilities are removed, and values are verified before the application sends data to the database?
Implement input validation
Your enterprise ran out of computing resources due to the increasingly high rate of stored data. You are asked to choose a cloud model in which your enterprise can have the most control over the hardware. Which model should you choose?
Infrastructure as a service
How can a threat actor tunnel through a network, using advanced privileges they've accessed, and look for additional systems that can be accessed from elevated positions?
Lateral movement
Which of the following mobile management technologies supports the creation and subsequent editing and modification of digital content by multiple employees and can also include edit history tracking, version control, indexing, and searching?
MCM
Rohan has been appointed as the chief information security officer at a finance company. At a board meeting on "Information Security Policy Design & Enforcement," he proposes a mobile management solution that provides a high degree of control over a device but a lower level of control on the apps. Applying your knowledge of mobile device security, which of the following mobile management technologies should he suggest to fulfill the requirement?
MDM
To which of the following attacks is FTP vulnerable?
Man-in-the-middle
Which of the following boot security modes provides the highest degree of security?
Measured boot
Which of the following frameworks is used by most companies as a measuring stick to compare their cybersecurity practices to the threats that they face?
NIST Cybersecurity Framework
What is another term for a worm?
Network virus
Which method combines plaintext with a random key to produce the ciphertext?
OTP
Which of the following is a coding technique wherein an application is written so that its functionality is difficult for an outsider to understand?
Obfuscation code
You submitted a network security review report for your organization. After an inspection, the report was returned for corrections with comments from the organizational head. The review report you sent was a pdf file, whereas the returned report was a Microsoft Word file. Word warns you that the file might not be safe to open. Which of the following actions should you take to prevent a possible macros attack?
Open the file in protected view
You are asked to create a certificate signing request for a website that your organization recently developed. Which of the following tools should you use?
OpenSSL
Alice is looking for means of generating random public keys that are different for each session and ensuring that even if the secret key is compromised, it cannot reveal the contents of more than one message. Which of the following is the appropriate solution for Alice?
Perfect forward secrecy
John needs to identify public key systems that generate different, random public keys for each session and, even if a key gets stolen, should not reveal more than one message. Which public key system should John suggest?
Perfect forward secrecy
Seo-jun is a bug bounty hunter. He was hired by an industrial organization to damage the network's security defenses as much as possible. Seo-jun gained initial access to a system in the network by sending a spear-phishing email into the network that installed a virus. What sequence of actions should he perform to achieve repeated and long-term access to multiple systems in the network with a highly privileged account?
Perform privilege escalation, then lateral movement, and then perform backdoor installation
You download a Word file sent to you through email. When you open the file, the file is in a protected view with the option "Enable Editing" visible on top. This happens due to which of the following confinement tools?
Quarantine
Jane sent an encrypted funds transfer message to her bank with her account details. A few days later, she noticed other transactions in her account that she did not authorize. What kind of an attack has Jane likely been subjected to?
Replay attack
MegaCorp is a multinational enterprise. Their customer payment files were recently stolen and sold on the black market. Customers have reported that their credit cards are being charged for fraudulent purchases made in countries where they do not live and have never been. What is the most likely impact on MegaCorp from this attack?
Reputation loss
While attending a cybersecurity training program, Peter raised a question to the trainer: "How does sandboxing protect a system from malicious activities?" How should the trainer answer Peter's question?
Sandboxing allows isolating potential malicious programs using a virtual machine (VM) to impact only the VM.
Which protocol provides a secure extension to transmissions using the real-time transport protocol?
Secure real-time transport protocol (SRTP)
ABC Manufacturing Company is located in Hiroshima, Japan. Being prone to earthquakes, the company decided to implement a backup of their data on a Singapore server. The IT administrator contacted you to identify the optimal command interface protocol for this backup. Which command interface protocol should you advise?
Secure shell
A threat actor employed by the victimized organization is referred to as which of the following?
Shadow IT
Sienna works as a receptionist in an enterprise. One day, she saw a suspicious person wandering around the reception area. What should she do first?
She should interact with him appropriately so that he knows he is being observed.
What separates the control plane from the data plane to virtualize a physical network?
Software-defined network
Carol installed a new application from a free software website that converts avi-formatted files into mpeg format. After installing the application, she noticed that new applications are automatically getting downloaded and installed on the computer. What kind of attack is Carol's computer subjected to?
Spyware
You are asked to install an enterprise network firewall that does not allow packets to get through unless the internal endpoint made the initial request for the information. Which firewall should you choose?
Stateful packet filtering firewall
Mary deals with confidential data that needs to be communicated to clients. How should Mary ensure that confidential data is hidden within other data, the hidden data is difficult to identify, and the encrypted data is confidential?
Steganography
Which of the following processes can conceal a file, message, image, or a video within another file, message, image, or a video?
Steganography
John works in a nuclear power plant. He discovered a worm that was actively targeting Windows computers that manage large-scale SCADA systems. The malware attempted to gain administrative access to other computers through the network to control the SCADA system. Which of the following malware can do all this damage?
Stuxnet
Which protocol is used in AIS?
TAXII
The SSL has been replaced by which cryptographic protocol?
TLS
Over the last few years, an organization has brought up the need to replace old systems. While the organization has made these old systems function with various workarounds, custom middleware applications, and other methods to make up for their shortcomings, it has become increasingly apparent that they need to be replaced soon. Which of the following security concerns does the company face if they continue to use the outdated systems?
The age of the systems means they run on outdated OSs that are no longer supported, making security updates impossible to install
What is the sequence of the rules of engagement during a penetration testing attack?
Timing, scope, authorization, exploitation, communication, clean up, reporting
What is the primary difference in the goals of vulnerability scanning and penetration testing, respectively?
To identify risks by scanning systems and networks; to gain unauthorized access and exploit vulnerabilities
In an interview, you are asked about the objective of Microsoft Office's protected view function. Which of the following should be your answer?
To protect your devices from infections
Smith installed new meeting-scheduling software that automatically sends emails and reminders to the recipient's computer. Smith noticed that after installation, the software was also tracking other applications he accessed on his computer. What is this attack called?
Trojan
Wilson is consulting with Abram to buy a new external storage device for Wilson's enterprise. Wilson gives Abram the following requirements for the device: Allows administrators to remotely prohibit accessing the data on a device if the user is not verified Locks the user out completely the next time the device connects Can instruct the drive to initiate a self-destruct sequence to destroy all data What should Abram suggest to Wilson?
USB device encryption
You are a cybersecurity trainer tutoring students who will be taking a cybersecurity exam. A student has listed the following features of a honeypot on a practice test. Which of the following will you consider as a correct statement?
Using a honeypot allows one to identify threat actor techniques and divert them from legitimate servers.
You are a security expert asked to install physical security equipment in your enterprise. This device should ensure that employee devices are protected from unauthorized access when they are away. Which equipment should you install?
Vaults
A weakest link vulnerability can be caused by mismanagement of which of the following?
Vendor management
XYZ Company is developing an application. After a few months of initial development, they decide to go through quality assurance testing. The tests show poor results. The developers realize that they have to make changes to their application but to do so, they will have to start their development process all over again. What kind of model are they using?
Waterfall model
Which of the following is the target of an attacker in a server-side request forgery (SSRF)?
Web server
Your company's Accounts Payable department reports that an invoice was marked as paid, but the vendor has shown proof they never received any of the $783,296 payment. Accounts Payable confirms that the amount was deducted from the company's accounts, but the recipient account number does not match the vendor's. After an investigation, you discover that the invoice was paid by the Chief Financial Officer. He says he paid the invoice after receiving an after-hours, past-due invoice from the vendor claiming that they would be filing a civil action in court the next morning. Rather than wait for Accounts Payable to come in the next day and verify the invoice date, the CFO immediately paid the full amount. Which type of social engineering attack was your company most likely the victim of?
Whaling
Sherlin was asked by his team lead about a method of connecting devices that replaces their current wired local area network (LAN). Which of the following should he suggest?
Wi-Fi
Which of the following tools has a graphical user interface (GUI)?
Wireshark
In an interview, you are provided the following statements regarding secure protocols. Which of the should you identify as correct?
X.500 Lite is an open protocol, so applications don't need to worry about the type of server hosting the directory, while X.500 is a transmission protocol that speaks directly to the directory service agent.
What is an attack on a NoSQL database compromised by data manipulation when the input is not sanitized by the application?
XML injection
