Practice test 1 CIS
Which of the following sets consists of only the core features of a mobile or computing device?
???
Which of the following is a characteristic of a potentially unwanted program (PUP)?
A PUP interferes and obstructs the user with web browsing and pop-up windows.
Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability?
A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software.
Which of the following can be used to mitigate a limitation of public sharing centers in OSINT?
AIS
You have been assigned to decide the process used for software application development at your company. Since the products need to be developed and deployed as each module is completed, you chose to go with agile application development. Your manager has requested you consider SecDevOps. Which of the following is a significant and key feature of using SecDevOps that can be considered for selecting this project's development model?
Automation
Which threat actors violate computer security for personal gain?
Black hat hacker
Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team's attacks and shore up security defenses as necessary?
Blue team
Japan's cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as?
Bot herder
Which threat actors sell their knowledge to other attackers or governments?
Brokers
Shanise is an IT security professional for a large private bank. She got an alert that the bank website received a funds transfer request that was correctly credentialed but flagged as being out of the account owner's usual pattern. If the alert is correct, what type of attack has likely occurred?
CSRF attack
A company has its network compromised. As an expert professional, the organization has hired you to identify the probable cause of the attack and fix it. As a security professional, you have noticed the pattern of compromise is unlike anything previously seen. You are looking to find new information on vulnerabilities like the attack that occurred. Which of the following actions would help achieve this objective?
Checking the dark web
Which of the following mobile device enterprise deployment models are implemented so that employees in an organization are offered a suite of security, reliability, and durability choices that the company has already approved?
Choose your own device (CYOD)
What is another term commonly used to define cross-site request forgery (CSRF):
Client-side request forgery
Which type of threat actor would benefit the most from accessing your enterprise's new machine learning algorithm research and development program?
Competitors
A learning management system application has been written in Python. While running the application code, the specific program or application that converts the program into machine language is called what?
Compiler
Your company recently purchased routers with new and updated features and deployed them in the highly secure enterprise network without changing the default settings. A few days later, the enterprise network suffered a data breach, and you are assigned to prepare a report on the data breach. Which of the following vulnerabilities should you identify as the source of the breach?
Configuration vulnerability
Zyan works for ABC Technology. The enterprise wants to provide smartphones to all its employees. They can choose from a limited list of approved mobile devices. But they need to pay for the device themselves. The company will pay them a monthly stipend. Which deployment method should Zyan suggest to meet his company's needs?
Corporate-owned device (COD)
Marcus is an information security architect at a product-based IT firm. He is responsible for developing policies for the most-secure mobile device enterprise-deploying model. The company will decide the level of choice and freedom for employees. Employees are supplied company-chosen and paid-for devices that they can use for both professional and personal activities. This action is performed under which enterprise deployment model?
Corporate-owned, personally enabled (COPE)
What is the primary difference between credentialed and non-credentialed scans?
Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials.
Sean is an information security architect at a financial firm. As his first project, he must design and build an efficient, sure-shot, yet cost-effective solution to detect and prevent bank credit card fraud. How should Sean proceed?
Design a solution that keeps track of dates, times, locations of transactions, and geolocation of the authorized cell phone. When a user makes a purchase at a store, the bank can immediately check that the cell phone and the bank card are in the same place. If they are, the purchase is considered legitimate. But if they are not, then the payment is rejected.
Which issue can arise from security updates and patches?
Difficulty patching firmware
Which of the following is a physical social engineering technique?
Dumpster diving
Which of the following is NOT an automated vulnerability scanning tool?
ELK Stack
Which of the following is a feature of a fileless virus?
Fileless viruses are persistent.
Why was the BIOS framework relocated to flash memory from a complementary metal-oxide-semiconductor (CMOS) in later development?
Flash memory provides stability to the BIOS framework and makes update installation much easier than with CMOS.
Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network?
Footprinting
John has been appointed as a product manager at a large mobile device manufacturing company. He is designing the core features included in their flagship mobile device that will be launched during the holiday shopping season. Which of the following features should he primarily include?
Global positioning system (GPS)
Which of the following sets only lists additional features of a mobile device or a computing device?
Global positioning system (GPS), microphone and/or digital camera, wireless cellular connection for voice communications, wireless personal area network interfaces such as Bluetooth or near-field-communications (NFC), small form factor????
Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges?
Gray Box
Which endpoint application runs on an endpoint device that only detects an attack in an endpoint device?
HIDS
A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court's website was hacked, and the content was replaced with the text "Equal justice for all." Which of the following type of threat actors attacked the court's site?
Hacktivists
Hacktivists and state actors are huge threats to government systems. What is the main difference between hacktivists and state actors?
Hacktivists misuse a computer system or network for socially or politically motivated reasons, whereas state actors are covertly sponsored by a government to attack its foes.
Which of the following mobile device features senses movements that it then uses to ensure the screen is always oriented upright?
Haptic Sensor?
Which of the following is considered an industry-specific cybersecurity regulation?
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform?
IOC
An unauthorized person recently accessed your enterprise network. The security team had received a call from the threat actor claiming to be a higher official. They followed the attacker's instructions to log them onto a specific webpage, leading to the exposure of enterprise network credentials. Which of the following social engineering techniques was used here?
Impersonation and phishing
An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks. As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network?
Implement measured boot with UEFI
Threat actors focused on financial gain often attack which of the following main target categories?
Individual users
Photoplethysmography uses which type of light to measure heart rate on a wearable device?
Infrared
How can a configuration review reduce the impact of a vulnerability scan on the network's overall performance?
It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels.
Which of the following is a disadvantage of the secure boot process?
It makes third party non-vendor-approved software difficult to implement.
A company monitors the network activity of the organization and stores the logs in a database. You have been asked to identify whether there are any malicious activities in the network. Which of the following can denote the upper and lower bounds of their various network activities?
KRI
Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar. What has occurred here?
Kate has installed a potentially unwanted program (PUP).
While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid. What is Andel likely a victim of?
Keyloggers
Kia recently noticed that when she browses her favorite online shopping site, she is immediately redirected to a competitor's site. What is happening here, and what is the best option for Kia to fix this situation?
Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser.
Which of the following types of platforms is known for its vulnerabilities due to age?
Legacy platform
Which of the following are categories of vulnerabilities in mobile device connections that can also be exploited by threat actors?
Limited updates, USB-on-the-go (OTG), malicious USB cable, hotspots
Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed?
Look at the priority and the accuracy of the vulnerability
Which of the following tools allow a mobile device to be managed remotely by an organization and typically involve a server sending out management commands to mobile devices
MDM
Which of the following is a subset of artificial intelligence?
Machine learning
A company has approached you for their product testing, and you agree to do it. First, you have to install the necessary plugins for the software through the browser, install the software, and run the software again. What procedure should you adopt to ensure that you don't compromise the browser and the computer's operating system?
Making sure that the OS's security options are deployed, run the antivirus/antispyware on the files downloaded, run the software on HSTS/HTTPS mode, and then send a secure cookie to the server.
Which one of the following is the most appropriate explanation of photoplethysmography?
Measuring heart rate by tracking changes in UV light absorption, since human blood absorbs UV light????
Simon is working in a telecom firm. Being an HOD, he was asked to suggest a lock pattern for their mobile devices with the following features: The device should have a prerecord of its user's walking and other body movement patterns, and on sensing any change in the regular movements, should be able to lock the device. Which lock pattern should Simon suggest?
On-body detection
Which of the following techniques is a method of passive reconnaissance?
Open Source Intelligence (OSINT)
Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?
PCIDSS
What is an officially released software security update intended to repair a vulnerability called?
Patch
Which of the following is the advantage of penetration testing over vulnerability scanning?
Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities.
You work for an enterprise that provides various cybersecurity services. You are assigned to examine an enterprise's network and suggest security measures modifications, if necessary. On examining the network, you find that the enterprise hosts most of its computing resources on a cloud platform and few resources on-premises, and both seem to have secure settings implemented. You also find that the enterprise computers use the Windows XP operating system. Which of the following vulnerabilities should you insist on fixing first?
Platform vulnerability
Which of the following is a social engineering method that attempts to influence the subject before the event occurs?
Prepending
Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats?
Purple Team
Which of the following is a form of malware attack that uses specialized communication protocols?
RAT
What does ransomware do to an endpoint device?
Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
Which of the following devices is similar to Raspberry Pi?
Real-time operating system??
What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user?
Replay
Robert is a black box penetration tester who conducted pen testing attacks on all of the network's application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next?
Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next.
Which of the following technologies can be used together for data management in security infrastructure and collecting and analyzing data.
SIEM and SOAR
A web application with an SQL server database is found to be compromised by an attacker. On examination, the email IDs of the database have been found modified. This was due to improper validation in the input fields exploited by the attacker. What is the probable attack in the above scenario?
SQL Injection
What is the name of the process where a website validates user input before the application uses the input?
Sanitizing
A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take?
Scan the most important devices for as long as it takes for each device
In cybersecurity, a threat actor is an individual or an entity responsible for cyber incidents against the technical equipment of enterprises and users. How should you differentiate an attack by a script kiddie from that of a gray hat hacker?
Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world.
What is meant by "infrastructure as code" in SecDevOps?
SecDevOps method of managing software and hardware using principles of developing code
Peter is a design engineer at a mobile device manufacturing company. He is designing the core components included in their flagship mobile device being launched during year-end 2020. Peter wants to design a tablet component that would detect vibrations and movements and determine the device's orientation so that the screen image is always displayed upright. Which of the following are materials he should use for developing this component?
Silicon layered with tantalum and palladium transistors????
Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system: On booting the computer, the following message was flashing on the computer screen with the IRS logo: "This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of the law. You may make a secure payment by clicking on the following link. If you face any issues, you may reach out to us at [email protected]." The message will not close, nor is there access to applications or files on the computer; however, James can open shared files and folders on Smitha's computer through the network. What is your inference about the problem faced by Smitha on her computer?
Smitha's computer is compromised by ransomware.
Which of the following sensors help generate security alerts to physicians regarding patient health?
SoC?
Sara is asked to create a controller for light sensors. When the light falls on the sensor, it needs to indicate when a particular object is moved from its original position. For this, she needs a credit card-sized motherboard with a microcontroller on it. Which option should she select?
SoC??
Daniel accidentally installed a vulnerable application. Which of the following system exploitations would NOT be caused by the vulnerable application?
Social engineering and phishing attacks
What is a variation of a common social engineering attack targeting a specific user?
Spear phishing
Which attack embeds malware-distributing links in instant messages?
Spim
Over the last few days, several employees in your enterprise reported seeing strange messages containing links in their company's IM account. Even though no one has clicked on the messages, they are spreading throughout the network. Which type of malicious activity is this?
Spimming
Which of the following uses vulnerable applications to modify Microsoft registry keys?
System tampering
Which alert utility can identify theft in a smart meter?
Tamper protection???
Alpha Tech started a charitable competition in which every team is asked to submit a proposal for a public health contract asking for a new viral transmission mitigation app. Which team has selected the correct option?
Team B has selected BAN.
Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database: 'whatever' AND email IS NULL; What has been accessed by the attacker running this SQL injection?
The attacker has determined the names of different types of fields in the database.
ABC Technologies had its computer network compromised through a cybersecurity breach. A cybersecurity expert was employed to analyze and identify what caused the attack and the damage caused by the attack. He checked an available database for this purpose and found the threat actor behind the attack. He also found out the cybercriminal has been attempting to sell the company's valuable data on the internet. Which are the most probable methods used by the cybersecurity expert to get to this stage of the investigation?
The cybersecurity expert checked with CISCP and also investigated the dark web.
Which of the following is a primary difference between a red team and a white team?
The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing
A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation?
This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.
Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators' solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications. What type of attack is this?
This is an API attack.
What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation?
Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data
Your enterprise experienced several technical issues over the last few days. There were multiple instances of passwords needing to be changed and other issues causing downtime. Management has started receiving voicemails regarding fraudulent activities on their accounts. While the voicemails sound authentic, the help desk concludes that they are fake. What type of malicious activity will this be considered?
Vishing
There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them.
Which of the following is the most efficient means of discovering wireless signals?
War flying
In an application development model, which of the following uses a sequential development process?
Waterfall development
What is the fastest-running vulnerability scan, and why does this type of scan run so fast?
What is the fastest-running vulnerability scan, and why does this type of scan run so fast?
In which of the following mobile device connectivity methods are light waves used as a communication channel?
Wi-Fi
William downloaded some free software to help him with photo editing. A few days later, William noticed several personal photographs were modified and posted to various social media pages with obscene comments. He also noticed that there were videos of him that were morphed and circulated on adult websites. The videos were obviously taken using his webcam. What should William do to fix his problem and prevent it from happening again in the future?
William should run an antimalware program and scan for all known RATs, then quarantine and remove the infected file(s). To prevent this in the future, he should only download software from trusted websites.
A cybercriminal attempts to trick a computer's user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage. What should the user implement to avoid this situation?
X-Frame
Which HTTP response header should be used to prevent attackers from displaying their content on a website?
X-Frame-Option
Which of the following is an attack vector used by threat actors to penetrate a system?
What is NOT a principle of agile development?
follow rigid sequential processes
Which of the following is a configuration vulnerability?
weak encryption