Security
80. For which of the following systems is resilience through redundancy the least important?
a. Desktops b. Serversc. Data d. Networks
25. Which of the following refers to the method by which an iOS user can access root privileges on thedevice
a. Jailbreaking
Which application intercepts user requests from the secure internal network and then processes themon behalf of the user?
a. Reverse proxy b. Forward proxy c. Honeypot d. Sinkhole
53. Which of the following is a VPN protocol?
a. SMTP b. POP3 c. SSTP d. TCP
A zero-day vulnerability has been found in an e-commerce website used to purchase electronics.Neither the website owner nor the general public knows about the vulnerability; it was discovered by acomputer security specialist making a purchase. What should the specialist do?
Privately share their findings regarding the zero-day vulnerability with the e-commercecompany.
55. What is a thin client?
a. A thin client is a computing device with limited storage capacity used for latency reduction. b. A thin client is a computer that runs from resources stored on a central cloud server. c. A thin client is a type of virtualized hardware with computing capabilities. d. A thin client is a computer that runs from resources stored on the localized hard drive
In a device driver manipulation attack, which of the following changes a device driver's existing codedesign?
a. API attackb. Shimmingc. Improper input handling d. Time of check/time of use in race conditions
82. Which of the following can be used to enforce strong credential policies for an organization?
a. Acceptable Use Policy b. Windows Active Directory c. Windows Defender d. Windows Firewall
66. Which wireless probe is designed exclusively to monitor the airwaves for RF transmissions?
a. Access point probe b. Dedicated probes c. Desktop probe d. Wireless device probe
Which of the following policies restricts the introduction of malicious programs into an enterprisenetwork or server?
a. Asset management b. Onboarding and offboarding c. Data governance d. Acceptable use
Which cryptography method provides cryptographic solutions uniquely customized to low-powerdevices that need to manage resources instead of security constraints?
a. Asymmetric cryptography b. Private key cryptography c. Lightweight cryptography d. Symmetric cryptography
39. For which of the following is the Encapsulating Security Protocol (ESP) applied?
a. Authentication b. Confidentiality c. Key management d. Applications
68. Which of the following is the safest authentication method?
a. Authentication using an SMS OTP b. Authentication using a smartphone c. Authentication using security keys d. Authentication using a smart card
89. Which of the following can enhance privacy data protection by modifying it without destroying it?
a. Data anonymization b. Public notification c. Data shredding d. Data pulping
88. Which of the following are country-specific requirements that apply to data?
a. Data minimization b. Data sovereignty c. Data destruction d. Data masking
You have been instructed to set up a system in a conference room where only trusted employees canaccess both the secure internal corporate network and the internet, and public users are restricted fromaccessing the internet from the same network.Which protocol or standard should you use?
a. EAP-TLS b. IEEE 802.1x c. EAP-FAST d. CBC-MAC
41. Which of the following encrypts one character at a time?
a. ECB b. CBC c. Stream d. Block
Which technique added to cryptographic algorithms can change a single character of plaintext intomultiple characters of ciphertext?
a. Eavesdropping b. Collision c. Confusion d. Diffusion
Which application protocol is used to exchange cyber threat intelligence over HTTP?
b. TAXII
Jennifer created an e-learning web application where a login form has to be filled by the user enteringthe application. Jennifer created an 8-byte buffer for the user name file while developing theapplication. One day, the application halted with denial of service. An attack on the web application dueto the incorrect entry of input values in the login screen was then discovered.What caused the denial of service issue?
b. This is due to a buffer overflow attack
24. Which of the following is an improvement of UEFI over BIOS?
b. enhanced boot security
Which attack creates false deauthentication management frames that appear to come from anotherclient device, which causes the client to disconnect from AP?
a. Bluesnarfing b. Disassociation c. Injecting malware d. Jamming
Your enterprise network's security was breached when a non-employee connected a device to thenetwork. In a security review meeting, you were asked to employ appropriate measures to prevent thisfrom happening in the future while, at the same time, continuing to allow outsiders to connect to thenetwork. Which of the following actions should you take?
a. Set up a virtual private network b. Set up an access control list c. Set up a network access control d. Set up data loss prevention
Typically, certain employees of an organization get texts that update them on various IT activities. Ifthere is a support ticket or downtime, they will receive texts to let them know about the activity. Theyhave started to receive some messages via text instructing them to call the IT help desk at the providednumber. When they call the help desk number, a recording asks them for their employee ID.Assuming that the IT department did not send those texts, which of the following social engineeringattacks is this?
a. Smishing b. Whaling c. Spimming d. Vishing
57. In an interview, you are provided the following statements regarding virtualization security. Whichstatement should you identify as correct?
a. Software-defined visibility (SDV) is a framework that allows users to make any networkstructure transparent. b. A software-defined network virtualizes parts of the physical network to be more quickly andeasily reconfigured. c. A user can make a sandbox before performing extensive modifications or alterations to avirtual machine (VM). d. A guest operating system that has remained dormant is updated when the underlying hostoperating system is updated.
81. The mean time to recovery (MTTR) of a system is zero. What does this imply?
a. The system is not resilient to distractions. b. The system cannot be recovered. c. The system is highly resilient. d. The system cannot be recovered quickly
ABC Automobiles is a large manufacturing company based in Munich, Germany. To ensure productivity,all departments like Finance, Purchase, Sales, R&D, Management, etc., are using computers, and forsecurity, each department is placed in different physical and logical networks while interconnected.Johnson, the Vice President of IT, has requested your service in identifying a problem. Details providedby Johnson and your initial probe include the following:
a. This could be a logic bomb attack.b. This could be a rootkit attack.c. This is most probably a backdoor attack.d. This is most probably a bot attack.
Which of the below cryptographic protocol is an encrypted alternative to the Telnet protocol used toaccess remote computers
a. Transport layer security (TLS) b. Secure shell (SSH) c. Secure sockets layer (SSL) d. Secure real-time transport protocol (SRTP
37. Which of the following performs a real-time lookup of a certificate status?
a. Certificate repository b. Online certificate status protocol (OCSP) c. Certificate revocation list (CRL) d. Offline CA
David, a software engineer, recently bought a brand new laptop because his enterprise follows the BYOD(bring your own device) model. David was part of a software development project where the softwarecode was leaked before its release. Further investigation proved that a vulnerability in David's laptopcaused the exposure. David insists he never used the laptop to access any network or integrate anydevices, and the laptop was kept in a vault while not in use. Which of the following attack vectors wasused by the threat actor?
a. Direct access b. Wireless c. Supply chain d. Removable media
Rob made a physical security review report of his organization in which he proposed replacing physicallocks with electronic ones. Which of the following is the best justification for Rob to include in hisreport?
a. Electronic locks are invulnerable b. Electronic locks keep track of the accessing time and user identity. c. Physical locks are time-consuming and easy to forget to lock and unlock. d. Physical locks are difficult for most users to manage
You want to use different passwords for different accounts by remembering just one password. Whichof the following tools fits your need?
a. Hardware module b. Password vault c. Windowed token d. PDKF2
38. Which of the following trust models has only one CA signing digital certificates?
a. Hierarchical trust model b. Distributed trust model c. Bridge trust model d. Web of trust model
79. Which of the following recovery sites is more expensive to maintain?
a. Hot site b. Cold site c. Warm site d. Onsite
Bob is sending a message to John. Which algorithm should John use to ensure that Bob is the actualsender of the message and not anyone else?
a. Message digest b. Digital signature algorithm c. RIPEMD d. Symmetric cryptographic algorithm
78. Which of the following best describes artifacts?
a. Methods followed by attackers b. Temporary files stored in the RAM c. Technology devices that may contain evidence d. Permanent files stored on hard disks
Which of the following is the Windows network analysis tool that checks the connection to each hopbetween source and destination?
a. Netstat b. Pathping c. Traceroute d. Curl
You are the security administrator for an enterprise that follows the bring your own device (BYOD)deployment model. What is the first action that you should take to protect sensitive enterprise datafrom exposure if an employee device is stolen and can't be located?
a. You should seek the help of legal authorities.b. You should search for the thief on your own.c. You should change the data access credentials.d. You should perform a remote wipe.
76. Which of the following provides multiple forensic tools in a single interface?
a. memdump b. winhex c. FTK imager d. GNU dd
77. Which of the following can be a log data source for investigating a security breach?
a. rsyslog b. nxlog c. metadata d. journalct
Which of the following systems combines the functions of a printer, copier, scanner, fax machine, andspecial-purpose computer with a CPU
b. MFP
Which of the following best describes attacks due to application vulnerabilities that trick the vulnerableapplication(s) into producing more executable files in the system?
c. Process spawning control
Rachel has taken over as a systems administrator of Creative Network, which has a network of 300computers in two different domains. Rachel has been instructed by the CEO to ensure all employeeshave access to a certain set of folders on the server. The individual workstations may have the personaldata of employees in a particular folder. She was informed that there have been previous instanceswhere employees misused the machines.What policy should Rachel be setting in individual user machines and servers?
c. Rachel should set the least functionality for both servers and user desktops.
Frank is authorized to issue mandatory security guidelines for IoT device manufacturers in the UnitedStates. Which of the following guidelines should Frank NOT issue
c. The devices should present a cost-effective solution for consumers.
Hassan has been asked to choose a mobile management tool that can provide a single managementinterface for application, content, and device management. Which of the following is the best solution?
c. Unified environment management (UEM) tool
An attack where the threat actor changes the value of the variable outside of the programmer'sintended range is known as
d. Integer overflow
52. What is data masking?
a. Encrypting of files to prevent unauthorized access b. Creating the copy of data by obfuscating sensitive elements c. Protecting sensitive data using strong authentication d. Hiding the data to prevent unauthorized access
71. Which of the following is a valid biometric authentication method?
a. Gait recognition b. Weight recognition c. Height recognition d. Speech recognition
74. Which of the following accounts is the least vulnerable to cyberattacks?
a. Generic account b. Shared account c. Personal account d. Guest account
46. Which of the following is a physical security measure?
a. Secured socket layer b. Full disk encryption c. Industrial camouflage d. Packet analysis
Accounting is an important security concept in an enterprise environment. Which of the following bestdescribes accounting in this context?
a. Accounting refers to keeping track of all financial activities of the enterprise. b. Accounting refers to effective financial management for cybersecurity. c. Accounting refers to recording actions of a user on enterprise resources. d. Accounting refers to maintaining security devices in compliance with enterprise policies.
PDC Bank is working on creating an AI application that enables customers to send SMS to the AIapplication to allow banking activities from their registered ID. Jane, the project engineer, has takenbank customer data from the last few years from the server and is using it to train the ML to recognizeand authenticate actual users and to ensure unauthorized users are barred from entering theapplication. Suppose the AI application has been compromised, and the reason has been identified as compromiseddata being used to improve the ML accuracy. What kind of attack is the PDC Bank application subjectedto?
a. Adversarial artificial intelligenceb. ML algorithm securityc. Tainted training data for MLd. Spyware
Shaun is an external penetration testing consultant. The Chief Information Security Officer (CISO) of theorganization he is working with indicated that none of the internal higher management executivesshould receive any kind of spear-phishing emails during Shaun's testing. Which part of the rules ofengagement would cover this limitation?
a. Authorizationb. Other boundariesc. Initiationd. Target locations
Which part of the NIST Cybersecurity frameworks defines the activities needed to attain the different cybersecurity results?
a. Information sources b. Framework core c. Implementation tiers d. Profiles
An enterprise's annual financial statement reported an overall profit when there was actually a loss.Which of the following risks has occurred?
a. Inherent risk b. Residual risk c. Control risk d. Internal risk
John is appointed as a vulnerability assessment engineer in a financial organization. An audit reportpublished by a third-party auditing firm revealed that most of the web servers have cross-site scriptingand XML entity injection vulnerabilities. John has been told to perform a vulnerability assessment onthese servers to verify if the audit report is valid. He is also told that he should not attempt to engage or exploit any vulnerabilities but still needs a deeper insight. By applying his knowledge of vulnerabilityassessment concepts, which type of vulnerability scanning should John use?
a. Intrusive non-credentialedb. Intrusive credentialedc. Non-intrusive credentialedd. Non-intrusive non-credentialed
21. Why is the UEFI framework considered to be better than the BIOS framework?
a. It has a better user interface and supports remote troubleshooting.
58. What is virtual desktop infrastructure?
a. It is the process of running a user desktop inside a VM residing on a server. b. It is the process of virtualizing hardware for different uses. c. It is the process of using a virtual network to access the cloud. d. It is the process of maintaining compliance between cloud and on-premises networks
You want to install a non-biometric authentication method to reduce overall costs. Which of thefollowing is the best fit?
a. Keystroke dynamics b. Face recognition c. Gait recognition d. Security keys
You are the security administrator in your organization and have been asked to choose a deploymentmethod that ensures the utmost security, where the data is stored in a centralized server and can beaccessed by authorized employees using their own devices. Which of the following should you choose?
a. Virtual desktop infrastructure (VDI) b. Choose your own device (CYOD) c. Corporate-owned personally enabled (COPE) d. Corporate-owned devices (COD
Which of the following social engineering attacks continues to be a primary weapon used by threat actors?
a. Vishing b. Spear phishing c. Phishing d. Google dorking
Which configuration of WLANs has the following flaws?The last PIN character is only a checksum.The PIN is divided into two shorter values.There is no lockout limit for entering PINs
a. WEP b. WPS c. MAC d. WPA
61. Which devices are used as a contactless alternative to cash or a credit card payment system?
a. Bluetooth b. NFC c. RFID d. WLAN
Which of the following types of hackers are strongly motivated by ideology
a. Brokers b. Grey hat hackers c. Hacktivists d. Criminal syndicates
Which of the following typical commercial data types can be considered more highly sensitive than theothers?
a. Confidential b. Private c. Critical d. Public
67. Which of the following best describes password spraying?
a. Cracking the password of a user by trying all possible alphanumeric combinations b. Trying a common password on different user accounts c. Creating a wordlist using stolen passwords d. Creating a unique password using uppercase, lowercase, numerals, and special symbols
Which of the following is a snooping malware?
a. Cryptomalware b. Keylogger c. PUP d. Backdoor
59. Which protocol can send cryptographic confirmation that an endpoint is who it claims to be so that ARPpoisoning is hindered?
a. DNSSEC b. SFTP c. SEND d. SMTP
Joseph, a white hat hacker, is approached by Sigma Technology to check the enterprise's security. He istold that the system is being checked to verify whether the higher-security mode of operations ismoved automatically to another version during a cyberattack on the network, making it easier toattack. Which mode should Joseph use to test this vulnerability, and why?
a. Downgrade attack because, in a downgrade attack, an attacker forces the system to abandonthe current mode of operation and instead move it to implement a less secure mode. b. Ciphertext attack because, in a ciphertext attack, an attacker forces the system to abandonthe current mode of operation instead of moving it to implement a less secure mode. c. Attacks on misconfigurations because, in a misconfiguration attack, attackers utilize weakconfigurations to exploit vulnerabilities. d. Collision attack because, in a collision attack, attackers utilize weak cryptographic algorithmsto exploit vulnerabilities
Quinton has been asked to analyze the TTPs of an attack that recently occurred and prepare an SOP tohunt for future treats. When researching the recent attack, Quinton discovered that after penetratingthe system, the threat actor moved through the network using elevated credentials. Which techniquewas the threat actor using to move through the network?
a. Initial compromiseb. Lateral movementc. Privilege escalationd. Data exfiltration
You are hired by a startup company as a security expert. You are asked to choose an effective method tohost all the enterprise's services, which must be highly secure, easily scalable, and cost-effective.
a. Legacy platform b. Cloud platform c. On-premises platform d. Root platform
Your firewall is configured to deny all packets from the address range 192.110.20.30-192.110.20.100,but you want to allow packets from 192.168.20.73. How should you resolve this issue?
a. Make an allow rule for the source address 192.168.20.73. b. Make a force allow rule for source address 192.168.20.73. c. Make a deny rule for source address 192.168.20.73. d. Make a log-only rule for source address 192.168.20.73
Which type of vulnerability scan mimics the work of a threat actor who has already exploited avulnerability and compromised credentials to access the network
a. Non-credentialed scanb. Credentialed scanc. Intrusive scand. Nonintrusive scan
62. In WPA3, what is designed to increase security at the handshake, when keys are being exchanged, evenif the password is small or weak?
a. OWE b. SAE c. PEAP d. CCMP
60. Which of the following protocols can protect network equipment from unauthorized access?
a. POP3 b. IMAP c. SNMPv3 d. DNSSEC
50. What is NOT a firewall feature?
a. Packet filtering b. URL filtering c. Network address translation d. Deceiving attackers
Which category of cybersecurity vulnerability is exploited by attackers before anyone else knows about it?
a. Patchesb. Platformsc. Zero day d. Third parties
Meta is a penetration testing engineer assigned to pen test the security firm's network. So far, shecannot tunnel through the network looking for additional systems accessible through advancedprivileges. What should Meta do to gain repeated and long-term access to the system in the future?
a. Perform privilege escalationb. Perform backdoor installationc. Perform data exfiltrationd. Perform lateral movement
43. Which layer of the OSI model is targeted by the threat actors for layer 2 attack?
a. Physical layer b. Application layer c. Data link layer d. Transport layer
83. Which of the following typical commercial data classifications is least important?
a. Private b. Proprietary c. Confidential d. Sensitive
35. Which keys are supposed to be kept confidential and not shared with anyone?
a. Public key b. Ephemeral keys c. Key pairs d. Private key
When assessing expected annual monetary loss due to risks, you found that the expected loss fromyour customer database was twice as high as the expected loss from your product database. You usedthese figures to justify allocating more resources to protect the customer database. Which riskassessment was used here?
a. Risk control self-assessment b. Qualitative risk assessment c. Quantitative risk assessment d. Risk likelihood assessment
44. Which of the following is an attack that affects data availability?
a. Rogue AP b. MAC address c. On-path attack d. DDoS attack
Which agreement specifies how confidential material will be shared between certain parties butrestricted to others?
a. Service-level agreement b. Memorandum of understanding c. Nondisclosure agreement d. Business partnership agreement
69. Ricky entered a restricted lab by scanning his finger on the fingerprint scanner outside the door. Whichtype of authentication credential allowed Ricky to enter the lab?
a. Someone you know. b. Something you have. c. Something you are. d. Something you can do.
Which of the following is NOT a characteristic of a trusted platform module (TPM)?
a. TPM provides cryptographic services in hardware instead of software. b. TPM generates asymmetric cryptographic public and private keys. c. TPM can easily be transported to another computer. d. TPM includes a pseudorandom number generator.
42. Which of the following only encrypts the IP packet data and leaves the header unencrypted?
a. Tunnel mode b. Transport mode c. Encapsulating security payload (ESP) d. Authentication header (AH)
56. In a practical test, you are given a computer with a Windows host OS. You are asked to install a guestmachine with Linux OS. What should you do?
a. Use Type I hypervisor program b. Use Type II hypervisor program c. Use a container hypervisor d. Use a hardware hypervisor
You are working in a data center when you suddenly notice a small fire in the server room. Which of thefollowing measures should you take to suppress the fire?
a. Use a Faraday cage b. Use a handheld fire extinguisher c. Rely on the water sprinkler system d. Rely on the stationary fire suppression system
Identifying the attack, containing its spread, recovering, and improving the defenses can be done bywhich of the following?
a. Using access control lists b. Using access control schemes c. Preparing incident response plans d. Using Weak accounts
