SampleQuestions-1 (AutoRecovered)
SampleQuestions-1 (AutoRecovered)
SampleQuestions-1 (AutoRecovered)
What category
of control is Matt implementing?
A. Operational
B. Technical
C. Corrective
D. Managerial
2. Jade's organization recently suffered a security breach that affected stored
credit card data. Jade's primary concern is the fact that the organization is
subject to sanctions for violating the provisions of the Payment Card Industry
Data Security Standard. What category of risk is concerning Jade?
A. Strategic
B. Compliance
C. Operational
D. Financial
3. Chris is responding to a security incident that compromised one of his
organization's web servers. He believes that the attackers defaced one or more
pages on the website. What cybersecurity objective did this attack violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability
4.What technology uses mathematical algorithms to render information
unreadable to those lacking the required key?
A. Data loss prevention
B. Data obfuscation
C. Data minimization
D. Data encryption
5.Which one of the following data protection techniques is reversible when
conducted properly?
A. Tokenization
B. Masking
C. Hashing
D. Shredding
1.Edward Snowden was a government contractor who disclosed sensitive
government documents to journalists to uncover what he believed were
unethical activities. Which of the following terms best describe Snowden's
activities? (Choose two.)
A. Insider
B. State actor
C. Hacktivist
D. APT
E. Organized crime
2. Which one of the following information sources would not be considered an
OSINT source?
A. DNS lookup
B. Search engine research
C. Port scans
3. Which organization did the U.S. government help create to share knowledge
between organizations in specific verticals?
A. DHS
B. SANS
C. CERTS
D. ISACs
4. Which of the following threat actors typically has the greatest access to
resources?
A. Nation-state actors
B. Organized crime
C. Hacktivists
D. Insider threats
5. Which one of the following motivations is most commonly attributed to
hacktivists?
A. War
B. Financial gain
C. Political/philosophical beliefs
D. Ethical
1. Mike discovers that attackers have left software that allows them to have
remote access to systems on a computer in his company's network. How should
he describe or classify this malware?
A. A worm
B. Crypto malware
C. A trojan
D. A backdoor
3. While reviewing her logs, Michele notices that a remote system has
attempted to log into her server via SSH using the username admin and a
variety of passwords like “password” and “ninja.” What type of attack has
Michele noticed?
A. A brute-force attack
B. Shoulder surfing
C. An on-path attack
D. Pretexting
4. Joanna wants to detect password spraying attacks. What type of rule should
she deploy through her security systems?
A. Match attempts to log into many systems with the same username and
password.
B. Match multiple attempts to log into the same user account using different
passwords.
C. Match repeated use of the same password during failed login attempts for
multiple usernames.
D. Match all attempts to use passwords with slight changes for the same
account.
5. Selah infects the ads on a website that users from her target company
frequently visit with malware as part of her penetration test. What technique
has she used?
A. A watering hole attack
B. Vishing
C. Whaling
D. Typosquatting
6. Melissa receives a call and the caller informs her a senior manager in her
organization needs her to buy gift cards for an event that starts in an hour. The
caller says that the senior leader forgot to get the cards, and that the event is
critical to her organization. Melissa buys the cards and sends them to the Gmail
address the caller says that the senior leader needs them sent to. What type of
attack has Melissa fallen for?
A. Phishing
B. Pretexting
C. Business email compromise
D. Carding
1. The application that Scott is writing has a flaw that occurs when two
operations are attempted at the same time, resulting in unexpected results
when the two actions do not occur in the expected order. What type of flaw
does the application have?
A. Dereferencing
B. A race condition
C. An insecure function
D. Improper error handling