SampleQuestions-1 (AutoRecovered)

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 10

1. Matt is updating the organization's threat assessment process.

What category
of control is Matt implementing?
A. Operational
B. Technical
C. Corrective
D. Managerial
2. Jade's organization recently suffered a security breach that affected stored
credit card data. Jade's primary concern is the fact that the organization is
subject to sanctions for violating the provisions of the Payment Card Industry
Data Security Standard. What category of risk is concerning Jade?
A. Strategic
B. Compliance
C. Operational
D. Financial
3. Chris is responding to a security incident that compromised one of his
organization's web servers. He believes that the attackers defaced one or more
pages on the website. What cybersecurity objective did this attack violate?
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability
4.What technology uses mathematical algorithms to render information
unreadable to those lacking the required key?
A. Data loss prevention
B. Data obfuscation
C. Data minimization
D. Data encryption
5.Which one of the following data protection techniques is reversible when
conducted properly?
A. Tokenization
B. Masking
C. Hashing
D. Shredding
1.Edward Snowden was a government contractor who disclosed sensitive
government documents to journalists to uncover what he believed were
unethical activities. Which of the following terms best describe Snowden's
activities? (Choose two.)
A. Insider
B. State actor
C. Hacktivist
D. APT
E. Organized crime
2. Which one of the following information sources would not be considered an
OSINT source?
A. DNS lookup
B. Search engine research
C. Port scans
3. Which organization did the U.S. government help create to share knowledge
between organizations in specific verticals?
A. DHS
B. SANS
C. CERTS
D. ISACs
4. Which of the following threat actors typically has the greatest access to
resources?
A. Nation-state actors
B. Organized crime
C. Hacktivists
D. Insider threats
5. Which one of the following motivations is most commonly attributed to
hacktivists?
A. War
B. Financial gain
C. Political/philosophical beliefs
D. Ethical
1. Mike discovers that attackers have left software that allows them to have
remote access to systems on a computer in his company's network. How should
he describe or classify this malware?
A. A worm
B. Crypto malware
C. A trojan
D. A backdoor

2. What is the primary impact of bloatware?


A. Consuming resources
B. Logging keystrokes
C. Providing information about users and devices to third parties
D. Allowing unauthorized remote access
3. What type of malware is used to gather information about a user's browsing
habits and system?
A. A Trojan
B. Bloatware
C. Spyware
D. A rootkit
4. What type of malware connects to a command and control system, allowing
attackers to manage, control, and update it remotely?
A. A bot
B. A drone
C. A vampire
D. A worm
5. Randy believes that a system that he is responsible for was infected after a
user picked up a USB drive and plugged it in. The user claims that they only
opened one file on the drive to see who might own it. What type of malware is
most likely involved?
A. A virus
B. A worm
C. A trojan
D. A spyware tool
1.Joseph receives an email notifying him that he needs to change his password
due to a recent account issue. He notices that the email links him to a website
using the domain amazon.com. What type of attack should he describe this as?
A. Typosquatting
B. Phishing
C. Smishing
D. A watering hole attack

2. When you combine phishing with voicemail, it is known as:


A. Whaling
B. Spoofing
C. Spooning
D. Vishing

3. While reviewing her logs, Michele notices that a remote system has
attempted to log into her server via SSH using the username admin and a
variety of passwords like “password” and “ninja.” What type of attack has
Michele noticed?
A. A brute-force attack
B. Shoulder surfing
C. An on-path attack
D. Pretexting

4. Joanna wants to detect password spraying attacks. What type of rule should
she deploy through her security systems?
A. Match attempts to log into many systems with the same username and
password.
B. Match multiple attempts to log into the same user account using different
passwords.
C. Match repeated use of the same password during failed login attempts for
multiple usernames.
D. Match all attempts to use passwords with slight changes for the same
account.

5. Selah infects the ads on a website that users from her target company
frequently visit with malware as part of her penetration test. What technique
has she used?
A. A watering hole attack
B. Vishing
C. Whaling
D. Typosquatting

6. Melissa receives a call and the caller informs her a senior manager in her
organization needs her to buy gift cards for an event that starts in an hour. The
caller says that the senior leader forgot to get the cards, and that the event is
critical to her organization. Melissa buys the cards and sends them to the Gmail
address the caller says that the senior leader needs them sent to. What type of
attack has Melissa fallen for?
A. Phishing
B. Pretexting
C. Business email compromise
D. Carding

7. Devon is a penetration tester and sets up malicious tools on his target


organization's primary internal website. What type of attack is he conducting?
A. A misinformation campaign
B. A watering hole attack
C. A typosquatting attack
D. A disinformation campaign
8. Phishing emails sent pretending to be from a company that recipients are
familiar with and likely to respond to is what type of attack?
A. Phishing
B. Pharming
C. Brand impersonation
D. Pretexting
9. When a caller was recently directed to Amanda, who is a junior IT employee
at her company, the caller informed her that they were the head of IT for her
organization and that she needed to immediately disable the organization's
firewall. After Amanda made the change, she discovered that the caller was not
the head of IT, and that they were actually a penetration tester hired by her
company. What social engineering attack best describes this?
A. Smishing
B. Pretexting
C. Impersonation
D. Vishing

1.Which one of the following security assessment techniques assumes that an


organization has already been compromised and searches for evidence of that
compromise?
A. Vulnerability scanning
B. Penetration testing
C. Threat hunting
D. War driving
2. Tara recently analyzed the results of a vulnerability scan report and found
that a vulnerability reported by the scanner did not exist because the system
was actually patched as specified. What type of error occurred?
A. False positive
B. False negative
C. True positive
D. True negative
3. Brian ran a penetration test against a school's grading system and discovered
a flaw that would allow students to alter their grades by exploiting a SQL
injection vulnerability. What type of control should he recommend to the
school's cybersecurity team to prevent students from engaging in this type of
activity?
A. Confidentiality
B. Integrity
C. Alteration
D. Availability
4. Which one of the following security assessment tools is least likely to be used
during the reconnaissance phase of a penetration test?
A. Nmap
B. Nessus
C. Metasploit
D. Nslookup
5. Zian is a cybersecurity leader who is coordinating the activities of a security
audit. The audit is being done to validate the organization's financial statements
to investors and involves a review of cybersecurity controls. What term best
describes this audit?
A. External audit
B. Penetration test
C. Internal audit
D. Informal audit
6. Which one of the following assessment techniques is designed to solicit
participation from external security experts and reward them for discovering
vulnerabilities?
A. Threat hunting
B. Penetration testing
C. Bug bounty
D. Vulnerability scanning

7. Kyle is conducting a penetration test. After gaining access to an organization's


database server, he installs a backdoor on the server to grant himself access in
the future. What term best describes this action?
A. Privilege escalation
B. Lateral movement
C. Maneuver
D. Persistence
8.Which element of the SCAP framework can be used to consistently describe
vulnerabilities?
A. CPE
B. CVE
C. CVSS
D. CCE

1. The application that Scott is writing has a flaw that occurs when two
operations are attempted at the same time, resulting in unexpected results
when the two actions do not occur in the expected order. What type of flaw
does the application have?
A. Dereferencing
B. A race condition
C. An insecure function
D. Improper error handling

2. Mike is sending David an encrypted message using a symmetric encryption


algorithm. What key should he use to encrypt the message?
A. Mike's public key
B. Mike's private key
C. David's public key
D. Shared secret key

3. Norm is using full-disk encryption technology to protect the contents of


laptops against theft. What goal of cryptography is he attempting to achieve?
A. Integrity
B. Non-repudiation
C. Authentication
D. Confidentiality
4.Brian discovers that a user suspected of stealing sensitive information is
posting many image files to a message board. What technique might the
individual be using to hide sensitive information in those images?
A. Steganography
B. Homomorphic encryption
C. Replay attack
D. Birthday attack
5. Which one of the following statements about cryptographic keys is incorrect?
A. All cryptographic keys should be kept secret.
B. Longer keys are better than shorter keys when the same algorithm is used.
C. Asymmetric algorithms generally use longer keys than
symmetric algorithms.
D. Digital certificates are designed to share public keys.
6. What type of cipher operates on one character of text at a time?
A. Block cipher
B. Bit cipher
C. Stream cipher
D. Balanced cipher
7. Vince is choosing a symmetric encryption algorithm for use in his
organization. He would like to choose the strongest algorithm from these
choices. What algorithm should he choose?
A. DES
B. 3DES
C. RSA
D. AES

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy