Uploaded by ZS Mateusz

CompTIA-Security

advertisement
®
®
CompTIA Security+
Practice Test
Exam SY0-601
Second Edition
Michael Wilson
Copyright © 2022 by KnowDirect Inc., United Kingdom, London
No part of this publication may be reproduced, stored in a retrieval
system or transmitted in any form or by any means, electronic,
mechanical, photocopying, recording, scanning or otherwise, except as
permitted under Sections 107 or 108 of the 1976 United Kingdom
Copyright Act, without either the prior written permission of the
Publisher, or authorization through payment of the appropriate percopy fee to the Copyright Clearance Center, 222 Rosewood Drive,
Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to
the Publisher for permission should be addressed to the Permissions
Department online at www.knowdirect.org/contact/
Limit of Liability/Disclaimer of Warranty: The publisher and the author
make no representations or warranties with respect to the accuracy or
completeness of the contents of this work and specifically disclaim all
warranties, including without limitation warranties of fitness for a
particular purpose. No warranty may be created or extended by sales or
promotional materials. The advice and strategies contained herein may
not be suitable for every situation. This work is sold with the
understanding that the publisher is not engaged in rendering legal,
accounting, or other professional services. If professional assistance is
required, the services of a competent professional person should be
sought. Neither the publisher nor the author shall be liable for damages
arising herefrom. The fact that an organization or Web site is referred to
in this work as a citation and/or a potential source of further
information does not mean that the author or the publisher endorses
the information the organization or Web site may provide or
recommendations it may make. Further, readers should be aware that
Internet Web sites listed in this work may have changed or disappeared
between when this work was written and when it is read.
KnowDirect publishes in a variety of print and electronic formats and
by print-on-demand. Some material included with standard print
versions of this book may not be included in e-books or in print-ondemand. For more information about KnowDirect products, visit
www.knowdirect.org/.
The Security+ Exam
The Security+ exam is designed to be a vendor-neutral
certification for cybersecurity professionals and those seeking
to enter the field. CompTIA recommends this certification for
those currently working, or aspiring to work, in roles, including:
Systems administrator
Security administrator
Security specialist
Security engineer
Network administrator
Junior IT auditor/penetration tester Security consultant
The exam covers five major domains:
1. Threats, Attacks, and Vulnerabilities 2. Architecture and
Design
3. Implementation
4. Operations and Incident Response 5. Governance, Risk, and
Compliance
These five areas include a range of topics, from firewall design
to incident response and forensics, while focusing heavily on
scenario- based learning. That's why CompTIA recommends
that those attempting the exam have at least two years of
hands-on work experience, although many individuals pass the
exam before moving into their first cybersecurity role.
The Security+ exam is conducted in a format that CompTIA calls
“performance-based assessment.” This means that the exam
combines standard multiple-choice questions with other,
interactive question formats. Your exam may include multiple
types of
questions, such as multiple-choice, fill-in-the-blank, multipleresponse, drag-and-drop, and image-based problems.
CompTIA recommends that test takers have two years of
information security–related experience before taking this exam.
The exam costs $349 in the United States, with roughly
equivalent prices in other locations around the globe. More
details about the Security+ exam and how to take it can be
found here:
www.comptia.org/certifications/security
You'll have 90 minutes to take the exam and will be asked to
answer up to 90 questions during that time period. Your exam
will be scored on a scale ranging from 100 to 900, with a
passing score of 750.
You should also know that CompTIA is notorious for including
vague questions on all of its exams. You might see a question
for which two of the possible four answers are correct—but you
can choose only one. Use your knowledge, logic, and intuition
to choose the best answer and then move on. Sometimes, the
questions are worded in ways that would make English majors
cringe—a typo here, an incorrect verb there. Don't let this
frustrate you; answer the question and move on to the next
one.
Exam SY0-601 Exam Objectives
CompTIA goes to great lengths to ensure that its certification
programs accurately reflect the IT industry's best practices.
They do this by establishing committees for each of its exam
programs. Each committee consists of a small group of IT
professionals, training providers, and publishers who are
responsible for establishing the exam's baseline competency
level and who determine the appropriate target-audience level.
Once these factors are determined, CompTIA shares this
information with a group of hand-selected subject matter
experts (SMEs). These folks are the true brainpower behind the
certification program. The SMEs review the committee's
findings, refine them, and shape them into the objectives that
follow this section. CompTIA calls this process a job-task
analysis (JTA).
Finally, CompTIA conducts a survey to ensure that the
objectives and weightings truly reflect job requirements. Only
then can the SMEs go to work writing the hundreds of
questions needed for the exam. Even so, they have to go back
to the drawing board for further refinements in many cases
before the exam is ready to go live in its final state. Rest
assured that the content you're about to learn will serve you
long after you take the exam.
CompTIA also publishes relative weightings for each of the
exam's objectives. The following table lists the five Security+
objective domains and the extent to which they are
represented on the exam.
Domain
% of Exam
1.0 Threats, Attacks, and Vulnerabilities 24%
2.0 Architecture and Design 21%
3.0 Implementation 25%
4.0 Operations and Incident Response 16%
5.0 Governance, Risk, and Compliance 14%
Chapter 1
Practice exam questions 1-50
1. Lawan is in charge of sales in a major fabric company. He was
sent a email asking him to click a link and fill out a survey. He
suspects the email is a fraud, but there is a mention of other
companies that deal in fabric in the email, so he thinks it might not
be a fraud after all. Which of these options describes the attack
best?
A.
B.
C.
D.
Phishing
Smishing
Spear phishing
Wishing
Go to solution >
2. Powell is a security administrator in an insurance company.
Recently he discovered a piece of code in their back-end written in
PHP that shouldn't be there. Then, he received an email from an
unknown user saying that the piece of code will start sending
DELETE requests to the database if one of his co-workers is fired.
What describes this BEST?
A.
B.
C.
D.
Worn
Spam
Logic Bomb
Fileless virus
Go to solution >
3. You are the security administrator in a telecommunications
company. The company’s website is attacked by a hacker who had
been denied a job at the company. The hacker uses the registration
page, strangely, he does not input account details, instead, he
inputs ‘ or ’, ‘ and’, ‘0 != 1’, 1’ = ‘1. How can you describe this
attack?
A.
B.
C.
D.
SQL injection
Impersonation
Credential harvesting
Typosquatting
Go to solution >
4. The network administrator in your company tells you some of the
staff have been unable to connect to the office wireless network.
When you check, you see that the WI-FI signal has been blocked
due to an attack on the WAPs. What would be the best way to label
such an attack?
A.
B.
C.
D.
Near-field communication
Domain hijacking
Rogue access point
Jamming
Go to solution >
5. John is a cybersecurity expert working for a government agency.
He is worried hackers might try to attack the agency’s website
server to get some classified information. John is concerned about
cross-site scripting and SQL injection. What is the best way to
defend against such attacks?
A.
B.
C.
D.
Access control list
Web application firewall
Static code analysis
Input validation
Go to solution >
6. Dan logs into his clothing site and realizes a hacker has input
Javascript code in a text box where customers are supposed to
leave reviews that other customers can see. What type of attack is
this?
A.
B.
C.
D.
Cross-site scripting
Session hijacking
Spam
Pretexting
Go to solution >
7. A hairstylist calls you to explain that customers who connect to
the wireless network in his place have been accusing him of
stealing their data. When you ask two of the customers, they tell
you they connected to the wireless access point (AP), but
surprisingly when you check the AP logs, you see that the two
customers never connected to it. How can you describe the
incident?
A.
B.
C.
D.
Pharming
Rogue access point
Impersonation
Watering hole attack
Go to solution >
8. An uncommon way to prevent brute-force attack on your office
password file is?
A.
B.
C.
D.
Encrypting plain text using symmetric encryption
Encrypting plain text using hashing
Encrypting plain text using salting
Encrypting plain text using tokenization
Go to solution >
9. You have been invited to work on an application developed by
another programmer. While checking the source code, you see a
pointer de-reference so you return NULL. The software developed a
segmentation fault because it tried to read from the NULL pointer.
How can this affect the application?
A.
B.
C.
D.
Memory leak
Denial-of-service environment
Resources exhaustion
Application programming interface (API) attacks
Go to solution >
10. Levy is a cybersecurity expert. He receives a call from the
owner of an insurance company who complains that she was
summoned by law enforcement officers who claimed that some
computers in her company were involved in a denial-of-service
(DoS) attack. The owner tells Levy she is certain none of the
company’s employees is involved. How would you explain this
scenario?
A.
B.
C.
D.
Company’s workstations have backdoors
Company’s workstations have viruses
Company’s workstations are bots
Company’s workstations are trojans
Go to solution >
11. How can you describe spamming in social media messengers?
A.
B.
C.
D.
Eliciting information
SPIM
Influence campaigns
Tailgating
Go to solution >
12. The following fall under which area of threat intelligence?
Geographical irregularities, Increase in database read volumes and
unexpected outbound traffic on the network.
A.
B.
C.
D.
Indicators of compromise
Dark web
Vulnerability databases
Open-source intelligence
Go to solution >
13. You suspect there is an insider threat in your office making use
of the office security information and event management (SIEM)
system. Which of these is best identify the threat?
A.
B.
C.
D.
Log collectors
User behavior analysis
Packet capture
Data inputs
Go to solution >
14. Your friend calls you to ask what (SIEM) Security information
and event management capability is best for him to gain access to
attempted connections through a firewall. He tells you he wants to
gain access because he feels there is a problem with a TCP
handshake. Which of these would you suggest to him?
A.
B.
C.
D.
Log collectors
User behavior analysis
Packet capture
Data inputs
Go to solution >
15. A telecommunications company with over five hundred
computers placed in different areas wants a better way to handle
how much data is being created by the computers. What two
technologies will you suggest to them?
A.
B.
C.
D.
Common Vulnerabilities and Exposures
Advisories and bulletins
Provisioning and deprovisioning
Log collectors and Log aggregation
Go to solution >
16. You work in a company that provides an Application
Programming Interface (API) for customers. The director asks you
to recommend a practice that will protect the API from attacks and
ensure it is only available to customers who subscribe. What will
you recommend?
A.
B.
C.
D.
Install NGFW
Configure ACLs
Require authentication
Install HIDS
Go to solution >
17. What color is given to the team that determines the rules of
engagement before the execution of a cybersecurity exercise?
A.
B.
C.
D.
White Team
Red Team
Blue Team
Yellow Team
Go to solution >
18. While browsing on your local computer, you receive a message
prompting you to move fast and download a particular software
because after 3 hours, the software will no longer be available for
free. What social engineering principle is used here?
A.
B.
C.
Familiarity
Trust
Authority
D.
Scarcity
Go to solution >
19. How would you describe an attack in which a target variable
receives more data than it can actually hold?
A.
B.
C.
D.
Directory traversal
Buffer Overflow
Secure Sockets Layer (SSL) stripping
Resource exhaustion
Go to solution >
20. Your friend, Nikolas, went for an interview; during the interview,
he was asked to conduct a test in which he used automated tools to
fish out known vulnerabilities that attackers could exploit on the
systems connected to the company’s network. What was your
friend asked to do?
A.
B.
C.
D.
IP scan
Vulnerability scan
Port scan
Resource scan
Go to solution >
21. Your colleague, Marie, asks you to suggest uncommon
prevention methods she can use to prevent credential harvesting
attacks on a company’s commercial website. What would you
suggest to her?
A.
B.
C.
D.
Utilize complex usernames/passwords
Utilize MFA
Utilize ACLs
Utilize NGFW
Go to solution >
22. You advice your wife to buy a new gadget from an online store,
but she tells you that whenever she visits the site, it appears to be
fake. You call the company hotline to complain, but they tell you
they can access the site without any problem. A few minutes later,
they call you back to inform you there is no record of your wife ever
connecting to their network. Which of these can explain the
situation?
A.
B.
Watering hole attack
Impersonation
C.
D.
Pretexting
Typosquatting
Go to solution >
23. How can you bypass the protection and gain access to a
network that is protected by a network access control system which
identifies hardware address of systems?
A.
B.
C.
D.
By conducting a DDoS attack against the system
By using MAC address cloning
It’s impossible to bypass the protection of the network
By using privilege escalation techniques
Go to solution >
24. You work as the security manager in a bank. You receive a call
from someone telling you that each time he tries to access the
bank’s site, he is being directed to another bank’s website. When
you check, you see that a change has occurred in domain records.
Since the domain is still active, what could have happened?
A.
B.
C.
Uniform Resource Locator (URL) redirection
Domain reputation
DNS poisoning
D.
Domain hijacking
Go to solution >
25. You are the security manager in the University of Pennsylvania.
After a recent threat analysis on the university network, you go on
to study past incidents and similar networks. You realize that the
most likely attack on the network would be from amateur attackers
who want to gain access to the system to do things like changing of
grade or just to have fun. How would you describe an attacker like
this?
A.
B.
C.
D.
Script kiddie
State actors
Shadow IT
Criminal syndicates
Go to solution >
26. What makes phishing different from spam?
A.
B.
C.
D.
Phishing is used to obtain credentials or other data
Phishing is used only on social media
Phishing is used in a DDoS attacks
Phishing is used to target a specific individual or groups
Go to solution >
27. As an enterprise software vendor, during your procurement
request-for-proposal process you see a question included, asking
how long you have been in the business and how many clients you
have. What security issue are they planning to prevent with this
question?
A.
B.
C.
D.
Lack of company vision
Quality of code development
Best practice code development
Lack of vendor support
Go to solution >
28. How will you describe a number of computers which have been
compromised and can be controlled from a remote point?
A.
B.
C.
D.
Backdoor
Keyloggers
Botnet
Trojans
Go to solution >
29. Which of these is not an effective way to prevent Server-Side
Request Forgery attacks?
A.
Using an alternative IP representation of 127.0.0.1
B.
Registering your own domain name that resolves
to 127.0.0.1
C.
Removing all SQL code from Ajax Requests
D.
You can embed credentials in a URL before the hostname,
using the @ character
Go to solution >
30. A client calls to tell you his network was attacked; he suspects
that fake entries were entered into his network’s domain name
server. What kind of poisoning is this?
A.
B.
C.
D.
Network poisoning
ARP poisoning
DNS poisoning
Application poisoning
Go to solution >
31. While conducting the penetration test for a client network, the
client calls to ask you how far you have progressed. You are still
gathering information from different sites and social media
platforms, so what stage would you mention to the client?
A.
B.
C.
D.
Partially known environment
Active reconnaissance
Bug bounty
Passive reconnaissance
Go to solution >
32. One of the following is not a capability of Security, orchestration,
automation, and response (SOAR) tool. Which is it?
A.
B.
C.
D.
Threat and vulnerability management
Reaction to security incidents
Automation of security operations
Automation of malware removal
Go to solution >
33. While discussing with a client, Mrs Les, you mention an email
your company sent two days ago, but Mrs Les insists she never
saw the email. When you check, you discover that your company’s
emails are being blocked because a compromised account sent
some spam. What lookup will you use to detect what classification
vendors like trustedsource.org has given your domain?
A.
B.
C.
D.
IP & Domain reputation lookup
MX record lookup
SMTP server lookup
IMAP protocol lookup
Go to solution >
34. You go for an interview in a cybersecurity company; you are
asked to perform penetration testing on the e-commerce site of a
client company called Acme Corporation. You realize that when the
web server is compromised, it can be used to initiate another attack
into the company’s internal network. Which of the following can
describe this?
A.
B.
C.
D.
Pivoting
Bug bounty
Cleanup
Privilege escalation
Go to solution >
35. Your company invites a penetration tester to conduct a test.
These are the pieces of information the manager sends the tester:
company name, website domain name, gateway router IP address.
What kind of test is the manager expecting the tester to perform?
A.
B.
C.
D.
Unknown environment test
Known environment test
Partially known environment test
Half known environment test
Go to solution >
36. While working as a network administrator in a pharmaceutical
company, you discover that malware that sends a flood of packets
to external targets has infected many of the machines on your
company’s network. Which of these is the best description of the
attack?
A.
B.
C.
D.
Birthday attack
Reconnaissance
Remote access Trojan
Distributed Denial-of-Service
Go to solution >
37. You decide to investigate your computer after noticing slowness
in its performance. You discover spyware and remember that the
only thing you downloaded recently was a free application while
browsing some websites on the web. What’s the best explanation
you can give?
A.
B.
C.
D.
In the free app was a trojan
The website was a part of DDoS attack
The app was a fileless virus
The website was a phishing site
Go to solution >
38. Which category of attackers is likely to be motivated by money
they would gain from their criminal activity?
A.
B.
C.
D.
Insider threats
Criminal syndicates
Shadow IT
Competitors
Go to solution >
39. Which of the following is considered a risk of a non-vendorsupport product?
A.
B.
C.
D.
No updates, fixes and improvements
No documentation
No live chat
No training resources
Go to solution >
40. You have just received a call from your colleague, Dan, that
while he was trying to investigate a malware outbreak in a network,
he found a file with the same name and API interface as Windows
system DLL, but the file handles inputs in a manner that
compromises the system. Dan believes applications have been
attaching to the fake file instead of the original system DLL. How
can you describe this?
A.
B.
C.
D.
Dynamic-link library
Shimming
Directory traversal
Evil twin
Go to solution >
41. What does an attacker want to accomplish by initiating an SSL
stripping attack?
A.
B.
C.
D.
To remove the encryption offered by HTTPS
To send SPAM message
To make your company’s website unreachable
To initiate a DDoS attack
Go to solution >
42. What do you call a phishing attack that is so specific that it
targets a particular celebrity?
A.
B.
C.
D.
Whaling
Tailgating
Credential harvesting
Pharming
Go to solution >
43. If you use an on-path attack to make a system send you
HTTPS traffic and then you forward it to another server which the
traffic is meant for. What kind of password attack can you conduct
with the data gathered if all the traffic was captured in a login form.
A.
B.
C.
Watering hole attack
A plain-text password attack
Influence campaigns attack
D.
XSS attack
Go to solution >
44. How would you describe a phenomenon whereby one receives
so many unwanted messages when in a crowded area, but these
messages stop when you are no longer in the area?
A.
B.
C.
D.
Jamming
Rogue access point
Disassociation
Bluejacking
Go to solution >
45. An attacker breached the wireless network in your office and
exposed data that had been encrypted wirelessly by modifying
some data that had been used with the stream cipher. What name
is given to this kind of attack?
A.
B.
C.
D.
Initialization vector
Rogue access point
Disassociation
Bluejacking
Go to solution >
46. A common means of attacking RFID systems are? (Select
TWO)
A.
B.
C.
D.
E.
Reverse Engineering
Jamming
Domain hijacking
Man-in-the-Middle Attack
DNS poisoning
Go to solution >
47. Your friend Matt is disturbed because he found one of his
computers misbehaving. When he checks for the issue, he sees a
file on the computer that appears to be the virus that is affecting his
compute power; but all of the antivirus programs Matt is using could
not detect the file that contains the virus. Which of these could be
the problem?
A.
B.
C.
D.
Fileless virus
Trojans
Keyloggers
Zero-day
Go to solution >
48. How would you describe the act of going through a company’s
trash bins to find sensitive documents or information?
A.
B.
C.
D.
Document diving
Dumpster diving
Trash diving
Bin diving
Go to solution >
49. While trying to dig into a malware incident that occurred with a
system on your network, you find out that some software is giving
an attacker access to your computer; the software is doing this by
opening a port. It appears as if the software was installed two
months ago; and you remember you also installed a shareware
application two months ago. Which of these describes this malware
best?
A.
B.
C.
D.
Remote access Trojan
Command and control
Cryptomalware
Potentially unwanted programs
Go to solution >
50. Which of the following techniques can be used to recover
forgotten passwords?
A.
B.
C.
D.
Spraying
Backdoor
Rainbow table
Dictionary
Go to solution >
Chapter 2
Practice exam questions 51-100
51. Your friend Mike, calls to tell you that an attacker attempted to
get an input value to produce the same hash as a password. Mike
wants to know what kind of attack it is so he can read more about it
online. What would you tell him?
A.
B.
C.
D.
DNS poisoning
XSS attack
Collision attack
Brute force
Go to solution >
52. An attack was launched against your company; the attack
played upon some deficiencies in GeoTrust SSL and forcefully
moved some connections to a weaker version of SSL/TLS which
made it easier for the attacker to exploit. What would you call such
an attack?
A.
B.
C.
Downgrade attack
Collision attack
Birthday attack
D.
Secure socket shell attack
Go to solution >
53. An attacker uses software that gathers commonly used
passwords, then tries them one after the other in order to get
correct network passwords. What type of attack is the attacker
attempting?
A.
B.
C.
D.
Downgrade attack
XSS attack
DDoS attack
Dictionary attack
Go to solution >
54. You are in charge of networks at SWIFT, a telecommunications
company. Recently, many customers have been complaining that
they are constantly losing the connection from the wireless network.
While checking the logs, you find that the customers’ IP addresses
have been sending a deauthentication packet to the WAP. What
could be happening?
A.
B.
Bluesnarfing
Jamming
C.
D.
Disassociation attack
Rogue access point
Go to solution >
55. A birthday attack can be categorized as what kind of attack?
A.
B.
C.
D.
Cryptographic attack
On-path attack
Password attack
Cloud-based attack
Go to solution >
56. Common Vulnerabilities and Exposures (CVE) can be
categorized as?
A.
B.
C.
D.
A vulnerability feed
A critical feed
A virtual feed
An exploit feed
Go to solution >
57. Dan is an authenticated user of an e-commerce website. An
attacker exploits the trust the site has for Dan by spoofing requests
from Dan. What kind of attack is this?
A.
B.
C.
D.
Extensible Markup Language
SQL Injection
Cross-site scripting
Typosquatting
Go to solution >
58. The personal information of the customers of Wells Fargo bank
was exposed after the bank experienced a data breach. Which of
these is not a problem to worry about in the current bank’s state?
A.
B.
C.
D.
Availability loss
Financial loss
Reputation loss
Trustworthiness loss
Go to solution >
59. How can you describe a situation whereby the networks of a
company that creates advanced routing architectures are
continuously subjected to advanced attacks?
A.
B.
C.
D.
Insider threats
Advanced persistent threat
State actors
Criminal syndicates
Go to solution >
60. It is very rare to find attackers using phishing to acquire?
A.
B.
C.
D.
Email addresses
Password
Credit cards numbers
Username/Password
Go to solution >
61. You are the network manager at Wells Fargo bank. The bank
uses an IDS on their network, sometimes marks legitimate traffic as
a network attack. How can you describe this?
A.
B.
C.
D.
False alarm
False notification
False negative
False positive
Go to solution >
62. In the office where you work as a systems administrator, you
discover that one of your colleagues has malware installed on his
computer. After some minutes, you realize that the attacker is using
your colleague’s password. What kind of program could have been
used to compromise your colleague’s system?
A.
B.
C.
D.
Keylogger
Backdoor
Spyware
RAT
Go to solution >
63. To perform a penetration testing, a client gives you a login with
restricted access. The scope is to gain administrative access
through this account. What is the name for this?
A.
B.
C.
D.
Directory traversal
Race conditions
Improper input handling
Privilege escalation
Go to solution >
64. One system on your company’s network is sending multiple
Ethernet frames with varying source MAC addresses to the switch
which the Ethernet is connected to. What type of attack did it
discover?
A.
B.
C.
D.
MAC flooding
MAC spamming
MAC sending
MAC spoofing
Go to solution >
65. Spyware can be categorized as what kind of malware?
A.
B.
C.
D.
Fileless virus
Potentially Unwanted Program
Cryptomalware
Ransomware
Go to solution >
66. While you are working in a software development company you
notice that when multiple threads access the same variable, the
application does not handle them in the right manner. You believe
that if this vulnerability is discovered by an attacker, it could be
used to crash the server. Which of the following best describes the
issue have you just discovered?
A.
B.
C.
D.
Race conditions
Error handling
Integer overflow
Request forgeries
Go to solution >
67. The users on Guarantee Bank’s network have complained that
they have been receiving a link to download an application. The
bank has called you because they believe the link is being sent by
an attacker. When you check, you realize that the application has a
hacked license code program and it has a file which allows the
attacker access to all the computers that install the application.
What kind of attack have you been called in to stop?
A.
B.
C.
D.
Spyware
Cryptomalware
Ransomware
Trojan horse
Go to solution >
68. During a penetration test for a company network, you scan for
all the systems on the network and discover one particular system
on that network which has the same accounts and user type with
the system you’re working from; if you access the discovered
system using the fact that you are already have a valid account on
one system, what would we call this?
A.
B.
C.
D.
Known environment
Rules of engagement
Lateral movement
Persistence
Go to solution >
69. After scanning a Windows server, you realize that the IIS
version which is on the server had been flagged some months ago
as being vulnerable to attacks. You also see that there are no
missing patches. Which of the following best describes this?
A.
B.
C.
False positive
Windows server error
ISS error
D.
False negative
Go to solution >
70. What social engineering principle is involved in a case where
malicious actors create some illegitimate software and plant fake
reviews to make the software look trustworthy?
A.
B.
C.
D.
Consensus
Scarcity
Familiarity
Intimidation
Go to solution >
71. A malicious program that is triggered when a logical condition is
met, such as after a number of transactions have been processed
or on a specific date is called?
A.
B.
C.
D.
Backdoor
Rootkit
Keyloggers
Logic bomb
Go to solution >
72. What do we call a social engineering tactic where the attacker
engages his victims in conversations in order to get valuable
information from them?
A.
B.
C.
D.
Eliciting information
Whaling information
Tailgating information
Pharming information
Go to solution >
73. Which of these categories do FTP and Telnet fall into?
A.
B.
C.
D.
Transfer protocols
File protocols
Secure protocols
Unsecure protocols
Go to solution >
74. What testing techniques would you use to determine the range
of the wireless network in your company so you can know where it
can be accessed?
A.
B.
C.
D.
War driving
Footprinting
Cleanup
Bug bounty
Go to solution >
75. Your colleagues at work have been complaining of some
strange behavior on their machines. All of them claim to have
received and opened an email some days ago, and the email
contained a spreadsheet they had presumed to be from accounting.
What is likely to be the issue?
A.
B.
C.
D.
Fileless virus
Macro virus
Spyware
Remote access Trojan
Go to solution >
76. A vulnerability scan in which you are provided with logins for
different systems like the application, database and web server can
be described as?
A.
B.
C.
D.
Credentialed scan
Application scan
Web application scan
Network scan
Go to solution >
77. What is the function of the following code and in what
programming language is it written?
import socket as socket
for p in range (1,1024):
try:
sockets=socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
sockets.connect((‘127.0.0.1, p))
print ‘%d: IS OPEN' % (p)
sockets.close
except: continue
A.
B.
C.
D.
Programming language: Python,
Function: port scanning
Programming language: PHP,
Function: port scanning
Programming language: Perl,
Function: port scanning
Programming language: Javascript,
Function: port scanning
Go to solution >
78. One tool that is often used in DDos attacks is?
A.
B.
C.
D.
Ransomware
Botnet
Cryptomalware
Keylogger
Go to solution >
79. Dan works for the Economic and Financial Crimes Corporation.
He realized that a member in the corporation installed a remote
access Trojan on the corporation’s database server in order to
access top-level files remotely. What sort of threat Dan has just
discovered?
A.
B.
C.
D.
Insider threat
State actors
Script kiddies
Shadow IT
Go to solution >
80. A case where agents of one country post to a widely used social
media like Twitter in order to influence the election campaigns in
another country; what kind of effort can this be classified as?
A.
B.
C.
D.
Reconnaissance
Spear phishing
Prepending
Influence campaigns
Go to solution >
81. An attacker breaches the Wi-Fi and accesses the wireless
access point (WAP) admin console of the National Bank by using
the login details that ship with the WAP. What caused this sort of
vulnerability?
A.
B.
C.
D.
Default settings
Non-updated software
WAP misconfiguration
Lack of documentation
Go to solution >
82. A technique that is used for running code within the address
space of another process by forcing it to load a dynamic-link library
is known as?
A.
B.
C.
D.
LDAP injection
DLL injection
DDL injection
SQL injection
Go to solution >
83. Which of the following threat actors is a government sponsored
group that forcefully targets and gains illicit access to the networks
of other governments to steal information?
A.
B.
C.
D.
State actor
Insider threats
Hacktivists
Script kiddies
Go to solution >
84. The development of Wells Fargo bank’s mobile banking
application was outsourced to a software development firm. The
security administrator of Wells Fargo mobile app realized the
programmers who developed the application intentionally left a way
to log in and bypass the necessary authentication on the app. How
would you describe this?
A.
B.
C.
D.
Spraying
Backdoor
Cryptomalware
Spyware
Go to solution >
85. What type of actor is an attacker who uses sophisticated
techniques to breach an organization’s web server and then, on the
company’s website, the attacker leaves messages that announce a
change in the organization’s policies?
A.
B.
C.
D.
Hacktivists
Insider threats
Script kiddies
State actors
Go to solution >
86. An attacker has gained root privileges on Heritage Bank’s web
server by exploiting the vulnerability present in a web application
that is being used by the bank. What type of attack is this?
A.
B.
C.
D.
Privilege escalation
Request forgery
Application programming interface (API) attack
Directory traversal
Go to solution >
87. An attacker fakes people into connecting to his WAP by using a
second WAP which broadcasts the exact same SSID that a trusted
access point broadcasts. What type of attack is it?
A.
B.
C.
D.
Jamming
Disassociation
Evil twin
Bluesnarfing
Go to solution >
88. A good way to describe a zero-day vulnerability is?
A. A vulnerability which discovered by attackers before the
vendor has become aware of it
B. A vulnerability which discovered by attackers after the vendor
has become aware of it
C. A vulnerability which discovered by attackers the same day
the vendor has become aware of it
D. None of the above
Go to solution >
89. How would you describe an attack in which the attacker tries to
play on the victim’s psychology by using words like “Secure”,
“Trusted”, “Safe” in the mail he sends?
A.
B.
C.
D.
Prepending
Impersonation
Typosquatting
Reconnaissance
Go to solution >
90. You are in charge of networks at the State Tax Corporation. You
realize that some entries in your network’s domain name server
have been modified; you realized this because each time you are
trying to access the network, you are directed to an IP address that
may be dangerous. How would you describe this?
A.
B.
C.
D.
Domain hijacking
DNS poisoning
Domain reputation
Disassociation
Go to solution >
91. What category of malicious software does spyware fall into?
A.
B.
C.
D.
PUP
Cryptomalware
Logic bombs
Skimming
Go to solution >
92. You work for a telecommunications company; a customer-care
representative reports to you that customers have been
complaining that whenever they install your company’s app, they
find something else attached. After checking, you realize some
malware has been secretly attached to your company’s app. How
would you describe this?
A.
B.
C.
D.
DNS poisoning
Cryptomalware
Logic bombs
Trojan horse
Go to solution >
93. You have noticed that the email server doesn’t work. Your
manager said that someone from the company changed the DNS
records (MX) of the email server. Which of the following commands
will you type to find the new MX records on the server?
A.
B.
C.
D.
tracert
ipconfig
ping
nslookup
Go to solution >
94. You scan a web server that hosts two web applications. You
believe that the server is fully patched and not vulnerable to
exploits. Later, you discover that the Nginx version on the server is
reported as vulnerable to an exploit. When you check to see if you
are missing patches, Nginx is fully patched. What has occurred?
A.
B.
C.
D.
A false negative
A false positive
Non-credentialed scans
Credentialed scans
Go to solution >
95. Which of the following options allows your application to interact
with an external service using a simple set of commands rather
than having to create complex processes yourself?
A.
B.
C.
D.
Thin Client
API
Microservice
Containers
Go to solution >
96. You are trying to determine where your home office’s wireless
network can be accessed from. Which of the following technique
will you perform?
A.
B.
C.
Footprinting
War driving
Open Source Intelligence
D.
Cleanup
Go to solution >
97. Which of the following types of disaster recovery sites doesn’t
have any pre-installed equipment and it takes a lot of time to
properly set it up so as to fully resume business operations?
A.
B.
C.
D.
Cold site
Hot site
Warm Site
Normal site
Go to solution >
98. Which of the following disaster recovery sites allows a company
to continue normal business operations within a brief period of time
after a disaster?
A.
B.
C.
D.
Cold site
Hot site
Warm Site
Normal site
Go to solution >
99. The type of hackers that violates computer security systems
without permission, stealing the data inside for their own personal
gain or vandalizing the system is commonly known as?
A.
B.
C.
D.
Red-Hat hackers
Gray-Hat hackers
White-Hat hackers
Black-Hat hackers
Go to solution >
100. The network administrator from your company notices that the
network performance has been degraded due to a broadcast storm.
Which of the following techniques will you recommend to the
network administrator in order to reduce broadcast storms?
(Choose all that apply)
A.
B.
C.
D.
E.
Split up your broadcast domain
Check for loops in switches
Check how often ARP tables are emptied
Split up your collision domain
Check the routing tables
Go to solution >
Chapter 3
Practice exam questions 101-150
101. You download a legitimate and highly recommended
application and realize that an attacker is gaining remote access to
your data through the application. How would you describe this?
A.
B.
C.
D.
RAT
Backdoor
Trojan horse
Macro virus
Go to solution >
102. The attack that precedes card cloning attacks is known as?
A.
B.
C.
D.
A brute-force attack
A skimming attack
A rainbow table attack
A birthday attack
Go to solution >
103. An attacker wants to attack a new social media platform
gaining popularity. He wants to exploit the trust the social media
has for the users. What kind of attack is he trying to perpetrate?
A.
B.
C.
D.
Application programming interface (API) attacks
Resource exhaustion
Secure Sockets Layer stripping
Cross-site Request Forgery
Go to solution >
104. A web application that generates memory leaks when
subjected to some certain conditions is vulnerable to what type of
attack?
A.
B.
C.
D.
Dnsenum
Denial-Of-Service
DNS poisoning
Disassociation
Go to solution >
105. You have been working on creating an educational app for
almost 2 years. Now the app is ready to be downloaded, but rival
developers have been using a DDos attack on your app by sending
traffic to the server where your app runs. What sort of DDoS attack
is this?
A.
B.
C.
D.
Application DDoS
Edu DDoS
Server DDoS
Developer DDoS
Go to solution >
106. What do you call a team that gathers techniques from both
attackers and defenders to safeguard a company from attacks?
A.
B.
C.
D.
A red team
A blue team
A white team
A purple team
Go to solution >
107. The managing director of ACME groups has just called you to
complain that he could not access his files after he saw a message
alert telling him he would be unable to access his files unless he
pays a particular amount of bitcoin. What type of malware is this?
A.
B.
C.
D.
Ransomware
Trojan
Worms
Logic bombs
Go to solution >
108. Your company outsourced the development of a multithreaded
software to a local programming firm; during the testing phase the
developers realize that the software is not properly handling things
when various threads try to access the same value; one of the
threads changes the data while another of the threads relies on the
data. How would you describe this problem?
A.
B.
C.
D.
Time of check/Time of use
Time of error/Time of use
Time of check/Time of error
Time of error/Time of error
Go to solution >
109. All systems that use the Windows operating system in your
company have been infected by a fileless virus; the virus is not
being carried in any file. You need to conduct an investigation to
have a vivid understanding of how the infection is happening.
Which of these ways would you use?
A.
B.
C.
D.
Bash
PowerShell
Macros
VBA
Go to solution >
110. The security man in Peak company is called Adams. Workers
of Peak enter the company by inserting smartcards into the door;
what way would an attacker likely use to pass through the door?
A.
B.
C.
D.
Shoulder surfing
Dumpster diving
Pharming
Tailgating
Go to solution >
111. A user who is not observant of his physical surrounding can be
vulnerable to?
A.
B.
C.
D.
Shoulder surfing
Dumpster diving
Pharming
Tailgating
Go to solution >
112. How would you BEST describe social engineering?
A.
The use of software to trick users into giving away sensitive
information
B.
The use of psychological manipulation to trick users into
giving away sensitive information
C.
The use of email to trick users into giving away sensitive
information
D.
The use of branding to trick users into giving away sensitive
information
Go to solution >
113. A penetration test in which so much detail is given to you about
the target network is known as?
A.
B.
C.
D.
Target environment
Known environment
Detailed environment
Network environment
Go to solution >
114. In which of the following attacks, an attacker sends falsified
ARP (Address Resolution Protocol) messages over a local area
network?
A.
B.
C.
D.
ARP poisoning
MAC cloning
DNS poisoning
DNS cloning
Go to solution >
115. If a Windows 10 workstation becomes vulnerable to many
different attacks, what should be identified as the main cause?
A.
B.
C.
D.
The workstation is a part of a DDoS attack
Malicious browser
Many chrome extensions
Weak patch management
Go to solution >
116. A caller tries to trick you by claiming to be in charge of
technical security in GT bank, where you work. He claims there is a
virus that is spreading on GT bank systems and he needs you to
grant him access to your computer so he can prevent it from being
affected by the virus. What social engineering principle is this caller
using?
A.
B.
C.
D.
Urgency and authority
Urgency and trust
Urgency and scarcity
Urgency and familiarity
Go to solution >
117. A malware infection in your company results in a data breach.
Your coworker reports that she had seen two keyboards plugged
into a system by the receptionist’s desk. What would you focus on
finding in this investigation?
A.
B.
C.
Card cloning
Malicious USB cable
Skimming
D.
Malicious flash drive
Go to solution >
118. Your company manager wants you to use some Software-asa-Service tools to get lists of dangerous IP addresses and domains.
What kind of feed does your manager want you to look for?
A.
B.
C.
D.
Software feeds
Dangerous feeds
Vulnerability feeds
Threat feeds
Go to solution >
119. You work for the ECC (Economic Crimes Commission). In the
ECC, the file containing data of criminals can only be accessed by
administrative officers; but recently some malware has infiltrated
the company workstation and access to the workstation has been
granted to an attacker. What kind of malware could it be?
A.
B.
C.
D.
Rootkit
Spyware
Cryptomalware
Backdoor
Go to solution >
120. What is the function of the following code?
echo "ssh-rsa JhhhChdsBBasd/ghjfbvmcierhcsu42
root@localhost">> /root/.ssh/authorized_keys
A.
B.
C.
D.
Adds an authorized SSH key
Adds an unauthorized SSH key
Removes an authorized SSH key
Removes an unauthorized SSH key
Go to solution >
121. You have just created a website to promote your new book;
you discover an attack on some of the intended buyers who visit
your website. The attack exploits the visitors’ cookies and URL
parameters and makes them pull off some unwanted actions.
A.
B.
C.
D.
Cross-site request forgery
Secure Sockets Layer (SSL) stripping
Buffer overflows
Application programming interface (API) attacks
Go to solution >
122. What type of flaw in a software could allow a user to input a
64-bit value into a 4-byte integer variable?
A.
B.
C.
D.
Input overflow
Memory overflow
Integer overflow
Bit overflow
Go to solution >
123. Which type of attack is used to intercept and manipulate calls
between the main application’s executable (ex: the browser) and its
security mechanisms or libraries on-the-fly?
A.
B.
C.
D.
Man in the browser
Session replays
SQL Injection
Cross-site Scripting
Go to solution >
124. The technical administrator in PHB bank has detected an
attack in which the attacker’s system is being presented as the
server to the bank staff, and the attacker is being presented to the
server as the bank staff. What kind of attack is this?
A.
B.
C.
D.
On-path attack
DDoS attack
Evil twin
DNS poisoning
Go to solution >
125. A penetration test in which you are given general information
but no specific details about the network, is known as?
A.
B.
C.
D.
Partially known environment
Known environment
Half known environment
Unknown environment
Go to solution >
126. A testing method that identifies computing system
vulnerabilities in a network by using an automated process is?
A.
B.
Penetration testing
Threat hunting
C.
D.
Vulnerability scanning
Bug bounty
Go to solution >
127. While cleaning up after a penetration test, which of these are
you unlikely to do?
A.
B.
C.
D.
Restoring the rootkits to their default settings
Removing the user accounts created during the test
Removing all the scripts from the systems
Restoring the user account created before the test
Go to solution >
128. Which of these attacks can a company prevent by ensuring
that all documents are torn to pieces before being disposed of?
A.
B.
C.
D.
Typosquatting
Tailgating
Pharming
Dumpster diving
Go to solution >
129. A caller has been constantly calling your company line. When
the receptionist picks the call, the caller asks some questions and
says he is conducting a survey for a non-governmental
organization. From the questions he asks, you suspect he is trying
to steal information about your company. How would you describe
this experience?
A.
B.
C.
D.
Smishing
Vishing
Whaling
Prepending
Go to solution >
130. You suspect an attempted phishing attack in a text message
your wife receives, how would you describe such an attack that
happens via text messages?
A.
B.
C.
D.
Smishing
Vishing
Whaling
Prepending
Go to solution >
131. After a vulnerability scan, if a company’s wireless router is
confirmed to be vulnerable in its web server, what problem should
the company address?
A.
B.
C.
D.
Weak encryption protocol
Default credentials
Default WPA settings
Firmware patch management
Go to solution >
132. Why is it considered a major security problem when memory
leak occurs?
A.
B.
C.
D.
Memory leak freezes systems for 5 minutes
Memory leak causes crashes
Memory leak sends data to remote servers
Memory leak exposes data
Go to solution >
133. In which kind of attack does the attacker keep trying to gain
access to a web server by trying a long list of possible passwords?
A.
B.
C.
D.
Dictionary attack
Spraying attack
Typosquatting attack
Pretexting attack
Go to solution >
134. Which of the following attacks is a card reader that can be
disguised to look like part of an ATM?
A.
B.
C.
D.
Backdoor
Rootkit
Card cloning
Skimming
Go to solution >
135. One major difference between active reconnaissance and
passive reconnaissance is?
A.
Passive reconnaissance is an attempt to gain information
about computers without actively engaging with the systems while
active reconnaissance is an attempt to gain information about
computers typically by conducting a port scan to find any open
ports
B.
Active reconnaissance is an attempt to gain information about
computers without actively engaging with the systems while
passive reconnaissance is an attempt to gain information about
computers typically by conducting a port scan to find any open
ports
C.
Passive reconnaissance is an attempt to gain information
about computers without any tools while active reconnaissance is
an attempt to gain information about computers typically by
conducting a port scan to find any open ports
D.
Passive reconnaissance is an attempt to gain information
about computers without actively engaging with the systems while
active reconnaissance is an attempt to gain information about
computers typically without any tools
Go to solution >
136. The national security commission are trying to gather some
individuals’ data from some public sources. They want to use it for
some intelligence report. How would you describe such data?
A.
B.
C.
D.
OSINT
TAXII
RFC
SOAR
Go to solution >
137. Which of the following attacks is designed to compromise
users within a specific industry or group of users by infecting
websites they typically visit and luring them to a malicious site?
A.
B.
C.
D.
Influence campaigns
Reconnaissance
Watering hole attack
Credential harvesting
Go to solution >
138. A technique which is rarely used in preventing LDAP injection
attacks is?
A.
B.
C.
D.
Minimize the privileges assigned to the LDAP account
Input validation and encoding
LDAP query parameterization
Escape all variables
Go to solution >
139. Which of the following is used for keeping internet activity
anonymous and private, which can be helpful in both legal and
illegal applications?
A.
B.
C.
D.
Anonymous web
Dark web
Bright web
Google web
Go to solution >
140. A wireless router on one of your client’s network is reporting
default login credentials. What configuration problem could have
occurred?
A.
B.
C.
D.
Unsecured Wi-Fi protocol
Unsecured web browsing
Unsecured SSID password
Unsecured administrator account
Go to solution >
141. Which of these teams behaves like an attacker to test security
strength?
A.
B.
C.
D.
A red team
A blue team
A white team
A purple team
Go to solution >
142. The web log for ACME bank’s website shows this particular
entry: GET http://acmebank.com/post.php?view=../../../config.txt
HTTP/1.1 What sort of attack could be looming?
A.
B.
C.
D.
A Buffer overflow attack
A Cross-site scripting attack
A directory traversal attack
A SQL injection attack
Go to solution >
143. One major difference between SOAR and SIEM systems is
that…?
A.
SIEM takes things even a step further by combining a
complete data collecting, standardization, case management,
workflow
B.
SIEM acts as the remediation and response engine to those
alert
C.
SOAR aggregates and correlates data from multiple security
systems
D.
SOAR integrates with a wider range of applications
Go to solution >
144. A penetration test in which the tester is given details about the
OS, applications and network devices a company uses is known
as?
A.
B.
C.
D.
Known environment test
Unknown environment test
OS environment test
Network environment test
Go to solution >
145. SSL stripping attack can be categorized as…?
A.
B.
C.
D.
A SQL attack
An on-path attack
A pharming attack
A dictionary attack
Go to solution >
146. You have been invited to the international cybersecurity
summit to present - in a visual way - real statistics and data about
attacks around the world via multiple service providers. Your
company wants you to mention the threat intelligence tool you
would need. What would you tell them?
A.
B.
C.
D.
A code repository
A vulnerability databases
An automated Indicator Sharing
A threat map
Go to solution >
147. While in a public park, you discover a bluetooth connection to
your friend’s phone. He tells you he cannot explain where it came
from and that he has noticed that whenever he came to the park,
data from his phone is always stolen. What can explain this
incident?
A.
B.
C.
D.
Bluesnarfing
Bluejacking
Disassociation
Jamming
Go to solution >
148. As a penetration tester, you call the help desk manager and
pretend to be the special assistant to the managing director. You
ask her to change your password to a particular new one because
of an urgent meeting you have. What social engineering principle
have you just used?
A.
B.
C.
D.
Urgency
Trust
Authority
Scarcity
Go to solution >
149. A threat hunting method where you pretend to be a malicious
attacker in order to discover vulnerabilities that may be hidden is
…?
A.
B.
C.
D.
Threat intelligence
Maneuver
Advisories and bulletins
Threat feeds
Go to solution >
150. The malicious actor that’s likely to have the least amount of
technical knowledge to initiate an attack is…?
A.
B.
Script kiddies
Insider threats
C.
D.
State actors
Hacktivists
Go to solution >
Chapter 4
Practice exam questions 151-200
151. An attack in which an SYN flood ties up all open sessions in
order to overwhelm a computer, is known as?
A.
B.
C.
D.
Domain hijacking
Session replays
A DDoS
A resource exhaustion attack
Go to solution >
152. You have been hired to perform penetration testing on the
systems at Leventis cooperation. You decide to call the general
manager’s secretary and ask her if her system has any issues, then
you go on and ask her for the secretary’s details with the claim that
you want to help her fix the problem. What sort of social
engineering attack did you use?
A.
B.
C.
D.
Pretexting
A watering hole attack
Prepending
Shoulder surfing
Go to solution >
153. The National Intelligence Service, NIS, wants to perform a
penetration test; they use airplanes and drones in order to gather
some information for the penetration test. What term describes this
action the NIS has performed to gather information?
A.
B.
C.
D.
Airplane attack
Fly hijacking
Drone attack
War flying
Go to solution >
154. In your company, your colleague runs a network scanner
against a system on the company network and sees that a service
is running on TCP port 23 and also sees that the port is open. What
problem should he address?
A.
B.
C.
D.
Telnet is an insecure protocol
SNMTP is an insecure protocol
SFTP is an insecure protocol
SSH is an insecure protocol
Go to solution >
155. What is the role of the white team in a cybersecurity exercise?
A.
B.
C.
D.
Performing only judging of the exercise
The role of the attacker in the exercise
Performing oversight and judging of the exercise
The role of the defender in the exercise
Go to solution >
156. A vendor participates in a program aimed at identifying
vulnerabilities. A woman is able to identify a vulnerability and the
vendor pays her a huge sum of money. What is such payment
called?
A.
B.
C.
D.
Bug bounty
Clean up
Ransom
Pivoting
Go to solution >
157. How would you report it if you find out your colleague has set
the permission on the /etc directory on the company’s Linux system
to 777 using the chmod command?
A.
B.
C.
D.
Open permission
Unsecure root accounts
Weak encryption
Default settings
Go to solution >
158. In a penetration test, the process of gathering information such
as: the target organization’s domain name, IP address, employee
details and contact details is known as?
A.
B.
C.
D.
Unknown environment
Known environment
Footprinting
Clean up
Go to solution >
159. The act of locating and possibly exploiting connections to
wireless local area networks while driving around a city or
elsewhere is known as?
A.
B.
C.
D.
OSINT
War flying
Footprinting
War driving
Go to solution >
160. A system in your organization has a vulnerability in the Apache
version being run on it. You try to conduct a vulnerability scan on
the system using up-to-date definitions, but the scan does not
indicate the problem present, what problem are you facing?
A.
B.
C.
D.
Positive false
False negative
False positive
Negative false
Go to solution >
161. What technique would a malware attacker use to change the
signature of malware so that antivirus tools will not be able to detect
the malware?
A.
B.
C.
D.
SSL stripping
Refactoring
Pass the hash
Request forgeries
Go to solution >
162. The military of some countries use a political warfare strategy
in which conventional, irregular, and cyber warfare are combined
with fake news and social media influence and manipulation
strategies. What simple term describes this act of theirs?
A.
B.
C.
D.
Hybrid warfare
Typosquatting
Eliciting information
Identity fraud
Go to solution >
163. The secretary in the law firm where you work informs you that
she received a text message from the national security services,
NSS, that she accessed illegal websites. What kind of problem is
this?
A.
B.
C.
D.
Pretexting
Vishing
Impersonation
Hoax
Go to solution >
164. Attackers are likely to target passwords that are stored in
memory because?
A.
B.
C.
D.
They are often in plain text
They are often encrypted
They are often hashed
None of the above
Go to solution >
165. In a penetration test the practice of covertly discovering and
collecting information about a system is known as?
A.
B.
C.
D.
Initial phase
Reconnaissance
Information discovery
Known environment
Go to solution >
166. During a penetration test, you go into the target office claiming
you have been sent by Jumia, a nationwide package delivery
company. You tell those in the office that you have a package for Mr
San, the assistant managing director, and that the package must be
signed by the secretary for him. What social engineering term is it?
A.
B.
Impersonation
Pharming
C.
D.
Whaling
Phishing
Go to solution >
167. What is the supply chain risk involved in purchasing network
devices from a gray market supplier who imports the devices
without any direct relationship with the original manufacturers?
A.
B.
C.
D.
No warranty
No support
No updates
All the above
Go to solution >
168. What is the supply chain risk involved in purchasing network
devices from a gray market supplier who imports the devices
without any direct relationship with the original manufacturers?
A.
B.
C.
D.
Proxy logs
Endpoint logs
Application logs
Web server logs
Go to solution >
169. If you decide to operate in your on-site infrastructure rather
than the publishing service of your cloud hosting company, then
what technology would you use to identify the kind of attack you are
facing?
A.
B.
C.
D.
A firewall
An IPS
An IDS
A proxy
Go to solution >
170. The common aim of hacktivists is?
A.
B.
C.
D.
To analyze data
To get rich
Become famous
Making a political statement
Go to solution >
171. What is the most common goal of those who steal personal
information and social security numbers?
A.
B.
C.
D.
Invoice scams
Phishing
Identity fraud
Typosquatting
Go to solution >
172. All of these are the main components of Security
orchestration, automation, and response (SOAR) tools except?
A.
B.
C.
D.
Threat intelligence
Source code security analysis and testing
Process workflows
Incident management
Go to solution >
173. GitHub and Bitbucket are threat intelligence sources best
classified under?
A.
B.
C.
D.
Code repositories
Threat maps
Private information sharing center
Dark web
Go to solution >
174. Your company’s Intrusion Prevention System (IPS) flags traffic
from two IP addresses as shown below:
Source IP: 167.1.45.28 - Destination IP: 55.44.33.1
http://yourwebsite/homepage/order.php?SESSIONID=1455gtd
Source IP: 167.1.45.28 - Destination IP: 55.44.33.1
http://yourwebsite/homepage/order.php?SESSIONID=1455gtd
This attack should be classified as?
A.
B.
C.
D.
API attack
SSL stripping
SQL attack
Session replay attack
Go to solution >
175. The following log entries were found when going through an
auth logs on a server:
June 13 18:01:48 syslog rshd[7206]: Connection from 24.5.4.10 on
illegal port
June 13 18:01:52 syslog rshd[7306]: Connection from 24.5.4.10 on
illegal port
June 13 18:02:10 syslog rshd[7406]: Connection from 24.5.4.10 on
illegal port
June 13 18:02:43 syslog rshd[7506]: Connection from 24.5.4.10 on
illegal port
June 13 18:02:50 syslog rshd[7606]: Connection from 24.5.4.10 on
illegal port
What do these signify?
A.
B.
C.
D.
A vulnerability scan
SQL injection attack
A buffer overflow
The dark web
Go to solution >
176. During a vulnerability scanning you identify a service that runs
on TCP port 8080. Which of the following services is running on
that port?
A.
B.
HTTP
HTTPS
C.
D.
SMTP
DNS
Go to solution >
177. You run a vulnerability scan of a network device that shouldn’t
be reachable from the internet. You discover that the device is
running services on TCP ports 80 and 53. What services has she
most likely discovered?
A.
B.
C.
D.
HTTP and DNS
HTTPS and DNS
SMTP and HTTP
DNS and SMTP
Go to solution >
178. To ensure that one does not have unwanted ports and
services running on a device whilst not being able to make a scan
for breaches, what can one do?
A.
B.
C.
D.
Network topology assessment
Network topology review
Configuration assessment
Configuration review
Go to solution >
179. The login details of customers of PHB bank got compromised
after they accessed a fake site that posed like the bank. The
customers all visited the site on your network and all claim to have
logged in via your network with the correct site link. What is the
most likely explanation for this situation?
A.
B.
C.
D.
ARP poisoning
MAC spoofing
DNS poisoning
SQL Injection
Go to solution >
180. A phishing site was discovered to be sharing a very similar
name to another site with one letter misspelt from the company’s
original domain name. This attack can best be considered as?
A.
B.
C.
D.
Trojan horse
Typo squatting
DNS poisoning
SQL Injection
Go to solution >
181. Which of the options listed would be best to assess the
operations of an E-commerce company as a security personnel?
A.
B.
C.
D.
AAA
OWASP
QA
FPGA
Go to solution >
182. The cybersecurity administrator in an organization, instead of
using a single vendor for the Network and host antimalware, puts
them on different vendors. This action can be described as?
A.
B.
C.
D.
Technology diversity
Vendor diversity
Crypto diversity
Control diversity
Go to solution >
183. Which of the listed options would best suit a company that is
trying to safeguard its backup data from being compromised?
A.
B.
C.
D.
Air-gap the backup server
Change the default vlan number
Place a firewall
Use dropbox for backup
Go to solution >
184. A windows picture password can be categorized as?
A.
B.
C.
D.
Somewhere you are
Something you have
Something you know
Something you can do
Go to solution >
185. You want to use a digital signature on an email before sending
to your friend Gary. Which of the following keys should you use to
sign the email?
A.
B.
C.
D.
Your private key
Your public key
Gary’s private key
Gary's public key
Go to solution >
186. The process of deploying 1,000 rounds of MD5 hashing to
secure confidential details e.g passwords, is called?
A.
B.
C.
D.
Perfect forward secrecy
Hashing
Salting
Key stretching
Go to solution >
187. Which of the following can be used to make it impossible for
the attacker to simply use a list of common hashed passwords to
reveal the passwords you have stored if they gain access to them?
A.
B.
C.
D.
A key stretch
A key length
A salt
A hash
Go to solution >
188. To ascertain that the session is not breached even if the
server’s private key is, which of the listed cryptographic capabilities
will we use?
A.
B.
C.
D.
Lightweight cryptography
Key stretching
Elliptic-curve cryptography
Perfect forward secrecy
Go to solution >
189. The security head of a company established a nonproduction
network to be used as bait for attackers on the network to get a
glimpse of their attacking skills. The network being deployed is
called?
A.
B.
C.
D.
Fake telemetry
Honeynet
DNS sinkhole
Hot site
Go to solution >
190. To watch over and manipulate power plants power generating
system, which of the listed options is used to perform this action?
A.
B.
C.
D.
SCADA
HVAC
MFP
RTOS
Go to solution >
191. Joy wants to have a contract with an organization to have a
datacenter that is stocked with equipment and set for work. The
category of disaster recovery site he’s seeking would be?
A.
B.
C.
D.
Warm site
Cold site
Hot site
Available site
Go to solution >
192. What precaution should be put in place to make certain that an
Internet of Things (IoT) operating system doesn’t get modified after
it’s been sold?
A.
B.
C.
D.
Change the default password
Frequent updates
Encrypt the firmware
None of the above
Go to solution >
193. You are in charge of application development in your company
and want to ensure that no web application is deployed live before
testing. Your company prefers that you do the test with a system
that looks like the live server. What do we call this?
A.
B.
C.
D.
Deploy server
Test server
Pre-test server
Non production server
Go to solution >
194. You are in charge of application development in your company
and want to ensure that no web application is deployed live before
testing. Your company prefers that you do the test with a system
that looks like the live server. What do we call this?
A.
B.
C.
D.
Deploy server
Test server
Staging server
Non live server
Go to solution >
195. What solution will be used to restrict access to an API you
provided, while ensuring that you log usage of the API to the
respective companies that are given access.
A.
B.
C.
D.
API numbers
API keys
API locks
API logs
Go to solution >
196. In order to ensure that unsecure code is not delivered to the
live system of an organization since its developers have the
authority to deliver code directly to the production server, what
should be done to subdue this problem?
A.
B.
C.
D.
Create a staging server
Create a new live server
Migrate the data to a cloud-based server
Migrate the data to a dedicated-server
Go to solution >
197. In a cloud service, the transit gateway performs what
functions?
A.
B.
C.
D.
Connects two trust zones
Connects two different cloud service providers
Connects Digital Ocean and Cloudways
Connects on-premises networks and virtual private clouds
Go to solution >
198. Which of the following hardware security modules is a physical
computing device that safeguards and manages digital keys?
A.
B.
C.
D.
UEM
HSM
MAM
MMS
Go to solution >
199. Which of the following is a computer security mechanism set
to detect, deflect, or, in some manner, counteract attempts at
unauthorized use of information systems?
A.
B.
C.
D.
IDS
Data loss prevention
Fake telemetry
Honeypot
Go to solution >
200. Which of the following setup management programs is a group
of settings placed on a system before it is approved for production?
A.
B.
C.
D.
Tutorial video
Step by step guidance
Documentantion
Baseline configuration
Go to solution >
Chapter 5
Practice exam questions 201-250
201. The Symmetric encryption has what benefit compared to the
asymmetric encryption?
A.
B.
C.
D.
Symmetric encryption is faster to run
Symmetric encryption uses 2 keys
Symmetric encryption is more secure
Symmetric encryption uses longer keys
Go to solution >
202. Which of the listed options gives users access to web-based
applications by the cloud providers?
A.
B.
C.
D.
DaaS
PaaS
SaaS
IaaS
Go to solution >
203. Which of the following policies controls who has access to
resources and what actions they can perform on it?
A.
B.
C.
D.
Resource policy
Content policy
Action policy
Perform policy
Go to solution >
204. What aspect of virtualization should be deployed to put a
virtual server to its last glitch-free condition after a virus is ejected
from it?
A.
B.
C.
D.
Offsite storage
Artifact
Snapshot
Self-encrypting drive
Go to solution >
205. What RAID level, while deploying a distributed parity bits,
would make certain that if a drive fails in a database server it will be
recoverable?
A.
B.
C.
D.
RAID 5
RAID 4
RAID 3
RAID 2
Go to solution >
206. Which of the following is used in electronic labs where stray
electromagnetic fields must be kept out?
A.
B.
C.
D.
Proximity reader
Faraday cage
Motion detection
Moisture detection
Go to solution >
207. What is the most secure way of preventing an intruder from
coming into a building while being transported in a car?
A.
B.
C.
D.
Traffic light
Security guard
Security cameras
Bollards
Go to solution >
208. What would be the best way to prevent students from a
particular school from making away with the computers in the
computer lab?
A.
B.
C.
D.
Antivirus
Cameras
Cable locks
USB data blockers
Go to solution >
209. Which of the listed options should be deployed to effect twofactor authentication within a building?
A.
A mantrap
B.
A smart card
C.
A PIN keypad
D.
A PIN keypad at one door and a mantrap with a smartcard at
the other door
Go to solution >
210. The deception technique that logs on going events such us
user logins and logout after configuring a honeypot is called?
A.
B.
C.
D.
Honey telemetry
Fake nets
Honeynets
Fake telemetry
Go to solution >
211. The “disk mirroring and disk striping” is categorized under the
RAID level?
A.
B.
C.
D.
RAID 1
RAID 2
RAID 1+0
RAID 2+0
Go to solution >
212. Which of the following terms is used when you remove
redundancy from a database?
A.
B.
C.
D.
Stored procedures
Normalization
Data exposure
Code reuse
Go to solution >
213. Which of the following options can be used when deploying an
AAA service?
A.
B.
C.
D.
CCMP
WPS
RADIUS
PSK
Go to solution >
214. In which of the following systems, if users get access none of
their settings or data is saved once they log out?
A.
B.
C.
D.
Full-persistent
Half-persistent
Persistent
Non-persistent
Go to solution >
215. What datacenter element should you be worried about when
infrared cameras are being used to ensure that the servers within
the datacenter are utilized properly?
A.
B.
C.
D.
Hot aisle and cold aisle
Humidity
Electromagnetic interference
Radio-frequency interference
Go to solution >
216. Which of these options is the best way to deny an infected
system access to a botnet controller when you know the
hostname?
A.
B.
C.
D.
DNS sinkhole
Honeynets
Fake telemetry
Honeypot
Go to solution >
217. The situation of a personnel not being able to effectively
handle the virtual machines under his watch is best described as?
A.
B.
C.
D.
Virtual machine escape
Virtual machine uncontrol
Virtual machine deny
Virtual machine sprawl
Go to solution >
218. Which of the following procedures can be used to provide an
important layer of security between the user interface and the
database?
A.
B.
C.
D.
Security procedures
Database procedures
Interface procedures
Stored procedures
Go to solution >
219. Which of the listed models allows a system to boot their
resources from a centralized server environment instead of their
hard drives?
A.
B.
C.
D.
Thin client
Containers
Edge computing
Microservices
Go to solution >
220. Which of the following is not a popular means of shielding
information from being compromised?
A.
B.
C.
D.
Connect to remote systems using SSH
Use hash functions before storing data
Store data in plain text
Visit sites that use SSL
Go to solution >
221. Which of the following is not a popular means of shielding
information from being compromised?
A.
B.
C.
D.
SAML
OAuth
TACACS+
ABAC
Go to solution >
222. A datacenter personnel has to manage a number of
datacenters in different locations. Which of the following is the most
suitable option for managing all datacenters with ease?
A.
B.
Implement SDNs
Implement firewalls
C.
D.
Implement Vlans
Implement infrastructure as code
Go to solution >
223. The most significant advantage of the SDN is?
A.
B.
C.
D.
It provides scalability
It provides an extra layer of security
It provides an IDS functionalities
It provides an IPS functionalities
Go to solution >
224. The most reliable method in ascertaining real-time operating
system security is?
A.
B.
C.
D.
Install and configure a host firewall
Disable the default vlan
Create a new plan for real-time operating systems
Install antivirus & anti malware software
Go to solution >
225. An attack was launched on an organization’s web app,
executing a code from one of the javascript libraries the web app
used in the past. This attack is best described as?
A.
B.
C.
D.
SSL stripping
Session replays
Code reuse attack
Code signing
Go to solution >
226. Which of the following IEEE technologies will you use to
develop an embedded system that would provide peer-to-peer
communications, low cost and low-power?
A.
B.
C.
D.
802.1X
Zigbee
Radius
WPA
Go to solution >
227. Which of the following form of encryption permits users to
perform computations on their encrypted data without first
decrypting them?
A.
B.
C.
D.
Blockchain encryption
Lightweight encryption
Homomorphic encryption
Steganography
Go to solution >
228. Which of the listed options would be welcomed by the staff of
a company deploying a biometric system to gain access into the
company?
A.
B.
C.
D.
Retina
Iris
Facial
Fingerprint
Go to solution >
229. An off-site cold backup usually operates on what backup
technology?
A.
B.
C.
D.
Tape
Cloud
Network-attached network
Storage area network
Go to solution >
230. For most SoC devices, what would be the most reliable means
of ascertaining that they are not breached and the information on
them are not compromised?
A.
B.
C.
D.
Ensure that each device has no network access
Ensure that each device has wireless access
Ensure that each device has its own cryptographic key
Ensure that each device has enough storage
Go to solution >
231. The security manager in a company that producing
electrocardiogram monitors is worried about how the devices will be
kept safe. Which of the listed options should he deploy?
A.
He needs to make sure the devices have anti-malware
B.
He needs to make sure the devices have no IP addresses
C.
He needs to make sure the devices have updated firmware
D.
He needs to make sure the communications with the device
are secured and encrypted
Go to solution >
232. In which of the following places we can find the needed data to
understand how a protocol works and what values need to be
added in packets that use this protocol?
A.
B.
C.
D.
Wikipedia
Github
Reddit
Request for Comments
Go to solution >
233. Which of these biometric technologies would be best in
identifying subjects from a camera?
A.
B.
C.
D.
Gait analysis
Fingerprint
Efficacy rates
Iris
Go to solution >
234. What solution should be deployed by a company that wants to
keep their data in the cloud but feels that the public cloud is open to
breaches and at the same time expressing concern about the cost
of a private cloud?
A.
B.
C.
D.
Under cloud
Semi cloud
Community cloud
Half cloud
Go to solution >
235. A set of programmers running a Windows OS needs to
develop a particular solution that will work effectively on Linux. In a
bid to use a cloud solution, what is the best way to get your
programmers access to Linux systems for development and
testing?
A.
B.
C.
D.
PaaS
IaaS
SaaS
DaaS
Go to solution >
236. What category of backup would readily backup all the changes
made on a system since the last time a full backup was done on it?
A.
B.
Full
Incremental
C.
D.
Snapshot
Differential
Go to solution >
237. Which of the listed options would best suit a company that
wants to use cloud storage to store data but the major setback they
have is the cost?
A.
B.
C.
D.
Public cloud
Storage cloud
Save cloud
Affordable cloud
Go to solution >
238. Paula is trying to ascertain that a cloud system can blend-in
with manipulations in its workload by automatically freeing and
withholding resources. She is also trying to ensure that the space is
not loaded with too many resources nor under-provisioned, and that
money is wisely spent on her infrastructure. This concept is best
described as?
A.
B.
Scalability
Elasticity
C.
D.
Camouflage
Obfuscation
Go to solution >
239. Which of following would you use to make sure that a problem
in power supply does not cause a server to lose power?
A.
B.
C.
D.
MAC
NIC
PDU
UPS
Go to solution >
240. A stored procedure is best explained as?
A.
A subroutine available to applications that access a relational
database management system
B.
An SQL injection technique
C.
A subroutine available to applications that access a MariaDB
database
D.
A javascript framework
Go to solution >
241. Which of the listed options would best be able to prevent a
possible VM escape that would result in a data breach?
A.
B.
C.
D.
Implement honeypots
Configure a proxy server
Install a firewall
Detached VM hosts by data sensitivity
Go to solution >
242. A company that lacks staff but wants to deploy modern and
robust network security. What should be done to salvage the
situation?
A.
B.
C.
D.
Use a firewall
Use Vlans
Use a Proxy server
Use a MSSP
Go to solution >
243. Which of these options would best be able to ascertain that
applications on a network have not been breached nor affected with
a Trojan virus?
A.
B.
C.
D.
Use cryptographic hashes
Use Vlans
Use a Proxy server
Use time of check
Go to solution >
244. In a bid to prevent a SCADA system from being affected by
malicious executable files, which of these options should be
deployed?
A.
B.
C.
D.
Place the SCADA system on a separate VLAN
Place the SCADA system on the same VLAN with DMZ
Implement honeypots
Implement IPS/IDS
Go to solution >
245. What method should be deployed to ensure that old versions
of code are not being rewritten into new releases in regression
testing?
A.
B.
C.
D.
Version controlling
Version placing
Version indexing
Version numbering
Go to solution >
246. In a bid to ensure secure communications with customers on a
bank website, which of the following options would best serve that
purpose?
A.
B.
C.
D.
VPN
TLS
Tunneling
Firewall
Go to solution >
247. Which of the following is not a problem faced by the
smartcard-based authentication system.
A.
Weak security due to the limitations of the smartcard's
authentication support
B.
Weak security due to the limitations of the smartcard's
authorization support
C.
Weak security due to the limitations of the smartcard's
encryption support
D.
None of the above
Go to solution >
248. “Anything as a Service” can best be described with what term?
A.
B.
C.
D.
XaaS
YaaS
OaaS
SaaS
Go to solution >
249. John bought an office with full access to power and bandwidth
to serve as a backup for her company just in case they should
suffer an attack. This establishment is called?
A.
B.
C.
D.
Cold site
Frozen site
Hot site
Host site
Go to solution >
250. To enable a patched Windows system to be able to jump back
to the last obvious healthy configuration, what should be done to
achieve this?
A.
B.
C.
D.
A system backup point
A system restore point
A system return point
A system time point
Go to solution >
Chapter 5
Practice exam questions 251-300
251. When the system date is not properly set, which of these will
encounter problems from multi factor authentication?
A.
B.
C.
D.
COTP
OOTP
POTP
TOTP
Go to solution >
252. What primary function does the Faraday cage perform in the
server room?
A.
B.
C.
D.
To block EIM
To block IME
To block MIE
To block EMI
Go to solution >
253. The IP schema configuration management would offer what
type of security benefit?
A.
B.
C.
D.
Detecting rogue devices
Detecting malicious devices
Detecting DDoS attacks
Detecting malicious software
Go to solution >
254. Which of the listed options would be best for securing a server
room door?
A.
B.
C.
D.
Deadbolt
Padlock
Cable lock
Faraday cages
Go to solution >
255. What are the two most important features that deploying a NIC
teaming on a server?
A.
B.
NIC offers lower latency and lower throughput
NIC offers lower latency and greater throughput
C.
D.
NIC offers fault tolerance and lower throughput
NIC offers fault tolerance and greater throughput
Go to solution >
256. Which of these options would serve as a fault-tolerant solution
that can handle two drives failing?
A.
B.
C.
D.
RAID 6
RAID 5
RAID 4
RAID 3
Go to solution >
257. Your company deploys a CCTV monitoring system which is
always in use. In a bid to make the CCTV system respond to theft
and other issues, what additional feature is most likely to receive
requests to counter these problems?
A.
B.
C.
D.
Motion recognition
DVR
Guards
Object detection
Go to solution >
258. Which of these cryptosystems would most often provide
cryptographic algorithm with low latency?
A.
B.
C.
D.
Symmetric encryption
Lightweight cryptography
Homomorphic encryption
Steganography
Go to solution >
259. The most important thing to be do about memory management
in application security is?
A.
B.
C.
D.
Call functions inside functions
Delete all the open sessions
Use correct data types
Make sure you release any memory you allocate
Go to solution >
260. Which of these options should be deployed to ensure that
encrypted files are kept confidential and safe for as long as
possible?
A.
B.
C.
D.
Use a 32-bit key
Use the longest key possible
Use a 20-bit key
Use the shortest key possible
Go to solution >
261. What technology should be deployed in a company that is
subject to a breach to keep their data and information safe on their
servers?
A.
B.
C.
D.
DLP
LPD
DPL
LDP
Go to solution >
262. What security method can be deployed to ensure that a single
individual won’t be able to subvert a process?
A.
B.
C.
D.
Two-person control
One-person control
Four-person control
Three-person control
Go to solution >
263. Which of these options will surely protect a phone from attack
or breach from the charger being used to charge it?
A.
B.
C.
D.
USB data locker
Lighting
Fencing
USB data blocker
Go to solution >
264. Users are granted the grace of creating applications and
hosting them on which of these cloud service?
A.
B.
C.
D.
PaaS
SaaS
DaaS
IaaS
Go to solution >
265. The director of your company understands that for
cryptographic systems, computational overheads are a concern.
What can you do to limit the computational needs of the company’s
solution?
A.
B.
C.
D.
Apply elliptic curve cryptography
Apply lightweight cryptography
Apply homomorphic encryption
Apply steganography
Go to solution >
266. What computational design concept can be used to describe a
situation in which you deploy servers and storage to all of your
company's facilities so that scientific equipment can forward data at
the right speed?
A.
B.
C.
D.
Containers
Microservices
Edge computing
Fog computing
Go to solution >
267. What type of solution would allow you to replace sensitive
information on your database with unique identifiers which allow
you to continue taking actions on the information without exposing
the information?
A.
B.
C.
D.
Anonymization
Tokenization
Pseudo-Anonymization
Data masking
Go to solution >
268. What special advantage does an encrypted message which
contains a digital signature have over one that has no digital
signature? (SELECT TWO)
A.
B.
C.
D.
E.
Integrity
Availability
Nonrepudiation
Confidentiality
Accountability
Go to solution >
269. In a conference whose topic is on "appropriate response and
recovery controls for natural disasters", one of the speakers asks
what control should be employed in the case that a tornado causes
a power outage that lasts for many hours.
A.
B.
Offsite storage
Generator
C.
D.
Snapshot
Managed power distribution units
Go to solution >
270. The technology that is most widely used for proximity card
readers is…?
A.
B.
C.
D.
NFC
IV
RFID
DIFR
Go to solution >
271. The biggest geographical concern for security is…?
A.
B.
C.
D.
External disaster
Internal disaster
Person-made disaster
Environmental disaster
Go to solution >
272. How would you protect a confidential message?
A.
B.
C.
D.
By hashing the message
By encrypting the message
By deleting the message
By digitally signing the message
Go to solution >
273. Which network device allows horizontal scaling during traffic
issues, as well as supports patching and upgrading without causing
outages?
A.
B.
C.
D.
A firewall
A load balancer
A hub
A switch
Go to solution >
274. Ιf you want to use physical safeguards to ensure that
important data can be transferred in unencrypted form, what
solution would you deploy?
A.
B.
C.
D.
Locked cable distribution
Protected cable distribution
Cable locks
USB cables
Go to solution >
275. Your friend surreptitiously sent you concealed data by
modifying a music file in a way that would not affect the sound of
the music. What method has she just used?
A.
B.
C.
D.
Lightweight steganography
Audio cryptography
Audio steganography
Lightweight cryptography
Go to solution >
276. The multifactor authentication system like the short message
service (SMS) is mostly affected by?
A.
B.
C.
D.
Narrow-band
SMS injection attack
Zigbee
SIM cloning
Go to solution >
277. Which of the following can be deployed to ensure that some
data at rest are kept safe so that they can be manipulated and put
to use in their original form?
A.
B.
C.
D.
Hashing
Tokenization
Masking
Encryption
Go to solution >
278. Naomi has created a control system for her organization
without a network linking it to her other networks. This kind of setup
can be described as?
A.
B.
C.
D.
Screened subnet
DMZ
Air gap
Virtual local area network
Go to solution >
279. John secures the original data in a Social Security Number
field to ascertain that users on his database do not get access to it.
This data security process is best described as?
A.
B.
C.
D.
Masking
Minimization
Compression
Tokenization
Go to solution >
280. The process of deploying an on-premises cloud computing
solution is known as...?
A.
B.
C.
D.
Hybrid cloud
Private cloud
Public cloud
Semi cloud
Go to solution >
281. The physical tokens deployed for multi factor authentication
are mostly threatened by?
A.
B.
C.
D.
Loss and cloning
Theft and cloning
Theft and loss
None of the above
Go to solution >
282. The likely problem that might ensue from using the value
12345ABCDE678FGH as a salt to every password is?
A.
B.
C.
D.
The salt is too complex
The salt is reused
The salt doesn't contain special characters
The salt is too long
Go to solution >
283. Which of the following is the process of reducing or eliminating
an unwanted magnetic field (or data) stored on tape and disk media
such as computer and laptop hard drives?
A.
B.
C.
D.
Pulping
Pulverizing
Degaussing
Burning
Go to solution >
284. By using the most popular method of dispersal, datacenters
should best be kept at what distance from each other to ensure that
they are in line with the geographic dispersal requirement?
A.
B.
C.
D.
100 miles
200 miles
50 miles
500 miles
Go to solution >
285. The process of extending cloud computing to the edge of an
enterprise network is best described as?
A.
B.
C.
D.
Edge computing
Fog computing
On-premise computing
Network computing
Go to solution >
286. Which of the following is a password-hashing algorithm based
on the Blowfish cipher?
A.
B.
C.
D.
Dcrypt
Acrypt
Bcrypt
Fcrypt
Go to solution >
287. Which of the listed technologies would be the best in
implementing a directory service?
A.
B.
C.
D.
DLL
SQL
XML
LDAP
Go to solution >
288. What is the first condition to check when setting up a wireless
network in which the access points are placed at positions where
they offer maximum coverage, while also considering plans for any
means of RF interference?
A.
B.
C.
D.
Conduct a site survey
Check channel overlaps
Install WPA3
Configure IEEE 802.1X
Go to solution >
289. The lateral traffic movement within a network is mostly
regarded as?
A.
B.
C.
D.
Extranet
Screened subnet
East-west traffic
Intranet
Go to solution >
290. A user that tries to connect to a wireless network but is
redirected to a site that asks them to provide their email details,
then they are given access to use the internet for free after
providing the details. Which of the following technologies must have
been used for that?
A.
B.
C.
D.
A WiFi Protected Setup
A captive portal
A heat map
A layer 2 tunneling
Go to solution >
291. The DNSSEC when deployed, has what function?
A.
B.
C.
D.
Integrity
Availability
Confidentiality
None of the above
Go to solution >
292. Which of these protocols should be deployed to be able to use
a command-line shell over a system connected through an
encrypted channel?
A.
B.
C.
D.
HTTPS
RDS
Telnet
SSH
Go to solution >
293. The SRTP is mostly deployed to be used for what type of
communication?
A.
B.
C.
D.
HVAC
MFP
VoIP
RTOS
Go to solution >
294. FTPS traffic is mostly implemented on two major ports namely:
A.
B.
C.
D.
67 and 68
455 and 453
21 and 990
80 and 443
Go to solution >
295. Which of the listed devices would best execute these rules:
PERMIT IP ANY EQ 80
PERMIT IP ANY EQ 43
DENY IP ANY ANY
A.
B.
C.
D.
Hub
Firewall
Switch
WAP
Go to solution >
296. Which of the listed protocols is best used to validate
certificates and check if they have been revoked?
A.
B.
C.
D.
OCSP
CSR
CRL
RA
Go to solution >
297. Most geofencing applications are usually deployed on which
two major connections?
A.
B.
C.
D.
Bluetooth and RFID
Wi-Fi and Bluetooth
GPS and Bluetooth
GPS and Wi-Fi
Go to solution >
298. A firewall that scrutinizes the context and contents of every
packet it comes across is classified as…?
A.
B.
C.
D.
Stateless packet filtering firewall
Stateful packet filtering firewall
Web application firewall
Unified threat management
Go to solution >
299. An identity management system requests for users addresses,
job titles and birth dates. This type of information is best known as?
A.
B.
C.
D.
Roles
Attributes
Tokens
Details
Go to solution >
300. Which of the listed options should first be considered whilst
trying to enhance security on an organization’s network?
A.
B.
C.
D.
Create multiple VLANs
Uninstall unneeded applications on all workstations
Disable unneeded services on all workstations
Install antivirus on all workstations
Go to solution >
1. Lawan is in charge of sales in a major fabric company. He was
sent a email asking him to click a link and fill out a survey. He
suspects the email is a fraud, but there is a mention of other
companies that deal in fabric in the email, so he thinks it might not
be a fraud after all. Which of these options describes the attack
best?
A.
B.
C.
D.
Phishing
Smishing
Spear phishing
Vishing
C. The correct answer is Spear phishing. Spear phishing is an
email or electronic communications scam targeted towards a
specific individual, organization or business. Although often
intended to steal data for malicious purposes, cybercriminals may
also intend to install malware on a targeted user’s computer.
Go back >
2. Powell is a security administrator in an insurance company.
Recently he discovered a piece of code in their back-end written in
PHP that shouldn't be there. Then, he received an email from an
unknown user saying that the piece of code will start sending
DELETE requests to the database if one of his co-workers is fired.
What describes this BEST?
A.
B.
C.
D.
Worn
Spam
Logic Bomb
Fileless virus
C. The correct answer is Logic Bomb. A logic bomb is a piece of
code intentionally inserted into a software system that will set off a
malicious function when specified conditions are met. For example,
a programmer may hide a piece of code that starts deleting files,
should they ever be terminated from the company.
Go back >
3. You are the security administrator in a telecommunications
company. The company’s website is attacked by a hacker who had
been denied a job at the company. The hacker uses the registration
page, strangely, he does not input account details, instead, he
inputs ‘ or ’, ‘ and’, ‘0 != 1’, 1’ = ‘1. How can you describe this
attack?
A.
B.
C.
D.
SQL injection
Impersonation
Credential harvesting
Typosquatting
A. The correct answer is SQL injection. SQL injection is a code
injection technique that might destroy your database. SQL injection
is one of the most common web hacking techniques. SQL injection
is the placement of malicious code in SQL statements, via web
page input.
SQL injection usually occurs when you ask a user for input, like
their username/userid, and instead of a name/id, the user gives you
an SQL statement that you will unknowingly run on your database.
Go back >
4. The network administrator in your company tells you some of the
staff have been unable to connect to the office wireless network.
When you check, you see that the WI-FI signal has been blocked
due to an attack on the WAPs. What would be the best way to label
such an attack?
A.
B.
C.
D.
Near-field communication
Domain hijacking
Rogue access point
Jamming
D. The correct answer is Jamming. Jamming Attack is a kind of
Denial of Service attack, which prevents other nodes from using the
channel to communicate by occupying the channel that they are
communicating on.
Go back >
5. John is a cybersecurity expert working for a government agency.
He is worried hackers might try to attack the agency’s website
server to get some classified information. John is concerned about
cross-site scripting and SQL injection. What is the best way to
defend against such attacks?
A.
B.
C.
D.
Access control list
Web application firewall
Static code analysis
Input validation
D. The correct answer is Input validation. Input validation, also
known as data validation, is the proper testing of any input supplied
by a user or application. Input validation prevents improperly
formed data from entering an information system.
An input validation attack occurs when an attacker deliberately
enters malicious input with the intention of confusing an application
and causing it to carry out some unplanned action. Malicious input
can include code, scripts and commands, which if not validated
correctly can be used to exploit vulnerabilities. The most common
input validation attacks include Buffer Overflow, XSS attacks and
SQL injection.
Go back >
6. Dan logs into his clothing site and realizes a hacker has input
Javascript code in a text box where customers are supposed to
leave reviews that other customers can see. What type of attack is
this?
A.
B.
C.
D.
Cross-site scripting
Session hijacking
Spam
Pretexting
A. The correct answer is Cross-site scripting. Cross-site Scripting
(XSS) is a client-side code injection attack. The attacker aims to
execute malicious scripts in a web browser of the victim by
including malicious code in a legitimate web page or web
application. The actual attack occurs when the victim visits the web
page or web application that executes the malicious code.
The web page or web application becomes a vehicle to deliver the
malicious script to the user’s browser. Vulnerable vehicles that are
commonly used for Cross-site Scripting attacks are forums,
message boards, and web pages that allow comments.
Go back >
7. A hairstylist calls you to explain that customers who connect to
the wireless network in his place have been accusing him of
stealing their data. When you ask two of the customers, they tell
you they connected to the wireless access point (AP), but
surprisingly when you check the AP logs, you see that the two
customers never connected to it. How can you describe the
incident?
A.
B.
C.
D.
Pharming
Rogue access point
Impersonation
Watering hole attack
A. The correct answer is Rogue access point. A rogue access point
is a device not sanctioned by an administrator, but is operating on
the network anyway. This could be an access point set up by either
an employee or by an intruder. The access point could also belong
to a nearby company.
Go back >
8. An uncommon way to prevent brute-force attack on your office
password file is?
A.
B.
Encrypting plain text using symmetric encryption
Encrypting plain text using hashing
C.
D.
Encrypting plain text using salting
Encrypting plain text using tokenization
A. The correct answer is Encrypting plain text using symmetric
encryption. A symmetric encryption is a type of encryption where
only one key (a secret key) is used to both encrypt and decrypt
electronic information. The entities communicating via symmetric
encryption must exchange the key so that it can be used in the
decryption process. This encryption method differs from asymmetric
encryption where a pair of keys, one public and one private, is used
to encrypt and decrypt messages.
Go back >
9. You have been invited to work on an application developed by
another programmer. While checking the source code, you see a
pointer de-reference so you return NULL. The software developed a
segmentation fault because it tried to read from the NULL pointer.
How can this affect the application?
A.
B.
C.
D.
Memory leak
Denial-of-service environment
Resources exhaustion
Application programming interface (API) attacks
B. The correct answer is Denial-of-service environment. This type
of error impacts the availability of the service so the denial of
service condition is the correct answer which can stop the program
of running
Go back >
10. Levy is a cybersecurity expert. He receives a call from the
owner of an insurance company who complains that she was
summoned by law enforcement officers who claimed that some
computers in her company were involved in a denial-of-service
(DoS) attack. The owner tells Levy she is certain none of the
company’s employees is involved. How would you explain this
scenario?
A.
B.
C.
D.
Company’s workstations have backdoors
Company’s workstations have viruses
Company’s workstations are bots
Company’s workstations are trojans
C. The correct answer is Company’s workstations are bots. A bot is
a piece of malware that infects a computer to carry out commands
under the remote control of the attacker.
A botnet (short for “robot network”) is a network of computers
infected by malware that are under the control of a single attacking
party, known as the “bot-herder.” Each individual machine under the
control of the bot-herder is known as a bot.
Go back >
11. How can you describe spamming in social media messengers?
A.
B.
C.
D.
Eliciting information
SPIM
Influence campaigns
Tailgating
B. The correct answer is SPIM. Just about all internet users have a
firsthand account of how annoying Spam is. If you use IM (Instant
Messaging) you just might have been SPIM’ed (Spam over Instant
Messaging). It may be more harmful than email Spam. The user is
more likely to click on the link because it is real-time. This sneaky
intrusion can be very annoying, and to make things worse, it by
basses the Anti-Virus and firewalls.
Go back >
12. The following fall under which area of threat intelligence?
Geographical irregularities, Increase in database read volumes and
unexpected outbound traffic on the network.
A.
B.
C.
D.
Indicators of compromise
Dark web
Vulnerability databases
Open-source intelligence
A. The correct answer is Indicators of compromise. Indicators of
compromise (IOCs) are “pieces of forensic data, such as data
found in system log entries or files, that identify potentially
malicious activity on a system or network.” Indicators of
compromise aid information security and IT professionals in
detecting data breaches, malware infections, or other threat activity.
There are several indicators of compromise that organizations
should monitor.
1. Unusual Outbound Network Traffic
2. Anomalies in Privileged User Account Activity
3. Geographical Irregularities
4. Log-In Red Flags
5. Increases in Database Read Volume
6. HTML Response Sizes
7. Large Numbers of Requests for the Same File
8. Mismatched Port-Application Traffic
9. Suspicious Registry or System File Changes
10. Unusual DNS Requests
11. Unexpected Patching of Systems
12. Mobile Device Profile Changes
13. Bundles of Data in the Wrong Place
14. Web Traffic with Unhuman Behavior
15. Signs of DDoS Activity
Go back >
13. You suspect there is an insider threat in your office making use
of the office security information and event management (SIEM)
system. Which of these best identify the threat?
A.
B.
C.
D.
Log collectors
User behavior analysis
Packet capture
Data inputs
B. The correct answer is User behavior analysis. User behavior
analytics, sometimes called user entity behavior analytics (UEBA),
is a category of software that helps security teams identify and
respond to insider threats that might otherwise be overlooked.
Using machine learning and analytics, UBA identifies and follows
the behaviors of threat actors as they traverse enterprise
environments, running data through a series of algorithms to detect
actions that deviate from user norms.
Go back >
14. Your friend calls you to ask what (SIEM) Security information
and event management capability is best for him to gain access to
attempted connections through a firewall. He tells you he wants to
gain access because he feels there is a problem with a TCP
handshake process. Which of these would you suggest to him?
A.
B.
C.
D.
Log collectors
User behavior analysis
Packet capture
Data inputs
C. The correct answer is Packet capture. To ensure security teams
have complete visibility into network traffic at all times, SIEM tools
provide analysts with intelligent and relevant information about the
traffic as the network packets are parsed and contextualized in real
time. This data analyzation spans the entire network across
physical and virtual deployments to give security staff complete
insight into the scope of any attack, current or historic.
1. Enriched capture data to reduce false positives
2. Real-time data visualizations and nodal diagrams
3. Context and threat analytics
4. Full packet capture
Go back >
15. A telecommunications company with over five hundred
computers placed in different areas wants a better way to handle
how much data is being created by the computers. What two
technologies will you suggest to them?
A.
B.
C.
D.
Common Vulnerabilities and Exposures
Advisories and bulletins
Provisioning and deprovisioning
Log collectors and Log aggregation
D. The correct answer is Log collectors and Log aggregation. Log
aggregation is part of the overall log management process that
helps IT organizations convert their log files into actionable insights
in real-time or near real-time. The process can be described in five
basic steps:
Instrument & Collect - The first step of log management is to start
collecting logs. IT organizations must implement log collector
software tools that collect data from various parts of the software
stack. Many devices across platforms generate logs using the
Syslog message logging standard or with other applications that
can write logs directly into the log aggregation tool platform.
Centralize & Index - Log data needs to be normalized and
indexed, making it easier to analyze and fully searchable for
developers and security analysts.
Search & Analyze - Now that the log data is organized properly in
the log aggregation tool, it can be searched and analyzed to
discover patterns and identify any issues that require attention from
IT operators. Human or machine learning analysis can be used to
identify patterns and anomalies.
Monitor & Alert - Effective log monitoring is a critical aspect of the
log management process. An effective log management tool should
integrate with message applications to deliver timely alerts when
events occur that require a prompt response.
Report & Dashboard - The final component of log management,
reporting and dashboarding ensure that team members across
departments have the necessary levels of access and visibility into
application performance data.
Go back >
16. You work in a company that provides an Application
Programming Interface (API) for customers. The director asks you
to recommend a practice that will protect the API from attacks and
ensure it is only available to customers who subscribe. What will
you recommend?
A.
B.
C.
D.
Install NGFW
Configure ACLs
Require authentication
Install HIDS
C. The correct answer is Require authentication. One of the
methods that protect the API from attacks and ensures that API
calls are only used by legitimate users is to require the use of
authentication. API keys are one of the most frequently used
methods for this.
Go back >
17. What color is given to the team that determines the rules of
engagement before the execution of a cybersecurity exercise?
A.
B.
C.
D.
White Team
Red Team
Blue Team
Yellow Team
A. The correct answer is White Team. In an exercise, the White
Team acts as the judges, enforces the rules of the exercise,
observes the exercise, scores teams, resolves any problems that
may arise, handles all requests for information or questions, and
ensures that the competition runs fairly and does not cause
operational problems for the defender's mission.
The White Team helps to establish the rules of engagement, the
metrics for assessing results and the procedures for providing
operational security for the engagement. The White Team normally
has responsibility for deriving lessons-learned, conducting the post
engagement assessment, and promulgating results.
Go back >
18. While browsing on your local computer, you receive a message
prompting you to move fast and download a particular software
because after 3 hours, the software will no longer be available for
free. What social engineering principle is used here?
A.
B.
C.
D.
Familiarity
Trust
Authority
Scarcity
D. The correct answer is Scarcity. Social Engineers may use
scarcity to create a feeling of urgency in a decision making context.
This urgency can often lead to the manipulation of the decision
making process, allowing the social engineer to control the
information provided to the victim.
Go back >
19. How would you describe an attack in which a target variable
receives more data than it can actually hold?
A.
B.
C.
D.
Directory traversal
Buffer Overflow
Secure Sockets Layer (SSL) stripping
Resource exhaustion
B. The correct answer is Buffer Overflow. Buffer overflow, or buffer
overrun, occurs when more data is put into a fixed-length buffer
than the buffer can handle. The extra information, which has to go
somewhere, can overflow into adjacent memory space, corrupting
or overwriting the data held in that space.
This overflow usually results in a system crash, but it also creates
the opportunity for an attacker to run arbitrary code or manipulate
the coding errors to prompt malicious actions. Many programming
languages are prone to buffer overflow attacks.
Go back >
20. Your friend, Mike, went for an interview; during the interview, he
was asked to conduct a test in which he used applications to fish
out known vulnerabilities that attackers could exploit on the
systems connected to the company’s network. What was your
friend asked to do?
A.
B.
C.
D.
IP scan
Vulnerability scan
Port scan
Resource scan
B. The correct answer is Vulnerability scan. A vulnerability scanner
is an application that identifies and creates an inventory of all the
systems (including servers, desktops, laptops, virtual machines,
containers, firewalls, switches, and printers) connected to a
network.
For each device that it identifies it also attempts to identify the
operating system it runs and the software installed on it, along with
other attributes such as open ports and user accounts.
Go back >
21. Your colleague, Marie, asks you to suggest uncommon
prevention methods she can use to prevent credential harvesting
attacks on a company’s commercial website. What would you
suggest to her?
A.
B.
C.
D.
Utilize complex usernames/passwords
Utilize MFA
Utilize ACLs
Utilize NGFW
A. The correct answer is Utilize complex usernames/passwords. It’s
very important to use mix of special characters, numbers, upper &
lower case letters, non-words and require longer length. Don’t use
standard usernames such as administrator, user, user1, test,
admin, etc. Don’t use usernames that are first names only such as
dan, john, tom, etc.
Avoid creating passwords that include your name, dictionary words
or reusing passwords from other accounts. You may want to
increase the default minimum length beyond 6 characters. Using
simple passwords is the easiest way for someone to compromise
your server – do NOT use simple passwords that are vulnerable to
brute-force and dictionary attacks.
Go back >
22. You advise your wife to buy a new gadget from an online store,
but she tells you that whenever she visits the site, it appears to be
fake. You call the company hotline to complain, but they tell you
they can access the site without any problem. A few minutes later,
they call you back to inform you there is no record of your wife ever
connecting to their network. Which of these can explain the
situation?
A.
B.
Watering hole attack
Impersonation
C.
D.
Pretexting
Typosquatting
D. The correct answer is Typosquatting. Typosquatting is a type
of social engineering attack which targets internet users who
incorrectly type a URL into their web browser rather than using a
search engine. Typically, it involves tricking users into visiting
malicious websites with URLs that are common misspellings of
legitimate websites.
Go back >
23. How can you bypass the protection and gain access to a
network that is protected by a network access control system which
identifies the hardware address of systems?
A.
B.
C.
D.
By conducting a DDoS attack against the system
By using MAC address cloning
It’s impossible to bypass the protection of the network
By using privilege escalation techniques
B. The correct answer is By using MAC address cloning. The MAC
address clone process often called mac pass through, is a useful
technique to get around connectivity and network issues that can
arise in both home and office environments where a set of specific,
or set number of, MAC addresses have been approved. Cloning
gets around that by copying the MAC address of an approved piece
of hardware to the problematic device, making it appear as if it's
allowed on the network.
Go back >
24. You work as the security manager in a bank. You receive a call
from someone telling you that each time he tries to access the
bank’s site, he is being directed to another bank’s website. When
you check, you see that a change has occurred in domain
information and domain’s contact details. Since the domain is still
active, what could have happened?
A.
B.
C.
D.
Uniform Resource Locator (URL) redirection
Domain reputation
DNS poisoning
Domain hijacking
D. The correct answer is Domain hijacking. Domain hijacking is the
act of changing the registration of a domain name without the
permission of the original owner, or by abuse of privileges on
domain hosting and domain registrar systems.
Domain name hijacking is devastating to the original domain name
owner's business with wide ranging effects including:
Financial damages: Companies who rely on their website for
business, such as ecommerce companies and SaaS companies,
can lose millions of dollars when they lose control of the domain,
their domain is one of their most valuable assets. Domain hijacking
is one of the largest cybersecurity risks online businesses have.
Reputational damages: Domain hijackers can take control of a
hijacked domain's email accounts and use the domain name to
facilitate additional cyber attacks such as
installing malware or social engineering attacks.
Regulatory damages: By gaining access to a domain name,
hijackers can replace the real web page with an identical web page
designed to capture sensitive data or personally identifiable
information (PII), this is known as phishing.
Go back >
25. You are the security manager at the University of Pennsylvania.
After a recent threat analysis on the university network, you go on
to study past incidents and similar networks. You realize that the
most likely attack on the network would be from amateur attackers
who want to gain access to the system to do things like changing of
grade or just to have fun. How would you describe an attacker like
this?
A.
B.
Script kiddie
State actors
C.
D.
Shadow IT
Criminal syndicates
A. The correct answer is Script kiddie. A script kiddie, or “skiddie,” is
someone who lacks programming knowledge and uses existing
software to launch an attack. Often a script kiddie will use these
programs without even knowing how they work or what they do. For
example, imagine a child gets their first computer. The child
watches a movie about hacking and then downloads a copy of Kali
Linux. They begin playing with the various programs while
searching for online tutorials.
Go back >
26. What makes phishing different from spam?
A.
B.
C.
D.
Phishing is used to obtain credentials or other data
Phishing is used only on social media
Phishing is used in a DDoS attacks
Phishing is used to target a specific individual or groups
A. The correct answer is Phishing is used to obtain credentials or
other data. Phishing is a cybercrime in which a target or targets are
contacted by email, telephone or text message by someone posing
as a legitimate institution to lure individuals into providing sensitive
data such as personally identifiable information, banking and credit
card details, and passwords.
The information is then used to access important accounts and can
result in identity theft and financial loss.
Go back >
27. As an enterprise software vendor, during your procurement
request-for-proposal process you see a question included, asking
how long you have been in the business and how many clients you
have. What security issue are they planning to prevent with this
question?
A.
B.
C.
D.
Lack of company vision
Quality of code development
Best practice code development
Lack of vendor support
D. The correct answer is Lack of vendor support. The question is
intended to assess the viability of the company in the long term,
and consequently if they will provide support, updates and fix
patches.
Go back >
28. How will you describe a number of computers which have been
compromised and can be controlled from a remote point?
A.
B.
C.
D.
Backdoor
Keyloggers
Botnet
Trojans
C. The correct answer is Botnet. A botnet (short for “robot network”)
is a network of computers infected by malware that are under the
control of a single attacking party, known as the “bot-herder.” Each
individual machine under the control of the bot-herder is known as
a bot. From one central point, the attacking party can command
every computer on its botnet to simultaneously carry out a
coordinated criminal action.
Go back >
29. Which of these is not an effective way to prevent Server-Side
Request Forgery attacks?
A.
Using an alternative IP representation of 127.0.0.1
B.
Registering your own domain name that resolves
to 127.0.0.1
C.
Removing all SQL code from Ajax Requests
D.
Embedding credentials in a URL before the hostname, using
the @ character
C. The correct answer is Removing all SQL code from Ajax
Requests. Server-side request forgery (also known as SSRF) is a
web security vulnerability that allows an attacker to induce the
server-side application to make HTTP requests to an arbitrary
domain of the attacker's choosing.
In a typical SSRF attack, the attacker might cause the server to
make a connection to internal-only services within the
organization's infrastructure. In other cases, they may be able to
force the server to connect to arbitrary external systems, potentially
leaking sensitive data such as authorization credentials.
Ways to prevent this are:
1. Use an alternative IP representation of 127.0.0.1
2. Register your own domain name that resolves to 127.0.0.1
3. Embed credentials in a URL before the hostname, using
the @ character
Go back >
30. A client calls to tell you his network was attacked; he suspects
that fake entries were entered into his network’s domain name
server. What kind of poisoning is this?
A.
B.
C.
D.
Network poisoning
ARP poisoning
DNS poisoning
Application poisoning
C. The correct answer is DNS poisoning. DNS poisoning is a
hacker technique that manipulates known vulnerabilities within the
domain name system (DNS). When it's completed, a hacker can
reroute traffic from one site to a fake version. And the contagion can
spread due to the way the DNS works.
Go back >
31. While conducting the penetration test for a client network, the
client calls to ask you how far you have progressed. You are still
gathering information from different sites and social media
platforms, so what stage would you mention to the client?
A.
B.
C.
D.
Partially known environment
Active reconnaissance
Bug bounty
Passive reconnaissance
D. The correct answer is Passive reconnaissance. When one is
conducting passive reconnaissance, one is not interacting directly
with the target and as such, the target has no way of knowing,
recording, or logging activity. The reconnaissance is aimed at
collecting as much information as possible on a target.
Go back >
32. One of the following is not a capability of Security, orchestration,
automation, and response (SOAR) tool. Which is it?
A.
B.
C.
D.
Threat and vulnerability management
Reaction to security incidents
Automation of security operations
Automation of malware removal
D. The correct answer is Automation of malware removal. SOAR
(Security Orchestration, Automation and Response) is a
combination of compatible programs that enables a company to
collect data on security threats from a wide variety of sources. In
addition, SOAR enables an automatic reaction to certain security
events without human intervention.
These are the three most important capabilities of SOAR solutions:
Threat and vulnerability management: The solutions support IT
teams in eliminating vulnerabilities. In addition, they offer
standardized workflow, reporting and collaboration functions.
Reaction to security incidents: These technologies support IT
departments in planning, process organization, tracking and
coordinating the respective reaction to a security incident.
Automation of security operations: These technologies support
the automation and orchestration of procedures, processes, policy
implementation and reporting.
Go back >
33. While discussing with a client, Mrs. Les, you mention an email
your company sent two days ago, but Mrs. Les insists she never
saw the email. When you check, you discover that your company’s
emails are being blocked because a compromised account sent
some spam. What lookup will you use to detect what classification
site like trusted source has given your domain?
A.
B.
C.
D.
IP & Domain reputation lookup
MX record lookup
SMTP server lookup
IMAP protocol lookup
A. The correct answer is IP & Domain reputation lookup. IPs use
sender reputation to decide whether (or not) they will deliver your
email messages to your subscribers. This sending reputation is
based on your IP address. But what if an ISP could make filtering
decisions based on your domain – rather than separate IPs? That is
the nature of domain reputation.
Domain reputation would essentially allow you to maintain your
reputation without worrying about individual IPs. That means you
could change IPs, send email from different providers and add new
IPs or use shared IPs without worrying about losing your good
reputation in the process and in connection with your brand.
Go back >
34. You go for an interview in a cybersecurity company; you are
asked to perform penetration testing on the e-commerce site of a
client company called Acme Corporation. You realize that when the
web server is compromised, it can be used to launch another attack
into the company’s internal network. Which of the following can
describe this?
A.
B.
C.
D.
Pivoting
Bug bounty
Cleanup
Privilege escalation
A. The correct answer is Pivoting. Often during a penetration test or
security assessment, everything starts with an external network —
with research and pentesting of machines and services available
from the global network. Attempts are being made to find a security
hole and, if it succeeds, then a penetration into the local network is
performed in order to capture as many systems as possible.
Local network traffic is non-routable, that is, other computers that
are physically connected to this network can access the resources
of the local network, and the attacker cannot access them.
So, pivoting is a set of techniques that allow an attacker to gain
access to local resources, in essence, making traffic routable that is
normally non-routable. Pivoting helps an attacker to configure the
working environment to use the tools in such a way as if he were in
the organization’s local network.
Go back >
35. Your company invites a penetration tester to conduct a test.
These are the pieces of information the manager sends the
tester: company name, website domain name, gateway router IP
address with no internal knowledge of the target system. What kind
of test is the manager expecting the tester to perform?
A.
B.
C.
D.
Unknown environment test
Known environment test
Partially known environment test
Half known environment test
A. The correct answer is Unknown environment test. In an unknown
environment or black-box testing assignment, the penetration tester
is placed in the role of the average hacker, with no internal
knowledge of the target system. Testers are not provided with any
architecture diagrams or source code that is not publicly available.
A black-box penetration test determines the vulnerabilities in a
system that are exploitable from outside the network.
Go back >
36. While working as a network administrator in a pharmaceutical
company, you discover that malware that sends a flood of packets
to external targets has infected many of the machines on your
company’s network. Which of these is the best description of the
attack?
A.
B.
C.
D.
Birthday attack
Reconnaissance
Remote access Trojan
Distributed Denial-of-Service
D. The correct answer is Distributed Denial-of-Service. Distributed
denial-of-service attacks target websites and online services. The
aim is to overwhelm them with more traffic than the server or
network can accommodate. The goal is to render the website or
service inoperable. The traffic can consist of incoming messages,
requests for connections, or fake packets.
Go back >
37. You decide to investigate your computer after noticing slowness
in its performance. You discover spyware and remember that the
only thing you downloaded recently was a free application while
browsing some websites on the web. What’s the best explanation
you can give?
A.
B.
C.
D.
In the free app was a trojan
The website was a part of DDoS attack
The app was a fileless virus
The website was a phishing site
A. The correct answer is In the free app was a trojan. A Trojan
horse or Trojan is a type of malware that is often disguised as
legitimate software. Trojans can be employed by cyber-thieves and
hackers trying to gain access to users' systems. Users are typically
tricked by some form of social engineering into loading and
executing Trojans on their systems. Once activated, Trojans can
enable cyber-criminals to spy on you, steal your sensitive data, and
gain backdoor access to your system.
Trojans are incredibly good at hiding. They trick users into installing
them and then work behind the scenes to achieve their aim. If you
fall victim, you may not even realize it until it's too late. If you
suspect your device may have been breached by Trojan malware,
you should look out for the following signs:
- Poor device performance – for example, running slowly or
frequently crashing (including the infamous “blue screen of
death”)
- The desktop has changed – for example, the screen resolution
has altered, or the color appears different
- The taskbar has changed – or perhaps disappeared altogether
- Unrecognized programs appear in your task manager – you
didn’t install them
Go back >
38. Which category of attackers is likely to be motivated by money
they would gain from their criminal activity?
A.
B.
C.
D.
Insider threats
Criminal syndicates
Shadow IT
Competitors
B. The correct answer is Criminal syndicates. Cyber crime is so
popular (and potentially profitable) that well-organized networks of
cyber criminals work in collaboration to pull off massive heists over
the internet. These cyber crime organizations are groups of
hackers, programmers and other tech bandits who combine their
skills and resources to commit major crimes that might not
otherwise be possible.
Go back >
39. Which of the following is considered a risk of a non-vendorsupport product?
A.
B.
C.
D.
No updates, fixes and improvements
No documentation
No live chat
No training resources
A. The correct answer is No updates, fixes and improvements. The
most important concern that appears when you use a non-vendorsupport product is that you don’t receive any updates or
improvements of the product, as a result you don’t have a fully
functional product.
Go back >
40. You have just received a call from your colleague, Dan, that
while he was trying to investigate a malware outbreak in a network,
he found a file with the same name and API interface as Windows
system DLL, but the file handles inputs in a manner that
compromises the system. Dan believes applications have been
attaching to the fake file instead of the original system DLL. How
can you describe this?
A.
B.
Dynamic-link library
Shimming
C.
D.
Directory traversal
Evil twin
B. The correct answer is Shimming. A shimming is
a library that transparently intercepts API calls and changes the
arguments passed, handles the operation itself or redirects the
operation elsewhere. Shims can be used to support an old API in a
newer environment, or a new API in an older environment. Shims
can also be used for running programs on different software
platforms than they were developed for.
Go back >
41. What does an attacker want to accomplish by initiating an SSL
stripping attack?
A.
B.
C.
D.
To remove the encryption offered by HTTPS
To send SPAM message
To make your company’s website unreachable
To initiate a DDoS attack
A. The correct answer is To remove the encryption offered by
HTTPS. Stripping away the encryption offered by HTTPS, called
SSL Strip, is a serious cyber threat to many corporations since their
employees are constantly on the move and require access to
Internet on-the-go even through open non-secure Wi-Fi hotspots.
Once attackers gain access to a network, they can act as a Man-inthe-Middle (MITM) to intercept connections over the network. These
interception tactics can also be deployed against wired networks,
provided that someone gains access to an Ethernet port.
Go back >
42. What do you call a phishing attack that is so specific that it
targets a particular celebrity?
A.
B.
C.
D.
Whaling
Tailgating
Credential harvesting
Pharming
A. The correct answer is Whaling. A whaling attack is a method
used by cybercriminals to masquerade as a senior player at an
organization and directly target senior or other important individuals
at an organization, with the aim of stealing money or sensitive
information or gaining access to their computer systems for criminal
purposes.
Go back >
43. If you use an on-path attack to make a system send you
HTTPS traffic and then you forward it to another server which the
traffic is meant for. What kind of password attack can you conduct
with the data gathered if all the traffic was captured in a login form.
A.
B.
C.
D.
Watering hole attack
A plain-text password attack
Influence campaigns attack
XSS attack
B. The correct answer is A plain-text password attack. Since you
capture the data you can conduct a plaintext attack. With a
known plaintext attack, the attacker has knowledge of the plaintext
and the corresponding ciphertext. This information is used to
decrypt the rest of the ciphertext.
Go back >
44. How would you describe a phenomenon whereby one receives
so many unwanted messages when in a crowded area, but these
messages stop when you are no longer in the area?
A.
B.
C.
D.
Jamming
Rogue access point
Disassociation
Bluejacking
D. The correct answer is Bluejacking. Bluejacking is a hacking
method that lets a person send unsolicited messages (typically
flirtatious but can also be malicious) to any Bluetooth-enabled
device within his own device’s range. Also known as “bluehacking,”
the process begins by scanning one’s surroundings for
discoverable Bluetooth-capable devices.
Bluejacking is much like doorbell ditching, wherein a person rings
someone’s doorbell and disappears before the homeowner can
answer the door.
Go back >
45. An attacker breached the wireless network in your of ce and
exposed data that had been encrypted wirelessly by modifying
some data that had been used with the stream cipher. What name
is given to this kind of attack?
A.
B.
C.
D.
Initialization vector
Rogue access point
Disassociation
Bluejacking
fi
A. The correct answer is Initialization vector. An initialization vector
(IV) attack is an attack on wireless networks. It modifies the IV of an
encrypted wireless packet during transmission. IVs are blocks of
bits that are used to differentiate users on the wireless network. IVs
eliminate the need for users to constantly reauthenticate with an
access point and are therefore sent frequently.
Go back >
46. A common means of attacking RFID systems are? (Select
TWO)
A.
B.
C.
D.
E.
Reverse Engineering
Jamming
Domain hijacking
Man-in-the-Middle Attack
DNS poisoning
A,D. The correct answers are Reverse Engineering and Man-in-theMiddle Attack. RFID systems, like most electronics and networks,
are susceptible to both physical and electronic attacks. As the
technology matures and becomes more widespread, so do hackers
who aim to gain private information, entrance to secure areas, or
take a system down for personal gain. Below are 7 known security
attacks hackers can perform on an RFID system.
1. Reverse Engineering
2. Power Analysis
3. Eavesdropping & Replay
4. Man-in-the-Middle Attack or Sniffing
5. Denial of Service
6. Cloning & Spoofing
7. Viruses
Go back >
47. Your friend Matt is disturbed because he found one of his
computers misbehaving. When he checks for the issue, he sees a
file on the computer that appears to be the virus that is affecting his
computer; but all of the antivirus programs Matt is using could not
detect the file that contains the virus. Which of these could be the
problem?
A.
B.
C.
D.
Fileless virus
Trojans
Keyloggers
Zero-day
D. The correct answer is Zero-day. A zero-day vulnerability, at its
core, is a flaw. It is an unknown exploit in the wild that exposes a
vulnerability in software or hardware and can create complicated
problems well before anyone realizes something is wrong. In fact, a
zero-day exploit leaves no opportunity for detection at first.
Go back >
48. How would you describe the act of going through a company’s
trash bins to find sensitive documents or information?
A.
B.
C.
D.
Document diving
Dumpster diving
Trash diving
Bin diving
B. The correct answer is Dumpster diving. dumpster diving is a
technique used to retrieve information that could be used to carry
out an attack or gain access to a computer network from disposed
items.
Dumpster diving isn't limited to searching through the trash for
obvious treasures, such as access codes or passwords written
down on sticky notes. Seemingly innocent information, such as a
phone list, calendar or organizational chart, can be used to assist
an attacker using social engineering techniques to gain access to
the network.
Go back >
49. While trying to dig into a malware incident that occurred with a
system on your network, you find out that some software is giving
an attacker access to your computer; the software is doing this by
opening a port. It appears as if the software was installed two
months ago; and you remember you also installed a shareware
application two months ago. Which of these describes this malware
best?
A.
B.
C.
D.
Remote access Trojan
Command and control
Cryptomalware
Potentially unwanted programs
A. The correct answer is Remote access Trojan. A Remote Access
Trojan (RAT) is a tool used by malware developers to gain full
access and remote control on a user's system, including mouse
and keyboard control, file access, and network resource access.
Go back >
50. Which of the following techniques can be used to recover
forgotten passwords?
A.
B.
C.
D.
Spraying
Backdoor
Rainbow table
Dictionary
C. The correct answer is Rainbow table. A rainbow table is a
precomputed table for caching the output of cryptographic hash
functions, usually for cracking password hashes. Tables are usually
used in recovering a key derivation function up to a certain length
consisting of a limited set of characters.
Go back >
51. Your friend Mike, calls to tell you that an attacker attempted to
get an input value to produce the same hash as a password. Mike
wants to know what kind of attack it is so he can read more about it
online. What would you tell him?
A.
B.
C.
D.
DNS poisoning
XSS attack
Collision attack
Brute force
C. The correct answer is Collision attack. A collision or clash is a
situation that occurs when two distinct pieces of data have the
same hash value, checksum, fingerprint, or cryptographic digest.
Due to the possible applications of hash functions in data
management and computer security collision avoidance has
become a fundamental topic in computer science.
Go back >
52. An attack was launched against your company; the attack
played upon some deficiencies in GeoTrust SSL and forcefully
moved some connections to a weaker version of SSL/TLS which
made it easier for the attacker to exploit. What would you call such
an attack?
A.
B.
C.
D.
Downgrade attack
Collision attack
Birthday attack
Secure socket shell attack
A. The correct answer is Downgrade attack. A downgrade attack is
a form of cyber attack in which an attacker forces a network
channel to switch to an unprotected or less secure data
transmission standard.
Downgrading the protocol version is one element of man-in-themiddle type attacks, and is used to intercept encrypted traffic. An
example of a downgrade attack might be redirecting a visitor from
an HTTPS version of a resource to an HTTP copy.
Go back >
53. An attacker uses software that gathers commonly used
passwords, then tries them one after the other in order to get
correct network passwords. What type of attack is the attacker
attempting?
A.
B.
Downgrade attack
XSS attack
C.
D.
DDoS attack
Dictionary attack
D. The correct answer is Dictionary attack. A dictionary attack is a
method of breaking into a password-protected computer, network or
other IT resource by systematically entering every word in a
dictionary as a password. A dictionary attack can also be used in an
attempt to find the key necessary to decrypt an encrypted message
or document.
Go back >
54. You are in charge of networks at SWIFT, a telecommunications
company. Recently, many customers have been complaining that
they are constantly losing the connection from the wireless network.
While checking the logs, you find that the customers’ IP addresses
have been sending a deauthentication packet to the WAP. What
could be happening?
A.
B.
C.
D.
Bluesnarfing
Jamming
Disassociation attack
Rogue access point
C. The correct answer is Disassociation attack. A disassociation
attack is a type of Denial Of Services Attack, which is used to
disconnect an access point (mobile device in this case) from a
router by sending disassociation packets to the device. It is a
common way hackers try to gain access to people’s personal
information.
Go back >
55. A birthday attack can be categorized as what kind of attack?
A.
B.
C.
D.
Cryptographic attack
On-path attack
Password attack
Cloud-based attack
A. The correct answer is Cryptographic attack. A birthday attack is a
type of cryptographic attack, which exploits the mathematics behind
the birthday problem in probability theory. Birthday attack can be
used in communication abusage between two or more parties.
The attack depends on a fixed degree of permutations
(pigeonholes) and the higher likelihood of collisions found between
random attack attempts, as described in the birthday paradox/
problem.
Go back >
56. Common Vulnerabilities and Exposures (CVE) can be
categorized as?
A.
B.
C.
D.
A vulnerability feed
A critical feed
A virtual feed
An exploit feed
A. The correct answer is A vulnerability feed. Common
Vulnerabilities and Exposures (CVE) is a database of publicly
disclosed information security issues. A CVE number uniquely
identifies one vulnerability from the list. Enterprises typically use
CVE for planning and prioritization in their vulnerability
management programs.
Go back >
57 . Dan is an authenticated user of an e-commerce website. An
attacker exploits the trust the site has for Dan by spoofing requests
from Dan. What kind of attack is this?
A.
B.
C.
D.
Extensible Markup Language
SQL Injection
Cross-site scripting
Typosquatting
C. The correct answer is Cross-site scripting. Cross-site request
(CSRF) or XSRF, is a type of malicious exploit of a website where
unauthorized commands are submitted from a user that the web
application trusts. This can all work without the user's interaction or
even knowledge.
Go back >
58. The personal information of the customers of Wells Fargo bank
was exposed after the bank experienced a data breach. Which of
these is not a problem to worry about in the current bank’s state?
A.
B.
C.
D.
Availability loss
Financial loss
Reputation loss
Trustworthiness loss
A. The correct answer is Availability loss. How can you describe a
situation whereby the networks of a company that creates
advanced routers are continuously subjected to advanced attacks?
Go back >
59. How can you describe a situation whereby the networks of a
company that creates advanced routing architectures are
continuously subjected to advanced attacks?
A.
B.
C.
D.
Insider threats
Advanced persistent threat
State actors
Criminal syndicates
B. The correct answer is Advanced persistent threat. An advanced
persistent threat (APT) is a broad term used to describe an attack
campaign in which an intruder, or team of intruders, establishes an
illicit, long-term presence on a network in order to mine highly
sensitive data.
Go back >
60. It is very rare to find attackers using phishing to acquire?
A.
B.
C.
D.
Email addresses
Password
Credit cards numbers
Username/Password
A. The correct answer is Email addresses. Phishing is a type of
social engineering attack often used to steal user data, including
login credentials and credit card numbers. Phishing is commonly
used for personal information, not things like email addresses.
Go back >
61. You are the network manager at Wells Fargo bank. The bank
uses an IDS on their network, sometimes marks legitimate traffic as
a network attack. How can you describe this?
A.
B.
C.
D.
False alarm
False notification
False negative
False positive
D. The correct answer is False positive. A false positive is an error
in binary classification in which a test result incorrectly indicates the
presence of a condition such as an attack when the attack is not
present, while a false negative is the opposite error where the test
result incorrectly fails to indicate the presence of a condition when it
is actually present.
Go back >
62. In the office where you work as a systems administrator, you
discover that one of your colleagues has malware installed on his
computer. After some minutes, you realize that the attacker is using
your colleague’s password. What kind of program could have been
used to compromise your colleague’s system?
A.
B.
Keylogger
Backdoor
C.
D.
Spyware
RAT
A. The correct answer is Keylogger. A keylogger is an insidious
form of spyware. Keyloggers are activity-monitoring software
programs that give hackers access to your personal data. The
passwords and credit card numbers you type, the web pages you
visit – all by logging your keyboard strokes.
The software is installed on your computer, and records everything
you type. Then it sends this log file to a server, where
cybercriminals wait to make use of all this sensitive information.
Go back >
63. To perform a penetration testing, a client gives you a login with
restricted access. The scope is to gain administrative access
through this account. What is the name for this?
A.
B.
C.
D.
Directory traversal
Race conditions
Improper input handling
Privilege escalation
D. The correct answer is Privilege escalation. Privilege escalation
happens when a malicious user exploits a bug, design flaw, or
configuration error in an application or operating system to gain
elevated access to resources that should normally be unavailable
to them.
Go back >
64. One system on your company’s network is sending multiple
Ethernet frames with varying source MAC addresses to the switch
which the Ethernet is connected to. What type of attack did it
discover?
A.
B.
C.
D.
MAC flooding
MAC spamming
MAC sending
MAC spoofing
A. The correct answer is MAC flooding. MAC (Media Access
Control) Flooding is a type of cyber attack done in a network to
compromise the security of the network switches. In this attack the
network is flooded with the fake MAC addresses.
The hacker uses this attack to steal sensitive data that is being
transferred in the network. The attack is used for forcing the
legitimate MAC table contents out of the switch and forcing the
unicast flooding behavior for potentially sending sensitive
information to portions of the network where it is not normally
intended to go.
Go back >
65. Spyware can be categorized as what kind of malware?
A.
B.
C.
D.
Fileless virus
Potentially Unwanted Program
Cryptomalware
Ransomware
B. The correct answer is Potentially Unwanted Program. PUP
(Potentially Unwanted Program) is an application that is installed
along with the desired application the user actually asked for. In
most cases, the PUP is spyware, adware or some other unwanted
software.
Go back >
66. While you are working in a software development company you
notice that when multiple threads access the same variable, the
application does not handle them in the right manner. You believe
that if this vulnerability is discovered by an attacker, it could be
used to crash the server. Which of the following best describes the
issue have you just discovered?
A.
B.
C.
D.
Race conditions
Error handling
Integer overflow
Request forgeries
A. The correct answer is Race conditions. A race condition occurs
when two or more threads can access shared data and they try to
change it at the same time. Because the thread scheduling
algorithm can swap between threads at any time, you don't know
the order in which the threads will attempt to access the shared
data. Therefore, the result of the change in data is dependent on
the thread scheduling algorithm, i.e. both threads are "racing" to
access/change the data.
Problems often occur when one thread does a "check-thenact" (e.g. "check" if the value is X, then "act" to do something that
depends on the value being X) and another thread does something
to the value in between the "check" and the "act". E.g:
if (x == 5) // The “Check"
{
y = x * 2; // The “Act"
// If another thread changed x in between "if (x == 5)" and "y = x * 2"
above,
// y will not be equal to 10.
}
The point being, y could be 10, or it could be anything, depending
on whether another thread changed x in between the check and
act. You have no real way of knowing.
In order to prevent race conditions from occurring, you would
typically put a lock around the shared data to ensure only one
thread can access the data at a time. This would mean something
like this:
// Obtain lock for x
if (x == 5)
{
y = x * 2; // Now, nothing can change x until the lock is released.
// Therefore y = 10
}
// release lock for x
Go back >
67. The users on Guarantee Bank’s network have complained that
they have been receiving a link to download an application. The
bank has called you because they believe the link is being sent by
an attacker. When you check, you realize that the application has a
hacked license code program and it has a file which allows the
attacker access to all the computers that install the application.
What kind of attack have you been called in to stop?
A.
B.
C.
D.
Spyware
Cryptomalware
Ransomware
Trojan horse
D. The correct answer is Trojan horse. A Trojan horse is a type of
malware that downloads onto a computer disguised as a legitimate
program. A Trojan horse is so-called due to its delivery method,
which typically sees an attacker use social engineering to hide
malicious code within legitimate software.
Go back >
68. During a penetration test for a company network, you scan for
all the systems on the network and discover one particular system
on that network which has the same accounts and user type with
the system you’re working from; if you access the discovered
system using the fact that you are already have a valid account on
one system, what would we call this?
A.
B.
C.
D.
Known environment
Rules of engagement
Lateral movement
Persistence
C. The correct answer is Lateral movement. Lateral movement
refers to the techniques that a cyberattacker uses, after gaining
initial access, to move deeper into a network in search of sensitive
data and other high-value assets. After entering the network, the
attacker maintains ongoing access by moving through the
compromised environment and obtaining increased privileges using
various tools.
After gaining initial access to an endpoint, such as through
a phishing attack or malware infection, the attacker impersonates a
legitimate user and moves through multiple systems in the
network until the end goal is reached. Attaining that objective
involves gathering information about multiple systems and
accounts, obtaining credentials, escalating privileges and ultimately
gaining access to the identified payload.
Go back >
69. After scanning a Windows server, you realize that the IIS
version which is on the server had been flagged some months ago
as being vulnerable to attacks. You also see that there are no
missing patches. Which of the following best describes this?
A.
B.
C.
D.
False positive
Windows server error
ISS error
False negative
A. The correct answer is False positive. A false positive is an error
in binary classification in which a test result incorrectly indicates the
presence of a condition such as an attack when the attack is not
present.
Go back >
70. What social engineering principle is involved in a case where
malicious actors create some illegitimate software and plant fake
reviews to make the software look trustworthy?
A.
B.
C.
D.
Consensus
Scarcity
Familiarity
Intimidation
A. The correct answer is Consensus. Consensus, sometimes is a
social engineering principle that exploits the fact that people readily
trust other groups of people who have verified a product.
Go back >
71. A malicious program that is triggered when a logical condition is
met, such as after a number of transactions have been processed
or on a specific date is called?
A.
B.
C.
D.
Backdoor
Rootkit
Keyloggers
Logic bomb
D. The correct answer is Logic bomb. A logic bomb is a malicious
piece of code that’s secretly inserted into a computer network,
operating system, or software application. It lies dormant until a
specific condition occurs. When this condition is met, the logic
bomb is triggered — devastating a system by corrupting data,
deleting files, or clearing hard drives.
Go back >
72. What do we call a social engineering tactic where the attacker
engages his victims in conversations in order to get valuable
information from them?
A.
B.
C.
D.
Eliciting information
Whaling information
Tailgating information
Pharming information
A. The correct answer is Eliciting information. Elicitation is a
technique used to discreetly gather information. That is to say,
elicitation is the strategic use of casual conversation to extract
information from people (targets) without giving them the feeling
that they are being interrogated or pressed for the information.
Go back >
73. Which of these categories do FTP and Telnet fall into?
A.
B.
C.
D.
Transfer protocols
File protocols
Secure protocols
Unsecure protocols
D. The correct answer is Unsecure protocols. FTP (File Transfer
Protocol) and TELNET were designed for networks of the 1960s,
1970s and 1980s. During those periods, the computer networks
were considered safe. FTP is considered an insecure protocol
because it transfers user authentication data (username and
password) and file data as plain-text (not encrypted) over the
network. Because of this, FTP (File Transfer Protocol) is vulnerable
to password sniffing, data spoofing, and other network attacks.
Go back >
74. What testing techniques would you use to determine the range
of the wireless network in your company so you can know where it
can be accessed?
A.
B.
C.
D.
War driving
Footprinting
Cleanup
Bug bounty
A. The correct answer is War driving. Wardriving is the practice of
physically searching for unsecured wireless networks or networks
that can easily be compromised.
Go back >
75. Your colleagues at work have been complaining of some
strange behavior on their machines. All of them claim to have
received and opened an email some days ago, and the email
contained a spreadsheet they had presumed to be from accounting.
What is likely to be the issue?
A.
B.
C.
D.
Fileless virus
Macro virus
Spyware
Remote access Trojan
B. The correct answer is Macro virus. Macro viruses work by
embedding malicious code in the macros that are associated with
documents, spreadsheets and other data files, causing the
malicious programs to run as soon as the documents are opened.
Typically, macro malware is transmitted through phishing emails
containing malicious attachments. The macro virus spreads quickly
as users share infected documents.
Go back >
76. A vulnerability scan in which you are provided with logins for
different systems like the application, database and web server can
be described as?
A.
B.
C.
D.
Credentialed scan
Application scan
Web application scan
Network scan
A. The correct answer is Credentialed scan. Credentialed scans
are scans in which the scanning computer has an account on the
computer being scanned that allows the scanner to do a more
thorough check looking for problems that can not be seen from the
network.
Go back >
77. What is the function of the following code and in what
programming language is it written?
import socket as socket
for p in range (1,1024):
try:
sockets=socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
sockets.connect((‘127.0.0.1, p))
print ‘%d: IS OPEN' % (p)
sockets.close
except: continue
A.
B.
C.
D.
Programming language: Python,
Function: port scanning
Programming language: PHP,
Function: port scanning
Programming language: Perl,
Function: port scanning
Programming language: Javascript,
Function: port scanning
A. The correct answer is Programming language: Python Function: port scanning.
Go to solution >
78. One tool that is often used in DDos attacks is?
A.
B.
C.
D.
Ransomware
Botnet
Cryptomalware
Keylogger
B. The correct answer is Botnet. Botnets can be designed to
accomplish illegal or malicious tasks including sending spam,
stealing data, ransomware, fraudulently clicking on ads or
distributed denial-of-service (DDoS) attacks.
Go back >
79. Dan works for the Economic and Financial Crimes Corporation.
He realized that a member in the corporation installed a remote
access Trojan on the corporation’s database server in order to
access top-level files remotely. What sort of threat Dan has just
discovered?
A.
B.
C.
D.
Insider threat
State actors
Script kiddies
Shadow IT
A. The correct answer is Insider threat. An insider threat is defined
as the threat that an employee or a contractor will use his or her
authorized access, wittingly or unwittingly, to do harm to the
security of a company.
Go back >
80. A case where agents of one country post to a widely used social
media like Twitter in order to influence the election campaigns in
another country; what kind of effort can this be classified as?
A.
B.
C.
D.
Reconnaissance
Spear phishing
Prepending
Influence campaigns
D. The correct answer is Influence campaigns. Social media
influence campaigns exploit social media users using bots and
other social media users who would promote the ideas and beliefs
that align with the aim of the campaigner. It is Impersonation, and
impersonation is classified as a social engineering attack where the
attacker uses the identity of others to attack.
Go back >
81. An attacker breaches the Wi-Fi and accesses the wireless
access point (WAP) admin console of the National Bank by using
the login details that ship with the WAP. What caused this sort of
vulnerability?
A.
B.
C.
D.
Default settings
Non-updated software
WAP misconfiguration
Lack of documentation
A. The correct answer is Default settings. Using default settings
makes systems vulnerable to scanners and tools that attackers
use: these tools often have a way of getting to the default settings
Go back >
82. A technique that is used for running code within the address
space of another process by forcing it to load a dynamic-link library
is known as?
A.
B.
C.
D.
LDAP injection
DLL injection
DDL injection
SQL injection
B. The correct answer is DLL injection. DLL injection is a technique
used for running code within the address space of another process
by forcing it to load a dynamic-link library DLL injection is often
used by external programs to influence the behavior of another
program in a way its authors did not anticipate or intend.
Go back >
83. Which of the following threat actors is a government sponsored
group that forcefully targets and gains illicit access to the networks
of other governments to steal information?
A.
B.
C.
D.
State actor
Insider threats
Hacktivists
Script kiddies
A. The correct answer is State actor. A state-actor (nation-state
threat actor) is a government sponsored group that forcefully
targets and gains illicit access to the networks of other
governments or to industry groups to steal, damage, and/or change
information. They often have more resources and access and this
makes them able to perpetuate advanced persistent threats.
Go back >
84. The development of Wells Fargo bank’s mobile banking
application was outsourced to a software development firm. The
security administrator of the Wells Fargo mobile app realized the
programmers who developed the application intentionally left a way
to log in and bypass the necessary authentication on the app. How
would you describe this?
A.
B.
C.
D.
Spraying
Backdoor
Cryptomalware
Spyware
B. The correct answer is Backdoor. A backdoor refers to any
method by which authorized and unauthorized users are able to get
around normal security measures and gain high level user access
(aka root access) on a computer system, network, or software
application.
Go back >
85. What type of actor is an attacker who uses sophisticated
techniques to breach an organization’s web server and then, on the
company’s website, the attacker leaves messages that announce a
change in the organization’s policies?
A.
B.
C.
D.
Hacktivists
Insider threats
Script kiddies
State actors
A. The correct answer is Hacktivists. Hacktivists are groups of
criminals who unite to carry out cyber attacks in support of political
causes. Hacktivists typically target entire industries but sometimes
attack specific organizations who they feel don’t align with their
political views or practices.
Go back >
86. An attacker has gained root privileges on Heritage Bank’s web
server by exploiting the vulnerability present in a web application
that is being used by the bank. What type of attack is this?
A.
B.
C.
D.
Privilege escalation
Request forgery
Application programming interface (API) attack
Directory traversal
A. The correct answer is Privilege escalation. Privilege escalation
happens when a malicious user exploits a bug, design flaw, or
configuration error in an application or operating system to gain
elevated access to resources that should normally be unavailable
to them.
The attacker can use the newly obtained privileges to steal
confidential data, run administrative commands or deploy malware
– and potentially do serious damage to your operating system,
server applications, organization, and reputation.
Go back >
87. An attacker fakes people into connecting to his WAP by using a
second WAP which broadcasts the exact same SSID that a trusted
access point broadcasts. What type of attack is it?
A.
B.
C.
D.
Jamming
Disassociation
Evil twin
Bluesnarfing
C. The correct answer is Evil twin. An evil twin attack is a hack
attack in which a hacker sets up a fake Wi-Fi network that looks like
a legitimate access point to steal victims’ sensitive details.
Go back >
88. A good way to describe a zero-day vulnerability is?
A. A vulnerability which discovered by attackers before the
vendor has become aware of it
B. A vulnerability which discovered by attackers after the vendor
has become aware of it
C. A vulnerability which discovered by attackers the same day
the vendor has become aware of it
D. None of the above
A. The correct answer is A vulnerability which discovered by
attackers before the vendor has become aware of it. A zero-day
vulnerability is a software vulnerability discovered by attackers
before the vendor has become aware of it. Because the vendors
are unaware, no patch exists for zero-day vulnerabilities, making
attacks likely to succeed.
Go back >
89. How would you describe an attack in which the attacker tries to
play on the victim’s psychology by using words like “Secure”,
“Trusted”, “Safe” in the mail he sends?
A.
B.
C.
D.
Prepending
Impersonation
Typosquatting
Reconnaissance
A. The correct answer is Prepending. Prepending is when social
engineers insert some expressions into a conversation to get
targets to think about things the attacker wants them to.
Go back >
90. You are in charge of networks at the State Tax Corporation. You
realize that some entries in your network’s domain name server
have been modified; you realized this because each time you are
trying to access the network, you are directed to an IP address that
may be dangerous. How would you describe this?
A.
B.
C.
D.
Domain hijacking
DNS poisoning
Domain reputation
Disassociation
B. The correct answer is DNS poisoning. DNS cache poisoning is
the act of entering false information into a DNS cache, so that DNS
queries return an incorrect response and users are directed to the
wrong websites.
DNS cache poisoning is also known as 'DNS spoofing.' IP
addresses are the 'room numbers' of the Internet, enabling web
traffic to arrive in the right places. DNS resolver caches are the
'campus directory,' and when they store faulty information, traffic
goes to the wrong places until the cached information is corrected
Go back >
91. What category of malicious software does spyware fall into?
A.
B.
C.
D.
PUP
Cryptomalware
Logic bombs
Skimming
A. The correct answer is PUP. PUP (Potentially Unwanted
Program) is an application that is installed along with the desired
application the user actually asked for. Also called a "barnacle," in
most cases, the PUP is spyware, adware or some other unwanted
software.
Go back >
92. You work for a telecommunications company; a customer-care
representative reports to you that customers have been
complaining that whenever they install your company’s app, they
find something else attached. After checking, you realize some
malware has been secretly attached to your company’s app. How
would you describe this?
A.
B.
C.
D.
DNS poisoning
Cryptomalware
Logic bombs
Trojan horse
D. The correct answer is Trojan horse. A Trojan horse is a type of
malware that downloads onto a computer disguised as a legitimate
program. A Trojan horse is so-called due to its delivery method,
which typically sees an attacker use social engineering to hide
malicious code within legitimate software.
Go back >
93. You have noticed that the email server doesn’t work. Your
manager said that someone from the company changed the DNS
records (MX) of the email server. Which of the following commands
will you type to find the new MX records on the server?
A.
B.
C.
D.
tracert
ipconfig
ping
nslookup
D. The correct answer is nslookup. The command nslookup is used
to perform DNS queries and receive: domain names, IP addresses,
an DNS Records such as A records, MX records or any other DNS
Record. The command that finds the MX records from your email
server is: $ nslookup -query=mx yourdomain.com
Go back >
94. You scan a web server that hosts two web applications. You
believe that the server is fully patched and not vulnerable to
exploits. Later, you discover that the Nginx version on the server is
reported as vulnerable to an exploit. When you check to see if you
are missing patches, Nginx is fully patched. What has occurred?
A.
B.
C.
D.
A false negative
A false positive
Non-credentialed scans
Credentialed scans
B. The correct answer is A false positive. A false positive state is
when the IDS identifies an activity as an attack but the activity is
acceptable behavior. A false positive is a false alarm.
Go back >
95. Which of the following options allows your application to interact
with an external service using a simple set of commands rather
than having to create complex processes yourself?
A.
B.
C.
D.
Thin Client
API
Microservice
Containers
B. The correct answer is API. An API, or Application Programming
Interface, allows your application to interact with an external service
using a simple set of commands. Rather than having to create
complex processes yourself, you can use APIs to access the
underlying services of another application which can save you time
and resources.
Many applications that you use every day rely on APIs in some
capacity to function, since there are APIs for almost every category
imaginable.
Go back >
96. You are trying to determine where your home office’s wireless
network can be accessed from. Which of the following technique
will you perform?
A.
B.
C.
D.
Footprinting
War driving
Open Source Intelligence
Cleanup
B. The correct answer is War driving. War driving also called
access point mapping, is the act of locating and possibly exploiting
connections to wireless local area networks while driving around a
city or elsewhere. To do war driving, you need a vehicle, a
computer (which can be a laptop), a wireless Ethernet card set to
work in promiscuous mode, and some kind of an antenna that can
be mounted on top of or positioned inside the car.
Go back >
97. Which of the following types of disaster recovery sites doesn’t
have any pre-installed equipment and it takes a lot of time to
properly set it up so as to fully resume business operations?
A.
B.
C.
D.
Cold site
Hot site
Warm Site
Normal site
A. The correct answer is Cold site. A cold site is a backup facility
with little or no hardware equipment installed. A cold site is
essentially an office space with basic utilities such as power,
cooling system, air conditioning, and communication equipment.
A cold site is the most cost-effective option among the three
disaster recovery sites. However, due to the fact that a cold site
doesn’t have any pre-installed equipment, it takes a lot of time to
properly set it up so as to fully resume business operations.
Go back >
98. Which of the following disaster recovery sites allows a company
to continue normal business operations within a brief period of time
after a disaster?
A.
B.
Cold site
Hot site
C.
D.
Warm Site
Normal site
B. The correct answer is Hot site. A Hot Site can be defined as a
backup site, which is up and running continuously. A Hot Site allows
a company to continue normal business operations, within a very
short period of time after a disaster. Hot Site must be online and
must be available immediately.
The hot site must be equipped with all the necessary hardware,
software, network, and Internet connectivity. Data is regularly
backed up or replicated to the hot site so that it can be made fully
operational in a minimal amount of time in the event of a disaster at
the original site.
Go back >
99. The type of hackers that violates computer security systems
without permission, stealing the data inside for their own personal
gain or vandalizing the system is commonly known as?
A.
B.
C.
D.
Red-Hat hackers
Gray-Hat hackers
White-Hat hackers
Black-Hat hackers
D. The correct answer is Black-Hat hackers. Black-Hat hackers
violate computer security for personal gain without permission
(such as stealing credit card numbers or harvesting personal data
for sale to identity thieves) or for pure maliciousness (such as
creating a botnet and using that botnet to perform DDoS attacks
against websites they don’t like.)
Go back >
100. The network administrator from your company notices that the
network performance has been degraded due to a broadcast storm.
Which of the following techniques will you recommend to the
network administrator in order to reduce broadcast storms?
(Choose all that apply)
A.
B.
C.
D.
E.
Split up your broadcast domain
Check for loops in switches
Check how often ARP tables are emptied
Split up your collision domain
Check the routing tables
A, B, C. The correct answers are Split up your broadcast domain,
Check for loops in switches, Check how often ARP tables are
emptied. A broadcast storm is an abnormally high number of
broadcast packets within a short period of time. A broadcast storm
can overwhelm switches and endpoints as they struggle to keep up
with processing the flood of packets. When this happens, network
performance degrades.
How to reduce broadcast storms:
Storm control and equivalent protocols allow you to rate-limit
broadcast packets. If your switch has such a mechanism, turn it on.
Ensure IP-directed broadcasts are disabled on your Layer 3
devices. There’s little to no reason why you’d want broadcast
packets coming in from the internet going to a private address
space. If a storm is originating from the WAN, disabling IP-directed
broadcasts will shut it down.
Split up your broadcast domain. Creating a new VLAN and
migrating hosts into it will load balance the broadcast traffic to a
more acceptable level. Broadcast traffic is necessary and useful,
but too much of it eventually leads to a poor network experience.
Check how often ARP tables are emptied. The more frequently
they’re emptied, the more often ARP broadcast requests occur.
Sometimes, when switches have a hardware failure, their
switchports begin to spew out broadcast traffic onto the network. If
you have a spare switch of the same or similar model, clone the
config of the active switch onto the spare and swap the hardware
and cables during a maintenance window. Does the storm subside?
If it does, it was a hardware issue. If not, then you’ve gotta keep
digging.
Check for loops in switches. Say there was an unmanaged Layer
2 switch connected upstream to an unmanaged switch, and
someone’s connected a cable between two ports on the same
unmanaged switch (let’s say ports 1 and 2). The unmanaged switch
will respond to all broadcasts multiple times and flood the broadcast
domain with packets, causing a denial of service attack on the
network.
Go back >
Chapter 2
Practice Exam Questions Solutions 101-200
101. You download a legitimate and highly recommended
application and realize that an attacker is gaining remote access to
your data through the application. How would you describe this?
A.
B.
C.
D.
RAT
Backdoor
Trojan horse
Macro virus
A. The correct answer is RAT. A Remote Access Trojan (RAT) is a
tool used by malware developers to gain full access and remote
control on a user’s system, including mouse and keyboard control,
file access, and network resource.
Instead of destroying files or stealing data, a RAT gives attackers
full control of a desktop or mobile device so that they can silently
browse applications and files and bypass common security such as
firewalls, intrusion detection systems, and authentication controls.
Go back >
102. The attack that precedes card cloning attacks is known as?
A.
B.
C.
D.
A brute-force attack
A skimming attack
A rainbow table attack
A birthday attack
B. The correct answer is A skimming attack. Skimming is an illegal
practice used by identity thieves to capture credit card information
from a cardholder surreptitiously. Fraudsters often use a device
called a skimmer that can be installed at gas pumps or ATM
machines to collect card data. Some machines act like point-of-sale
technology.
Go back >
103. An attacker wants to attack a new social media platform
gaining popularity. He wants to exploit the trust the social media
has for the users. What kind of attack is he trying to perpetrate?
A.
B.
C.
D.
Application programming interface (API) attacks
Resource exhaustion
Secure Sockets Layer stripping
Cross-site Request Forgery
D. The correct answer is Cross-site Request Forgery. Cross-site
request forgery, also known as one-click attack or session riding
and abbreviated as CSRF or XSRF, is a type of malicious exploit of
a website where unauthorized commands are submitted from a
user that the web application trusts.
Go back >
104. A web application that generates memory leaks when
subjected to some certain conditions is vulnerable to what type of
attack?
A.
B.
C.
D.
Dnsenum
Denial-Of-Service
DNS poisoning
Disassociation
B. The correct answer is Denial-Of-Service. A Denial-of-Service
(DoS) attack is an attack meant to shut down a machine or
network, making it inaccessible to its intended users. DoS attacks
accomplish this by flooding the target with traffic, or sending it
information that triggers a crash. If an attacker can make the web
application generate a memory leak, the application will eventually
consume all memory on the web server and the web server will
crash.
Go back >
105. You have been working on creating an educational app for
almost 2 years. Now the app is ready to be downloaded, but rival
developers have been using a DDos attack on your app by sending
traffic to the server where your app runs. What sort of DDoS attack
is this?
A.
B.
C.
D.
Application DDoS
Edu DDoS
Server DDoS
Developer DDoS
A. The correct answer is Application DDoS. Application DDoS
attacks are designed to attack the application itself, focusing on
specific vulnerabilities or issues, resulting in the application not
being able to deliver content to the user.
Go back >
106. What do you call a team that gathers techniques from both
attackers and defenders to safeguard a company from attacks?
A.
B.
C.
D.
A red team
A blue team
A white team
A purple team
D. The correct answer is A purple team. Purple teaming is a
cybersecurity testing exercise in which a team of experts take on
the role of both red team and blue team, with the intention of
providing a stronger, deeper assurance activity that delivers more
tailored, realistic assurance to the organization being tested.
Go back >
107. The managing director of ACME groups has just called you to
complain that he could not access his files after he saw a message
alert telling him he would be unable to access his files unless he
pays a particular amount of bitcoin. What type of malware is this?
A.
B.
Ransomware
Trojan
C.
D.
Worms
Logic bombs
A. The correct answer is Ransomware. Ransomware is a form of
malware that encrypts a victim's files. The attacker then demands a
ransom from the victim to restore access to the data upon payment.
Users are shown instructions for how to pay a fee to get the
decryption key.
Go back >
108. Your company outsourced the development of a multithreaded
software to a local programming firm; during the testing phase the
developers realize that the software is not properly handling things
when various threads try to access the same value; one of the
threads changes the data while another of the threads relies on the
data. How would you describe this problem?
A.
B.
C.
D.
Time of check/Time of use
Time of error/Time of use
Time of check/Time of error
Time of error/Time of error
A. The correct answer is Time of check/Time of use. Time-of-check
to time-of-use is a class of software bugs caused by a race
condition involving the checking of the state of a part of a system
(such as a security credential) and the use of the results of that
check.
Go back >
109. All systems that use the Windows operating system in your
company have been infected by a fileless virus; the virus is not
being carried in any file. You need to conduct an investigation to
have a vivid understanding of how the infection is happening.
Which of these ways would you use?
A.
B.
C.
D.
Bash
PowerShell
Macros
VBA
B. The correct answer is PowerShell. PowerShell is a modern
command shell that includes the best features of other popular
shells. Unlike most shells that only accept and return text,
PowerShell accepts and returns .NET objects. The shell includes
the following features:
Robust command-line history
Tab completion and command prediction
Supports command and parameter aliases
Pipeline for chaining commands
In-console help system, similar to Unix man pages
Go back >
110. The security man in Peak company is called Adams. Workers
of Peak enter the company by inserting smartcards into the door;
what way would an attacker likely use to pass through the door?
A.
B.
C.
D.
Shoulder surfing
Dumpster diving
Pharming
Tailgating
D. The correct answer is Tailgating. A tailgating attack, also referred
to as “piggybacking,” involves attackers seeking entry to a
restricted area without proper authentication. In it, the perpetrators
can simply follow an authorized person into a restricted location.
They can impersonate delivery men carrying tons of packages,
waiting for an employee to open the door. They can ask the
unknowing target to hold the door, bypassing security measures
like electronic access control.
Go back >
111. A user who is not observant of his physical surrounding can be
vulnerable to?
A.
B.
C.
D.
Shoulder surfing
Dumpster diving
Pharming
Tailgating
A. The correct answer is Shoulder surfing. Shoulder surfing is the
practice of spying on the user of a cash-dispensing machine or
other electronic devices in order to obtain their personal
identification number, password, etc.
Go back >
112. How would you BEST describe social engineering?
A.
The use of software to trick users into giving away sensitive
information
B.
The use of psychological manipulation to trick users into
giving away sensitive information
C.
The use of email to trick users into giving away sensitive
information
D.
The use of branding to trick users into giving away sensitive
information
B. The correct answer is The use of psychological manipulation to
trick users into giving away sensitive information. Social
engineering is the term used for a broad range of malicious
activities accomplished through human interactions. It uses
psychological manipulation to trick users into making security
mistakes or giving away sensitive information.
Go back >
113. A penetration test in which so much detail is given to you about
the target network is known as?
A.
B.
C.
D.
Target environment
Known environment
Detailed environment
Network environment
B. The correct answer is Known environment. Known environment
or White Box Testing is software testing technique in which internal
structure, design and coding of software are tested to verify flow of
input-output and to improve design, usability and security. In white
box testing, code is visible to testers so it is also called Clear box
testing. In a known environment, the tester is given extensive
knowledge of the target network.
Go back >
114. In which of the following attacks, an attacker sends falsified
ARP (Address Resolution Protocol) messages over a local area
network?
A.
B.
C.
D.
ARP poisoning
MAC cloning
DNS poisoning
DNS cloning
A. The correct answer is ARP poisoning. ARP spoofing is a type of
attack in which a malicious actor sends falsified ARP (Address
Resolution Protocol) messages over a local area network. This
results in the linking of an attacker’s MAC address with the IP
address of a legitimate computer or server on the network. Once
the attacker’s MAC address is connected to an authentic IP
address, the attacker will begin receiving any data that is intended
for that IP address. ARP spoofing can enable malicious parties to
intercept, modify or even stop data in-transit. ARP spoofing attacks
can only occur on local area networks that utilize the Address
Resolution Protocol.
Go back >
115. If a Windows 10 workstation becomes vulnerable to many
different attacks, what should be identified as the main cause?
A.
B.
C.
D.
The workstation is a part of a DDoS attack
Malicious browser
Many chrome extensions
Weak patch management
D. The correct answer is Weak patch management. Since its a
current OS (Windows 10) the most reasonable explanation is that
there was no patching process or that something went wrong with
the patching process.
Go back >
116. A caller tries to trick you by claiming to be in charge of
technical security in GT bank, where you work. He claims there is a
virus that is spreading on GT bank systems and he needs you to
grant him access to your computer so he can prevent it from being
affected by the virus. What social engineering principle is this caller
using?
A.
B.
C.
D.
Urgency and authority
Urgency and trust
Urgency and scarcity
Urgency and familiarity
A. The correct answer is Urgency and authority. The attacker
presented the case as needing quick intervention (urgency) and
presented himself as a technical security personnel (authority).
Go back >
117. A malware infection in your company results in a data breach.
Your coworker reports that she had seen two keyboards plugged
into a system by the receptionist’s desk. What would you focus on
finding in this investigation?
A.
B.
C.
D.
Card cloning
Malicious USB cable
Skimming
Malicious flash drive
B. The correct answer is Malicious USB cable. A malicious USB
cable is a type of cable that can receive commands from a nearby
smartphone and then execute them over the PC it's been plugged
into.
Go back >
118. Your company manager wants you to use some Software-asa-Service tools to get lists of dangerous IP addresses and domains.
What kind of feed does your manager want you to look for?
A.
B.
C.
D.
Software feeds
Dangerous feeds
Vulnerability feeds
Threat feeds
D. The correct answer is Threat feeds. Threat intelligence is
gathered to help organizations understand emerging threats in the
cybersecurity landscape, including zero-day threats, advanced
persistent threats and exploits. Threat actors may also include
internal and partner threats, but the emphasis is on outside sources
that might cause the most damage to a particular organization's
environment.
Go back >
119. You work for the ECC (Economic Crimes Commission). In the
ECC, the file containing data of criminals can only be accessed by
administrative officers; but recently some malware has infiltrated
the company workstation and access to the workstation has been
granted to an attacker. What kind of malware could it be?
A.
B.
C.
D.
Rootkit
Spyware
Cryptomalware
Backdoor
A. The correct answer is Rootkit. Rootkits are a type of malware
designed to stay undetected on your computer. Cybercriminals use
rootkits to remotely access and control your machine, burrowing
deep into the system like a latched-on tick.
Go back >
120. What is the function of the following code?
echo "ssh-rsa JhhhChdsBBasd/ghjfbvmcierhcsu42
root@localhost">> /root/.ssh/authorized_keys
A.
B.
C.
D.
Adds an authorized SSH key
Adds an unauthorized SSH key
Removes an authorized SSH key
Removes an unauthorized SSH key
A. The correct answer is Adds an authorized SSH key.
Go back >
121. You have just created a website to promote your new book;
you discover an attack on some of the intended buyers who visit
your website. The attack exploits the visitors’ cookies and URL
parameters and makes them pull off some unwanted actions.
A.
B.
C.
D.
Cross-site request forgery
Secure Sockets Layer (SSL) stripping
Buffer overflows
Application programming interface (API) attacks
A. The correct answer is Cross-site request forgery. Cross-Site
Request Forgery (CSRF) is an attack that forces an end user to
execute unwanted actions on a web application in which they’re
currently authenticated. With a little help of social engineering (such
as sending a link via email or chat), an attacker may trick the users
of a web application into executing actions of the attacker’s
choosing.
If the victim is a normal user, a successful CSRF attack can force
the user to perform state changing requests like transferring funds,
changing their email address, and so forth. If the victim is an
administrative account, CSRF can compromise the entire web
application.
Go back >
122. What type of flaw in a software could allow a user to input a
64-bit value into a 4-byte integer variable?
A.
B.
C.
D.
Input overflow
Memory overflow
Integer overflow
Bit overflow
C. The correct answer is Integer overflow. Integer overflow, also
known as wraparound, occurs when an arithmetic operation outputs
a numeric value that falls outside allocated memory space or
overflows the range of the given value of the integer. Mostly in all
programming languages, integers values are allocated limited bits
of storage.
For example, we have a 16-bit integer value which may store an
unsigned integer ranging from 0 to 65535, or signed integer ranging
from -32768 to 32767. So, during an arithmetic operation, if the
results require more than the allocated space (like 65535+1), the
compiler may:
- completely ignore the error caused, or
- abort the program.
Go back >
123. Which type of attack is used to intercept and manipulate calls
between the main application’s executable (ex: the browser) and its
security mechanisms or libraries on-the-fly?
A.
B.
C.
D.
Man in the browser
Session replays
SQL Injection
Cross-site Scripting
A. The correct answer is Man in the browser. The Man-in-theBrowser attack is the same approach as Man-in-the-middle attack,
but in this case is used to intercept and manipulate calls between
the main application’s executable (ex: the browser) and its security
mechanisms or libraries on-the-fly. The most common objective of
this attack is to cause financial fraud by manipulating transactions
of Internet Banking systems, even when other authentication
factors are in use.
Go back >
124. The technical administrator in PHB bank has detected an
attack in which the attacker’s system is being presented as the
server to the bank staff, and the attacker is being presented to the
server as the bank staff. What kind of attack is this?
A.
B.
C.
D.
On-path attack
DDoS attack
Evil twin
DNS poisoning
A. The correct answer is On-path attack. On-path attackers place
themselves between two devices (often a web browser and a web
server) and intercept or modify communications between the two.
The attackers can then collect information as well as impersonate
either of the two agents.
Go back >
125. A penetration test in which you are given general information
but no specific details about the network, is known as?
A.
B.
C.
D.
Partially known environment
Known environment
Half known environment
Unknown environment
A. The correct answer is Partially known environment. A partially
known environment or gray box testing is a software testing
technique to test a software product or application with partial
knowledge of internal structure of the application. The purpose of
grey box testing is to search and identify the defects due to
improper code structure or improper use of applications.
Go back >
126. A testing method that identifies computing system
vulnerabilities in a network by using an automated process is?
A.
B.
C.
D.
Penetration testing
Threat hunting
Vulnerability scanning
Bug bounty
C. The correct answer is Vulnerability scanning. Vulnerability
scanning is an automated process of proactively identifying
network, application, and security vulnerabilities.
Go back >
127. While cleaning up after a penetration test, which of these are
you unlikely to do?
A.
B.
C.
D.
Restoring the rootkits to their default settings
Removing the user accounts created during the test
Removing all the scripts from the systems
Restoring the user account created before the test
A. The correct answer is Restoring the rootkits to their default
settings. Rootkits should not be on the system when pen testing
starts, and all rootskits installed during testing should be removed
fully.
Go back >
128. Which of these attacks can a company prevent by ensuring
that all documents are torn to pieces before being disposed of?
A.
B.
Typosquatting
Tailgating
C.
D.
Pharming
Dumpster diving
D. The correct answer is Dumpster diving. Dumpster diving is
looking for treasure in someone else's trash. In the world of
information technology (IT), dumpster diving is a technique used to
retrieve information that could be used to carry out an attack or gain
access to a computer network from disposed items.
Go back >
129. A caller has been constantly calling your company line. When
the receptionist picks the call, the caller asks some questions and
says he is conducting a survey for a non-governmental
organization. From the questions he asks, you suspect he is trying
to steal information about your company. How would you describe
this experience?
A.
B.
C.
D.
Smishing
Vishing
Whaling
Prepending
B. The correct answer is Vishing. Vishing is the fraudulent practice
of making phone calls or leaving voice messages purporting to be
from reputable companies in order to induce individuals to reveal
personal information, such as bank details and credit card
numbers.
Go back >
130. You suspect an attempted phishing attack in a text message
your wife receives, how would you describe such an attack that
happens via text messages?
A.
B.
C.
D.
Smishing
Vishing
Whaling
Prepending
A. The correct answer is Smishing. Smishing is the fraudulent
practice of sending text messages purporting to be from reputable
companies in order to induce individuals to reveal personal
information, such as passwords or credit card numbers.
Go back >
131. After a vulnerability scan, if a company’s wireless router is
confirmed to be vulnerable in its web server, what problem should
the company address?
A.
B.
C.
D.
Weak encryption protocol
Default credentials
Default WPA settings
Firmware patch management
D. The correct answer is Firmware patch management. Patching
provides a mechanism to regularly update features and protect
software with current enhancements and bug fixes, and software
updates for consumer-grade wireless routers are normally executed
as firmware updates.
Go back >
132. Why is it considered a major security problem when memory
leak occurs?
A.
B.
C.
D.
Memory leak freezes systems for 5 minutes
Memory leak causes crashes
Memory leak sends data to remote servers
Memory leak exposes data
B. The correct answer is Memory leak causes crashes. Memory
leaks result in crashes and this in turn culminates in an outage.
Go back >
133. In which kind of attack does the attacker keep trying to gain
access to a web server by trying a long list of possible passwords?
A.
B.
C.
D.
Dictionary attack
Spraying attack
Typosquatting attack
Pretexting attack
A. The correct answer is Dictionary attack. A dictionary attack is a
method of breaking into a password-protected computer, network or
other IT resource by systematically entering every word in a
dictionary as a password. A dictionary attack can also be used in an
attempt to find the key necessary to decrypt an encrypted message
or document.
Go back >
134. Which of the following attacks is a card reader that can be
disguised to look like part of an ATM?
A.
B.
C.
D.
Backdoor
Rootkit
Card cloning
Skimming
D. The correct answer is Skimming. Skimming is an illegal practice
used by identity thieves to capture credit card information from a
cardholder surreptitiously. Fraudsters often use a device called a
skimmer that can be installed at gas pumps or ATM machines to
collect card data. Some machines act like point-of-sale technology.
Go back >
135. One major difference between active reconnaissance and
passive reconnaissance is?
A.
Passive reconnaissance is an attempt to gain information
about computers without actively engaging with the systems while
active reconnaissance is an attempt to gain information about
computers typically by conducting a port scan to find any open
ports
B.
Active reconnaissance is an attempt to gain information about
computers without actively engaging with the systems while
passive reconnaissance is an attempt to gain information about
computers typically by conducting a port scan to find any open
ports
C.
Passive reconnaissance is an attempt to gain information
about computers without any tools while active reconnaissance is
an attempt to gain information about computers typically by
conducting a port scan to find any open ports
D.
Passive reconnaissance is an attempt to gain information
about computers without actively engaging with the systems while
active reconnaissance is an attempt to gain information about
computers typically without any tools
A. The correct answer is Passive reconnaissance is an attempt to
gain information about computers without actively engaging with
the systems while active reconnaissance is an attempt to gain
information about computers typically by conducting a port scan to
find any open ports.
Go back >
136. The national security commission are trying to gather some
individuals’ data from some public sources. They want to use it for
some intelligence report. How would you describe such data?
A.
B.
C.
D.
OSINT
TAXII
RFC
SOAR
A. The correct answer is OSINT. Open-source intelligence, or
OSINT, is a term used to refer to any information which may be
freely gathered from public sources; generally it refers to
information that can be found on the internet.
Go back >
137. Which of the following attacks is designed to compromise
users within a specific industry or group of users by infecting
websites they typically visit and luring them to a malicious site?
A.
B.
C.
D.
Influence campaigns
Reconnaissance
Watering hole attack
Credential harvesting
C. The correct answer is Watering hole attack. A watering hole
attack is a targeted attack designed to compromise users within a
specific industry or group of users by infecting websites they
typically visit and luring them to a malicious site. The end goal is to
infect the users computer and gain access to the organizations
network.
Go back >
138. A technique which is rarely used in preventing LDAP injection
attacks is?
A.
B.
C.
D.
Minimize the privileges assigned to the LDAP account
Input validation and encoding
LDAP query parameterization
Escape all variables
C. The correct answer is LDAP query parameterization. The LDAP
parameters dialog specifies an LDAP search operation to locate
directory entries and optionally return attributes from those entries.
All the other options are used.
Go back >
139. Which of the following is used for keeping internet activity
anonymous and private, which can be helpful in both legal and
illegal applications?
A.
B.
C.
D.
Anonymous web
Dark web
Bright web
Google web
B. The correct answer is Dark web. The dark web is the hidden
collective of internet sites only accessible by a specialized web
browser. It is used for keeping internet activity anonymous and
private, which can be helpful in both legal and illegal applications.
Go back >
140. A wireless router on one of your client’s network is reporting
default login credentials. What configuration problem could have
occurred?
A.
B.
C.
D.
Unsecured Wi-Fi protocol
Unsecured web browsing
Unsecured SSID password
Unsecured administrator account
D. The correct answer is Unsecured administrator account.
Consumer wireless routers normally give local administrative
access through their default credentials. Generally, they
recommend changing the password, but most installations end up
giving an unsecured administrative account.
Go back >
141. Which of these teams behaves like an attacker to test security
strength?
A.
B.
C.
D.
A red team
A blue team
A white team
A purple team
A. The correct answer is A red team. A red team consists of security
professionals who act as adversaries to overcome cyber security
controls. Red teams often consist of independent ethical hackers
who evaluate system security in an objective manner.
They utilize all the available techniques (discussed below) to find
weaknesses in people, processes, and technology to gain
unauthorized access to assets. As a result of these simulated
attacks, red teams make recommendations and plans on how to
strengthen an organization’s security posture.
Go back >
142. The web log for ACME bank’s website shows this particular
entry: GET http://acmebank.com/post.php?view=../../../config.txt
HTTP/1.1 What sort of attack could be looming?
A.
B.
C.
D.
A Buffer overflow attack
A Cross-site scripting attack
A directory traversal attack
A SQL injection attack
C. The correct answer is A directory traversal attack. Directory
traversal attacks make use of tools that read directories and files;
these tools achieve this by moving through the directory Structure.
In this example, the tools would try to read the config.txt file three
layers above the working directory.
Go back >
143. One major difference between SOAR and SIEM systems is
that…?
A.
SIEM takes things even a step further by combining a
complete data collecting, standardization, case management,
workflow
B.
SIEM acts as the remediation and response engine to those
alert
C.
SOAR aggregates and correlates data from multiple security
systems
D.
SOAR integrates with a wider range of applications
D. The correct answer is SOAR integrates with a wider range of
applications. SIEM and SOAR systems come with threat and
vulnerability management tools and security operations’
automation capabilities. Unlike SIEM though, SOAR services are
designed to integrate with a broader range of both internal and
external applications.
Go back >
144. A penetration test in which the tester is given details about the
OS, applications and network devices a company uses is known
as?
A.
B.
Known environment test
Unknown environment test
C.
D.
OS environment test
Network environment test
A. The correct answer is Known environment test. In a known
environment test (also known as: white-box), the tester is given
sufficient and extensive information, as described in this scenario.
Go back >
145. SSL stripping attack can be categorized as…?
A.
B.
C.
D.
A SQL attack
An on-path attack
A pharming attack
A dictionary attack
B. The correct answer is An on-path attack. SSL stripping attack is
a kind of on-path attack where an attacker intervenes in the
redirection of the HTTP to the secure HTTPS protocol and
intercepts a request from the user to the server. The attacker will
then continue to establish an HTTPS connection between himself
and the server, and an unsecured HTTP connection with the user,
acting as a “bridge” between them.
Go back >
146. You have been invited to the international cybersecurity
summit to present - in a visual way - real statistics and data about
attacks around the world via multiple service providers. Your
company wants you to mention the threat intelligence tool you
would need. What would you tell them?
A.
B.
C.
D.
A code repository
A vulnerability databases
An automated Indicator Sharing
A threat map
D. The correct answer is A threat map. A cyber threat map, also
known as a cyber attack map, is a real-time map of the computer
security attacks that are going on at any given time.
Go back >
147. While in a public park, you discover a bluetooth connection to
your friend’s phone. He tells you he cannot explain where it came
from and that he has noticed that whenever he came to the park,
data from his phone is always stolen. What can explain this
incident?
A.
B.
C.
D.
Bluesnarfing
Bluejacking
Disassociation
Jamming
A. The correct answer is Bluesnarfing. Bluesnarfing is the theft of
information through Bluetooth. Hackers do it by sneaking into
mobile devices—smartphones, laptops, tablets, or personal digital
assistants (PDAs) whose connection has been left open by their
owners. It implies exploiting Bluetooth vulnerabilities in order to
grab such data as text or email messages, contact lists, and more.
Go back >
148. As a penetration tester, you call the help desk manager and
pretend to be the special assistant to the managing director. You
ask her to change your password to a particular new one because
of an urgent meeting you have. What social engineering principle
have you just used?
A.
B.
C.
D.
Urgency
Trust
Authority
Scarcity
A. The correct answer is Urgency. Attacks that capitalize on
urgency are often disguised as an instant message, email, or even
a voicemail or call from a superior law authority or a senior
executive at a corporation. Because people are taught to be
obedient to the instructions of authorities, they are not conditioned
to check the validity of the communication and often comply with
the requests, falling victim to a social engineering attack.
Go back >
149. A threat hunting method where you pretend to be a malicious
attacker in order to discover vulnerabilities that may be hidden is
…?
A.
B.
C.
D.
Threat intelligence
Maneuver
Advisories and bulletins
Threat feeds
B. The correct answer is Maneuver. In CompTIA terms, “maneuver”
is often used in threat hunting as: how to think like a malicious user
to help you identify potential indicators of compromise in your
environment.
Go back >
150. The malicious actor that’s likely to have the least amount of
technical knowledge to initiate an attack is…?
A.
B.
C.
D.
Script kiddies
Insider threats
State actors
Hacktivists
A. The correct answer is Script kiddies. A script kiddie, skiddie, or
skid is a relatively unskilled individual who uses scripts or
programs, such as a web shell, developed by others to attack
computer systems and networks and deface websites, according to
the programming and hacking cultures.
It is generally assumed that most script kiddies are juveniles who
lack the ability to write sophisticated programs or exploits on their
own and that their objective is to try to impress their friends or gain
credit in computer-enthusiast communities.
Go back >
151. An attack in which an SYN flood ties up all open sessions in
order to overwhelm a computer, is known as?
A.
B.
C.
D.
Domain hijacking
Session replays
A DDoS
A resource exhaustion attack
D. The correct answer is A resource exhaustion attack. Resource
exhaustion attacks are computer security exploits that crash, hang,
or otherwise interfere with the targeted program or system. They
are a form of denial-of-service attack but are different from
distributed denial-of-service attacks, which involve overwhelming a
network host such as a web server with requests from many
locations.
Go back >
152. You have been hired to perform penetration testing on the
systems at Leventis cooperation. You decide to call the general
manager’s secretary and ask her if her system has any issues, then
you go on and ask her for the secretary’s details with the claim that
you want to help her fix the problem. What sort of social
engineering attack did you use?
A.
B.
C.
D.
Pretexting
A watering hole attack
Prepending
Shoulder surfing
A. The correct answer is Pretexting. Resource exhaustion attacks
are computer security exploits that crash, hang, or otherwise
interfere with the targeted program or system. They are a form of
denial-of-service attack but are different from distributed denial-ofservice attacks, which involve overwhelming a network host such
as a web server with requests from many locations.
Go back >
153. The National Intelligence Service, NIS, wants to perform a
penetration test; they use airplanes and drones in order to gather
some information for the penetration test. What term describes this
action the NIS has performed to gather information?
A.
B.
C.
D.
Airplane attack
Fly hijacking
Drone attack
War flying
D. The correct answer is War flying. War flying is an activity
consisting of using an airplane and a Wi-Fi-equipped computer,
such as a laptop or a PDA, to detect Wi-Fi wireless networks. War
flying shares similarities to Wardriving and Warwalking in all
aspects except for the method of transport.
Go back >
154. In your company, your colleague runs a network scanner
against a system on the company network and sees that a service
is running on TCP port 23 and also sees that the port is open. What
problem should he address?
A.
B.
C.
D.
Telnet is an insecure protocol
SNMTP is an insecure protocol
SFTP is an insecure protocol
SSH is an insecure protocol
A. The correct answer is Telnet is an insecure protocol. TCP port 23
is naturally linked with Telnet; and Telnet is an unencrypted remote
shell protocol which sends its authentication and other traffic in plain
text; because of this, it should not be used.
Go back >
155. What is the role of the white team in a cybersecurity exercise?
A.
B.
C.
D.
Performing only judging of the exercise
The role of the attacker in the exercise
Performing oversight and judging of the exercise
The role of the defender in the exercise
C. The correct answer is Performing oversight and judging of the
exercise. The White Team acts as the judges, enforces the rules of
the exercise, observes the exercise, scores teams, resolves any
problems that may arise, handles all requests for information or
questions, and ensures that the competition runs fairly and does
not cause operational problems for the defender's mission.
The White Team helps to establish the rules of engagement, the
metrics for assessing results and the procedures for providing
operational security for the engagement. The White Team normally
has responsibility for deriving lessons-learned, conducting the post
engagement assessment, and promulgating results.
Go back >
156. A vendor participates in a program aimed at identifying
vulnerabilities. A woman is able to identify a vulnerability and the
vendor pays her a huge sum of money. What is such payment
called?
A.
B.
C.
D.
Bug bounty
Clean up
Ransom
Pivoting
A. The correct answer is Bug bounty. A bug bounty program is a
deal offered by many websites, organizations and software
developers by which individuals can receive recognition and
compensation for reporting bugs, especially those pertaining to
security exploits and vulnerabilities.
Go back >
157. How would you report it if you find out your colleague has set
the permission on the /etc directory on the company’s Linux system
to 777 using the chmod command?
A.
B.
Open permission
Unsecure root accounts
C.
D.
Weak encryption
Default settings
A. The correct answer is Open permission. Open permissions are
user access over files that should be restricted. A user could be
given, Read, Write, and Execute privileges when she should have
only Read privileges.
Go back >
158. In a penetration test, the process of gathering information such
as: the target organization’s domain name, IP address, employee
details and contact details is known as?
A.
B.
C.
D.
Unknown environment
Known environment
Footprinting
Clean up
C. The correct answer is Footprinting. Footprinting is the technique
used for gathering information about computer systems and the
entities they belong to. To get this information, a hacker might use
various tools and technologies. This information is very useful to a
hacker who is trying to crack a whole system.
Go back >
159. The act of locating and possibly exploiting connections to
wireless local area networks while driving around a city or
elsewhere is known as?
A.
B.
C.
D.
OSINT
War flying
Footprinting
War driving
D. The correct answer is War driving. War driving, also called
access point mapping, is the act of locating and possibly exploiting
connections to wireless local area networks while driving around a
city or elsewhere. To do war driving, you need a vehicle, a
computer (which can be a laptop), a wireless Ethernet card set to
work in promiscuous mode, and some kind of an antenna which
can be mounted on top of or positioned inside the car.
Go back >
160. A system in your organization has a vulnerability in the Apache
version being run on it. You try to conduct a vulnerability scan on
the system using up-to-date definitions, but the scan does not
indicate the problem present, what problem are you facing?
A.
B.
Positive false
False negative
C.
D.
False positive
Negative false
B. The correct answer is False negative. A false negative state is
when the IDS identifies an activity as acceptable when the activity
is actually an attack. That is, a false negative is when the IDS fails
to catch an attack.
Go back >
161. What technique would a malware attacker use to change the
signature of malware so that antivirus tools will not be able to detect
the malware?
A.
B.
C.
D.
SSL stripping
Refactoring
Pass the hash
Request forgeries
B. The correct answer is Refactoring. Refactoring is the process of
changing a software system in such a way that it does not alter the
function of the code yet improves its internal structure. When
carried out manually, refactoring is applied directly to the source
code and is generally a labor-intensive, ad hoc, and potentially
error-prone process. Refactoring also is used to change the
signature of malware so that antivirus tools will not be able to detect
the malware.
Go back >
162. The military of some countries uses a political warfare
strategy in which conventional, irregular, and cyber warfare are
combined with fake news and social media influence and
manipulation strategies. What simple term describes this act of
theirs?
A.
B.
C.
D.
Hybrid warfare
Typosquatting
Eliciting information
Identity fraud
A. The correct answer is Hybrid warfare. Hybrid warfare is a theory
of military strategy, first proposed by Frank Hoffman, which employs
political warfare and blends conventional warfare, irregular warfare
and cyberwarfare with other influencing methods, such as fake
news, diplomacy, lawfare and foreign electoral intervention. By
combining kinetic operations with subversive efforts, the aggressor
intends to avoid attribution or retribution.
Go back >
163. The secretary in the law firm where you work informs you that
she received a text message from the national security services,
NSS, that she accessed illegal websites. What kind of problem is
this?
A.
B.
C.
D.
Pretexting
Vishing
Impersonation
Hoax
D. The correct answer is Hoax. Cyber hoax scams are attacks that
exploit unsuspecting users to provide valuable information, such as
login credentials or money. Attackers who orchestrate these hoax
scams are generally financially motivated and will use various
attack methods including phishing, pop-ups, phone calls, and social
media.
Go back >
164. Attackers are likely to target passwords that are stored in
memory because?
A.
B.
C.
D.
They are often in plain text
They are often encrypted
They are often hashed
None of the above
A. The correct answer is They are often in plain text. Passwords
stored in memory are stored in plain text usually. This makes it easy
for the attackers to recover the password when they access the
memory, even if the storage is temporary.
Go back >
165. In a penetration test the practice of covertly discovering and
collecting information about a system is known as?
A.
B.
C.
D.
Initial phase
Reconnaissance
Information discovery
Known environment
B. The correct answer is Reconnaissance. In the context of
cybersecurity, reconnaissance is the practice of covertly discovering
and collecting information about a system.
This method is often used in ethical hacking or penetration testing.
The reconnaissance phase of a penetration test involves gathering
information about the target, including domain information, system
information, and details about employees.
Go back >
166. During a penetration test, you go into the target office claiming
you have been sent by Jumia, a nationwide package delivery
company. You tell those in the office that you have a package for Mr
San, the assistant managing director, and that the package must be
signed by the secretary for him. What social engineering term is it?
A.
B.
C.
D.
Impersonation
Pharming
Whaling
Phishing
A. The correct answer is Impersonation. In the example, you
impersonated a trusted person in order to get the document signed.
Go back >
167. What is the supply chain risk involved in purchasing network
devices from a gray market supplier who imports the devices
without any direct relationship with the original manufacturers?
A.
B.
C.
D.
No warranty
No support
No updates
All the above
D. The correct answer is All the above.
Go back >
168. What is the supply chain risk involved in purchasing network
devices from a gray market supplier who imports the devices
without any direct relationship with the original manufacturers?
A.
B.
C.
D.
Proxy logs
Endpoint logs
Application logs
Web server logs
D. The correct answer is Web server logs. XML injection is majorly
perpetrated by altering HTTP queries sent to an XML-based web
service. When you check the web server log, you can see if any
unexpected user input is visible in the logs.
Go back >
169. If you decide to operate in your on-site infrastructure rather
than the publishing service of your cloud hosting company, then
what technology would you use to identify the kind of attack you are
facing?
A.
B.
C.
D.
A firewall
An IPS
An IDS
A proxy
B. The correct answer is An IPS. The data he needs is likely to
come from an IPS. When he gets that, he can then determine if the
attack is a DoS attack, and the IPS can help him determine the
source of the DoS attack.
Go back >
170. The common aim of hacktivists is?
A.
B.
C.
D.
To analyze data
To get rich
Become famous
Making a political statement
D. The correct answer is Making a political statement. Hacktivists
try to gain unauthorized access to computer files or networks in
order to further social or political ends.
Go back >
171. What is the most common goal of those who steal personal
information and social security numbers?
A.
B.
Invoice scams
Phishing
C.
D.
Identity fraud
Typosquatting
C. The correct answer is Identity fraud. Identity theft and identity
fraud are terms used to refer to all types of crime in which someone
wrongfully obtains and uses another person's personal data in
some way that involves fraud or deception, typically for economic
gain.
Go back >
172. All of these are the main components of Security
orchestration, automation, and response (SOAR) tools except?
A.
B.
C.
D.
Threat intelligence
Source code security analysis and testing
Process workflows
Incident management
B. The correct answer is Source code security analysis and testing.
SOAR (Security Orchestration, Automation, and Response) refers
to a collection of software solutions and tools that allow
organizations to streamline security operations in three key areas:
incident management, process workflows, and threat intelligence.
SOAR tools do not provide source code analysis and testing.
Go back >
173. GitHub and Bitbucket are threat intelligence sources best
classified under?
A.
B.
C.
D.
Code repositories
Threat maps
Private information sharing center
Dark web
A. The correct answer is Code repositories. The code repository is
the central element in any version management, as the current
code is bundled and securely stored in this location. All changes to
the code are managed and structured in the code repository. Just
like there are several kinds of version control systems, there are
also different code repositories. A few decentralized ones that work
well with Git are GitHub and Bitbucket.
Go back >
174. Your company’s Intrusion Prevention System (IPS) flags traffic
from two IP addresses as shown below:
Source IP: 167.1.45.28 - Destination IP: 55.44.33.1
http://yourwebsite/homepage/order.php?SESSIONID=1455gtd
Source IP: 167.1.45.28 - Destination IP: 55.44.33.1
http://yourwebsite/homepage/order.php?SESSIONID=1455gtd
This attack should be classified as?
A.
B.
C.
D.
API attack
SSL stripping
SQL attack
Session replay attack
D. The correct answer is Session replay attack. Session replay
attacks, also known as, playback attacks or replay attacks, are
network attacks that maliciously “repeat” or “delay” a valid data
transmission. A hacker can do this by intercepting a session and
stealing a user's unique session ID (stored as either a cookie, URL,
or form field).
Go back >
175. The following log entries were found when going through an
auth logs on a server:
June 13 18:01:48 syslog rshd[7206]: Connection from 24.5.4.10 on
illegal port
June 13 18:01:52 syslog rshd[7306]: Connection from 24.5.4.10 on
illegal port
June 13 18:02:10 syslog rshd[7406]: Connection from 24.5.4.10 on
illegal port
June 13 18:02:43 syslog rshd[7506]: Connection from 24.5.4.10 on
illegal port
June 13 18:02:50 syslog rshd[7606]: Connection from 24.5.4.10 on
illegal port
What do these signify?
A.
B.
C.
D.
A vulnerability scan
SQL injection attack
A buffer overflow
The dark web
A. The correct answer is A vulnerability scan. Vulnerability scanning
is the process of identifying security weaknesses and flaws in
systems and software running on them.
This is an integral component of a vulnerability management
program, which has one overarching goal – to protect the
organization from breaches and the exposure of sensitive data.
These programs rely on assessment to gauge security readiness
and minimize risk, and vulnerability scanning is a critical tool in the
cybersecurity toolbox.
Go back >
176. During a vulnerability scanning you identify a service that runs
on TCP port 8080. Which of the following services is running on
that port?
A.
B.
C.
D.
HTTP
HTTPS
SMTP
DNS
A. The correct answer is HTTP. Port numbers are sometimes seen
in web or other uniform resource locators (URLs). By default, HTTP
uses port 80 and HTTPS uses port 443, but a URL like http://
www.example.com:8080/path/ specifies that the web
browser connects instead to port 8080 of the HTTP server.
Go back >
177. You run a vulnerability scan of a network device that shouldn’t
be reachable from the internet. You discover that the device is
running services on TCP ports 80 and 53. What services has she
most likely discovered?
A.
B.
C.
D.
HTTP and DNS
HTTPS and DNS
SMTP and HTTP
DNS and SMTP
A. The correct answer is HTTP and DNS. HTTP is a protocol for
fetching resources such as HTML documents and uses the TCP
post 80. It is the foundation of any data exchange on the Web and it
is a client-server protocol, which means requests are initiated by
the recipient, usually the Web browser.
The Domain Network System (DNS) protocol uses the TCP post 53
and helps Internet users and network devices discover websites
using human-readable hostnames, instead of numeric IP
addresses.
Go back >
178. To ensure that one does not have unwanted ports and
services running on a device whilst not being able to make a scan
for breaches, what can one do?
A.
B.
C.
D.
Network topology assessment
Network topology review
Configuration assessment
Configuration review
D. The correct answer is Configuration review. Configuration
reviews and configuration management tools can be used to
ensure that no unwanted ports or services are accessible.
Go back >
179. The login details of customers of PHB bank got compromised
after they accessed a fake site that posed like the bank. The
customers all visited the site on your network and all claim to have
logged in via your network with the correct site link. What is the
most likely explanation for this situation?
A.
B.
C.
D.
ARP poisoning
MAC spoofing
DNS poisoning
SQL Injection
C. The correct answer is DNS poisoning. DNS poisoning, also
known as DNS cache poisoning or DNS spoofing, is a highly
deceptive cyber attack in which hackers redirect web traffic toward
fake web servers and phishing websites.
Go back >
180. A phishing site was discovered to be sharing a very similar
name to another site with one letter misspelt from the company’s
original domain name. This attack can best be considered as?
A.
B.
Trojan horse
Typo squatting
C.
D.
DNS poisoning
SQL Injection
B. The correct answer is Typo squatting. Typosquatting is a form of
cybercrime that involves hackers registering domains with
deliberately misspelled names of well-known websites. Hackers do
this to lure unsuspecting visitors to alternative websites, typically for
malicious purposes.
Go back >
181. Which of the options listed would be best to assess the
operations of an E-commerce company as a security personnel?
A.
B.
C.
D.
AAA
OWASP
QA
FPGA
B. The correct answer is OWASP. The Open Web Application
Security Project (OWASP) is a non-profit organization founded in
2001, with the goal of helping website owners and security experts
protect web applications from cyber attacks.
Go back >
182. The cybersecurity administrator in an organization, instead of
using a single vendor for the Network and host antimalware, puts
them on different vendors. This action can be described as?
A.
B.
C.
D.
Technology diversity
Vendor diversity
Crypto diversity
Control diversity
B. The correct answer is Vendor diversity. Vendor diversity is the
practice of implementing security controls from different vendors to
increase security. Many DMZs use two firewalls and vendor
diversity dictates the use of firewalls from different vendors.
For example, one firewall could be a Cisco firewall and the other
one could be a Check Point firewall. If a vulnerability is discovered
in one of these firewalls, an attacker might be able to exploit it.
However, it’s unlikely that both firewalls would develop a
vulnerability at the same time.
Go back >
183. Which of the listed options would best suit a company that is
trying to safeguard its backup data from being compromised?
A.
B.
Air-gap the backup server
Change the default vlan number
C.
D.
Place a firewall
Use dropbox for backup
A. The correct answer is Air-gap the backup server. An air gap, air
wall, air gapping or disconnected network is a network security
measure employed on one or more computers to ensure that a
secure computer network is physically isolated from unsecured
networks, such as the public Internet or an unsecured local area
network.
Go back >
184. A windows picture password can be categorized as?
A.
B.
C.
D.
Somewhere you are
Something you have
Something you know
Something you can do
D. The correct answer is Something you can do. Something you
can do is a type of authentication which proves identities by
observing actions. These actions could be things like gestures or
touches. Windows 8 users might know about a feature called
Picture Password. This feature allows the user to set up gestures
and touches on a picture as a way to authenticate themselves.
Go back >
185. You want to use a digital signature on an email before sending
to your friend Gary. Which of the following keys should you use to
sign the email?
A.
B.
C.
D.
Your private key
Your public key
Gary’s private key
Gary's public key
A. The correct answer is Your private key. Since you are the signer,
your digital signature is validated by your public key but created
using your private key.
Go back >
186. The process of deploying 1,000 rounds of MD5 hashing to
secure confidential details e.g passwords, is called?
A.
B.
C.
D.
Perfect forward secrecy
Hashing
Salting
Key stretching
D. The correct answer is Key stretching. Key stretching is the
practice of converting a password to a longer and more random key
for cryptographic purposes such as encryption. This is generally
recognized as making encryption stronger as it ensures that the
encryption itself is reasonably hard.
Go back >
187. Which of the following can be used to make it impossible for
the attacker to simply use a list of common hashed passwords to
reveal the passwords you have stored if they gain access to them?
A.
B.
C.
D.
A key stretch
A key length
A salt
A hash
C. The correct answer is A salt. A cryptographic salt is made up of
random bits added to each password instance before its hashing.
Salts create unique passwords even in the instance of two users
choosing the same passwords. Salts help us mitigate hash table
attacks by forcing attackers to re-compute them using the salts for
each user.
Go back >
188. To ascertain that the session is not breached even if the
server’s private key is, which of the listed cryptographic capabilities
will we use?
A.
B.
C.
D.
Lightweight cryptography
Key stretching
Elliptic-curve cryptography
Perfect forward secrecy
D. The correct answer is Perfect forward secrecy. In cryptography,
forward secrecy (FS), also known as perfect forward secrecy
(PFS), is a feature of specific key agreement protocols that gives
assurances that session keys will not be compromised even if longterm secrets used in the session key exchange are compromised.
Go back >
189. The security head of a company established a nonproduction
network to be used as bait for attackers on the network to get a
glimpse of their attacking skills. The network being deployed is
called?
A.
B.
C.
D.
Fake telemetry
Honeynet
DNS sinkhole
Hot site
B. The correct answer is Honeynet. A honeynet works in a similar
way, baiting a trap for hackers. It's a sacrificial computer system
that’s intended to attract cyberattacks, like a decoy. It mimics a
target for hackers, and uses their intrusion attempts to gain
information about cybercriminals and the way they are operating or
to distract them from other targets.
Go back >
190. To watch over and manipulate power plants power generating
system, which of the listed options is used to perform this action?
A.
B.
C.
D.
SCADA
HVAC
MFP
RTOS
A. The correct answer is SCADA. Supervisory control and data
acquisition is a control system architecture comprising computers,
networked data communications and graphical user interfaces for
high-level supervision of machines and processes.
Go back >
191. Joy wants to have a contract with an organization to have a
datacenter that is stocked with equipment and set for work. The
category of disaster recovery site he’s seeking would be?
A.
B.
Warm site
Cold site
C.
D.
Hot site
Available site
A. The correct answer is Warm site. A warm site is a type of facility
an organization uses to recover its technology infrastructure when
its primary data center goes down. A warm site features an
equipped data center but no customer data.
Go back >
192. What precaution should be put in place to make certain that an
Internet of Things (IoT) operating system doesn’t get modified after
it’s been sold?
A.
B.
C.
D.
Change the default password
Frequent updates
Encrypt the firmware
None of the above
C. The correct answer is Encrypt the firmware. Requiring signed
and encrypted firmware ensures that third-party systems cannot
modify the OS of the IoT.
Go back >
193. You are in charge of application development in your company
and want to ensure that no web application is deployed live before
testing. Your company prefers that you do the test with a system
that looks like the live server. What do we call this?
A.
B.
C.
D.
Deploy server
Test server
Pre-test server
Non production server
B. The correct answer is Test server. The Test Server is a place
where new updates, features, and mechanics are tested before
being released to the main servers. Sometimes, these servers are
in a closed-testing mode, meaning that only developers and testers
can access them.
Go back >
194. You are in charge of application development in your company
and want to ensure that no web application is deployed live before
testing. Your company prefers that you do the test with a system
that looks like the live server. What do we call this?
A.
B.
C.
D.
Deploy server
Test server
Staging server
Non live server
C. The correct answer is Staging server. A staging server is a type
of server that is used to test a software, website or service in a
production-similar environment before being set live. It is part of a
staging environment or staging site, where it serves as a temporary
hosting and testing server for any new software or websites.
Go back >
195. What solution will be used to restrict access to an API you
provided, while ensuring that you log usage of the API to the
respective companies that are given access.
A.
B.
C.
D.
API numbers
API keys
API locks
API logs
B. The correct answer is API keys. An application programming
interface key is a unique identifier used to authenticate a user,
developer, or calling program to an API. However, they are typically
used to authenticate a project with the API rather than a human
user. Different platforms may implement and use API keys in
different ways.
Go back >
196. In order to ensure that unsecure code is not delivered to the
live system of an organization since its developers have the
authority to deliver code directly to the production server, what
should be done to subdue this problem?
A.
B.
C.
D.
Create a staging server
Create a new live server
Migrate the data to a cloud-based server
Migrate the data to a dedicated-server
A. The correct answer is Create a staging server. A staging server
is a type of server that is used to test a software, website or service
in a production-similar environment before being set live. It is part
of a staging environment or staging site, where it serves as a
temporary hosting and testing server for any new software or
websites.
Go back >
197. In a cloud service, the transit gateway performs what
functions?
A.
B.
C.
D.
Connects two trust zones
Connects two different cloud service providers
Connects Digital Ocean and Cloudways
Connects on-premises networks and virtual private clouds
D. The correct answer is Connects on-premises networks and
virtual private clouds. A transit gateway is a network transit hub that
you can use to interconnect your virtual private clouds (VPCs) and
on-premises networks. As your cloud infrastructure expands
globally, inter-Region peering connects transit gateways together
using the Amazon Global Infrastructure.
Go back >
198. Which of the following hardware security modules is a physical
computing device that safeguards and manages digital keys?
A.
B.
C.
D.
UEM
HSM
MAM
MMS
B. The correct answer is HSM. HSM, hardware security module is a
physical computing device that safeguards and manages digital
keys, performs encryption and decryption functions for digital
signatures, strong authentication and other cryptographic functions.
Go back >
199. Which of the following is a computer security mechanism set
to detect, deflect, or, in some manner, counteract attempts at
unauthorized use of information systems?
A.
B.
C.
D.
IDS
Data loss prevention
Fake telemetry
Honeypot
D. The correct answer is Honeypot. In computer terminology, a
honeypot is a computer security mechanism set to detect, deflect,
or, in some manner, counteract attempts at unauthorized use of
information systems.
Generally, a honeypot consists of data (for example, in a network
site) that appears to be a legitimate part of the site and contain
information or resources of value to attackers. It is actually isolated,
monitored, and capable of blocking or analyzing the attackers. This
is similar to police sting operations, colloquially known as "baiting" a
suspect.
Go back >
200. Which of the following setup management programs is a group
of settings placed on a system before it is approved for production?
A.
B.
C.
D.
Tutorial video
Step by step guidance
Documentantion
Baseline configuration
D. The correct answer is Baseline configuration. A baseline
configuration is a group of settings placed on a system before it is
approved for production. Using baselines is a technique that
evolved from administration checklists to ensure systems were set
up correctly for their intended purpose.
As IT shops get larger, and as the number of managed systems
increases, having consistency across systems becomes
increasingly critical. Machine and user naming conventions, disk
storage setup, and network card settings are all configuration items
that, if not managed consistently within the shop, could lead to
errors, outages, and most importantly for our purposes here,
security exposures.
Go back >
201. The Symmetric encryption has what benefit compared to the
asymmetric encryption?
A.
B.
Symmetric encryption is faster to run
Symmetric encryption uses 2 keys
C.
D.
Symmetric encryption is more secure
Symmetric encryption uses longer keys
A. The correct answer is Symmetric encryption is faster to run.
Symmetric cryptography is faster to run (in terms of both encryption
and decryption) because the keys used are much shorter than they
are in asymmetric cryptography. Additionally, the fact that only one
key gets used (versus two for asymmetric cryptography) also
makes the entire process faster.
Go back >
202. Which of the listed options gives users access to web-based
applications by the cloud providers?
A.
B.
C.
D.
DaaS
PaaS
SaaS
IaaS
C. The correct answer is SaaS. Software as a service (SaaS) is a
cloud-based software delivery model in which the cloud provider
develops and maintains cloud application software, provides
automatic software updates, and makes software available to its
customers via the internet on a pay-as-you-go basis.
Go back >
203. Which of the following policies controls who has access to
resources and what actions they can perform on it?
A.
B.
C.
D.
Resource policy
Content policy
Action policy
Perform policy
A. The correct answer is Resource policy. A policy typically refers to
the principal guiding decisions, whereas mechanisms represent the
means to implement policies. Separation of policies from
mechanisms is a guiding principle in computer science.
Go back >
204. What aspect of virtualization should be deployed to put a
virtual server to its last glitch-free condition after a virus is ejected
from it?
A.
B.
C.
D.
Offsite storage
Artifact
Snapshot
Self-encrypting drive
C. The correct answer is Snapshot. A virtual machine snapshot (VM
snapshot) is the state of a virtual machine (VM) that is copied and
stored at a specified time. It develops a copy of the VM that is used
for VM migration, backup and restore procedures. A virtual machine
snapshot allows a VM to be restored to a former state of snapshot
creation.
Go back >
205. What RAID level, while deploying a distributed parity bits,
would make certain that if a drive fails in a database server it will be
recoverable?
A.
B.
C.
D.
RAID 5
RAID 4
RAID 3
RAID 2
A. The correct answer is RAID 5. RAID 5 is a redundant array of
independent disks configuration that uses disk striping with parity.
Because data and parity are striped evenly across all of the disks,
no single disk is a bottleneck. Striping also allows users to
reconstruct data in case of a disk failure.
RAID 5 evenly balances reads and writes, and is currently one of
the most commonly used RAID methods. It has more usable
storage than RAID 1 and RAID 10 configurations, and provides
performance equivalent to RAID 0.
Go back >
206. Which of the following is used in electronic labs where stray
electromagnetic fields must be kept out?
A.
B.
C.
D.
Proximity reader
Faraday cage
Motion detection
Moisture detection
B. The correct answer is Faraday cage. A Faraday cage is a
metallic enclosure that prevents the entry or escape of an
electromagnetic field (EM field). Faraday cages are used in
electronic labs where stray EM fields must be kept out. This is
important in the testing of sensitive wireless receiving equipment. In
addition, a Faraday cage can prevent the escape of the EM fields
emitted by a cathode-ray-tube (CRT) computer monitor.
Go back >
207. What is the most secure way of preventing an intruder from
coming into a building while being transported in a car?
A.
B.
Traffic light
Security guard
C.
D.
Security cameras
Bollards
D. The correct answer is Bollards. Security bollards act as both a
physical and visual barrier. They are varied in their shapes, sizes,
and designs. Bollards and security barriers protect lives and
property by creating a controlled traffic setting. Knowing the
differences between types of bollards will help to select the best
post for a site.
Go back >
208. What would be the best way to prevent students from a
particular school from making away with the computers in the
computer lab?
A.
B.
C.
D.
Antivirus
Cameras
Cable locks
USB data blockers
C. The correct answer is Cable locks. A one-piece, combination
laptop lock and security cable utilizes the built in security slot found
on most laptops or notebooks. The resettable combination lock
allows you to secure your laptop without requiring a key.
Go back >
209. Which of the listed options should be deployed to effect twofactor authentication within a building?
A.
A mantrap
B.
A smart card
C.
A PIN keypad
D.
A PIN keypad at one door and a mantrap with a smartcard at
the other door
D. The correct answer is A PIN keypad at one door and a mantrap
with a smartcard at the other door. A mantrap portal is a set of two
interlocking doors where the first set of doors opens before the
second set, causing the user to be “trapped” inside temporarily.
Go back >
210. The deception technique that logs on going events such us
user logins and logout after configuring a honeypot is called?
A.
B.
C.
D.
Honey telemetry
Fake nets
Honeynets
Fake telemetry
D. The correct answer is Fake telemetry. Telemetry is the
automated communication processes from multiple data sources.
Telemetry data is used to improve customer experiences, monitor
security, application health, quality, and performance.
When monitoring an application to ensure acceptable uptime and
performance for your users, you need to start with the components.
This includes the physical servers themselves and, to start, their
overall availability.
Go back >
211. The “disk mirroring and disk striping” is categorized under the
RAID level?
A.
B.
C.
D.
RAID 1
RAID 2
RAID 1+0
RAID 2+0
C. The correct answer is RAID 1+0. RAID 10, also known as RAID
1+0, is a RAID configuration that combines disk mirroring and disk
striping to protect data. It requires a minimum of four disks and
stripes data across mirrored pairs.
As long as one disk in each mirrored pair is functional, data can be
retrieved. If two disks in the same mirrored pair fail, all data will be
lost because there is no parity in the striped sets.
Go back >
212. Which of the following terms is used when you remove
redundancy from a database?
A.
B.
C.
D.
Stored procedures
Normalization
Data exposure
Code reuse
B. The correct answer is Normalization. Normalization is the
process of organizing data in a database. This includes creating
tables and establishing relationships between those tables
according to rules designed both to protect the data and to make
the database more flexible by eliminating redundancy and
inconsistent dependency.
Go back >
213. Which of the following options can be used when deploying an
AAA service?
A.
B.
C.
D.
CCMP
WPS
RADIUS
PSK
C. The correct answer is RADIUS. Remote Authentication Dial-In
User Service (RADIUS) is a networking protocol that provides
centralized authentication, authorization, and accounting (AAA)
management for users who connect and use a network service.
Go back >
214. In which of the following systems, if users get access none of
their settings or data is saved once they log out?
A.
B.
C.
D.
Full-persistent
Half-persistent
Persistent
Non-persistent
D. The correct answer is Non-persistent. When users access a
nonpersistent desktop, none of their settings or data is saved once
they log out. At the end of a session, the desktop reverts to its
original state and the user receives a fresh image the next time he
logs in.
Go back >
215. What datacenter element should you be worried about when
infrared cameras are being used to ensure that the servers within
the datacenter are utilized properly?
A.
B.
C.
D.
Hot aisle and cold aisle
Humidity
Electromagnetic interference
Radio-frequency interference
A. The correct answer is Hot aisle and cold aisle. Hot / cold aisle is
a layout design for server racks in a data center. The goal of it is to
increase the effectiveness of the cooling system by managing air
flow in the data center.
In the simplest form, this design involves lining up server racks in
different rows with cold air facing one way and hot exhausts facing
the other. Typically, cold aisles, which are usually composed of rack
fronts, face AC output, and hot aisles face return ducts.
Go back >
216. Which of these options is the best way to deny an infected
system access to a botnet controller when you know the
hostname?
A.
B.
C.
D.
DNS sinkhole
Honeynets
Fake telemetry
Honeypot
A. The correct answer is DNS sinkhole. DNS sinkhole or black hole
DNS is used to spoof DNS servers to prevent resolving hostnames
of specified URLs. This can be achieved by configuring the DNS
forwarder to return a false IP address to a specific URL.
DNS sinkholing can be used to prevent access to malicious URLs
at an enterprise level. The malicious URLs can be blocked by
adding a false entry in the DNS and thus there will be a second
level of protection. Normally firewalls and proxies are used to block
malicious traffic across the organization
Go back >
217. The situation of a personnel not being able to effectively
handle the virtual machines under his watch is best described as?
A.
B.
C.
D.
Virtual machine escape
Virtual machine uncontrol
Virtual machine deny
Virtual machine sprawl
D. The correct answer is Virtual machine sprawl. VM sprawl, also
known as virtualization sprawl, happens when an administrator can
no longer effectively control and manage all the virtual machines on
a network. This can happen with rapidly growing networks when
multiple VMs are set up for use by different departments.
Go back >
218. Which of the following procedures can be used to provide an
important layer of security between the user interface and the
database?
A.
B.
C.
D.
Security procedures
Database procedures
Interface procedures
Stored procedures
D. The correct answer is Stored procedures. A stored procedure
provides an important layer of security between the user interface
and the database. It supports security through data access controls
because end users may enter or change data, but do not write
procedures.
A stored procedure preserves data integrity because information is
entered in a consistent manner. It improves productivity because
statements in a stored procedure only must be written once.
Go back >
219. Which of the listed models allows a system to boot their
resources from a centralized server environment instead of their
hard drives?
A.
B.
C.
D.
Thin client
Containers
Edge computing
Microservices
A. The correct answer is Thin client. A thin client is a simple
computer that has been optimized for establishing a remote
connection with a server-based computing environment. The server
does most of the work, which can include launching software
programs, performing calculations, and storing data.
Go back >
220. Which of the following is not a popular means of shielding
information from being compromised?
A.
B.
C.
D.
Connect to remote systems using SSH
Use hash functions before storing data
Store data in plain text
Visit sites that use SSL
C. The correct answer is Store data in plain text. The storage of
clear text data in main memory is a cybersecurity concern. A
malware application in the user’s device can read its contents and
exploit the data. A serious concern is regarding passwords and
other sensitive data that a user has temporarily stored in memory,
that is not in an encrypted format.
Go back >
221. Which of the following is not a popular means of shielding
information from being compromised?
A.
B.
C.
D.
SAML
OAuth
TACACS+
ABAC
B. The correct answer is OAuth. OAuth (Open Authorization) is an
open standard for access delegation, commonly used as a way for
Internet users to grant websites or applications access to their
information on other websites but without giving them the
passwords.
Go back >
222. A datacenter personnel has to manage a number of
datacenters in different locations. Which of the following is the most
suitable option for managing all datacenters with ease?
A.
B.
C.
D.
Implement SDNs
Implement firewalls
Implement Vlans
Implement infrastructure as code
D. The correct answer is Implement infrastructure as code.
Infrastructure as code (IaC) is the process of managing and
provisioning computer data centers through machine-readable
definition files, rather than physical hardware configuration or
interactive configuration tools.
Infrastructure as Code evolved to solve the problem of environment
drift in the release pipeline. Without IaC, teams must maintain the
settings of individual deployment environments.
Go back >
223. The most significant advantage of the SDN is?
A.
B.
C.
D.
It provides scalability
It provides an extra layer of security
It provides an IDS functionalities
It provides an IPS functionalities
A. The correct answer is It provides scalability. When it comes to
creating their own networks, every enterprise has to weigh the pros
and cons of the different network types. With increased consumer
demands for performance and flexibility, some cons quickly become
heavier than others.
Along with the growing needs of modern networks, the biggest cons
of maintaining traditional networks have bolstered the ascendancy
of SDN. SDN solutions and other virtualized solutions are
burgeoning.
Physical infrastructure, especially hardware that requires manual
configurations, simply hasn’t been able to keep pace with modern
technology. The ballooning demands that modern enterprise users
require are too much for most traditional networks. Users looking to
upscale their network infrastructures with as little disruption as
possible quickly turn to SDN.
Go back >
224. The most reliable method in ascertaining real-time operating
system security is?
A.
B.
C.
D.
Install and configure a host firewall
Disable the default vlan
Create a new plan for real-time operating systems
Install antivirus & anti malware software
A. The correct answer is Install and configure a host firewall. A hostbased firewall is a piece of firewall software that runs on an
individual computer or device connected to a network. These types
of firewalls are a granular way to protect the individual hosts from
viruses and malware, and to control the spread of these harmful
infections throughout the network.
Go back >
225. An attack was launched on an organization’s web app,
executing a code from one of the javascript libraries the web app
used in the past. This attack is best described as?
A.
B.
C.
D.
SSL stripping
Session replays
Code reuse attack
Code signing
C. The correct answer is Code reuse attack. Code reuse attacks
are attacks repurposing existing components. In particular, they
repurpose existing code to perform arbitrary computations. It is
commonly used in control-flow hijacking vulnerabilities, which are
memory corruption bugs that allow an attacker to take over a code
pointer.
Go back >
226. Which of the following IEEE technologies will you use to
develop an embedded system that would provide peer-to-peer
communications, low cost and low-power?
A.
B.
802.1X
Zigbee
C.
D.
Radius
WPA
B. The correct answer is Zigbee. Code reuse attacks are attacks
repurposing existing components. In particular, they repurpose
existing code to perform arbitrary computations. It is commonly
used in control-flow hijacking vulnerabilities, which are memory
corruption bugs that allow an attacker to take over a code pointer.
Go back >
227. Which of the following form of encryption permits users to
perform computations on their encrypted data without first
decrypting them?
A.
B.
C.
D.
Blockchain encryption
Lightweight encryption
Homomorphic encryption
Steganography
C. The correct answer is Homomorphic encryption. Homomorphic
encryption is a form of encryption that permits users to perform
computations on its encrypted data without first decrypting it.
Go back >
228. Which of the listed options would be welcomed by the staff of
a company deploying a biometric system to gain access into the
company?
A.
B.
C.
D.
Retina
Iris
Facial
Fingerprint
D. The correct answer is Fingerprint. Fingerprint systems are the
safest and most widely accepted security system now.
Go back >
229. An off-site cold backup usually operates on what backup
technology?
A.
B.
C.
D.
Tape
Cloud
Network-attached network
Storage area network
A. The correct answer is Tape. Tape backup is the practice of
periodically copying data from a primary storage device to a tape
cartridge so the data can be recovered if there is a hard disk crash
or failure. Tape backups can be done manually or be programmed
to happen automatically with appropriate software. An off-site cold
backup usually operates on Tape backup technology.
Go back >
230. For most SoC devices, what would be the most reliable means
of ascertaining that they are not breached and the information on
them are not compromised?
A.
B.
C.
D.
Ensure that each device has no network access
Ensure that each device has wireless access
Ensure that each device has its own cryptographic key
Ensure that each device has enough storage
C. The correct answer is Ensure that each device has its own
cryptographic key. System on a chip (SoC) devices are regarded as
self-contained systems on a single chip. Therefore, ensuring that
each one has its cryptographic keys is the most ideal way to
implement authentication and security.
Go back >
231. The security manager in a company that producing
electrocardiogram monitors is worried about how the devices will be
kept safe. Which of the listed options should he deploy?
A.
He needs to make sure the devices have anti-malware
B.
He needs to make sure the devices have no IP addresses
C.
He needs to make sure the devices have updated firmware
D.
He needs to make sure the communications with the device
are secured and encrypted
D. The correct answer is He needs to make sure the
communications with the device are secured and encrypted.
Go back >
232. In which of the following places we can find the needed data to
understand how a protocol works and what values need to be
added in packets that use this protocol?
A.
B.
C.
D.
Wikipedia
Github
Reddit
Request for Comments
D. The correct answer is Request for Comments. A Request for
Comments is an individually numbered publication in a series, from
one of a small group of bodies, most prominently the Internet
Engineering Task Force, the principal technical development and
standards-setting bodies for the Internet.
Go back >
233. Which of these biometric technologies would be best in
identifying subjects from a camera?
A.
B.
C.
D.
Gait analysis
Fingerprint
Efficacy rates
Iris
A. The correct answer is Gait analysis. Gait analysis is the
systematic study of animal locomotion, more specifically the study
of human motion, using the eye and the brain of observers,
augmented by instrumentation for measuring body movements,
body mechanics, and the activity of the muscles.
Go back >
234. What solution should be deployed by a company that wants to
keep their data in the cloud but feels that the public cloud is open to
breaches and at the same time expressing concern about the cost
of a private cloud?
A.
B.
C.
D.
Under cloud
Semi cloud
Community cloud
Half cloud
C. The correct answer is Community cloud. A community cloud in
computing is a collaborative effort in which infrastructure is shared
between several organizations from a specific community with
common concerns, whether managed internally or by a third-party
and hosted internally or externally. They are accessible to only a
specific set of people, and so the risks of public cloud are reduced
and cost of private cloud is cut.
Go back >
235. A set of programmers running a Windows OS needs to
develop a particular solution that will work effectively on Linux. In a
bid to use a cloud solution, what is the best way to get your
programmers access to Linux systems for development and
testing?
A.
B.
C.
D.
PaaS
IaaS
SaaS
DaaS
B. The correct answer is IaaS. Infrastructure as a service (IaaS) is a
type of cloud computing service that offers essential compute,
storage, and networking resources on demand, on a pay-as-you-go
basis. IaaS is one of the four types of cloud services, along with
software as a service (SaaS), platform as a service (PaaS), and
serverless.
Go back >
236. What category of backup would readily backup all the changes
made on a system since the last time a full backup was done on it?
A.
B.
C.
D.
Full
Incremental
Snapshot
Differential
D. The correct answer is Differential. A differential backup is a type
of data backup that preserves data, saving only the difference in
the data since the last full backup.
Go back >
237. Which of the listed options would best suit a company that
wants to use cloud storage to store data but the major setback they
have is the cost?
A.
B.
C.
D.
Public cloud
Storage cloud
Save cloud
Affordable cloud
A. The correct answer is Public cloud. Public cloud is an IT model
where on-demand computing services and infrastructure are
managed by a third-party provider and shared with multiple
organizations using the public Internet. It is significantly cheaper
than private and community clouds.
Go back >
238. Paula is trying to ascertain that a cloud system can blend-in
with manipulations in its workload by automatically freeing and
withholding resources. She is also trying to ensure that the space is
not loaded with too many resources nor under-provisioned, and that
money is wisely spent on her infrastructure. This concept is best
described as?
A.
B.
C.
D.
Scalability
Elasticity
Camouflage
Obfuscation
B. The correct answer is Elasticity. In cloud computing, elasticity is
defined as "the degree to which a system is able to adapt to
workload changes by provisioning and de-provisioning resources in
an autonomic manner, such that at each point in time the available
resources match the current demand as closely as possible".
Go back >
239. Which of following would you use to make sure that a problem
in power supply does not cause a server to lose power?
A.
B.
C.
D.
MAC
NIC
PDU
UPS
D. The correct answer is Elasticity. An uninterruptible power supply
(UPS) is a device that allows a computer to keep running for at
least a short time when the primary power source is lost. UPS
devices also provide protection from power surges. A UPS contains
a battery that "kicks in" when the device senses a loss of power
from the primary source.
Go back >
240. A stored procedure is best explained as?
A.
A subroutine available to applications that access a relational
database management system
B.
An SQL injection technique
C.
A subroutine available to applications that access a MariaDB
database
D.
A javascript framework
A. The correct answer is A subroutine available to applications that
access a relational database management system. A stored
procedure is a subroutine available to applications that access a
relational database management system. Such procedures are
stored in the database data dictionary. Uses for stored procedures
include data-validation or access-control mechanisms.
Go back >
241. Which of the listed options would best be able to prevent a
possible VM escape that would result in a data breach?
A.
B.
C.
D.
Implement honeypots
Configure a proxy server
Install a firewall
Detached VM hosts by data sensitivity
D. The correct answer is Detached VM hosts by data sensitivity.
Virtual machine escape is the process of a program breaking out of
the virtual machine on which it is running and interacting with the
host operating system. A virtual machine is a "completely isolated
guest operating system installation within a normal host operating
system". when it is separated from the hosts by data type or
sensitivity, it prevents VM escape.
Go back >
242. A company that lacks staff but wants to deploy modern and
robust network security. What should be done to salvage the
situation?
A.
B.
C.
D.
Use a firewall
Use Vlans
Use a Proxy server
Use a MSSP
D. The correct answer is Use a MSSP. An managed security
service provider (MSSP) provides outsourced monitoring and
management of security devices and systems. Common services
include managed firewall, intrusion detection, virtual private
network, vulnerability scanning and anti-viral services.
Go back >
243. Which of these options would best be able to ascertain that
applications on a network have not been breached nor affected with
a Trojan virus?
A.
B.
C.
D.
Use cryptographic hashes
Use Vlans
Use a Proxy server
Use time of check
A. The correct answer is Use cryptographic hashes. One of the
effective ways of assuring the integrity of data is storing
cryptographic hash by the verifier. A cryptographic hash function is
a one-way function that, given any fixed length input, generates a
unique fixed length output.
Go back >
244. In a bid to prevent a SCADA system from being affected by
malicious executable files, which of these options should be
deployed?
A.
B.
C.
D.
Place the SCADA system on a separate VLAN
Place the SCADA system on the same VLAN with DMZ
Implement honeypots
Implement IPS/IDS
A. The correct answer is Place the SCADA system on a separate
VLAN. When you separate the SCADA system from the main
network, there is less likeliness of the SCADA system being
affected.
Go back >
245. What method should be deployed to ensure that old versions
of code are not being rewritten into new releases in regression
testing?
A.
B.
C.
D.
Version controlling
Version placing
Version indexing
Version numbering
D. The correct answer is Version numbering. A version number is a
unique number or set of numbers assigned to a specific release of
a software program, file, firmware, device driver, or even hardware.
Typically, as updates and entirely new editions of a program or
driver are released, the version number will increase.
Go back >
246. In a bid to ensure secure communications with customers on a
bank website, which of the following options would best serve that
purpose?
A.
B.
C.
D.
VPN
TLS
Tunneling
Firewall
B. The correct answer is TLS. Transport Layer Security (TLS)
encrypts data sent over the Internet to ensure that eavesdroppers
and hackers are unable to see what you transmit which is
particularly useful for private and sensitive information such as
passwords, credit card numbers, and personal correspondence.
Go back >
247. Which of the following is not a problem faced by the
smartcard-based authentication system.
A.
Weak security due to the limitations of the smartcard's
authentication support
B.
Weak security due to the limitations of the smartcard's
authorization support
C.
Weak security due to the limitations of the smartcard's
encryption support
D.
None of the above
C. The correct answer is Weak security due to the limitations of the
smartcard's encryption support. With the support Smart Cards have
for modern cryptographic algorithms, there is little reason to fear
weak security due to smart card limitations on encryption.
Go back >
248. “Anything as a Service” can best be described with what term?
A.
B.
C.
D.
XaaS
YaaS
OaaS
SaaS
A. The correct answer is XaaS. XaaS is a general, collective term
that refers to the delivery of anything as a service. It recognizes the
vast number of products, tools and technologies that vendors now
deliver to users as a service over a network -- typically the internet
-- rather than provide locally or on-site within an enterprise.
Go back >
249. John bought an office with full access to power and bandwidth
to serve as a backup for her company just in case they should
suffer an attack. This establishment is called?
A.
B.
C.
D.
Cold site
Frozen site
Hot site
Host site
A. The correct answer is Cold site. A cold site is essentially office
or datacenter space without any server-related equipment installed.
The cold site provides power, cooling, and/or office space which
waits in the event of a significant outage to the main work site or
datacenter.
Go back >
250. To enable a patched Windows system to be able to jump back
to the last obvious healthy configuration, what should be done to
achieve this?
A.
B.
C.
D.
A system backup point
A system restore point
A system return point
A system time point
B. The correct answer is A system restore point. A system restore
point is an image of the system configuration and settings in the
Windows Registry that helps in restoring the system to an earlier
date when the system was running perfectly.
Go back >
251. When the system date is not properly set, which of these will
encounter problems from multi factor authentication?
A.
B.
COTP
OOTP
C.
D.
POTP
TOTP
D. The correct answer is TOTP. A time-based one-time password
(TOTP) is a computer algorithm that generates a one-time
password that uses the current time as a source of uniqueness. It
will be affected by an incorrectly set time.
Go back >
252. What primary function does the Faraday cage perform in the
server room?
A.
B.
C.
D.
To block EIM
To block IME
To block MIE
To block EMI
D. The correct answer is To block EMI. A Faraday cage or Faraday
shield is an enclosure used to block electromagnetic fields. A
Faraday shield may be formed by a continuous covering of
conductive material, or in the case of a Faraday cage, by a mesh of
such materials.
Go back >
253. The IP schema configuration management would offer what
type of security benefit?
A.
B.
C.
D.
Detecting rogue devices
Detecting malicious devices
Detecting DDoS attacks
Detecting malicious software
A. The correct answer is Detecting rogue devices. IP address
schema and usage allow identification of unknown and potentially
rogue devices.
Go back >
254. Which of the listed options would be best for securing a server
room door?
A.
B.
C.
D.
Deadbolt
Padlock
Cable lock
Faraday cages
A. The correct answer is Deadbolt. Deadbolts are the most secure
because they need to be engaged when the door is shut. They
have a unique locking device built into the bolt, that can't be forced
back into the door, thus preventing unwanted entry.
Go back >
255. What are the two most important features that deploying a NIC
teaming on a server?
A.
B.
C.
D.
NIC offers lower latency and lower throughput
NIC offers lower latency and greater throughput
NIC offers fault tolerance and lower throughput
NIC offers fault tolerance and greater throughput
D. The correct answer is NIC offers fault tolerance and greater
throughput. NIC teaming is the process of combining multiple
network cards together for performance, load balancing, and
redundancy reasons.
Go back >
256. Which of these options would serve as a fault-tolerant solution
that can handle two drives failing?
A.
B.
C.
D.
RAID 6
RAID 5
RAID 4
RAID 3
A. The correct answer is RAID 6. In RAID 6, two disk drives can fail
without total data loss occurring. This means better security than
RAID 5, but it also means even slower write speeds since one
additional checksum must be created.
Go back >
257. Your company deploys a CCTV monitoring system which is
always in use. In a bid to make the CCTV system respond to theft
and other issues, what additional feature is most likely to receive
requests to counter these problems?
A.
B.
C.
D.
Motion recognition
DVR
Guards
Object detection
B. The correct answer is DVR. DVR is digital video recorder, it is
needed to record the clips captured by the CCTV so it can be
clearly reviewed.
Go back >
258. Which of these cryptosystems would most often provide
cryptographic algorithm with low latency?
A.
B.
Symmetric encryption
Lightweight cryptography
C.
D.
Homomorphic encryption
Steganography
A. The correct answer is Symmetric encryption. Symmetric
cryptography is faster to run (in terms of both encryption and
decryption) because the keys used are much shorter than they are
in asymmetric cryptography. Additionally, the fact that only one key
gets used (versus two for asymmetric cryptography) also makes the
entire process faster.
Go back >
259. The most important thing to be do about memory management
in application security is?
A.
B.
C.
D.
Call functions inside functions
Delete all the open sessions
Use correct data types
Make sure you release any memory you allocate
D. The correct answer is Make sure you release any memory you
allocate. Not releasing the allocated memory would result in a
memory leak.
Go back >
260. Which of these options should be deployed to ensure that
encrypted files are kept confidential and safe for as long as
possible?
A.
B.
C.
D.
Use a 32-bit key
Use the longest key possible
Use a 20-bit key
Use the shortest key possible
B. The correct answer is Use the longest key possible. Using a
longer key is the best established method to make an encrypted file
less prone to being cracked. Generally, adding key length ensures
that significant increases in computational power will not result in
the encryption being cracked in a reasonable period of time.
Go back >
261. What technology should be deployed in a company that is
subject to a breach to keep their data and information safe on their
servers?
A.
B.
C.
D.
DLP
LPD
DPL
LDP
A. The correct answer is DLP. Data loss prevention (DLP) software
detects potential data breaches/data ex-filtration transmissions and
prevents them by monitoring, detecting and blocking sensitive data
while in use, in motion, and at rest. The terms "data loss" and "data
leak" are related and are often used interchangeably.
Go back >
262. What security method can be deployed to ensure that a single
individual won’t be able to subvert a process?
A.
B.
C.
D.
Two-person control
One-person control
Four-person control
Three-person control
A. The correct answer is Two-person control. The two-person rule is
a control mechanism designed to achieve a high level of security
for especially critical material or operations. Under this rule all
access and actions require the presence of two authorized people
at all times.
Go back >
263. Which of these options will surely protect a phone from attack
or breach from the charger being used to charge it?
A.
B.
C.
D.
USB data locker
Lighting
Fencing
USB data blocker
D. The correct answer is USB data blocker. A USB data blocker is a
device that plugs into the charging port on your phone, acting as a
shield between the public charging station's cord and your phone.
USB data blockers, also known as USB condoms, restrict hackers
from accessing your phone's data.
Go back >
264. Users are granted the grace of creating applications and
hosting them on which of these cloud service?
A.
B.
C.
D.
PaaS
SaaS
DaaS
IaaS
A. The correct answer is PaaS. Platform as a service (PaaS) or
application platform as a service (PaaS) or platform-based service
is a category of cloud computing services that allows customers to
provision, instantiate, run, and manage a modular bundle
comprising a computing platform and one or more applications,
without the complexity of building and maintaining the infrastructure
typically associated with developing and launching the
application(s); and to allow developers to create, develop, and
package such software bundles.
Go back >
265. The director of your company understands that for
cryptographic systems, computational overheads are a concern.
What can you do to limit the computational needs of the company’s
solution?
A.
B.
C.
D.
Apply elliptic curve cryptography
Apply lightweight cryptography
Apply homomorphic encryption
Apply steganography
A. The correct answer is Apply elliptic curve cryptography. Ellipticcurve cryptography is an approach to public-key cryptography
based on the algebraic structure of elliptic curves over finite fields.
ECC allows smaller keys compared to non-EC cryptography to
provide equivalent security.
Go back >
266. What computational design concept can be used to describe a
situation in which you deploy servers and storage to all of your
company's facilities so that scientific equipment can forward data at
the right speed?
A.
B.
C.
D.
Containers
Microservices
Edge computing
Fog computing
C. The correct answer is Edge computing. Edge computing is a
distributed computing paradigm that brings computation and data
storage closer to the sources of data. This is expected to improve
response times and save bandwidth.
Go back >
267. What type of solution would allow you to replace sensitive
information on your database with unique identifiers which allow
you to continue taking actions on the information without exposing
the information?
A.
B.
C.
D.
Anonymization
Tokenization
Pseudo-Anonymization
Data masking
B. The correct answer is Tokenization. Tokenization, when applied
to data security, is the process of substituting a sensitive data
element with a non-sensitive equivalent, referred to as a token, that
has no extrinsic or exploitable meaning or value. The token is a
reference that maps back to the sensitive data through a
tokenization system.
Go back >
268. What special advantage does an encrypted message which
contains a digital signature have over one that has no digital
signature? (SELECT TWO)
A.
B.
C.
D.
E.
Integrity
Availability
Nonrepudiation
Confidentiality
Accountability
A, C. The correct answers are Integrity and Nonrepudiation. A a
digital signature is there to secure the message from being
changed, and thus its integrity is intact, and it also supports
nonrepudiation by proving that the message is from the real sender.
Go back >
269. In a conference whose topic is on "appropriate response and
recovery controls for natural disasters", one of the speakers asks
what control should be employed in the case that a tornado causes
a power outage that lasts for many hours.
A.
B.
C.
D.
Offsite storage
Generator
Snapshot
Managed power distribution units
B. The correct answer is Generator. Generators are useful
appliances that supply electrical power during a power outage and
prevent discontinuity of daily activities or disruption of business
operations. Generators are available in different electrical and
physical configurations for use in different applications
Go back >
270. The technology that is most widely used for proximity card
readers is…?
A.
B.
C.
D.
NFC
IV
RFID
DIFR
C. The correct answer is RFID. RFID systems enable a card and a
card reader to communicate without the need for one to physically
touch or contact the other–hence the term contactless. The card
need only be placed in close proximity to the reader for
communication to occur–hence the term proximity.
Go back >
271. The biggest geographical concern for security is…?
A.
B.
C.
D.
External disaster
Internal disaster
Person-made disaster
Environmental disaster
D. The correct answer is Environmental disaster. Disasters,
generally, are from the basic things that are put into consideration
when choosing a geographic location.
Go back >
272. How would you protect a confidential message?
A.
B.
C.
D.
By hashing the message
By encrypting the message
By deleting the message
By digitally signing the message
B. The correct answer is By encrypting the message. Encryption
involves encrypting, or disguising, the content of messages in order
to protect potentially sensitive information from being read by
anyone other than intended recipients. Encryption often includes
authentication.
Go back >
273. Which network device allows horizontal scaling during traffic
issues, as well as supports patching and upgrading without causing
outages?
A.
B.
C.
D.
A firewall
A load balancer
A hub
A switch
B. The correct answer is A load balancer. Network load balancing is
the ability to balance traffic across two or more WAN links without
using complex routing protocols like BGP. It makes patching and
upgrades easier by draining connections from systems and
removing them from the pool when work needs to be done on them.
Go back >
274. Ιf you want to use physical safeguards to ensure that
important data can be transferred in unencrypted form, what
solution would you deploy?
A.
B.
C.
D.
Locked cable distribution
Protected cable distribution
Cable locks
USB cables
B. The correct answer is Protected cable distribution. Protected
distribution systems are wire line or fiber optic system that includes
adequate safeguards and/or countermeasures (e.g., acoustic,
electric, electromagnetic, and physical) to permit its use for the
transmission of unencrypted information through an area of lesser
classification or control.
Go back >
275. Your friend surreptitiously sent you concealed data by
modifying a music file in a way that would not affect the sound of
the music. What method has she just used?
A.
B.
C.
D.
Lightweight steganography
Audio cryptography
Audio steganography
Lightweight cryptography
C. The correct answer is Audio steganography. Audio
Steganography is a technique used to transmit hidden information
by modifying an audio signal in an imperceptible manner. It is the
science of hiding some secret text or audio information in a host
message.
Go back >
276. The multifactor authentication system like the short message
service (SMS) is mostly affected by?
A.
B.
C.
D.
Narrow-band
SMS injection attack
Zigbee
SIM cloning
D. The correct answer is SIM cloning. SIM cloning is the process in
which a legitimate SIM card is duplicated. When the cloning is
completed, the cloned SIM card’s identifying information is
transferred onto a separate, secondary SIM card.
The secondary card can then be used in a different phone while
having all calls and associated charges attributed to the original
SIM card. The phrase SIM clone is often used to refer to the SIM
card that has been successfully duplicated.
Go back >
277. Which of the following can be deployed to ensure that some
data at rest are kept safe so that they can be manipulated and put
to use in their original form?
A.
B.
C.
D.
Hashing
Tokenization
Masking
Encryption
D. The correct answer is Encryption. Encryption is the process of
converting information or data into a code, especially to prevent
unauthorized access.
Go back >
278. Naomi has created a control system for her organization
without a network linking it to her other networks. This kind of setup
can be described as?
A.
B.
C.
D.
Screened subnet
DMZ
Air gap
Virtual local area network
C. The correct answer is Air gap. An air gap, air wall, air gapping or
disconnected network is a network security measure employed on
one or more computers to ensure that a secure computer network
is physically isolated from unsecured networks, such as the public
Internet or an unsecured local area network.
Go back >
279. John secures the original data in a Social Security Number
field to ascertain that users on his database do not get access to it.
This data security process is best described as?
A.
B.
C.
D.
Masking
Minimization
Compression
Tokenization
A. The correct answer is Masking. Data masking is a way to create
a fake, but a realistic version of your organizational data. The goal
is to protect sensitive data, while providing a functional alternative
when real data is not needed—for example, in user training, sales
demos, or software testing.
Go back >
280. The process of deploying an on-premises cloud computing
solution is known as...?
A.
B.
C.
D.
Hybrid cloud
Private cloud
Public cloud
Semi cloud
B. The correct answer is Private cloud. Private cloud (also known
as an internal cloud or corporate cloud) is a cloud computing
environment in which all hardware and software resources are
dedicated exclusively to, and accessible only by, a single customer.
Go back >
281. The physical tokens deployed for multi factor authentication
are mostly threatened by?
A.
B.
C.
D.
Loss and cloning
Theft and cloning
Theft and loss
None of the above
C. The correct answer is Theft and loss. The most likely threat to
physical tokens is theft or loss resulting in access to the token.
Go back >
282. The likely problem that might ensue from using the value
12345ABCDE678FGH as a salt to every password is?
A.
B.
C.
D.
The salt is too complex
The salt is reused
The salt doesn't contain special characters
The salt is too long
B. The correct answer is The salt is reused. You should never reuse a salt, and you should especially not hardcode it for your entire
application! A salt has several purposes (defeating rainbow table
attacks and others based on pre-computation).
However, a salt also prevents an attacker from trying to break
multiple users' passwords at once. If you use a salt that is not
unique, an attacker could trivially build a rainbow table for your
application, or attack a batch of users. This is almost as bad as
having no salt!
Go back >
283. Which of the following is the process of reducing or eliminating
an unwanted magnetic field (or data) stored on tape and disk media
such as computer and laptop hard drives?
A.
B.
Pulping
Pulverizing
C.
D.
Degaussing
Burning
C. The correct answer is Degaussing. Degaussing is the process of
reducing or eliminating an unwanted magnetic field (or data) stored
on tape and disk media such as computer and laptop hard drives,
diskettes, reels, cassettes and cartridge tapes.
Go back >
284. By using the most popular method of dispersal, datacenters
should best be kept at what distance from each other to ensure that
they are in line with the geographic dispersal requirement?
A.
B.
C.
D.
100 miles
200 miles
50 miles
500 miles
A. The correct answer is 100 miles. Distance recommendations
usually range between 60 to 120 miles away; this ensures that no
single disaster can affect both locations.
Go back >
285. The process of extending cloud computing to the edge of an
enterprise network is best described as?
A.
B.
C.
D.
Edge computing
Fog computing
On-premise computing
Network computing
B. The correct answer is Fog computing. Fog computing or fog
networking, also known as fogging, is an architecture that uses
edge devices to carry out a substantial amount of computation,
storage, and communication locally and routed over the Internet
backbone.
Go back >
286. Which of the following is a password-hashing algorithm based
on the Blowfish cipher?
A.
B.
C.
D.
Dcrypt
Acrypt
Bcrypt
Fcrypt
B. The correct answer is Bcrypt. BCRYPT is a password-hashing
algorithm based on the Blowfish cipher.
Go back >
287. Which of the listed technologies would be the best in
implementing a directory service?
A.
B.
C.
D.
DLL
SQL
XML
LDAP
D. The correct answer is LDAP. The Lightweight Directory Access
Protocol is an open, vendor-neutral, industry standard application
protocol for accessing and maintaining distributed directory
information services over an Internet Protocol network.
Go back >
288. What is the first condition to check when setting up a wireless
network in which the access points are placed at positions where
they offer maximum coverage, while also considering plans for any
means of RF interference?
A.
B.
C.
D.
Conduct a site survey
Check channel overlaps
Install WPA3
Configure IEEE 802.1X
A. The correct answer is Conduct a site survey. A Wireless Site
Survey is recommended when implementing a wireless network.
When deploying a wireless network, we are looking for the optimal
wireless coverage and performance with the minimal use of
equipment. This saves on time, man power and equipment cost. A
wireless site survey will provide this information by revealing places
of signal interferences, places where signals are weaker and areas
of no signals (dead zones).
A wireless survey also helps to avoid interference due to existing
radio sources and interferences cause by physical structures such
columns, beams, walls, and metal objects. In fact anything can
affect the radio signal profile of a site including furniture and people.
It is important to remember that the objective of a wireless site
survey is to determine the feasibility of deploying a wireless
network to meet your needs and to determine how to deploy a
wireless network within the constraints of your site.
Go back >
289. The lateral traffic movement within a network is mostly
regarded as?
A.
B.
C.
D.
Extranet
Screened subnet
East-west traffic
Intranet
C. The correct answer is East-west traffic. East-west traffic, in a
networking context, is the transfer of data packets from server to
server within a data center. The term east-west for this type of
traffic comes from network diagram drawings that usually depict
local area network (LAN) traffic horizontally.
In contrast, north-south traffic describes client-to-server traffic that
moves between the data center and a location outside of the data
center network. North-south traffic is typically depicted vertically to
illustrate traffic that flows above or below the data center.
Go back >
290. A user that tries to connect to a wireless network but is
redirected to a site that asks them to provide their email details,
then they are given access to use the internet for free after
providing the details. Which of the following technologies must have
been used for that?
A.
B.
C.
D.
A WiFi Protected Setup
A captive portal
A heat map
A layer 2 tunneling
B. The correct answer is A captive portal. A captive portal is a web
page accessed with a web browser that is displayed to newly
connected users of a Wi-Fi or wired network before they are
granted broader access to network resources.
Captive portals are commonly used to present a landing or log-in
page which may require authentication, payment, acceptance of an
end-user license agreement, acceptable use policy, survey
completion, or other valid credentials that both the host and user
agree to adhere to.
Go back >
291. The DNSSEC when deployed, has what function?
A.
B.
C.
D.
Integrity
Availability
Confidentiality
None of the above
A. The correct answer is Integrity. The Domain Name System
Security Extensions (DNSSEC) is a feature of the Domain Name
System (DNS) that authenticates responses to domain name
lookups. It does not provide privacy protections for those lookups,
but prevents attackers from manipulating or poisoning the
responses to DNS requests.
Go back >
292. Which of these protocols should be deployed to be able to use
a command-line shell over a system connected through an
encrypted channel?
A.
B.
C.
D.
HTTPS
RDS
Telnet
SSH
D. The correct answer is SSH. Secure Shell is a cryptographic
network protocol for operating network services securely over an
unsecured network. Typical applications include remote commandline, login, and remote command execution, but any network
service can be secured with SSH.
Go back >
293. The SRTP is mostly deployed to be used for what type of
communication?
A.
B.
C.
D.
HVAC
MFP
VoIP
RTOS
C. The correct answer is VoIP. Voice over Internet Protocol, also
called IP telephony, is a method and group of technologies for the
delivery of voice communications and multimedia sessions over
Internet Protocol networks, such as the Internet.
Go back >
294. FTPS traffic is mostly implemented on two major ports namely:
A.
B.
C.
D.
67 and 68
455 and 453
21 and 990
80 and 443
C. The correct answer is 21 and 990. FTPS (also known FTP-SSL,
and FTP Secure) is an extension to the commonly used File
Transfer Protocol (FTP) that adds support for the Transport Layer
Security (TLS) and, formerly, the Secure Sockets Layer (SSL,
which is now prohibited by RFC7568) cryptographic protocols.
FTP/S commonly runs on port 990 and sometimes on port 21, the
primary difference being that port 990 is an Implicit FTP/S, and port
21 is an Explicit FTP/S. If a client connects to an FTP/S server on
port 990, the assumption is that the client intends to perform SSL.
Go back >
295. Which of the listed devices would best execute these rules:
PERMIT IP ANY EQ 80
PERMIT IP ANY EQ 43
DENY IP ANY ANY
A.
B.
C.
D.
Hub
Firewall
Switch
WAP
B. The correct answer is Firewall. A firewall has two types of rules.
One type is to allow specific traffic on a given port. The other type
of rule is to deny traffic. the example is a firewall rule.
Go back >
296. Which of the listed protocols is best used to validate
certificates and check if they have been revoked?
A.
B.
C.
D.
OCSP
CSR
CRL
RA
A. The correct answer is OCSP. The Online Certificate Status
Protocol is an Internet protocol used for obtaining the revocation
status of an X.509 digital certificate. It is described in RFC 6960
and is on the Internet standards track.
Go back >
297. Most geofencing applications are usually deployed on which
two major connections?
A.
B.
C.
D.
Bluetooth and RFID
Wi-Fi and Bluetooth
GPS and Bluetooth
GPS and Wi-Fi
D. The correct answer is GPS and Wi-Fi. Geofencing is a locationbased service in which an app or other software uses GPS, RFID,
Wi-Fi or cellular data to trigger a pre-programmed action when a
mobile device or RFID tag enters or exits a virtual boundary set up
around a geographical location, known as a geofence.
Go back >
298. A firewall that scrutinizes the context and contents of every
packet it comes across is classified as…?
A.
B.
C.
D.
Stateless packet filtering firewall
Stateful packet filtering firewall
Web application firewall
Unified threat management
B. The correct answer is Stateful packet filtering firewall. Stateful
inspection, also known as dynamic packet filtering, is a firewall
technology that monitors the state of active connections and uses
this information to determine which network packets to allow
through the firewall.
Go back >
299. An identity management system requests for users addresses,
job titles and birth dates. This type of information is best known as?
A.
B.
C.
D.
Roles
Attributes
Tokens
Details
B. The correct answer is Attributes. Identity attributes for people are
things like name, address, date-of-birth, and fingerprints; the
questions often asked in order to identify a person requesting a
driver's license or hospital admission provide good examples of
identity attributes.
Go back >
300. Which of the listed options should first be considered whilst
trying to enhance security on an organization’s network?
A.
B.
C.
D.
Create multiple VLANs
Uninstall unneeded applications on all workstations
Disable unneeded services on all workstations
Install antivirus on all workstations
C. The correct answer is Disable unneeded services on all
workstations. Disabling unneeded services on all computers is one
of the best ways to harden the operating system, and that is the
first step in strengthening security.
Go back >
KNOWDIRECT.ORG FREE ACCESS
Go to www.knowdirect.com/contact/ to request a free access to online simulators.
Download