Cyber Security MCQ Questions Answers

1. With the ____ tool, you can ping multiple ip addresses simultaneously.

2. The __________ defines stiffer penalties for prosecution of terrorist crimes.

3. Zero-day attacks might be stopped by ________ detection.

4. Your organization service customer orders with a custom ordering system developed in-hose. You are responsible for recommending a cloud model to meet the following requirements: Control of security required for regulatory compliance Legacy application and database support Scalability to meet seasonal increases in demand Which cloud model is the best option for these requirements?

5. Which action is most likely to simplify security staff training, improve integration between security components, and reduce risk to the business? (Choose the best answer.)Which action is most likely to simplify security staff training, improve integration between security components, and reduce risk to the business? (Choose the best answer.)

6. You are researching probable threats to your company’s internet-facing web applications. Which organization should you reference as an authoritative source for information on web-based attack vectors?You are researching probable threats to your company’s internet-facing web applications. Which organization should you reference as an authoritative source for information on web-based attack vectors?

7. Site-to-site VPN provides access from one network address space (192.168.0.0/24) to another network address space _.Site-to-site VPN provides access from one network address space (192.168.0.0/24) to another network address space _.

8. You are responsible for forensic investigations in your organization.You have been tasked with investigating a compromised virtual application server. Becase a revenue generating application runs on the server, the server needs to be returned to service as quickly as possible. What is the next step you should take to best fulfill your responsibilities and meet the needs of the business?

9. You are part of of an incident response team at your company. While sifting through log files collected by a SIEM, you discover some suspicious log entries that you want to investigate further. Which type of the following best refers to those recorded activities demanding additional scrutiny?

10. Which type of attack targets vulnerabilities associated with translating MAC addresses into IP addresses in computer networking?

11. There are connection-oriented and connectionless protocols in networking. What do web browsers use to ensure the integrity of the data it sends and receives?

12. Which option is a framework widely utilized by organizations in the development of security governance standards?

13. You believe a recent service outage due to a denial-of-service attack from a disgruntled inside source. What is the name for the malicious act this employee has committed?

14. Which phase of the incident response process happens immediately following identification?

15. Which option describes a core principle of DevSecOps?

16. Which information security principle states that organizations should defend systems against any particular attack using several independent methods?

17. Which software development lifecycle approach is most compatible with DevSecOps?

18. Which option is a mechanism to ensure non-repudiation?

19. Executives in your organization exchange emails with external business partners when negotiating valuable business contracts. To ensure that these communications are legally defensible, the security team has recommended that a digital signature be added to these message. What are the primary goals of the digital signature in this scenario? (Choose the best answer.)

20. You have just conducted a port scan of a network. There is no well-known port active. How do you find a webserver running on a host, which uses a random port number?

21. When does static application security testing require access to source code?

22. What is the difference between DevOps and DevSecOps?

23. Which compliance framework governs requirements for the U.S. healthcare industry?

24. The regulatory requirements for notifications of data breaches, particularly the European General Data Protection Regulations, have had what sort of effect on business?

25. In 2014, 4,278 IP addresses of zombie computers were used to flood a business with over one million packets per minute for about one hour. What is this type of attack called?

26. You are implementing a cybersecurity program in your organization and want to use the "de facto standard" cybersecurity framework. Which option would you choose?

27. According to NIST, what is the first action required to take advantage of the cybersecurity framework?

28. What are the essential characteristics of the reference monitor?

29. Which main reference coupled with the Cloud Security Alliance Guidance comprise the Security Guidance for Critical Areas of Focus in Cloud Computing?

30. Which organization has published the most comprehensive set of controls in its security guideline for the Internet of Things?

31. Which security control scheme do vendors often submit their products to for evaluation, to provide an independent view of product assurance?

32. There are four possible treatments once an assessment has identified a risk. Which risk treatment implements controls to reduce risk?

33. You have implemented controls to mitigate the threats, vulnerabilities, and impact to your business. Which type of risk is left over?

34. Which organization, established by NIST in 1990, runs workshops to foster coordination in incident prevention, stimulate rapid reaction to incidents, and allow experts to share information?

35. NIST SP 800-53 is one of two important control frameworks used in cybersecurity. What is the other one?

36. Your incident response team is unable to contain an incident because they lack authority to take action without management approval. Which critical step in the preparation phase did your team skip?

37. How often is the ISF Standard of Good Practice updated?

38. You are working in the security operations center analyzing traffic on your network. You detect what you believe to be a port scan. What does this mean?

39. The ASD Top Four are application whitelisting, patching of applications, patching of operating systems, and limiting administrative privileges. What percent of breaches do these account for?

40. FUD is expensive and often causes high drama over low risk. Which computer chip exploits were reported by CNN as needing to be completely replaced, but were later fixed with firmware updates?

41. To prevent an incident from overwhelming resources, _ is necessary.

42. Where would you record risks that have been identified and their details, such as their ID and name, classification of information, and the risk owner?

43. The most notorious military-grade advanced persistent threat was deployed in 2010, and targeted centrifuges in Iran. What was this APT call?

44. NIST issued a revision to SP 800-37 in December 2018. It provides a disciplined, structured, and flexible process for managing security and privacy risk. Which type of document is SP 800-37?

45. You choose a cybersecurity framework for your financial organization that implements an effective and auditable set of governance and management processes for IT. Which framework are you choosing?

46. Your computer has been infected, and is sending out traffic to a targeted system upon receiving a command from a botmaster. What condition is your computer currently in?

47. How does ransomware affect a victim's files?

48. Which type of program uses Windows Hooks to capture keystrokes typed by the user, hides in the process list, and can compromise their system as well as their online access codes and password?

49. To implement encryption in transit, such as with the HTTPS protocol for secure web browsing, which type(s) of encryption is/are used?

50. Which list correctly describes risk management techniques?

51. Which programming language is most susceptible to buffer overflow attacks?

52. You have just identified and mitigated an active malware attack on a user's computer, in which command and control was established. What is the next step in the process?

53. Which encryption type uses a public and private key pair for encrypting and decrypting data?

54. You have recovered a server that was compromised in a malware attack to its previous state. What is the final step in the incident response process?

55. Sharing account credentials violates the _ aspect of access control.

56. You are responsible for managing security of your organization's public cloud infrastructure. You need to implement security to protect the data and applications running in a variety of IaaS and PaaS services, including a new Kubernetes cluster. What type of solution is best suited to this requirement?

57. The DLP project team is about to classify your organization's data. Whats is the primary purpose of classifying data?

58. Which type of vulnerability cannot be discovered in the course of a typical vulnerability assessment?

59. You have been tasked with recommending a solution to centrally manage mobile devices used throughout your organization. Which technology would best meet this need?

60. You are at a coffee shop and connect to a public wireless access point (WAP). What a type of cybersecurity attack are you most likely to experience?

61. You are a recent cybersecurity hire, and your first assignment is to present on the possible threats to your organization. Which of the following best describes the task?

62. Which cyberattack aims to exhaust an application's resources, making the application unavailable to legitimate users?

63. What is the process of challenging a user to prove their identity?

64. Virtual Private Networks (VPNs) use _ to create a secure connection between two networks.

65. Which malware changes an operating system and conceals its tracks?

66. When implementing a data loss prevention (DLP) strategy, what is the first step in the process?

67. Which option is an open-source solution to scanning a network for active hosts and open ports?

68. Which type of security assessment requires access to source code?

69. SQL injection inserts a code fragment that makes a database statement universally true, like _.

70. You are a security analyst, and you receive a text message alerting you of a possible attack. Which security control is the least likely to produce this type of alert?

71. Which attack exploits input validation vulnerabilities?

72. Which is not a principle of zero trust security?

73. According to GDPR, a data _ is the person about whom data is being collected.

74. What act grants an authenticated party permission to perform an action or access a resource?

75. An attacker has discovered that they can deduce a sensitive piece of confidential information by analyzing multiple pieces of less sensitive public data. What type of security issue exists?

76. Which type of application can intercept sensative information such as passwoprds on a network segment?

77. What provides a common language for describing security incidents in a structures and repeatable manner?

78. Two competing online retailers process credit card transactions for customers in countries on every continent. One organization is based in the United States. The other is based in the Netherlands. With which regulation must both countries comply while ensuring the security of these transactions?

79. How many keys would be necessary to accomodate 100 users in an asymmetric cryptography system?

80. You need to disable the camera on corporate devices to prevent screen capture and recording of sensitive documents, meetings, and conversations. Which solution would be be suited to the task?

81. You organization is conducting a pilot deployment of a new e-commerce application being considered for purchase. You need to recommend a strategy to evaluate the security of the new software. Your organization does not have access to the application's source code. Which strategy should you choose?

82. Which is not a threat modeling methodology?

83. Your security team recommends adding a layer of defense against emerging persistent threats and zero-day exploits for all endpoints on your network. The solution should offer protection from external threats for network-connected devices, regardless of operating system. Which solution is best suited to meet this requirement?

84. What is the name for a short-term interruption in electrical power supply?

85. You have configured audit settings in your organization's cloud services in the event of a security incident. What type of security control is an audit trail?

86. What is the term for the policies and technologies implemented to protect, limit, monitor, audit, and govern identities with access to sensitive data and resources?

87. Which is an example of privacy regulation at the state government level in the U.S.?

88. _ validates the integrity of data files.

89. You need to recommend a solution to automatically assess your cloud-hosted VMs against CIS benchmarks to identify deviations from security best practices. What type of solution should you recommend?

90. Which aspect of cybersecurity do Distributed Denial of Service (DDoS) attacks affect the most?

91. What is the difference between DRP and BCP

92. You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?

93. During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time?

94. Which option describes the best defense against collusion?

95. Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?

96. In black box penetration testing, what information is provided to the tester about the target environment?

97. Which option describes testing that individual software developers can conduct on their own code?

98. Which option tests code while it is in operation?

99. Packet sniffer is also called _.

100. Which security control cannot produce an active response to a security event?