1. The __________ defines stiffer penalties for prosecution of terrorist crimes.
Answer
Correct Answer:
USA Patriot Act
Note: This Question is unanswered, help us to find answer for this one
2. Zero-day attacks might be stopped by ________ detection.
Answer
Correct Answer:
Anomaly.
Note: This Question is unanswered, help us to find answer for this one
3. Your organization service customer orders with a custom ordering system developed in-hose. You are responsible for recommending a cloud model to meet the following requirements: Control of security required for regulatory compliance Legacy application and database support Scalability to meet seasonal increases in demand Which cloud model is the best option for these requirements?
Answer
Correct Answer:
Hybrid cloud
Note: This Question is unanswered, help us to find answer for this one
4. You are researching probable threats to your company’s internet-facing web applications. Which organization should you reference as an authoritative source for information on web-based attack vectors?You are researching probable threats to your company’s internet-facing web applications. Which organization should you reference as an authoritative source for information on web-based attack vectors?
Answer
Correct Answer:
OWASP
Note: This Question is unanswered, help us to find answer for this one
5. You are part of of an incident response team at your company. While sifting through log files collected by a SIEM, you discover some suspicious log entries that you want to investigate further. Which type of the following best refers to those recorded activities demanding additional scrutiny?
Answer
Correct Answer:
Event
Note: This Question is unanswered, help us to find answer for this one
6. Which type of attack targets vulnerabilities associated with translating MAC addresses into IP addresses in computer networking?
Answer
Correct Answer:
ARP spoofing
Note: This Question is unanswered, help us to find answer for this one
7. There are connection-oriented and connectionless protocols in networking. What do web browsers use to ensure the integrity of the data it sends and receives?
Answer
Correct Answer:
TCP that is connection-oriented (not too much sure)
Note: This Question is unanswered, help us to find answer for this one
8. You believe a recent service outage due to a denial-of-service attack from a disgruntled inside source. What is the name for the malicious act this employee has committed?
Answer
Correct Answer:
Sabotage (not too much sure)
Note: This Question is unanswered, help us to find answer for this one
9. Which phase of the incident response process happens immediately following identification?
Answer
Correct Answer:
Reporting
Note: This Question is unanswered, help us to find answer for this one
10. Which information security principle states that organizations should defend systems against any particular attack using several independent methods?
Answer
Correct Answer:
Defense-in-depth
Note: This Question is unanswered, help us to find answer for this one
11. Which option is a mechanism to ensure non-repudiation?
Answer
Correct Answer:
Asymmetric-key encryption
Note: This Question is unanswered, help us to find answer for this one
12. When does static application security testing require access to source code?
Answer
Correct Answer:
Always
Note: This Question is unanswered, help us to find answer for this one
13. What is the difference between DevOps and DevSecOps?
Answer
Correct Answer:
DevSecOps requires the inclusion of cybersecurity engineers in the CI/CD process of DevOps.
Note: This Question is unanswered, help us to find answer for this one
14. Which compliance framework governs requirements for the U.S. healthcare industry?
Answer
Correct Answer:
HIPAA
Note: This Question is unanswered, help us to find answer for this one
15. The regulatory requirements for notifications of data breaches, particularly the European General Data Protection Regulations, have had what sort of effect on business?
Answer
Correct Answer:
An increased business liability in the event of a data breach
Note: This Question is unanswered, help us to find answer for this one
16. The most notorious military-grade advanced persistent threat was deployed in 2010, and targeted centrifuges in Iran. What was this APT call?
Answer
Correct Answer:
Stuxnet
Note: This Question is unanswered, help us to find answer for this one
17. How does ransomware affect a victim's files?
Answer
Correct Answer:
By encrypting them
Note: This Question is unanswered, help us to find answer for this one
18. To implement encryption in transit, such as with the HTTPS protocol for secure web browsing, which type(s) of encryption is/are used?
Answer
Correct Answer:
Both symmetric and asymmetric
Note: This Question is unanswered, help us to find answer for this one
19. Which programming language is most susceptible to buffer overflow attacks?
Answer
Correct Answer:
C
Note: This Question is unanswered, help us to find answer for this one
20. You have just identified and mitigated an active malware attack on a user's computer, in which command and control was established. What is the next step in the process?
Answer
Correct Answer:
Eradiction / Remediation
Note: This Question is unanswered, help us to find answer for this one
21. Which encryption type uses a public and private key pair for encrypting and decrypting data?
Answer
Correct Answer:
Asymmetric
Note: This Question is unanswered, help us to find answer for this one
22. You have recovered a server that was compromised in a malware attack to its previous state. What is the final step in the incident response process?
Answer
Correct Answer:
Eradication / Remediation
Note: This Question is unanswered, help us to find answer for this one
23. Sharing account credentials violates the _ aspect of access control.
Answer
Correct Answer:
Authorization
Note: This Question is unanswered, help us to find answer for this one
24. You are responsible for managing security of your organization's public cloud infrastructure. You need to implement security to protect the data and applications running in a variety of IaaS and PaaS services, including a new Kubernetes cluster. What type of solution is best suited to this requirement?
Note: This Question is unanswered, help us to find answer for this one
25. You have been tasked with recommending a solution to centrally manage mobile devices used throughout your organization. Which technology would best meet this need?
Answer
Correct Answer:
Mobile Device Management (MDM)
Note: This Question is unanswered, help us to find answer for this one
26. You are at a coffee shop and connect to a public wireless access point (WAP). What a type of cybersecurity attack are you most likely to experience?
Answer
Correct Answer:
Man-in-the-middle attack
Note: This Question is unanswered, help us to find answer for this one
27. You are a recent cybersecurity hire, and your first assignment is to present on the possible threats to your organization. Which of the following best describes the task?
Answer
Correct Answer:
Risk management
Note: This Question is unanswered, help us to find answer for this one
28. Which cyberattack aims to exhaust an application's resources, making the application unavailable to legitimate users?
Answer
Correct Answer:
Distributed Denial of Service (DDoS)
Note: This Question is unanswered, help us to find answer for this one
29. What is the process of challenging a user to prove their identity?
Answer
Correct Answer:
Authentication
Note: This Question is unanswered, help us to find answer for this one
30. Virtual Private Networks (VPNs) use _ to create a secure connection between two networks.
Answer
Correct Answer:
Encryption
Note: This Question is unanswered, help us to find answer for this one
31. Which malware changes an operating system and conceals its tracks?
Answer
Correct Answer:
Rootkit
Note: This Question is unanswered, help us to find answer for this one
32. When implementing a data loss prevention (DLP) strategy, what is the first step in the process?
Answer
Correct Answer:
Evaluate the features of available DLP products to determine which best meet your organizations's needs.
Note: This Question is unanswered, help us to find answer for this one
33. Which option is an open-source solution to scanning a network for active hosts and open ports?
Answer
Correct Answer:
Nmap
Note: This Question is unanswered, help us to find answer for this one
34. Which type of security assessment requires access to source code?
Answer
Correct Answer:
Static analysis
Note: This Question is unanswered, help us to find answer for this one
35. SQL injection inserts a code fragment that makes a database statement universally true, like _.
Answer
Correct Answer:
SELECT * FROM users WHERE username =
Note: This Question is unanswered, help us to find answer for this one
36. Which attack exploits input validation vulnerabilities?
Answer
Correct Answer:
Cross-site scripting (XSS)
Note: This Question is unanswered, help us to find answer for this one
37. Which is not a principle of zero trust security?
Answer
Correct Answer:
Trust but verify
Note: This Question is unanswered, help us to find answer for this one
38. According to GDPR, a data _ is the person about whom data is being collected.
Answer
Correct Answer:
Subject
Note: This Question is unanswered, help us to find answer for this one
39. What act grants an authenticated party permission to perform an action or access a resource?
Answer
Correct Answer:
Authorization
Note: This Question is unanswered, help us to find answer for this one
40. Which type of application can intercept sensative information such as passwoprds on a network segment?
Answer
Correct Answer:
Protocol analyzer
Note: This Question is unanswered, help us to find answer for this one
41. What provides a common language for describing security incidents in a structures and repeatable manner?
Answer
Correct Answer:
Common vulnerabilties and exposures
Note: This Question is unanswered, help us to find answer for this one
42. How many keys would be necessary to accomodate 100 users in an asymmetric cryptography system?
Answer
Correct Answer:
200
Note: This Question is unanswered, help us to find answer for this one
43. You need to disable the camera on corporate devices to prevent screen capture and recording of sensitive documents, meetings, and conversations. Which solution would be be suited to the task?
Answer
Correct Answer:
Mobile Device Management (MDM)
Note: This Question is unanswered, help us to find answer for this one
44. You organization is conducting a pilot deployment of a new e-commerce application being considered for purchase. You need to recommend a strategy to evaluate the security of the new software. Your organization does not have access to the application's source code. Which strategy should you choose?
Note: This Question is unanswered, help us to find answer for this one
45. Which is not a threat modeling methodology?
Answer
Correct Answer:
TOGAF
Note: This Question is unanswered, help us to find answer for this one
46. Your security team recommends adding a layer of defense against emerging persistent threats and zero-day exploits for all endpoints on your network. The solution should offer protection from external threats for network-connected devices, regardless of operating system. Which solution is best suited to meet this requirement?
Answer
Correct Answer:
Next generation firewall (NGFW)
Note: This Question is unanswered, help us to find answer for this one
47. What is the name for a short-term interruption in electrical power supply?
Answer
Correct Answer:
Blackout
Note: This Question is unanswered, help us to find answer for this one
48. What is the term for the policies and technologies implemented to protect, limit, monitor, audit, and govern identities with access to sensitive data and resources?
Answer
Correct Answer:
Identity and access management (IAM)
Note: This Question is unanswered, help us to find answer for this one
49. Which is an example of privacy regulation at the state government level in the U.S.?
Answer
Correct Answer:
CCPA
Note: This Question is unanswered, help us to find answer for this one
50. _ validates the integrity of data files.
Answer
Correct Answer:
Hashing
Note: This Question is unanswered, help us to find answer for this one
51. You need to recommend a solution to automatically assess your cloud-hosted VMs against CIS benchmarks to identify deviations from security best practices. What type of solution should you recommend?
Note: This Question is unanswered, help us to find answer for this one
52. Which aspect of cybersecurity do Distributed Denial of Service (DDoS) attacks affect the most?
Answer
Correct Answer:
Availability
Note: This Question is unanswered, help us to find answer for this one
53. What is the difference between DRP and BCP
Answer
Correct Answer:
DRP works to keep a business up and running despite a disaster. BCP works to restore the original business capabilities.
Note: This Question is unanswered, help us to find answer for this one
54. You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?
Answer
Correct Answer:
Symmetric encryption
Note: This Question is unanswered, help us to find answer for this one
55. Which option describes the best defense against collusion?
Answer
Correct Answer:
Separation of duties and job rotation
Note: This Question is unanswered, help us to find answer for this one
56. Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?
Note: This Question is unanswered, help us to find answer for this one
57. In black box penetration testing, what information is provided to the tester about the target environment?
Answer
Correct Answer:
None
Note: This Question is unanswered, help us to find answer for this one
58. Which option describes testing that individual software developers can conduct on their own code?
Answer
Correct Answer:
Unit testing
Note: This Question is unanswered, help us to find answer for this one
59. Packet sniffer is also called _.
Answer
Correct Answer:
Protocol analyzer
Note: This Question is unanswered, help us to find answer for this one
60. Which security control cannot produce an active response to a security event?
Answer
Correct Answer:
Intrusion detection system (IDS)
Note: This Question is unanswered, help us to find answer for this one
61. Your organization recently implemented a unified messaging solution and VoIP phones on every desktop. You are responsible for researching the vulnerabilities of the VoIP system. Which type of attack are VoIP phones most vulnerable to experiencing?
Answer
Correct Answer:
Denial-of-service
Note: This Question is unanswered, help us to find answer for this one
62. According to the shared responsibility model, which cloud computing model places the most responsibility on the cloud service provider (CSP)?
Answer
Correct Answer:
Platform as a Service (PaaS)
Note: This Question is unanswered, help us to find answer for this one
63. If a competitor reverse engineers a trade secret, then the competitor is ________.
Answer
Correct Answer:
Allowed to use the trade secret but not the original trademark
Note: This Question is unanswered, help us to find answer for this one
64. The foundation of integrity is your __________ system.
Answer
Correct Answer:
Personal values
Note: This Question is unanswered, help us to find answer for this one
65. The increased use of data mining can be attributed to the ________.
Answer
Correct Answer:
Decentralization of data
Note: This Question is unanswered, help us to find answer for this one
66. Proxy servers perform operations on ____-level data.
Answer
Correct Answer:
Application
Note: This Question is unanswered, help us to find answer for this one
67. Static packet filtering is sometimes used ________.
Answer
Correct Answer:
Both as secondary filtering mechanism on an application proxy firewall and on border routers
Note: This Question is unanswered, help us to find answer for this one
68. In ________ filtering, the firewall examines packets entering the network from the outside.
Answer
Correct Answer:
Ingress
Note: This Question is unanswered, help us to find answer for this one
69. After a programmer plans the logic of a program, the next step is ____.
Answer
Correct Answer:
Code the program
Note: This Question is unanswered, help us to find answer for this one
70. A security awareness program includes ________
Answer
Correct Answer:
All of the above
Note: This Question is unanswered, help us to find answer for this one
71. The us anticybersquatting act makes ____ cybersquatting illegal
Answer
Correct Answer:
Domain name
Note: This Question is unanswered, help us to find answer for this one
72. The u.s. anticybersquatting consumer protection act of 1999 makes ____ cybersquatting illegal.
Answer
Correct Answer:
Domain name
Note: This Question is unanswered, help us to find answer for this one
