ITN260 final

The following statements regarding centralized administration concepts are presented to you in an interview in which only one of them is correct. Which of these is correct?

a. A RADIUS client can be defined as a desktop or a wireless laptop requesting authentication

b. Directory service is an XML standard that allows secure web domains to exchange user authentication and authorization data

c. The transport protocol used by RADIUS is TCP

d. Extensible authentication protocol is a framework to transport authenticaiton protocols

d. Extensible authentication protocol is a framework to transport authentication protocols

In an interview, you are asked to compare the following statements regarding different authentication concepts and identify the correct statement. Which of the following statements is correct?

a. A HMAC-based one-time password (HOTP) changes after a set period of time

b. A person's vein can be used to uniquely authenticate an individual

c. A windowed token displays a static code

d. Physiological biometrics is relating to the way in which the mind functions

b. A person's vein can be used to uniquely authenticate an individual

An attacker collected many usernames from a webite and tried to login into the accounts using the password "passw0rd". What type of attack was this?

a. Pass the hash attack

b. Password spraying

c. Password phishing

d. Brute force attack

b. Password spraying

Which of the following is a motherboard chip that provides cryptographic services?

a. Trusted platform module

b. Security key

c. Hardware security module

d. Windowed token

a. Trusted platform module

You are a cyber forensic specialist, and you are asked to retrieve the password of an employee account suspected of being an imposter. As you are provided with the enterprise's strong password policy, which of the following methods will be the easiest for you to use when retrieving the password?

a. Brute force attack

b. Rule attack

c. Dictionary attack

d. Hybrid attack

b. Rule attack

Sam is working as a cybersecurity expert. An enterprise that manages nuclear powerplants approached Sam's company to install an authentication facility for its employees when they access the nuclear plant. The enterprise is demanding multifactor authentication with high security, lowest false acceptance rate, and lowest false rejection rates.

Which of the following authentication methods should Sam apply?

a. PIN and password

b. PIN and fingerprint scanner

c. PIN and face recognition

d. PIN and gait recognition

d. PIN and gait recognition

Which of the following best describes a preimage attack?

a. Cracking picture-based passwords

b. Cracking the password by trying all possible alphanumeric combinations

c. Comparing a known digest with an unknown digest

d. Embedding password-logging malware in an image file

c. Comparing a known digest with an unknown digest

In a multifactor authentication-enabled facility, you are asked the following question: "What type of food was served on your child's first birthday?" Which of the following is the authentication method used here?

a. Behavioral biometrics

b. Cognitive biometrics

c. Physiological biometrics

d. Security key authentication

b. Cognitive biometrics

The following data is being used for a password attack: "?u ?l ?l ?l ?l ?d ?d ?d ?d."

Which of the following types of attack is this?

a. Password spraying

b. Rule attack

c. Dictionary attack

d. Brute force attack

b. Rule attack

How does the single sign-on enhance secure authentication?

a. Implementing a single sign-on will reduce the number of passwords needing to be remembered

b. Implementing a single sign-on will reduce the time required for authentication

c. Implementing a single sign-on will make the entity completely invulnerable

d. Implementing a single sign-on will reduce the probability of a brute force attack

a. Implementing a single sign-on will reduce the number of passwords needing to be remembered

Which of the following is an authentication system that uses UDP over TCP?

a. OAuth

b. TACACS+

c. RADIUS.

d. Shibboleth

c. RADIUS

Ram's enterprise is hosting a web app that requires authentication. Recently, the password digest files of other enterprises were stolen, and the attackers cracked the passwords with ease. As such, Ram was asked to implement additional security measures for the web app's passwords. Which of the following methods should Ram apply?

a. He should use a password key

b. He should use a password vault

c. He should add salts to the hashes

d. He should use Key strectching

d. He should use Key stretching

A security breach recently occurred in your enterprise. During the incident investigation, you are asked to examine network-based device logs. Which of the following network devices should you examine first?

a. NIDS and NIPS

b. Firewall

c. Routers and switches

d. DNS

b. Firewall

In an interview, you are asked to explain why software forensic tools are used more than forensic hardware workstations. How should you reply?

a. Forensic hardware workstations make forensic operations more difficult to perform than forensic operatoins performed by forensic software tools

b. Forensic hardware workstations have limited functionalities compared to forensic software tools

c. Forensic hardware workstations are more expensive than forensic software tools

d. Forensic hardware workstations are slower than forensic software tools

c. Forensic hardware workstations are more expensive than forensic software tools

In a security review meeting, you are asked to make sure that the cybersecurity team is constantly updated on the tactics used by threat actors when they interact with systems during an attack. To which of the following attack frameworks will you refer to meet the goal?

a. SEAndriod

b. Cyber Kill Chain

c. MITRE ATT&CK

d. The Diamond Model of Intrusion Analysis

c. MITRE ATT&CK

Which of the following access control schemes is most secure?

a. Rule-based access control

b. Mandatory access control

c. Discretionary access control

d. Role-based access control

b. Mandatory access control

While talking to a new client, the client asked you why access control is mostly used in enterprise networks rather than home networks.

How should you reply?

a. An enterprise network will have more sensitive and confidential information

b. Access controls can only be configured by security admins

c. Enterprises attract more business when using access control

d. The devices required for access control can only be afforded by an enterprise

a. An enterprise network will have more sensitive and confidential information

Containment is most effective when the network is properly designed. Which of the following contributes to effective network design?

a. Access control list

b. Access control scheme

c. Network segmentation

d. SOAR runbooks

c. Network segmentation

Which of the following attack frameworks illustrate that attacks are an integrated end-to-end process, and disrupting any one of the steps will interrupt the entire attack process?

a. MITRE ATT&CK

b. Cyber Kill Chain

c. The Diamond Model of Intrusion Analysis

d. Command and Control

b. Cyber Kill Chain

In a security meeting, you are asked to suggest access control schemes in which you have high flexibility when configuring access to the enterprise resources.

Which of the following should you suggest?

a. Attribute-based access control

b. Rule-based access control

c. Role-based access control

d. Mandatory access control

a. Attribute-based access control

You are a cybersecurity investigator and you're asked to query log files for faster analysis. Which of the following log management tools should you use?

a. nxlog

b. journalctl

c. syslog-ng

d. rsyslog

b. journalctl

In a security meeting, you were asked about which response method would require less manual intervention per response. Which of the following should you choose?

a. Cyber Kill Chain

b. Playbook

c. The Diamond Model of Intrusion Analysis

d. Runbook

d. Runbook

Primary investigation after an enterprise security breach revealed that the breach was caused by an unauthorized device physically connected to the enterprise network. Which of the following logs should you examine first while conducting a detailed investigation?

a. Firewall logs

b. DHCP server logs

c. Email server logs

d. DNS server logs

b. DHCP server logs

You are working as a security administrator. Your enterprise has asked you to choose an access control scheme in which a user is authorized to access the resources if the user has a specific attribute and denied if they don't.

Which of the following access control schemes should you choose?

a. Attribute-based access control

b. Rule-based access control

c. Role-based access control

d. Mandatory access control

a. Attribute-based access control

Which of the following network-based device logs are the least important when performing an incident investigation?

a. Web servers

b. Firewalls

c. DHCP servers

d. Routers and Switches

d. Routers and Switches

In a security review meeting, you proposed using a windowed token with a time-based one-time password (TOTP) to authenticate enterprise employees, and you were asked to explain the working of TOTP.

Which of the following should be your reply?

a. With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using a variant of the specific algorithm. The user enters the code. The user is authenticated if the codes match.

b. With a windowed token with TOTP, a one-time code is generated by the windowed token. The windowed token sends the code to the server. The user enters the code generated by the windowed token. The user gets an authentication for the correct code.

c. With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match

d. With a windowed token with TOTP, a one-time code is generated by the server. The server sends the code to the windowed token. The user enters the code. The user gets authenticated for the correct code.

c. With a windowed token with TOTP, a one-time code is generated by the windowed token using a specific algorithm. The server generates the code using the same algorithm. The user enters the code generated by the windowed token. The user is authenticated if the codes match

Which of the following best describes skimming?

a. Altering the condition of a secure key by using software

b. Altering the condition of a secure key by using hardware

c. Intercepting the OTP to gain unauthorized access

d. Capturing informaiton from the magnetic stripe of a smartcard

d. Capturing information from the magnetic stripe of a smartcard

In an interview, you were asked to crack a password and told that the password is a commonly used word. Which of the following methods should you apply?

a. You should perform a dictionary attack

b. You should perform skimming

c. You should perform a rule attack

d. You should perform a brute force attack

a. You should perform a dictionary attack

While analyzing a security breach, you found the attacker followed these attack patterns:

The attacker initially tried the commonly used password "passw0rd" on all enterprise user accounts and then started trying various intelligible words like "passive," "partner," etc.

Which of the following attacks was performed by the attacker?

a. Initially, a dictionary attack and then a rule attack

b. Initially, a brute force attack and then a dictionary attack

c. Initially, a password spraying attack and then a dictionary attack

d. Initially, a brute force attack and then a password spraying attack

c. Initially, a password spraying attack and then a dictionary attack

You are working as a security admin in an enterprise. While you were analyzing different password attacks, you found that whenever an individual user's password gets cracked, another user with the same password residing in the same password digest file also has their account compromised. How should you prevent this from happening in the future?

a. You should tell the users not to use the same passwords

b. You should store the digest files in a password vault

c. You should run key stretching algorithms on the passwords

d. You should add salt to the passwords before hashing

d. You should add salt to the passwords before hashing

You are asked to choose a secure authentication method other than a username and password for the employees to access your enterprise's database. Which of the following should you choose?

a. Gait recognition

b. Facial recognition

c. Smart card authenticaiton

d. Security key authenticaiton

d. Security key authentication

You are a cybersecurity forensic analyst. When conducting an investigation, which of the following actions should you perform first to ensure the highest chance of success in the investigation?

a. Examine pieces of evidence one by one

b. Use cyber forensic tools

c. Secure the evidence

d. Document the chain of custody

c. Secure the evidence

You are performing digital forensics in an enterprise that recently experienced a security breach. You successfully retrieved all volatile data, and your next focus is hard drives. How should you collect evidence from the hard drives without tainting any evidence?

a. Use screenshots

b. Use the cache files

c. Use drive file slack

d. Use mirror image backups

d. Use mirror image backups

Which of the following is performed during the incident response phase?

a. Configuring access control schemes

b. Performing digital forensics

c. Making configuration changes

d. Performing incident response exercises

c. Making configuration changes

You are a data steward. You have been asked to restrict User A, who has an access clearance of "top secret" in a MAC-enabled network, from accessing files with the access label "secret." This, in turn, does not affect any other user.

What action should you take?

a. Change the access label of the files to "confidential"

b. Change the access clearance of User A to "secret"

c. Change the access clearance of User A to "confidential"

d. Change the access label of the files to "top secret"

c. Change the access clearance of User A to "confidential"

Mike, an employee at your company, approached you seeking help with his virtual machine. He wants to save the current state of the machine to roll back to the saved state in case of a malfunction. Which of the following techniques can help Mike?

a. Use LDAP to save the virtual machine state

b. Use containers to save the virtual machine state

c. Take snapshots to save the virtual machine state

d. Apply sandboxing to save the virtual machine state

c. Take snapshots to save the virtual machine state

In an interview, you were asked to briefly describe how emails containing malware or other contents are prevented from being delivered. Which of the following should be your reply?

a. LDAP prevents unwanted mails from being delivered

b. X.500 prevents unwanted mails from being delivered

c. SMTP relays prevent unwanted mails from being delivered

d. Mail gateways prevent unwanted mails from being delivered

d. Mail gateways prevent unwanted mails from being delivered

In an interview, the interviewer asks you to boot a PC. A hypervisor screen appears at the start of the boot process. The interviewer then asks you to identify the type of VM monitor program being used. What should your reply be?

a. Type I hypervisor

b. Type III hypervisor

c. Container

d. Type II hypervisor

a. Type I hypervisor

In an interview, Tom was asked to give a brief on how containers perform virtualization. How should Tom reply?

a. Containers use OS components for virtualization

b. Containers use dedicated physical storage for virtualization

c. Containers use Type I hypervisors for virtualization

d. Containers use hardware hypervisors for virtualization

a. Containers use OS components for virtualization

Which of the following is a virtualization instance that uses OS components for virtualization?

a. Hypervisor

b. Container

c. VM escape protection

d. Host OS

d. Host OS

Marnus is working as a cloud administrator, and he has been asked to perform segmentation on specific cloud networks. Which of the following should be done by Marnus?

a. Remove individual accounts on file servers, machines, or authentication servers to restrict access and free up disc space, ports, and certificates

b. Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them

c. Create a virtual network that connects services and resources such as virtual machines and database applications.

d. Use automated inspection and integration services for authentication, authorization, encryption, availability, and policy compliance.

b. Create network rules for the services permitted between accessible zones to make sure endpoints belonging to other approved zones can reach them

Kane was transferring files from a file transfer protocol (FTP) server to his local machine simultaneously. He sniffed the traffic to find that only the control port commands are encrypted, and the data port is not encrypted. What protocol did Kane use to transfer the files?

a. FTP

b. FTPS

c. SFTP

d. TFTP

b. FTPS

Which of the following tools can be used for virtual machine sprawl avoidance?

a. Virtual desktop infrastructure

b. Virtual machine manager

c. Virtual machine escape protection

d. Software-defined visibility

b. Virtual machine manager

You are asked to transfer a few confidential enterprise files using the file transfer protocol (FTP). For ensuring utmost security, which variant of FTP should you choose?

a. FTP

b. TFTP

c. SFTP

d. FTPS

c. SFTP

Your enterprise recently decided to hire new employees as work-from-home interns. For the new employees to work from home, you need to create a network that will allow them to securely access enterprise data from remote locations.

Which technology should you use?

a. FTPS

b. S/MIME

c. SNMP

d. VPN

d. VPN

Which of the following tools can be used to secure multiple VMs?

a. Antivirus

b. Intrusion detection system

c. Firewall virtual appliance

d. Firewall

c. Firewall virtual appliance

What type of APs can be managed by wireless LAN controllers (WLCs)?

a. Controller AP

b. Fat AP

c. Captive portal APs

d. Standalone APs

a. Controller AP

Which wireless probe can be designed by configuring a laptop computer to scan and record wireless signals within its range at regular intervals and report the information to a centralized database?

a. Desktop probe

b. Dedicated probes

c. Access point probe

d. Wireless device probe

d. Wireless device probe

Sherry needs to suggest a technology that can enable smartphones or laptops to control multiple devices like speakers, mice, etc., within a 100-meter distance. The device should also be connected without any wired connection.

Which technology should Sherry suggest?

a. NFC technology can be used to connect mobile devices to speakers

b. RFID technology can be used to connect laptop mouse without any wired connection

c. Bluetooth technology can be used to connect devices without any wired connection

d. WLANs can be used to connect mobile devices to speakers

c. Bluetooth technology can be used to connect devices without any wired connection

Sherlin is the owner of a cosmetics store. She wanted to introduce a wireless network in the store, but her IT department was against it. Sherlin ended up purchasing an inexpensive wireless router and secretly connected it to the wired network. Unfortunately, this unknowingly provided open access to the wireless signal.

What type of attack has Sherlin made her store's network vulnerable to?

a. Jamming

b. Rogue access point

c. Wireless denial of service attacks

d. Evil twin

b. Rogue access point

Melvin is moving his small business from his basement to an office building now that he has five full-time employees. What type of enterprise AP should he choose when setting up the new office's WLAN?

a. Ad hoc AP

b. Fat AP

c. Controller AP

d. Captive portal AP

b. Fat AP

In which type of RFID attack can unauthorized users listen to communications between RFID tags and readers?

a. Data theft

b. Unauthorized tag access

c. Eavesdropping

d. Fake tags

c. Eavesdropping

Bob has been asked to do research into increasing the accuracy in identifying rogue APs in his enterprise. Which rogue AP system detection probe will allow his company's IT department to monitor the airwaves for traffic, scan and record wireless signals within its range (even when the device is idle or not receiving any transmission), and then report this information to a centralized database?

a. Access point probe

b. Desktop probe

c. Wireless device probe

d. Dedicated probes

c. Wireless device probe

Which of the following differentiates an access point probe and a dedicated probe?

a. A dedicated probe has the ability to serve as both a probe and an access point that can provide roaming to wireless users. In contrast, an access point probe only monitors RF transmissions.

b. A dedicated probe is a standard wireless device that can be configured to act as a wireless probe. In contrast, an access point probe is a wireless adapter plugged into a desktop computer to monitor the RF in the area for transmissions.

c. A dedicated probe is a wireless adapter plugged into a desktop computer to monitor the RF in the area for transmissions. In contrast, an access probe is a standard wireless device that can be configured to act as a wireless probe.

d. A dedicated probe only monitors RF transmissions, while an access point probe can serve as both a probe and an access point that can provide roaming to wireless users.

d. A dedicated probe only monitors RF transmissions, while an access point probe can serve as both a probe and an access point that can provide roaming to wireless users

What is the difference between protecting against eavesdropping and protecting against a man-in-the-middle (MITM) attack when working with devices with NFC?

a. Eavesdropping can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time, while MITM can be prevented by using strong passwords and PINs

b. Eavesdropping can be prevented by strong passwords and PINs, while MITM attacks can be prevented by being aware of one's surroundings while using NFC technology.

c. Eavesdropping can be prevented by being aware of one's surroundings while using NFC technology, while MITM attack can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time.

d. Eavesdropping can be prevented by turning off NFC while in public, while MITM attack can be protected by using strong passwords and PINs.

c. Eavesdropping can be prevented by being aware of one's surroundings while using NFC technology, while MITM attack can be prevented by configuring in a pairing method so only one side can send and the other can receive it at a time

Sam is asked to help his company design a wireless network for their new location.

Which of the following protocols has the strongest wireless security, supports a longer bit of encryption, and improved interaction capabilities with the internet of things (IoT) devices?

a. WPA3

b. WEP

c. WPA2

d. WPA

a. WPA3

John is instructed by his CEO to introduce an employee attendance system that replaces the current manual-sign register. The organization doesn't allow personal electronic devices into the premises.

What method should John use for this system?

a. RFID

b. NFC

c. Bluetooth

d. WLAN network

a. RFID

Shawn is approached by a medical staff team with a request to research and introduce a type of device that will help them record and transmit specific patient details.

Which technology would help the team measure and monitor blood pressure and then send those patient details from the device to a phone as a message in case of emergencies?

a. WLAN network

b. NFC

c. Bluetooth

d. RFID

c. Bluetooth

Which of the following allows high-speed storage and transmission of large volumes of data?

a. SAN

b. RAID

c. PDU

d. NIC teaming

a. SAN

Which of the following is an agreement that ensures an employee does not misuse enterprise data?

a. Nondisclosure agreement

b. Acceptable use policy

c. Data protection agreement

d. Impossible travel policy

a. Nondisclosure agreement

Which of the following RAID configurations have no fault tolerance?

a. RAID level 1

b. RAID level 0

c. RAID level 10

d. RAID level 5

b. RAID level 0

Why is maintaining a hot recovery site is important for e-commerce businesses?

a. E-commerce businesses should be available all over the world

b. E-commerce businesses should provide high security for users' private data

c. E-commerce businesses cannot risk significant downtime

d. E-commerce businesses will have a significant number of customers

c. E-commerce businesses cannot risk significant downtime

In an interview, you are asked to explain the major objective of having resilience in an organization. How should you respond?

a. The major objective of resilience in an organization is to attract more customers

b. The major objective of resilience in an organization is to provide uninterrupted services

c. The major objective of resilience in an organization is to enhance the end-user experience.

d. The major objective of resilience in an organization is to achieve the yet-unachieved.

b. The major objective of resilience in an organization is to provide uninterrupted services

Which of the following policies propose using non-disclosure agreements (NDA)?

a. Onboarding and offboarding

b. Acceptable use policy

c. Mandatory vacation

d. Separation of duties

a. Onboarding and offboarding

"Computer workstations must be locked when the workspace is unoccupied and turned off at the end of the business day." "Laptops must be either locked with a locking cable or locked in a drawer or filing cabinet."

Which policy includes these directives?

a. Onboarding and offboarding

b. Acceptable use policy

c. Clean desk space

d. Least privilege

c. Clean desk space

While preparing a continuity plan, you were asked to choose a technique by which the backup data stored on the cloud can be accessed from any location. Which of the following techniques should you choose?

a. Restore the data to a cold site

b. Restore the data to virtual machines

c. Restore the data to a warm site

d. Restore the data to a hot site

b. Restore the data to virtual machines

One of the important systems in your organization was accidentally exposed to malware. Which of the following features should you use to manage the risk of malware?

a. Public cluster connection

b. Disaster recovery plan

c. Private cluster connection

d. Revert to a known state

d. Revert to a known state

You are assigned to install multiple physical paths between devices and the SAN so that an interruption in one path will not affect communication. Which of the following techniques should you implement to manage the risk of interruption?

a. Multipath

b. UPS

c. NIC teaming

d. PDU

a. Multipath

You are a security administrator asked to restrict employees in your organization from accessing their social media accounts at their workplace. Which of the following mobile device location-based policies should you use to accomplish this?

a. Geo-tagging

b. Geomapping

c. Geofencing

d. Geolocation

c. Geofencing

Which of the following best describes a Fake RAID?

a. Hardware RAID

b. Hardware RAID assisted by BIOS

c. Software RAID

d. Software RAID assisted by BIOS

d. Software RAID assisted by BIOS

You are working as a cybersecurity expert in an enterprise. While examining the newly established enterprise network, you found that when a request to write data to the drive is made, the controller sends that request to each drive. When a read action is required, the data is read twice, once from each drive. Which type of RAID is used in the newly established network?

a. RAID level 0

b. RAID level 5

c. RAID level 6

d. RAID level 1

d. RAID level 1

Which cloud app security features check the last login's location and current login attempts to restrict login if found suspicious?

a. Impossible travel

b. Geolocation

c. Geofencing

d. Geo-tagging

a. Impossible travel

What do servers connected in a cluster use to communicate with each other?

a. Independent cluster connection

b. Shared disk connection

c. Public cluster connection

d. Private cluster connection

d. Private cluster connection

You want to examine every future login attempt made on the enterprise devices. Which of the following windows group policy settings should you enable to make sure every login attempt is logged?

a. Password reuse

b. Network location

c. Password history

d. Account audits

d. Account audits

What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user?

a. Buffer overflow

b. Replay

c. Trojan

d. Device driver manipulation

b. Replay

Kia recently noticed that when she browses her favorite online shopping site, she is immediately redirected to a competitor's site. What is happening here, and what is the best option for Kia to fix this situation?

a. Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser

b. Kia must reinstall a fresh copy of the operating system and all applications.

c. Kia has accidentally installed a virus. She must close the browser and run a good antivirus program before browsing the website for shopping again.

d. Kia has installed spyware, and she has to close the browser and reboot the system to correct the problem.

a. Kia must uninstall the toolbar software and the accompanying components she has recent installed on her browser

Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar.

What has occurred here?

a. Kate has installed an injection

b. Kate has installed a backdoor

c. Kate has installed a Trojan

d. Kate has installed a potentially unwanted program (PUP)

d. Kate has installed a potentially unwanted program (PUP)

Which of the following is a subset of artificial intelligence?

a. Machine intelligence

b. Artificial intelligence algorithm

c. Machine learning

d. Data science

c. Machine learning

Terrence, an executive VP of IT at Sigma Bank, noticed that yesterday, there was a major attack on several thousands of bank employees' computers located at geographically different locations where files and data from the computers got deleted. It was also noticed that several confidential files containing customer data were deleted from the bank's server in multiple locations, and the CEO's emails were deleted from the mail server. Since the bank was compliant with cybersecurity measures, Terrence suspects an internal hand in this activity. While going through the records of all employees working in the IT security of the bank, both past and present, he notices that there is an employee, Chris, who has enough experience to launch this attack, was unhappy with his annual review last year, and had left the bank three months ago.

If Terrence were able to single Chris out as the one responsible for the attack, what kind of an attack would this be?

a. Spyware

b. Keylogger

c. Logic bomb

d. Backdoor

c. Logic bomb

Which of the following is a form of malware attack that uses specialized communication protocols?

a. Keylogger

b. Spyware

c. Bot

d. RAT

d. RAT

What is a risk to data when training a machine learning (ML) application?

a. ML algorithm security

b. API attack on the device

c. Improper exception handling in the ML program

d. Tainted training data for machine learning

d. Tainted training data for machine learning

What does ransomware do to an endpoint device?

a. Ransomware infects the endpoint devices and launches attacks on the infected endpoint and other devices connected to the network.

b. Ransomware gets accidentally installed in the endpoint device as software along with other programs during the installation process. This happens when the user's installation and download options are overlooked, thus affecting the user application adversely.

c. Ransomware attacks the endpoint device without the consent of the user or the device, discreetly collecting and transmitting information, causing harm to the end user

d. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.

d. Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded

William downloaded some free software to help him with photo editing. A few days later, William noticed several personal photographs were modified and posted to various social media pages with obscene comments. He also noticed that there were videos of him that were morphed and circulated on adult websites. The videos were obviously taken using his webcam.

What should William do to fix his problem and prevent it from happening again in the future?

a. William should run an antimalware program and scan for all known RATs, then quarantine and remove the infected file(s). To prevent this in the future, he should only download software from trusted websites.

b. William should disable his network devices, then run an antimalware program to scan for keyloggers while his computer is not connected to the internet and delete all infected files. To prevent this in the future, William should never download free software off the internet.

c. William should run an antivirus program and scan for all known worms, then download a worm-removal program to ensure all infected files are fully removed from his system. To prevent this in the future, he should run the backdoor check every time he installs a new program.

d. William should run an antivirus program and scan for all known backdoor viruses, then remove the infected file(s). To prevent this in the future, he should run the backdoor check every time he installs a new program.

a. William should run an antimalware program and scan for all known RATs, then quaratnine and remove the infected file(s). To prevent this in the future, he should only download software form trusted websites

While Andel is logging into his email through a browser, the login window disappears. Andel attempts to log in again and is successful. Days later, he goes to log into his email, and his attempt fails. He receives a message indicating that his username and/or password are invalid.

What is Andel likely a victim of?

a. CSRF

b. RAT

c. Spyware

d. Keyloggers

a. CSRF

What is another term commonly used to define cross-site request forgery (CSRF):

a. Server-side request forgery

b. Client-side request forgery

c. Cross-server request forgery

d. Client-server request forgery

b. Client-side request forgery

Which of the following is an example of a request forgery malware?

a. Ransomware

b. CSRF

c. DLL injection

d. SQL injection

b. CSRF

A few computers at a high-security software firm location have been compromised. The threat actor took user videos, confidential information like bank account IDs and passwords, email IDs and passwords, and computer screenshots. These confidential data have been shared every three hours from the computers to the threat actor. Which of the following is correct, based on the evaluation of the above observation?

a. This is a hardware keylogger attack, as video capture functionality and periodic transfer of data are not possible with a software keylogger.

b. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared.

c. This is a hardware keylogger attack; it is only periodically sharing the information and is a manual transfer of information by a human agent.

d. This is a software keylogger attack, as it is sharing the information every three hours to the attacker.

b. This is a software keylogger attack, as screenshots, video captures, and keystrokes have been routinely monitored and periodically shared

Natasha, a network security administrator for an online travel portal, noticed that her website was the victim of an SQL injection. She decided to study the SQL queries to find which one made this vulnerability in the database, and she noticed the following SQL code piece executed on the database:

'whatever' AND email IS NULL;

What has been accessed by the attacker running this SQL injection?

a. The attacker accessed the entirety of email address data from all users in the database.

b. The attacker has determined the names of different types of fields in the database.

c. The attacker accessed the data of specific users.

d. The attacker has used the SQL injection to delete the table in the database.

b. The attacker has determined the names of different types of fields in the database

Shanise is an IT security professional for a large private bank. She got an alert that the bank website received a funds transfer request that was correctly credentialed but flagged as being out of the account owner's usual pattern. If the alert is correct, what type of attack has likely occurred?

a. CSRF attack

b. XSS attack

c. SQL injection

d. Replay attack

a. CSRF attack

What is the name of the process where a website validates user input before the application uses the input?

a. Sanitizing

b. Tokening

c. Authorizing

d. Eliminating

a. Sanitizing

What should be done when the information life cycle of the data collected by an organization ends?

a. Destroy the data

b. Mask the data

c. Protect the data

d. Tokenize the data

a. Destroy the data

In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE?

a. 100,000,000 * 0.75/0.1

b. 100,000,000/100 * 0.75

c. 100,000,000 * 0.75

d. 100,000,000/0.75 * 100

c. 100,000,000 * 0.75

Which data category can be accessed by any curreny employee or contractor?

a. Critical

b. Proprietary

c. Confidential

d. PHI

b. Proprietary

After reviewing the data collection procedures in your organization, a court ordered you to issue a document that specifies how the organization uses the collected personal information. This document must be displayed to the user before allowing them to share personal data. Which of the following documents should you prepare?

a. Pseudo-anonymization

b. Privacy notice

c. Data minimization

d. Terms of agreement

b. Privacy notice

How does pseudo-anonymization contribute to data privacy?

a. Pseduo-anonymization obfuscates sensitive data elements

b. Pseudo-anonymization stores whole data in encrypted form.

c. Pseudo-anonymization limits the collection of personal information.

d. Pseudo-anonymization ensures data remains within its borders.

a. Pseudo-anonymization obfuscates sensitive data elements

Which control discourages security violations before their occurrence?

a. Preventative control

b. Deterrent control

c. Compensating control

d. Corrective control

b. Deterrent control

What does the end of service notice indicate?

a. The nondisclosure agreement with a service vendor has expired

b. The enterprise is halting the manufacturing of a product

c. The service-level agreement with a vendor has expired

d. The enterprise will no longer offer support services for a product

d. The enterprise will no longer offer support services for a product

The protection of which of the following data type is mandated by HIPAA?

a. Public data

b. Personally identifiable information

c. Health information

d. Proprietary data

c. Health information

When your enterprise's collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. Which of the following techniques should you use to destroy the data?

a. Shred the data

b. Degauss the data

c. Pulverize the data

d. Delete the data

b. Degauss the data

You are the chief security administrator in your enterprise. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Which of the following training techniques should you use?

a. Role-based awareness training

b. Computer-based training

c. Gamification

d. Capture the flag

a. Role-based awareness training