Cybersecurity Assessment

Q1. According to the shared responsibility model, which cloud computing

model places the most responsibility on the cloud service provider (CSP)?

  Hybrid Cloud

  Software as a Service (SaaS)

  Platform as a Service (PaaS)

  Infrastructure as a Service (IaaS)

Q2. Which option removes the risk of multitenancy in cloud computing?

  PaaS

  public cloud

  private cloud

  IaaS

Q3. Your organization recently implemented a unified messaging solution and

VoIP phones on every desktop. You are responsible for researching the
vulnerabilities of the VoIP system. Which type of attack are VoIP phones most
vulnerable to experiencing?

  denial-of-service

  brute force attacks

  malware

  buffer overflow

Q4. Which security control cannot produce an active response to a security

event?
   cloud access security broker (CASB)

  intrusion prevention system (IPS)

  intrusion detection system (IDS)

  next generation firewall

Explaination: An intrusion detection system (IDS) is a device or software application

that monitors a network or systems for malicious activity or policy
violations. Source Quizlet

Q5. Packet sniffer is also called _.

  SIEM

  UTM

  protocol analyzer

  data sink

Q6. Which option tests code while it is in operation?

  code review

  code analysis

  static analysis

  dynamic analysis

Q7. Which option describes testing that individual software developers can
conduct on their own code?

  gray box testing

  integration testing
   white box testing

  unit testing

Q8. In black box penetration testing, what information is provided to the tester
about the target environment?

  none

  limited details of server and network infrastructure

  all information

  limited details of server infrastructure

Q9. Which security control can best protect against shadow IT by identifying
and preventing use of unsanctioned cloud apps and services?

  intrusion prevention system (IPS)

  next generation firewall

  cloud access security broker (CASB)

  intrusion detection system (IDS)

Q10. Which option describes the best defense against collusion?

  monitoring of normal employee system and data access patterns

  applying system and application updates regularly

  fault tolerant infrastructure and data redundancy

  separation of duties and job rotation

Source: Stack Exchange
Q11. During a penetration test, you find a file containing hashed passwords for
the system you are attempting to breach. Which type of attack is most likely to
succeed in accessing the hashed passwords in a reasonable amount of time?

  rainbow table attack

  pass-the-hash attack

  password spray attack

  brute force attack

Explanation: A rainbow table attack is a more efficient and effective way of cracking
many hashed passwords, whereas brute-forcing would take much longer and may
not complete in a reasonable amount of time. Source Professor Messer.

Q12. Which area is DMZ?

  4

  1

  2
   3

Q13. You configure an encrypted USB drive for a user who needs to deliver a
sensitive file at an in-person meeting. What type of encryption is typically used
to encrypt the file?

  file hash

  asymmetric encryption

  digital signature

  symmetric encryption

Q14. What is the difference between DRP and BCP

  DRP works to keep a business up and running despite a disaster. BCP

works to restore the original business capabilities.

  BCP works to keep a business up and running despite a disaster. DRP

works to restore the original business capabilities.

  BCP is part of DRP.

  DRP is part of BCP.

Q15. Which aspect of cybersecurity do Distributed Denial of Service (DDoS)

attacks affect the most?

  non-repudiation

  integrity

  availability

  confidentiality

Source: screenshot of LinkedIn assessment practice mode question.

Q16. You need to recommend a solution to automatically assess your cloud-
hosted VMs against CIS benchmarks to identify deviations from security best
practices. What type of solution should you recommend?

  Cloud Security Posture Management (CSPM)

  Intrusion Detection and Prevention System (IDPS)

  Cloud Workload Protection Platforms (CWPP)

  Cloud Access Security Brokers (CASBs)

Source: screenshot of LinkedIn assessment practice mode question.

Q17. _ validates the integrity of data files.

  Compression

  Hashing

  Symmetric encryption

  Stenography

Q18. Which is an example of privacy regulation at the state government level in

the U.S.?

  CCPA

  GDPR

  NIST Privacy Framework

  OSPF

Q19. what is the term for the policies and technologies implemented to protect,
limit, monitor, audit, and govern identities with access to sensitive data and
resources?
   identity and access management (IAM)

  privileged account management (PAM)

  authentication and authorization

  least privilege

Q20. You have configured audit settings in your organization's cloud services in
the event of a security incident. What type of security control is an audit trail?

  preventive control

  detective control

  directive control

  corrective control

Q21. What is the name for a short-term interruption in electrical power supply?

  grayout

  blackout

  brownout

  whiteout

Q22. Your security team recommends adding a layer of defense against

emerging persistent threats and zero-day exploits for all endpoints on your
network. The solution should offer protection from external threats for
network-connected devices, regardless of operating system. Which solution is
best suited to meet this requirement?

  Security Information Event Management (SIEM)

  Extended Detection and Response (XDR)

   next generation firewall (NGFW)

  Cloud App Security Broker (CASB)

Q23. Which is not a threat modeling methodology?

  TRIKE

  TOGAF

  STRIDE

  MITRE ATT&CK

Q24. You organization is conducting a pilot deployment of a new e-commerce

application being considered for purchase. You need to recommend a strategy
to evaluate the security of the new software. Your organization does not have
access to the application's source code.

Which strategy should you choose?

  dynamic application security testing

  unit testing

  white box testing

  static application security testing

Q25. You need to disable the camera on corporate devices to prevent screen
capture and recording of sensitive documents, meetings, and conversations.
Which solution would be be suited to the task?

  Mobile Device Management (MDM)

  Data Loss Prevention (DLP)

  Intrusion Detection and Prevention System (IDPS)

   cloud access security broker (CASB)

Q26. How many keys would be necessary to accomodate 100 users in an

asymmetric cryptography system?

  200

  400

  100

  300

Explaintion: The formula for asymmetric encryption is 2n; where n is the number of
communicating parties.

Q27. Two competing online retailers process credit card transactions for
customers in countries on every continent. One organization is based in the
United States. The other is based in the Netherlands. With which regulation
must both countries comply while ensuring the security of these transactions?

  Federal Information Security Managment Act (FISMA)

  Payment Card Industry Data Security Standard (PCI-DSS)

  General Data Protection Regulation (GDPR)

  International Organization for Standardization and Internation Electronical

Commission (ISO/IEC 27018)

Explaintion: The Payment Card Industry Data Security Standard (PCI DSS) is the
global card industry security standard that is required of all entities that store,
process, or transmit cardholder data, including financial institutions, online retailers
and service providers. Source: (PCI Security Overview).

Q28. What provides a common language for describing security incidents in a

structures and repeatable manner?

  Common event format

   common weakness enumeration

  common vulnerabilties and exposures

  common vulnerability scoring system

Explaination: The Common Vulnerabilities and Exposures (CVE) system provides a

reference-method for publicly known information-security vulnerabilities and
exposures.

Q29. Which type of application can intercept sensative information such as

passwoprds on a network segment?

  log server

  network scanner

  firewall

  protocol analyzer

Explaination: A protocol analyzer is a tool used to capture and analyze signals and
data traffic over a communication channel. WireShark is a protocol analyzer.

Q30. An attacker has discovered that they can deduce a sensitive piece of
confidential information by analyzing multiple pieces of less sensative public
data.

  aggregation

  inference

  SQL injection

  cross-origin resouce sharing

Explaination: An Inference Attack is a data mining technique performed by

analyzing data in order to illegitimately gain knowledge about a subject or database.
A subject's sensitive information can be considered as leaked if an adversary can
infer its real value with a high confidence. Source: (Wikipedia).

Q31. What act grants an authenticated party permission to perform an action

or access a resource?

  Zero Trust Security

  Role-Based Access Control (RBAC)

  authorization

  Single Sign-On

Source Okata.com

Q32. According to GDPR, a data _ is the person about whom data is being
collected.

  processor

  object

  subject

  controller

Source Intersoft Consulting

Q33. Which is not a principle of zero trust security?

  use least privilege access

  verify explicitly

  trust but verify

  assume breach
Explaination: zero trust assumes that the system will be breached and designs
security as if there is no perimeter. Hence, don’t trust anything by
default. Source NIST

Q34. Which attack exploits input validation vulnerabilities?

  ARP spoofing

  pharming attacks

  cross-site scripting (XSS)

  DNS poisoning

Source White Hat Sec

Q35. You are a security analyst, and you receive a text message alerting you of
a possible attack. Which security control is the least likely to produce this type
of alert?

  IDS

  SIEM

  packet sniffer

  IPS

Q35. SQL injection inserts a code fragment that makes a database statement
universally true, like _.

  SELECT * FROM users WHERE username = " AND 1=1--'

  SELECT * FROM users WHERE username = " AND 1!=1--'

  SELECT * FROM users WHERE username = " OR 1=1--'

  SELECT * FROM users WHERE username = " OR 1!=1--'

Q37. Which type of security assessment requires access to source code?

  static analysis

  black box testing

  dynamic analysis

  penetration testing

Q38. Which option is an open-source solution to scanning a network for active

hosts and open ports?

  Autopsy

  Snort

  Nmap

  Wireshark

nmap is a port scanner https://en.wikipedia.org/wiki/Nmap wireshark is a traffic

analyzer snort is an IDS autopsy is for forensic analysis

Q39. When implementing a data loss prevention (DLP) strategy, what is the first
step in the process?

  Evaluate the features of available DLP products to determine which best

meet your organizations's needs.

  Examine the flow of sensitive data in your organization to better

understand usage patterns.

  Conduct an inventory of all the data in your organization to establish

classifications based on sensitivity.

  Conduct a risk assessment to determine the best data labeling strategy for
your organization.
Q40. Which malware changes an operating system and conceals its tracks?

  virus

  worm

  rootkit

  Trojan horse

Q41. Virtual Private Networks (VPNs) use _ to create a secure connection

between two networks.

  encryption

  a metropolitan area network

  a virtual local area network

  a wide area network

Q42. What is the process of challenging a user to prove their identity?

  authentication

  Single Sign-On

  authorization

  Role-Based Access Control (RBAC)

Q43. Which cyberattack aims to exhaust an application's resources, making the

application unavailable to legitimate users?

  SQL injection

  dictionary attack
   Distributed Denial of Service (DDoS)

  rainbow table attack

Q44. You are a recent cybersecurity hire, and your first assignment is to present
on the possible threats to your organization. Which of the following best
describes the task?

  risk mitigation

  threat assessment

  risk management

  enumeration

Q45. You are at a coffee shop and connect to a public wireless access point
(WAP). What a type of cybersecurity attack are you most likely to experience?

  man-in-the-middle attack

  back door

  logic bomb

  virus

Q46. You have been tasked with recommending a solution to centrally manage
mobile devices used throughout your organization. Which technology would
best meet this need?

  Extended Detection and Responde (XDR)

  Security Information Event Management (SIEM)

  Intrusion Detection and Prevention System (IDPS)

  Mobile Device Management (MDM)

Q47. Which type of vulnerability cannot be discovered in the course of a typical
vulnerability assessment?

  file permissions

  buffer overflow

  zero-day vulnerability

  cross-site scripting

Q48. The DLP project team is about to classify your organization's data. Whats
is the primary purpose of classifying data?

  It identifies regulatory compliance requirements.

  It prioritizes IT budget expenditures.

  It quantifies the potential cost of a data breach.

  It establishes the value of data to the organization.

Q49. You are responsible for managing security of your organization's public
cloud infrastructure. You need to implement security to protect the data and
applications running in a variety of IaaS and PaaS services, including a new
Kubernetes cluster. What type of solution is best suited to this requirement?

  Cloud Workload Protection Platforms (CWPP)

  Cloud Security Posture Management (CSPM)

  Cloud Access Security Brokers (CASBs)

  Intrusion Detection and Prevention System (IDPS)

Q50. Sharing account credentials violates the _ aspect of access control.

  identification
   authorization

  accounting

  authentication

Q51. You have recovered a server that was compromised in a malware attack to
its previous state. What is the final step in the incident response process?

  Eradication / Remediation

  Certification

  Reporting

  Lessons Learned

Q52. Which type of security assessment requires access to source code?

  dynamic analysis

  static analysis

  penetration testing

  black box testing

Q53. Which encryption type uses a public and private key pair for encrypting
and decrypting data?

  asymmetric

  symmetric

  hashing

  all of these answers

Q54. You have just identified and mitigated an active malware attack on a
user's computer, in which command and control was established. What is the
next step in the process?

  Reporting

  Recovery

  Eradiction / Remediation

  Lessons Learned

Q55. Which programming language is most susceptible to buffer overflow

attacks?

  C

  Java

  Ruby

  Python

Q56. Which list correctly describes risk management techniques?

  risk acceptance, risk mitigation, risk containment, and risk qualification

  risk avoidance, risk transference, risk containment, and risk quantification

  risk avoidance, risk mitigation, risk containment, and risk acceptance

  risk avoidance, risk transference, risk mitigation, and risk acceptance

Q57. To implement encryption in transit, such as with the HTTPS protocol for
secure web browsing, which type(s) of encryption is/are used?

  asymmetric
   both symmetric and asymmetric

  neither symmetric or asymmetric

  symmetric

Q58. Which type of program uses Windows Hooks to capture keystrokes typed
by the user, hides in the process list, and can compromise their system as well
as their online access codes and password?

  trojan

  keystroke collector

  typethief

  keylogger

Q59. How does randsomware affect a victim's files?

  by destroying them

  by encrypting them

  by stealing them

  by selling them

Q60. Your computer has been infected, and is sending out traffic to a targeted
system upon receiving a command from a botmaster. What condition is your
computer currently in?

  It has become a money mule.

  It has become a zombie.

  It has become a bastion host.

   It has become a botnet.

Q61. You choose a cybersecurity framework for your financial organization that
implements an effective and auditable set of governance and management
processes for IT. Which framework are you choosing?

  C2M2

  NIST SP 800-37

  ISO/IEC 27001

  COBIT

Q62. NIST issued a revision to SP 800-37 in December 2018. It provides a

disciplined, structured, and flexible process for managing security and privacy
risk. Which type of document is SP 800-37??

  a risk management framework

  a guide to risk assessments

  a guideline for vulnerability testing

  a step-by-step guide for performing business impact analyses



Q63. The most notorious military-grade advanced persistent threat was

deployed in 2010, and targeted centrifuges in Iran. What was this APT call?

  duqu

  agent BTZ

  stuxnet

  flame
Q64. Where would you record risks that have been identified and their details,
such as their ID and name, classification of information, and the risk owner?

  in the risk assessment documentation

  in the risk register

  in the business impact ledger

  in the Orange Book

Q65. To prevent an incident from overwhelming resources, _ is necessary.

  disconnection from the network

  early containment

  continuation of monitoring for other incidents

  eradication of the issues

Q66. FUD is expensive and often causes high drama over low risk. Which
computer chip exploits were reported by CNN as needing to be completely
replaced, but were later fixed with firmware updates?

  fire and ice exploits

  meltdown and spectre exploits

  Intel and STMicro CPU exploits

  super microboard and Apple iPhone exploits

Q67. The ASD Top Four are application whitelisting, patching of applications,
patching of operating systems, and limiting administrative privileges. What
percent of breaches do these account for?

  40 percent
   60 percent

  85 percent

  100 percent

Q68. You are working in the security operations center analyzing traffic on your
network. You detect what you believe to be a port scan. What does this mean?

  This could be a specific program being run by your accounting

department.

  This is an in-progress attack and should be reported immediately

  This is normal operation for your business.

  This could be a precursor to an attack.

Q69. How often is the ISF Standard of Good Practice updated?

  annual

  biannually

  bimonthly

  monthly

Q70. Your incident response team is unable to contain an incident because they
lack authority to take action without management approval. Which critical step
in the preparation phase did your team skip?

  From an incident response committee to oversee any incidents that may

occur.

  Get preauthorized to take unilateral action and make or direct emergency

changes.
   Bring management in as leadership on the incident response team.

  Assign a head of the emergency response team who has the correct
authority

Q71. NIST SP 800-53 is one of two important control frameworks used in

cybersecurity. What is the other one?

  ISO 27001

  NIST SP 800-54

  ISO 27002

  NIST SP 751-51

Q72. Which organization, established by NIST in 1990, runs workshops to foster

coordination in incident prevention, stimulate rapid reaction to incidents, and
allow experts to share information?

  Forum of Incident Response and Security Teams

  Crest UK Response Teams

  Community of Computer Incident Response Teams

  NIST Special Publication 800-61 Response Teams

Q73. You have implemented controls to mitigate the threats, vulnerabilities,

and impact to your business. Which type of risk is left over?

  inherent risk

  residual risk

  applied risk

  leftover risk
Q74. There are four possible treatments once an assessment has identified a
risk. Which risk treatment implements controls to reduce risk?

  risk mitigation

  risk acceptance

  risk avoidance

  risk transfer

Q75. Which security control scheme do vendors often submit their products to
for evaluation, to provide an independent view of product assurance?

  common criteria

  risk management certification board

  OWASP security evaluation

  ISO 27000

Q76. Which organization has published the most comprehensive set of controls
in its security guideline for the Internet of Things?

  IoT ISACA

  IoT Security Foundation

  OWASP

  GSMA

Q77. Which main reference coupled with the Cloud Security Alliance Guidance
comprise the Security Guidance for Critical Areas of Focus in Cloud Computing?

  ISO 27001
   ISO 27017

  cloud security guidelines

  cloud controls matrix

Q78. What are the essential characteristics of the reference monitor?

  It is versatile, accurate, and operates at a very high speed.

  It is tamper-proof, can always be invoked, and must be small enough to

test.

  It is restricted, confidential, and top secret

Q79. According to NIST, what is the first action required to take advantage of
the cybersecurity framework?

  Identify the key business outcomes.

  Understand the threats and vulnerabilities.

  Conduct a risk assessment.

  Analyze and prioritize gaps to create the action plan.

Q80. You are implementing a cybersecurity program in your organization and

want to use the "de facto standard" cybersecurity framework. Which option
would you choose?

  the ISACA Cypersecurity Framework

  the COBIT Cypersecurity Framework

  the ISC2 Cypersecurity Framework

  the NIST Cypersecurity Framework

Q81. In 2014, 4,278 IP addresses of zombie computers were used to flood a
business with over one million packets per minute for about one hour. What is
this type of attack called?

  a salami attack

  a DoS (Denial of Service) attack

  a DDoS (Distributed Denial of Service) attack

  a botnet attack

Q82. The regulatory requirements for notifications of data breaches,

particularly the European General Data Protection Regulations, have had what
sort of effect on business?

  an increased business liability in the event of a data breach

  an increased consumer liability in the event of a data breach

  a decreased consumer liability in the event of a data breach

  a decreased business liability in the event of a data breach

Q83. Which compliance framework governs requirements for the U.S.

healthcare industry?

  FedRAMP

  GDPR

  PCI-DSS

  HIPAA