Chapter 17: Mock Exam 1
- A rogue device has been detected on a network. Which of the following can be used to help determine the type or vendor of the device?
A. IP address
B. Service port number
C. MAC address
D. All of the above
- A security professional suspects that the ARP cache of a host system was compromised. Which of the following commands can be used to show the ARP entries?
A.
arp -aB.
ipconfigC.
ifconfigD.
netstat -ano - An attacker was able to perform a man-in-the-middle attack and retrieved a victim's user credentials. Which of the following protocols was the victim most likely using?
A. S/MIME
B. HTTPS
C. SMTP
D. FTPS
- An attacker was able to redirect users to a malware-infected web server whenever they visited the URL
http://www.server.local. Which of the following protocols was compromised?A. ICMP
B. IP
C. ARP
D. DNS
- Which of the following is not a threat identification method that's used by an Intrusion Prevention System (IPS)?
A. Algorithm-based
B. Global Threat Correlation
C. Protocol analysis
D. Signature-based
- A security professional wants to protect the user's inbound and outbound web traffic. Which of the following should be used?
A. Next-generation firewall
B. Web security appliance
C. Intrusion prevention system
D. Access control list
- Which of the following is the most vulnerable state of data?
A. Data in use
B. Data at rest
C. Data in motion
D. None of the above
- Which of the following can be used to verify the integrity of data?
A. Encrypting the file
B. Copying the file
C. Hashing
D. All of the above
- Which of the following attacks affects availability?
A. IP spoofing
B. MiTM
C. ARP poisoning
D. DDoS
- Which of the following best describes a security engineer proactively searching the corporate network for any malware that has not been detected by their security appliances?
A. Threat hunting
B. Vulnerability scanning
C. Penetration testing
D. All of the above
- A person who uses their hacking skills to perform acts in support of a social or political movement is called a what?
A. Hacktivist
B. Script kiddie
C. White hat
D. State sponsored
- Which of the following techniques is used to further understand the functionality of a piece of malware?
A. Threat hunting
B. Malware scanning
C. Reverse engineering
D. All of the above
- Which of the following strategies best describes that an organization is aware of the risks involved in their actions and operations, but does not do anything about it?
A. Risk avoidance
B. Risk acceptance
C. Risk transference
D. Risk limitation
- Which type of SOC focuses on ensuring the organization meets all the regulatory standards and requirements that are governed by the law?
A. Internal SOC
B. Operational SOC
C. Threat hunting SOC
D. Compliance-based SOC
- Which of the following is not used to identify a unidirectional flow of traffic on a network?
A. Protocol
B. Source IP address
C. Source MAC address
D. Destination service port number
- An attacker wants to confuse the security analysts by altering the timestamps on the alerts logs. Which of the following protocols can the attacker attempt to compromise?
A. DHCP
B. SMTP
C. DNS
D. NTP
- Which of the following security controls can stop a MiTM attack?
A. Dynamic ARP inspection
B. DHCP snooping
C. Encryption
D. All of above
- An attacker can inject code and modify the records of a database. Which of the following attacks is being carried out?
A. Protocol injection
B. SQL injection
C. HTTP injection
D. Cross-site scripting
- Which one of the following attacks allows a hacker to execute commands on a server?
A. Protocol-based attack
B. Cross-site request forgery
C. Cross-site scripting
D. Command injection
- A user wants to verify the identity of a web server. Which of the following can be used?
A. Domain name
B. Digital certificate
C. IP address
D. All of the above
- An attacker is attempting to trick a CEO of a large organization into clicking a malicious link within an email message. Which type of attack is this?
A. Farming
B. Vishing
C. Whaling
D. Spear phishing
- Which of the following is not a technique used by a hacker to evade detection?
A. Encryption
B. Tunneling
C. Shellcode
D. Fragmentation
- Which of the following is a component of cryptography?
A. Data encryption
B. Origin authentication
C. Non-repudiation
D. All of the above
- Which of the following can be used as an additional layer of security for integrity checking data?
A. HMAC
B. Encryption
C. Digital certificate
D. All of the above
- Which of the following techniques uses the same key to encrypt and decrypt data?
A. PKI
B. Asymmetric
C. Symmetric
D. RSA
- Which type of cryptanalysis best describes how the attacker has access to the ciphertext and has knowledge of some information about the plaintext message?
A. Meet-in-the-middle
B. Chosen-ciphertext
C. Chosen-plaintext
D. Known-plaintext
- Which of the following encryption algorithms uses different keys to encrypt and decrypt?
A. AES
B. RSA
C. DES
D. 3DES
- Which of the following wireless security standards uses AES to handle data encryption?
A. WPA2
B. WPA
C. WEP
D. All of the above
- A user clicks on a link and a file is downloaded on their system and executed. After a few seconds, all their data is encrypted, and a payment screen is presented on their desktop. This is an indication of which of the following threats?
A. Worm
B. Ransomware
C. Spyware
D. Bot
- A security engineer wants to restrict employees to only opening certain applications on their computer. Which of the following techniques is recommended?
A. All the computer's antivirus programs handle this restriction
B. Using sandboxing techniques
C. Using a host-based firewall
D. Application whitelisting
- Which of the following best describes a child process without a parent process?
A. Thread
B. Service
C. Orphan process
D. Zombie process
- Which of the following registry hives is responsible for ensuring all the current applications are executed properly within Windows Explorer?
A.
HKEY_CURRENT_USERB.
HKEY_LOCAL_MACHINEC.
HKEY_CLASSES_ROOTD.
HKEY_CURRENT_CONFIG - Which filesystem has support for encryption, compression, file permissions, disk quotas, recovery, and improved performance and reliability?
A. FAT
B. NTFS
C. FAT32
D. exFAT
- Which of the following filesystems do not support journaling?
A. EXT3
B. EXT2
C. EXT4
D. None of the above
- According to CVSS, which of the following component metrics defines how an attack can happen on the target system?
A. User interaction
B. Attack complexity
C. Attack vector
D. Scope
- Which of the following types of malware allows a hacker to gain remote control of a victim's system?
A. Spyware
B. Worm
C. Ransomware
D. RAT
- Which of the following NIST standards defines how to integrate forensic techniques into incident response?
A. NIST SP 800-85
B. NIST SP 800-86
C. NIST SP 800-30
D. NIST SP 800-124
- How can a forensic professional keep track of the history of evidence during the entire investigation process?
A. Apply proper labeling
B. Create a hash of the evidence
C. Send an email containing the respective details
D. Chain of custody
- Which type of evidence is defined as evidence that supports a theory that is related to the investigation?
A. Corroborative
B. Indirect
C. Best evidence
D. None of the above
- Which of the following NIST standards defines the practices for handling computer security incidents?
A. NIST SP 800-85
B. NIST SP 800-61
C. NIST SP 800-30
D. NIST SP 800-124
- Which of the following should be considered when you're creating an incident response plan?
A. Goals
B. Metrics
C. Roadmap
D. All of the above
- Which of the following phases in incident response focuses on removing the threat from the system?
A. Recovery
B. Detection and analysis
C. Eradication
D. Containment
- Which CSIRT team is responsible for disclosing security vulnerability details and information to their nation's population?
A. Coordination centers
B. PSIRT
C. CERT
D. National CSIRT
- Which of the following regulatory standards helps protect PHI?
A. PCI DSS
B. SOX
C. HIPAA
D. All of the above
- Which of the following is not an element of incident description according to VERIS?
A. Actions
B. Assets
C. Actors
D. Adversary
- Which of the following stages of the Cyber Kill Chain describes an attacker launching an exploit on the victim's system?
A. Weaponization
B. Exploitation
C. Installation
D. Command and control
- Which of the following is not a component of the diamond model of intrusion?
A. Attack
B. Adversary
C. Victim
D. Capability
- Which of the following is an example of PII?
A. Telephone number
B. Email address
C. Credit card number
D. All of the above
- At which stage of the Cyber Kill Chain does the attacker exfiltrate data?
A. Weaponization
B. Actions on objectives
C. Installation
D. Command and control
- Which type of malware is self-replicating and self-propagating?
A. Spyware
B. Worm
C. Trojan
D. Bot
