- Which of the following malware does not harm the system but only targets the data?
Ransomware
2. Password spraying cyber-attack can be categorized as which of the following type of attack?
Brute-force
3. A USB can be used to drop which of the following types of malware? [Choose all that apply]
SELECT ALL OPTIONS TO CORRECT
4. Which of the following statements are true for artificial intelligence (AI)? [Choose all that apply]
A self-driving car is an example of AI
Machine Learning or ML is a subset of AI
AI focuses on the broad idea of making a system execute a task
5. Which of the following type of attack is a pre-cursor to the collision attack?
Birthday
6. Which of the following statements are true for a zero-day attack? [Choose all that apply.]
A zero-day vulnerability can be example of an unknown threat
A zero-day vulnerability can only be discovered when the software is deployed
A zero-day attack is impossible to detect as it exploits the unknown vulnerabilities
7. Which of the following is known as out-of-the-box configuration?
Default settings
8. Which of the following code provides instructions to the hardware?
Firmware
9. For which of the following Windows versions, Microsoft has stopped providing support services? [Choose all that apply.]
Windows 7
Windows XP
10. Which type of attack occurs if an application overruns the allocated buffer boundary and writes to adjacent memory locations?
Buffer Overflow
11. Which of the following enables attackers to inject client-side scripts into web pages viewed by other users?
Cross Site Scripting
12. Which of the following is also known as a “dot dot slash” attack?
Path Traversal
13. An application lists all the files and subdirectories in its web folder. This indicates which of the following weaknesses on the application?
Directory Listing
14. Which of the following provides unauthorized access to another user’s system resources or application files at the same level/role within an organization?
Horizontal Privilege Escalation
15. Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier which allows an attacker the opportunity to steal authenticated sessions, describes which of the following?
Session Hijacking
16. Which of the following attack type confirms the vulnerability by revealing database-specific exceptions or error messages to the end-user or attacker?
Error Based SQL Injection
17. In which type of software environment are you most likely to find Microsoft Visual Studio and Eclipse?
Development
18. What is the highest level of normalization that you can achieve with a database?
6NF – Sixth Normal Form
19. Which of the following loop runs until a statement becomes true?
Until loop
20. You have a version control system installed. Several developers work with this system. A new developer wants to work on the code. What is the first task that the developer must perform?
Check out the existing code
21. Which of the following statements is true for the scalability of a system?
You can add more resources to the system to gain optimal application performance
22. Which of the following spectrums are used by wireless networks? [Choose all that apply]
2.4 GHz
5 GHz
23. What is the maximum distance supported by Bluetooth 5.x?
200 feet
24. Which of the following features of Mobile Device Management (MDM) can be used by an organization? [Choose all that apply]
CHOOSE ALL OPTIONS TO CORRECT
25. Which of the following Unified Endpoint Management (UEM) features can help an IT administrator manage and administer IT assets? [Choose all that apply]
Remote management
Software deployment
Operating system deployment
License Management
26. Which of the following method is used in sideloading?
USB
27. What word is used today to refer to network-connected hardware devices?
| a. Client |
| b. Device |
| c. Host |
| d. Endpoint |
28. Which of the following is NOT a characteristic of malware?
| a. Launch |
| b. Imprison |
| c. Deceive |
| d. Diffusion |
29. Gabriel’s sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer?
| a. Cryptomalware |
| b. Impede-ware |
| c. Persistent lockware |
| d. Blocking ransomware |
30. Marius’s team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation?
| a. The employee would have to wait at least an hour before her computer could be restored. |
| b. Cryptomalware can encrypt all files on any network that is connected to the employee’s computer. |
| c. It sets a precedent by encouraging other employees to violate company policy. |
| d. The organization may be forced to pay up to $500 for the ransom. |
31. Which type of malware relies on LOLBins?
| a. PUP |
| b. File-based virus |
| c. Bot |
| d. Fileless virus |
32. Which of the following is known as a network virus?
| a. Remote exploitation virus (REV) |
| b. C&C |
| c. Worm |
| d. TAR |
33. Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet?
| a. Spam |
| b. Malware |
| c. Ad fraud |
| d. LOLBins |
34. Which of the following is NOT a means by which a bot communicates with a C&C device?
| a. Email |
| b. Command sent through Twitter posts |
| c. Signing in to a third-party website |
| d. Signing in to a website the bot herder operates |
35. Randall’s roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn’t want the software because it slows down the computer. What type of software is this?
| a. Spyware |
| b. Keylogger |
| c. Bot |
| d. PUP |
36. What is the difference between a Trojan and a RAT?
| a. A Trojan can carry malware while a RAT cannot. |
| b. There is no difference. |
| c. A RAT gives the attacker unauthorized remote access to the victim’s computer. |
| d. A RAT can infect only a smartphone and not a computer. |
37. Which of these would NOT be considered the result of a logic bomb?
| a. Erase the hard drives of all the servers 90 days after Alfredo’s name is removed from the list of current employees. |
| b. If the company’s stock price drops below $50, then credit Oscar’s retirement account with one additional year of retirement credit. |
| c. Delete all human resource records regarding Augustine one month after he leaves the company. |
| d. Send an email to Rowan’s inbox each Monday morning with the agenda of that week’s department meeting. |
38. Which of the following attacks is based on a website accepting user input without sanitizing it?
| a. XSS |
| b. SQLS |
| c. SSXRS |
| d. RSS |
39. Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website?
| a. SSFR |
| b. CSRF |
| c. DRCR |
| d. DLLS |
40. Which of the following manipulates the trusting relationship between web servers?
| a. EXMAL |
| b. SCSI |
| c. CSRF |
| d. SSRF |
41. Which type of memory vulnerability attack manipulates the “return address” of the memory location of a software program?
| a. Buffer overflow attack |
| b. Integer overflow attack |
| c. Shim overflow attack |
| d. Factor overflow attack |
42. What race condition can result in a NULL pointer/object dereference?
| a. Conflict race condition |
| b. Time of check/time of use race condition |
| c. Value-based race condition |
| d. Thread race condition |
43. Which of the following attacks targets the external software component that is a repository of both code and data?
| a. OS REG attack |
| b. Dynamic-link library (DLL) injection attack |
| c. Device driver manipulation attack |
| d. Application program interface (API) attack |
44. What term refers to changing the design of existing code?
| a. Library manipulation |
| b. Design driver manipulation |
| c. Refactoring |
| d. Shimming |
45. Which of the following is technology that imitates human abilities?
| a. RC |
| b. XLS |
| c. AI |
| d. ML |
46. Which statement regarding a keylogger is NOT true?
| a. Software keyloggers are generally easy to detect. |
| b. Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet. |
| c. Keyloggers can be used to capture passwords, credit card numbers, or personal information. |
| d. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. |
47. Akira is explaining to his team members the security constraints that have made it a challenge for protecting a new embedded system. Which of the following would Akira NOT include as a constraint?
| a. Authentication |
| b. Power |
| c. Cost |
| d. Availability |
48. Agape has been asked to experiment with different hardware to create a controller for a new device on the factory floor. She needs a credit-card-sized motherboard that has a microcontroller instead of a microprocessor. Which would be the best solution?
| a. FPGA |
| b. Raspberry Pi |
| c. SoC |
| d. Arduino |
49. Hakaku needs a tool with a single management interface that provides capabilities for managing and securing mobile devices, applications, and content. Which tool would be the best solution?
| a. UEM |
| b. MCCM |
| c. MDM |
| d. MMAM |
50. In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support?
| a. COPE |
| b. BYOD |
| c. Corporate owned |
| d. CYOD |
51. Aoi has been asked to provide research regarding adding a new class of Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Aoi NOT list in her report as a factor in the frequency of Android firmware OTA updates?
| a. OEMs are hesitant to distribute Google updates because it limits their ability to differentiate themselves from competitors if all versions of Android start to look the same through updates. |
| b. Because many of the OEMs have modified Android, they are reluctant to distribute updates that could potentially conflict with their changes. |
| c. Because OEMs want to sell as many devices as possible, they have no financial incentive to update mobile devices that users would then continue to use indefinitely. |
| d. Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks |
52. What is the process of identifying the geographical location of a mobile device?
| a. Geomonitoring |
| b. Geolocation |
| c. Geotracking |
| d. GeoID |
53. Which of these is used to send SMS text messages to selected users or groups of users?
| a. Pull notification services |
| b. Push notification services |
| c. Replay notification distribution (RND) |
| d. MAM mass SMS |
54. Enki received a request by a technician for a new subnotebook computer. The technician noted that he wanted USB OTG support and asked Enki’s advice regarding its. Which of the following would Enki NOT tell him?
| a. A device connected via USB OTG can function as a host. |
| b. Connecting a mobile device to an infected computer using USB OTG could allow malware to be sent to that device. |
| c. A device connected via USB OTG can function as a peripheral for external media access. |
| d. USB OTG is only available for connecting Android devices to a subnotebook. |
55. Banko’s sister has just downloaded and installed an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called?
| a. Jailbreaking |
| b. Rooting |
| c. Ducking |
| d. Sideloading |
56. Which of the following technologies can convert a texting app into a live chat platform?
| a. RCS |
| b. SMS |
| c. QR |
| d. MMS |
57. What prevents a mobile device from being used until the user enters the correct passcode?
| a. Swipe identifier (SW-ID) |
| b. Screen timeout |
| c. Touch swipe |
| d. Screen lock |
58. Hisoka is creating a summary document for new employees about their options for different mobile devices. One part of his report covers encryption. What would Hisoka NOT include in his document?
| a. Data backed up to an Apple or Google server could be unlocked by a court order. |
| b. Encryption occurs when the mobile device is locked. |
| c. Apple uses file-based encryption to offer a higher level of security. |
| d. All modern versions of mobile device OS encrypt all user data by default. |
59. What does containerization do?
| a. It separates personal data from corporate data. |
| b. It slows down a mobile device to half speed. |
| c. It places all keys in a special vault. |
| d. It splits operating system functions only on specific brands of mobile devices. |
60. What allows a device to be managed remotely?
| a. Mobile application management (MAM) |
| b. Mobile wrapper management (MWM) |
| c. Mobile device management (MDM) |
| d. Mobile resource management (MRM) |
61. Which of these is NOT a security feature for locating a lost or stolen mobile device?
| a. Last known good configuration |
| b. Alarm |
| c. Thief picture |
| d. Remote lockou |
62. What enforces the location in which an app can function by tracking the location of the mobile device?
| a. Graphical Management Tracking (GMT) |
| b. GPS tagging |
| c. Geofencing |
| d. Location resource management |
63. Which of these is considered the strongest type of passcode to use on a mobile device?
| a. Password |
| b. Draw connecting dots pattern |
| c. PIN |
| d. Fingerprint swipe |
64. Which of the following is NOT a context-aware authentication?
| a. Trusted places |
| b. Trusted contacts |
| c. On-body detection |
| d. Trusted devices |
65. Which tool manages the distribution and control of apps?
| a. MDM |
| b. MAM |
| c. MFM |
| d. MCM |
Other Links:
See other websites for quiz:
Check on QUIZLET