LAB 1
1. All of these
2. Nothing
3. Microsoft Edge
4. Windows Sandbox
5. Changes are lost
Lab 2
1. Start, Settings, System, and then About
2. the installation halts
3. Directly from the browser
4. Quick scan
5. 0
Lab 3
1.Which type of attack does the attacker infect a website that is often visited by the target users?
Watering hole
2.Which type of phishing is conducted over the Voice over IP (VoIP) lines where the attacker pretends to be a legitimate caller from a bank or a financial institution?
Vishing
3.Which type of phishing targets specific individuals and companies?
Spear Phishing
4.You received a call from a person who was pretending to be from a law firm. The caller wanted to know some confidential information about your organization. Which of the following social engineering method was the person using?
Authority
5.Which of the following attack uses CDs, DVDs, or USB drives?
Baiting
6.Which of the following type of attacker keeps exfiltrating the data quietly, without being detected?
Advanced Persistent Threat (APT)
7.Which of the following performs hacking for either a political reason or wants to bring in a social change?
Hacktivists
8.Which type of hackers break into systems for personal or financial gain?
Black Hat
9.Insider threats are generated by the individuals who are either the organization’s employees or are closely associated with the organization as a vendor or a third-party. [TRUE/FALSE]
TRUE
10.Which of the following are the phases in Open Source Intelligence (OSINT)? [Choose all that apply]
Result Delivery
Data Analysis
Data Processing
Source Identification
Data Harvesting
11.In which of the following tests does the tester not need to have prior knowledge of the system’s internal design or features?
Black Box Testing
12.Which of the following testing strategies will be performed by a gradual process of gaining access to a network component, infrastructure, or an application layer to minimize detection?
Lateral Movement
13.Which of the following is a full knowledge penetration testing?
White Box Testing
14.Footprinting and gathering information about the target is performed in which phase of penetration testing?
Discovery
15.Which of the following terms refers to attacking or taking control of a system through another compromised system?
Pivoting
16.Which of the following allows organizations to identify and remediate vulnerabilities before the public is aware of it, thus reducing the spread and intensity of abuse?
Bug Bounty
17.Which of the following are examples of technical control? [Choose all that apply]
Firewall
Router
18.Which type of control identifies a security risk that might be present in a policy, process, or procedure?
Detective
19.Which of the following standard/law focuses on protecting the financial non-public information?
GRAMM-LEACH-BILLEY ACT (GLBA)
20.Which of the following ISO framework provides requirements for an information security management system and focuses on managing information security within an organization?
27001
21.Which of the following standards provide guidelines for hardening a Webserver?
Center for Internet Security (CIS)
22.After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered?
Security manager
23.Which of the following is false about the CompTIA Security+ certification?
Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
24.Which of the following is true regarding the relationship between security and convenience?
Security and convenience are inversely proportional.
25.Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it?
Integrity
26.Which of the following is not used to describe those who attack computer systems?
Malicious agent
27.Which of the following is not true regarding security?
Security is a war that must be won at all costs.
28.Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose?
Fame
29.Which of the following ensures that only authorized parties can view protected information?
Confidentiality
30.Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?
White hat hackers
31.omplete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.
through products, people, and procedures on the devices that store, manipulate, and transmit the information
32.Which of the following groups have the lowest level of technical knowledge?
Script kiddies
33.Which of the following groups use Advanced Persistent Threats?
State actors
34.Which of the following is not a reason why a legacy platform has not been updated?
No compelling reason for any updates
35.How do vendors decide which should be the default settings on a system?
Those settings that provide the means by which the user can immediately begin to use the product.
35.Which tool is most commonly associated with state actors?
Advanced Persistent Threat (APT)
36.What is the term used to describe the connectivity between an organization and a third party?
System integration
37.What is an objective of state-sponsored attackers?
To spy on citizens
38.Which of the following is not an issue with patching?
Patches address zero-day vulnerabilities
39.Which of the following is not a recognized attack vector?
On-prem
40.What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
Brokers
41.Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Planning
42.Which of the following is NOT a characteristic of a penetration test?
Automated
43.Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
Red Team
44.Lykke’s supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?
They would have to stay overnight to perform the test.
45.What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Black box
46.Which of the following is NOT an advantage of crowdsourced penetration testing?
Less expensive
47.Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Scope
48.Which is the final rule of engagement that would be conducted in a pen test?
Reporting
49.What is another name for footprinting?
Active reconnaissance
50.When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
Lateral movement
51.What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Requests for comments (RFCs)
52.Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?
Twitter
53.Which of the following is a standard for the handling of customer card information?
PCI DSS
54.Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
Regulations
55.Which group is responsible for the Cloud Controls Matrix?
CSA
56.Tuva’s supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva’s supervisor want to distribute?
SSAE SOC 2 Type II
57.Which ISO contains controls for managing and controlling risk?
ISO 31000
58.Which premise is the foundation of threat hunting?
Threat actors have already infiltrated our network.
59.Which of the following can automate an incident response?
SOAR
60.Which of the following is not something that a SIEM can perform?
Incident response
Other Links:
Statistics Quiz
Networking Quiz
See other websites for quiz:
Check on QUIZLET