Screenshot 2024-06-07 at 2.52.32 in the afternoon.pdf
Document Details
Uploaded by WelcomeVerse
Tags
Related
- Proeza Information Security Management for Supplier Relationships Policy (PDF)
- SABSA Foundation F2 - Security Management & Design PDF
- Management Of Information Security PDF
- Information Systems for Business (BBA, Semester 6) PDF
- Chapter 3.5 Office Administration PDF
- ITIL® 4 Foundation Course General Management Practices PDF
Full Transcript
1. Which of the following elements of a regulatory framework refers to high-level statements that deal with the administrative network security of an organization? A. Policies 2. Which of the following acts aims to protect the public and investors by increasing the accuracy and reliability of corpo...
1. Which of the following elements of a regulatory framework refers to high-level statements that deal with the administrative network security of an organization? A. Policies 2. Which of the following acts aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures and does not explain how an organization must store records but describes the records that organizations must store and the duration of their storage? B. Sarbanes Oxley Act 3. Which of the following is the most complex form of business and exists as legal entities that are separate from their owners? D. Corporation 4. Which of the following elements of security policy identifies the items that must be covered, hidden, protected, or public, and procedure to secure them?* B. Defined scope and applicability 5. Braxton, a security professional, received an SIEM alert regarding a suspicious activity on the organization network. Soon after receiving the alert, Braxton performed necessary actions to mitigate the threat and prevent further exploitation. B. Discipline security requirements 6. Which of the following high-level security requirements was demonstrated in the above scenario? C. Procedural security requirements 6. Which of the following types of physical threats involves planting a vehicle bomb, human bomb, or postal bomb in and around an organization’s premises and impacts the overall physical security of the organization?* B. Terrorism 7. Bentley, a security inspector, was assigned to install a physical security control in the company premises to defend against intrusion attempts. He implemented a security control that involves motion sensors connected with video surveillance to monitor and identify illegitimate intrusion attempts. Which of the following types of physical security control has Bentley implemented in the above scenario? A. Detective controlsv 8. Which of the following security personnel are responsible for screening visitors and employees at main gates or entrances, documenting names and other details about visitors, and conducting regular patrols in the premises?* C. Guards 9. Which of the following practices helps administrators secure server/backup devices from physical theft? D. Keep the server and backup devices in a separate room. 10. Emmanuel, an administrator, was tasked with arranging servers in an appropriate manner at a data center. He arranged the equipment in such a manner that it can maintain proper airflow to reduce heat and save energy. This arrangement can also save the hardware from humidity and heat and increase hardware performance. Identify the arrangement made by Emmanuel to maintain proper air flow in the above scenario. B. Hot and cold aisles 11. Jayce, a software engineer working from a remote location, connected his laptop to the company’s server through a VPN. The company has implemented a security protocol that provides authentication as well as the encryption of the data passing through the VPN tunnels. Identify the network security protocol implemented by the company for secure communication. A. IPsec 12. Identify the network management protocol that is primarily used in Unix and Linux environments and is used for secure remote login.* C. SSH 13. Which of the following SNMPv3 security features ensures that all messages originate from a trusted source?* D. Authentication 14. Which of the following types of network segmentation is implemented by assuming that every user attempting to access the network is an invalid entity and by verifying every incoming connection before allowing access to the network?* C. Zero-trust network 15. Bob, a network defender, at an organization was observing the network behavior by deploying a firewall on the organization’s network. He examined whether the firewall rules are set according to the actions performed by the firewall or whether it has any bugs. In which of the following steps of firewall implementation was Bob in the above scenario? A. Testing 16.Which of the following entities in the risk management team is empowered with the authority to manage almost all processes in an organization?* C. Business and functional managers 17. Which of the following types of risks often emerge from the unpatched or outdated version of software usage in a system that allows attackers to obtain access to the middleware, applications, and databases that run on the system?* A. Risks from legacy systems 18. Which of the following techniques focuses on mapping the probability of occurrence for a specific event to the expected cost associated with the event?* A. Quantitative risk analysis 19. Keegan, a security team member, conducted risk assessment for the network and devices in the organization. After analyzing and prioritizing each risk, Keegan decided to take immediate action on the risks that may cause service disruption to the organization. Identify the risk level that needs immediate action to prevent service disruption. A. High 20. Identify the COBIT framework internal stakeholders who help in understanding how to obtain the IT solutions that enterprises require and how best to exploit new technology for strategic opportunities. B. Business managers 1. Which of the following statements is NOT a benefit of risk management process? C. Maximizes the impact of risk on an organization’s revenue 2. Which of the following entities in the risk management team is empowered with the authority to manage almost all processes in an organization? C. Business and functional managers 3. Which of the following entities in the risk management team are considered as subject matter experts as they are responsible for developing and providing appropriate coaching material for the risk management process? B. Security awareness trainers 4. Which of the following types of risks are emerged from supplier services that have been stopped due to an event at the supplier’s end that may impact the organization’s business? D. Multi-party risks 5. Which of the following types of risks often emerge from the unpatched or outdated version of software usage in a system that allows attackers to obtain access to the middleware, applications, and databases that run on the system? A. Risks from legacy systems 6. Which of the following risk management phases lists risks and their characteristics before such risks harm an organization? A. Risk identification 7. Which of the following risk management phases is an ongoing iterative process of assigning priorities for risk mitigation and implementation plans? A. Risk assessment 8. Which of the following techniques focuses on mapping the probability of occurrence for a specific event to the expected cost associated with the event? A. Quantitative risk analysis 9. Which of the following techniques focuses on mapping the perceived impact of a specific event occurring to a risk rating agreed upon by the organization? A. Qualitative risk analysis 10. Keegan, a security team member, conducted risk assessment for the network and devices in the organization. After analyzing and prioritizing each risk, Keegan decided to take immediate action on the risks that may cause service disruption to the organization. Identify the risk level that needs immediate action to prevent service disruption. A. High 11. Which of the following categories of risks can be ignored as they generally do not pose any significant problem, but periodical reviews should be performed to ensure the controls remain effective? C. Low 12. Which of the following techniques is used to scale risk by considering the probability, likelihood, and consequence/impact of the risk? D. Risk matrix 13. In an organization, a security professional has identified few risks in the organization’s IT infrastructure during the risk management process. As the severity level of the risks is acceptable, the security professional decided not to apply any of the treatment options available. Which of the following risk treatment options was demonstrated in the above scenario? C. Risk retention 14. Identify the risk treatment option that relates to reassigning accountability for a risk to another entity or organization and is accomplished by purchasing insurance that will reduce the direct costs of a covered event or reduce the cost of remediation. A. Risk sharing or risk transfer 15. Identify the risk management phase that identifies the chance of a new risk and it includes monitoring the probability, impact, status, and exposure of risks. C. Risk tracking 16. Identify the risk management phase that identifies the chance of a new risk and it includes monitoring the probability, impact, status, and exposure of risks. C. Risk tracking 17. Given below are the various steps involved in the NIST risk management framework. 1. Implement 2. Authorize 3. Monitor 4. Select 5. Categorize 6. Assess Identify the correct sequence of steps involved in NIST risk management framework. C. 5 -> 4 -> 1 -> 6 -> 2-> 3 18. Given below are the various steps involved in the assessment stage of the NIST risk management framework. 1. Tailor the assessment procedures 2. Analyze the results 3. Select appropriate procedures to assess those controls 4. Determine depth and coverage needed for assurance 5. Create the security assessment report 6. Finalize the plan and obtain approval 7. Determine which controls are to be assessed 8. Conduct the assessment 9. Develop the security assessment plan Identify the correct sequence of steps involved in the assessment stage. D. 9 ->7->3->4 ->1->6->8 ->2->5 19. Identify the NIST risk management framework step that involves continuously tracking changes to the information system for signs of attacks that may impact security controls, and regularly monitoring the security controls to access their effectiveness D. Monitor 20. Which of the following COSO ERM components sets an organization’s tone, reinforcing the importance of, and establishing oversight responsibilities for, ERM? D. Governance and culture 21. Identify the COBIT framework internal stakeholders who help in understanding how to obtain the IT solutions that enterprises require and how best to exploit new technology for strategic opportunities. B. Business managers 22. Bob, a network defender, at an organization was observing the network behavior by deploying a firewall on the organization’s network. He examined whether the firewall rules are set according to the actions performed by the firewall or whether it has any bugs. In which of the following steps of firewall implementation was Bob in the above scenario? C. Configuring 23. Identify the COBIT framework internal stakeholders who provide guidance on how to organize and monitor IT performance across the enterprise. B. Executive management 24.Which of the following COBIT framework principles states that a governance system for enterprise IT is built from a number of components that can be of different types and that work together in a universal way? A. Holistic approach 25. Which of the following risk management frameworks provides information guidelines designed to provide broadly acceptable guidance for information security risk management and maps directly to the strategy and recommendations outlined in ISO 27001? A. ISO 27005 26. Which of the following NIST risk management framework steps involves integrating security controls with legacy systems using sound system engineering practices, and then enforcing and documenting their impact on the environment? A. Implement 1. Which of the following elements of a regulatory framework refers to high-level statements that deal with the administrative network security of an organization? A. Policies 2. Which of the following elements of regulatory framework comprises of specific low-level mandatory controls or controls related to the implementation of a specific technology useful for enforcing and supporting policies and ensuring consistent businesses security? B. Standards 3. Which of the following PCI–DSS requirements defines documentation and business justification for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure?* B. PCI–DSS requirement no 1.1.6 4. Which of the following act contains “electronic transactions and code set standards” to transfer information between two parties for specific purposes?* C. HIPAA 5. Which of the following is an accreditation standard that guides certification bodies on the formal processes they must follow when auditing their client’s information security management systems (ISMSs) against ISO/IEC 27001 in order to certify or register them compliant?* B. ISO/IEC 27006 6. Which of the following countries holds the Unauthorized Modification or Alteration of the Information System act?* C. Brazil 7. Which of the following is the most complex form of business and exists as legal entities that are separate from their owners?* D. Corporation 8. In which of the following levels of capability maturity model integration (CMMI) the processes are unpredictable, poorly controlled, and reactive?* D. LEVEL 1 – Initial 9. Which of the following practices is to be considered by a user while creating or updating their password? D. Include both uppercase and lowercase letters, numerical digits, and special characters 10. Which of the following elements of security policy identifies the items that must be covered, hidden, protected, or public, and procedure to secure them? B. Defined scope and applicability 11. Identify the type of information security policy that specifies the necessary technologies along with preventive measures such as authorization of user access, privacy protection, and fair and responsible use of technologies. D. Issue-specific security policy (ISSP) 12. Which of the following changes involved in change management process is a non-standard and non-emergency change that is important to IT services? D. Minor change 13. Richard, a security professional, in an organization was instructed to implement organizational level security policy. For this purpose, he implemented a type of information security policy that supports the organization by offering ideology, purpose, and methods to create a secure environment for their IT infrastructure. Identify the type of information security policy implemented by Richard in the above scenario. C. System-specific security policy 14. Identify the security label for which users require a higher clearance level for accessing a specific file or document. A. Secret 15. Luis, a security team member, was instructed to train new employees on securing the organization from unwanted issues. As a primary part of training, he instructed employees not to throw sensitive documents in the trash, and also trained them on how to shred documents and erase magnetic data before putting them into the trash. Which of the following attacks was mitigated by grooming employees on the above techniques? D. Dumpster diving 1. Which of the following layers in the OSI model cannot be protected using conventional firewalls? D. Physical layer 2. Which of the following types of physical threats involves planting a vehicle bomb, human bomb, or postal bomb in and around an organization’s premises and impacts the overall physical security of the organization?* B. Terrorism 3. Which of the following physical security threats is caused by short circuits or poor building materials and may affect the operational facility and computer rooms in an organization? D. Fires 4. Which of the following layers in the OSI model includes all cabling and network systems for digital data communication? D. Physical layer 5. Which of the following physical security threats is a man-made threat caused by a lack of proper security and locks? A. Theft 6. Which of the following physical security controls involve the enforcement of access-control mechanisms such as door locks and security guards to protect the environment in advance?* D. Preventive controls 7. Bentley, a security inspector, was assigned to install a physical security control in the company premises to defend against intrusion attempts. He implemented a security control that involves motion sensors connected with video surveillance to monitor and identify illegitimate intrusion attempts. Which of the following types of physical security control has Bentley implemented in the above scenario? A. Detective controls 8. Which of the following security controls are used by security professionals to discourage attackers and send warning messages about the consequences of intrusion attempts? A. Deterrent controls 9. Which of the following fire detection systems is used to detect and respond to the thermal energy generated by fire incidents? A. Heat detectors 10. Which of the following fire suppression systems is used to suppress fire at the initial stage by discharging an agent present inside a cylindrical vessel and may not be used in case of a fire covering a large area?* A. Fire detection system 11. Which of the following physical security barriers are used for controlling and restricting motor vehicles at parking areas or office premises and also facilitate the easy movement of people on the other side?* A. Bollards 12. The premises of a software company are covered with physical barriers in the form of short vertical posts that are installed to control motor vehicles entering the building entrances and to allow pedestrians on the other side to pass. Which of the following physical barriers is described above? C. Bollards 13. Which of the following security personnel are responsible for screening visitors and employees at main gates or entrances, documenting names and other details about visitors, and conducting regular patrols in the premises?* C. Guards 14. Identify the type of physical locks through which system locking and unlocking operations are achieved by supplying and eliminating power or by activating motors.* D. Electromagnetic locks 15. Which of the following detection devices are used to automatically scan the material that is passing through and are used in all types of entry points to detect any suspect objects inside bags or carrying packages? B. X-ray inspection systems 16. Ryker, a safety officer at an organization, was tasked with the installation of an indoor surveillance camera at the newly opened workspace. Ryker selected a camera that allows operators to pan/tilt/zoom and spin the camera according to their need, and it is impossible for individuals to locate the direction in which the camera is moving. Which of the following types of cameras has Ryker installed in the above scenario? C. Dome CCTV 17. An organization has employed an uninterruptible power supply (UPS) for the servers in the organization’s server rooms to provide continuous services. For this purpose, the organization deployed a type of UPS that connects to a battery during a power failure and supplies power below 10 kVA.b Which of the following types of UPS has the organization employed in the above scenario? C. Standby on-line hybrid 18. Identify the type of physical security control that allows people to be screened closely by a security guard to detect any suspect elements attached to their body and is used in all walkthrough entrances. C. Handheld metal detectors 19. Which of the following types of cable consists of a single copper conductor at its center and a plastic layer coated upon the conductor for moisture resistance? B. Coaxial cable 20. Which of the following types of cable is susceptible to wiretapping, where an attacker can easily tap the information flowing through the network cable?* A. Unshielded twisted pair 21. Which of the following practices helps administrators secure server/backup devices from physical theft?* D. Keep the server and backup devices in a separate room. 22. Which of the following practices must be considered for secured network cabling? C. Document the entire cable infrastructure. 23. Emmanuel, an administrator, was tasked with arranging servers in an appropriate manner at a data center. He arranged the equipment in such a manner that it can maintain proper airflow to reduce heat and save energy. This arrangement can also save the hardware from humidity and heat and increase hardware performance. Identify the arrangement made by Emmanuel to maintain proper air flow in the above scenario. A. EMI shielding B. Hot and cold aisles C. Lighting system D. Video surveillance 24. Which of the following measures assures security teams that they are implementing proper security controls and measures? B. Keep sensitive areas under surveillance. 25. Which of the following components of a duct-free split heating and air conditioning system converts the refrigerant and circulates the air?* C. Fan coil 1. Jayce, a software engineer working from a remote location, connected his laptop to the company’s server through a VPN. The company has implemented a security protocol that provides authentication as well as the encryption of the data passing through the VPN tunnels. Identify the network security protocol implemented by the company for secure communication. A. IPsec 2. Kevin, an administrator at an organization, was instructed by the management to ensure secure client–server communication. For this purpose, he implemented a protocol that provides AAA services separately and encrypts the entire communication between the client and server, including the user passwords. The protocol implemented by Kevin also provides protection against sniffing attacks. Identify the protocol implemented by Kevin in the above scenario. C. TACACS+ 3. Identify the network management protocol that is primarily used in Unix and Linux environments and is used for secure remote login. C. SSH 4. Which of the following is a standard protocol used to enable an email client to download or retrieve emails from a mailbox in a secure manner? A. POP3S 5. Which of the following protocols allows a user to retrieve messages from a mailbox on TCP port 993 and encrypts packets in transit using TLS/SSL? B. Secure IMAP (IMAPS) 6. Which of the following is a standard protocol used to send messages from one email server to another by providing an authentication mechanism to the email client over the transport layer? D. SMTPS 7. Given below are the various steps involved in the LDAPS authentication process. 1. The remote user signs into an OS or LDAPS client using Telnet/SSH. 2. Upon receiving a TLS response from the server, the client and server validate their identities. 3. The LDAPS client builds a TCP connection with the LDAPS server through a TLS request 4. After a successful Bind operation, the server sends an acknowledgment message to the LDAPS client. 5. The LDAPS client validates itself from a proxy account, which is created on the LDAPS server through a Bind request. 6. The LDAPS client then sends user credentials for authentication. 7. After successfully completing the authentication/authorization process with the server, the LDAP client informs the remote user about the successful connection or login attempt. Identify the correct sequence of steps involved in the LDAPS authentication process. D. 1 -> 3 -> 2 -> 5 -> 4 -> 6 -> 7 8. Given below are the various steps involved in the IPsec process. 1. The IPsec driver notifies ISAKMP to initiate security negotiations with the service provider. 2. The consumer’s IPsec driver attempts to match the outgoing packet’s address or the packet type against the IP filter. 3. Both principles initiate a key exchange, establishing an ISAKMP Security Association (SA) and a shared secret key. 4. The service provider’s ISAKMP receives the security negotiation request. 5. The consumer’s IPsec driver transfers packets to the appropriate connection type for transmission to the service provider. 6. Both principles discuss the security level for the information exchange, establishing both IPsec SAs and keys. 7. A consumer sends a message to a service provider. 8. The provider receives the packets and transfers them to the IPsec driver. 9. The provider’s IPsec driver transfers decrypted packets to the OSI transport layer for further processing. 10. The provider’s IPsec uses the inbound SA and key to check the digital signature and begin decryption. Identify the correct sequence of steps involved in Internet Protocol Security (IPsec). D. 7 -> 2 -> 1 -> 4 -> 3 -> 6 -> 5-> 8 -> 10 -> 9 9. Which of the following is a key protocol in the IPsec architecture that establishes the required security for various communications over the Internet, such as government, private, and commercial communications, by combining the security concepts of authentication, key management, and security associations? A. ISAKMP 10. Which of the following SNMPv3 security features ensures that all messages originate from a trusted source? D. Authentication 11. Which of the following considerations is important to ensure network security? D. The internal network of a data center should be segmented based on the security level, and appropriate security policies should be defined for each segment. 12. Which of the following types of bastion host is located within the LAN and can be either a single- or multi-homed bastion host that allows local devices to communicate with each other? A. Internal bastion host 13. Which of the following bastion hosts operate with multiple network connections, where the network connections do not interact with each other? A. Non-routing dual-homed hosts 14. Which of the following is NOT a consideration to ensure network security? B. The internal network of a data center should not be segmented based on the security level. 15. Which of the following types of network segmentation is implemented by assuming that every user attempting to access the network is an invalid entity and by verifying every incoming connection before allowing access to the network? C. Zero-trust network 16. Identify the security control in the form of software or hardware that monitors and filters the incoming and outgoing traffic of the network and prevents unauthorized access to private networks. C. Firewall 17. Which of the following layers of the OSI model does not support firewall technology as a security measure? D. Physical layer 18. Which of the following firewall technologies works at the session layer of the OSI model or the TCP layer of TCP/IP model and filters traffic based on specified session rules? A. Circuit-level gateway 19. Which of the following information allows a packet-filtering firewall to check whether the packet is arriving from a packet-filtering firewall or leaving it? B. Direction 20. Which of the following information allows a packet-filtering firewall to check whether a packet is from an unreliable site? A. Interface 21. Which of the following information allows the firewall to check whether the packet has a SYN, ACK, or other bits set for connecting with the destination host? C. TCP code bits 22. Bob, a network defender, at an organization was observing the network behavior by deploying a firewall on the organization’s network. He examined whether the firewall rules are set according to the actions performed by the firewall or whether it has any bugs. In which of the following steps of firewall implementation was Bob in the above scenario? A. Testing 23. Which of the following firewalls works at the session layer of the OSI model or TCP layer of TCP/IP, forwards data between networks without verification, and blocks incoming packets from the host but allows traffic to pass through? A. Packet filtering firewall 24. Which of the following commands helps security specialists check existing firewall rules? A. sudo iptables –L –n –v B. # iptables -t nat -L -v –n. C. Iptables –A INUPT –s 10.10.10.55 –j DROP D. # iptables -A OUTPUT - p tcp --dport xxx -j DROP Option A 25. Identify the task the user is going to perform by executing the iptables command. “iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP”. C. Filtering non-TCP packets 26. Given below are the various steps involved in establishing a remote-access VPN connection. 1. The packet is encrypted before placing it in the tunnel. 2. The VPN server accepts the packet from the tunnel, decrypts it, and sends it to the final destination. 3. The remote user propagates a PPP connection with an ISP’s NAS through a PSTN. 4. The location of the VPN server depends on the model used for the VPN implementation. 5. The packets sent by the user are sent to the tunnel connecting the NAS and VPN server after authenticating the user. Identify the correct sequence of steps involved in establishing a remote-access VPN connection. B. 3 -> 5 -> 1 -> 4 -> 2 27. Identify the VPN encapsulation protocol that permits multiple protocols to be encrypted and sent across any medium supporting point-to-point delivery. B. L2TP 28. Given below are the various steps for establishing a VPN network connection using SSL and PPP. 1. “Hello” messages establish the SSL version, support for cipher suites, and some random data. 2. An initial handshake is performed for secure communication. 3. The key is determined separately from the handshake. 4. Data are transferred over the link. Identify the correct sequence of steps for establishing a VPN network. A. 2 -> 1 -> 3 -> 4 29. Which of the following components of VPN is also called as media gateway and is responsible for setting up and maintaining each tunnel in a remote access VPN? B. Network access server 30. Identify the VPN core functionality in which packets over a VPN are enclosed within another packet that has a different IP source and destination because concealing the source and destination of the packets can protect the integrity of the data sent. A. Encapsulation Threats Sources 1. Bob, a college student, was curious about learning hacking concepts. With the mediocre knowledge, he used a free online tool to hack his college website. Bob was unable to compromise the website as it was protected using strong security controls. Which of the following categories of threats was demonstrated in the above scenario? D. Unstructured external threats 2. Which of the following types of threats originates from outside an organization’s network and exploits the vulnerabilities present in a local system or network? C. External threats 3. Mateo, a professional hacker, was recruited by an agency to steal sensitive data from a rival company. From a remote location, he discovered vulnerabilities in the target company’s network using a vulnerability scanner. He exploited them to intrude into the network and steal confidential data. Identify the threat source exploited by Mateo in the above scenario. A. External threats 4. Owen, a new employee at an organization, received a phishing mail from an unauthorized source on his official email ID. As Owen was not trained on email security, he opened the email and clicked on the malicious link within it, allowing the attacker to gain backdoor access to the office network. Identify the threat source in the above scenario. C. Unintentional threats 5. Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task. Which of the following threat was demonstrated in the above scenario? B. Natural threats Threat Actors/Agents 6. Identify the threat actors who work both offensively and defensively at various times, which mean that they help hackers find various vulnerabilities, at the same time, help vendors improve products by checking their limitations. A. White hats B. Black hats C. Gray hats D. Suicide hackers 7. A government agency appointed Ethan, a professional hacker, to gather sensitive information from the military organization of its counterpart. Ethan intruded into the target organization’s database and retrieved their top secrets. Which of the following types of threat actors does Ethan belong to in the above scenario? A. Script kiddies B. State-sponsored hackers C. Black hats D. Cyber terrorists 8. Which of the following types of threat actors are known as unskilled hackers who try to compromise systems out of enthusiasm by running tools and software developed by professional hackers? A. Black hats B. Script kiddies C. Cyber terrorists D. State-sponsored hackers 9. Which of the following types of threat actors are referred to as individuals with a wide range of skills, who are motivated by religious or political beliefs to create fear by disrupting large-scale computer networks? A. Industrial spies B. Cyber terrorists C. Black hats D. State-sponsored hackers 10. Daniel, a professional hacker, was trying to intrude into an organization’s network. He identified a vulnerability in one of the third-party solutions utilized by the organization. Daniel leveraged this vulnerability to inject malicious payload and bypassed the security solutions. Identify the threat vectors utilized by Daniel in the above scenario. A. Supply chain B. Wireless C. Direct access D. Removable media Malware and its Types 11. Jackson accessed Amelia’s system in her absence to install a malicious Trojan program from his flash drive onto her system. The Trojan captured and sent all the keystrokes to the Jackson’s system instantly. In which of the following ways did Jackson install malware in Amelia’s system? A. Untrusted sites and freeware software B. Insecure patch management C. Portable hardware media D. Instant messenger applications 12. David, a professional hacker, has created an advertisement for an electronic product embedded with malicious program and published it on a trusted website. Whenever the visitors of that website click on the advertisement to view the product details, the malware automatically gets installed on their system. In which of the following ways did David install malware on the victims’ system? A. Spear-phishing sites B. Black hat search engine optimization C. Malvertising D. Drive-by downloads 13. Whichof the following techniques is used for mimicking legitimate institutions, such as banks, to steal passwords, credit card and bank account data, and other sensitive information? A. Drive-by downloads B. Malvertising C. Black hat SEO D. Spear-phishing sites 14. Whichof the following components of malware compresses the malware file to convert the code and data of the malware into an unreadable format? A. Payload B. Dropper C. Inject or D. Packer 15. Identify the port number used by Doly Trojan to perform malicious activities on the infected systems. A. 1026 B. 1001 C. 1095 D. 1011 16. Which of the following types of Trojans physically changes the underlying HTML format, resulting in the modification of content and appearance of the website? A. Remote access Trojans B. Botnet Trojans C. IoT Trojans D. Defacement Trojans 17. Which of the following types of virus has the ability to rewrite and reprogram itself completely every time it infects a new executable file? A. Encryption virus B. Cluster virus C. Metamorphic virus D. Sparse infector virus 18. Whichof the following types of virus remains permanently in the target machine’s memory during an entire work session, even after the target host’s program has completed its execution? A. Sparse infector virus B. Terminate and stay resident virus C. Encryption virus D. Metamorphic virus 19. Which of the following types of malware restricts access to the user’s system files and folders and then demands an online payment to the malware creator to remove the restrictions? A. Worms B. Keyloggers C. Virus D. Ransomware 20. Which of the following programs gets installed and configured in a system automatically to call a set of contacts at several locations without user’s consent, thereby incurring massive telephone bills for the user? A. Adware B. Torre nt C. Dialers D. Cryptomining 21. Which of the following PUAs displays unsolicited messages offering free sales and pop-ups of online services when browsing websites? A. Dialers B. Cryptomini ng C. Adware D. Torrent 22. Williams,a professional hacker, was hired by a hacking group to perform a cyberattack on an organization. He employed a special type of UEFI rootkit to attack the target organization using which he injected malware into the system that automatically executes whenever the system starts. Identify the rootkit employed by Williams in the above scenario. A. GandCrab B. Dharma C. eCh0ra ix D. LoJax 23. Whichof the following PUAs allows an attacker to force users to download unwanted programs that have features of peer-to-peer file sharing? A. Adware B. Marketing C. Cryptomini ng D. Torrent 24. Cooper, a malware programmer, has developed a potentially unwanted application (PUA) to infect the systems. This application pops-up when a user is browsing the infected website and issues bogus reminders regarding outdated software and lures the user to click on it for further activities. Which of the following types of PUA has Cooper developed in the above scenario? A. Torrent B. Cryptomining C. Dialer s D. Adware 25. Joseph, a malicious insider in an organization, decided to spy on one of the associated systems. To achieve this, he employed a software program that records what the user is typing on the target system and transmits that data to Joseph. Identify the type of program employed by Joseph in the above scenario. A. Keylogger B. Botnet C. Ransomware D. Worm 26. Which of the following programs conceals the malicious code of malware via various techniques, thus making it difficult for security mechanisms to detect or remove it? A. Injector B. Download er C. Obfuscator D. Dropper 27. Identify the type of viruses that are programmed to rewrite themselves completely each time they infect a new executable file. A. Cavity virus B. Metamorphic virus C. Companion virus D. Shell virus 28. Which of the following fileless malware propagation techniques involves exploiting preinstalled Windows tools such as PowerShell and Windows Management Instrumentation (WMI) to install and run malicious code? A. Registry manipulation B. Malicious websites C. Native applications D. Phishing emails 29. Identify the malware component that contains a code or a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device to breach the system security. A. Crypter B. Downloader C. Dropp er D. Exploit 30. Which of the following Trojans uses port number 1807 to inject malicious payload to other systems? A. Emotet B. Shamoon C. WannaC ry D. SpySender 31. Which of the following malware targets payment equipment such as credit card/debit card readers and grab sensitive information regarding credit card number, holder name, and CVV number? A. Backdoor Trojans B. Service protocol Trojans C. Defacement Trojans D. Point-of- sale Trojans 32. Which of the following types of viruses saves the virus code to the hard drive and overwrites the pointer in the directory entry, directing the disk read point to the virus code instead of the actual program? A. Macro virus B. File virus C. Multipartite virus D. Cluster virus 33. Identify the type of virus that stores itself with the same filename as the target program file, infects the computer upon executing the file, and modifies the hard disk data. A. Shell virus B. Camouflage virus C. FAT virus D. Overwriting file virus 34. Which of the following types of viruses is triggered by a response to an event, such as the launching of an application or when a specific date or time is reached? A. File virus B. Logic bomb virus C. Macro virus D. Cluster virus 35. Identify the type of virus that appends its code to the host code without making any changes to the latter or relocate the host code to insert its code at the beginning. A. Intrusive virus B. Transient virus C. Add-on virus D. Terminate and stay resident virus 36. Which of the following types of viruses is used to transfer all controls of the host code to where it resides in the memory and selects the target program to be modified and corrupts it? A. Transient virus B. Intrusive virus C. Logic bomb virus D. Add-on virus 37. Identifythe standalone malicious program that replicates, executes, and spreads across network connections independently without human intervention by causing the network servers and individual computer systems to become overloaded and stop responding. A. Ransomw are B. Worm C. Potentially unwanted application D. Rootkit 38. Which of the following malware is a trojanized rootkit that masquerades as cracked software or a legitimate application, such as anti-malware, a video player, or an eBook reader, to infect systems and perform data exfiltration? A. Power spy B. μTorren t C. Scranos D. Dharma 39. Michelle, a professional hacker, targeted an organization and wanted to perform a sophisticated attack that can damage the systems and maintain persistence even after OS reinstallation. For this purpose, he employed a UEFI rootkit that can inject malware into the system and gets executed automatically whenever the system starts up. Identify the type of malware employed by Michelle in the above scenario. A. Power spy B. Dharma C. μTorren t D. LoJax 40. Which of the following PUAs makes use of the victims’ personal assets and financial data on the system and performs extraction of bitcoins from victims account? A. Marketing B. Cryptomining C. Torrent D. Adware 41. Identifythe type of PUA that compels the victim into unintentionally downloading large files and unwanted programs that have features of peer-to-peer file sharing. A. Marketing B. Adwar e C. Torrent D. Cryptomining 42. Noah, a professional hacker, decided to generate revenue by targeting corporate networks through click-fraud attacks. For this purpose, he uses fileless malware that exploits NodeJS to bypass UAC through CMSTP.exe and steals critical information from the victim through URLs. Identify the type of malware utilized by Noah in the above scenario. A. LoJax B. Divergent C. Dharma D. Scranos Vulnerabilities 43. Which of the following types of vulnerabilities falls under security policy vulnerabilities? A. TCP/IP protocol vulnerabilities B. User account vulnerabilities C. Internet service misconfiguration D. Lack of continuity 44. Rogers, an administrator, has installed new software on an employee’s system and forgot to change the credentials provided by the software vendor. Robert, an attacker, on the other hand, browsed an online resource to obtain credentials provided by the software vendor and used those credentials to gain remote access to the employee’s system to steal valuable data. Identify the type of vulnerability demonstrated in the above scenario. A. Default password and settings B. IP protocol vulnerabilities C. TCP protocol vulnerabilities D. Operating system vulnerabilities 45.Acomputer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests. What is the impact caused due to vulnerabilities in the above scenario? A. Privilege escalation B. Denial of service C. Information disclosure D. Remote code execution 46. Identify the vulnerability caused due to human errors that allow attackers to gain unauthorized access to a system. A. Firewall and network security applications B. Buffer overflows C. Network operations and management D. Database software 47. Identify the vulnerabilities in the IoT system that can result in severe threats to organizations. A. Errors in programming B. Ecosystem access control C. Database software D. Buffer overflows Types of Vulnerabilities 48. Identifythe type of vulnerabilities exploited by an attacker before they are identified and patched by the developers. A. Operating system flaws B. Zero-day vulnerabilities C. Legacy platform vulnerabilities D. Default passwords 49. Aiden, a professional hacker, targeted an organization to steal customer and employee data. He exploited a vulnerability present in the vendor management and targeted the vendor products that have privileged access to the systems and applications. Which of the following types of vulnerabilities were exploited by Aiden in the above scenario? A. Operating system flaws B. Default passwords C. Zero-day vulnerabilities D. Third-party risks 50. Identify the type of software vulnerability that occurs due to coding errors and allows the attackers to gain access to the target system. A. Open ports and services B. Buffer overflows C. Operating system flaws D. Legacy platform vulnerabilities 51. Which of the following vulnerabilities is an undesirable incident that occurs when a software or system program depends on the execution of processes in a sequence and on the timing of the programs? A. DLL injection B. Integer overflows C. Resource exhaustion D. Race conditions 52. Which of the following vulnerabilities arises within an organization network due to increased number of server connections without proper documentation or the understanding of their maintenance? A. Poor patch management B. Application flaws C. Zero-day vulnerabilities D. System sprawl Information Security Fundamentals 1. Identify the information security element that refers to the characteristic of communication, documents, or any data that ensures the quality of being genuine or uncorrupted. A. Confidentiality B. Availability C. Non-repudiation D. Authenticity 2. Identify the information security element that refers to the trustworthiness of resources in the prevention of improper and unauthorized changes and assures that the information is sufficiently accurate for its purpose. A. Availability B. Integrity C. Confidentiality D. Authenticity 3. Which of the following components of NIST Cybersecurity Framework (CSF) are used to determine how standards, practices, guidelines, functions, and their categories should be aligned with the business needs, risk tolerance, and resources? A. Core B. Implementation guidelines C. Tiers D. Profiles 4. Which of the following components of NIST Cybersecurity Framework (CSF) offers segment-wise approaches for enterprises to deal with cybersecurity risks? A. Profiles B. Tiers C. Core D. Implementation guidelines 5. Which of the following components of NIST Cybersecurity Framework (CSF) offers a set of operations or activities that include industry standards, practices, guidelines, operations, functions, and results that help in attaining the desired security outcomes? A. Tiers B. Core C. Implementation guidelines D. Profiles 6. Which of the following functions of NIST Cybersecurity Framework (CSF) allows controlling the impact of critical cybersecurity events and the subdivisions of this function include communications, mitigation, response planning, analysis, and improvements? A. Respond B. Identify C. Detect D. Protect 7. Identify the of NIST Cybersecurity Framework (CSF) function that deals with designing an enterprise understanding guidelines to handle cybersecurity risks including data, people, assets, systems, and other capabilities. A. Identify B. Respond C. Protect D. Recover 8. Identify the NIST Cybersecurity Framework (CSF) function that entails the design and implementation of suitable operations to discover unexpected cybersecurity events across a network. A. Detect B. Protect C. Respond D. Identify 9. Identify the NIST Cybersecurity Framework (CSF) function that has subdivisions including awareness training, information protection processes and procedures, identity management and access control, data security, maintenance, and protective technology. A. Identify B. Respond C. Detect D. Protect 10. David purchased a smartphone online using his debit card. After making the payment online, David did not receive any transaction text message to his mobile. During non-working hours of bank, David accessed his net banking account and viewed all the transactions and the current balance details. Identify the type of information security element that allowed David to view his bank details in the above scenario. A. Confidentiality B. Integrity C. Non-repudiation D. Availability 11. Lincy, a security professional, implemented stringent security policies in her organization to thwart evolving attacks that may cause data loss or disruption of services. For this purpose, she implemented digital certificates, biometrics, and smart card controls to verify employees entering into the organization’s premises. Which of the following information security elements has Lincy implemented in the above scenario? A. Confidentiality B. Integrity C. Authenticity D. Availability 12. Identify the security challenge faced by security professionals and organizations from the cyber-attackers who target to disrupt their networks and assets. A. Non-compliance to government laws and regulations B. Shortage of research visibility and training for IT employees C. Reduced cybersecurity risks such as data loss and unpatched vulnerabilities D. Strong links in supply-chain management Network Security Fundamentals 13. Which of the following IA principles permits only authorized users to access, use, or copy information? A. Integrity B. Authentication C. Non-repudiation D. Confidentiality 14. Which of the following information assurance principles protects data and does not allow modification, deletion, or corruption of data without proper authorization? A. Confidentiality B. Integrity C. Authentication D. Non-repudiation 15. Which of the following information assurance principles protects information systems that store sensitive data and allows end-users to access the data whenever they request from their devices? A. Confidentiality B. Non-repudiation C. Availability D. Integrity 16. Which of the following IA principles is a service that validates the integrity of a digital signature’s transmission, starting from where it originated to where it arrived and grants access to protected information by validating that the digital signature is from the intended party? A. Confidentiality B. Non-repudiation C. Availability D. Authentication 17. Which of the following is NOT a security challenge faced by security professionals during the maintenance of network security? A. Containing damage when a network or system is compromised B. Preventing internal attacks against the network C. Disabling intrusion detection and logging capabilities D. Protecting the network from attacks via the Internet 18. Identify the type of network defense approach, using which an organization can implement biometric techniques such as speech or facial recognition to block attackers from entering the premises. A. Proactive approach B. Preventive approach C. Reactive approach D. Retrospective approach 19. Which of the following network defense approaches addresses attacks and threats that the preventive approach may have failed to avert, such as DoS and DDoS attacks? A. Proactive approach B. Reactive approach C. Retrospective approach D. Preventive approach 20. Identify the network defense approach that consists of techniques used to inform decision making for countering future attacks and facilitates in the implementation of preemptive security actions and measures against potential incidents. A. Retrospective approach B. Reactive approach C. Proactive approach D. Preventive approach 21. Which of the following actions in an adaptive security strategy assists security professionals in identifying incidents, finding their root causes, and planning a possible course of actions for addressing them? A. Responding B. Prediction C. Protection D. Detection 22. Identify the security controls that discourage the violation of security policies and include access controls such as security guards and warning signs. A. Deterrence controls B. System access controls C. Prevention controls D. Detection controls 23. Which of the following techniques refers to the tracking and examining of the activities of network devices in a network and helps in identifying weaknesses in the network? A. Auditing B. Authorization C. Authentication D. Encryption 24. Identify the member of the network defense team who supervises the implementation of the computer and network security in an organization. A. Security architect B. Network technician C. Network security administrator D. Security analyst 25. Nicholas, an incident handling and response (IH&R) team member at an organization, was assigned with the responsibility to gather information on prevalent incidents and security issues, which can be later placed into the database of internal intelligence. Which of the following IH&R roles is Nicholas playing in the above scenario? A. Threat researcher B. Incident coordinator C. Forensic investigator D. Internal auditor 26. David, a new member, was recruited to work with the organization’s incident handling and response (IH&R) team. He was responsible for calculating the costs involved in an incident, such as damages or losses caused by the incident and costs incurred by IH&R. Identify the role played by David in the IH&R team. A. Information security officer (ISO) B. Public relations C. Human resource D. Financial auditor 27. Everett, a forensics team member familiar with all the applicable laws, participated in a crime investigation process. The role of Everett in the team was to assist the forensic investigators by providing legal advice on how to conduct the investigation and address the legal issues involved in various tasks. Which of the following roles did Everett play in the above scenario? A. Photographer B. Evidence examiner C. Evidence investigator D. Attorney 28. Identify the member of network defense team who manages the entire network in an organization, coordinates all systems and software, and helps in the smooth functioning of the organization’s network. A. Network administrator B. Security analyst C. Network security engineer D. Security architect 29. Which of the following roles in a network defense team manages the hardware and software components of an organization’s network and fixes issues related to these components? A. Network technician B. Security architect C. Network security administrator D. Network security engineer 30. Identify the member in the network defense team who maintains the privacy and integrity of the internal network in an organization and evaluates the efficiency of the security measures implemented in an organization. A. Network technician B. Network security engineer C. End user D. Security analyst 31. Which of the following departments serves as a primary media contact and informs media about an event and updates the organization’s website information? A. Financial auditor B. Internal auditor C. Public relations D. Human resource 32. Identify the member of IH&R team who ensures that an organization complies with the regulations, business standards, and laws of its regions of operation and regularly examines the policies and procedures followed by the organization to maintain information security. A. Financial auditor B. Internal auditor C. Human resource D. Public relations Access Control Principles, Terminologies, and Models 1. Given below are the different steps involved in the access control mechanism. 1) The system validates the user with the database on the basis of the provided credentials/identification such as a password, fingerprint, etc. 2) The system then allows the user to perform only those operations or access only those resources for which the user has been authorized. 3) Once the identification is successful, the system provides the user access to use the system. 4) A user provides their credentials/identification while logging into the system. Identify the correct sequence of steps involved in the access control mechanism. A. 4 -> 1 -> 3 -> 2 B. 1 -> 2 -> 3 -> 4 C. 4 -> 2 -> 3 -> 1 D. 3 -> 2 -> 4 -> 1 2. Identify the access control terminology that is an explicit resource on which an access restriction is imposed. A. Object B. Operation C. Subject D. Reference monitor 3. Which of the following access control elements verifies the restrictions imposed on objects based on certain access control rules? A. Operation B. Object C. Reference monitor D. Subject Identify the access control principle that ensures that no single individual has the authorization rights to perform all functions and simultaneously denies access of all the objects to a single individual. A. Discretionary access control B. Need-to-know principle C. Principle of highest privilege (POHP) D. Separation of duties (SoD) 4. Identify the access control principle that defines that access is provided only to the information that is required for performing a specific task. A. Authorization breakdown B. Separation of Duties (SoD) C. Need-to-know principle D. Discretionary access control 5. In which of the following access control models the access permissions are available based on the access policies determined by the system and are beyond the user control, which implies that users cannot amend the access policies created by the system? A. Discretionary access control (DAC) B. Mandatory access control (MAC) C. Role-based access control (RBAC) D. Rule-based access control (RB-RBAC) 6. Rebecca, a security professional, was instructed to limit employees’ access to critical resources. For this purpose, she implemented an access principle that provides permission to access only necessary resources that are required for their job tasks. The permissions can be extended later based on changes in their job roles. Identify the access principle implemented by Rebecca in the above scenario. A. Rule-based access control B. Principle of least privilege (POLP) C. Separation of duties (SoD) D. Need-to-know 7. Identify the access control model that determines the access control taken by any possessor of an object to decide the access control of a subject on that object. A. Rule-based access control (RB-RBAC) B. Discretionary access control C. Mandatory access control D. Role-based access control 8. Joy, a network administrator at an organization, implemented an access control model that is based on employee designations. The access control model selected by Joy assigns permissions to a user role dynamically based on a set of rules defined by him. Identify the access control model implemented by Joy in the above scenario. A. Mandatory access control (MAC) B. Role-based access control (RBAC) C. Discretionary access control (DAC) D. Rule-based access control (RB-RBAC) 9. James, a network administrator, was assigned a task to create a standard access control model for the organization's confidential data. He implemented an access control model that determines the usage and access policies for the users. After its implementation, only users with appropriate access rights can access the resource. Which of the following access control models James has implemented in the above scenario? A. Mandatory access control (MAC) B. Role-based access control (RBAC) C. Rule-based access control (RB-RBAC) D. Discretionary access control (DAC) Identity and Access Management (IAM) 10. Ryder, an employee at a software company, needs to log in every day before starting his work. The companyhas a separate HR portal for maintaining employee attendance details. Every day, Ryder accesses the portal, provides his credentials, and logs in before starting his work. Identify the authentication method demonstrated in the above scenario. A. Biometric authentication B. Two-factor authenticationC. Password authentication D. Smart card authentication John, a professional hacker, targets his opponent’s website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information. Which of the following types of attack did John perform in the above scenario? A. Insider attack B. Passive attack C. Active attack D. Close-in attack Identify the category of attacks in which an attacker tampers with hardware or software at the time of its manufacturing and attaches backdoor to the product, which can later allow backdoor access to the attacker. A. Social engineering attacks B. Passive attacks C. Close-in attacks D. Distribution attacks Asher, a malware programmer, intruded into a manufacturing plant that produces computer peripheral devices. Asher tampered with the software inside devices ready to be delivered to clients. The tampered program creates a backdoor that allows unauthorized access to the systems. Identify the type of attack performed by Asher in the above scenario to gain unauthorized access to the delivered systems. A. Phishing attack B. Replay attack C. Directory traversal attack D. Distribution attack Harper, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed that certain sensitive documents were thrown in the trash near an employee’s desk. She collected these documents, which included critical information that helped her to perform further attacks. Identify the type of attack performed by Harper in the above scenario. A. Passive B. Close-in attack C. Active attack D. Insider attack Williams, an employee, was using his personal laptop within the organization’s premises. He connected his laptop to the organization’s internal network and began eavesdropping on the communication between other devices connected to the internal network. He sniffed critical information such as login credentials and other confidential data passing through the network. Identify the type of attack performed by Williams in the above scenario. A. Distribution attack B. Insider attack C. SQL injection attack D. Phishing attack Given below are the different phases involved in EC-Council’s hacking methodology. 1. Maintaining access 2. Clearing tracks 3. Footprinting and reconnaissance 4. Gaining access 5. Scanning Identify the correct sequence of steps involved in EC-Council’s hacking methodology. A. 2 -> 1 -> 4 -> 3 -> 5 B. 3 -> 5 -> 4 -> 1 -> 2 C. 1 -> 2 -> 3 -> 4 -> 5 D. 1 -> 3 -> 4 -> 5 -> 2 In which of the following phases of hacking does an attacker uses spoofing technique to exploit the system and pretends to be a legitimate user to take control over the victim’s machine? A. Reconnaissance B. Clearing tracks C. Scanning D. Gaining access Jayden, a professional hacker, targeted a newly joined employee of an organization. He sent a malicious payload via a phishing email that insisted that the user reset his official account’s password on a priority basis and warned that his account would be blocked if the email were ignored. Identify the phase of cyber kill chain methodology Jayden has performed in the above scenario. A. Command and control B. Weaponization C. Exploitation D. Delivery Rogers, an administrator, has installed new software on an employee’s system and forgot to change the credentials provided by the software vendor. Robert, an attacker, on the other hand, browsed an online resource to obtain credentials provided by the software vendor and used those credentials to gain remote access to the employee’s system to steal valuable data. Identify the type of vulnerability demonstrated in the above scenario. A. Operating system vulnerabilities B. IP protocol vulnerabilities C. Default password and settings D. TCP protocol vulnerabilities A computer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests. What is the impact caused due to vulnerabilities in the above scenario? A. Denial of service B. Information disclosure C. Privilege escalation D. Remote code execution Identify the information security element that refers to the characteristic of communication, documents, or any data that ensures the quality of being genuine or uncorrupted. A. Authenticity B. Confidentiality C. Availability D. Non-repudiation Which of the following components of NIST Cybersecurity Framework (CSF) are used to determine how standards, practices, guidelines, functions, and their categories should be aligned with the business needs, risk tolerance, and resources? A. Implementation guidelines B. Profiles C. Tiers D. Core Which of the following components of NIST Cybersecurity Framework (CSF) offers segment- wise approaches for enterprises to deal with cybersecurity risks? A. Implementation guidelines B. Core C. Tiers D. Profiles Which of the following functions of NIST Cybersecurity Framework (CSF) allows controlling the impact of critical cybersecurity events and the subdivisions of this function include communications, mitigation, response planning, analysis, and improvements? A. Detect B. Respond C. Identify D. Protect Identify the of NIST Cybersecurity Framework (CSF) function that deals with designing an enterprise understanding guidelines to handle cybersecurity risks including data, people, assets, systems, and other capabilities. A. Protect B. Identify C. Recover D. Respond Which of the following IA principles permits only authorized users to access, use, or copy information? A. Authentication B. Non-repudiation C. Confidentiality D. Integrity Which of the following information assurance principles protects data and does not allow modification, deletion, or corruption of data without proper authorization? A. Confidentiality B. Authentication C. Integrity D. Non-repudiation Which of the following is NOT a security challenge faced by security professionals during the maintenance of network security? A. Containing damage when a network or system is compromised B. Preventing internal attacks against the network C. Protecting the network from attacks via the D. Disabling intrusion detection and logging capabilities Identify the type of network defense approach, using which an organization can implement biometric techniques such as speech or facial recognition to block attackers from entering the premises. A. Preventive approach B. Retrospective approach C. Reactive approach D. Proactive approach Jace, a professional hacker, was appointed by an agency to perform a cyberattack against the rival company’s servers with the intention of making the services unavailable to their customers. Jace performed a DoS attack on the servers but he could not make the services unavailable. Which of the following components of technical security controls protected the servers from the DoS attack? A. System access controls B. Network security devices C. Encryption and protocols D. Auditing Given below are the different steps involved in the access control mechanism. 1. The system validates the user with the database on the basis of the provided credentials/ identification such as a password, fingerprint, etc. 2. The system then allows the user to perform only those operations or access only those resources for which the user has been authorized. 3. Once the identification is successful, the system provides the user access to use the system. 4. A user provides their credentials/identification while logging into the system. Identify the correct sequence of steps involved in the access control mechanism. A. 1 -> 2 -> 3 -> 4 B. 3 -> 2 -> 4 -> 1 C. 4 -> 1 -> 3 -> 2 D. 4 -> 2 -> 3 -> 1 Which of the following access control elements verifies the restrictions imposed on objects based on certain access control rules? A. Reference monitor B. Subject C. Operation D. Object Identify the access control principle that ensures that no single individual has the authorization rights to perform all functions and simultaneously denies access of all the objects to a single individual. A. Principle of highest privilege (POHP) B. Separation of duties (SoD) C. Discretionary access control D. Need-to-know principle Identify the access control principle that defines that access is provided only to the information that is required for performing a specific task. A. Need-to-know principle B. Separation of Duties (SoD) C. Authorization breakdown D. Discretionary access control Rebecca, a security professional, was instructed to limit employees’ access to critical resources. For this purpose, she implemented an access principle that provides permission to access only necessary resources that are required for their job tasks. The permissions can be extended later based on changes in their job roles. Identify the access principle implemented by Rebecca in the above scenario. A. Principle of least privilege (POLP) B. Rule-based access control C. Separation of duties (SoD) D. Need-to-know Joy, a network administrator at an organization, implemented an access control model that is based on employee designations. The access control model selected by Joy assigns permissions to a user role dynamically based on a set of rules defined by him. Identify the access control model implemented by Joy in the above scenario. A. Mandatory access control (MAC) B. Rule-based access control (RB-RBAC) C. Role-based access control (RBAC) D. Discretionary access control (DAC) James, a network administrator, was assigned a task to create a standard access control model for the organization's confidential data. He implemented an access control model that determines the usage and access policies for the users. After its implementation, only users with appropriate access rights can access the resource. Which of the following access control models James has implemented in the above scenario? A. Mandatory access control (MAC) B. Role-based access control (RBAC) C. Rule-based access control (RB-RBAC) D. Discretionary access control (DAC) Ryder, an employee at a software company, needs to log in every day before starting his work. The company has a separate HR portal for maintaining employee attendance details. Every day, Ryder accesses the portal, provides his credentials, and logs in before starting his work. Identify the authentication method demonstrated in the above scenario. A. Biometric authentication B. Smart card authentication C. Password authentication D. Two-factor authentication Bryson has a savings account in XYZ bank with net banking facility. Whenever he tries to access his net banking account to check the balance, the application asks for his credentials and a secret code received on his registered mobile number. Identify the type of two-factor authentication demonstrated in the above scenario. A. Password and biometrics B. Password and smart card C. Smart card and biometrics D. Password and one-time password (OTP) In a military headquarters, the security is very high and no one can enter without proper authentication. For authentication verification, one should insert their ID card into the swiping machine and then perform a retina scan that compares the person with the database records. After successful verification, the person is allowed to enter the military headquarters. Which of the following types of two-factor authentication is demonstrated in the above scenario? A. Smart card and biometrics B. Password and one-time password (OTP) C. Password and biometrics D. Password and smart card 1. `grep`: To search for the word "example" in a file called "text.txt" and display matching lines: ``` grep "example" text.txt ``` 2. `sed`: To replace all occurrences of the word "old" with "new" in a file called "data.txt": ``` sed 's/old/new/g' data.txt ``` 3. `awk`: To print the second field of a space-separated file called "data.txt": ``` awk '{print $2}' data.txt ``` 4. `cut`: To extract the third column from a comma-separated file called "data.csv": ``` cut -d ',' -f 3 data.csv ``` 5. `sort`: To sort lines in a file called "names.txt" in alphabetical order: ``` sort names.txt ``` dir (or ls): The dir command (or ls in Linux) lists files and directories in the current working directory. cd: The cd command changes the current working directory to a specified directory. cat: The cat command displays the contents of a file in the terminal. Threats Sources 1. Bob, a college student, was curious about learning hacking concepts. With the mediocre knowledge, he used a free online tool to hack his college website. Bob was unable to compromise the website as it was protected using strong security controls. Which of the following categories of threats was demonstrated in the above scenario? A. Unintentional threats B. Structured external threats C. Natural threats D. Unstructured external threats 2. Which of the following types of threats originates from outside an organization’s network and exploits the vulnerabilities present in a local system or network? A. Unintentional threats B. Natural threats C. External threats D. Internal threats 3. Mateo, a professional hacker, was recruited by an agency to steal sensitive data from a rival company. From a remote location, he discovered vulnerabilities in the target company’s network using a vulnerability scanner. He exploited them to intrude into the network and steal confidential data. Identify the threat source exploited by Mateo in the above scenario. A. External threats B. Natural threats C. Internal threats D. Unintentional threats 4. Owen, a new employee at an organization, received a phishing mail from an unauthorized source on his official email ID. As Owen was not trained on email security, he opened the email and clicked on the malicious link within it, allowing the attacker to gain backdoor access to the office network. Identify the threat source in the above scenario. A. Structured external threats B. External threats C. Unintentional threats D. Natural threats 5. Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task. Which of the following threat was demonstrated in the above scenario? A. Unstructured external threats B. Natural threats C. Structured external threats D. Internal threats Threat Actors/Agents 6. Identify the threat actors who work both offensively and defensively at various times, which mean that they help hackers find various vulnerabilities, at the same time, help vendors improve products by checking their limitations. A. White hats B. Black hats C. Gray hats D. Suicide hackers 7. A government agency appointed Ethan, a professional hacker, to gather sensitive information from the military organization of its counterpart. Ethan intruded into the target organization’s database and retrieved their top secrets. Which of the following types of threat actors does Ethan belong to in the above scenario? A. Script kiddies B. State-sponsored hackers C. Black hats D. Cyber terrorists 8. Which of the following types of threat actors are known as unskilled hackers who try to compromise systems out of enthusiasm by running tools and software developed by professional hackers? A. Black hats B. Script kiddies C. Cyber terrorists D. State-sponsored hackers 9. Which of the following types of threat actors are referred to as individuals with a wide range of skills, who are motivated by religious or political beliefs to create fear by disrupting large-scale computer networks? A. Industrial spies B. Cyber terrorists C. Black hats D. State-sponsored hackers 10. Daniel, a professional hacker, was trying to intrude into an organization’s network. He identified a vulnerability in one of the third-party solutions utilized by the organization. Daniel leveraged this vulnerability to inject malicious payload and bypassed the security solutions. Identify the threat vectors utilized by Daniel in the above scenario. A. Supply chain B. Wireless C. Direct access D. Removable media Malware and its Types 11. Jackson accessed Amelia’s system in her absence to install a malicious Trojan program from his flash drive onto her system. The Trojan captured and sent all the keystrokes to the Jackson’s system instantly. In which of the following ways did Jackson install malware in Amelia’s system? A. Untrusted sites and freeware software B. Insecure patch management C. Portable hardware media D. Instant messenger applications 12. David, a professional hacker, has created an advertisement for an electronic product embedded with malicious program and published it on a trusted website. Whenever the visitors of that website click on the advertisement to view the product details, the malware automatically gets installed on their system. In which of the following ways did David install malware on the victims’ system? A. Spear-phishing sites B. Black hat search engine optimization C. Malvertising D. Drive-by downloads 13. Which of the following techniques is used for mimicking legitimate institutions, such as banks, to steal passwords, credit card and bank account data, and other sensitive information? A. Drive-by downloads B. Malvertising C. Black hat SEO D. Spear-phishing sites 14. Which of the following components of malware compresses the malware file to convert the code and data of the malware into an unreadable format? A. Payload B. Dropper C. Injector D. Packer 15. Identify the port number used by Doly Trojan to perform malicious activities on the infected systems. A. 1026 B. 1001 C. 1095 D. 1011 16. Which of the following types of Trojans physically changes the underlying HTML format, resulting in the modification of content and appearance of the website? A. Remote access Trojans B. Botnet Trojans C. IoT Trojans D. Defacement Trojans 17. Which of the following types of virus has the ability to rewrite and reprogram itself completely every time it infects a new executable file? A. Encryption virus B. Cluster virus C. Metamorphic virus D. Sparse infector virus 18. Which of the following types of virus remains permanently in the target machine’s memory during an entire work session, even after the target host’s program has completed its execution? A. Sparse infector virus B. Terminate and stay resident virus C. Encryption virus D. Metamorphic virus 19. Which of the following types of malware restricts access to the user’s system files and folders and then demands an online payment to the malware creator to remove the restrictions? A. Worms B. Keyloggers C. Virus D. Ransomware 20. Which of the following programs gets installed and configured in a system automatically to call a set of contacts at several locations without user’s consent, thereby incurring massive telephone bills for the user? A. Adware B. Torrent C. Dialers D. Cryptomining 21. Which of the following PUAs displays unsolicited messages offering free sales and pop-ups of online services when browsing websites? A. Dialers B. Cryptomining C. Adware D. Torrent 22. Williams, a professional hacker, was hired by a hacking group to perform a cyberattack on an organization. He employed a special type of UEFI rootkit to attack the target organization using which he injected malware into the system that automatically executes whenever the system starts. Identify the rootkit employed by Williams in the above scenario. A. GandCrab B. Dharma C. eCh0raix D. LoJax 23. Which of the following PUAs allows an attacker to force users to download unwanted programs that have features of peer-to-peer file sharing? A. Adware B. Marketing C. Cryptomining D. Torrent 24. Cooper, a malware programmer, has developed a potentially unwanted application (PUA) to infect the systems. This application pops-up when a user is browsing the infected website and issues bogus reminders regarding outdated software and lures the user to click on it for further activities. Which of the following types of PUA has Cooper developed in the above scenario? A. Torrent B. Cryptomining C. Dialers D. Adware 25. Joseph, a malicious insider in an organization, decided to spy on one of the associated systems. To achieve this, he employed a software program that records what the user is typing on the target system and transmits that data to Joseph. Identify the type of program employed by Joseph in the above scenario. A. Keylogger B. Botnet C. Ransomware D. Worm 26. Which of the following programs conceals the malicious code of malware via various techniques, thus making it difficult for security mechanisms to detect or remove it? A. Injector B. Downloader C. Obfuscator D. Dropper 27. Identify the type of viruses that are programmed to rewrite themselves completely each time they infect a new executable file. A. Cavity virus B. Metamorphic virus C. Companion virus D. Shell virus 28. Which of the following fileless malware propagation techniques involves exploiting preinstalled Windows tools such as PowerShell and Windows Management Instrumentation (WMI) to install and run malicious code? A. Registry manipulation B. Malicious websites C. Native applications D. Phishing emails 29. Identify the malware component that contains a code or a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device to breach the system security. A. Crypter B. Downloader C. Dropper D. Exploit 30. Which of the following Trojans uses port number 1807 to inject malicious payload to other systems? A. Emotet B. Shamoon C. WannaCry D. SpySender 31. Which of the following malware targets payment equipment such as credit card/debit card readers and grab sensitive information regarding credit card number, holder name, and CVV number? A. Backdoor Trojans B. Service protocol Trojans C. Defacement Trojans D. Point-of-sale Trojans 32. Which of the following types of viruses saves the virus code to the hard drive and overwrites the pointer in the directory entry, directing the disk read point to the virus code instead of the actual program? A. Macro virus B. File virus C. Multipartite virus D. Cluster virus 33. Identify the type of virus that stores itself with the same filename as the target program file, infects the computer upon executing the file, and modifies the hard disk data. A. Shell virus B. Camouflage virus C. FAT virus D. Overwriting file virus 34. Which of the following types of viruses is triggered by a response to an event, such as the launching of an application or when a specific date or time is reached? A. File virus B. Logic bomb virus C. Macro virus D. Cluster virus 35. Identify the type of virus that appends its code to the host code without making any changes to the latter or relocate the host code to insert its code at the beginning. A. Intrusive virus B. Transient virus C. Add-on virus D. Terminate and stay resident virus 36. Which of the following types of viruses is used to transfer all controls of the host code to where it resides in the memory and selects the target program to be modified and corrupts it? A. Transient virus B. Intrusive virus C. Logic bomb virus D. Add-on virus 37. Identify the standalone malicious program that replicates, executes, and spreads across network connections independently without human intervention by causing the network servers and individual computer systems to become overloaded and stop responding. A. Ransomware B. Worm C. Potentially unwanted application D. Rootkit 38. Which of the following malware is a trojanized rootkit that masquerades as cracked software or a legitimate application, such as anti-malware, a video player, or an eBook reader, to infect systems and perform data exfiltration? A. Power spy B. μTorrent C. Scranos D. Dharma 39. Michelle, a professional hacker, targeted an organization and wanted to perform a sophisticated attack that can damage the systems and maintain persistence even after OS reinstallation. For this purpose, he employed a UEFI rootkit that can inject malware into the system and gets executed automatically whenever the system starts up. Identify the type of malware employed by Michelle in the above scenario. A. Power spy B. Dharma C. μTorrent D. LoJax 40. Which of the following PUAs makes use of the victims’ personal assets and financial data on the system and performs extraction of bitcoins from victims account? A. Marketing B. Cryptomining C. Torrent D. Adware 41. Identify the type of PUA that compels the victim into unintentionally downloading large files and unwanted programs that have features of peer-to-peer file sharing. A. Marketing B. Adware C. Torrent D. Cryptomining 42. Noah, a professional hacker, decided to generate revenue by targeting corporate networks through click-fraud attacks. For this purpose, he uses fileless malware that exploits NodeJS to bypass UAC through CMSTP.exe and steals critical information from the victim through URLs. Identify the type of malware utilized by Noah in the above scenario. A. LoJax B. Divergent C. Dharma D. Scranos Vulnerabilities 43. Which of the following types of vulnerabilities falls under security policy vulnerabilities? A. TCP/IP protocol vulnerabilities B. User account vulnerabilities C. Internet service misconfiguration D. Lack of continuity 44. Rogers, an administrator, has installed new software on an employee’s system and forgot to change the credentials provided by the software vendor. Robert, an attacker, on the other hand, browsed an online resource to obtain credentials provided by the software vendor and used those credentials to gain remote access to the employee’s system to steal valuable data. Identify the type of vulnerability demonstrated in the above scenario. A. Default password and settings B. IP protocol vulnerabilities C. TCP protocol vulnerabilities D. Operating system vulnerabilities 45. A computer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests. What is the impact caused due to vulnerabilities in the above scenario? A. Privilege escalation B. Denial of service C. Information disclosure D. Remote code execution 46. Identify the vulnerability caused due to human errors that allow attackers to gain unauthorized access to a system. A. Firewall and network security applications B. Buffer overflows C. Network operations and management D. Database software 47. Identify the vulnerabilities in the IoT system that can result in severe threats to organizations. A. Errors in programming B. Ecosystem access control C. Database software D. Buffer overflows Types of Vulnerabilities 48. Identify the type of vulnerabilities exploited by an attacker before they are identified and patched by the developers. A. Operating system flaws B. Zero-day vulnerabilities C. Legacy platform vulnerabilities D. Default passwords 49. Aiden, a professional hacker, targeted an organization to steal customer and employee data. He exploited a vulnerability present in the vendor management and targeted the vendor products that have privileged access to the systems and applications. Which of the following types of vulnerabilities were exploited by Aiden in the above scenario? A. Operating system flaws B. Default passwords C. Zero-day vulnerabilities D. Third-party risks 50. Identify the type of software vulnerability that occurs due to coding errors and allows the attackers to gain access to the target system. A. Open ports and services B. Buffer overflows C. Operating system flaws D. Legacy platform vulnerabilities 51. Which of the following vulnerabilities is an undesirable incident that occurs when a software or system program depends on the execution of processes in a sequence and on the timing of the programs? A. DLL injection B. Integer overflows C. Resource exhaustion D. Race conditions 52. Which of the following vulnerabilities arises within an organization network due to increased number of server connections without proper documentation or the understanding of their maintenance? A. Poor patch management B. Application flaws C. Zero-day vulnerabilities D. System sprawl Information Security Fundamentals 1. Identify the information security element that refers to the characteristic of communication, documents, or any data that ensures the quality of being genuine or uncorrupted. A. Confidentiality B. Availability C. Non-repudiation D. Authenticity 2. Identify the information security element that refers to the trustworthiness of resources in the prevention of improper and unauthorized changes and assures that the information is sufficiently accurate for its purpose. A. Availability B. Integrity C. Confidentiality D. Authenticity 3. Which of the following components of NIST Cybersecurity Framework (CSF) are used to determine how standards, practices, guidelines, functions, and their categories should be aligned with the business needs, risk tolerance, and resources? A. Core B. Implementation guidelines C. Tiers D. Profiles 4. Which of the following components of NIST Cybersecurity Framework (CSF) offers segment-wise approaches for enterprises to deal with cybersecurity risks? A. Profiles B. Tiers C. Core D. Implementation guidelines 5. Which of the following components of NIST Cybersecurity Framework (CSF) offers a set of operations or activities that include industry standards, practices, guidelines, operations, functions, and results that help in attaining the desired security outcomes? A. Tiers B. Core C. Implementation guidelines D. Profiles 6. Which of the following functions of NIST Cybersecurity Framework (CSF) allows controlling the impact of critical cybersecurity events and the subdivisions of this function include communications, mitigation, response planning, analysis, and improvements? A. Respond B. Identify C. Detect D. Protect 7. Identify the of NIST Cybersecurity Framework (CSF) function that deals with designing an enterprise understanding guidelines to handle cybersecurity risks including data, people, assets, systems, and other capabilities. A. Identify B. Respond C. Protect D. Recover 8. Identify the NIST Cybersecurity Framework (CSF) function that entails the design and implementation of suitable operations to discover unexpected cybersecurity events across a network. A. Detect B. Protect C. Respond D. Identify 9. Identify the NIST Cybersecurity Framework (CSF) function that has subdivisions including awareness training, information protection processes and procedures, identity management and access control, data security, maintenance, and protective technology. A. Identify B. Respond C. Detect D. Protect 10. David purchased a smartphone online using his debit card. After making the payment online, David did not receive any transaction text message to his mobile. During non-working hours of bank, David accessed his net banking account and viewed all the transactions and the current balance details. Identify the type of information security element that allowed David to view his bank details in the above scenario. A. Confidentiality B. Integrity C. Non-repudiation D. Availability 11. Lincy, a security professional, implemented stringent security policies in her organization to thwart evolving attacks that may cause data loss or disruption of services. For this purpose, she implemented digital certificates, biometrics, and smart card controls to verify employees entering into the organization’s premises. Which of the following information security elements has Lincy implemented in the above scenario? A. Confidentiality B. Integrity C. Authenticity D. Availability 12. Identify the security challenge faced by security professionals and organizations from the cyber-attackers who target to disrupt their networks and assets. A. Non-compliance to government laws and regulations B. Shortage of research visibility and training for IT employees C. Reduced cybersecurity risks such as data loss and unpatched vulnerabilities D. Strong links in supply-chain management Network Security Fundamentals 13. Which of the following IA principles permits only authorized users to access, use, or copy information? A. Integrity B. Authentication C. Non-repudiation D. Confidentiality 14. Which of the following information assurance principles protects data and does not allow modification, deletion, or corruption of data without proper authorization? A. Confidentiality B. Integrity C. Authentication D. Non-repudiation 15. Which of the following information assurance principles protects information systems that store sensitive data and allows end-users to access the data whenever they request from their devices? A. Confidentiality B. Non-repudiation C. Availability D. Integrity 16. Which of the following IA principles is a service that validates the integrity of a digital signature’s transmission, starting from where it originated to where it arrived and grants access to protected information by validating that the digital signature is from the intended party? A. Confidentiality B. Non-repudiation C. Availability D. Authentication 17. Which of the following is NOT a security challenge faced by security professionals during the maintenance of network security? A. Containing damage when a network or system is compromised B. Preventing internal attacks against the network C. Disabling intrusion detection and logging capabilities D. Protecting the network from attacks via the Internet 18. Identify the type of network defense approach, using which an organization can implement biometric techniques such as speech or facial recognition to block attackers from entering the premises. A. Proactive approach B. Preventive approach C. Reactive approach D. Retrospective approach 19. Which of the following network defense approaches addresses attacks and threats that the preventive approach may have failed to avert, such as DoS and DDoS attacks? A. Proactive approach B. Reactive approach C. Retrospective approach D. Preventive approach 20. Identify the network defense approach that consists of techniques used to inform decision making for countering future attacks and facilitates in the implementation of preemptive security actions and measures against potential incidents. A. Retrospective approach B. Reactive approach C. Proactive approach D. Preventive approach 21. Which of the following actions in an adaptive security strategy assists security professionals in identifying incidents, finding their root causes, and planning a possible course of actions for addressing them? A. Responding B. Prediction C. Protection D. Detection 22. Identify the security controls that discourage the violation of security policies and include access controls such as security guards and warning signs. A. Deterrence controls B. System access controls C. Prevention controls D. Detection controls 23. Which of the following techniques refers to the tracking and examining of the activities of network devices in a network and helps in identifying weaknesses in the network? A. Auditing B. Authorization C. Authentication D. Encryption 24. Identify the member of the network defense team who supervises the implementation of the computer and network security in an organization. A. Security architect B. Network technician C. Network security administrator D. Security analyst 25. Nicholas, an incident handling and response (IH&R)