Professional Documents
Culture Documents
1. Which of the following terms refers to the existence of a weakness, design flaw, or implementation error that
can lead to an unexpected event compromising the security of the system?
A. Zero-Day Attack B. Hacking
C. Exploit D. Vulnerability
2. Which of the following terms refers to gaining access to one network and/or computer and then using the
same to gain access to multiple networks and computers that contain desirable information?
A. Daisy Chaining
B. Kill Chain
C. Social Engineering
D. Doxing
Explanation:
Doxing: Doxing refers to gathering and publishing personally identifiable information such as an individual’s
name and email address, or other sensitive information pertaining to an entire organization. People with
malicious intent collect this information from publicly accessible channels such as the databases, social
media and the Internet.
Daisy Chaining: It involves gaining access to one network and/or computer and then using the same
information to gain access to multiple networks and computers that contain desirable information.
Social Engineering: Social engineering is an art of manipulating people to divulge sensitive information to
perform some malicious action.
Kill Chain: The cyber kill chain is an efficient and effective way of illustrating how an adversary can attack
the target organization. It is a part of intelligence-driven defense model for identification and prevention of
malicious intrusion activities.
3. Ransomware encrypts the files and locks systems, thereby leaving the system in an unusable state. The
compromised user has to pay ransom to the attacker to unlock the system and get the files decrypted. Petya
delivers malicious code can that even destroy the data with no scope of recovery. What is this malicious code
called?
A. Payload B. Honeypot
C. Bot D. Vulnerability
5. Which fundamental element of information security refers to an assurance that the information is accessible
only to those authorized to have access?
A. Integrity B. Authenticity
C. Availability D. Confidentiality
6. Arturo is the leader of information security professionals of a small financial corporation that has a few branch
offices in Africa. The company suffered an attack of USD 10 million through an interbanking system. The CSIRT
explained to Arturo that the incident occurred because 6 months ago the hackers came in from the outside
through a small vulnerability, then they did a lateral movement to the computer of a person with privileges in
the interbanking system. Finally, the hackers got access and did the fraudulent transactions.
What is the most accurate name for the kind of attack in this scenario?
8. Highlander, is a medical insurance company with several regional company offices in North America.
Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-
malware/virus software, and an insurance application developed by a contractor. All the software updates and
patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down
the desktop computers, including the use of Applocker to restrict the installation of any third-party applications.
There are one hundred employees who work from their home offices. Employees who work from home use their
own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which
is synchronized with the corporate internal domain service. The computers are updated and patched through the
cloud-based domain service. Applocker is not used to restrict the installation of third-party applications.
The database that hosts the information collected from the insurance application is hosted on a cloud-based file
server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-
based file server, and the company uses work folders to synchronize offline copies back to their devices.
Based on the knowledge of the network topology and trends in network security, what would be the primary
target of a hacker trying to compromise Highlander?
9. James has published personal information about all senior executives of Essential Securities Bank on his blog
website. He has collected all this information from multiple social media websites and publicly accessible
databases. What is this known as?
A. Doxing B. Phishing
C. Impersonation D. Social Engineering
Doxing: This refers to gathering and publishing personally identifiable information such as an individual’s
name and e-mail address, or other sensitive information regarding the entire organization.
Social engineering: This is the art of convincing people to reveal sensitive information.
Phishing: This is the technique in which an attacker sends an e-mail or provides a link, falsely claiming to be
from a legitimate website in an attempt to acquire a user’s personal or account information.
Daisy chaining: It involves gaining access to one network and/or computer and then using the same
information to gain access to multiple networks and computers that contain desirable information.
10. Highlander, Incorporated, is a medical insurance company with several regional company offices in North
America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-
malware/virus software, and an insurance application developed by a contractor. All the software updates and
patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock down the
desktop computers, including the use of Applocker to restrict the installation of any third-party applications.
There are one hundred employees who work from their home offices. Employees who work from home use their
own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which is
synchronized with the corporate internal domain service. The computers are updated and patched through the
cloud-based domain service. Applocker is not used to restrict the installation of third-party applications.
The laptops utilize direct access to automatically connect their machines to the Highlander, Incorporated, network
when they are not in the regional offices. The laptops are set up to use IPsec when communicating with the cloud-
based file server. The protocol that they have chosen is Authentication Header (AH).
The database that hosts the information collected from the insurance application is hosted on a cloud-based file
server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based
file server, and the company uses work folders to synchronize offline copies back to their devices.
Based on the knowledge of the network topology, which of the main elements of information security has
Highlander, Incorporated, NOT addressed in its plans for its laptops?
A. Authenticity B. Confidentiality
C. Availability D. Integrity
Explanation:
Highlander, Incorporated, has not addressed confidentiality.
They have chosen to use Authentication Header, which will digitally sign the packets. That will allow the company
to guarantee integrity, authenticity, and non-repudiation. The use of work folders will allow employees to gain
access to data, even when the network connection fails. Direct access is used when connecting to the Highlander,
Incorporated, hosted network, not the cloud-based file servers.
11. A newly discovered flaw in a software application would be considered as which kind of security
vulnerability?
A. Zero-day vulnerability
B. Time-to-check to time-to-use flaw
C. HTTP header injection vulnerability
D. Input validation flaw
Explanation:
A zero-day vulnerability is a flaw that leaves software, hardware, or firmware defenseless against an attack that
occurs the very same day the vulnerability is discovered.
12. An e-commerce site was put into a live environment and the programmers failed to remove the secret entry
point (bits of code embedded in programs) that was used during the application development to quickly gain
access at a later time, often during the testing or debugging phase.
A. Honey pot
B. SQL injection
C. SDLC process
D. Trap door
13. Which of the following attack vectors is a network attack in which an unauthorized person gains access to a
network and stays there undetected for a long period of time? The intention of this attack is to steal data rather
than to cause damage to the network or organization.
15. Ron, a customer support intern, exploited default configurations and settings of the off-the-shelf libraries and
code used in the company’s CRM platform. How will you categorize this attack?
Explanation:
Many approaches exist for an attacker to gain access to the system. One common requirement for all such
approaches is that the attacker finds and exploits a system’s weakness or vulnerability.
Operating System Attacks: Attackers search for vulnerabilities in an operating system’s design, installation
or configuration and exploit them to gain access to a system.
Misconfiguration attack: Security misconfiguration or poorly configured security controls might allow
attackers to gain unauthorized access to the system, compromise files, or perform other unintended
actions. Misconfiguration vulnerabilities affect web servers, application platforms, databases, networks, or
frameworks that may result in illegal access or possible system takeover.
Application-level attack: Attackers exploit the vulnerabilities in applications running on organizations’
information system to gain unauthorized access and steal or manipulate data.
Shrink-wrap code attack: Software developers often use free libraries and code licensed from other
sources in their programs to reduce development time and cost. This means that large portions of many
pieces of software will be the same, and if an attacker discovers vulnerabilities in that code, many pieces of
software are at risk. Attackers exploit default configuration and settings of the off-the-shelf libraries and
code. The problem is that software developers leave the libraries and code unchanged.
16. Which of the following malware types restricts access to the computer system’s files and folders, and
demands a payment to the malware creator(s) in order to remove the restrictions?
A. Ransomeware B. Adware
C. Spyware D. Trojan Horse
17. Highlander, Incorporated, is a medical insurance company with several regional company offices in North
America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-
malware/virus software, and an insurance application developed by a contractor. All of the software updates
and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock
down the desktop computers, including the use of Applocker to restrict the installation of any third-party
applications.
There are one hundred employees who work from their home offices. Employees who work from home use their
own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which
is synchronized with the corporate internal domain service. The computers are updated and patched through the
cloud-based domain service. Applocker is not used to restrict the installation of third-party applications.
The database that hosts the information collected from the insurance application is hosted on a cloud-based file
server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-
based file server, and the company uses work folders to synchronize offline copies back to their devices.
A competitor learns that employees use their own personal smartphones to communicate with other employees
of Highlander, Incorporated.
Which information security attack vector should the competitor use to gather information over a long period of
time from the phones, without the victim being aware that he or she has been compromised?
Explanation:
The competitor should utilize advanced persistent threats. It is an attack that will focus on stealing information
without the user being aware of it.
Viruses and worms normally affect the productivity of the machine and will be detected by anti-malware/virus
programs or the end user when the computer does not respond as expected. Mobile threats do target mobile
devices, but they vary and do not guarantee avoiding detection. A botnet is a network of devices used to perform
network attacks.
18. Which of the following techniques is used to distribute malicious links via some communication channel such
as mails to obtain private information from the victims?
A. Phishing B. Piggybacking
C. Dumpster diving D. Vishing
19. Which of the following category of information warfare is a sensor-based technology that directly corrupts
technological systems?
A. Electronic warfare
B. Intelligence-based warfare
C. Command and control warfare (C2 warfare)
D. Economic warfare
Explanation:
Electronic warfare: Electronic warfare uses radio electronic and cryptographic techniques to degrade
communication. Radio electronic techniques attack the physical means of sending information, whereas
cryptographic techniques use bits and bytes to disrupt the means of sending information.
Intelligence-based warfare: Intelligence-based warfare is a sensor-based technology that directly corrupts
technological systems. Intelligence-based warfare is a warfare that consists of the design, protection, and
denial of systems that seek sufficient knowledge to dominate the battlespace.
Command and control warfare (C2 warfare): In the computer security industry, C2 warfare refers to the
impact an attacker possesses over a compromised system or network that they control.
Economic warfare: Economic information warfare can affect the economy of a business or nation by
blocking the flow of information. This could be especially devastating to organizations that do a lot of
business in the digital world.
20. Which of the following can be categorized as a host-based threat?
A. Privilege escalation B. Man-in-the-Middle attack
C. IDS bypass D. Distributed Denial-of Service
Explanation:
There are three types of information security threats: Network Threats, Host Threats, and Application Threats.
Network Threats: A network is the collection of computers and other hardware connected by
communication channels to share resources and information. As the information travels from one system
to the other through the communication channel, a malicious person might break into the communication
channel and steal the information traveling over the network.
Listed below are some of the network threats:
Information gathering Session hijacking
Sniffing and eavesdropping Man-in-the-Middle attack
Spoofing
Host Threats: Host threats target a particular system on which valuable information resides. Attackers try
to breach the security of the information system resource.
Listed below are some of the host threats:
Malware attacks Unauthorized access
Footprinting Privilege escalation
Denial-of-Service attacks Backdoor attacks
Arbitrary code execution
Application Threats: Applications can be vulnerable if proper security measures are not taken while
developing, deploying, and maintaining them. Attackers exploit the vulnerabilities present in an application
to steal or destroy data.
Listed below are some of the application threats:
Improper data/input validation Information disclosure
Authentication and authorization Hidden-field manipulation
attacks Broken session management
Security misconfiguration Buffer overflow issues
Improper error handling and
exception management
21. Yancey is a network security administrator for a large electric company. This company provides power for over
100,000 people in Las Vegas. Yancey has worked for his company for more than 15 years and has become very
successful. One day, Yancey comes into work and finds out that the company will be downsizing and he will be out
of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all
over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for
30 or more years; he just wants the company to pay for what they are doing to him.
What would Yancey be considered?
Explanation:
Black hats are individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also
known as crackers.
Individuals professing to have hacker skills and using them for defensive purposes and are security analysts are known as
white hats.
Hacktivists are individuals who promote a political agenda by hacking, especially by defacing or disabling websites.
Suicide hackers are individuals who aim to bring down the critical infrastructure for a “cause” and are not worried about
facing jail terms or any other kind of punishment.
22. What is the objective of a reconnaissance phase in a hacking life-cycle?
23. What is the correct order of steps in the system hacking cycle?
A. Gaining Access -> Escalating Privileges -> Executing Applications -> Hiding Files -> Covering Tracks
B. Escalating Privileges -> Gaining Access -> Executing Applications -> Covering Tracks -> Hiding Files
C. Covering Tracks -> Hiding Files -> Escalating -> Privileges -> Executing Applications -> Gaining Access
D. Executing Applications -> Gaining Access -> Covering Tracks -> Escalating Privileges -> Hiding Files
Explanation:
In a system hacking cycle, the attacker should first attempt to exploit and gain access to the target system. Then
he has to escalate his privileges to access the root directory of the target system. Once the attacker achieves
the elevated privileges, he can perform any malicious activity like executing malicious applications on the target
system and data theft. Next, the malicious applications have to be hidden somewhere in the target machine so
that the legitimate user is not able to identify and delete them. After completing all these stages, now the
attacker has to cover his tracks to avoid detection.
24. Which of the following terms refers to unskilled hackers who compromise systems by running scripts, tools,
and software developed by real hackers? They usually focus on the quantity of attacks rather than the quality of
the attacks that they initiate.
Explanation:
Hacktivist: Hacktivists are individuals who promote a political agenda by hacking, especially by defacing or disabling
websites.
Script Kiddies: Script kiddies are unskilled hackers who compromise systems by running scripts, tools, and software
developed by real hackers. They usually focus on the quantity of attacks rather than the quality of the attacks that they
initiate.
Gray Hats: Gray hats are the individuals who work both offensively and defensively at various times. Gray hats fall
between white and black hats. Gray hats might help hackers in finding various vulnerabilities of a system or network and
at the same time help vendors to improve products (software or hardware) by checking limitations and making them more
secure.
Suicide Hackers: Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not
worried about facing jail terms or any other kind of punishment. Suicide hackers are similar to suicide bombers, who
sacrifice their life for an attack and are thus not concerned with the consequences of their actions.
A. Scanning a system by using tools to detect open ports B. Performing dumpster diving
C. Collecting information about a target from search engines D. Collecting contact information from yellow
pages
26. Anonymous, a known hacker group, claim to have taken down 20,000 Twitter accounts linked to Islamic State
in response to the Paris attacks that left 130 people dead. How can you categorize this attack by Anonymous?
Explanation:
Hacktivism is when hackers break into government or corporate computer systems as an act of protest. In
the above scenario, the hacker group breaks into the Islamic State corporate computer system in response
to the Paris attack. Hence, Hacktivism is the correct option.
27. Highlander, Incorporated, is a medical insurance company with several regional company offices in North
America. Employees, when in the office, utilize desktop computers that have Windows 10, Microsoft Office, anti-
malware/virus software, and an insurance application developed by a contractor. All of the software updates
and patches are managed by the IT department of Highlander, Incorporated. Group policies are used to lock
down the desktop computers, including the use of Applocker to restrict the installation of any third-party
applications.
There are one hundred employees who work from their home offices. Employees who work from home use their
own computers, laptops, and personal smartphones. They authenticate to a cloud-based domain service, which
is synchronized with the corporate internal domain service. The computers are updated and patched through the
cloud-based domain service. Applocker is not used to restrict the installation of third-party applications.
The database that hosts the information collected from the insurance application is hosted on a cloud-based file
server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-
based file server and the company uses work folders to synchronize offline copies back to their devices.
A competitor has finished the reconnaissance and scanning phases of their attack. They are going to try to gain
access to the Highlander, Incorporated, laptops. Which would be the most likely level to gain access?
A. Network Level
B. Operating System
C. Hardware Level
D. Application Level
28. Individuals who promote security awareness or a political agenda by performing hacking are known as:
A. Suicide hackers
B. Script kiddies
C. Hacktivist
D. Cyber terrorists
Explanation:
Hacktivists: Hackers who break into government or corporate computers as an act of protest or to increase
awareness.
Cyber terrorists: Individuals motivated by religious or political beliefs to create fear of large-scale
disruption.
Script kiddies: Unskilled hackers who compromise systems by running scripts, tools, and software
developed by other hackers.
Suicide hackers: Hackers who aim to bring down critical infrastructure and do not worry about being
caught and facing jail terms or any other kind of punishments.
29. In which of the following hacking phases does an attacker try to detect listening ports to find information
about the nature of services running on the target machine?
A. Maintaining access
B. Scanning
C. Gaining access
D. Clearing Tracks
30. In which of the following hacking phases does an attacker use steganography and tunneling techniques to
hide communication with the target for continuing access to the victim’s system and remain unnoticed and
uncaught?
31. What information should an IT system analysis provide to the risk assessor?
A. Management B. Validation
C. Documentation D. Implementation
Explanation:
Documentation is the process of recording information on paper, online, or on digital or analog media and
using it later as a reference. Implementation is the process of executing a plan. Management deals with
organizing, planning, and controlling the resources of a firm. Security assessments are conducted to
validate the resources and trace out the vulnerabilities.
33. Which of the following is one of the four critical components of an effective risk assessment?
Explanation:
There are four critical components of an effective risk assessment: technical safeguards, organizational safeguards,
physical safeguards, and administrative safeguards
34. When utilizing technical assessment methods to assess the security posture of a network, which of the
following techniques would be most effective in determining whether end-user security training would be
beneficial?
A. Paradigm B. Procedure
C. Process D. Policy
36. Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
A. Registration of critical penetration testing for the Department of Homeland Security and public and private
sectors.
B. Measurement of key vulnerability assessments on behalf of the Department of Defense (DoD) and State
Department, as well as private sectors.
C. 24x7 CSIRT Services to any user, company, government agency, or organization.
D. Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions
old Internet infrastructure.
37. Which of the following examples best represents a logical or technical control?
38. International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by
outlining
39. Which of the following processes evaluates the adherence of an organization to its stated security policy?
Explanation:
A security analyst performs security auditing on the network to determine if there are any deviations from the
security policies of an organization.
40. What is the name of the international standard that establishes a baseline level of confidence in the security
functionality of IT products by providing a set of requirements for evaluation?
Explanation:
Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information
security products, specifically to ensure that they meet an agreed-upon security standard for government
deployment.
41. Highlander, Incorporated, is a medical insurance company with several regional company offices in North
America. There are various types of employees working in the company, including technical teams, sales teams,
and work-from-home employees. Highlander takes care of the security patches and updates of official computers
and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the
employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party
applications.
As per Highlander’s policy, all the employees are able to utilize their personal smartphones to access the company
email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date
with the latest patches. The phones are not used to directly connect to any other resources in the Highlander,
Incorporated, network. The database that hosts the information collected from the insurance application is hosted
on a cloud-based file server, and their email server is hosted on Office 365. Other files created by employees get
saved to a cloud-based file server, and the company uses work folders to synchronize offline copies back to their
devices.
Highlander, Incorporated, is concerned about their defense in depth. The scope of their concern is especially the
users with mobile phones.
In order to provide appropriate security, which layer of defense in depth should they focus the most attention
on?
42. Which of the following guidelines or standards governs the credit card industry?
43. Highlander, Incorporated, is a medical insurance company with several regional company offices in North
America. There are various types of employees working in the company, including technical teams, sales teams,
and work-from-home employees. Highlander takes care of the security patches and updates of official computers
and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the
employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party
applications.
As per Highlander’s policy, all the employees are able to utilize their personal smartphones to access the company
email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date
with the latest patches. The phones are not used to directly connect to any other resources in the Highlander,
Incorporated, network.
The database that hosts the information collected from the insurance application is hosted on a cloud-based file
server, and their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based
file server, and the company uses work folders to synchronize offline copies back to their devices. Apart from
Highlander employees, no one can access the cloud service.
What type of cloud service is Highlander using?
44. Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There
are various types of employees working in the company, including technical teams, sales teams, and work-from-home
employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the
computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander
employs various group policies to restrict the installation of any third-party applications.
As per Highlander’s policy, all the employees are able to utilize their personal smartphones to access the company email in
order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest
patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network.
The database that hosts the information collected from the insurance application is hosted on a cloud-based file server, and
their email server is hosted on Office 365. Other files created by employees get saved to a cloud-based file server, and the
company uses work folders to synchronize offline copies back to their devices.
Management at Highlander, Incorporated, has agreed to develop an incident management process after
discovering laptops were compromised and the situation was not handled in an appropriate manner.
What is the first phase that Highlander, Incorporated, needs to implement within their incident management
process?
45. You are the security administrator of Xtrinity, Inc. You write security policies and conduct assessments to
protect the company’s network. During one of your periodic checks to see how well policy is being followed by
the employees, you discover that an employee has attached his laptop to his personal 4G Wi-Fi device. He has
used this 4G connection to download certain files from the Internet, thereby bypassing your firewall. A security
policy breach has occurred as a direct result of this activity. The employee explains that he used the modem
because he had to download software for a department project. How would you resolve this situation?
A. Install a network-based IDS. B. Enforce the corporate security policy.
C. Reconfigure the firewall. D. Conduct a needs analysis.
46. Which method can provide a better return on IT security investment and provide a thorough and
comprehensive assessment of organizational security covering policy, procedure design, and implementation?
47. When creating a security program, which approach would be used if senior management is supporting and
enforcing the security policy?
Explanation:
A top-down approach means that the senior level executives have endorsed the security policy. In a top-down
approach initiation, support, and direction come from the top management, work through the middle
management, and then reach staff members.
48. Highlander, Incorporated, is a medical insurance company with several regional company offices in North
America. There are various types of employees working in the company, including technical teams, sales teams,
and work-from-home employees. Highlander takes care of the security patches and updates of official computers
and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the
employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party
applications.
As per Highlander’s policy, all the employees are able to utilize their personal smartphones to access the company
email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date
with the latest patches. The phones are not used to directly connect to any other resources in the Highlander,
Incorporated, network. The company is concerned about the potential vulnerabilities that could exist on their
devices.
What would be the best type of vulnerability assessment for the employees’ smartphones?
Explanation:
Host-based assessment looks at the vulnerabilities of the devices.
Active assessment means we are using a network scanner to look for hosts.
Passive assessment means we are sniffing packets in a network.
Wireless network assessment looks for vulnerabilities in the wireless network, not the phone
49. A security policy is more acceptable to employees if it is consistent and has the support of:
Explanation:
Executive management is a team of individuals at the highest level of management in an organization who have the
day-to-day tasks of managing that organization. They hold specific executive powers delegated to them with and by
the authority of a board of directors and the shareholders. The executive management typically consists of the
heads of a firm such as chief financial officer, the chief operating officer, and the chief strategy officer.
50. Company XYZ is one of the most famous and well-known organization across the globe for its cyber security
services. It has received Best Cyber Security Certification Provider Award for three consecutive times. One day, a
hacker identified severe vulnerability in XYZ’s website and exploited the vulnerabilities in the website
successfully compromising customers’ private data. Besides the loss of data and the compromised network
equipment, what has been the worst damage for Company XYZ?
A. Reputation.
B. Credit Score.
C. Customers.
D. Routers.
51. Which of the following is a detective control?
Explanation:
Security controls are safeguards or countermeasures to avoid, detect, respond, or minimize security risks to
physical property, information systems, or other assets.
Security controls are classified as follows:
Preventive Controls - Prevent an incident from occurring. E.g., Security guard, smart card authentication,
etc.
Detective Controls - Identify and characterize an incident in progress. E.g., Audit trail, system monitoring,
etc.
Corrective Controls - Limit the extent of any damage caused by the incident. E.g., Security policy, continuity
of operations plan, etc.
52. Which of the following security policy protects the organizational resources and enables organizations to
track their assets?
Explanation:
o Access Control Policy: Access control policy outlines procedures that help in protecting the
organizational resources and the rules that control access to them. It enables organizations to track
their assets.
o Remote-Access Policy: A remote-access policy contains a set of rules that define authorized
connections. It defines who can have remote access, the access medium and remote access security
controls.
o User Account Policy: User account policies provide guidelines to secure access to a system. It defines
the account creation process, and authority, rights and responsibilities of user accounts.
o Information-Protection Policy: Information-protection policies define the standards to reduce the
danger of misuse, destruction, and loss of confidential information. It defines the sensitivity levels of
information, who may have access, how it is stored and transmitted, and how it should be deleted from
storage media.
53. Cristine is the CEO of a global corporation that has several branch offices around the world. The company
employs over 300 workers, half of whom use computers. Recently, the company suffered from a ransomware
attack that disrupted many services, and many people have written to Cristine with questions about why it
happened
She asks Edwin, the systems administrator, about servers that have encrypted information. Edwin explains to
Cristine that the servers have a screen asking about bitcoins to pay to decrypt the information, but he does not
know why.
What team does the company lack?
A. CSIRT. B. unencrypt team.
C. Vulnerability Management team. D. Administrators team.
Explanation:
The company does not have a computer incident response team and lacks knowledge regarding information
security issues. No other team but CSIRT can help with the problem.
55. A network administrator is promoted as chief security officer at a local university. One of his new
responsibilities is to manage the implementation of an RFID card access system to a new server room on campus.
The server room will house student enrollment information that is securely backed up to an off-site location.
During a meeting with an outside consultant, the chief security officer explains that he is concerned that the
existing security controls have not been designed properly. Currently, the network administrator is responsible
for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a
weekly basis.
Which of the following is an issue with the situation?
56. Which type of scan is used on the eye to measure the layer of blood vessels?
Explanation:
Facial recognition scan: Identifies or verifies a person from a digital image by comparing and analyzing
patterns.
Retinal scan: Compares and identifies a user using the distinctive patterns of retina blood vessels.
Iris scan: Identifies people based on unique patterns within the ring-shaped region surrounding the pupil of the
eye.
Signature kinetics scan: Analyzes and measures the physical activity of signing like the pressure applied, stroke
order, and the speed.
57. To reduce the attack surface of a system, administrators should perform which of the following processes to
remove unnecessary software, services, and insecure configuration settings?
A. Windowing B. Harvesting
C. Stealthing D. Hardening
58. Which of the following ensures that updates to policies, procedures, and configurations are made in a
controlled and documented manner?
59. Which initial procedure should an ethical hacker perform after being brought into an organization?
61. What are the three types of compliances that the Open-Source Security Testing Methodology Manual
(OSSTMM) recognizes?
63. A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement state that
the penetration test has to be done from an external IP address with no prior knowledge of the internal IT
systems. What kind of test is being performed?
Explanation:
In black box testing, the pen testers have only the company name. The tester after that uses fingerprinting methods
to acquire information about the inputs and the expected outputs but is not aware of the internal workings of a
system. Testers carry out this test after extensive research of the target organization. Black box testing simulates an
external attacker.
64. Which of the following examples best represents a logical or technical control?
Explanation:
Logical controls include the following: access control software, malware solutions, passwords, security tokens, and
biometrics. Security tokens are used to authenticate a user to a system. Tokens are hardware devices that can take
the form of key fobs or credit cards. They are often used together with another logical access control, such as a
password or pin, to implement strong multifactor authentication.
65. Low humidity in a data center can cause which of the following problems?
Explanation:
Answer "Static current" is correct; low humidity can cause a buildup of static electricity. Static discharge can
damage data and equipment. a, b, and d are incorrect. Corrosion can be caused by high humidity; airborne
contaminants are caused by improper air filtration, and heat is caused by improper cooling
66. An IT security engineer notices that the company’s web server is currently being hacked. What should the
engineer do next?
67. Which security strategy requires using several, diverse methods to protect IT systems against attacks?
A. Defense in depth B. Exponential backoff algorithm
C. Three-way handshake D. Covert channels
68. Which of the following items is unique to the N-tier architecture method of designing software applications?
A. Data security is tied into each layer and must be updated for all layers when an upgrade is performed.
B. Application layers can be written in C, ASP.NET, or Delphi without any performance loss.
C. It is compatible with various databases including Access, Oracle, and SQL.
D. Application layers can be separated, allowing each layer to be upgraded independently from other layers.
Explanation:
N-tier architecture is also called multitier architecture because the software is engineered to have the processing,
data management, and presentation functions physically and logically separated. This means that these different
functions are hosted on several machines or clusters, ensuring that services are provided without resources being
shared and, as such, these services are delivered at top capacity. The “N” in the name N-tier architecture refers to
any number from 1.
69. An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk
assessments. A friend recently started a company and asks the hacker to perform a penetration test and
vulnerability assessment of the new company as a favor. What should the hacker’s next step be before starting
work on this job?
Explanation:
Before starting the penetration testing, it is important to define the penetration testing scope. It is one of
the important parts of penetration testing engagement process that helps you gather assessment
requirements for your penetration test. It further helps in preparing test plan, limitations, business
objectives, and time schedule for the proposed pen test.
It helps you define clear objectives with the help of which you can identify:
What will be tested
How it should be tested
What resources will be allocated
What limitations will be applied
What business objectives will be achieved
How the test project will be planned and scheduled
70. Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?
A. They are available at a low cost. B. Anyone can run the command line scripts.
C. They provide a repeatable framework. D. They are subject to government regulation.
Explanation:
71. If the final set of security controls does not eliminate all risk in a system, what could be done next?
Explanation:
Risk refers to a probability of the occurrence of a threat or an event that may damage, cause loss, or have
other negative impact either from internal or external liabilities.
To reduce or eliminate the risk, organizations implement various information security controls to prevent
unwanted events from occurring, but some risks will remain at a certain level, and this is what residual risks
are.
If the securing controls fail in eliminating the complete risk, then reusing the same or removing them does
not make any sense.
Once you find out what residual risks are, what do you do with them? Basically, you have these three
options:
1. If the level of risks is below the acceptable level of risk, then you do nothing—the management needs
to formally accept those risks.
2. If the level of risks is above the acceptable level of risk, then you need to find out some new (and
better) ways to mitigate those risks
3. If the level of risks is above the acceptable level of risk, and the costs of decreasing such risks would be
higher than the impact itself, then you need to propose to the management to accept these high risks.
72. Which of the following statements are true regarding N-tier architecture? (Choose two.)
A. When a layer is changed or updated, the other layers must also be recompiled or modified.
B. Each layer must be able to exist on a physically independent system.
C. The N-tier architecture must have at least one logical layer.
D. Each layer should exchange information only with the layers above and below it.
73. In order to show improvement of security over time, what must be developed?
A. CSIRT provides computer security surveillance service to supply a government with important intelligence
information on individuals traveling abroad.
B. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for
reporting computer security incidents worldwide.
C. CSIRT provides penetration testing service to support exception reporting on incidents worldwide by individuals
and multinational corporations.
D. CSIRT provides vulnerability assessment service to assist law enforcement agencies with profiling an individual’s
property or a company’s asset.
76. Which of the following policies provides the guidelines on the processing, storage and transmission of
sensitive information?
77. Bayron is the CEO of a medium size company with regional operations in America. He recently hired a
security analyst to implement an Information Security Management System (ISMS) to minimize risk and limit the
impact of a security breach. The analyst was asked to design and implement patch management, vulnerability
management, IDS deployment, and security incident handling procedures for the company. Which of these is a
reactive process?
Explanation:
The patch and vulnerability management are preventive procedures, so the true answer is A. An incident handling
is a reactive one.
79. A CEH is approached by a friend who believes her husband is cheating. She offers to pay to break into her
husband’s email account in order to find proof so she can take him to court. What is the ethical response?
A. Say no; make sure that the friend knows the risk she’s asking the CEH to take.
B. Say yes; the friend needs help to gather evidence.
C. Say yes; do the job for free.
D. Say no; the friend is not the owner of the account.
80. A computer technician is using the latest version of a word-processing software and discovers that a
particular sequence of characters is causing the entire computer to crash. The technician researches the bug and
discovers that no one else has experienced the problem. What is the appropriate next step?
A. Ignore the problem completely and let someone else deal with it.
B. Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.
C. Find an underground bulletin board and attempt to sell the bug to the highest bidder.
D. Create a document that will crash the computer when opened and send it to friends.
81. Which of the following tasks DOES NOT fall under the scope of ethical hacking?
A. Pen testing
B. Risk assessment
C. Defense-in-depth implementation
D. Vulnerability scanning
82. Stephany is the leader of an information security team of a global corporation that has several branch offices
around the world. In the past six months, the company has suffered several security incidents. The CSIRT
explains to Stephany that the incidents have something in common: the source IP addresses of all the incidents
are from one of the new branches. A lot of the outsourcing staff come to this office to connect their computers to
the LAN.
What is the most accurate security control to implement to resolve the primary source of the incidents?
Explanation:
Network access control (also known as network administration control) deals with restricting the
availability of a network to the end user depending on the security policy. It mainly restricts systems
without antivirus, intrusion prevention software from accessing the network. NAC allows you to create
policies for each user or systems and define policies for networks in terms of IP addresses.
NAC performs the following actions:
Evaluates unauthorized users, devices, or behaviors in the network. It provides access to authorized
users and other entities.
It helps in identifying users and devices on a network. It also determines whether these users and
devices are secure or not.
Examines the system integration with the network according to the security policies of the
organization.
In this environment, there are a lot of outside devices coming in and out of the company with no
controls. If we implement NAC we can say who can get into the network and what policies they
need to comply with.
83. Juan is the administrator of a Windows domain for a global corporation. He uses his knowledge to scan the
internal network to find vulnerabilities without the authorization of his boss; he tries to perform an attack and
gain access to an AIX server to show the results to his boss. What kind of role is shown in the scenario?
Explanation:
Gray hats are the individuals who work both offensively and defensively at various times. They fall between white
and black hats. Gray hats might help hackers in finding various vulnerabilities of a system or network and at the
same time help vendors to improve products (software or hardware) by checking limitations and making them
more secure.
In the above scenario, despite doing the hack without authorization, Juan only wants to do good for the company.
He was checking the limitations of the organization network and not looking for benefits. This is the behavior of a
gray hat hacker.
A white hat always looks for authorization, and the black hat always seeks profit.
A. Ethical hackers try to find what an intruder can see on the system under evaluation.
B. Ethical hackers are responsible for incident handling and response in the organization.
C. Ethical hackers are responsible for selecting security solutions and try to verify the ROI of security systems.
D. Ethical hackers try to find if all the components of information systems are adequately protected, updated,
and patched
85. You have been hired to do an ethical hacking (penetration Testing) for a company. Which is the first thing you
should do in this process?
86. Highlander, Incorporated, decides to hire an ethical hacker to identify vulnerabilities at the regional locations
and ensure system security.
What is the main difference between a hacker and an ethical hacker when they are trying to compromise the
regional offices?
A. Hackers don’t have any knowledge of the network before they compromise the network.
B. Hackers have more sophisticated tools.
C. Ethical Hackers have the permission of upper management.
D. Ethical hackers have the permission of the regional server administrators.
Explanation:
Ethical hackers have the permission of upper management (those with authority to approve the test)
87. A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The
company accepting bids wants proof of work, so the consultant prints out several audits that they have
performed for previous companies. Which of the following is likely to occur as a result?
For a security consultant, it is compulsory to sign a nondisclosure agreement (NDA). An NDA is also known as
confidential document agreement. It is a legal contract to protect the organization’s sensitive information. A typical
NDA specifies the information that the penetration testing team (security consultant) is not allowed to disclose to
other parties.
If the security consultant is showing audit reports of previous companies as a proof of work to the current client, it
means they are exposing vulnerabilities of the previous companies to the current client—because audit report
contains all the confidential information about threats or vulnerabilities found during penetration testing.