Professional Documents
Culture Documents
Implementing a Security Awareness training program would be an example of which type of control?
Administrative control
Correct!
Question 2 1 / 1 point
Preventative
Correct!
Question 3 1 / 1 point
What would a piece of malicious code that gets installed on a computer and reports back to the controller your
keystrokes and other information it can gather from your system be called?
Spyware
Correct!
Question 4 0 / 1 point
Suspicious activity, like IP addresses or ports being scanned sequentially, is a sign of which type of attack?
A mapping attack
A phishing attack
An IP spoofing attack
Incorrect, this material was covered in the course Introduction to Cybersecurity Tools & Cyber Attacks, Week 2 - A brief
overview of types of actors and their motives
Question 5 0 / 1 point
An email message that is encrypted, uses a digital signature and carries a hash value would address which aspects of the
CIA Triad?
Question 6 0 / 1 point
A company wants to prevent employees from wasting time on social media sites. To accomplish this, a document
forbidding use of these sites while at work is written and circulated and then the firewalls are updated to block access to
Facebook, Twitter and other popular sites. Which two (2) types of security controls has the company just implemented?
(Select 2)
Operational
Incorrect, this material was covered in the course Introduction to Cybersecurity Tools & Cyber Attacks, Week 3 - An
overview of key security concepts
Administrative
Physical
Technical
Question 7 1 / 1 point
A penetration tester that gains access to a system without permission and then exploits it for personal gain is said to
wear what color hat?
Black
Question 8 1 / 1 point
What is an advantage symmetric key encryption has over asymmetric key encryption?
Correct!
Question 9 0 / 1 point
Which position is in charge of testing the security and effectiveness of computer information systems?
Incorrect, this material was covered in the course Cybersecurity Roles, Processes & Operating System Security, Week 1 -
People Process & Technology
Question 10 1 / 1 point
Which three (3) roles are typically found in an Information Security organization? (Select 3)
Vulnerability Assessor
Penetration Tester
Question 11 1 / 1 point
Problem Management, Change Management, and Incident Management are all key processes of which framework?
ITIL
Question 12 1 / 1 point
Question 13 1 / 1 point
Availability
Correct!
Question 14 1 / 1 point
Which type of access control is based upon the subject's clearance level and the objects classification?
Correct!
Question 15 0 / 1 point
Ali must grant access to any individual or group he wants to allow access to the files he owns. Which access control type
is in use in Ali's organization?
Incorrect, this material was covered in the course Cybersecurity Roles, Processes & Operating System Security, Week 3 -
Authentication and Access Control
Question 16 1 / 1 point
If you are setting up a Windows 10 laptop with a 32Gb hard drive, which two (2) file system could you select? (Select 2)
FAT32
NTFS
Question 17 1 / 1 point
write
read
execute
Question 18 0 / 1 point
If cost is the primary concern, which type of cloud should be considered first?
Hybrid cloud
Universal cloud
Private cloud
Public cloud
Incorrect, this material was covered in the course Cybersecurity Roles, Processes & Operating System Security, Week 7 -
Overview of Virtualization
Question 19 0 / 1 point
After moving the workloads to the cloud but before they are open to users
It does not matter; these steps require approximately the same amount of work no matter when you elect to do them
Incorrect, this material was covered in the course Cybersecurity Roles, Processes & Operating System Security, Week 7 -
Overview of Virtualization
Question 20 1 / 1 point
Which of the following is a self-regulating standard set up by the credit card industry in the US?
PCI-DSS
Correct!
Question 21 1 / 1 point
Correct!
Question 22 0 / 1 point
If an Endpoint Detection and Response (EDR) system detects that an endpoint does not have a required patch installed,
which statement best characterizes the actions it is able to take automatically?
The endpoint can be quarantined from all network resources except those that allow it to download and install the
missing patch
No actions can be taken directly on the endpoint but the endpoint's owner can be notified of the actions he/she is
expected to take
The endpoint can be either allowed access to all network resources or quarantined and denied access to all network
resources
Nothing can be done directly to the endpoint but a system administrator can be alerted to handle the problem with the
system owner
Incorrect, this material was covered in the course Cybersecurity Compliance Framework & System Administration, Week
2 - Client System Administration, Endpoint Protection and Patching
Question 23 0 / 1 point
Which statement about drivers running in Windows kernel mode is true?
The Windows Virtual Address Manager protects processes in the kernel from interfering with each other’s assigned
memory space
Only critical processes are permitted to run in kernel mode since there is nothing to prevent a misbehaving driver from
impacting other processes that are also sharing the same memory space
The Windows Process Director prevents processes running in the kernel from interfering with each other’s operations
Each process running in kernel mode is assigned its own dedicated virtual address space, so it is safe to load any driver
into the kernel for faster execution
Incorrect, this material was covered in the course Cybersecurity Compliance Framework & System Administration, Week
3 - Server and User Administration
Question 24 1 / 1 point
The Windows Security App available in Windows 10 provides uses with which of the following protections?
Correct!
Question 25 0 / 1 point
Public key encryption incorporating digital signatures ensures which of the following?
Confidentiality only
Incorrect, this material was covered in the course Cybersecurity Compliance Framework & System Administration, Week
4 - Cryptography and Compliance Pitfalls
Question 26 1 / 1 point
Correct!
Question 27 0 / 1 point
The original message can be retrieved from the hash if you have the encryption key
A weakness of hashing is that the hash is proportional in length to the original message
If you have two hashes that differ only by a single character, you can infer that the original messages also differed very
little
Incorrect, this material was covered in the course Cybersecurity Compliance Framework & System Administration, Week
4 - Cryptography and Compliance Pitfalls
Question 28 0 / 1 point
Short of orchestrating a memory dump from a system crash, there is no practical way for malware to get at the data
being processed, so dump logs are your only real concern
It is vulnerable to theft and should be decrypted only for the briefest possible time while it is being operated on
Data should always be kept encrypted since modern CPUs are fully capable of operating directly on encrypted data
Incorrect, this material was covered in the course Cybersecurity Compliance Framework & System Administration, Week
4 - Cryptography and Compliance Pitfalls
Question 29 0 / 1 point
For added security you decide to protect your network by conducting both a stateless and stateful inspection of
incoming packets. How can this be done?
You must install 2 firewalls in series, so all packets pass through the stateless firewall first and then the stateless firewall
Install a single firewall that is capable of conducting both stateless and stateful inspections
Install a stateful firewall only These advanced devices inspect everything a stateless firewall inspects in addition to state
related factors
This cannot be done The network administrator must choose to run a given network segment in either stateful or
stateless mode, and then select the corresponding firewall type
Incorrect, this material was covered in the course Network Security & Database Vulnerabilities, Week 1 - TCP/IP
Framework
Question 30 0 / 1 point
Which statement best describes configuring a NAT router to use dynamic mapping?
The organization will need as many registered IP addresses as it has computers that need Internet access
The NAT router uses each computer's IP address for both internal and external communication
Many registered IP addresses are mapped to a single registered IP address using different port numbers
Incorrect, this material was covered in the course Network Security & Database Vulnerabilities, Week 1 - TCP/IP
Framework
Question 31 0 / 1 point
Which address type does a computer use to get a new IP address when it boots up?
Incorrect, this material was covered in the course Network Security & Database Vulnerabilities, Week 1 - TCP/IP
Framework
Question 32 1 / 1 point
In IPv4, how many of the 4 octets are used to define the network portion of the address in a Class B network?
Correct!
Question 33 1 / 1 point
Which three (3) of these statements about the TCP protocol are True? (Select 3)
TCP is connection-oriented
TCP packets are reassembled by the receiving system in the order in which they were sent
Question 34 1 / 1 point
Signature-based detection and statistical anomaly detection are found on what type of device?
Correct!
Question 35 0 / 1 point
If you have to rely upon metadata to work with the data at hand, you are probably working with which type of data?
Semi-structured data
Unstructured data
Meta-structured data
Structured data
Incorrect, this material was covered in the course Network Security & Database Vulnerabilities, Week 3 - Introduction to
Databases
Question 36 1 / 1 point
In reviewing the security logs for a company's headquarters in New York City, which of these activities should not raise
much of a security concern?
An employee has started logging in from home for an hour or so during the last 2 weeks of each quarter
Correct!
Question 37 1 / 1 point
Poor user input sanitation and unsafe execution of OS commands leaves a system vulnerable to which form of attack?
OS Command Injection
Correct!
Question 38 0 / 1 point
An employee calls the IT Helpdesk and admits that maybe, just possibly, the links in the email he clicked on this morning
were not from the real Lottery Commission. What is the first thing you should tell the employee to do?
Incorrect, this material was covered in the course Penetration Testing, Incident Response and Forensics, Week 1 -
Penetration Testing
Question 39 0 / 1 point
Which portion of the pentest report would cover the risk ranking, recommendations and roadmap?
Executive Summary
Rules of Engagement
Technical Review
Incorrect, this material was covered in the course Penetration Testing, Incident Response and Forensics, Week 1 -
Penetration Testing
Question 40 0 / 1 point
Which Incident Response Team model describes a team that runs all incident response activities for a company?
Coordinating
Central
Distributed
Control
Incorrect, this material was covered in the course Penetration Testing, Incident Response and Forensics, Week 2 -
Incident Response
Question 41 0 / 1 point
Which Post Incident activity would be concerned with maintaining the proper chain-of-custody?
Evidence retention
Incorrect, this material was covered in the course Penetration Testing, Incident Response and Forensics, Week 2 -
Incident Response
Question 42 0 / 1 point
True or False. Digital forensics is effective in solving cyber crimes but is not considered effective in solving violent crimes
such as rape and murder.
True
False
Incorrect, this material was covered in the course Penetration Testing, Incident Response and Forensics, Week 3 - Digital
Forensics
Question 43 0 / 1 point
In digital forensics documenting the chain of custody of evidence is critical. Which of these should be included in your
chain of custody log?
The names of every person who has physical custody of any piece of evidence
Documenting the actions that are performed on the evidence and at what time
Incorrect, this material was covered in the course Penetration Testing, Incident Response and Forensics, Week 3 - Digital
Forensics
Question 44 1 / 1 point
What scripting concept will repeatedly execute the same block of code while a specified condition remains true?
Loops
Correct!
Question 45 0 / 1 point
Python code is considered easy to debug compared with other popular programming languages
Python is not considered portable, running only on Linux and Windows machines
Python code is written at a very low level to better integrate with operating system functions
Incorrect, this material was covered in the course Penetration Testing, Incident Response and Forensics, Week 4 -
Introduction to Scripting
Question 46 0 / 1 point
pi="3"
str
bool
float
int
Incorrect, this material was covered in the course Penetration Testing, Incident Response and Forensics, Week 4 -
Introduction to Scripting
Question 47 0 / 1 point
Which two (2) of these Python libraries provides useful statistical functions? (Select 2)
NumPy
Scikit-learn
Seaborn
StatsModels
Pandas
Matplotlib
Question 48 0 / 1 point
According to the Crowdstrike model, CISOs, CTOs and executive boards belong in which intelligence area?
Control
Incorrect, this material was covered in the course Cyber Threat Intelligence, Week 1 - Threat Intelligence
Question 49 0 / 1 point
Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which
two (2) of these are post-exploit activities? (Select 2)
Detect deviations from the norm that indicate early warnings of APTs
Incorrect, this material was covered in the course Cyber Threat Intelligence, Week 1 - Threat Intelligence
Question 50 1 / 1 point
Which three (3) of these are among the top 12 capabilities that a good data security and protection solution should
provide? (Select 3)
Vulnerability assessment
Tokenization
Real-time alerting
Question 51 1 / 1 point
True or False. For iOS and Android mobile devices, users must interact with the operating system only through a series
of applications, but not directly.
True
Correct!
Question 52 0 / 1 point
All industries have their own unique data security challenges. Which of these industries has a particular concern with
PCI-DSS compliance while having a large number of access points staffed by low-level employees who have access to
payment card data?
Financial
Retail
Transportation
Healthcare
Incorrect, this material was covered in the course Cyber Threat Intelligence, Week 3 - Data Loss Prevention and Mobile
Endpoint Protection
Question 53 1 / 1 point
True or False. WireShark has an impressive array of features and is distributed free of charge.
True
Correct!
Question 54 1 / 1 point
Correct!
Question 55 1 / 1 point
The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?
Correct!
Question 56 0 / 1 point
Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in
advance of their attack to streamline costs and focus efforts?
Incorrect, this material was covered in the course Cyber Threat Intelligence, Week 5 - Application Security and Testing
Question 57 1 / 1 point
Which one of the OWASP Top 10 Application Security Risks would be occur when an application's API exposes financial,
healthcare or other PII data?
Correct!
Question 58 1 / 1 point
Why should you always look for common patterns before starting a new security architecture design?
Correct!
Question 59 0 / 1 point
SIEM license costs are typically calculated based upon which two (2) factors? (Select 2)
Incorrect, this material was covered in the course Cyber Threat Intelligence, Week 6 - SIEM Platforms
Question 60 1 / 1 point
They convert the flow data to a standard QRadar flow format and forward it to the centralized flow processor
Correct!
Question 61 1 / 1 point
True or False. Thorough reconnaissance is an important step in developing an effective cyber kill chain.
True
Correct!
Question 62 1 / 1 point
True or False. One of the primary challenges in cyber threat hunting is a lack of useful tools sold by too few vendors.
False
Correct!
Question 63 1 / 1 point
True or False. A large company has a data breach involving the theft of employee personnel records but no customer
data of any kind. Since no external data was involved, the company does not have to report the breach to law
enforcement.
False
Correct!
Question 64 0 / 1 point
According to the IRIS Framework, during which stage of an attack would the attacker attempt to escalate their privileges,
move laterally and conduct internal reconnaissance?
Attack beginnings
Incorrect, this material was covered in the course Cybersecurity Capstone: Breach Response Case Studies, Week 1 -
Incident Management Response and Cyberattack Frameworks
Question 65 0 / 1 point
Which three (3) of these statistics about phishing attacks are real? (Select 3)
Incorrect, this material was covered in the course Cybersecurity Capstone: Breach Response Case Studies, Week 2 -
Phishing Scams
Question 66 1 / 1 point
Which of these statements about the PCI-DSS requirements for any company handling, processing or transmitting credit
card data is true?
Correct!
Question 67 1 / 1 point
Which three (3) are malware types commonly used in PoS attacks to steal credit card data? (Select 3)
vSkimmer
BlackPOS
Alina
Question 68 1 / 1 point
According to a 2018 Ponemon study third party risk management, which three (3) of these were identified as best
practices? (Select 3)
Question 69 1 / 1 point
You get a phone call from a technician at the "Windows company" who tells you that they have detected a problem with
your system and would like to help you resolve it. In order to help, they need you to go to a web site and download a
simple utility that will allow them to fix the settings on your computer. Since you only own an Apple Mac, you are
suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the "simple utility"
as asked?
Correct!
Question 70 0 / 1 point
Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles
often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait
sites to get you to go to the really bad sites?
Software Vulnerabilities
Phishing
Malicious Links
Incorrect, this material was covered in the course Cybersecurity Capstone: Breach Response Case Studies, Week 5 -
Ransomware