CIT Exam Review Questions

Question 1

David, a cybersecurity researcher, found a new way to hack the
company’s system without having the antivirus react to the
breach. Which term relates to his discovery?
A. Zero-day
B. Stealth technique
C. Fileless attack
D. Virus
E. Bypass technique

Answer 1

A. Zero-day

Question 2

What is the name of the method that exposes data leakage by
giving different versions of a sensitive document to each of
several suspects and seeing which version gets leaked?
A. Valhala
B. TrapX
C. Sandbox
D. Canary trap

Answer 2

D. Canary trap

Question 3

A large company experienced leakage of employee information
and the company discovered that the leak took place following a
phishing email. What should be done to prevent a future data
leak?
A. Use antivirus and email security.
B. Analyze and categorize the data.
C. Encrypt sensitive data.
D. All of the above.

Answer 3

D. All of the above.

Question 4

Which of the following is not true about how an organization
should protect itself from malicious emails?
A. Open malicious emails and investigate them.
B. Use email encryption.
C. Use strong passwords.
D. Use spam filters and malware scanners.

Answer 4

A. Open malicious emails and investigate them.

Question 5

Which of the following systems should be installed
to analyze an organization’s network traffic?
A. Snort
B. Splunk
C. pfSense
D. Demisto

Answer 5

A. Snort

Question 6

What is the purpose of log parsing in a system such as Splunk?
A. To separate data into parts that are easier to handle.
B. For easy forwarding by the forwarders.
C. To generate alerts in the network.
D. To receive better logs from the Event Viewer.

Answer 6

A. To separate data into parts that are easier to handle.

Question 7

As an analysts in a SOC department, you are responsible for
checking IP addresses and verifying that they are not included in
four different blacklists. To avoid the repetitive task, you decide to
implement a playbook. Which SOAR capability should you use?
A. Security Incident Response
B. Security Operation Automation
C. Incident Case Management
D. Triage & Identification

Answer 7

B. Security Operation Automation

Question 8

An entropy inspection of a file indicates high entropy
measuring, what can be assumed from that?
A. It is a regular text file.
B. The file may be encrypted or compressed.
C. It is a compressed executable file.
D. The content of the file is malicious.

Answer 8

B. The file may be encrypted or compressed.

Question 9

Why should employee and visitor access to an
organization be audited?
A. To help track events in case of an incident or
breach, and to locate the cause.
B. To intimidate employees.
C. To identify and prevent suspicious activities
at the entrance.
D. To stop hackers.

Answer 9

A. To help track events in case of an incident or
breach, and to locate the cause.

Question 10

What does the PPT triad represent in the context
of organizational security?
A. The required balance for operational security.
B. How to secure the weakest link in an organization.
C. How to isolate sensitive data in an organization.
D. All of the above.

Answer 10

A. The required balance for operational security.