EAS PRELIMS

Question 1

What is considered the weakest link in information security systems?
A. Poorly enforced security policies
B. Unauthorized network probing
C. Use of outdated hardware or software
D. Server downtime during maintenance periods

Answer 1

A. Poorly enforced security policies

This highlights how user behavior and policy enforcement can impact security.

Question 2

Cybercriminals use many different types of malware to carry out their attacks. What type of malware is used if the cybercriminal uses a program to gain unauthorized access to a system by bypassing the standard authentication procedures?
A. Worm
B. Rootkit
C. SQL injection
D. BackdoorWhich of the following is the best example of a user threat?

Answer 2

D. Backdoor

Backdoors allow unauthorized access without following normal authentication measures.

Question 3

Threat actors target a company to gain access to its confidential files. They find that the company’s employees regularly frequent an outdated website for food delivery and proceed to exploit the website. What type of deception method is used?
A. Spear phishing
B. Typosquatting
C. Cross-site scripting
D. Watering hole attack

Answer 3

D. Watering hole attack

This method targets users visiting specific compromised sites.

Question 4

You were trying to login to your bank account via a web browser. As the website of the bank is not in one of your bookmarked URLs, you search for the website via the default browser engine. You clicked the top search result but notice that the URL appears to be different than what you remember. What kind of deception method is used in this case?
A. Spear phishing
B. Typosquatting
C. Cross-site scripting
D. Watering hole attack

Answer 4

B. Typosquatting

Typosquatting involves creating fraudulent URLs that closely resemble legitimate ones.

Question 5

It is a type of mobile attack where the threat actors copies mobile information like emails and contact lists using a short-range wireless technology.
A. RF jamming
B. RF hijacking
C. Bluesnarfing
D. Bluejacking

Answer 5

C. Bluesnarfing

Bluesnarfing allows unauthorized access to data on a mobile device via Bluetooth.

Question 6

This describes a situation where a valid data transmission is maliciously or fraudulently repeated or delayed by an attacker, who intercepts, amends and resubmits the data to get the receiver to do whatever they want.
A. Race condition attack
B. Replay attack
C. Resource exhaustion attack
D. Directory traversal attack

Answer 6

B. Replay attack

Replay attacks involve intercepting and re-sending data to manipulate actions.

Question 7

This is when the cost of risk management options outweighs the cost of the risk itself.
A. Risk acceptance
B. Risk reduction
C. Risk avoidance
D. Risk transfer

Answer 7

A. Risk acceptance

Risk acceptance occurs when organizations choose to accept certain risks instead of mitigating them.

Question 8

Which is true about Internet Protocol (IP)?
A. It tracks and manages flow of packets.
B. It validates whether the source IP address in a packet came from that source.
C. It delivers packets from host to destination over an interconnected system of networks.

Answer 8

C. It delivers packets from host to destination over an interconnected system of networks.

IP is fundamental for routing packets across different networks.

Question 9

This is an IPv6 header field that is equivalent to the IPv4 TTL field.
A. address resolution
B. neighbor discovery
C. sequence number
D. hop limit

Answer 9

D. hop limit

Hop limit controls the number of hops a packet can take in IPv6.

Question 10

In this type of attack, the threat actor sees the traffic between the host and the target.
A. blind spoofing
B. ARP spoofing
C. non-blind spoofing
D. IP spoofing

Answer 10

C. non-blind spoofing

Non-blind spoofing allows attackers to observe the actual communication.

Question 11

This is a characteristic of UDP.
A. reliable delivery
B. flow control
C. stateless communication
D. all of the choices

Answer 11

C. stateless communication

UDP is connectionless, unreliable, and lacks error recovery mechanisms.

Question 12

This attack occurs when threat actors steal confidential information from an Ethernet frame in a switched LAN.
A. passive ARP poisoning
B. MAC address flooding
C. DNS spoofing
D. IP spoofing

Answer 12

A. passive ARP poisoning

Passive ARP poisoning allows attackers to intercept traffic without being detected.

Question 13

In this attack, the threat actor gathers domain account credentials to silently create multiple sub-domains to be used during the attacks that typically point to malicious servers without alerting the actual owner of the parent domain.
A. DNS cache poisoning
B. DNS tunneling
C. DNS amplification
D. DNS domain shadowing

Answer 13

D. DNS domain shadowing

Domain shadowing involves creating subdomains that can be exploited without alerting the main domain owner.

Question 14

This DNS stealth technique occurs when threat actors use this technique to hide their phishing and malware delivery sites behind a quickly-changing network of compromised DNS hosts and the DNS IP addresses are continuously changed within minutes.
A. fast flux
B. tunneling
C. recursive resolution
D. amplification

Answer 14

A. fast flux

Fast flux techniques involve rapid IP address changes to avoid detection.

Question 15

This HTTP status code has a format of 4xx.
A. redirection
B. server error
C. client error
D. successful

Answer 15

C. client error

Client error codes start with ‘4xx’ indicating issues with the request.

Question 16

In this exploit, the threat actor uses a response status code to redirect the user’s web browser to a new location. The redirect function can be used multiple times until the browser finally lands on the page that contains the exploit.
A. HTTP 302 cushioning
B. malicious iFrames
C. domain shadowing
D. SQL injection

Answer 16

A. HTTP 302 cushioning

HTTP 302 status codes indicate a temporary redirect which can be exploited.

Question 17

Which is a potential safeguard against email threat?
A. Keep SMTP software up to date.
B. Use security appliance such as WSA to block certain traffics
C. Use Web Proxy to block malicious sites
D. all of the choices

Answer 17

A. Keep SMTP software up to date.

Regular updates to anti-SPAM software help protect against evolving email threats.

Question 18

It is a worm mitigation phase that involves actively disinfecting infected systems such as terminating the worm process, removing modified files, and patching vulnerabilities the worm used to exploit the system.
A. containment
B. quarantine
C. inoculation
D. treatment

Answer 18

D. treatment

Eradication focuses on removing the worm and fixing the vulnerabilities exploited.

Question 19

Which applies to IEEE 802.11 standards?
A. It applies only to wired connections.
B. Its regulations vary by country.
C. It does not support roaming.
D. It defines layer 3 protocols.

Answer 19

B. Its regulations vary by country.

IEEE 802.11 standards can differ based on regional regulations.

Question 20

Which of the following applies to passive mode for wireless client scanning/probing processes?
A. The AP openly advertises its services.
B. Wireless clients must know the name of the SSID and initiate the probe request
C. The AP creates a probe response containing SSID, supported standards, and security settings
D. all of the choices

Answer 20

A. The AP openly advertises its services.

In passive mode, access points broadcast their presence without requiring queries.

Question 21

A threat actor introduces a rogue AP and configures it with the same SSID as a legitimate AP.
A. watering hole attacks
B. evil twin attack
C. ARP spoofing
D. replay attack

Answer 21

B. evil twin attack

An evil twin attack mimics a legitimate access point to intercept data.

Question 22

In this security practice, the broadcasting of beacon packets by wireless APs is disabled.
A. Open authentication
B. SSID cloaking
C. MAC address filtering
D. shared key authentication

Answer 22

B. SSID cloaking

SSID cloaking hides the network name to improve security.

Question 23

In this firewall design architecture, traffic originating from the public network and traveling to the private network is generally blocked.
A. DMZ
B. ZPF
C. private and public
D. all of the choices

Answer 23

D. all of the choices

Screened subnets are designed to filter and control traffic entering private networks.

Question 24

This common type of firewall permits or denies traffic based on layers 3 to 5 of the OSI model.
A. stateless
B. stateful
C. application gateway
D. next generation

Answer 24

B. stateful

Packet filtering firewalls analyze packet headers for access control.

Question 25

This firewall filters IP traffic between paired or bridged interfaces. A. stateless B. stateful C. host-based D. transparent

Answer 25

D. transparent ## Footnote Circuit-level gateways operate at the session layer to control traffic.

Question 26

This part of the Windows boot process checks if hardware devices are initialized and are talking. It ends when the system disk is discovered. A. MBR B. BCD C. POST D. HAL

Answer 26

C. POST ## Footnote POST (Power-On Self-Test) ensures hardware components are functioning before booting.

Question 27

This Windows registry holds information about all the users on the local system. A. HKEY USERS B. HKEY_CURRENT_USER C. HKEY_CURRENT_CONFIG D. HKEY_LOCAL_MACHINE

Answer 27

A. HKEY_USERS ## Footnote HKEY_USERS contains user-specific settings and configurations.

Question 28

This CLI command displays active TCP connections. A. nslookup B. regedit C. netstat D. rammap

Answer 28

C. netstat ## Footnote Netstat provides information about network connections and listening ports.

Question 29

It is a Linux distro that has various penetration testing tools. A. Debian B. Red Hat C. Ubuntu D. Kali

Answer 29

D. Kali ## Footnote Kali Linux is widely used for penetration testing and security assessments.

Question 30

In the Linux CLI, it is a command used to display the current directory. A. mv B. pwd C. dd D. chmod

Answer 30

B. pwd ## Footnote 'pwd' stands for 'print working directory' and shows the current directory path.

Question 31

In the Linux CLI, it is a command used after a pipe character to search the previous command’s outputs. A. grep B. cat C. apt-get D. man

Answer 31

A. grep ## Footnote 'grep' is a command-line utility for searching plain-text data for lines matching a regular expression.

Question 32

It is the port number for HTTPS. A. 53 B. 80 C. 123 D. 443

Answer 32

D. 443 ## Footnote Port 443 is the standard port for secure HTTP traffic.

Question 33

The command “ls -l filename” is issued in the Linux CLI. If one row of the output shows “-rwxrw-r--” at the start, which of the following is correct? A. The entry pertains to a folder B. The user has read and write access only C. The group has read access only. D. None of the choices

Answer 33

C. The group has read access only. ## Footnote This permission string indicates specific access rights for the owner, group, and others.

Question 34

The output of “ls -l filename” shows the first field as “-rw-r--r--”. What is the permission assigned to the group of users? A. no access B. read only C. read and write D. read, write and execution

Answer 34

B. read only ## Footnote The group can only read the file, not write or execute it.

Question 35

Which is an example of endpoint devices? A. router B. server C. switch D. firewall

Answer 35

B. server ## Footnote Endpoint devices refer to any devices that connect to the network.

Question 36

In antimalware programs, this approach can recognize unknown malwares by comparing the current state to a baseline and by identifying what source of information is used. A. signature-based B. pattern-based C. heuristics-based D. definition-based

Answer 36

C. heuristics-based ## Footnote Heuristics-based detection identifies malware by analyzing behavior and characteristics.

Question 37

It permits only authorized and compliant systems to connect to the network. A. AMP B. NAC C. ESA D. WSA

Answer 37

B. NAC ## Footnote NAC (Network Access Control) enforces security policies on devices connecting to the network.

Question 38

It is a technique used to allow suspicious files to be executed and analyzed in a safe environment. A. allow list B. sandbox C. block list D. av-test

Answer 38

B. sandbox ## Footnote Sandboxing isolates applications to prevent them from affecting the host system.

Question 39

It is a storage option that uses multiple hard drives in an array, combining multiple disks so that the operating system sees them as a single disk. A. DAS B. NAS C. RAID D. SAN

Answer 39

C. RAID ## Footnote RAID (Redundant Array of Independent Disks) combines multiple disks for performance and redundancy.

Question 40

What possible safeguard can be used to protect the confidentiality of data in transit? A. VPN B. hashing C. mutual authentication system D. none of the choices

Answer 40

A. VPN ## Footnote A VPN (Virtual Private Network) encrypts data transmitted over the internet.

Question 41

It refers to several points where attacks may get into and out of the loT system. A. Threat B. Vulnerability C. Threat actor D. Attack surface

Answer 41

D. Attack surface ## Footnote The attack surface encompasses all vulnerabilities that can be exploited.

Question 42

It is a policy of an organization that is created and maintained by human resources to identify salary, pay schedule, benefits, work schedule, and others. A. company policies B. security policies C. employee policies D. all of the choices

Answer 42

C. employee policies ## Footnote Employee policies outline the terms of employment and benefits.

Question 43

An example of this physical barrier is a barbed wire. A. guard shelters B. top guard C. bollard D. perimeter fence system

Answer 43

B. top guard ## Footnote Physical barriers like fences help secure a property against unauthorized access.

Question 44

In this stage of the application development, software is being debugged prior to deployment. A. provisioning and deprovisioning B. staging and production C. developing and testing D. all of the choices

Answer 44

C. developing and testing ## Footnote This stage focuses on identifying and fixing bugs before deployment.

Question 45

It is a security coding technique that uses precompiled statements stored in a database that execute a task. This may reduce network traffic and get faster results. A. normalization B. obfuscation C. stored procedure D. camouflage

Answer 45

C. stored procedure ## Footnote Stored procedures can optimize performance and enhance security.

Question 46

It is an application security best practice that helps prove the software authenticity. A. code signing B. version control C. secure cookies D. authorization

Answer 46

A. code signing ## Footnote Code signing ensures that the code has not been altered and verifies the author's identity.

Question 47

In DMZ, what are the risk and trust levels associated with a LAN? A. low risk, high trust B. medium-low risk, medium-high trust C. medium-high risk, medium-low trust D. high risk, low trust

Answer 47

A. low risk, high trust ## Footnote DMZs are designed to add an additional layer of security between external and internal networks.

Question 48

In wireless APs, it is an authentication method where SAE replaced PSK making the clients less susceptible to key reinstallation attacks. A. WEP B. WPA C. WPA2 D. WPA3

Answer 48

D. WPA3 ## Footnote WPA3 enhances security in wireless networks by improving password protection.

Question 49

This exploit allows a user to install unapproved apps. A. jailbreaking B. sideloading C. rooting D. piggyback riding

Answer 49

B. sideloading ## Footnote Jailbreaking is commonly associated with removing software restrictions on devices.

Question 50

Which security objective is considered when single points of failure are eliminated? A. confidentiality B. availability C. integrity D. non-repudiation

Answer 50

B. availability ## Footnote Ensuring availability means maintaining system uptime and resilience against failures.

Question 51

Which describes a router redundancy protocol? A. Each router shares the same physical IP address. B. Each router shares the same virtual IP address. C. The routers use their virtual IP address to send periodic messages. D. more than one of the choices

Answer 51

B. Each router shares the same virtual IP address. ## Footnote Router redundancy protocols help maintain network availability by using a shared virtual IP.

Question 52

In ensuring cybersecurity resilience, an organization may deploy this type of location redundancy that updates backup data location periodically resulting in low bandwidth requirements. A point-in-time replication B. asynchronous reputation C. synchronous reputation D. non-replication

Answer 52

A. point-in-time replication ## Footnote Point-in-time replication allows for efficient data backups with minimal bandwidth usage.

Question 53

It is a network of systems that mimics a network and is purposely left exposed to lure attackers. A. dns sinkhole B. watering hole C. honeynet D. honeypot

Answer 53

C. honeynet ## Footnote Honeynets are used for research and to detect intrusion attempts.

Question 54

It is an example of a physical access control. A. IDS B. ACL C. laptop locks D. passwords

Answer 54

C. laptop locks ## Footnote Physical access controls restrict physical access to devices and sensitive areas.

Question 55

It collects information and reports usage data. A.accountability B. authentication C. accounting D. authorization

Answer 55

C. accounting ## Footnote Accounting refers to tracking user activities and resource usage.