Quiz Questions

Question 1

Which of the following standards is most applicable to a company that utilizes any payment card for its operations?

Answer 1

PCI-DSS

Question 2

What organizational plan is developed to deal with disasters and other difficult situations such as cyber-attacks, outages, or supply chain failures?

Answer 2

Business Continuity

Question 3

What type of information could include addresses, date of birth, or social security numbers?

Answer 3

PII

Question 4

Which of the choices below best describes an attack resulting from an unknown vulnerability exploit or a known vulnerability without a current patch?

Answer 4

Zero-day attack

Question 5

The Risk Management Framework is a flexible risk-based approach that integrates security, privacy, and cyber supply chain risk management into the system development life cycle. Which phase of the framework involves determining the applicable controls needed to reduce business risk to an acceptable level?

Answer 5

Select

Question 6

Which of the following is NOT considered a factor of risk?

Answer 6

Convenience because Cost, Mitigation and Threat are

Question 7

What type of professional is hired by organizations to legally hack into their networks and identify weak entry points?

Answer 7

Ethical Hacker

Question 8

Which organizational security team is responsible for providing security assessments outlining an organization’s system defense efficacy and resilience?

Answer 8

Red Team

Question 9

What risk response or treatment approach has been adopted when an organization decides to purchase insurance?

Answer 9

Transfer

Question 10

What achievement is proof of technical knowledge backed by an industry-standard provider such as Microsoft or CompTIA?

Answer 10

Certification

Question 11

Which of the following is a Linux kernel-mode component?

Answer 11

Drivers

Question 12

Which of the following is an identity associated with a session for proper access control?

Answer 12

User Account

Question 13

What is the purpose of a Demilitarized Zone (DMZ)?

Answer 13

To separate internal networks from untrusted external traffic

Question 14

Which of the following network attacks causes a service to fail by flooding the target with traffic?

Answer 14

Denial of Service DOS

Question 15

Which control enables the creation of rules that allow or block traffic?

Answer 15

iptables

Question 16

Which network infrastructure type connects users and end devices located in a small area such as an office building?

Answer 16

Local Area Network (LAN)

Question 17

Which state of data represents data that are actively being used?

Answer 17

Data in use

Question 18

Which of the following can be accomplished using a firewall?

Answer 18

Monitoring and filtering network traffic

Question 19

Which Linux distro is specifically packaged for information security tasks such as security research or penetration testing?

Answer 19

Kali

Question 20

What is the first step to take when hardening a Linux system?

Answer 20

Determine server purpose and requirements

Question 21

Which is a likely cause of the continued issues related to the EternalBlue common vulnerabilities and exposures (CVE)?

Answer 21

Poor patch management

Question 22

Which term best describes actions taken to increase infrastructure security?

Answer 22

Hardening

Question 23

What is a true statement about the Windows Operating System?

Answer 23

It has a folder-based file system

Question 24

Which term refers to the idea of moving security earlier in the Secure Software Development Lifecycle (SSDLC) to avoid downstream bugs and vulnerabilities?

Answer 24

Shift Left

Question 25

What is the Open Web Application Security Project (OWASP)?

Answer 25

A community-driven organization focused on application security

Question 26

Which term is the input vehicle for a server-side request forgery (SSRF) attack?

Answer 26

User-supplied URL

Question 27

What is application fuzzing?

Answer 27

Automated data is injected into an app to test response and security.

Question 28

Which term best describes the main attack method used in the SolarWinds attack?

Answer 28

Supply-chain attack

Question 29

Which paired term is the primary security control deployed during the Identify and Plan stages of the SSDLC?

Answer 29

Communication and review

Question 30

Which duty is the primary focus of data loss prevention (DLP)?

Answer 30

Preventing unauthorized sharing of privileged information

Question 31

What type of hacker breaks into organization for personal gain?

Answer 31

Unethical hacker

Question 32

What type of attack uses links in an email?

Answer 32

Phishing

Question 33

Which type of network, below is a the internet considered to be?

Answer 33

WAN

Question 34

Which attack involves sniffing data between two or more computers?

Answer 34

On-Path

Question 35

Reviewing systems for possible weakness is called?

Answer 35

Vulnerability assessment

Question 36

Select all that are involved in risk calculations

Answer 36

Risk Threat + Asset =Vulnerability

Question 37

Which of the following is a type of antivirus?

Answer 37

ClamAV

Question 38

What part of the CIA triad ensures that data hasn’t changed in transit?

Answer 38

Integrity

Question 39

The primary use for NMAP tool is to scan network computers?

Answer 39

True

Question 40

What type of team would a SOC analyst belong to?

Answer 40

Blue Team

Question 41

Which government agency is part of DHS?

Answer 41

CISA

Question 42

What tool can be used for password cracking?

Answer 42

Hydra

Question 43

True or false OWASP is a government agency?

Answer 43

False they are non-profit

Question 44

Multiple controls to protect an asset is called?

Answer 44

Defense in Depth

Question 45

SSDLC involves?

Answer 45

Applications

Question 46

Testing of code for constant improvement is called?

Answer 46

Shift Left

Question 47

How would you harden a Linux server?

Answer 47

Remove unnecessary services

Question 48

What does a firewall do?

Answer 48

Inspects and filters incoming traffic

Question 49

What type of attack is based on a vendor’s equipment?

Answer 49

Supply Chain attack

Question 50

The primary purpose of a router is?

Answer 50

Allow separate networks to communicate

Question 51

What is one of the leading causes of KNOWN vulnerabilities being exploited?

Answer 51

Poor patch management

Question 52

The most powerful account in Linux is?

Answer 52

Root

Question 53

Something used to show potential employers your IT knowledge?

Answer 53

Certifications

Question 54

VPN is used to secure data at rest?

Answer 54

False it secures data in transit

Question 55

Which regulation involves software for medical use?

Answer 55

HIPPA

Question 56

What does DLP stand for?

Answer 56

Data Loss Prevention

Question 57

With proper planning, all vulnerabilities can be eliminated?

Answer 57

False

Question 58

When hackers exploit a new software vulnerability it is know as?

Answer 58

Zero-day

Question 59

What is network segmentation?

Answer 59

Dividing the network into multiple zones

Question 60

SQL injection involves?

Answer 60

A database and a website