7 Flashcards

1
Q

A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:

A

White-box testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A penetration test of a computer system performed without the prior knowledge on how the system that is to be tested works is referred to as a black-box testing.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following terms is used to describe a penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system?

A

Gray-box testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

A

War driving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following statements does not apply to the concept of OSINT?

A

Active reconnaissance in penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In cybersecurity exercises, red team takes on the role of:

A

An attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In cybersecurity exercises, the defending team is referred to as:

A

Blue Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In cybersecurity exercises, the role of an event overseer (i.e. the referee) is delegated to:

A

White Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue, and white).

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Physical and logical network diagrams provide visual representation of network architecture. A physical network diagram contains information on hardware devices and physical links between them. A logical network diagram describes the actual traffic flow on a network and provides information related to IP addressing schemes, subnets, device roles, or protocols that are in use on the network.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information?

A

Data loss prevention (DLP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the three states of digital data requires data to be processed in an unencrypted form?

A

In processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In the field of data security, the term “Tokenization” refers to the process of replacing sensitive data with nonsensitive information which holds a reference to the original data and enables its processing but has no value when breached.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A hash function allows for mapping large amount of data content to a small string of characters. The result of hash function provides the exact “content in a nutshell” (in the form of a string of characters) derived from the original data content. In case there is any change to the data after the original hash was taken, the next time when hash function is applied, the resulting hash value calculated after content modification will be different from the original hash.

A

True

17
Q

Which of the following terms refers to a duplicate of the original site, with fully operational computer systems as well as near-complete backups of user data?

A

Hot site

18
Q

A disaster recovery facility that provides only the physical space for recovery operations is called:

A

Cold Site

19
Q

Which alternate site allows for fastest disaster recovery?

A

Hot site

20
Q

A monitored host holding no valuable data specifically designed to detect unauthorized access attempts and divert attacker’s attention from the actual network is known as:

A

Honeypot

21
Q

Which of the following is an example of fake telemetry?

A

DNS sinkhole

22
Q

Which of the following answers refers to a cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?

A

** IaaS **
Infrastructure as a service is a cloud computing service model by means of which computing resources are supplied by a cloud services provider. The IaaS vendor provides the storage, network, servers, and virtualization. This service enables users to free themselves from maintaining an on-premises data center

23
Q

Which cloud service model would provide the best solution for a web developer intending to create a web app?

A

** PaaS **
PaaS stands for Platform-as-a-Service. This consists of a set of cloud-based services that enable business users and developers to build applications speedily

24
Q

A cloud computing service model offering remote access to applications based on monthly or annual subscription fee is called:

A

** SaaS **
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider.

25
Q

What is the name of a cloud computing deployment model in which the cloud infrastructure is provisioned for open use by the general public?

A

Public cloud