7

Question 1

A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called:

Answer 1

White-box testing

Question 2

A penetration test of a computer system performed without the prior knowledge on how the system that is to be tested works is referred to as a black-box testing.

Answer 2

True

Question 3

Which of the following terms is used to describe a penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system?

Answer 3

Gray-box testing

Question 4

In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting.

Answer 4

False

Question 5

In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.

Answer 5

False

Question 6

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:

Answer 6

War driving

Question 7

Which of the following statements does not apply to the concept of OSINT?

Answer 7

Active reconnaissance in penetration testing

Question 8

In cybersecurity exercises, red team takes on the role of:

Answer 8

An attacker

Question 9

In cybersecurity exercises, the defending team is referred to as:

Answer 9

Blue Team

Question 10

In cybersecurity exercises, the role of an event overseer (i.e. the referee) is delegated to:

Answer 10

White Team

Question 11

In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue, and white).

Answer 11

False

Question 12

Physical and logical network diagrams provide visual representation of network architecture. A physical network diagram contains information on hardware devices and physical links between them. A logical network diagram describes the actual traffic flow on a network and provides information related to IP addressing schemes, subnets, device roles, or protocols that are in use on the network.

Answer 12

True

Question 13

Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information?

Answer 13

Data loss prevention (DLP)

Question 14

Which of the three states of digital data requires data to be processed in an unencrypted form?

Answer 14

In processing

Question 15

In the field of data security, the term “Tokenization” refers to the process of replacing sensitive data with nonsensitive information which holds a reference to the original data and enables its processing but has no value when breached.

Answer 15

True

Question 16

A hash function allows for mapping large amount of data content to a small string of characters. The result of hash function provides the exact “content in a nutshell” (in the form of a string of characters) derived from the original data content. In case there is any change to the data after the original hash was taken, the next time when hash function is applied, the resulting hash value calculated after content modification will be different from the original hash.

Answer 16

True

Question 17

Which of the following terms refers to a duplicate of the original site, with fully operational computer systems as well as near-complete backups of user data?

Answer 17

Hot site

Question 18

A disaster recovery facility that provides only the physical space for recovery operations is called:

Answer 18

Cold Site

Question 19

Which alternate site allows for fastest disaster recovery?

Answer 19

Hot site

Question 20

A monitored host holding no valuable data specifically designed to detect unauthorized access attempts and divert attacker’s attention from the actual network is known as:

Answer 20

Honeypot

Question 21

Which of the following is an example of fake telemetry?

Answer 21

DNS sinkhole

Question 22

Which of the following answers refers to a cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?

Answer 22

** IaaS **
Infrastructure as a service is a cloud computing service model by means of which computing resources are supplied by a cloud services provider. The IaaS vendor provides the storage, network, servers, and virtualization. This service enables users to free themselves from maintaining an on-premises data center

Question 23

Which cloud service model would provide the best solution for a web developer intending to create a web app?

Answer 23

** PaaS **
PaaS stands for Platform-as-a-Service. This consists of a set of cloud-based services that enable business users and developers to build applications speedily

Question 24

A cloud computing service model offering remote access to applications based on monthly or annual subscription fee is called:

Answer 24

** SaaS **
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider.

Question 25

What is the name of a cloud computing deployment model in which the cloud infrastructure is provisioned for open use by the general public?

Answer 25

Public cloud