Test 1

Question 1

Edie downloaded a game for her phone from the Google store. Bundled with the legitimate looking game, a separate piece of malware was also installed at the same time which uses her phone to mine cryptocurrency. Which of the following types of malware was secretly installed without her knowledge?

Answer 1

a

Question 2

Match the following attacker types to their appropriate definitions.

Question
Script Kiddies

Hactivists

Nation State Actors

Insiders

Answer 2

a

Question 3

When an attacker calls a target on the phone and pretends to be someone in authority, this is referred most specifically to as…

Answer 3

a

Question 4

Which of the following attacker types is associated with attacks referred to as Advanced Persistent Threats (APTs)?

Answer 4

a

Question 5

Which of the following is an asymmetric algorithm?

Answer 5

a

Question 6

Match the malware types below to their appropriate definitions.

Question
Ransomware

Virus

Worm

Logic Bomb

Answer 6

a

Question 7

Which of the following security tools is able to capture network packets and read unencrypted traffic?

Answer 7

a

Question 8

The only people that should have access to Alice’s private key are Alice and Bob.

Answer 8

a

Question 9

Which of the following is considered a bootable Linux operating system which comes pre-installed with a number of cyber security utilities such as Nmap, Wireshark and Metasploit?

Answer 9

a

Question 10

Which of the following sites is MOST likely to be used in performing OSINT against a target organization in order to find out more information about the organization’s employees?

Answer 10

Linkedin

Question 11

When viewing a Linux system’s encrypted password hash file, a value of $5$ indicates that the password is encrypted with SHA2. How long is the hash length for the password hashes in the Linux /etc/shadow file?

Answer 11

a

Question 12

Match the following risk assessment terms with their appropriate definitions.

Question
Asset

Risk

Threat vector

Threat

Answer 12

a

Question 13

Which of the Critical Security Controls would be essential in the event a company suffers from a ransomware attack?

Answer 13

a

Question 14

Which of the following are considered hashing protocols? (pick all that apply)

Answer 14

a

Question 15

Digital certificates are used to generate which of the following in order to perform asymmetric encryption?

Answer 15

a

Question 16

Which of the following could be used to spread malware?

Answer 16

a

Question 17

Which of the following types of malware most specifically pops up advertisements, malicious and/or non-malicious, on a target’s screen?

Answer 17

Adware

Question 18

Match the below cryptography terms to their most appropriate definitions.

Question
Hashing Algorithm

Symmetric Algorithm

Asymmetric Algorithm

Caesar Algorithm

Answer 18

a

Question 19

Which of the following is the term used to refer to unencrypted text when discussing cryptography?

Answer 19

a

Question 20

As a publicly traded organization within the United States, your company must adhere to which compliance regulation?

Answer 20

a

Question 21

Malware researchers have determined that the Dawgs malware was created several months ago, but only recently discovered in the wild by an independent malware researcher. The malware spreads via phishing and installs malicious browser extensions in order to steal bank account credentials. It is not believed to be a tool for the governments such as North Korea to raise funds.

What type of group is more than likely responsible for the Dawgs malware?

Answer 21

Organized crime

Question 22

Which of the following malware payloads most specifically records every key an infected user presses on their keyboard?

Answer 22

key logger

Question 23

Which of the following is the most popular method for attackers to gain access to an organization’s internal network?

Answer 23

a

Question 24

The hash length of MD5 is 128 bits.

Answer 24

True

Question 25

A network administrator for LMI Solutions, LLC, has discovered that their network switches are considered older and are no longer supported by the vendor. As such, no new firmware updates or security patches will be made for the devices. The company’s management team has decided it cannot afford to replace the networking equipment at this time.

If a company decides to do nothing to address an identified cyber security risk, such as purchasing cyber insurance to reimburse them in the event of a security breach or fixing the actual issue, this is referred most accurately to as…

Answer 25

Risk Acceptance

Question 26

In Defense-in-Depth, a company can deploy a firewall to segregate its own network from the rest of the Internet and not have to do anything else in order to secure the environment.

Answer 26

False

Question 27

Which of the following is a term used to describe a security research which conducts security attacks against web applications on the Internet with permission from the application owner?

Answer 27

White Hat

Question 28

In order to protect its most critical asset, a company has decided to encrypt the proprietary information of its clients as well as the personal information of each of its employees. By choosing to encrypt sensitive information, the company has most specifically enforced which of the aspects of Cyber Security?

Answer 28

Confidentiality

Question 29

Match the social engineering attacks below with their appropriate definitions.

Question
Shoulder Surfing

Phishing

Dumpster Diving

Piggybacking

Answer 29

a

Question 30

A security issue that an attacker could exploit to have a negative impact on an organization is referred to as?

Answer 30

a

Question 31

Which of the following cryptographic functions encrypts and decrypts data using a single key?

Answer 31

a

Question 32

Which of the following phases of the penetration testing process includes conducting reconnaissance using open source intelligence (OSINT) tools, running network scans to identify live hosts and launching exploits to take advantage of any vulnerabilities which are discovered?

Answer 32

a

Question 33

When Alice sends an encrypted file to Bob so that only Bob can decrypt the file, Alice will encrypt the file using?

Answer 33

a

Question 34

Joseph Waterman is the IT Manager at Chocolli Engineering and has been asked by his senior leadership to implement an Information Security Management Program for the company. To help get started, he has chosen to base their ISMP off of the Critical Security Controls. According to the Critical Security Controls, which security control will have the least impact in securing an organization and would be the last for Joseph to implement?

Answer 34

Penetration tests

Question 35

Which of the following cryptographic techniques is used to protect passwords?

Answer 35

Hashing

Question 36

Which aspect of cyber security would be implemented if you needed to ensure that someone performed a specific action on the company network?

Answer 36

Non-repudiation

Question 37

Jennifer wants to upload a file to a server on the Internet, but wants to ensure that the network traffic is encrypted for security purposes. Which of the following application protocols is encrypted and would be appropriate for her to use?

Answer 37

HTTPS

Question 38

An attacker is able to infect one of your company’s Windows workstations with malware. Through further analysis, it is determined that this malware used built in Powershell commands to attack other hosts on the network and steal sensitive data while providing the attacker with complete administrator access to the system. What type of malware would this specifically be referred to as?

Choose the most appropriate answer.

Answer 38

rootkit

Question 39

A malicious party that has control over millions of infected computers at one time is referred to as a…?

Answer 39

bot herder

Question 40

Availability is the most overlooked aspect of C-I-A in organizations today.

Answer 40

True