Quiz Summary
0 of 95 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 95 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the practice exam, but hey, you have unlimited access.😎
Practise makes you perfect! 👊 -
Congratulations! 🥳
You have passed the practice exam successfully! You are one step closer to pass the real exam!
We hope to see you again on another certification path.✌️
Good luck with the exam! Stay strong.👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 95
1. Question
In a software development project, the team has identified several potential risks related to security, cost, and schedule. After evaluating each risk, the team has determined that the risk of a security breach has the highest impact on the project. However, mitigating this risk requires significant additional resources, which may affect the project’s schedule and budget. What is the BEST approach for the team to take?
CorrectIncorrect -
Question 2 of 95
2. Question
During a systems assessment, an organization identifies multiple vulnerabilities in its network infrastructure. Which of the following is the BEST approach to address the identified vulnerabilities?
CorrectIncorrect -
Question 3 of 95
3. Question
A company is evaluating the risk of a potential data breach. They have identified several possible attack vectors and have assigned likelihood scores to each. The company now needs to calculate the probability of a data breach occurring. What method should they use?
CorrectIncorrect -
Question 4 of 95
4. Question
A company has hired a red team to test the effectiveness of its security controls. The red team successfully gained access to sensitive data by exploiting a vulnerability in the company’s network. What should be the next step taken by the company?
CorrectIncorrect -
Question 5 of 95
5. Question
A company wants to improve its security posture by conducting a blue team exercise. Which of the following activities is typically performed by the blue team?
CorrectIncorrect -
Question 6 of 95
6. Question
In a white team exercise, what is the primary responsibility of the white team?
CorrectIncorrect -
Question 7 of 95
7. Question
A large corporation is preparing for a potential cyber attack and wants to conduct a simulated exercise to test its incident response plan. The management team is concerned about potential damage to their reputation and financial losses. What type of training and exercise would be most appropriate for this situation?
CorrectIncorrect -
Question 8 of 95
8. Question
Which of the following is a benefit of using a risk-based framework for security?
CorrectIncorrect -
Question 9 of 95
9. Question
A company recently implemented a new code of conduct policy for its employees. Which of the following is the primary objective of this policy?
CorrectIncorrect -
Question 10 of 95
10. Question
A company has experienced several security incidents recently, and it has been determined that weak passwords are the cause of most of these incidents. The company wants to implement a new password policy to ensure stronger passwords. Which of the following should be included in the policy?
CorrectIncorrect -
Question 11 of 95
11. Question
ABC company recently implemented an Acceptable Use Policy (AUP) to regulate the use of company resources by employees. However, some employees are still using company computers for personal activities during work hours, violating the AUP. Which of the following is the BEST course of action for the company to take?
CorrectIncorrect -
Question 12 of 95
12. Question
A company has recently implemented a new security system to protect its network and data from unauthorized access. The security team has created a policy for continuous monitoring of the system. What is the main purpose of the continuous monitoring policy?
CorrectIncorrect -
Question 13 of 95
13. Question
A company is conducting a review of its data retention policy. The policy currently states that all data must be retained for a minimum of five years. However, the company has recently been receiving complaints from customers who are concerned about their personal data being stored for such a long period of time. What should the company do to address these concerns?
CorrectIncorrect -
Question 14 of 95
14. Question
An organization is implementing a new security control to prevent unauthorized access to its systems. The control involves requiring all employees to authenticate using a smart card before accessing any system. Which type of control does this represent?
CorrectIncorrect -
Question 15 of 95
15. Question
In which of the following situations would managerial control be the most effective?
CorrectIncorrect -
Question 16 of 95
16. Question
A company has implemented a security control that requires users to change their passwords every 90 days. What type of control is this?
CorrectIncorrect -
Question 17 of 95
17. Question
A company is concerned about insider threats and wants to implement controls that will detect any malicious activity. Which of the following is an example of a detective control?
CorrectIncorrect -
Question 18 of 95
18. Question
In a compliance audit, which of the following is the primary focus of the auditor?
CorrectIncorrect -
Question 19 of 95
19. Question
A company is required to comply with a new data privacy regulation. What is the best approach to ensure regulatory compliance?
CorrectIncorrect -
Question 20 of 95
20. Question
A company has recently identified a vulnerability in its software that could potentially result in unauthorized access to sensitive customer data. The IT department has remediated the vulnerability but the management team wants to ensure that all stakeholders are informed of the situation. Which of the following is the MOST appropriate method to communicate this risk factor to the stakeholders?
CorrectIncorrect -
Question 21 of 95
21. Question
A company’s IT department is performing a risk assessment on its network infrastructure. During the process of identifying potential threats, they realize that their network perimeter security is weak and vulnerable to external attacks. Which of the following is the most appropriate risk identification process that the IT department should use to mitigate this risk?
CorrectIncorrect -
Question 22 of 95
22. Question
In conducting a business impact analysis (BIA), which of the following is the primary goal?
CorrectIncorrect -
Question 23 of 95
23. Question
A company handles sensitive customer data that needs to be protected. They want to implement a security measure that replaces sensitive data with a unique identifier while maintaining the data’s functionality. Which technical control should they implement?
CorrectIncorrect -
Question 24 of 95
24. Question
A company wants to protect its digital media content from illegal copying and distribution. Which technical control can they implement to prevent piracy of their media content?
CorrectIncorrect -
Question 25 of 95
25. Question
In a software development company, developers have access to sensitive customer data for testing purposes. The company wants to ensure that the developers cannot view or manipulate the actual data while still being able to perform testing. Which technical control can be implemented to address this concern?
CorrectIncorrect -
Question 26 of 95
26. Question
A healthcare organization needs to share patient data with a research organization to conduct a study. The healthcare organization wants to protect the privacy of the patients and comply with HIPAA regulations. Which technical control would be MOST appropriate to use in this scenario?
CorrectIncorrect -
Question 27 of 95
27. Question
A company stores sensitive customer data on its servers, which are accessible to multiple employees. The company wants to ensure the data is protected in transit and at rest. Which technical control should the company implement?
CorrectIncorrect -
Question 28 of 95
28. Question
An organization is concerned about unauthorized access to sensitive data stored on its file servers. Which of the following technical controls can help mitigate this risk?
CorrectIncorrect -
Question 29 of 95
29. Question
An organization is outsourcing a project to a third-party vendor. The vendor will have access to the organization’s confidential data during the project. Which of the following non-technical controls should be implemented to protect the organization’s data privacy and confidentiality?
CorrectIncorrect -
Question 30 of 95
30. Question
A company hires a contractor to develop a new software application. The company has sensitive intellectual property that it wants to protect from being shared or stolen. Which non-technical control is BEST suited to protect the company’s sensitive intellectual property?
CorrectIncorrect -
Question 31 of 95
31. Question
An organization is working on a project that involves collecting sensitive information from customers. The project team wants to ensure that the collected data is protected from unauthorized access, but they are also concerned about data minimization. Which of the following actions would best align with data minimization principles while still providing adequate security for the data?
CorrectIncorrect -
Question 32 of 95
32. Question
A company is preparing to implement a new customer relationship management (CRM) system that will collect and store customer information. The management team is concerned about the potential privacy implications of this new system and wants to ensure that data minimization principles are followed. Which of the following actions should the company take to implement data minimization controls?
CorrectIncorrect -
Question 33 of 95
33. Question
A company based in Country A has a subsidiary in Country B. The company stores its data on servers located in Country A, but the subsidiary in Country B requires access to some of the data for its business operations. Which non-technical control should the company implement to ensure compliance with data sovereignty regulations?
CorrectIncorrect -
Question 34 of 95
34. Question
A multinational company has operations in multiple countries and regions across the world. The company is required to comply with various data privacy regulations and laws in each country they operate. Which of the following non-technical control ensures that the data of each country remains in that country and is protected according to the laws of that country?
CorrectIncorrect -
Question 35 of 95
35. Question
A government agency holds classified information related to national security. The agency wants to ensure that this information is protected from unauthorized access and disclosure. Which non-technical control would be MOST effective in this scenario?
CorrectIncorrect -
Question 36 of 95
36. Question
A company stores the personal data of its customers, including their name, address, and credit card information. A hacker has gained access to this information and is now threatening to release it online unless the company pays a ransom. The company wants to ensure that they comply with legal requirements related to data privacy and protection. Which non-technical control would be MOST effective in this scenario?
CorrectIncorrect -
Question 37 of 95
37. Question
A company handles sensitive customer data, including names, addresses, and social security numbers. What non-technical control can the company implement to ensure the confidentiality of this data?
CorrectIncorrect -
Question 38 of 95
38. Question
An employee receives an email from a colleague containing sensitive information about a new product release. The employee suspects that the email was accidentally sent to them and was not intended for their eyes. What non-technical control can the employee implement to ensure confidentiality of this information?
CorrectIncorrect -
Question 39 of 95
39. Question
A company has a retention policy that states that all employee records must be retained for 5 years. However, an employee was terminated and their records were deleted after only 3 years. The company could potentially face legal action from the employee. Which of the following is the BEST non-technical control to prevent this from happening again?
CorrectIncorrect -
Question 40 of 95
40. Question
A hospital stores sensitive patient information, including medical records and billing information. Which of the following is the best non-technical control to ensure the privacy and protection of this information?
CorrectIncorrect -
Question 41 of 95
41. Question
You are tasked with acquiring data from a USB drive that may have been used in a cyber attack. Which of the following steps should you take FIRST before acquiring the data?
CorrectIncorrect -
Question 42 of 95
42. Question
During a digital forensic investigation, you come across a damaged hard drive that may contain evidence relevant to the case. You decide to use carving to recover any files that may still be intact. Which of the following is a correct statement about carving?
CorrectIncorrect -
Question 43 of 95
43. Question
During an investigation, a forensic analyst needs to ensure the integrity of the collected data. Which of the following techniques can be used to achieve this goal?
CorrectIncorrect -
Question 44 of 95
44. Question
A company’s security team has been alerted to a potential security incident involving an employee who may have been involved in unauthorized activities. What digital forensics technique should the security team utilize to investigate the incident’s procedures?
CorrectIncorrect -
Question 45 of 95
45. Question
A company is being sued by a former employee for wrongful termination. The company is under a legal obligation to preserve all relevant digital data for the duration of the lawsuit. Which of the following digital forensics techniques should the company utilize to comply with this legal hold?
CorrectIncorrect -
Question 46 of 95
46. Question
A law enforcement agency has seized a suspect’s laptop during a raid. The laptop is believed to contain evidence related to a cybercrime investigation. What digital forensics technique should the agency utilize to preserve the data on the laptop?
CorrectIncorrect -
Question 47 of 95
47. Question
A company has a virtualized environment that runs multiple virtual machines (VMs) on a single physical server. The IT department receives an alert that one of the VMs has been communicating with a known malicious IP address. The IT department decides to investigate the virtual machine’s network traffic to identify any indicators of compromise. Which digital forensics technique is being used here?
CorrectIncorrect -
Question 48 of 95
48. Question
A company uses a cloud-based storage solution to store sensitive customer data. The IT team receives an alert that unauthorized access was attempted. You are tasked with investigating the incident using basic digital forensics techniques. Which of the following techniques is the MOST appropriate for this scenario?
CorrectIncorrect -
Question 49 of 95
49. Question
A company’s security team is investigating an incident involving a lost company-owned smartphone that contains sensitive company data. The team wants to recover any data that may be present on the device. Which of the following digital forensic techniques is MOST appropriate in this scenario?
CorrectIncorrect -
Question 50 of 95
50. Question
During a forensic investigation, you suspect that a malware infection has occurred on an endpoint. Which of the following memory analysis techniques would be most useful in this scenario?
CorrectIncorrect -
Question 51 of 95
51. Question
In investigating a suspected data breach on an endpoint, a digital forensics analyst uses a disk imaging tool to make a copy of the hard drive. What is the primary advantage of this technique in the investigation process?
CorrectIncorrect -
Question 52 of 95
52. Question
You suspect that an attacker is trying to use a network vulnerability to gain unauthorized access to your organization’s database server. Which tcpdump command option would be most useful in capturing traffic related to this activity?
CorrectIncorrect -
Question 53 of 95
53. Question
In response to a security incident, you have been tasked with capturing network traffic on your organization’s web server. Which of the following tcpdump command options will capture traffic for all network interfaces?
CorrectIncorrect -
Question 54 of 95
54. Question
In an incident response investigation, you are tasked with capturing network traffic to determine the source of a suspected attack. Which of the following commands should you use to capture and analyze network traffic in real-time using tcpdump?
CorrectIncorrect -
Question 55 of 95
55. Question
You suspect that a host on your network has been infected with malware, and you need to capture the network traffic to analyze it for any unusual or malicious activity. Which of the following tcpdump commands should you use to capture all network traffic to and from the host?
CorrectIncorrect -
Question 56 of 95
56. Question
You work as a security analyst for a large corporation. You receive a report that one of the company’s servers has been compromised. You have physical access to the server and want to perform a packet capture using Wireshark to identify potential malicious traffic. Which of the following is the MOST appropriate way to capture network traffic in this scenario?
CorrectIncorrect -
Question 57 of 95
57. Question
A company is investigating a suspected data exfiltration incident. The incident response team has decided to use Wireshark to capture network traffic and analyze it for any signs of unauthorized data transfer. While analyzing the packet capture, they notice several packets containing sensitive information that are being sent to an external IP address. What could be a possible course of action in this scenario?
CorrectIncorrect -
Question 58 of 95
58. Question
You are a network analyst working for a financial services firm. You have been asked to investigate suspicious network activity that may be related to a data breach. You suspect that a particular workstation may be the source of the activity. Which of the following would be the MOST appropriate use of Wireshark in this situation?
CorrectIncorrect -
Question 59 of 95
59. Question
A company’s IT team receives a report from an employee about a suspicious email they received that contained a link to a website. Upon investigation, the IT team discovers that the website contained malware that was designed to steal login credentials. Further analysis reveals that several new user accounts were created on the company’s server around the same time the email was received. What is the MOST likely indicator of compromise (IoC) in this scenario?
CorrectIncorrect -
Question 60 of 95
60. Question
A company’s financial application is behaving strangely. Transactions are taking much longer than usual to complete, and the system is generating unusual error messages. Upon investigation, the security analyst discovers that the system is processing a large number of transactions from an unexpected IP address. What potential indicator of compromise does this scenario describe?
CorrectIncorrect -
Question 61 of 95
61. Question
During a routine security check, an analyst discovers a scheduled task on a Windows server that they don’t recognize. The task is set to run a script every night at midnight. What is the potential indicator of compromise?
CorrectIncorrect -
Question 62 of 95
62. Question
A company’s server admin noticed unusual activity on a file server. Upon investigation, they discovered that some files had been accessed and modified without authorization. Which of the following could be a potential indicator of compromise related to file system changes or anomalies?
CorrectIncorrect -
Question 63 of 95
63. Question
A company’s security analyst noticed that a file on a user’s computer had been modified and renamed with a .exe extension. Upon further investigation, it was discovered that the file was a malicious software that was sending sensitive data to an external server. Which of the following could be a potential indicator of compromise related to file system changes or anomalies?
CorrectIncorrect -
Question 64 of 95
64. Question
You are examining a Linux server that has been experiencing unusual activity. Upon further investigation, you find that the crontab has been modified to run a suspicious process every minute. Additionally, the process is running with root privileges. What is a potential indicator of compromise in this scenario?
CorrectIncorrect -
Question 65 of 95
65. Question
An organization’s security team discovers a suspicious process running on an employee’s computer. The process was found to have elevated privileges and was using network resources to communicate with a command and control server. Which of the following is the MOST likely explanation for this indicator of compromise?
CorrectIncorrect -
Question 66 of 95
66. Question
During a routine security audit, an administrator notices that a new user account has been created with full administrative privileges on a critical server. The account was not requested or authorized by anyone in the organization. Which of the following is the MOST likely explanation for this indicator of compromise?
CorrectIncorrect -
Question 67 of 95
67. Question
A security analyst is reviewing logs from a company’s endpoint protection system and notices that a user has installed a software package that is not included in the list of approved applications. The software was installed using an administrator account, but the user did not notify the IT department or follow proper procedures for software installation. Which of the following BEST describes the potential indicator of compromise in this scenario?
CorrectIncorrect -
Question 68 of 95
68. Question
During a routine security audit, you notice a process running on a critical server that you do not recognize. Upon further investigation, you find that the process has been running for several weeks and is using a significant amount of resources. Which of the following is the MOST likely indicator of compromise in this scenario?
CorrectIncorrect -
Question 69 of 95
69. Question
You are analyzing the memory usage of a workstation and notice that the system’s available memory has been decreasing steadily over the past few hours. What could be the potential indicator of compromise?
CorrectIncorrect -
Question 70 of 95
70. Question
A security analyst notices that the available storage space on a server has decreased significantly over the past few days. The server hosts sensitive data and it’s crucial to identify the cause of the problem. After investigating, the analyst finds that the server’s logs show a large number of file access requests that started around the time the storage space began decreasing. What potential indicator of compromise does this scenario suggest?
CorrectIncorrect -
Question 71 of 95
71. Question
During a routine scan, a security analyst notices that one of the company’s web servers is consuming an abnormally high amount of memory. The server hosts a web application that has been known to have vulnerabilities in the past. The analyst suspects that the server may have been compromised. Which of the following is the MOST likely cause of the high memory consumption on the web server?
CorrectIncorrect -
Question 72 of 95
72. Question
An organization’s IT team receives an alert that a workstation is consuming an unusually high amount of memory. The workstation is used by a user in the finance department and contains sensitive financial information. The IT team suspects that the workstation may be compromised. Which of the following could be a potential indicator of compromise related to the workstation’s memory consumption?
CorrectIncorrect -
Question 73 of 95
73. Question
An employee reports that their workstation is running very slow and freezing frequently. The security team investigates and finds that the processor consumption on the workstation is unusually high. Which of the following is the MOST likely indicator of compromise?
CorrectIncorrect -
Question 74 of 95
74. Question
A security analyst is investigating a potential compromise on a server in the corporate network. Upon review of the server logs, the analyst notices a significant spike in processor consumption over the past few days. Which of the following is the MOST likely indicator of compromise?
CorrectIncorrect -
Question 75 of 95
75. Question
A security analyst notices a sudden increase in network traffic on a specific port. Upon further investigation, they discover that the traffic is coming from an external IP address and is targeting a specific internal host. What could be the potential indicator of compromise?
CorrectIncorrect -
Question 76 of 95
76. Question
A company has a strict policy that only authorized devices are allowed on the network. A network administrator has discovered an unauthorized device on the network and suspects it could be a rogue device. Which of the following would be an indicator of a rogue device on the network?
CorrectIncorrect -
Question 77 of 95
77. Question
A security analyst has noticed suspicious network activity in which an unknown device is communicating with a few other devices on the network. Further investigation reveals that the device has been connected to the network without the knowledge of the IT team. What is the potential indicator of compromise in this scenario?
CorrectIncorrect -
Question 78 of 95
78. Question
A security analyst is monitoring network traffic and notices a significant amount of data being transferred between two endpoints on the network that typically do not communicate with each other. The communication occurs at irregular intervals and is encrypted. What is a potential indicator of compromise?
CorrectIncorrect -
Question 79 of 95
79. Question
A security analyst notices unusual network activity on the organization’s network. The analyst reviews network traffic and identifies a high number of small, periodic communications between an internal host and an external IP address. This communication pattern has persisted for several days. What indicator of compromise does this behavior suggest?
CorrectIncorrect -
Question 80 of 95
80. Question
A company is experiencing slow network performance and increased latency. During the investigation, the security team identifies an unusually high amount of data being transmitted to a specific IP address. Which of the following is the MOST likely indicator of compromise?
CorrectIncorrect -
Question 81 of 95
81. Question
A security analyst notices a sudden increase in network bandwidth usage, which is unusual for this time of day. Upon further investigation, the analyst discovers that a large number of machines are communicating with an external IP address that is not associated with any authorized business activity. Which of the following is the most likely indicator of compromise?
CorrectIncorrect -
Question 82 of 95
82. Question
During post-incident activities, what is the purpose of monitoring the network?
CorrectIncorrect -
Question 83 of 95
83. Question
What is the main benefit of implementing continuous monitoring during post-incident activities?
CorrectIncorrect -
Question 84 of 95
84. Question
A company recently experienced a data breach that exposed customer data. The incident response team has successfully contained the breach, and the next step is to perform post-incident activities. What is the appropriate step for generating IoCs?
CorrectIncorrect -
Question 85 of 95
85. Question
A company’s network was recently breached, and the incident response team has contained the threat and removed the malicious files. What should be the next step in the post-incident activity?
CorrectIncorrect -
Question 86 of 95
86. Question
During an incident response investigation, a security analyst has completed containment, eradication, and recovery procedures. What is the appropriate post-incident activity that the analyst should perform NEXT?
CorrectIncorrect -
Question 87 of 95
87. Question
After resolving a security incident, a security team has identified several areas for improvement in their incident response process. What is the appropriate post-incident activity for the team to perform NEXT?
CorrectIncorrect -
Question 88 of 95
88. Question
After successfully mitigating a ransomware attack, an incident response team has identified areas in their incident response plan that could be improved to prevent future incidents. What should be the NEXT step in their incident response procedure?
CorrectIncorrect -
Question 89 of 95
89. Question
In the aftermath of a data breach incident, an organization’s incident response team realizes that its current incident response plan does not address some of the newly discovered attack vectors. What should be the NEXT step in their incident response procedure?
CorrectIncorrect -
Question 90 of 95
90. Question
A company’s incident response team has just completed its investigation of a data breach that occurred due to a vulnerability in its software. The team has determined that the software needs to be patched to prevent future incidents. What is the appropriate post-incident activity that should be carried out to ensure the software is properly updated?
CorrectIncorrect -
Question 91 of 95
91. Question
In threat modeling, what does the term “attack vector” refer to?
CorrectIncorrect -
Question 92 of 95
92. Question
In a threat modeling exercise, a security analyst is asked to identify the total attack surface of a new web application. Which of the following would be the most important factor to consider?
CorrectIncorrect -
Question 93 of 95
93. Question
In a threat modeling exercise, which of the following best describes the ‘total attack surface’?
CorrectIncorrect -
Question 94 of 95
94. Question
A company has identified its critical assets and potential attack vectors. What additional steps should the company take to improve its threat modeling and prepare for potential attacks?
CorrectIncorrect -
Question 95 of 95
95. Question
A security team has received an alert that a new vulnerability has been discovered in a commonly used software application. The team is responsible for prioritizing the patching of vulnerabilities based on the risk they pose to the organization. Which CVSS metric would be most relevant in this scenario?
CorrectIncorrect