Quiz Summary
0 of 95 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 95 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the practice exam, but hey, you have unlimited access.😎
Practise makes you perfect! 👊 -
Congratulations! 🥳
You have passed the practice exam successfully! You are one step closer to pass the real exam!
We hope to see you again on another certification path.✌️
Good luck with the exam! Stay strong.👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 95
1. Question
A company has recently experienced a data breach and the incident response team has identified that the root cause was a misconfiguration of access controls. The team has determined that a change control process needs to be implemented to prevent similar incidents from occurring. What is the appropriate post-incident activity that should be carried out to implement the change control process?
CorrectIncorrect -
Question 2 of 95
2. Question
A company recently experienced a security breach, and the incident response team successfully contained the breach and recovered from the incident. As part of the post-incident activities, the incident response team wants to create a lessons-learned report to improve their incident response process in the future. Which of the following steps should they take FIRST in creating the report?
CorrectIncorrect -
Question 3 of 95
3. Question
A company experienced a data breach that compromised sensitive customer information, and the incident response team successfully contained and recovered from the breach. As part of the post-incident activities, the incident response team wants to create a lessons-learned report. Which of the following is the primary goal of the lessons learned report?
CorrectIncorrect -
Question 4 of 95
4. Question
A company’s system administrator has identified a suspicious file on a server that was previously compromised by a hacker. The system administrator has removed the file from the server and is now required to retain the evidence for further analysis. Which of the following is the appropriate incident response procedure in this situation?
CorrectIncorrect -
Question 5 of 95
5. Question
A company has suffered a data breach in which sensitive customer information was stolen. The incident response team has completed its investigation, and they need to decide how to handle the evidence that was collected. What should they do with the evidence?
CorrectIncorrect -
Question 6 of 95
6. Question
A security incident occurred in an organization, and the incident response team successfully eradicated the threat. What is the NEXT appropriate step in the incident response process?
CorrectIncorrect -
Question 7 of 95
7. Question
A company’s website has been hit by a DDoS attack, causing it to go offline. Which of the following incident response procedures is most appropriate for restoring the company’s website?
CorrectIncorrect -
Question 8 of 95
8. Question
A company’s database has been compromised, resulting in the theft of customer data. Which of the following incident response procedures is MOST appropriate for restoring the company’s customer trust?
CorrectIncorrect -
Question 9 of 95
9. Question
A company’s database has been infected with ransomware, and the incident response team has decided to reconstitute the resources. What should the team do before restoring the data from backups?
CorrectIncorrect -
Question 10 of 95
10. Question
In an organization, a malware attack has caused significant damage to the system, and the incident response team has decided to reconstitute the resources. What should the team do FIRST in the reconstitution process?
CorrectIncorrect -
Question 11 of 95
11. Question
A company’s database has been breached, and the attackers have gained access to sensitive data. The incident response team has successfully contained the attack and identified the vulnerabilities that allowed the breach to occur. What is the appropriate next step in the eradication and recovery process?
CorrectIncorrect -
Question 12 of 95
12. Question
A company’s security team has identified a vulnerability in their accounting software that could allow an attacker to gain unauthorized access to sensitive financial data. The team has decided to patch the vulnerability to prevent exploitation. What is the MOST appropriate course of action for the team in terms of patching?
CorrectIncorrect -
Question 13 of 95
13. Question
A company has just suffered a data breach that exploited a vulnerability in their web server software. The incident response team has successfully contained the breach and is now focused on eradicating the threat. What is the MOST appropriate course of action for the team in terms of patching?
CorrectIncorrect -
Question 14 of 95
14. Question
A company’s server has been infected with ransomware, and the incident response team has determined that the best course of action is to replace the infected server. What is the appropriate incident response procedure in this situation?
CorrectIncorrect -
Question 15 of 95
15. Question
A company has suffered a ransomware attack that has impacted several of its critical systems. The incident response team has successfully contained the malware, but the systems are unusable and the data has been encrypted. Which of the following is the appropriate response procedure for this scenario?
CorrectIncorrect -
Question 16 of 95
16. Question
A company recently suffered a data breach that resulted in the exposure of sensitive customer information. The incident response team has determined that some of the compromised data needs to be securely disposed of to prevent any further damage. What is the appropriate incident response procedure in this situation?
CorrectIncorrect -
Question 17 of 95
17. Question
A company has discovered that an employee had installed unauthorized software on a company computer, which resulted in a malware infection that spread to multiple devices. The incident response team has determined that the infected devices must be sanitized to prevent any further damage. What should be the appropriate incident response procedure to follow for sanitization?
CorrectIncorrect -
Question 18 of 95
18. Question
A security analyst discovered a critical vulnerability in a network device and reported it to the vendor. The vendor released a patch to address the vulnerability, but the security analyst noticed that not all devices in the network were updated. Which of the following is the MOST appropriate incident response procedure to mitigate the vulnerability?
CorrectIncorrect -
Question 19 of 95
19. Question
A company discovered that an employee downloaded a malicious file from a phishing email that was sent to their work email account. The employee’s computer was infected, and there is a risk that the malware has spread to other systems in the network. Which of the following is the MOST appropriate incident response procedure to mitigate the vulnerability?
CorrectIncorrect -
Question 20 of 95
20. Question
A cybersecurity analyst at a financial institution has detected suspicious activity on a server that contains sensitive customer data. The analyst has determined that the server has been compromised and wants to prevent the attacker from accessing other systems on the network. Which of the following incident response procedures should the analyst apply to contain the incident?
CorrectIncorrect -
Question 21 of 95
21. Question
A cybersecurity team at a manufacturing company has detected a malware infection on a critical system used in the production process. The team has determined that the malware is spreading to other systems on the network and wants to prevent it from causing further damage. Which of the following incident response procedures should the team apply to contain the incident?
CorrectIncorrect -
Question 22 of 95
22. Question
A company’s security team has detected multiple alerts related to a possible data breach, including suspicious login attempts, unauthorized file access, and unusual network traffic. Which of the following techniques can be used to correlate these events and identify the root cause of the breach?
CorrectIncorrect -
Question 23 of 95
23. Question
A company has recently experienced a data breach, and the security team has been tasked with identifying the root cause of the breach. During the investigation, the team discovers that the attackers used a technique to reverse engineer the company’s software and identify vulnerabilities. Which of the following detection and analysis methods would be MOST appropriate to use in this scenario?
CorrectIncorrect -
Question 24 of 95
24. Question
A company has experienced a ransomware attack that has impacted its financial system, resulting in a loss of funds. Which of the following is the MOST appropriate response procedure for detecting and analyzing the incident?
CorrectIncorrect -
Question 25 of 95
25. Question
A healthcare organization has discovered that some of its patient data have been modified without authorization. Which of the following is the most important step in maintaining data integrity during the incident response process?
CorrectIncorrect -
Question 26 of 95
26. Question
A company has detected that its financial data has been tampered with. Which of the following incident response procedures should be followed to ensure data integrity?
CorrectIncorrect -
Question 27 of 95
27. Question
In the aftermath of a cyber attack, the incident response team discovered that the organization’s critical systems had been impacted, and the recovery time was estimated to be several days. Which of the following steps should be taken FIRST in this situation?
CorrectIncorrect -
Question 28 of 95
28. Question
A manufacturing company experienced a ransomware attack, which caused significant delays in its production process. The incident response team discovered that the recovery time was longer than expected. Which of the following would be the MOST appropriate action to take in this situation?
CorrectIncorrect -
Question 29 of 95
29. Question
A company’s critical business application is down, causing significant financial losses. The incident response team has been activated, and they need to determine the cause of the downtime. What incident response procedure should the team follow?
CorrectIncorrect -
Question 30 of 95
30. Question
A company’s website has been defaced by an unknown attacker, and the incident response team has been activated. The team needs to determine the extent of the attack and identify any data breaches. What incident response procedure should the team follow?
CorrectIncorrect -
Question 31 of 95
31. Question
An organization has identified a suspicious file transfer from one of its internal servers to an external IP address. Upon analyzing the transfer, it was found that the file contained sensitive information. Which of the following characteristics would contribute to the criticality of this incident?
CorrectIncorrect -
Question 32 of 95
32. Question
A company has noticed unusual activity on its network and has determined that an unauthorized user gained access to their system. The user was able to access sensitive data and exfiltrate it to an external IP address. Which of the following characteristics would contribute to the urgency of this incident?
CorrectIncorrect -
Question 33 of 95
33. Question
A security analyst is reviewing incident response procedures for a company and notices that there is no documentation of the procedures in place. What should the analyst recommend to improve the incident response process?
CorrectIncorrect -
Question 34 of 95
34. Question
A company has a documented incident response plan in place, but it has not been updated in several years. What should the incident response team do to ensure that the plan is effective in the event of an incident?
CorrectIncorrect -
Question 35 of 95
35. Question
A company regularly conducts tabletop exercises to test its incident response plan. During one such exercise, the team discovered that their contact list of emergency responders was outdated, leading to a delay in response time. Which of the following is the MOST appropriate action for the team to take based on this scenario?
CorrectIncorrect -
Question 36 of 95
36. Question
A company has conducted a penetration test to evaluate the security of its network. The test revealed several vulnerabilities that could potentially lead to a data breach. Which of the following is the MOST appropriate action for the incident response team to take based on this scenario?
CorrectIncorrect -
Question 37 of 95
37. Question
A company has just implemented a new incident response plan and needs to train employees on their roles and responsibilities. What type of training is most appropriate for this situation?
CorrectIncorrect -
Question 38 of 95
38. Question
In a security incident, a security analyst discovered that a phishing email was the cause of the breach. The analyst notified the security team, and they quickly isolated the affected systems. What should the security team do next?
CorrectIncorrect -
Question 39 of 95
39. Question
A data breach has occurred in a company, compromising its corporate financial data. The incident response team is activated. Which of the following is the MOST important factor that contributes to the criticality of this data?
CorrectIncorrect -
Question 40 of 95
40. Question
A cyberattack has targeted a company’s intellectual property, including trade secrets and patents. The incident response team is activated. Which of the following is the most important factor that contributes to the criticality of this data?
CorrectIncorrect -
Question 41 of 95
41. Question
A cyber attack has been detected in a company that deals with the research and development of new products. During the attack, the attackers were able to access the company’s database that stores all the research and development data. Which of the following factors contributes to the criticality of this data breach?
CorrectIncorrect -
Question 42 of 95
42. Question
A financial institution suffered a data breach in which the attackers gained access to the company’s financial records and customer data. The financial records included details about investments, transactions, and account balances, while the customer data included personally identifiable information (PII) and sensitive financial information. Which of the following factors contributes to the criticality of this data breach?
CorrectIncorrect -
Question 43 of 95
43. Question
A financial institution has experienced a data breach where the attacker gained access to their database containing customer information, including credit card numbers, social security numbers, and financial transactions. What is the primary factor contributing to the criticality of this data?
CorrectIncorrect -
Question 44 of 95
44. Question
A financial company has suffered a ransomware attack, and the attacker has encrypted their customers’ financial data. Which of the following factors contributes to the criticality of this incident?
CorrectIncorrect -
Question 45 of 95
45. Question
A government agency’s network stores classified information related to national security. What factor contributes to the criticality of this data in the incident response process?
CorrectIncorrect -
Question 46 of 95
46. Question
A company stores a variety of data about its clients, including names, addresses, social security numbers, and credit card information. However, some of the data they store is considered to be sensitive personal information (SPI). What should be the company’s priority in its incident response plan?
CorrectIncorrect -
Question 47 of 95
47. Question
A hospital’s database containing medical records of patients has been breached, including sensitive personal information (SPI) such as medical history, insurance details, and social security numbers. What should be the priority in their incident response plan?
CorrectIncorrect -
Question 48 of 95
48. Question
A healthcare provider’s database has been breached, potentially exposing the personal health information (PHI) of thousands of patients. The incident response team has been activated and is reviewing the criticality of the data. Which of the following best describes the importance of PHI in this incident response process?
CorrectIncorrect -
Question 49 of 95
49. Question
In a healthcare organization, an incident response team is investigating a breach that may have exposed patients’ personal health information (PHI). Which of the following best describes why PHI is considered critical data in incident response?
CorrectIncorrect -
Question 50 of 95
50. Question
A financial institution is investigating a security incident in which a customer’s personally identifiable information (PII) was compromised. Which of the following best describes why PII is considered critical data in incident response?
CorrectIncorrect -
Question 51 of 95
51. Question
A company has identified a data breach involving the theft of customer data, including names, addresses, phone numbers, and social security numbers. The incident response team is determining the criticality of the data that was compromised. Which of the following factors is contributing to the data criticality?
CorrectIncorrect -
Question 52 of 95
52. Question
A hospital has experienced a breach of patient data, including medical history, diagnoses, and social security numbers. The incident response team is assessing the criticality of the data that was compromised. Which of the following factors is contributing to the data criticality?
CorrectIncorrect -
Question 53 of 95
53. Question
A company’s security team recently discovered a data breach that potentially compromised sensitive customer information. The team is now working on a plan to coordinate the response with regulatory bodies. What is the main reason for coordinating with regulatory bodies in this situation?
CorrectIncorrect -
Question 54 of 95
54. Question
A company’s security team recently detected an advanced persistent threat (APT) that has been present on the network for several months. The team is now working on a plan to coordinate the response with regulatory bodies. What is the main reason for coordinating with regulatory bodies in this situation?
CorrectIncorrect -
Question 55 of 95
55. Question
An organization has just discovered that its network has been breached, and sensitive data has been compromised. The incident response team has been activated, and one of their first steps is to coordinate with law enforcement to assist with the investigation. What is the importance of coordinating with law enforcement during the incident response process?
CorrectIncorrect -
Question 56 of 95
56. Question
A company has just experienced a major cyber attack, and the incident response team has been activated. The team is composed of members from different departments and areas within the organization, including IT, security, and operations. The incident response team leader has scheduled a meeting with senior leadership to provide an update on the situation and request additional resources. What is the importance of including senior leadership in the incident response process?
CorrectIncorrect -
Question 57 of 95
57. Question
An organization has recently implemented an IDS/IPS solution to monitor network traffic for potential security threats. During a routine log review, an analyst notices a large number of alerts related to a specific IP address. Which of the following actions should the analyst take FIRST to investigate this issue?
CorrectIncorrect -
Question 58 of 95
58. Question
A company’s security team is reviewing the firewall logs and notices that a large number of requests are being made to a particular website from multiple internal devices. They investigate the website and find that it is a phishing site that is trying to steal user credentials. Which of the following actions should the security team take in response to this finding?
CorrectIncorrect -
Question 59 of 95
59. Question
A security analyst is reviewing syslog data for a web server and notices multiple entries with the same IP address accessing the server. The analyst suspects a brute-force attack is occurring. Which of the following is the BEST course of action for the analyst to take?
CorrectIncorrect -
Question 60 of 95
60. Question
During a security investigation, you are asked to review the event logs for a Windows server. You notice a large number of failed logon attempts from various IP addresses over the past 24 hours. Which of the following is the MOST likely explanation for this activity?
CorrectIncorrect -
Question 61 of 95
61. Question
A security analyst is tasked with automating the process of patching vulnerabilities on a large number of systems. The analyst decides to use scripting to automate this process. Which of the following statements is true about scripting?
CorrectIncorrect -
Question 62 of 95
62. Question
A security team wants to automate the process of responding to security incidents by using scripting. Which of the following statements is true about scripting?
CorrectIncorrect -
Question 63 of 95
63. Question
A company wants to automate its software deployment process to speed up software releases and improve efficiency. Which of the following is a characteristic of continuous deployment?
CorrectIncorrect -
Question 64 of 95
64. Question
A software development team wants to implement a process where code changes are automatically tested and deployed to a staging environment for manual testing before being deployed to production. Which of the following BEST describes this process?
CorrectIncorrect -
Question 65 of 95
65. Question
A company wants to improve its software development process by incorporating automation techniques. They want to ensure that any new code added to their system is continuously tested to ensure it meets their security standards. Which automation concept would BEST fit their needs?
CorrectIncorrect -
Question 66 of 95
66. Question
A company wants to improve its software development process by implementing continuous integration. Which of the following is a benefit of this automation concept?
CorrectIncorrect -
Question 67 of 95
67. Question
In an effort to improve its threat detection capabilities, a company has decided to implement machine learning algorithms. Which of the following is an advantage of using machine learning for threat detection?
CorrectIncorrect -
Question 68 of 95
68. Question
A security analyst is evaluating the different automation technologies available for threat detection and response. Which of the following is a key advantage of using SOAR over other automation technologies?
CorrectIncorrect -
Question 69 of 95
69. Question
In an effort to enhance its security posture, a company subscribes to several threat intelligence feeds to keep up to date with emerging threats. The security team decides to use an automation tool to combine these feeds into a single threat feed to be used in their security monitoring processes. What technology or concept does this process involve?
CorrectIncorrect -
Question 70 of 95
70. Question
In a security operations center, an analyst noticed a suspicious IP address attempting to connect to a critical server. The analyst used an automated tool to enrich the IP address with additional information, including the reputation of the IP address, the associated domain name, and its geographic location. Which of the following statements BEST describes the purpose of data enrichment in this scenario?
CorrectIncorrect -
Question 71 of 95
71. Question
An organization wants to improve its threat hunting capabilities by automating the process of data enrichment. Which of the following automation concepts would be MOST useful in achieving this goal?
CorrectIncorrect -
Question 72 of 95
72. Question
In an effort to streamline its incident response processes, a company is considering automating the creation of malware signatures. Which of the following is an advantage of using automated malware signature creation?
CorrectIncorrect -
Question 73 of 95
73. Question
An organization has a large number of security tools from different vendors, and they are struggling to manage and coordinate their workflows. Which of the following automation technologies would be the MOST suitable for integrating these disparate tools?
CorrectIncorrect -
Question 74 of 95
74. Question
An organization has implemented a security information and event management (SIEM) solution to monitor its network. The security team wants to automate the process of analyzing logs generated by the SIEM and taking necessary actions. Which of the following scripting languages would be MOST suitable for this task?
CorrectIncorrect -
Question 75 of 95
75. Question
In an organization, the security team wants to automate the process of checking user passwords for complexity and age. Which of the following scripting languages would be the best choice for this task?
CorrectIncorrect -
Question 76 of 95
76. Question
A security analyst is looking for a way to automate the incident response process. Which of the following automation technologies would be BEST suited for this purpose?
CorrectIncorrect -
Question 77 of 95
77. Question
A security team is tasked with identifying and mitigating potential threats in an e-commerce organization. Which of the following actions is an example of using integrated intelligence to improve threat hunting?
CorrectIncorrect -
Question 78 of 95
78. Question
A security analyst is performing threat hunting for a company’s network and identifies a suspicious pattern of traffic going to an external IP address. Upon investigation, the analyst discovers that a group of employees unknowingly installed a third-party application that contained malware. Which of the following attack vectors is the MOST likely cause of this incident?
CorrectIncorrect -
Question 79 of 95
79. Question
A company has been experiencing repeated incidents of unauthorized access to its network resources. The security team has implemented several controls but has been unable to stop the attacks. After conducting threat hunting, they discover that the attackers are exploiting a vulnerability in an outdated software version that is still in use. Which of the following attack vectors is the MOST likely cause of this incident?
CorrectIncorrect -
Question 80 of 95
80. Question
A company is planning to deploy additional security controls to protect its critical assets. They have decided to bundle the assets together and implement various security measures to defend against potential threats. Which of the following is a potential benefit of bundling critical assets?
CorrectIncorrect -
Question 81 of 95
81. Question
A company’s security team is concerned about potential vulnerabilities in its network infrastructure. They suspect that there may be unnecessary services running on their servers that could be exploited by attackers. Which of the following is an effective threat hunting tactic to reduce the attack surface area in this scenario?
CorrectIncorrect -
Question 82 of 95
82. Question
In a threat hunting operation, a security analyst is using the tactic of “reconnaissance.” What is the analyst doing?
CorrectIncorrect -
Question 83 of 95
83. Question
A security analyst is using the tactic of “baiting” in a threat-hunting operation. What is the analyst doing?
CorrectIncorrect -
Question 84 of 95
84. Question
A company has experienced several cyber attacks in the past year and has decided to implement a proactive threat hunting program to detect and prevent future attacks. During the threat hunting process, the security team establishes a hypothesis that an insider threat is responsible for the attacks. What is the importance of establishing a hypothesis during proactive threat hunting in this scenario?
CorrectIncorrect -
Question 85 of 95
85. Question
A company has noticed an increase in suspicious activity on their network and suspects that they may have been breached. They decide to conduct proactive threat hunting to investigate the issue. During the investigation, the security team establishes a hypothesis that the breach was initiated through a phishing email. What is the importance of establishing a hypothesis during proactive threat hunting?
CorrectIncorrect -
Question 86 of 95
86. Question
A company is concerned about network security breaches caused by rogue devices being connected to the network. Which port security feature can be configured to disable a port if the switch detects a violation?
CorrectIncorrect -
Question 87 of 95
87. Question
A company wants to implement a new security control that can execute and analyze untrusted code in an isolated environment. Which of the following options would best suit this requirement?
CorrectIncorrect -
Question 88 of 95
88. Question
In a recent security audit, it was discovered that several endpoints in your organization are communicating with known malicious domains. To prevent further communication with these domains, which of the following configuration changes should you implement?
CorrectIncorrect -
Question 89 of 95
89. Question
A company’s security team is implementing Network Access Control (NAC) to improve security. Which of the following configuration changes would BEST improve security?
CorrectIncorrect -
Question 90 of 95
90. Question
An organization has identified that the majority of cyber attacks they have experienced are the result of employees clicking on malicious links in emails. The IT team has decided to implement an EDR solution to better protect their endpoints. Which of the following configuration changes should be made to the EDR solution to improve security?
CorrectIncorrect -
Question 91 of 95
91. Question
An organization is trying to prevent a ransomware attack and has identified certain indicators of compromise (IoCs) that are associated with known ransomware families. Which of the following would be most effective in utilizing these IoCs to protect against the threat?
CorrectIncorrect -
Question 92 of 95
92. Question
A cybersecurity analyst has detected unusual behavior on a company’s network. They suspect a malware infection but are not able to identify the type of malware. Which type of threat research would be MOST useful in this scenario?
CorrectIncorrect -
Question 93 of 95
93. Question
A company has recently been receiving phishing emails that are spoofing its own domain. The security team wants to conduct a reputational threat research to determine if their domain has been listed on any blacklist due to previous malicious activities. Which of the following tools or techniques can the security team use for this purpose?
CorrectIncorrect -
Question 94 of 95
94. Question
A company has developed a new web application that will allow customers to make purchases online. Which of the following is a software assurance best practice that should be implemented to ensure the security of the payment process?
CorrectIncorrect -
Question 95 of 95
95. Question
A software development team is looking to implement a tool that can automatically scan their codebase for potential security vulnerabilities. Which of the following best describes the type of tool they should use?
CorrectIncorrect