Quiz Summary
0 of 90 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 90 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the practice exam, but hey, you have unlimited access.😎
Practise makes you perfect! 👊 -
Congratulations! 🥳
You have passed the practice exam successfully! You are one step closer to pass the real exam!
We hope to see you again on another certification path.✌️
Good luck with the exam! Stay strong.👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 90
1. Question
A company is concerned about the potential for insider threats and wants to implement active defense mechanisms to deter malicious actors. Which of the following is an example of an active defense mechanism?
CorrectIncorrect -
Question 2 of 90
2. Question
A company is planning to send confidential information over a network that is shared with other organizations. Which of the following options should be used to protect the confidentiality of the information?
CorrectIncorrect -
Question 3 of 90
3. Question
A company’s web application is experiencing multiple unauthorized login attempts. The security team wants to implement a security solution to detect and prevent such attacks in the future. Which of the following security solutions should the security team implement?
CorrectIncorrect -
Question 4 of 90
4. Question
A company is concerned about the increasing number of attacks on its network and wants to implement additional security measures. They are considering using a honeypot to detect and prevent attacks. Which of the following is a potential disadvantage of using a honeypot?
CorrectIncorrect -
Question 5 of 90
5. Question
A company wants to implement a new security solution to detect and prevent attacks on its network. They are considering using a honeypot. Which of the following is the BEST explanation for a honeypot?
CorrectIncorrect -
Question 6 of 90
6. Question
A developer is coding a new application that requires a large amount of memory to store user input data. During testing, it is found that an attacker can overflow the heap and execute arbitrary code. Which of the following is the most effective control to mitigate this attack?
CorrectIncorrect -
Question 7 of 90
7. Question
A software developer has written a new function for a web application using the
strcpy
function to copy data from one string to another. The developer is unaware of the security risks associated with the use of thestrcpy
function. Which control would be the most effective in mitigating the vulnerability of the application to attacks leveraging the use of insecure functions such asstrcpy
?CorrectIncorrect -
Question 8 of 90
8. Question
A company recently purchased a new web application that is designed to run on a Linux server. The server was set up using default configurations, and the company’s IT team has noticed some security concerns. Which of the following actions could help mitigate the vulnerabilities associated with weak or default configurations?
CorrectIncorrect -
Question 9 of 90
9. Question
A company has recently identified that its IT environment is vulnerable to the risk of insecure components due to the use of outdated and unsupported software. They want to implement controls to mitigate this risk. Which of the following measures should they take?
CorrectIncorrect -
Question 10 of 90
10. Question
A software developer is creating a web application that will be used by multiple departments within a company. The developer includes a third-party component to add functionality to the application. However, the security team discovers that the third-party component has a vulnerability that could allow attackers to bypass authentication and gain unauthorized access to sensitive data. What control can the security team implement to mitigate this vulnerability?
CorrectIncorrect -
Question 11 of 90
11. Question
A company has recently experienced several security incidents where attackers gained unauthorized access to sensitive data by exploiting vulnerabilities in their authentication system. The company wants to implement controls to mitigate these attacks. Which of the following controls would be MOST effective in preventing broken authentication vulnerabilities?
CorrectIncorrect -
Question 12 of 90
12. Question
A company’s web application uses a shared resource to manage customer transactions. The application does not implement any locking mechanism, which causes race conditions. What is the best control to mitigate this vulnerability?
CorrectIncorrect -
Question 13 of 90
13. Question
A web application allows users to make purchases online. Each user has a unique account number associated with their profile, which they can access to view their purchase history. A hacker discovers that by changing the account number in the URL, they can view other users’ purchase history. What control should be implemented to mitigate this insecure object reference vulnerability?
CorrectIncorrect -
Question 14 of 90
14. Question
Which of the following is an effective control for mitigating a dereferencing vulnerability?
CorrectIncorrect -
Question 15 of 90
15. Question
A mobile application allows users to upload and share photos. An attacker can use this functionality to upload malicious images that contain hidden malware. What is the BEST control to mitigate this vulnerability?
CorrectIncorrect -
Question 16 of 90
16. Question
A company’s website is vulnerable to cross-site scripting (XSS) attacks. An attacker could potentially exploit this vulnerability by injecting malicious code into a web page, which would then execute when a user visits the page. Which of the following controls can be implemented to mitigate this attack?
CorrectIncorrect -
Question 17 of 90
17. Question
A security analyst has discovered the presence of a rootkit on a system during a routine scan. Which of the following is the BEST course of action to mitigate this attack?
CorrectIncorrect -
Question 18 of 90
18. Question
A company uses a web-based application for managing customer data. An attacker has managed to hijack the session of a customer and is now able to view and manipulate their data. Which control should the company implement to mitigate this attack?
CorrectIncorrect -
Question 19 of 90
19. Question
A company has detected an on-path attack on its network. The attacker is spoofing ARP packets to redirect network traffic to a malicious host. Which of the following controls can mitigate this type of attack?
CorrectIncorrect -
Question 20 of 90
20. Question
A company has received reports of employees receiving emails from what appears to be the CEO’s email address. The emails contain a request for sensitive information. Upon investigation, it is discovered that the CEO’s email account was compromised. What type of attack is this?
CorrectIncorrect -
Question 21 of 90
21. Question
A company has recently suffered a data breach that resulted in the compromise of user account credentials. The security team has discovered that attackers are using these credentials to attempt to log in to various systems and applications. Which of the following controls can be implemented to mitigate this type of attack?
CorrectIncorrect -
Question 22 of 90
22. Question
A company’s IT team discovered that an attacker had gained access to their server and had elevated their privileges to gain full control of the system. What measures can the team implement to mitigate this type of attack in the future?
CorrectIncorrect -
Question 23 of 90
23. Question
A security analyst at a financial institution noticed suspicious activities on the company’s server. Upon further investigation, the analyst discovered that a non-privileged user had gained unauthorized access to sensitive information. What type of attack has likely occurred, and what control measures can be implemented to mitigate this attack?
CorrectIncorrect -
Question 24 of 90
24. Question
A web application is vulnerable to a directory traversal attack. Which of the following controls can be implemented to mitigate this attack?
CorrectIncorrect -
Question 25 of 90
25. Question
A company uses a web application that allows users to upload and download files. An attacker uploads a file containing malicious code and uses a directory traversal attack to execute the code on the server. Which control can mitigate this attack?
CorrectIncorrect -
Question 26 of 90
26. Question
A company uses a web application that allows users to upload and view images. A hacker exploits a vulnerability in the web application that allows them to upload malicious code and execute it on the server, gaining unauthorized access to the system. Which of the following controls can mitigate the risk of remote code execution?
CorrectIncorrect -
Question 27 of 90
27. Question
You are the network security administrator for a large company. You have recently discovered that an attacker has been using an integer overflow attack to exploit a vulnerability in one of your applications. Which mitigation technique would you recommend to prevent this attack in the future?
CorrectIncorrect -
Question 28 of 90
28. Question
In a company’s software application, a user inputs a large amount of data into a text field that is limited to a certain number of characters. As a result, the application crashes and the system becomes unresponsive. What type of attack is this?
CorrectIncorrect -
Question 29 of 90
29. Question
A company uses an XML-based application to manage its customer data. An attacker has discovered a vulnerability in the application and plans to exploit it. Which of the following controls would mitigate the attack?
CorrectIncorrect -
Question 30 of 90
30. Question
A company has a web application that uses XML to communicate with a backend database. An attacker has discovered a vulnerability in the application that allows them to execute malicious code. Which of the following controls would mitigate the attack?
CorrectIncorrect -
Question 31 of 90
31. Question
Sarah is the IT manager at a small startup that recently moved its business to the cloud. They’re using a popular cloud provider that offers data storage and management services. Sarah has just received a notification that one of their storage buckets has been exposed to the public internet due to an error in their access control policy. Which of the following threats is MOST likely to occur as a result of this incident?
CorrectIncorrect -
Question 32 of 90
32. Question
A company has recently migrated its IT infrastructure to a cloud-based platform. During the migration, a misconfigured encryption key was used to encrypt sensitive data stored in the cloud. The company has since discovered the issue and is concerned about the potential impact. Which of the following is a potential threat associated with improper key management in the cloud?
CorrectIncorrect -
Question 33 of 90
33. Question
A company has implemented Infrastructure as Code (IaC) to manage its cloud infrastructure. During a recent code review, a developer noticed that the IaC code contained plain-text passwords. Which of the following is the BEST way to address this security risk?
CorrectIncorrect -
Question 34 of 90
34. Question
A company uses Infrastructure as Code (IaC) to manage its cloud infrastructure. During a recent code review, a vulnerability was found in the IaC code that could allow unauthorized access to sensitive data. Which of the following is the BEST course of action to address this vulnerability?
CorrectIncorrect -
Question 35 of 90
35. Question
What is a potential security risk associated with using Function as a Service (FaaS) in a serverless architecture?
CorrectIncorrect -
Question 36 of 90
36. Question
A company is considering moving its entire infrastructure to a public cloud provider. What is a potential security concern that they should be aware of?
CorrectIncorrect -
Question 37 of 90
37. Question
A company is considering a public cloud deployment model for their customer-facing application. Which of the following is a potential benefit of this deployment model?
CorrectIncorrect -
Question 38 of 90
38. Question
A company has decided to move its data center to the cloud, and the IT team is tasked with evaluating the different cloud deployment models. They are concerned about the risks associated with the cloud deployment models and want to select the one with the least risk. Which of the following cloud deployment models is considered the LEAST risky?
CorrectIncorrect -
Question 39 of 90
39. Question
A company is considering migrating its on-premises infrastructure to the cloud using an Infrastructure as a Service (IaaS) model. Which of the following risks should they be MOST concerned about when it comes to their data?
CorrectIncorrect -
Question 40 of 90
40. Question
A company is migrating its web application to a PaaS provider. Which of the following is a potential vulnerability associated with this move?
CorrectIncorrect -
Question 41 of 90
41. Question
A company recently migrated its email system to a cloud-based provider that offers Software as a Service (SaaS) model. During the security assessment, the security team discovered that the provider’s email system has vulnerabilities that could be exploited by attackers. Which of the following is a threat associated with the SaaS cloud service model?
CorrectIncorrect -
Question 42 of 90
42. Question
A chemical plant uses a SCADA system to monitor and control various industrial processes. During a routine audit, the security team discovers that the SCADA system has an unpatched vulnerability that could allow an attacker to execute arbitrary code on the system. What is the MOST significant risk associated with this vulnerability?
CorrectIncorrect -
Question 43 of 90
43. Question
A drone manufacturer is developing a new model that includes a camera with facial recognition technology. Which of the following is a potential privacy risk associated with this technology?
CorrectIncorrect -
Question 44 of 90
44. Question
In a manufacturing plant, the production line is secured by a physical access control system that uses an authentication mechanism to grant access to employees. Which of the following threats is associated with this technology?
CorrectIncorrect -
Question 45 of 90
45. Question
A company is using System-on-Chip (SoC) technology to power its Internet of Things (IoT) devices. Which of the following is a potential threat that can be associated with this specialized technology?
CorrectIncorrect -
Question 46 of 90
46. Question
A smart traffic management system is designed to control traffic lights in a city. The system uses an RTOS to ensure that traffic signals are synchronized in real-time. A security analyst is conducting a vulnerability assessment of the system and discovers that the RTOS is not designed with security in mind. Which of the following is the most effective mitigation strategy for this vulnerability?
CorrectIncorrect -
Question 47 of 90
47. Question
In a manufacturing company, a critical system is controlled by an embedded device that runs on a real-time operating system (RTOS). The device is used to regulate the temperature of a sensitive production process. Which of the following is a potential threat to this system?
CorrectIncorrect -
Question 48 of 90
48. Question
A manufacturing company has implemented an IoT solution to monitor its production line. The IoT devices collect data and send it to a centralized system for analysis. Which of the following is a vulnerability associated with this IoT technology?
CorrectIncorrect -
Question 49 of 90
49. Question
A company has implemented a smart office solution that includes sensors to monitor temperature, humidity, and occupancy levels. The solution is connected to the internet and accessible from the company’s network. Which of the following is a threat associated with this IoT technology?
CorrectIncorrect -
Question 50 of 90
50. Question
A user has installed a new application on their mobile device that claims to improve battery life. However, after installing the application, the device starts behaving strangely and the user notices unusual charges on their mobile bill. Which of the following is the MOST likely threat associated with this situation?
CorrectIncorrect -
Question 51 of 90
51. Question
A company has recently introduced a bring your own device (BYOD) policy allowing employees to use their personal mobile devices for work. Which of the following is a threat associated with this policy?
CorrectIncorrect -
Question 52 of 90
52. Question
A cloud infrastructure environment has been assessed using Prowler, and the report indicates that the environment is not compliant with the CIS AWS Foundations Benchmark. Which of the following is a finding that Prowler may report related to this benchmark?
CorrectIncorrect -
Question 53 of 90
53. Question
A security analyst is tasked with assessing the security posture of a cloud environment. They decide to use ScoutSuite to perform the assessment. During the assessment, the tool flags a misconfigured S3 bucket that has been set to allow public access. Which of the following should be the analyst’s NEXT course of action?
CorrectIncorrect -
Question 54 of 90
54. Question
In a wireless assessment, a security analyst uses Reaver to crack a WPA2-PSK-protected network. Which of the following statements BEST describes the output that the analyst should expect to see from Reaver?
CorrectIncorrect -
Question 55 of 90
55. Question
A security analyst is conducting a wireless network assessment using Aircrack-ng and notices that a client device is transmitting data without encryption. What is the MOST likely reason for this?
CorrectIncorrect -
Question 56 of 90
56. Question
A network administrator is conducting a vulnerability assessment on a company’s network. The administrator runs Responder to capture network traffic and identify potential vulnerabilities. The tool identifies an HTTP request with a plaintext password. What type of vulnerability is this?
CorrectIncorrect -
Question 57 of 90
57. Question
A security analyst wants to conduct an enumeration of a remote network to identify possible attack vectors. Which of the following is an example of an active enumeration technique?
CorrectIncorrect -
Question 58 of 90
58. Question
A security analyst wants to assess the security posture of a web server in a remote network. Which of the following enumeration techniques is the MOST passive method to gather information about the server?
CorrectIncorrect -
Question 59 of 90
59. Question
You are a security analyst working for a company and have been tasked with conducting a vulnerability assessment on the network infrastructure. After running the hping tool, you notice that there are several open ports on the target system that are commonly associated with known vulnerabilities. Which of the following vulnerabilities should you investigate further based on the hping output?
CorrectIncorrect -
Question 60 of 90
60. Question
In a network assessment, a security analyst used Nmap to scan a target system and found an open port 22. What does this mean for the system?
CorrectIncorrect -
Question 61 of 90
61. Question
A security analyst is tasked with scanning a network for open ports, running services, and operating systems in use. Which Nmap command should the analyst use to perform this type of scan?
CorrectIncorrect -
Question 62 of 90
62. Question
A software development team is conducting a security assessment of their new web application. They want to use a technique that can generate large amounts of random data inputs to test the application’s ability to handle unexpected input. Which of the following software assessment techniques would be the MOST suitable in this situation?
CorrectIncorrect -
Question 63 of 90
63. Question
A company is testing a new web application before releasing it to production. They use a software assessment tool that employs the reverse engineering technique to identify any potential security vulnerabilities in the application. Which of the following is a potential output of this tool?
CorrectIncorrect -
Question 64 of 90
64. Question
During a dynamic analysis scan of a web application, a security analyst discovers that the scan was blocked by a web application firewall (WAF). Which of the following is the BEST course of action for the analyst?
CorrectIncorrect -
Question 65 of 90
65. Question
A software development company is using a static analysis tool to identify security vulnerabilities in their codebase. During the analysis, the tool flags a high-severity issue related to SQL injection. Which of the following is the MOST appropriate next step for the development team?
CorrectIncorrect -
Question 66 of 90
66. Question
A security analyst has completed a vulnerability scan using Qualys on a corporate network and found several critical vulnerabilities. The report shows that one of the servers has a vulnerable version of SSH running, which can allow attackers to gain access to the system. What is the BEST action for the analyst to take next based on this information?
CorrectIncorrect -
Question 67 of 90
67. Question
While analyzing the results of an OpenVAS scan, you come across an entry that says “Target is a printer with SNMP enabled”. What could this indicate?
CorrectIncorrect -
Question 68 of 90
68. Question
In analyzing the output of an OpenVAS scan, you notice several instances of a vulnerability identified as CVE-2021-3456, with a severity score of 7.2. What does this score indicate?
CorrectIncorrect -
Question 69 of 90
69. Question
A security analyst is reviewing the output from a Nessus scan of their organization’s network. The scan has identified a vulnerability in a network switch. The vulnerability is rated as high and the recommended remediation action is to install a firmware update. Which of the following would be the MOST appropriate next step for the security analyst to take?
CorrectIncorrect -
Question 70 of 90
70. Question
A security analyst is running a web application scan using Arachni and identifies a vulnerability that allows remote attackers to execute arbitrary code on the server. Which of the following is the best remediation action for this vulnerability?
CorrectIncorrect -
Question 71 of 90
71. Question
A security analyst has run a web application scanner to assess the vulnerabilities of an e-commerce website. The scanner identified a potential vulnerability in the website’s authentication mechanism. The output from the scan indicates that the vulnerability is associated with the use of default credentials. Which web application scanner is most likely to have generated this output?
CorrectIncorrect -
Question 72 of 90
72. Question
A security analyst is conducting a web application scan using Burp Suite to identify vulnerabilities on a client’s web application. Which of the following is a potential vulnerability that Burp Suite might identify in the scan report?
CorrectIncorrect -
Question 73 of 90
73. Question
During a vulnerability assessment of a web application, a security analyst ran OWASP Zed Attack Proxy (ZAP) and identified several vulnerabilities, including a cross-site scripting (XSS) vulnerability. What is the MOST appropriate remediation action for this vulnerability?
CorrectIncorrect -
Question 74 of 90
74. Question
A security analyst has been asked to perform a vulnerability assessment on a web application. After running OWASP Zed Attack Proxy (ZAP), the analyst noticed that the tool identified a SQL injection vulnerability. What should the analyst do next?
CorrectIncorrect -
Question 75 of 90
75. Question
A company has identified a critical vulnerability in one of its systems that needs to be patched immediately. However, their SLA with their cloud service provider stipulates that any patching will require a 4-hour maintenance window, during which the system will be down. What is the BEST course of action for the company in this scenario?
CorrectIncorrect -
Question 76 of 90
76. Question
In a large organization, a security analyst has discovered a critical vulnerability in a third-party software component used by the marketing department. However, the marketing department is reluctant to apply a patch to the software as it might cause instability in their applications. What could be a potential inhibitor to remediation in this scenario?
CorrectIncorrect -
Question 77 of 90
77. Question
A security analyst is conducting a vulnerability scan on a network protected by an intrusion detection system (IDS) and a firewall. During the scan, the IDS alerts on some of the scan traffic, but the firewall does not. What is the likely reason for this difference in behavior?
CorrectIncorrect -
Question 78 of 90
78. Question
In a large enterprise environment, the vulnerability management team is performing a vulnerability scan on the company’s network. However, the intrusion prevention system (IPS) keeps blocking the scanning traffic and does not allow the vulnerability scanner to complete the scan. What is the BEST way to ensure successful completion of the vulnerability scan?
CorrectIncorrect -
Question 79 of 90
79. Question
In a large organization, the vulnerability scanning team has been requested to perform a full network scan. The team has limited time to perform the scan due to tight deadlines. Which of the following scanning parameters would be most appropriate to use in this scenario?
CorrectIncorrect -
Question 80 of 90
80. Question
A company has a database containing sensitive customer information, including social security numbers, credit card numbers, and home addresses. The company’s vulnerability scanner regularly scans the database, but the security team recently discovered that the scanner is not detecting vulnerabilities in the credit card number fields. What type of scanning parameter should the team adjust to ensure that these vulnerabilities are identified?
CorrectIncorrect -
Question 81 of 90
81. Question
A security analyst is tasked with remediating a vulnerability that was identified during a vulnerability scan. The vulnerability is located on a web server that hosts a critical business application. The remediation plan requires changes to the server’s configuration. Which remediation method is BEST suited for this scenario?
CorrectIncorrect -
Question 82 of 90
82. Question
In a large enterprise environment with numerous servers and endpoints, the IT team is responsible for regularly scanning and patching vulnerabilities. Which remediation method is best suited for this scenario?
CorrectIncorrect -
Question 83 of 90
83. Question
An organization wants to perform a vulnerability scan on its network to identify and remediate any issues. However, they are concerned about the security risks of providing credentials to the scanning tool. Which of the following best describes the difference between credentialed and non-credentialed scans?
CorrectIncorrect -
Question 84 of 90
84. Question
What is the best approach to reduce the risk associated with scanning activities?
CorrectIncorrect -
Question 85 of 90
85. Question
A network administrator discovered a vulnerability on a server that is running a critical application. The vulnerability is due to a configuration error that allows unauthenticated access to the application’s administrative console. What is the most effective remediation strategy?
CorrectIncorrect -
Question 86 of 90
86. Question
An organization’s vulnerability scanning identified a critical vulnerability on a server that could allow an attacker to execute remote code. The IT team has determined that the server is running an outdated version of the operating system, which is the root cause of the vulnerability. What is the most effective remediation strategy?
CorrectIncorrect -
Question 87 of 90
87. Question
A system administrator has been tasked with implementing a new security standard to ensure all systems are configured securely. What should be the first step in this process?
CorrectIncorrect -
Question 88 of 90
88. Question
A security analyst is conducting a vulnerability scan on a system and the scan tool reported no vulnerabilities. However, the analyst later discovered that the system was actually vulnerable to an exploit that was used by an attacker to gain unauthorized access. Which of the following statements correctly describes the type of validation error in this scenario?
CorrectIncorrect -
Question 89 of 90
89. Question
Which of the following is an advantage of true negative results in vulnerability management?
CorrectIncorrect -
Question 90 of 90
90. Question
In the context of vulnerability management, which of the following is an example of a true negative?
CorrectIncorrect