CompTIA Security+ (SY0-601) Practice Exam #1

Question 1 of 90

1. Question

You have been hired by a company to identify and document all aspects of an asset’s configurations in order to create a secure template against which all subsequent configurations will be measured. What type of configuration management will you implement?

Standard naming conventions
Internet protocol (IP) schema
Configuration template
Baseline configurations

Question 2 of 90

2. Question

Your organization is working with a contractor to build a database. You need to find a way to hide the actual data from being exposed to the contractor. Which of the following technique will you use in order to allow the contractor to test the database environment without having access to actual sensitive customer information?

Data Masking
Tokenization
Encryption
Data at rest

Question 3 of 90

3. Question

The software that monitors user activity and automatically prevents malware between cloud service users and cloud applications is known as:

Cloud access security broker
Hashing
Hardware security modules
SSL/TLS inspection

Question 4 of 90

4. Question

Which of the following types of disaster recovery sites allows a company to continue normal business operations, within a very short period of time after a disaster?

Warm Site
Hot Site
Cold Site
Normal Site

Question 5 of 90

5. Question

A company hired you as a security expert. You have been tasked to implement a solution to deceive and attract hackers who attempt to gain unauthorized access to their network in order to gain information about how they operate.

Which of the following technique will you implement to meet this requirement as cost-effective as possible?

Honeyfile
Honeypots
DNS Sinkholing
Honeynet

Question 6 of 90

6. Question

The developers of your company thinking to switch the development process to the cloud, so they don’t need to start from scratch when creating applications with the purpose of saving a lot of time and money on writing code.

Which of the following cloud service models the developers of your company will use to create unique, customizable software on the Cloud?

PaaS
SaaS
IaaS
XaaS

Question 7 of 90

7. Question

Your company is migrating to the cloud due to a strict budget. The primary reason is to avoid spending money on purchasing hardware and time on maintaining it. The company needs to pay only for the cloud computing resources it uses.

Which of the following cloud computing architecture should your company use to deploy the cloud services?

Public Cloud
Private Cloud
Hybrid Cloud
Community Cloud

Question 8 of 90

8. Question

Which of the following companies is not a cloud service provider?

Amazon Web Services
Microsoft Azure
Examsdigest
Google Cloud Platform

Question 9 of 90

9. Question

A Managed Service Provider (MSP) is a company that remotely manages a customer’s IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model. (True/False)

True
False

Question 10 of 90

10. Question

Answer the fill-in-the-blank by typing one of the following type of attacks:

`Fog` `Edge` `Distributed` `Cloud`

A decentralized computing infrastructure in which data, compute, storage, and applications are located between the data source and the cloud is called computing. In this environment, intelligence is at the local area network (LAN) and data is transmitted from endpoints only.

Question 11 of 90

11. Question

You are working for a startup and recently the application you are developing experienced a large amount of traffic. As a result, the performance of the application was decreased. You have been instructed to implement a solution to efficiently distributing incoming network traffic across a group of backend servers to increase the performance of the APP.

Which of the following solutions will you implement to meet the requirement?

Load balancers
Network interface card teaming
Multipath
Redundant array of inexpensive disks

Question 12 of 90

12. Question

Recently the physical network adapter card from your company’s server broke. As a result, your co-workers couldn’t access important resources for hours. You have been instructed to implement a solution to eliminate this from happening again in the event of a network adapter failure.

Which of the following solutions will you implement to meet the requirement?

NIC teaming
UPS
PDU
Power generator

Question 13 of 90

13. Question

Which of the following backup types only back up the data that has changed since the previous backup?

Full backup
Incremental backup
Differential backup
Snapshot backup

Question 14 of 90

14. Question

Cloud backup is a strategy for sending a copy of files or database to a secondary server, which is usually hosted by a third-party service provider for preservation, in case of equipment failure or catastrophe. (True/False)

True
False

Question 15 of 90

15. Question

You have been instructed to connect a storage device that allows storage and retrieval of data from a central location for authorized network users and varied clients.

Which of the following storage type will you use to meet the requirement?

Storage area network
Tape storage
Network-attached storage
Disk storage

Question 16 of 90

16. Question

Match the following social engineering techniques with their meaning.

Sort elements

Phishing
Smishing
Vishing
Spear phishing

An attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message
The user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile devices
Individuals are tricked into revealing critical financial or personal information to unauthorized entities through voice email or VoIP (voice over IP)
Is an email or electronic communications scam targeted towards a specific individual, organization or business.

Question 17 of 90

17. Question

Which of the following types of social engineering techniques is the use of messaging systems to send an unsolicited message to large numbers of recipients for the purpose of commercial advertising, or for the purpose of non-commercial proselytizing?

Tailgating
Spamming
Pharming
Whaling

Question 18 of 90

18. Question

Which of the following types of social engineering is a method in which the attacker seeks to compromise a specific group of end-users by infecting websites that members of that group are known to visit?

Dumpster diving
Shoulder surfing
Watering hole attack
Credential Harvesting

Question 19 of 90

19. Question

Answer the fill-in-the-blank by typing one of the following type of attacks:

`Trojan` `Ransomware` `Worm` `Spyware`

The type of malicious code or software that looks legitimate but can take control of your computer is known as . It is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network.

Question 20 of 90

20. Question

Which of the following attacks isn’t intended to steal data but to remain in place for as long as possible, quietly mining in the background?

Logic bomb
Keylogger
Rootkit
Cryptomalware

Question 21 of 90

21. Question

A method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (root access) on a computer system, network, or software application is known as:

Backdoor
Botnet
Spraying
Pretexting

Question 22 of 90

22. Question

Match the following password attack techniques with their meaning.

Sort elements

Brute force attack
Rainbow table attack
Dictionary attack
Plaintext Attack

An attacker submitting many passwords or passphrases with the hope of eventually guessing correctly
A type of hacking wherein the perpetrator tries to crack the passwords stored in a database system
A method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password
An attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext).

Question 23 of 90

23. Question

Which of the following attacks occurs when someone infiltrates a system through an outside partner or provider with access to the systems and data?

Skimming
Remote Access Trojan
Command and control
Supply-chain attack

Question 24 of 90

24. Question

Adversarial machine learning is a machine learning technique that attempts to fool models by supplying deceptive input. (True/False)

True
False

Question 25 of 90

25. Question

Which of the following cryptographic attacks force victims to use older, more vulnerable versions of software in order to exploit known vulnerabilities against them?

Birthday
Collision
Downgrade
Reconnaissance

Question 26 of 90

26. Question

A hacker introduced corrupt Domain Name System (DNS) data into a DNS resolver’s cache with the aim of redirecting users either to the wrong websites or to his own computer. What type of DNS attack did the hacker implement in this scenario?

DNS Poisoning
URL redirection
Domain Hijacking
DNS Corruption

Question 27 of 90

27. Question

Which of the following attacks is a Network Layer DDoS attack?

BGP Hijacking
DNS amplification
HTTP Flood
Slow Read

Question 28 of 90

28. Question

The type of hackers that violates computer security systems without permission, stealing the data inside for their own personal gain or vandalizing the system is commonly known as:

Black-Hat hackers
White-Hat hackers
Gray-Hat hackers
Red-Hat hackers

Question 29 of 90

29. Question

A hacker wants to attack a network with the aim of maintaining ongoing access to the targeted network rather than to get in and out as quickly as possible with the ultimate goal of stealing information over a long period of time. What type of attacking technique will the hacker use in this case?

Insider threat
State actors
Hacktivism
Advanced persistent threat (APT)

Question 30 of 90

30. Question

Which of the following terms refers to Information Technology (IT) applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department?

Script Kiddies
Indicators of compromise
Shadow IT
Open-source intelligence

Question 31 of 90

31. Question

______________ is a set of rules designed to give EU citizens more control over their personal data.

Payment Card Industry Data Security Standard (PCI DSS)
National Institute of Standards and Technology (NIST)
International Organization for Standardization (ISO)
General Data Protection Regulation (GDPR)

Question 32 of 90

32. Question

A _______________ is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.

Service level agreement (SLA)
End of life (EOL)
Memorandum of understanding (MOU)
Non-Disclosure Agreement (NDA)

Question 33 of 90

33. Question

The ____________ is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.

Recovery point objective (RPO)
Mean time to repair (MTTR)
Recovery Time Objective (RTO)
Mean time between failures (MTBF)

Question 34 of 90

34. Question

_________________ is a strategy that ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.

Single loss expectancy (SLE)
Annualized loss expectancy (ALE)
Annualized rate of occurrence (ARO)
Business continuity plan

Question 35 of 90

35. Question

The _________________ is described as an estimated frequency of the threat occurring in one year.

Single loss expectancy (SLE)
Annualized loss expectancy (ALE)
Annualized rate of occurrence (ARO)
Business continuity plan

Question 36 of 90

36. Question

You have been tasked to access a remote computer for handling some administrative tasks over an unsecured network in a secure way.

Which of the following protocols will you use to access the remote computer to handle the administrative tasks?

SRTP
LDAPS
SSH
HTTPS

Question 37 of 90

37. Question

Your manager is trying to understand the difference between SFTP and FTPS. So, he asked you to explain the difference between them.

Which of the following statements are correct? (Choose all that apply.)

SFTP, also known as SSH FTP, encrypts both commands and data while in transmission
FTPS, also known as FTP Secure or FTP-SSL
SFTP protocol is packet-based as opposed to text-based making file and data transfers faster
FTPS authenticates your connection using a user ID and password or SSH Keys
SFTP authenticates your connection using a user ID and password, a certificate, or both

Question 38 of 90

38. Question

One of the features of SNMPv3 is called message integrity.

True
False

Question 39 of 90

39. Question

You have been hired as a security expert to implement a security solution to protect an organization from external threats. The solution should provide the organization with a superior ability to identify attacks, malware, and other threats and also provide packet filtering capabilities, VPN support, and network monitoring.

Which of the following security solutions will you implement to meet the requirement?

Next-generation firewall (NGFW)
Endpoint detection and response (EDR)
Anti-malware
Antivirus

Question 40 of 90

40. Question

Application whitelisting prevents undesirable programs from executing, while application blacklisting is more restrictive and allows only programs that have been explicitly permitted to run. (True/False)

True
False

Question 41 of 90

41. Question

You have been tasked to implement a solution to encrypt data as it is written to the disk and decrypt data as it is read off the disk.

Which of the following solution will you implement to meet the requirement?

Root of trust
Trusted Platform Module
Self-encrypting drive (SED) / full-disk encryption (FDE)
Sandboxing

Question 42 of 90

42. Question

In which of the following load balancer modes does two or more servers aggregate the network traffic load and work as a team to distribute the workload across all servers in order to prevent any single node from getting overloaded?

Active/active
Active/passive
Passive/active
Passive/passive

Question 43 of 90

43. Question

You have been tasked to implement a solution to increase the security of your company’s local area network (LAN). All of the company’s external-facing servers (Web server, Mail server, FTP server) should be placed in a separate area in order to be accessible from the internet, but the rest of the internal LAN to be unreachable.

Which of the following techniques will you implement to meet the requirement?

VLAN
VPN
DMZ
DNS

Question 44 of 90

44. Question

Which of the following VPN solutions is used to connect two local area networks utilized by businesses that want to provide their employees with secure access to network resources?

Remote access
Site-to-site
Split tunnel
Proxy server

Question 45 of 90

45. Question

The network administrator from your company notices that the network performance has been degraded due to a broadcast storm.

Which of the following techniques will you recommend to the network administrator in order to reduce broadcast storms? (Choose all that apply)

Split up your broadcast domain
Check for loops in switches
Check how often ARP tables are emptied
Split up your collision domain
Check the routing tables

Question 46 of 90

46. Question

Which of the following Public key infrastructure (PKI) terms is known as an organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates?

Registration authority (RA)
Online Certificate Status Protocol (OCSP)
Certificate authority (CA)
Certificate signing request (CSR)

Question 47 of 90

47. Question

Assuming you have the domain yourcompany.com with the following sub-domains:

www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com

Which of the following types of certificates will you choose to secure all the first-level sub-domains on a single domain name?

Subject alternative name
Code signing certificates
Wildcard
Self-signed

Question 48 of 90

48. Question

In the form of Role-Based Access Control, data are accessible or not accessible based on the user’s IP address.

True
False

Question 49 of 90

49. Question

In the form of Rule-Based Access Control, data are accessible or not accessible based on the user’s IP address.

True
False

Question 50 of 90

50. Question

Which of the following types of certificates will you use to digitally sign your apps as a way for end-users to verify that the code they receive has not been altered or compromised by a third party?

Wildcard
Subject alternative name
Code signing certificates
Self-signed

Question 51 of 90

51. Question

Assuming you are working on a Windows environment. For troubleshooting reasons, you need to discover your IP information, including DHCP and DNS server addresses from your current workstation.

Which of the following commands will help you to troubleshoot the network?

tracert
ipconfig
nslookup
ping

Question 52 of 90

52. Question

Assuming you are working on a Windows environment, what command will you type to identify the number of hops and the time it takes for a packet to travel between your local computer and your web server?

tracert
ipconfig
nslookup
ping

Question 53 of 90

53. Question

You have noticed that the email server doesn’t work. Your manager said that someone from the company changed the DNS records (MX) of the email server.

Which of the following commands will you type to find the new MX records of the server?

tracert
ipconfig
ping
nslookup

Question 54 of 90

54. Question

PC1 can ping the printer on the Marketing team network but can’t ping the printer on the Sales team network. Assuming you are working on a Windows environment, type the command to get details about the route that packets go through from PC1 to the printer on the Sales team network?

C:\Users\ExamsDigest\PC1>

Question 55 of 90

55. Question

Which of the following tools can you use to perform manual DNS lookups? Assuming you are working on a Linux environment. (Choose all that apply)

route
pathping
dig
nslookup
ifconfig

Question 56 of 90

56. Question

Which of the following options is a network architecture approach that enables the network to be intelligently and centrally controlled using software applications, and helps operators manage the network consistently, regardless of the underlying network technology?

Serverless
SDN
SDV
Transit gateway

Question 57 of 90

57. Question

Which of the following types of disaster recovery sites doesn’t have any pre-installed equipment and it takes a lot of time to properly set it up so as to fully resume business operations?

Cold Site
Hot Site
Warm Site
Normal Site

Question 58 of 90

58. Question

The security process that relies on unique traits such as retinas, irises, voices, facial characteristics, and fingerprints of an individual to verify that he is who he says he is, is called:

Trait authentication
Characteristics authentication
Personalized authentication
Biometric authentication

Question 59 of 90

59. Question

Authentication, ______________, and Accounting is the term for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

Controlling
Authorization
Auditing
Enforcing

Question 60 of 90

60. Question

You are developing a new system that requires users to be authenticated using temporary passcode which is generated by an algorithm that uses the current time of the day.

Which of the following authentication methods will you use to authenticate the users?

HOTP
SMS
Push notifications
TOTP

Question 61 of 90

61. Question

Answer the fill-in-the-blank by typing one of the following type of attacks:

`Control` `Elasticity` `Scalability` `Compiler`

Version keeps track of every modification to the code in a special kind of database. If a mistake is made, you can turn back the clock and compare earlier versions of the code to help fix the mistake.

Question 62 of 90

62. Question

Which of the following process is designed to trigger automatic code integration in the main code base instead of developing in isolation and then integrating them at the end of the development cycle?

Continuous integration
Continuous deployment
Continuous monitoring
Continuous delivery

Question 63 of 90

63. Question

You are working for a client as a web developer and your client asked you to check the new update of the app without making the updates live for the users. In which environment will you push the update so your client can look it over in a stable format before it gets pushed to the users?

Staging
Development
Quality assurance
Production

Question 64 of 90

64. Question

What type of architecture developers use to build and run applications and services without having to manage infrastructure?

Software-Defined Networking
Serverless
Software-Defined visibility
Transit gateway

Question 65 of 90

65. Question

The solution to the problem of how to get a software to run reliably when moved from one computing environment to another is known as:

Thin Client
API
Microservice
Containers

Question 66 of 90

66. Question

Which of the following actions should be taken to increase the security of SCADA networks? (Choose all that apply)

Identify all connections to SCADA networks
Disconnect unnecessary connections to the SCADA network
Enable unnecessary services
Implement internal and external intrusion detection systems
Conduct physical security surveys and assess all remote sites connected to the SCADA network

Question 67 of 90

67. Question

Which of the following cryptographic technique will you use to validate the authenticity and integrity of a message or digital document?

Key stretching
Digital signatures
Salting
Hashing

Question 68 of 90

68. Question

Asymmetrical encryption uses a single key that needs to be shared among the people who need to receive the message while symmetric encryption uses a pair of a public key and a private key to encrypt and decrypt messages when communicating. (True/False)

True
False

Question 69 of 90

69. Question

Which of the following options allows your application to interact with an external service using a simple set of commands rather than having to create complex processes yourself?

Thin Client
API
Microservice
Containers

Question 70 of 90

70. Question

Which of the following technique will you use to hide secret data within a non-secret file or message with the purpose of avoiding data detection?

Steganography
Lightweight cryptography
Homomorphic encryption
Elliptical curve cryptography

Question 71 of 90

71. Question

You are developing a new web application using Python for the back-end and ReactJs for the front-end. After launching the app, your co-worker Eliot discovered that the app does not always handle multithreading properly, particularly when multiple threads access the same variable, allowing an attacker to exploit it and crash the server.

What sort of error you have just discovered?

Cross-site scripting
Privilege escalation
Race conditions
Buffer overflow

Question 72 of 90

72. Question

You have just downloaded a video from a file-sharing website. When you open the video using media player software which is installed on your workstation, you hear ONLY sound but get no picture.

What’s the most likely problem and solution?

Your media player software is outdated. You need to install the newest version of it
Your workstation lacks the proper video codec. You need to update the codecs installed on your workstation
The video is corrupt. You have to re-download the video
Your workstation is a MacBook Pro. You need to play the video on a Windows 10

Question 73 of 90

73. Question

A malicious user is trying to get access to your company’s network. He is sending users on your network a link to an executable file. However, the executable file also includes software that will allow the attacker to get access to any workstation that it is installed on.

Based on the scenario, what type of attack is this?

Spear phishing
Mac cloning
SQL injection
Trojan horse

Question 74 of 90

74. Question

You discover that the Wi-Fi of your company has been compromised. The malicious user used the username and password that came with the Wi-Fi device. Then the attacker logged in to the device through his browser and started making changes to the DHCP and DNS configuration.

What caused this vulnerability to exist and the attacker got access to the wireless access point (WAP)?

Weak password
Weak Encryption Protocol
Using default settings
Improperly configured WAP

Question 75 of 90

75. Question

Which of the following is a self-spreading malware that often exploits vulnerabilities to spread via a network?

Trojan horse
Worm
Ransomware
Spyware

Question 76 of 90

76. Question

Which of the following is a type of malicious code or software that looks legitimate but can take control of your computer?

Worm
Trojan horse
Ransomware
Spyware

Question 77 of 90

77. Question

Which of the following is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment in order to regain access?

Worm
Ransomware
Trojan horse
Spyware

Question 78 of 90

78. Question

Spyware is an example of what type of malicious software?

A DHCP snooping
ARP poisoning
A PUP
Authentication Hijacking

Question 79 of 90

79. Question

What best describes an attack that attaches some malware to a legitimate program so that when the user installs the legitimate program, they inadvertently install the malware?

Skimming
Trojan horse
Remote access Trojan
Command and control

Question 80 of 90

80. Question

What type of attack forces a user to take undesired actions on their online account by spoofing requests from the trusted user?

Bluesnarfing
Cross-site request forgery
Bluejacking
Initialization Vector

Question 81 of 90

81. Question

You have been asked to include IP schema management as part of your configuration management efforts. Which of the following is considered a security advantage of IP schema configuration management?

Identifying rogue/malicious devices
Avoiding IP address conflicts
Detecting ACLs misconfiguration
Preventing a broadcast storm

Question 82 of 90

82. Question

You scan a web server that hosts two web applications. You believe that the server is fully patched and not vulnerable to exploits. Later, you discover that the Nginx version on the server is reported as vulnerable to an exploit. When you check to see if you are missing patches, Nginx is fully patched.

What has occurred?

A false negative
A false positive
Non-credentialed scans
Credentialed scans

Question 83 of 90

83. Question

You have been asked to identify the difference between an intrusive and a nonintrusive vulnerability scan.

Which of the following statements is true? (Select TWO.)

Intrusive scans simply identify a vulnerability and report on it so you can fix it
Nonintrusive methods generally include a simple scan of the target system's attributes
Intrusive scanning tries to exploit the vulnerabilities the scanner is looking for
Nonintrusive scanning tries to exploit the vulnerabilities the scanner is looking for
Intrusive methods generally include a simple scan of the target system's attributes
Non-intrusive scans attempt to exploit a vulnerability when it is found

Question 84 of 90

84. Question

Your company hired a full-stack developer to develop a new e-learning application for a school. After testing the application, you discover that the developer has an open way to log in and bypass all the security measurements of the app. What best describes this?

Backdoor
Botnet
Spraying
Pretexting

Question 85 of 90

85. Question

Your website uses Cloudflare to resolve the DNS. Upon checking the records, you have discovered that there are A and MX record entries that point to unknown and potentially harmful IP addresses.

What sort of attack you have just discovered?

URL redirection
Domain hijacking
DNS poisoning
DNS corruption

Question 86 of 90

86. Question

You have been tasked to create a new Access Control List on the company’s firewall to prevent any HTTP traffic from/to the network. Type the port number that needs to be added to the ACL rule.

ACL rule: access-list 100 deny tcp any any eq

Question 87 of 90

87. Question

Given the following firewall configuration requirements, type the correct port number to complete the access control rules.

Firewall configuration requirement #1: Allow SMTP and POP3 traffic but prevent IMAP.

Rule #1: access-list 100 allow tcp eq allow tcp eq deny tcp eq

Firewall configuration requirement #2: Allow the DNS server to resolve domain names and prevent DHCP requests from the network.

Rule #2: access-list 100 allow tcp eq deny udp eq

Question 88 of 90

88. Question

Given the following firewall configuration requirements, type the correct port number to complete the access control rules.

Firewall configuration requirement #1: Allow SSH connections but prevent Telnet connections.

Rule #1: access-list 100 allow tcp eq deny tcp eq

Firewall configuration requirement #2: Allow HTTPS traffic but prevent HTTP traffic from/to the network.

Rule #2: access-list 100 allow tcp eq deny tcp eq

Question 89 of 90

89. Question

Drag and drop the TCP/UDP port numbers into their respective protocol name.

Sort elements

Port 80
Port 548
Port 110
Port 23

HTTP
AFP
POP3
Telnet

Question 90 of 90

90. Question

You have been tasked to create a new Access Control List on the company’s firewall to prevent any FTP access to the webserver and permit any SSH access to the webserver.

Type the port numbers that need to be added to the ACL rule to complete the task.

ACL rule: access-list 100 deny tcp any any eq

ACL rule: access-list 100 permit tcp any any eq

Anastasia-Instructor September 4, 2022

Quiz Summary

Information

Results

Results

Categories

1. Question

You have been hired by a company to identify and document all aspects of an asset’s configurations in order to create a secure template against which all subsequent configurations will be measured. What type of configuration management will you implement?

2. Question

3. Question

The software that monitors user activity and automatically prevents malware between cloud service users and cloud applications is known as:

4. Question

Which of the following types of disaster recovery sites allows a company to continue normal business operations, within a very short period of time after a disaster?

5. Question

A company hired you as a security expert. You have been tasked to implement a solution to deceive and attract hackers who attempt to gain unauthorized access to their network in order to gain information about how they operate.

Which of the following technique will you implement to meet this requirement as cost-effective as possible?

6. Question

The developers of your company thinking to switch the development process to the cloud, so they don’t need to start from scratch when creating applications with the purpose of saving a lot of time and money on writing code.

Which of the following cloud service models the developers of your company will use to create unique, customizable software on the Cloud?

7. Question

Your company is migrating to the cloud due to a strict budget. The primary reason is to avoid spending money on purchasing hardware and time on maintaining it. The company needs to pay only for the cloud computing resources it uses.

Which of the following cloud computing architecture should your company use to deploy the cloud services?

8. Question

Which of the following companies is not a cloud service provider?

9. Question

A Managed Service Provider (MSP) is a company that remotely manages a customer’s IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model. (True/False)

10. Question

Answer the fill-in-the-blank by typing one of the following type of attacks:

Fog Edge Distributed Cloud

A decentralized computing infrastructure in which data, compute, storage, and applications are located between the data source and the cloud is called computing. In this environment, intelligence is at the local area network (LAN) and data is transmitted from endpoints only.

11. Question

Which of the following solutions will you implement to meet the requirement?

12. Question

Recently the physical network adapter card from your company’s server broke. As a result, your co-workers couldn’t access important resources for hours. You have been instructed to implement a solution to eliminate this from happening again in the event of a network adapter failure.

Which of the following solutions will you implement to meet the requirement?

13. Question

Which of the following backup types only back up the data that has changed since the previous backup?

14. Question

Cloud backup is a strategy for sending a copy of files or database to a secondary server, which is usually hosted by a third-party service provider for preservation, in case of equipment failure or catastrophe. (True/False)

15. Question

You have been instructed to connect a storage device that allows storage and retrieval of data from a central location for authorized network users and varied clients.

Which of the following storage type will you use to meet the requirement?

16. Question

Match the following social engineering techniques with their meaning.

Sort elements

17. Question

Which of the following types of social engineering techniques is the use of messaging systems to send an unsolicited message to large numbers of recipients for the purpose of commercial advertising, or for the purpose of non-commercial proselytizing?

18. Question

Which of the following types of social engineering is a method in which the attacker seeks to compromise a specific group of end-users by infecting websites that members of that group are known to visit?

19. Question

Answer the fill-in-the-blank by typing one of the following type of attacks:

Trojan Ransomware Worm Spyware

The type of malicious code or software that looks legitimate but can take control of your computer is known as . It is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network.

20. Question

Which of the following attacks isn’t intended to steal data but to remain in place for as long as possible, quietly mining in the background?

21. Question

A method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (root access) on a computer system, network, or software application is known as:

22. Question

Match the following password attack techniques with their meaning.

Sort elements

23. Question

Which of the following attacks occurs when someone infiltrates a system through an outside partner or provider with access to the systems and data?

24. Question

Adversarial machine learning is a machine learning technique that attempts to fool models by supplying deceptive input. (True/False)

25. Question

Which of the following cryptographic attacks force victims to use older, more vulnerable versions of software in order to exploit known vulnerabilities against them?

26. Question

A hacker introduced corrupt Domain Name System (DNS) data into a DNS resolver’s cache with the aim of redirecting users either to the wrong websites or to his own computer. What type of DNS attack did the hacker implement in this scenario?

27. Question

Which of the following attacks is a Network Layer DDoS attack?

28. Question

The type of hackers that violates computer security systems without permission, stealing the data inside for their own personal gain or vandalizing the system is commonly known as:

29. Question

A hacker wants to attack a network with the aim of maintaining ongoing access to the targeted network rather than to get in and out as quickly as possible with the ultimate goal of stealing information over a long period of time. What type of attacking technique will the hacker use in this case?

30. Question

Which of the following terms refers to Information Technology (IT) applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department?

31. Question

______________ is a set of rules designed to give EU citizens more control over their personal data.

32. Question

`Fog` `Edge` `Distributed` `Cloud`

`Trojan` `Ransomware` `Worm` `Spyware`

www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com