Time limit: 0
Quiz Summary
0 of 90 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Quiz complete. Results are being recorded.
Results
0 of 90 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the practice exam, but hey, you have unlimited access.😎 Practice makes you perfect! 👊
-
Congratulations! 🥳 You have passed the practice exam successfully! You are one step closer to pass the real exam! We hope to see you again on another certification path. ✌️ Good luck with the exam! Stay strong. 👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 90
1. Question
Answer the fill-in-the-blank by typing one of the following type of attacks:
Integration
Deployment
Monitoring
Delivery
-
Continuous is a software development method that releases or deploys software automatically into the production environment. In this model, no one manually checks the code and pushes it into your app.
CorrectIncorrect -
-
Question 2 of 90
2. Question
Which of the following products uses the Software as a Service (SaaS) cloud model? (Choose all the apply.)
CorrectIncorrect -
Question 3 of 90
3. Question
Your company migrates its infrastructure to the public cloud because of the advantages the cloud offers. Which of the following options are advantages of using public cloud services? (Choose all that apply.)
CorrectIncorrect -
Question 4 of 90
4. Question
Which of the following part(s) of the Authentication, Authorization, and Accounting (AAA) is responsible for measuring the resources a user consumes during access to a system?
CorrectIncorrect -
Question 5 of 90
5. Question
You have been tasked to find a way to transform a plain text sensitive file into a non-readable form and send it through the web. Which of the following technique will you use to send the file through the web and only authorized parties can understand the information?
CorrectIncorrect -
Question 6 of 90
6. Question
The attacker connects to a switch port and starts sending a very large number of Ethernet frames with a different fake source MAC address. The switch’s MAC address table becomes full and now it’s not able to save more MAC address, which means it enters into a fail-open mode and starts behaving like a network Hub. Frames are flooded to all ports, similar to a broadcast type of communication. The attacker’s machine will be delivered with all the frames between the victim and other machines. The attacker will be able to capture sensitive data from the network.
Given the above scenario, identify the Layer 2 type of attack.
CorrectIncorrect -
Question 7 of 90
7. Question
In which of the following wireless network attacks the attacker set up a fraudulent Wi-Fi access point that appears to be legitimate but it is used to eavesdrop wireless communications?
CorrectIncorrect -
Question 8 of 90
8. Question
Answer the fill-in-the-blank by typing one of the following types of attacks:
Jamming
Disassociation
Bluesnarfing
Bluejacking
-
attacks are a subset of denial of service (DoS) attacks in which malicious nodes block legitimate communication by causing intentional interference in networks.
CorrectIncorrect -
-
Question 9 of 90
9. Question
There are two main techniques for driver manipulating: Shimming and Refactoring. Shiming is the process of changing a computer program’s internal structure without modifying its external functional behavior or existing functionality. (True/False)
CorrectIncorrect -
Question 10 of 90
10. Question
In which of the following API attacks does the attacker intercept communications between an API endpoint and a client in order to steal and/or alter the confidential data that is passed between them?
CorrectIncorrect -
Question 11 of 90
11. Question
A member of the company asks for a financial transfer by sending an encrypted message to the financial administrator. An attacker eavesdrops on this message, captures it, and is now in a position to resend it. Because it’s an authentic message that has simply been resent, the message is already correctly encrypted and looks legitimate to the financial administrator. Then the financial administrator is likely to respond to this new request, that response could include sending a large sum of money to the attacker’s bank account.
Which of the following type of attack is described above?
CorrectIncorrect -
Question 12 of 90
12. Question
Which of the following options are considered as request forgery attacks? (Choose all that apply)
CorrectIncorrect -
Question 13 of 90
13. Question
Given the following injection attacks, which one allows an attacker to interfere with the queries that an application makes to its database?
CorrectIncorrect -
Question 14 of 90
14. Question
What type of attack is when an attacker takes over a regular user account on a network and attempts to gain administrative permissions?
CorrectIncorrect -
Question 15 of 90
15. Question
Which of the following attacks is known as URL hijacking?
CorrectIncorrect -
Question 16 of 90
16. Question
The type of hackers that are experts in compromising computer security systems and use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes is commonly known as:
CorrectIncorrect -
Question 17 of 90
17. Question
The technique of redirecting victims from a current page to a new URL which is usually a phishing page that impersonates a legitimate site and steals credentials from the victims is known as:
CorrectIncorrect -
Question 18 of 90
18. Question
Which of the following cybersecurity testing exercise team does not focus exclusively on attacking or defending, but they do both?
CorrectIncorrect -
Question 19 of 90
19. Question
__________ is the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
CorrectIncorrect -
Question 20 of 90
20. Question
The document that lists out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being tested when it’s being tested, and how it’s being tested is known as:
CorrectIncorrect -
Question 21 of 90
21. Question
You have been hired as a penetration tester for a company to locate and exploit vulnerabilities in its target’s outward-facing services. You are not provided with any architecture diagrams or source code. This means that you are relying on dynamic analysis of currently running programs and systems within the target network.
Which of the following pentesting assignments are you currently on?
CorrectIncorrect -
Question 22 of 90
22. Question
Which of the following options is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures?
CorrectIncorrect -
Question 23 of 90
23. Question
You have set up an Intrusion detection system (IDS) and suddenly the IDS identifies an activity as an attack but the activity is acceptable behavior. The state, in this case, is known as:
CorrectIncorrect -
Question 24 of 90
24. Question
A zero-day attack is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. (True/False)
CorrectIncorrect -
Question 25 of 90
25. Question
Which of the following statements are true regarding Cloud-based security vulnerabilities? (Choose all the apply)
CorrectIncorrect -
Question 26 of 90
26. Question
_________________ describes a period of time in which an enterprise’s operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
CorrectIncorrect -
Question 27 of 90
27. Question
Answer the fill-in-the-blank by typing one of the following type of attacks:
Inspection
Survey
Check
Scan
-
The main goal of performing a wireless site is to reveal areas of channel interference and dead zones, helping you avoid problems as you build the network and prevent obstacles for network users.
CorrectIncorrect -
-
Question 28 of 90
28. Question
Which of the following features will you use to remotely clear your phones’ data in the event of losing your phone?
CorrectIncorrect -
Question 29 of 90
29. Question
Which of the following technologies will you use in order to send instant notifications to your subscribed users each time you publish a new blog post on your website?
CorrectIncorrect -
Question 30 of 90
30. Question
You have been tasked to implement a solution to send product offers to consumers’ smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
What solution will you implement in order to achieve that?
CorrectIncorrect -
Question 31 of 90
31. Question
It has been noticed that the Wi-Fi of your company is slow with intermittent loss of connection. After investigation, you noticed that it was caused by channel interference.
Which of the following solutions will you implement to overcome issues such as channel interference when you build WLANs?
CorrectIncorrect -
Question 32 of 90
32. Question
Which of the following options are authentication protocols? (Choose all the apply)
CorrectIncorrect -
Question 33 of 90
33. Question
Which of the following options are cryptographic protocols? (Choose all the apply)
CorrectIncorrect -
Question 34 of 90
34. Question
For security and monitoring purposes your company instructed you to implement a solution so that all packets entering or exiting a port should be copied and then should be sent to a local interface for monitoring.
Which of the following solution will you implement in order to meet the requirement?
CorrectIncorrect -
Question 35 of 90
35. Question
The type of network hardware appliance which can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network is known as?
CorrectIncorrect -
Question 36 of 90
36. Question
As a security expert of your company you are responsible for preventing unauthorized (rogue) Dynamic Host Configuration Protocols servers from offering IP addresses to the clients (users).
Which of the following security technology will you implement to meet the requirement?
CorrectIncorrect -
Question 37 of 90
37. Question
A/An _______________ is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
CorrectIncorrect -
Question 38 of 90
38. Question
_________________ measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, it helps you predict how long an asset can run before the next unplanned breakdown happens.
CorrectIncorrect -
Question 39 of 90
39. Question
_________________ is the average time it takes to recover from a product or system failure. This includes the full time of the outage—from the time the system or product fails to the time that it becomes fully operational again.
CorrectIncorrect -
Question 40 of 90
40. Question
A ___________________ is a legally enforceable contract that establishes confidentiality between two parties—the owner of protected information and the recipient of that information.
CorrectIncorrect -
Question 41 of 90
41. Question
Which of the following VPN solutions is used to connect a personal user device to a remote server on a private network?
CorrectIncorrect -
Question 42 of 90
42. Question
Answer the fill-in-the-blank by typing one of the following words:
Security
Filter
Control
Service
-
Access List is a network traffic filter that controls incoming or outgoing traffic. It works on a set of rules that define how to forward or block a packet at the router’s interface.
CorrectIncorrect -
-
Question 43 of 90
43. Question
What technique is used for IP address conservation by making private IP addresses to connect to the Internet?
CorrectIncorrect -
Question 44 of 90
44. Question
WiFi ____________ Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster, easier, and more secure.
CorrectIncorrect -
Question 45 of 90
45. Question
You have been tasked to implement a security solution so all the network events from your company should be recorded in a central database for further analysis.
Which of the following security solutions will you implement to meet the requirement?
CorrectIncorrect -
Question 46 of 90
46. Question
You have been tasked to configure the Wi-Fi of your company’s LAN to allow certain workstations to have access to the Internet and the rest to be blocked.
Which of the following security technology will you implement to meet the requirement?
CorrectIncorrect -
Question 47 of 90
47. Question
In cloud computing, the ability to scale up and down resources based on the user’s needs is known as:
CorrectIncorrect -
Question 48 of 90
48. Question
Answer the fill-in-the-blank by typing one of the following types of authentication:
Security
Single
Sign
Service
-
Assertions Markup Language is an important component of many SSO systems that allow users to access multiple applications, services, or websites from a single login process. It is used to share security credentials across one or more networked systems.
CorrectIncorrect -
-
Question 49 of 90
49. Question
Which of the following authentication protocols allows you to use an existing account to sign in to multiple websites, without needing to create new passwords?
CorrectIncorrect -
Question 50 of 90
50. Question
A _____________ certificate is a digital certificate that’s not signed by a publicly trusted certificate authority (CA). These certificates are created, issued, and signed by the company or developer who is responsible for the website or software being signed.
CorrectIncorrect -
Question 51 of 90
51. Question
Which of the following process describes how long businesses need to keep a piece of information (a record), where it’s stored, and how to dispose of the record when its time?
CorrectIncorrect -
Question 52 of 90
52. Question
Which of the following process is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes (natural disasters, cyber-attacks)?
CorrectIncorrect -
Question 53 of 90
53. Question
Wireshark is a command-line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool. (True/False)
CorrectIncorrect -
Question 54 of 90
54. Question
The log file of your company’s network status is updated frequently, and the most critical information is on the first five lines. You want to avoid opening the entire file each time, only to view the first five lines.
What command will you use to view only the first five lines of the log file?
CorrectIncorrect -
Question 55 of 90
55. Question
You need to mitigate all the networking attacks that exploit open unused TCP ports on your system.
Which of the following command displays active TCP connections and ports on which the computer is listening?
CorrectIncorrect -
Question 56 of 90
56. Question
Which of the following tools can you use to perform manual DNS lookups? Assuming you are working on a Linux environment. (Choose all that apply)
CorrectIncorrect -
Question 57 of 90
57. Question
You have been hired by a company to identify and document all aspects of an asset’s configurations in order to create a secure template against which all subsequent configurations will be measured. What type of configuration management will you implement?
CorrectIncorrect -
Question 58 of 90
58. Question
Your organization is working with a contractor to build a database. You need to find a way to hide the actual data from being exposed to the contractor. Which of the following technique will you use in order to allow the contractor to test the database environment without having access to actual sensitive customer information?
CorrectIncorrect -
Question 59 of 90
59. Question
The software that monitors user activity and automatically prevents malware between cloud service users and cloud applications is known as:
CorrectIncorrect -
Question 60 of 90
60. Question
You are working for a startup and recently the application you are developing experienced a large amount of traffic. As a result, the performance of the application was decreased. You have been instructed to implement a solution to efficiently distributing incoming network traffic across a group of backend servers to increase the performance of the APP.
Which of the following solutions will you implement to meet the requirement?
CorrectIncorrect -
Question 61 of 90
61. Question
Recently the physical network adapter card from your company’s server broke. As a result, your co-workers couldn’t access important resources for hours. You have been instructed to implement a solution to eliminate this from happening again in the event of a network adapter failure.
Which of the following solutions will you implement to meet the requirement?
CorrectIncorrect -
Question 62 of 90
62. Question
Which of the following types of social engineering techniques is the use of messaging systems to send an unsolicited message to large numbers of recipients for the purpose of commercial advertising, or for the purpose of non-commercial proselytizing?
CorrectIncorrect -
Question 63 of 90
63. Question
A method by which authorized and unauthorized users are able to get around normal security measures and gain high-level user access (root access) on a computer system, network, or software application is known as:
CorrectIncorrect -
Question 64 of 90
64. Question
Which of the following attacks occurs when someone infiltrates a system through an outside partner or provider with access to the systems and data?
CorrectIncorrect -
Question 65 of 90
65. Question
The type of hackers that violates computer security systems without permission, stealing the data inside for their own personal gain or vandalizing the system is commonly known as:
CorrectIncorrect -
Question 66 of 90
66. Question
A hacker wants to attack a network with the aim of maintaining ongoing access to the targeted network rather than to get in and out as quickly as possible with the ultimate goal of stealing information over a long period of time. What type of attacking technique will the hacker use in this case?
CorrectIncorrect -
Question 67 of 90
67. Question
You have been tasked to access a remote computer for handling some administrative tasks over an unsecured network in a secure way.
Which of the following protocols will you use to access the remote computer to handle the administrative tasks?
CorrectIncorrect -
Question 68 of 90
68. Question
Your manager is trying to understand the difference between SFTP and FTPS. So, he asked you to explain the difference between them.
Which of the following statements are correct? (Choose all that apply.)
CorrectIncorrect -
Question 69 of 90
69. Question
You have been hired as a security expert to implement a security solution to protect an organization from external threats. The solution should provide the organization with a superior ability to identify attacks, malware, and other threats and also provide packet filtering capabilities, VPN support, and network monitoring.
Which of the following security solutions will you implement to meet the requirement?
CorrectIncorrect -
Question 70 of 90
70. Question
Assuming you are working on a Windows environment, what command will you type to identify the number of hops and the time it takes for a packet to travel between your local computer and your web server?
CorrectIncorrect -
Question 71 of 90
71. Question
You have been hired as a network security expert in a Network Operation Center. After reviewing the logs, you have noticed that an attacker has exploited a flaw in GeoTrust SSL and forced some connections to move to a weak cipher suite version of SSL/TLS.
What sort of attack you have just discovered?
CorrectIncorrect -
Question 72 of 90
72. Question
Which of the following protocols are not secured and should be avoided (Choose TWO)?
CorrectIncorrect -
Question 73 of 90
73. Question
You are trying to find an input value that will produce the same hash as a password. What type of attack are you performing?
CorrectIncorrect -
Question 74 of 90
74. Question
You are trying to determine where your home office’s wireless network can be accessed from. Which of the following technique will you perform?
CorrectIncorrect -
Question 75 of 90
75. Question
While reviewing the log server you discover that a user found and exploited a vulnerability in your web application to gain root privileges on the server. What sort of attack you have just discovered?
CorrectIncorrect -
Question 76 of 90
76. Question
You are working as a cybersecurity analyst for a firm. Duties of this position include but are not limited to detect malware and anomalous network behaviors. After reviewing the network logs you discover that the firm’s network has been subjected to a series of advanced attacks over a period of time.
What sort of attack you have just discovered?
CorrectIncorrect -
Question 77 of 90
77. Question
You received a troubleshooting ticket from your co-worker Marie. She reported an odd behavior which is caused by a virus on her workstation. After isolating the workstation, you found out that Marie received an email from an unknown user with a .doc document inside. When Marie opened the .doc document her workstation started behaving oddly.
What is the MOST likely issue on Marie’s workstation?
CorrectIncorrect -
Question 78 of 90
78. Question
An attacker wants to get users to connect to his malicious WAP by using a second wireless access point (WAP) that broadcasts the same SSID as a legitimate access point. What type of attack does he try to perform?
CorrectIncorrect -
Question 79 of 90
79. Question
Which of the following type of information, phishing attacks aren’t intended to acquire?
CorrectIncorrect -
Question 80 of 90
80. Question
A graduate intern asked you to explain to him what is zero-day vulnerability all about. Which of the following statements is true?
CorrectIncorrect -
Question 81 of 90
81. Question
Your company is running an Intrusion Detection System on its network, and most of the time you get notified that legitimate traffic is reported as malicious traffic.
What BEST describes this scenario?
CorrectIncorrect -
Question 82 of 90
82. Question
Given the following code snippet. What language is this code written in?
import socket as socket
for _port in range (1,1224):
try:
_sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
_sock.settimeout(900)
_sock.connect((‘127.0.0.1, _port))
print ‘%d: is Open for connection’ % (_port)
_sock.close
except: continueCorrectIncorrect -
Question 83 of 90
83. Question
You notice that the CPU utilization of your company’s switches is high. After investigation, you discover that many fake MAC addresses fill up the entire MAC address table of each switch.
What sort of attack you have just discovered?
CorrectIncorrect -
Question 84 of 90
84. Question
Which of the following is used in a distributed denial-of-service (DDoS) attack?
CorrectIncorrect -
Question 85 of 90
85. Question
Adware is an example of what type of malicious software?
CorrectIncorrect -
Question 86 of 90
86. Question
You have been tasked to create a new Access Control List on the company’s firewall to prevent any HTTP traffic from/to the network. Type the port number that needs to be added to the ACL rule.
-
ACL rule: access-list 100 deny tcp any any eq
CorrectIncorrect -
-
Question 87 of 90
87. Question
Given the following firewall configuration requirements, type the correct port number to complete the access control rules.
-
Firewall configuration requirement #1: Allow SMTP and POP3 traffic but prevent IMAP.
Rule #1: access-list 100 allow tcp eq allow tcp eq deny tcp eq
Firewall configuration requirement #2: Allow the DNS server to resolve domain names and prevent DHCP requests from the network.
Rule #2: access-list 100 allow tcp eq deny udp eq
CorrectIncorrect -
-
Question 88 of 90
88. Question
Given the following firewall configuration requirements, type the correct port number to complete the access control rules.
-
Firewall configuration requirement #1: Allow SSH connections but prevent Telnet connections.
Rule #1: access-list 100 allow tcp eq deny tcp eq
Firewall configuration requirement #2: Allow HTTPS traffic but prevent HTTP traffic from/to the network.
Rule #2: access-list 100 allow tcp eq deny tcp eq
CorrectIncorrect -
-
Question 89 of 90
89. Question
Drag and drop the TCP/UDP port numbers into their respective protocol name.
Sort elements
- Port 80
- Port 548
- Port 110
- Port 23
-
HTTP
-
AFP
-
POP3
-
Telnet
CorrectIncorrect -
Question 90 of 90
90. Question
You have been tasked to create a new Access Control List on the company’s firewall to prevent any FTP access to the webserver and permit any SSH access to the webserver.
Type the port numbers that need to be added to the ACL rule to complete the task.
-
ACL rule: access-list 100 deny tcp any any eq
ACL rule: access-list 100 permit tcp any any eq
CorrectIncorrect -