Quiz Summary
0 of 60 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 60 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 60
1. Question
A company has identified a critical vulnerability in one of its systems that needs to be patched immediately. However, their SLA with their cloud service provider stipulates that any patching will require a 4-hour maintenance window, during which the system will be down. What is the BEST course of action for the company in this scenario?
CorrectIncorrect -
Question 2 of 60
2. Question
A security analyst has been asked to perform a vulnerability assessment on a web application. After running OWASP Zed Attack Proxy (ZAP), the analyst noticed that the tool identified a SQL injection vulnerability. What should the analyst do next?
CorrectIncorrect -
Question 3 of 60
3. Question
During a vulnerability assessment of a web application, a security analyst ran OWASP Zed Attack Proxy (ZAP) and identified several vulnerabilities, including a cross-site scripting (XSS) vulnerability. What is the MOST appropriate remediation action for this vulnerability?
CorrectIncorrect -
Question 4 of 60
4. Question
A security analyst is conducting a web application scan using Burp Suite to identify vulnerabilities on a client’s web application. Which of the following is a potential vulnerability that Burp Suite might identify in the scan report?
CorrectIncorrect -
Question 5 of 60
5. Question
A security analyst has run a web application scanner to assess the vulnerabilities of an e-commerce website. The scanner identified a potential vulnerability in the website’s authentication mechanism. The output from the scan indicates that the vulnerability is associated with the use of default credentials. Which web application scanner is most likely to have generated this output?
CorrectIncorrect -
Question 6 of 60
6. Question
A security analyst is running a web application scan using Arachni and identifies a vulnerability that allows remote attackers to execute arbitrary code on the server. Which of the following is the best remediation action for this vulnerability?
CorrectIncorrect -
Question 7 of 60
7. Question
A security analyst is reviewing the output from a Nessus scan of their organization’s network. The scan has identified a vulnerability in a network switch. The vulnerability is rated as high and the recommended remediation action is to install a firmware update. Which of the following would be the MOST appropriate next step for the security analyst to take?
CorrectIncorrect -
Question 8 of 60
8. Question
In analyzing the output of an OpenVAS scan, you notice several instances of a vulnerability identified as CVE-2021-3456, with a severity score of 7.2. What does this score indicate?
CorrectIncorrect -
Question 9 of 60
9. Question
While analyzing the results of an OpenVAS scan, you come across an entry that says “Target is a printer with SNMP enabled”. What could this indicate?
CorrectIncorrect -
Question 10 of 60
10. Question
A security analyst has completed a vulnerability scan using Qualys on a corporate network and found several critical vulnerabilities. The report shows that one of the servers has a vulnerable version of SSH running, which can allow attackers to gain access to the system. What is the BEST action for the analyst to take next based on this information?
CorrectIncorrect -
Question 11 of 60
11. Question
A software development company is using a static analysis tool to identify security vulnerabilities in their codebase. During the analysis, the tool flags a high-severity issue related to SQL injection. Which of the following is the MOST appropriate next step for the development team?
CorrectIncorrect -
Question 12 of 60
12. Question
During a dynamic analysis scan of a web application, a security analyst discovers that the scan was blocked by a web application firewall (WAF). Which of the following is the BEST course of action for the analyst?
CorrectIncorrect -
Question 13 of 60
13. Question
A company is testing a new web application before releasing it to production. They use a software assessment tool that employs the reverse engineering technique to identify any potential security vulnerabilities in the application. Which of the following is a potential output of this tool?
CorrectIncorrect -
Question 14 of 60
14. Question
A software development team is conducting a security assessment of their new web application. They want to use a technique that can generate large amounts of random data inputs to test the application’s ability to handle unexpected input. Which of the following software assessment techniques would be the MOST suitable in this situation?
CorrectIncorrect -
Question 15 of 60
15. Question
A security analyst is tasked with scanning a network for open ports, running services, and operating systems in use. Which Nmap command should the analyst use to perform this type of scan?
CorrectIncorrect -
Question 16 of 60
16. Question
In a network assessment, a security analyst used Nmap to scan a target system and found an open port 22. What does this mean for the system?
CorrectIncorrect -
Question 17 of 60
17. Question
You are a security analyst working for a company and have been tasked with conducting a vulnerability assessment on the network infrastructure. After running the hping tool, you notice that there are several open ports on the target system that are commonly associated with known vulnerabilities. Which of the following vulnerabilities should you investigate further based on the hping output?
CorrectIncorrect -
Question 18 of 60
18. Question
A security analyst wants to assess the security posture of a web server in a remote network. Which of the following enumeration techniques is the MOST passive method to gather information about the server?
CorrectIncorrect -
Question 19 of 60
19. Question
A security analyst wants to conduct an enumeration of a remote network to identify possible attack vectors. Which of the following is an example of an active enumeration technique?
CorrectIncorrect -
Question 20 of 60
20. Question
A network administrator is conducting a vulnerability assessment on a company’s network. The administrator runs Responder to capture network traffic and identify potential vulnerabilities. The tool identifies an HTTP request with a plaintext password. What type of vulnerability is this?
CorrectIncorrect -
Question 21 of 60
21. Question
A security analyst is conducting a wireless network assessment using Aircrack-ng and notices that a client device is transmitting data without encryption. What is the MOST likely reason for this?
CorrectIncorrect -
Question 22 of 60
22. Question
In a wireless assessment, a security analyst uses Reaver to crack a WPA2-PSK-protected network. Which of the following statements BEST describes the output that the analyst should expect to see from Reaver?
CorrectIncorrect -
Question 23 of 60
23. Question
A security analyst is tasked with assessing the security posture of a cloud environment. They decide to use ScoutSuite to perform the assessment. During the assessment, the tool flags a misconfigured S3 bucket that has been set to allow public access. Which of the following should be the analyst’s NEXT course of action?
CorrectIncorrect -
Question 24 of 60
24. Question
A cloud infrastructure environment has been assessed using Prowler, and the report indicates that the environment is not compliant with the CIS AWS Foundations Benchmark. Which of the following is a finding that Prowler may report related to this benchmark?
CorrectIncorrect -
Question 25 of 60
25. Question
A company has recently introduced a bring your own device (BYOD) policy allowing employees to use their personal mobile devices for work. Which of the following is a threat associated with this policy?
CorrectIncorrect -
Question 26 of 60
26. Question
A user has installed a new application on their mobile device that claims to improve battery life. However, after installing the application, the device starts behaving strangely and the user notices unusual charges on their mobile bill. Which of the following is the MOST likely threat associated with this situation?
CorrectIncorrect -
Question 27 of 60
27. Question
A company has implemented a smart office solution that includes sensors to monitor temperature, humidity, and occupancy levels. The solution is connected to the internet and accessible from the company’s network. Which of the following is a threat associated with this IoT technology?
CorrectIncorrect -
Question 28 of 60
28. Question
In a manufacturing company, a critical system is controlled by an embedded device that runs on a real-time operating system (RTOS). The device is used to regulate the temperature of a sensitive production process. Which of the following is a potential threat to this system?
CorrectIncorrect -
Question 29 of 60
29. Question
A smart traffic management system is designed to control traffic lights in a city. The system uses an RTOS to ensure that traffic signals are synchronized in real-time. A security analyst is conducting a vulnerability assessment of the system and discovers that the RTOS is not designed with security in mind. Which of the following is the most effective mitigation strategy for this vulnerability?
CorrectIncorrect -
Question 30 of 60
30. Question
A company is using System-on-Chip (SoC) technology to power its Internet of Things (IoT) devices. Which of the following is a potential threat that can be associated with this specialized technology?
CorrectIncorrect -
Question 31 of 60
31. Question
In a manufacturing plant, the production line is secured by a physical access control system that uses an authentication mechanism to grant access to employees. Which of the following threats is associated with this technology?
CorrectIncorrect -
Question 32 of 60
32. Question
A drone manufacturer is developing a new model that includes a camera with facial recognition technology. Which of the following is a potential privacy risk associated with this technology?
CorrectIncorrect -
Question 33 of 60
33. Question
A chemical plant uses a SCADA system to monitor and control various industrial processes. During a routine audit, the security team discovers that the SCADA system has an unpatched vulnerability that could allow an attacker to execute arbitrary code on the system. What is the MOST significant risk associated with this vulnerability?
CorrectIncorrect -
Question 34 of 60
34. Question
A manufacturing company has implemented an IoT solution to monitor its production line. The IoT devices collect data and send it to a centralized system for analysis. Which of the following is a vulnerability associated with this IoT technology?
CorrectIncorrect -
Question 35 of 60
35. Question
A company recently migrated its email system to a cloud-based provider that offers Software as a Service (SaaS) model. During the security assessment, the security team discovered that the provider’s email system has vulnerabilities that could be exploited by attackers. Which of the following is a threat associated with the SaaS cloud service model?
CorrectIncorrect -
Question 36 of 60
36. Question
A company is migrating its web application to a PaaS provider. Which of the following is a potential vulnerability associated with this move?
CorrectIncorrect -
Question 37 of 60
37. Question
A company is considering migrating its on-premises infrastructure to the cloud using an Infrastructure as a Service (IaaS) model. Which of the following risks should they be MOST concerned about when it comes to their data?
CorrectIncorrect -
Question 38 of 60
38. Question
A company has decided to move its data center to the cloud, and the IT team is tasked with evaluating the different cloud deployment models. They are concerned about the risks associated with the cloud deployment models and want to select the one with the least risk. Which of the following cloud deployment models is considered the LEAST risky?
CorrectIncorrect -
Question 39 of 60
39. Question
A company is considering a public cloud deployment model for their customer-facing application. Which of the following is a potential benefit of this deployment model?
CorrectIncorrect -
Question 40 of 60
40. Question
A company is considering moving its entire infrastructure to a public cloud provider. What is a potential security concern that they should be aware of?
CorrectIncorrect -
Question 41 of 60
41. Question
What is a potential security risk associated with using Function as a Service (FaaS) in a serverless architecture?
CorrectIncorrect -
Question 42 of 60
42. Question
A company uses Infrastructure as Code (IaC) to manage its cloud infrastructure. During a recent code review, a vulnerability was found in the IaC code that could allow unauthorized access to sensitive data. Which of the following is the BEST course of action to address this vulnerability?
CorrectIncorrect -
Question 43 of 60
43. Question
A company has implemented Infrastructure as Code (IaC) to manage its cloud infrastructure. During a recent code review, a developer noticed that the IaC code contained plain-text passwords. Which of the following is the BEST way to address this security risk?
CorrectIncorrect -
Question 44 of 60
44. Question
A company has recently migrated its IT infrastructure to a cloud-based platform. During the migration, a misconfigured encryption key was used to encrypt sensitive data stored in the cloud. The company has since discovered the issue and is concerned about the potential impact. Which of the following is a potential threat associated with improper key management in the cloud?
CorrectIncorrect -
Question 45 of 60
45. Question
Sarah is the IT manager at a small startup that recently moved its business to the cloud. They’re using a popular cloud provider that offers data storage and management services. Sarah has just received a notification that one of their storage buckets has been exposed to the public internet due to an error in their access control policy. Which of the following threats is MOST likely to occur as a result of this incident?
CorrectIncorrect -
Question 46 of 60
46. Question
A company uses an XML-based application to manage its customer data. An attacker has discovered a vulnerability in the application and plans to exploit it. Which of the following controls would mitigate the attack?
CorrectIncorrect -
Question 47 of 60
47. Question
In a company’s software application, a user inputs a large amount of data into a text field that is limited to a certain number of characters. As a result, the application crashes and the system becomes unresponsive. What type of attack is this?
CorrectIncorrect -
Question 48 of 60
48. Question
A company has a web application that uses XML to communicate with a backend database. An attacker has discovered a vulnerability in the application that allows them to execute malicious code. Which of the following controls would mitigate the attack?
CorrectIncorrect -
Question 49 of 60
49. Question
You are the network security administrator for a large company. You have recently discovered that an attacker has been using an integer overflow attack to exploit a vulnerability in one of your applications. Which mitigation technique would you recommend to prevent this attack in the future?
CorrectIncorrect -
Question 50 of 60
50. Question
A company uses a web application that allows users to upload and view images. A hacker exploits a vulnerability in the web application that allows them to upload malicious code and execute it on the server, gaining unauthorized access to the system. Which of the following controls can mitigate the risk of remote code execution?
CorrectIncorrect -
Question 51 of 60
51. Question
A company uses a web application that allows users to upload and download files. An attacker uploads a file containing malicious code and uses a directory traversal attack to execute the code on the server. Which control can mitigate this attack?
CorrectIncorrect -
Question 52 of 60
52. Question
A web application is vulnerable to a directory traversal attack. Which of the following controls can be implemented to mitigate this attack?
CorrectIncorrect -
Question 53 of 60
53. Question
A security analyst at a financial institution noticed suspicious activities on the company’s server. Upon further investigation, the analyst discovered that a non-privileged user had gained unauthorized access to sensitive information. What type of attack has likely occurred, and what control measures can be implemented to mitigate this attack?
CorrectIncorrect -
Question 54 of 60
54. Question
A company’s IT team discovered that an attacker had gained access to their server and had elevated their privileges to gain full control of the system. What measures can the team implement to mitigate this type of attack in the future?
CorrectIncorrect -
Question 55 of 60
55. Question
A company has recently suffered a data breach that resulted in the compromise of user account credentials. The security team has discovered that attackers are using these credentials to attempt to log in to various systems and applications. Which of the following controls can be implemented to mitigate this type of attack?
CorrectIncorrect -
Question 56 of 60
56. Question
A company has received reports of employees receiving emails from what appears to be the CEO’s email address. The emails contain a request for sensitive information. Upon investigation, it is discovered that the CEO’s email account was compromised. What type of attack is this?
CorrectIncorrect -
Question 57 of 60
57. Question
A company has detected an on-path attack on its network. The attacker is spoofing ARP packets to redirect network traffic to a malicious host. Which of the following controls can mitigate this type of attack?
CorrectIncorrect -
Question 58 of 60
58. Question
A company uses a web-based application for managing customer data. An attacker has managed to hijack the session of a customer and is now able to view and manipulate their data. Which control should the company implement to mitigate this attack?
CorrectIncorrect -
Question 59 of 60
59. Question
A security analyst has discovered the presence of a rootkit on a system during a routine scan. Which of the following is the BEST course of action to mitigate this attack?
CorrectIncorrect -
Question 60 of 60
60. Question
A company’s website is vulnerable to cross-site scripting (XSS) attacks. An attacker could potentially exploit this vulnerability by injecting malicious code into a web page, which would then execute when a user visits the page. Which of the following controls can be implemented to mitigate this attack?
CorrectIncorrect