Cybersecurity Assessment Questions and Answers (2025), Exams of Cybercrime, Cybersecurity and Data Privacy

Download Cybersecurity Assessment Questions and Answers (2025) and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

CYBER

SECURITY

ASSESSMENT

QUESTIONS

WITH

ANSWERS

D. unit testing

8. In black box penetration testing, what information is provided to the tester about the target environment? A. none B. limited details of server and network infrastructure C. all information D. limited details of server infrastructure
9. Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services? A. intrusion prevention system (IPS) B. next generation firewall C. cloud access security broker (CASB) D. intrusion detection system (IDS)
10. Which option describes the best defense against collusion? A. monitoring of normal employee system and data access patterns B. applying system and application updates regularly C. fault tolerant infrastructure and data redundancy D. separation of duties and job rotation
11. During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time? A. rainbow table attack B. pass-the-hash attack C. password spray attack D. brute force attack
12. Which area is DMZ?

A. 4

B. 1

C. 2

D. 3

13. You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file? A. file hash B. asymmetric encryption C. digital signature D. symmetric encryption
14. What is the difference between DRP and BCP A. DRP works to keep a business up and running despite a disaster. BCP works to restore the original business capabilities. B. BCP works to keep a business up and running despite a disaster. DRP works to restore the original business capabilities. C. BCP is part of DRP. D. DRP is part of BCP.
15. Which aspect of cybersecurity do Distributed Denial of Service (DDoS) attacks affect the most? A. non-repudiation B. integrity C. availability D. confidentiality
16. You need to recommend a solution to automatically assess your cloud hosted VMs against CIS benchmarks to identify deviations from security best practices. What type of solution should you recommend? A. Cloud Security Posture Management (CSPM) B. Intrusion Detection and Prevention System (IDPS) C. Cloud Workload Protection Platforms (CWPP) D. Cloud Access Security Brokers (CASBs)
17. validates the integrity of data files. A. Compression B. Hashing C. Symmetric encryption D. Stenography
18. Which is an example of privacy regulation at the state government level in the U.S.? A. CCPA B. GDPR

B. unit testing C. white box testing D. static application security testing

25. You need to disable the camera on corporate devices to prevent screen capture and recording of sensitive documents, meetings, and conversations. Which solution would be suited to the task? A. Mobile Device Management (MDM) B. Data Loss Prevention (DLP) C. Intrusion Detection and Prevention System (IDPS) D. Cloud Access Security Broker (CASB)
26. How many keys would be necessary to accommodate 100 users in an asymmetric cryptography system? A. 200 B. 400 C. 100 D. 300
27. Two competing online retailers process credit card transactions for customers in countries on every continent. One organization is based in the United States. The other is based in the Netherlands. With which regulation must both countries comply while ensuring the security of these transactions? A. Federal Information Security Management Act (FISMA) B. Payment Card Industry Data Security Standard (PCI-DSS) General Data Protection Regulation (GDPR) C. International Organization for Standardization and International Electrotechnical D. Commission (ISO/IEC 27018)
28. What provides a common language for describing security incidents in a structures and repeatable manner? A. Common event format B. common weakness enumeration C. common vulnerabilities and exposures D. common vulnerability scoring system
29. Which type of application can intercept sensitive information such as passwords on a network segment? A. log server B. network scanner C. firewall D. protocol analyzer

30. An attacker has discovered that they can deduce a sensitive piece of confidential information by analyzing multiple pieces of less sensitive public data. What type of security issue exists? A. aggregation B. inference C. SQL injection D. cross-origin resource sharing
31. What act grants an authenticated party permission to perform an action or access a resource? A. Zero Trust Security B. Role-Based Access Control (RBAC) C. authorization D. Single Sign-On
32. According to GDPR, a data is the person about whom data is being collected. A. Processor B. object C. subject D. controller
33. Which is not a principle of zero trust security? A. use least privilege access B. verify explicitly C. trust but verify D. assume breach
34. Which attack exploits input validation vulnerabilities? A. ARP spoofing B. pharming attacks C. cross-site scripting (XSS) D. DNS poisoning
35. You are a security analyst, and you receive a text message alerting you of a possible attack. Which security control is the least likely to produce this type of alert? A. IDS B. SIEM C. packet sniffer D. IPS
36. SQL injection inserts a code fragment that makes a database statement universally true, like. A. SELECT * FROM users WHERE username = " AND 1=1--' B. SELECT * FROM users WHERE username = " AND 1!=1--'

D. Role-Based Access Control (RBAC)

43. Which cyberattack aims to exhaust an application's resources, making the application unavailable to legitimate users? A. SQL injection B. dictionary attack C. Distributed Denial of Service (DDoS) D. rainbow table attack
44. You are a recent cybersecurity hire, and your first assignment is to present on the possible threats to your organization. Which of the following best describes the task? A. risk mitigation B. threat assessment C. risk management D. enumeration
45. You are at a coffee shop and connect to a public wireless access point (WAP). What a type of cybersecurity attack are you most likely to experience? A. man-in-the-middle attack B. back door C. logic bomb D. virus
46. You have been tasked with recommending a solution to centrally manage mobile devices used throughout your organization. Which technology would best meet this need? A. Extended Detection and Response (XDR) B. Security Information Event Management (SIEM) C. Intrusion Detection and Prevention System (IDPS) D. Mobile Device Management (MDM)
47. Which type of vulnerability cannot be discovered in the course of a typical vulnerability assessment? A. file permissions B. buffer overflow C. zero-day vulnerability D. cross-site scripting
48. The DLP project team is about to classify your organization's data. What’s is the primary purpose of classifying data? A. It identifies regulatory compliance requirements. B. It prioritizes IT budget expenditures. C. It quantifies the potential cost of a data breach. D. It establishes the value of data to the organization.

49. You are responsible for managing security of your organization's public cloud infrastructure. You need to implement security to protect the data and applications running in a variety of IaaS and PaaS services, including a new Kubernetes cluster. What type of solution is best suited to this requirement? A. Cloud Workload Protection Platforms (CWPP) B. Cloud Security Posture Management (CSPM) C. Cloud Access Security Brokers (CASBs) D. Intrusion Detection and Prevention System (IDPS)
50. Sharing account credentials violates the aspect of access control. A. identification B. authorization C. accounting D. authentication
51. You have recovered a server that was compromised in a malware attack to its previous state. What is the final step in the incident response process? A. Eradication / Remediation B. Certification C. Reporting D. Lessons Learned
52. Which encryption type uses a public and private key pair for encrypting and decrypting data? A. asymmetric B. symmetric C. hashing D. all of these answers
53. You have just identified and mitigated an active malware attack on a user's computer, in which command and control was established. What is the next step in the process? A. Reporting B. Recovery C. Eradication / Remediation D. Lessons Learned
54. Which programming language is most susceptible to buffer overflow attacks? A. C B. Java C. Ruby D. Python
55. Which list correctly describes risk management techniques? A. risk acceptance, risk mitigation, risk containment, and risk qualification

B. a guide to risk assessments C. a guideline for vulnerability testing D. a step-by-step guide for performing business impact analyses

62. The most notorious military-grade advanced persistent threat was deployed in 2010, and targeted centrifuges in Iran. What was this APT call? A. duqu B. agent BTZ C. stuxnet D. flame
63. Where would you record risks that have been identified and their details, such as their ID and name, classification of information, and the risk owner? A. in the risk assessment documentation B. in the risk register C. in the business impact ledger D. in the Orange Book
64. To prevent an incident from overwhelming resources, is necessary. A. disconnection from the network B. early containment C. continuation of monitoring for other incidents D. eradication of the issues
65. FUD is expensive and often causes high drama over low risk. Which computer chip exploits were reported by CNN as needing to be completely replaced, but were later fixed with firmware updates? A. fire and ice exploits B. meltdown and spectre exploits C. Intel and STMicro CPU exploits D. super microboard and Apple iPhone exploits
66. The ASD Top Four are application whitelisting, patching of applications, patching of operating systems, and limiting administrative privileges. What percent of breaches do this account for? A. 40 percent B. 60 percent C. 85 percent D. 100 percent
67. You are working in the security operations center analyzing traffic on your network. You detect what you believe to be a port scan. What does this mean? A. This could be a specific program being run by your accounting department. B. This is an in-progress attack and should be reported immediately

C. This is normal operation for your business. D. This could be a precursor to an attack.

68. How often is the ISF Standard of Good Practice updated? A. annual B. biannually C. bimonthly D. monthly
69. Your incident response team is unable to contain an incident because they lack authority to take action without management approval. Which critical step in the preparation phase did your team skip? A. From an incident response committee to oversee any incidents that may occur. B. Get preauthorized to take unilateral action and make or direct emergency changes. C. Bring management in as leadership on the incident response team. D. Assign a head of the emergency response team who has the correct authority
70. NIST SP 800 - 53 is one of two important control frameworks used in cybersecurity. What is the other one? A. ISO 27001 B. NIST SP 800 - 54 C. ISO 27002 D. NIST SP 751 - 51
71. Which organization, established by NIST in 1990, runs workshops to foster coordination in incident prevention, stimulate rapid reaction to incidents, and allow experts to share information? A. Forum of Incident Response and Security Teams B. Crest UK Response Teams C. Community of Computer Incident Response Teams D. NIST Special Publication 800 - 61 Response Teams
72. You have implemented controls to mitigate the threats, vulnerabilities, and impact to your business. Which type of risk is left over? A. inherent risk B. residual risk C. applied risk D. leftover risk
73. There are four possible treatments once an assessment has identified a risk. Which risk treatment implements controls to reduce risk? A. risk mitigation B. risk acceptance C. risk avoidance

80. In 2014, 4,278 IP addresses of zombie computers were used to flood a business with over one million packets per minute for about one hour. What is this type of attack called? A. a salami attacks B. a DoS (Denial of Service) attack C. a DDoS (Distributed Denial of Service) attack D. a botnet attacks
81. The regulatory requirements for notifications of data breaches, particularly the European General Data Protection Regulations, have had what sort of effect on business? A. an increased business liability in the event of a data breach B. an increased consumer liability in the event of a data breach C. a decreased consumer liability in the event of a data breach D. a decreased business liability in the event of a data breach
82. Which compliance framework governs requirements for the U.S. healthcare industry? A. FedRAMP B. GDPR C. PCI-DSS D. HIPAA
83. What is the difference between DevOps and DevSecOps? A. DevSecOps requires the inclusion of cybersecurity engineers in the CI/CD process of DevOps. B. DevSecOps slows down the CI/CD process of DevOps. C. DevSecOps places security controls in the CI/CD process of DevOps. D. DevSecOps lets cybersecurity engineers dictate the CI/CD process of DevOps.
84. When does static application security testing require access to source code? A. always B. only when assessing regulatory compliance C. only if following the Agile model D. never
85. Your organization service customer orders with a custom ordering system developed in- hose. You are responsible for recommending a cloud model to meet the following requirements: Control of security required for regulatory compliance Legacy application and database support Scalability to meet seasonal increases in demand Which cloud model is the best option for these requirements? A. government cloud

B. public cloud C. hybrid cloud D. private cloud

86. You have just conducted a port scan of a network. There is no well-known port active. How do you find a webserver running on a host, which uses a random port number? A. Give up on the current target network and move on to the next one. B. Switch to another network scanning tool. Resort to more resource-intensive probing, like launching random attacks to all open ports. C. Turn on the stealth mode in your network scanning tool. Check whether you missed any other active ports associated with web servers. D. Turn on additional options in your network scanning tool to further investigate the details (type and version) of applications running on the rest of the active ports.
87. Executives in your organization exchange emails with external business partners when negotiating valuable business contracts. To ensure that these communications are legally defensible, the security team has recommended that a digital signature be added to these messages. What are the primary goals of the digital signature in this scenario? (Choose the best answer). A. integrity and non-repudiation B. privacy and non-repudiation C. privacy and confidentiality D. integrity and privacy
88. Which option is a mechanism to ensure non-repudiation? A. MD B. Caesar cipher C. symmetric-key encryption D. asymmetric-key encryption
89. Which software development lifecycle approach is most compatible with DevSecOps? A. Agile B. Model-Driven Development C. Waterfall D. Model-Driven Architecture
90. Which information security principle states that organizations should defend systems against any particular attack using several independent methods? A. separation of duties B. privileged account management (PAM) C. defense-in-depth D. least privilege

C. UDP that is connectionless D. TCP that is connectionless

98. Which type of attack targets vulnerabilities associated with translating MAC addresses into IP addresses in computer networking? A. DNS poisoning B. CRL trapping C. ARP spoofing D. DDoS
99. You are part of an incident response team at your company. While sifting through log files collected by a SIEM, you discover some suspicious log entries that you want to investigate further. Which type of the following best refers to those recorded activities demanding additional scrutiny? A. attack B. information C. threat D. event
100. You are responsible for forensic investigations in your organization. You have been tasked with investigating a compromised virtual application server. Because a revenue generating application runs on the server, the server needs to be returned to service as quickly as possible. What is the next step you should take to best fulfil your responsibilities and meet the needs of the business? A. Restore the server from backup immediately. B. Take the server ofline until your investigation is complete. C. Take a snapshot of the compromised virtual server for your investigation. D. Restart the server. Remediate the issue after business hours.
101. Site-to-site VPN provides access from one network address space (192.168.0.0/24) to another network address space _ site-to-site VPN provides access from one network address space (192.168.0.0/24) to another network address space. A. 192.168.0.1/ B. 192.168.0.3/ C. 10.10.0.0/ D. 192.168.0.2/
102. You are researching probable threats to your company’s internet-facing web applications. Which organization should you reference as an authoritative source for information on web-based attack vectors? A. EC-Council B. ISACA C. NIST

D. OWASP

103. Which action is most likely to simplify security staff training, improve integration between security components, and reduce risk to the business? (Choose the best answer.) A. adopting a "best-in-suite" approach to security B. adopting a "trust but verify" approach to security C. adopting a "best-of-breed" approach to security D. adopting a "defense-in-depth" approach to security
104. attacks can execute the code injected by attackers as part of user inputs. A. Ping of death B. Buffer overflow C. Distributed Denial of Service D. Denial of Service
105. Which activity is not part of risk assessment? A. identifying and valuing assets B. analyzing risks by criticality and cost C. discontinuing activities that introduce risk D. identifying threats and analyzing vulnerabilities
106. In response to an alert regarding a possible security incident, you are analyzing the logs for a web application. In the process, you see the following string: ./../../../var/secrets What type of attack was most likely attempted against the application? A. brute force B. session hijacking C. cross-site scripting D. directory traversal
107. Which quadrant should be the focus of risk management? A. 2