Question 1 Question 5

What does confidentiality of data imply to A security administrator wants to ensure

that the message the administrator sends
• Rules which prevent data from being
out to their Chief Financial Officer (CFO)
changed
does not get changed in route. Which of the
• Rules which restrict access only to
following is the administrator MOST
those who need to know
concerned with?
• Rules which hide data
• Rules which allow access only to all • Data confidentiality
parties • High availability
• Data integrity
Question 2
• Business continuity
The action or process of identifying
Question 6
someone or something or the fact of being
identified. Are intended to limit the extent of any
damage caused by the incident by
• Monitoring
recovering the organization to normal
• Identification
working status as efficiently as possible.
• Running
• Implementation • Active controls.
• Preventive controls
• Corrective controls
Question 3
• Detective controls
These are attacks designed to compromise
network security by either eavesdropping
on or intercepting and manipulating Question 7
network traffic.
It is the term used for a broad range of
• Social Engineering Attacks malicious activities accomplished through
• Network-based Attacks human interactions.
• Physical Security Attacks
• Network-Based Attacks
• Software-Based Attacks
• Social Engineering Attacks
• Software-Based Attacks
• Physical Security Attacks
Question 4
What isn't objective of security?

• Intrusion
• Risk
• Vulnerability
• Threats
Question 8 Question 11
What is not needed to be protected? It is one way to enable security during the
process of message transmission when the
• Intruder
message is intended for a recipient only.
• System
• Data • Asymmetric encryption
• Infrastructure • encryption key
• Hashing
• Symmetric encryption
Question 9
What does confidentiality of information
Question 12
allude to?
It establishes secure connections between
• Rules which restrict access only to
hosts.
those who need to know
• Rules which prevent data from being • Digital Signature
changed • Cipher Suites
• Rules which allow access only to all • Key exchange
parties • Session Keys
• Rules which hide data
Question 13
During a routine audit a web server is
Question 10 flagged for allowing the use of weak
ciphers. Which of the following should be
It is to set upon in a powerful, rough,
disabled to mitigate this risk? (Select TWO).
antagonistic, or forceful way, with or
without a weapon • AES
• SSL 3.0
• Control
• SSL 1.0
• Integrity
• RC4
• Attack
• CIA Triad
Question 14
It can only encrypt data; that data cannot
be decrypted

• Steganography
• Block cipher
• Stream ciphers
• Hash function
Question 15 Question 18
While rarely enforced, mandatory vacation Which of the following should be used
policies are effective at uncovering: when a business needs a block cipher with
minimal key size for internal encryption?
• Collusion between two employees
who perform the same business • RC5
function. • Blowfish
• Help desk technicians with oversight • AES
by multiple supervisors and detailed • 3DES
quality control systems.
• Acts of incompetence by a systems
engineer designing complex Question 19
architectures as a member of a
It only denies a permission until the user or
team.
group can perform the permission
• Acts of gross negligence on the part
of system administrators with • Job rotation
unfettered access to system and no • Access control
oversight. • Implicit deny
• Separation of duties

Question 16
It is the assurance that someone cannot Question 20
deny the validity of something. A security analyst discovered data such as
• Non-repudiation images and word documents hidden within
different types of files. Which of the
• Authentication
following cryptographic concepts describes
• Authorization
what was discovered?
• Identification
• Hashing
• Symmetric encryption
Question 17
• Non-repudiation
It is a random string of bits created explicitly • Steganography
for scrambling and unscrambling data.

• Asymmetric encryption
• Symmetric encryption
• Hashing
• encryption key
Question 21 Question 24
It ought to clearly recognize how the It includes to begin with recognizing the
arrangement will be implemented and how bunches and individuals who will have to be
security breaches and/or wrongdoing will compelled to alter as the result of the
be dealt with. project, and in what ways they will ought to
change.
• Enforcement
• User Access to Computer Resources • Change management
• Procedures • Organizational change management
• Security policies • Enterprise change management
• Individual change management

Question 22
Question 25
It distinguishes all the ways that the system
can be remotely accessed and what is in put Paper and electronic records to the
to guarantee that get to be from as it were University Archives if they have permanent
authorized people legal, fiscal, administrative, or historical
value.
• Information Security Training
• Remote Access • Shred
• Acceptable User Policy • Delete
• Information Security Auditing • Recycle
• Transfer

Question 23
Question 26
It ought to recognize the parts and duties of
clients getting to assets on the It ought to state clearly the prerequisites
organization's network forced on clients for passwords

• Security policies • Security Profiles

• Enforcement • Passwords
• Procedures • Sensitive data
• User Access to Computer Resources • E-Mail
Question 27 Question 30
It is the teach that guides how we plan, These are typically stored in folders, which
prepare and back people to effectively are kept in filing cabinets.
embrace alter in arrange to drive
• Retention Schedules
organizational victory and results.
• Paper documents
• Individual change management • Classification
• Change management • Official information
• Organizational change management
• Enterprise change management
Question 31
It can lead to a tremendous drop in guests
Question 28
of websites.
It incorporates how to handle connections,
• Spam
through sifting, individual utilize of the mail
• Spim
framework, dialect confinements, and
authentic necessities • whaling
• URL hijacking
• E-Mail
• Passwords
• Security Profiles Question 32
• Sensitive data
At the outside break area, an employee,
Ann, asked another employee to let her into
the building because her badge is missing.
Question 29
Which of the following does this describe?
It addresses any data that's secured against
• Tailgating
ridiculous divulgence.
• Impersonation
• Sensitive data • Shoulder surfing
• Security Profiles • Whaling
• Passwords
• E-Mail
Question 33 Question 36
It copies (something) whereas overstating It is spontaneous as a rule commercial
its characteristic highlights for comedian messages sent to a huge number of
impact beneficiaries or posted in an expansive
number of places
• Vishing
• Spoofing • Spam
• Phishing • Spim
• Hoax • whaling
• URL hijacking

Question 34
Question 37
It is the process by which a URL is wrongly
removed from the search engine index and A human resources employee receives an
replaced by another URL. email from a family member stating there is
a new virus going around, In order to
• Spim
remove the virus, a user must delete the
• URL hijacking
Boot.ini file from the system immediately.
• Spam This is an example of which of the
• Whaling following?

• Whaling
Question 35 • Spam
• Phishing
It is unsolicited usually commercial
• Hoax
messages sent to a large number of
recipients or posted in a large number of
places
Question 38
• Spam
Isn't restricted to looking through the junk
• Spim
for self-evident treasures like get to codes
• whaling or passwords composed down on sticky
• URL hijacking notes.

• Spam
• Shoulder surfing
• Tailgating
 • Dumpster diving

Question 42
Question 39
Which of the following malware types is
It is also known as piggybacking MOST likely to execute its payload after
Jane, an employee, has left the company?
• Spam
• Dumpster diving • Logic bomb
• Tailgating • Worm
• Shoulder surfing • Rootkit
• Botnet

Question 40
Question 43
Mike, a user, states that he is receiving
several unwanted emails about home loans. It can happen there the hacker uses some
Which of the following is this an example website applications to transfer some bad
of? malicious code.

• Spoofing • XML injection

• Spam • LDAP injection
• Hoaxes • Cross-site scripting
• Spear phishing • SQL injection

Question 41 Question 44

Account lockout is a mitigation strategy It does not corrupt or modify files on a

used by Jane, the administrator, to combat target computer.
which of the following attacks?
• Worms
• Spoofing • Spyware
• Brute force • Adware
• Man-in-the-middle • Viruses
• Privilege escalation
Question 45 Question 48
It can also install additional software, which A security administrator examines a
can redirect your web browser to other network session to a compromised
sites or change your home page. database server with a packet analyzer.
Within the session there is a repeated series
• Adware
of the hex character 90 (x90). Which of the
• Spyware
following attack types has occurred?
• Worms
• Viruses • XML injection
• Buffer overflow
• Cross-site scripting
Question 46 • SQL injection

These are considered one of the most

serious types of malware since they may be
Question 49
used to gain unauthorized access to remote
systems and perform malicious operations. It consumes bandwidth and ties up
processor and memory resources, slowing
• Rootkits
the system down, and causing the system to
• keylogger
become unusable.
• Trojan Horse
• Backdoor Attacks • Worms
• Viruses
• Spyware
Question 47 • Adware
It will continue to spread and infect devices
even if its signature changes to avoid
Question 50
detection
A server administrator notes that a legacy
• Ransomware
application often stops running due to a
• Botnets
memory error. When reviewing the
• Logic Bombs debugging logs, they notice code being run
• Polymorphic Malware calling an internal process to exploit the
machine. Which of the following attacks
does this describe?

• Malicious add-on
• Zero-day
 • Buffer overflow
• Cross site scripting

Question 51
Question 54
It usually does not conform to wireless LAN
It is a device hack performed when a
(WLAN) security policies, and additionally
wireless, Bluetooth-enabled device is in
can allow anyone with a Wi Fi device to
discoverable mode.
connect to your network.
• Evil Twins
• Wireless security
• Bluejacking
• Evil Twins
• Jamming
• Rogue Access Points
• Bluesnarfing
• Transitive access

Question 55
Question 52
The practice of marking open wireless
It is a hacking method that allows an
access points is called which of the
individual to send anonymous messages to
following?
Bluetooth-enabled devices within a certain
radius. • Evil twin
• War dialing
• Bluejącking
• War driving
• Jamming
• War chalking
• Evil Twins
• Bluesnarfing
Question 56

Question 53 It is an attack on the protocol used to

determine a device's hardware address
All the following are Environmental Threats
(MAC address) on the network when the IP
except
address is known.
• Assessment
• Denial-of-service attack
• Flood
• Session hijacking
• Extreme temperature
• ARP poisoning
• Extreme humidity
• Distributed denial of service
Question 57 Question 60
It is an attack whereby the attacker renders It is an assault where the assailant subtly
a machine or network resource unavailable. transfers and conceivably modifies the
communications between two parties who
• Distributed denial of service
accept that they are specifically
• Session hijacking
communicating with each other.
• ARP poisoning
• Denial-of-service attack • Replay Attacks
• Eavesdropping Attacks
• Evil twin attack
Question 58 • Man-in-the-Middle Attacks
Joe, a user, in a coffee shop is checking his
email over a wireless network. An attacker
records the temporary credentials being
passed to Joe's browser. The attacker later
uses the credentials to impersonate Joe and
creates SPAM messages. Which of the
following attacks allows for this
impersonation?

• Header manipulation
• Directory traversal
• Session hijacking
• XML injection

Question 59
It can be troublesome to distinguish since
the network transmissions will show up to
be working regularly.

• Replay Attacks
• Eavesdropping Attacks
• Evil twin attack
• Man-in-the-Middle Attacks