chapter 1
What are the three core objectives of cybersecurity?
Confidentiality, integrity, and availability
Nick is assessing internal threat actors and considering what motivations are likely to drive them. Which of the following is the most likely motivation for an internal threat actor?
A. Espionage
B. Blackmail
C. War
D. Political beliefs
B. Blackmail
Valentine wants to choose an appropriate obfuscation method to allow he customer service representatives to validate credit card numbers without exposing the full number to the staff member. What obfuscation method should she select?
A. Masking
B. Tokenization
C. Steganography
D. Hashing
A. Masking
Yasmine is reviewing the software installed on a client's computer and notices that multiple browser toolbars, weather applications, and social media applications were preinstalled. What term best describes this software?
A. MSP's
B. Bloatware
C. Ransomware
D. Rootware
B. Bloatware
What threat actor is most likely to be motivated by political beliefs?
Hacktivists
Carol wants to obfuscate data that is contained in her database. She wants to be able to refer to the data elements without having the actual data exposed. What type of obfuscation option should she select?
A. Tokenization
B. Encryption
C. Data masking
D. Data randomization
A.
How is phishing different then general spam?
A. Its sent only to specific targeted individuals
B. It is intended to acquire credentials or other data
C. It is sent via SMS
D. It includes malware in the message
B. It is intended to acquire credentials or other data
What element of the CIA triad is geographic dispersion intended to help with?
A. Confidentiality
B. Integrity
C. Assurance
D. Availability
D. Availability
Which of the following is not a common concern related to the hardware vender supply chain?
A. Maleware preinstalled on hardware
B. Lack of availability of hardware
C. Third-party hardware modifications
D. Malicious firmware modifications
D. Malicious firmware modifications
You are a security administrator for a medium-sized bank. You have discovered a piece of software on your bank's database server that is not supposed to be there. It appears that the software will begin deleting database files if specific employee terminated. What best describes this?
Logic Bomb
Murali has deployed a file integrity monitoring tool and has configured alerts to notify him if files are modified. What control type best describes this solution?
A. Preventive
B. Deterrent
C. Directive
D. Detective
D.
Which of the following indicators is most commonly associated with a denial-of-service attack?
A. Resource inaccessibility
B. Impossible travel
C. Missing logs
D. Blocked logs
A. Resource inaccessibility
Casey's organization has proprietary information models that they use to analyze the market that they operate in. What data type best describes this information?
A. Trade secret
B. Regulated
C. Financial information
D. Public information
A. Trade secret
Julie wants to conduct a replay attack? What type of attack is most commonly associated with successful replay attack?
A. SQL injection
B. An on-path attack
C. Brute force
D. A DDos
B. An on-path attack
What element of the CIA triad is geographic dispersion intended to help with?
Availability
What key is used to decrypt information sent by another individual between two people using public key encryption?
A. The recipient's private key
B. The recipient's public key
C. The sender's private key
D. The sender's public key
A
During a regular review of logs. Jennifer notices that a regularly scheduled script that copies files to another server every hour has run multiple times within the last hour. What indicator of compromise should she categorize this as?
A. Concurrent session use
B. Out-of-cycle logging
C. Missing logs
D. Impossible travel
B. Out-of-cycle logging
Which of the following motivations is not currently associated with advanced presistent threat actors?
A. Ethical
B. War
C. Data exfiltration
D. Espionage
A. Ethical
What is the primary threat model against static codes used for multifactor authentication?
A. Brute force
B. Collisions
C. Theft
D. Clock mismatch
C. Theft
Ana has been told that her organization has deployed microwave sensors in the organization's warehouses. What are microwave sensors most frequently used to detect?
Motion
Valentine wants to detect if an intruder if an intruder has accessed a secure file server. Which of the following techniques will work best with a data loss prevention tool to identify data exfiltration?
A. A honeypot
B. A honeynet
C. A honeyfile
D. A honey token
C. Honeyfile
The malware that Joesph is working to counter has copied itself to workstations across his environment due to a central, shared fileshare. What type of malware is Joesph most likely fighting?
A virus
Tyler discovers that software his organization has depolyed sends information about the work stations back to a central server. After capturing network traffic that is being sent, he discovers that it includes the workstation's IP address, operating system, screen resolution, and information about other installed software. What type of maleware should Tyler classify this as?
Spyware
John is analyzing a recent malware infection on his company network. He discovers malware that can spread rapidly via vulnerable network services and does not require any interaction from the user. What best describes this malware?
A Worm
What process reviews control objectives for an organization, system, or service to determine if controls do not meet the control objectives?
A gap analysis