Blockchain relies on which cryptographic algorithm to make it computationally infeasible to try to replace a block or insert a new block of information without the approval of all entities involved?

     a.     Cryptographic hash algorithms

     b.     Symmetric cryptographic algorithms

     c.     RSA algorithm

     d.     Asymmetric cryptographic algorithms

Which of the following is a deception instrument?

     a.     WAF

     b.     Sinkhole

     c.     Forward proxy

     d.     Reverse proxy

Which of the following describes a memory leak attack?

     a.     Memory leak attacks take advantage of the token generated and sent to the user's browser by the website as part of the authentication.

     b.     In a memory leak attack, an attacker changes the variable's value to something outside the range the programmer had intended.

     c.     A memory leak occurs when a process attempts to store data beyond a fixed-length storage buffer's boundaries.

     d.     In a memory leak attack, the threat actor takes advantage of the programming error of not freeing the memory after executing a process, taking advantage of the device's low memory conditions to attack.

Max found someone is impersonating him after discovering that data sent to him was always being received by someone else in his enterprise network. He informed the network administrator about the issue. While inspecting the switch, the administrator discovered that the threat actor was another employee at the same enterprise.

As a senior security consultant, which of the following attacks should you mention in the charge sheet?

     a.     DDoS attack

     b.     DNS poisoning

     c.     MAC cloning attack

     d.     MITB attack

Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test?

     a.     A vulnerability scan identifies deep vulnerabilities.

     b.     A vulnerability scan is usually automated.

     c.     A vulnerability scan is usually a manual process.

     d.     A vulnerability scan can be done when a regulatory body requires it or on a pre-determined schedule.

Which of the following is defined as a structure for governing all the elements involved in digital certificate management?

     a.     PKI

     b.     Web of trust model

     c.     M-of-N control

     d.     CA

Which type of threat actor would benefit the most from accessing your enterprise's new machine learning algorithm research and development program?

     a.     Shadow IT

     b.     Brokers

     c.     Criminal syndicates

     d.     Competitors

Which of the following tools can be used to scan 16 IP addresses for vulnerabilities?

     a.     Nessus Essentials

     b.     Nessus

     c.     QualysGuard

     d.     App Scan

The files in James's computer were found spreading within the device without any human action. As an engineer, you were requested to identify the problem and help James resolve it. During file code inspection, you noticed that certain types of files in the computer have similar codes.

You found that the problem is coming from a set of codes that are not part of the actual files, appended at the bottom of the file. You also noticed a transfer control code written at the beginning of the files giving control to the code at the bottom of the file.

Which type of infection is this a characteristic of?

     a.     This is a typical characteristic of a spyware infection in the endpoint device.

     b.     This is a typical characteristic of an endpoint device infected with a file-based virus attack.

     c.     This is a typical characteristic exhibited by files attacked by ransomware in the device.

     d.     This is a typical characteristic of files infected by keystrokes in an endpoint.

Which of the following vulnerabilities involves connecting a flash drive infected with malware to a mobile device?

     a.     Tethering

     b.     USB-on-the-go (OTG)

     c.     Malicious USB cable

     d.     Hotspots

Which feature of cryptography is used to prove a user's identity and prevent an individual from fraudulently reneging on an action?

What is a jump box used for?

Which platform is known for its vulnerabilities due to age?

Malik and Chris are shopping for shoes on an e-commerce website and need to enter their credit card details. What can assure them that they are using the retailer's authentic website and not an imposter's look-alike site that will steal their credit card details?

Which protocol is used to prevent looping in a switch?