Amber is working as a team lead in an organization. She was instructed to share a policy document with all the employees working from remote locations and collect them after filling. She shared the files from her mobile device to the concerned employees through the public Internet. An unauthorized user accessed the file in transit, modified the file, and forwarded it to the remote employees.
Based on the above scenario, identify the security risk associated with mobile usage policies.
- A . Lost or stolen devices
- B . Infrastructure issues
- C . Improperly disposing of devices
- D . Sharing confidential data on an unsecured network
Barbara, a security professional, was monitoring the loT traffic through a security solution. She identified that one of the infected devices is trying to connect with other loT devices and spread malware onto the network. Identify the port number used by the malware to spread the infection to other loT devices.
- A . Port 25
- B . Port 443
- C . Port 110
- D . Port 48101
Barbara, a security professional, was monitoring the loT traffic through a security solution. She identified that one of the infected devices is trying to connect with other loT devices and spread malware onto the network. Identify the port number used by the malware to spread the infection to other loT devices.
- A . Port 25
- B . Port 443
- C . Port 110
- D . Port 48101
Barbara, a security professional, was monitoring the loT traffic through a security solution. She identified that one of the infected devices is trying to connect with other loT devices and spread malware onto the network. Identify the port number used by the malware to spread the infection to other loT devices.
- A . Port 25
- B . Port 443
- C . Port 110
- D . Port 48101
Barbara, a security professional, was monitoring the loT traffic through a security solution. She identified that one of the infected devices is trying to connect with other loT devices and spread malware onto the network. Identify the port number used by the malware to spread the infection to other loT devices.
- A . Port 25
- B . Port 443
- C . Port 110
- D . Port 48101
Barbara, a security professional, was monitoring the loT traffic through a security solution. She identified that one of the infected devices is trying to connect with other loT devices and spread malware onto the network. Identify the port number used by the malware to spread the infection to other loT devices.
- A . Port 25
- B . Port 443
- C . Port 110
- D . Port 48101
Barbara, a security professional, was monitoring the loT traffic through a security solution. She identified that one of the infected devices is trying to connect with other loT devices and spread malware onto the network. Identify the port number used by the malware to spread the infection to other loT devices.
- A . Port 25
- B . Port 443
- C . Port 110
- D . Port 48101
The AP uses its configured WEP key to decrypt the encrypted text and compares it with the original challenge text.
What is the correct sequence of steps involved in establishing a network connection using the shared key authentication process?
- A . 4 — >2 — >1 — >3 — >5
- B . 4 — >1 — >3 — >5 — >2
- C . 2 — >4 — >5 — >1 — >3
- D . 4 — >5 — >3 — >2 — >1
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspectable to theft or natural disasters.
- A . Cloud data backup
- B . Onsite data backup
- C . Offsite data backup
- D . Online data backup
Which of the following types of network traffic flow does not provide encryption in the data transfer process, and the data transfer between the sender and receiver is in plain text?
- A . SSL traffic
- B . HTTPS traffic
- C . SSH traffic
- D . FTP traffic
Alice was working on her major project; she saved all her confidential files and locked her laptop. Bob wanted to access Alice’s laptop for his personal use but was unable to access the laptop due to biometric authentication.
Which of the following network defense approaches was employed by Alice on her laptop?
- A . Retrospective approach
- B . Preventive approach
- C . Reactive approach
- D . Proactive approach
Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?
- A . Reconnaissance signatures
- B . Unauthorized access signatures
- C . Denial-of-service (DoS) signatures
- D . Informational signatures
Finch, a security auditor, was assigned the task of providing devices to all the employees to enable work from remote locations. Finch restricted the devices to work only for organization-related tasks, and not for personal use.
Which of the following mobile usage policies has Finch implemented in the above scenario?
- A . CYOD
- B . COBO
- C . COPE
- D . BYOD
In an organization, employees are restricted from using their own storage devices, and only the company’s portable storage devices are allowed. As employees are carrying the company’s portable device outside their premises, the data should be protected from unauthorized access.
Which of the following techniques can be used to protect the data in a portable storage device?
- A . Data retention
- B . Data encryption
- C . Data resilience
- D . Disk mirroring
Which of the following algorithms uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes?
- A . MD5
- B . SHA-2
- C . SHA-3
- D . MD6
Which of the following algorithms uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes?
- A . MD5
- B . SHA-2
- C . SHA-3
- D . MD6
ldentify and classify the data to be included in the data retention policy 5.Develop the data retention policy
Identify the correct sequence of steps involved.
- A . 3 — >2 — >5 — >4 — >1
- B . 3 — >1 — >4 — >5 — >2
- C . 1 — >3 — >4 — >2 — >5
- D . 1 — >5 — >4 — >2 — >3
Cibel.org, an organization, wanted to develop a web application for marketing its products to the public. In this process, they consulted a cloud service provider and requested provision of development tools, configuration management, and deployment platforms for developing customized applications.
Identify the type of cloud service requested by Cibel.org in the above scenario.
- A . Security-as-a-service (SECaaS)
- B . Platform-as-a-service
- C . Infrastructure-as-a-service {laaS)
- D . ldentity-as-a-service {IDaaS)
Ben, a computer user, applied for a digital certificate. A component of PKI verifies Ben’s identity using the credentials provided and passes that request on behalf of Ben to grant the digital certificate.
Which of the following PKI components verified Ben as being legitimate to receive the certificate?
- A . Certificate authority (CA)
- B . Registration authority {RA)
- C . Certificate directory
- D . Validation authority (VA)
George, a certified security professional, was hired by an organization to ensure that the server accurately responds to customer requests. In this process, George employed a security solution to monitor the network traffic toward the server. While monitoring the traffic, he identified attack signatures such as SYN flood and ping of death attempts on the server.
Which of the following categories of suspicious traffic signature has George identified in the above scenario?
- A . Informational
- B . Reconnaissance
- C . Unauthorized access
- D . Denial-of-service (DoS)
Identify the loT communication model that serves as an analyzer for a company to track monthly or yearly energy consumption. Using this analysis, companies can reduce the expenditure on energy.
- A . Device-to-device model
- B . Cloud-to-cloud model
- C . Device-to-cloud model
- D . Device-to-gateway model
Finch, a security professional, was instructed to strengthen the security at the entrance. At the doorway, he implemented a security mechanism that allows employees to register their retina scan and a unique six- digit code, using which they can enter the office at any time.
Which of the following combinations of authentication mechanisms is implemented in the above scenario?
- A . Biornetric and password authentication
- B . Password and two-factor authentication
- C . Two-factor and smart card authentication
- D . Smart card and password authentication
Identify the UBA tool that collects user activity details from multiple sources and uses artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated.
- A . Nmap
- B . ClamWin
- C . Dtex systems
- D . Wireshark
Identify the UBA tool that collects user activity details from multiple sources and uses artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated.
- A . Nmap
- B . ClamWin
- C . Dtex systems
- D . Wireshark
Identify the UBA tool that collects user activity details from multiple sources and uses artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated.
- A . Nmap
- B . ClamWin
- C . Dtex systems
- D . Wireshark
Identify the UBA tool that collects user activity details from multiple sources and uses artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated.
- A . Nmap
- B . ClamWin
- C . Dtex systems
- D . Wireshark
Identify the UBA tool that collects user activity details from multiple sources and uses artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated.
- A . Nmap
- B . ClamWin
- C . Dtex systems
- D . Wireshark
WPA2 Enterprise
Identify the correct order of wireless encryption modes in terms of security from high to low.
- A . 2 — >1 — >4 — >3
- B . 3 — >1 — >4 — >2
- C . 4 — >2 — >3 — >1
- D . 4 — >3 — >2 — >1
Which of the following IDS components analyzes the traffic and reports if any suspicious activity is detected?
- A . Command console
- B . Network sensor
- C . Database of attack signatures
- D . Response system
Which of the following objects of the container network model (CNM) contains the configuration files of a container’s network stack, such as routing table, container’s interfaces, and DNS settings?
- A . Endpoint
- B . Sandbox
- C . Network drivers
- D . IPAM drivers
Mark, a network administrator in an organization, was assigned the task of preventing data from falling into the wrong hands. In this process, Mark implemented authentication techniques and performed full memory encryption for the data stored on RAM.
In which of the following states has Steve encrypted the data in the above scenario?
- A . Data in use
- B . Data in transit
- C . Data inactive
- D . Data in rest
Jacob, an attacker, targeted container technology to destroy the reputation of an organization. To achieve this, he initially compromised a single container exploiting weak network defaults, overloaded the rest of the containers in the local domain, and restricted them from providing services to legitimate users.
Identify the type of attack initiated by Jacob in the above scenario.
- A . Cross-container attack
- B . Docker registry attack
- C . Container escaping attack
- D . Replay attack
Which of the following ISO standards provides guidance to ensure that cloud service providers offer
appropriate information security controls to protect the privacy of their customer’s clients by securing personally identifiable information entrusted to them?
- A . ISO/IEC 27001
- B . ISO/IEC 27018
- C . ISO/IEC 27011
- D . ISO/IEC 27007
John has recently joined an organization and completed his security training. The organization conducted a security campaign on their employees by sending a fake email stating the urgency of password reset. John identified that it was an illegitimate mail and reported it as spam.
Identify the type of attack initiated by the organization as part of the security campaign discussed in the above scenario.
- A . Phishing
- B . Tailgating
- C . Dumpster diving
- D . Shoulder surfing
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks.
Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
- A . WPA
- B . WPA3
- C . EAP
- D . WEP
Jamie wants to send a confidential file to her friend Alice. For this purpose, they installed an application for securely sharing the file. The application employs an encryption algorithm that uses the same shared secret key for encryption and decryption of data.
Identify the type of cryptography employed by the application used by Alice and Jamie for file sharing.
- A . Symmetric cryptography
- B . Public-key cryptography
- C . RSA cryptosystem
- D . Asymmetric cryptography
James was recruited as security personnel in an organization and was instructed to secure the organization’s infrastructure from physical threats. To achieve this, James installed CCTV systems near gates, reception, hallways, and workplaces to capture illicit activities inside the premises, identify activities that need attention, collect images as evidence, and aid in an alarm system.
Identify the type of physical security control implemented by James in the above scenario.
- A . Video surveillance
- B . Fire-fighting systems
- C . Lighting system
- D . Physical barriers
James was recruited as security personnel in an organization and was instructed to secure the organization’s infrastructure from physical threats. To achieve this, James installed CCTV systems near gates, reception, hallways, and workplaces to capture illicit activities inside the premises, identify activities that need attention, collect images as evidence, and aid in an alarm system.
Identify the type of physical security control implemented by James in the above scenario.
- A . Video surveillance
- B . Fire-fighting systems
- C . Lighting system
- D . Physical barriers
James was recruited as security personnel in an organization and was instructed to secure the organization’s infrastructure from physical threats. To achieve this, James installed CCTV systems near gates, reception, hallways, and workplaces to capture illicit activities inside the premises, identify activities that need attention, collect images as evidence, and aid in an alarm system.
Identify the type of physical security control implemented by James in the above scenario.
- A . Video surveillance
- B . Fire-fighting systems
- C . Lighting system
- D . Physical barriers
James was recruited as security personnel in an organization and was instructed to secure the organization’s infrastructure from physical threats. To achieve this, James installed CCTV systems near gates, reception, hallways, and workplaces to capture illicit activities inside the premises, identify activities that need attention, collect images as evidence, and aid in an alarm system.
Identify the type of physical security control implemented by James in the above scenario.
- A . Video surveillance
- B . Fire-fighting systems
- C . Lighting system
- D . Physical barriers
James was recruited as security personnel in an organization and was instructed to secure the organization’s infrastructure from physical threats. To achieve this, James installed CCTV systems near gates, reception, hallways, and workplaces to capture illicit activities inside the premises, identify activities that need attention, collect images as evidence, and aid in an alarm system.
Identify the type of physical security control implemented by James in the above scenario.
- A . Video surveillance
- B . Fire-fighting systems
- C . Lighting system
- D . Physical barriers
Voice recognition
Identify the techniques that fall under biometric authentication.
- A . 1, 3, and 4
- B . 1, 2, and 3
- C . 2, 3, and 4
- D . 1, 2, and 4
Kelly, a cloud administrator at TechSol Inc., was instructed to select a cloud deployment model to secure the corporate data and retain full control over the data.
Which of the following cloud deployment models helps Kelly in the above scenario?
- A . Public cloud
- B . Multi cloud
- C . Community cloud
- D . Private cloud
Steve was sharing his confidential file with John via an email that was digitally signed and encrypted. The digital signature was made using the "Diffie-Hellman (X9.42) with DSS" algorithm, and the email was encrypted using triple DES.
Which of the following protocols employs the above features to encrypt an email message?
- A . S/MIME
- B . EAP
- C . RADIUS
- D . TACACS+