









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A wide range of cybersecurity topics, including web 3.0, cloud computing models, network protocols, port scanning techniques, malware types, social engineering attacks, vulnerability management, and network security devices. It provides an overview of key cybersecurity concepts, threats, and mitigation strategies. The document could be useful for students studying computer science, information technology, or cybersecurity-related fields, as it covers fundamental principles and practical applications in these domains. The content could serve as study notes, lecture materials, or supplementary resources for courses on network security, ethical hacking, or information assurance.
Typology: Exams
1 / 15
This page cannot be seen from the preview
Don't miss anything!










True or False: Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks, including data mining, event processing, and predictive analytics. - ANS True True or False: The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use than enterprise IT solutions is known as consumerization. - ANS True Which action is associated with Web 1.0? A. checking CNN's website for news B. posting on Facebook C. adding information to Wikipedia D. asking Apple's Siri a question - ANS A Which action is associated with Web 3.0? A. checking CNN's web site for new B. posting on Facebook C. adding information to Wikipedia D. asking Apple's Siri a question - ANS D
Which port is used for encrypted communication? A. 22 B. 80 C. 389 D. 25 - ANS A Which protocol distinguishes between applications using port numbers? A. TCP B. ICMP C. ESP D. UDP - ANS A How do attackers prevent port scans from being noticed by monitoring software? A. Scan ports so quickly it is finished before it can be detected and stopped B. scan ports so slowly it looks like random attempts to connect, rather than a concerted attack C. scan ports from an internal device D. scan ports through WiFi instead of Ethernet - ANS A Which potentially risky attribute is the most serious? A. Pervasive B. malware C. excessive bandwidth D. tunnels - ANS B Which one of these applications can be used as a tunnel for other applications? A. Telnet B. SMTP C. HTTPS D. SSH - ANS D Which two devices or systems require the configuration of non-standard ports to be able to use an application on a non-standard port? (Choose two.) A. firewall B. client C. server D. operating system E. certificate - ANS B & C
B. having an advanced persistent threat change your information C. having the regulator punish you for being non-compliant D. having malicious insiders steal information - ANS C What does CVE mean? A. Computer Vulnerabilities and their Exploits B. Computer Vulnerabilities and Exposures C. Common Vulnerabilities and their Exploits D. Common Vulnerabilities and Exposures - ANS D What is the difference between CVE and CVSS? A. CVE tells you what the vulnerabilities are. CVSS gives vulnerabilities a score (0- 10) to evaluate how serious they are. B. CVE is on a scale of low, medium, high, critical. CVSS is on a scale of 0-100. C. CVSS tells you what the vulnerabilities are. CVE gives vulnerabilities a score (0- 10) to evaluate how serious they are. D. CVE is on a scale of 0-100. CVSS is on a scale of 0-10. - ANS A True or False. External threat actors have accounted for the majority of data breaches over the past five years. - ANS False Which group is likely to attack indiscriminately, whether you are a valuable target or not? A. hacktivists B. cybercriminals C. cyberterrorists D. state-affiliated groups - ANS C Which group is primarily motivated by money? A. hacktivists B. cybercriminals C. cyberterrorists D. state-affiliated groups - ANS B True or False: The cyberattack lifecycle is a seven-step process. - ANS True True or False: An attacker needs to succeed in executing only one step of the cyberattack lifecycle to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack. - ANS False True or False: The key to breaking the cyberattack lifecycle during the Installation phase is to implement network segmentation, a Zero Trust model, and granular control of applications to limit or restrict an attacker's lateral movement within the network. - ANS True Which stage of the cyberattack lifecycle can be identified by port scans from external sources?
A. Reconnaissance B. Weaponization and Delivery C. Exploitation D. Installation - ANS A Which stage of the cyberattack lifecycle involves querying public databases and testing exploits in the attacker's internal network? A. Reconnaissance B. Weaponization and Delivery C. Exploitation D. Installation - ANS B Which step is involved in getting malware to run on the inside of the targeted organization? A. Weaponization and Delivery B. Exploitation and Installation C. Command and Control D. Actions on the Objective - ANS B In which stage of the cyberattack lifecycle would you identify unusual communication between an internal database that should not access the internet and an external server? A. Exploitation B. Installation C. Command and Control D. Actions on the Objective - ANS C Which two malware types are self-replicating? (Choose two.) A. logic bomb B. back door C. virus D. trojan horse E. worm - ANS C & E Which two malware types are likely to be left behind by a disgruntled employee? (Choose two.) A. logic bomb B. back door C. virus D. trojan horse - ANS A & B Which two malware types require external communication channels? (Choose two.) A. ransomware NO B. spyware C. adware D. logic bomb - ANS B & C
Your CFO receives an email with her name that claims to be the company's bank and tells her to click the link https://chase.bankofamerica.mysite.ru.What type of attack is this? A. spamming B. phishing C. spear phishing D. whaling - ANS D Which two techniques do "social engineers" use to distract their targets so they'll do whatever the attacker wants? (Choose two.) A. autopilot, requesting an action that the user does automatically without thinking B. phishing, sending email that asks for specific actions NO C. masquerading as a trojan horse D. infecting programs with a virus E. emotional distraction, such as yelling that the target would be fired - ANS A & E Who is the most likely target of social engineering? A. executive management, because it has the most permissions B. senior IT engineers, because the attacker hopes to get them to disable the security infrastructure C. junior people, because they are easier to stress and probably not as well trained D. the accounting department, because it can wire money directly to the attacker's account - ANS C In the cyberattack lifecycle, what does C2 mean? A. Configuration and Communication B. Configuration Control C. Command and Control D. Communication Control - ANS C A server that has a bug that lets a single transaction take it offline is susceptible to which type of attack? A. Denial of Service (DoS) B. Distributed Denial of Service (DDoS) C. trojan horses D. worms - ANS A Which two attacks typically use a botnet? (Choose two.) A. social engineering B. DoS C. DDoS D. sending spam to a lengthy mailing list E. spear phishing - ANS C & D Which option is least likely to be the purpose of an advanced persistent threat?
A. wire money to an offshore bank account B. steal classified information C. expand a botnet to send more spam D. be able to destroy an enemy's infrastructure in case of a war - ANS C Which behavior does an advanced persistent threat use to elude detection? A. do everything at night, when nobody is monitoring B. rely exclusively on insiders with privileged access C. do everything quickly with scripting so that the effect of the threat is achieved by the time it is detected D. use a low and slow approach to avoid triggering alarms - ANS D Which two types of behavior could enable someone to eavesdrop on a WiFi network? (Choose two.) A. passive B. inactive C. yielding D. active E. agile NO - ANS A & D What is the name of the attack in which the attacker gets the victim to connect to an access point the attack controls? A. person in the middle B. man in the middle C. access point in the middle D. access point masquerading - ANS B What is the name of the "authentication" method that lets anybody with the password to access a WiFi network? A. Pre-Shared Key (PSK) B. Password Authentication C. Extensible Authentication Protocol (EAP) D. service set identifier (SSID) - ANS A A Zero Trust network security model is based on which security principle? A. due diligence B. least privilege C. non-repudiation D. negative control - ANS B What does Zero Trust mean? A. Systems never trust the information they get from other systems B. Systems don't trust each other implicitly. C. Systems don't trust each other explicitly.
C. switch D. router - ANS C Which option is an example of a static routing protocol? A. Open Shortest Path First (OSPF) B. Border Gateway Protocol (BGP) C. Routing Information Protocol (RIP) D. split horizon - ANS B Which is a routed protocol? A. Open Shortest Path First (OSPF) B. Internet Protocol (IP) C. Border Gateway Protocol (BGP) D. Routing Information Protocol (RIP) - ANS B Which device type uses routing protocols to exchange information? A. switches B. hubs C. routers D. servers - ANS C What is the primary purpose of the information exchanged by routing protocols? A. dynamic routing B. static routing C. billing for network access D. advertising MAC addresses - ANS A True or False: The internet is an example of a wide-area network (WAN). - ANS True Which network technology is used for WANs? A. Ethernet B. token-ring C. digital subscriber line (DSL) D. FDDI - ANS C Which device creates a collision domain that includes all the interfaces to which it is connected? A. hub B. switch C. router D. web server - ANS A Which requirement must be fulfilled for a client device to use a DHCP server, assuming there are no DHCP relay agents?
A. be on the same collision domain B. be on the same broadcast domain C. have latency below 20msec D. have the same subnet mask - ANS B What kind of network is most likely to use point to point links? A. LAN B. WAN C. SD WAN (only) D. WAN (only if it is not SD WAN) - ANS B Which DNS record type do you use to find the IPv4 address of a host? A. A B. AAAA C. PTR D. MX - ANS A Which devices is M2M (machine to machine)? A. internet-connected TV B. home alarm that dials the police for response C. car GPS D. temperature sensor connected to a fire suppression system - ANS D Sensors for a cultivated field must report the results once a day. These sensors are powered by batteries that need to last for years. Which form of connectivity do you use? A. Bluetooth B. Wi-Fi C. LoRaWAN D. Satellite C-Band - ANS C Which two advantages make 2G a popular choice for cellular IoT devices? (Choose two.) A. low latency B. high latency C. low hardware cost D. high bandwidth E. low power consumption - ANS C & E Why are IoT devices so often insecure? A. rushed development B. long release and patch cycles C. insufficient time for quality assurance D. low development budget - ANS B Which option is an example of a logical address?
What is the theoretical maximum number of devices in a class B? A. 2^24-2 = 16777214 B. 2^20-2 = 1048574 C. 2^16-2 = 65534 D. 2^8-2 = 254 - ANS C How many /28 subnets can you fit in a class C? A. 2 B. 4 C. 8 D. 16 - ANS D The OSI model consists of how many layers? A. four B. six C. seven D. nine - ANS C Which two protocols function at the Transport layer of the OSI model? (Choose two.). A. Transmission Control Protocol (TCP) B. Internet Protocol (IP) C. User Datagram Protocol (UDP) D. Hypertext Transfer Protocol (HTTP) - ANS A & C Which four layers comprise the TCP/IP model? (Choose four.) A. Application B. Transport C. Physical D. Internet E. Network Access - ANS A, B, D, & E Which option shows the ISO layers in the correct order (bottom layer to top)? A. Physical, Transport, Network, Session, Data link, Presentation, Application B. Physical, Data link, Network, Application, Presentation, Transport, Session C. Physical, Data link, Transport, Session, Presentation, Network, Application D. Physical, Data link, Network, Transport, Session, Presentation, Application - ANS D Ethernet and WiFi include elements of which two layers? (Choose two.)
A. Session B. Transport C. Network D. Data link E. Physical - ANS D & E The Internet Protocol itself provides the functionality of which layer? A. Transport B. Network C. Data link D. Physical - ANS B When HTTP is used directly to server webpages, it is a protocol of which layer? A. Application B. Presentation C. Session D. Transport - ANS A When HTTP is used to send REST requests, it is a protocol of which layer? A. Application B. Presentation C. Session D. Transport - ANS C In a TCP packet sent over Ethernet, what is the order of data? A. Ethernet header, TCP header, and then TCP data B. IP header, TCP header, and then TCP data C. Ethernet header, IP header, TCP header, and then TCP data D. Ethernet header, IP header, IP data, TCP header, and then TCP data - ANS C Which header does not appear in all packets of an HTTP file transfer over Ethernet? A. Ethernet B. IP C. TCP D. HTTP - ANS D True or False: A dynamic packet filtering (also known as stateful packet inspection) firewall only inspects individual packet headers during session establishment to determine whether the traffic should be allowed, blocked, or dropped by the firewall. After a session is established, individual packets that are part of the session are not inspected. - ANS False Which DNS record type do you use to find the IPv6 address of a host? A. A B. AAAA