1. In cybersecurity, a threat actor is an individual or an entity responsible for cyber incidents against the technical equipment of enterprises and users. How should you differentiate an attack by a script kiddie from that of a gray hat hacker? a. Script kiddies use automated attack software created by other hackers for personal gain, whereas gray hat hackers create their own attack software to showcase vulnerabilities present in a system to the world. b. Script kiddies are hired to probe systems for weaknesses and then privately provide that information back to the organization, whereas gray hat hackers break into systems for ideological or political reasons. c Script kiddies construct efficient scripts to perform attacks to fulfill their own needs, whereas gray hat hackers construct scripts for attacking organizational competitors. d.Script kiddies lack the technical knowledge to carry out attacks, so they hire a hacker to do it, whereas gray hat hackers violate computer security to fulfill their financial needs. 2. Which of the following is a configuration vulnerability? a Zero day b. Weakest link cWeak encryption d.Direct access 3. Which of the following is defined as a structure for governing all the elements involved in digital certificate management? a. Web of trust model b. PKI C CA d. M-of-N control 4. Ian, a systems administrator, was checking systems on Monday morning when he noticed several alarms on his screen. He found many of the normal settings in his computer and programs changed, but he was sure no one had physically entered his room since Friday. If Ian did not make these changes, which of the events below is the most likely reason for the anomalies? a. The power went out over the weekend and caused the programs to move back to their default settings. b. The security administrator ran a penetration test over the weekend and did not tell anyone. CA firewall scan that was run over the weekend shut down the computer and the programs. d. A backdoor was installed previously and utilized over the weekend to access the computer and the programs. 5. A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court's website was hacked, and the content was replaced with the text "Equal justice for all." Which of the following type of threat actors attacked the court's site? a Insiders b. State actors cCyberterrorists d.Hacktivists 6. Which threat actors sell their knowledge to other attackers or governments? a. Competitors b. Criminal syndicates c Cyberterrorists d. Brokers ABC 7. Which of the following is the most common method for delivering malware? a Email b. Identity theft c Social media d.Removable media 8. What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user? a Trojan b. Buffer overflow c Device driver manipulation d. Replay 9. John and Sarah are working for Star Alliance. John had to send certain confidential data and messages to Sarah online. The use of which of the following will ensure that the message's sender is, in fact, John? a Digital signature b. Public key C c. Physical signature d.Digital certificate 10. Alliance Consulting, a company based in France, is shutting down. Louis, the owner of the company, applied to revoke his digital certificate. He is very busy with the other details of shutting the company down and needs to be able to check the certificate's status quickly and easily. Which of the following will help him get a real-time lookup of the certificate's status? a CRL b. EV COCSP d.CSR 11. John receives an encrypted document using asymmetric cryptography from Alex. Which process should Alex use along with asymmetric cryptography so that John can be sure that the received document is real, from Alex, and unaltered? a Rivest-Shamir-Alderman b. Digital signature algorithm c Symmetric cryptography d.Elliptic curve cryptography 12. After encountering a network attack in your enterprise network, the chief network security engineer assigned you a project. The project was to create a vulnerable network that is similar to your enterprise network and entices the threat actor to repeat the attack. This is to analyze the behavior and techniques the attacker is using to ensure better defenses to your enterprise network in the future. Which of the following appliances should you use? a You should use a proxy server. b. You should set up behavioral IDS monitoring. c. You should set up network access control. d. You should use a honeypot. 13. Which characteristic of cryptography makes information obscure or unclear, and by which the original information becomes impossible to be determined? a Nonrepudiation b. Authentication c. Integrity d.Obfuscation