1. _____ is a proprietary vulnerability scanner. It is often used by security administrators to find known weaknesses on Mac, Windows, and Linux operating systems. It can also be used for compliance reports.
    A.     Wireshark
    B.     Nessus
    C.     Cuckoo
    D.     theHarvester

2. _____ is a proprietary hexadecimal editor for files in Windows. It is used for evidence gathering, data analysis, editing files, recovering data, and removing data.
    A.     WinHex
    B.     Autopsy
    C.     FTK imager
    D.     Memdump

3. What is a Python-based command line tool used to identify open ports, running services, and OS fingerprinting?
    A.     logger
    B.     scanless
    C.     dnsenum
    D.     curl

4. This open-source digital forensics platform is used to identify and sort forensic data, such as images, video files, audio files, databases, etc. It is often used by law enforcement, military, and corporations.
    A.     theHarverster
    B.     Wireshark
    C.     Autopsy
    D.     Nessus

5. This is used to capture an image of a disk, folder, or file and save the data. It does not make any changes to the original data.
    A.     Nessus
    B.     theHarverster
    C.     FTK imager
    D.     Wireshark

6. What automated network reconnaissance tool combines many of the OSINT (open-source intelligence) tools into one application? It has non-intrusive and intrusive scanning options?
    A.     Sn1per
    B.     Nessus
    C.     Cuckoo
    D.     Wireshark

7. _____ search(es) a network for active IP addresses.
    A.     OpenSSL
    B.     IP scanners
    C.     Password crackers
    D.     Cuckoo

8. This program will make a copy of what is in the computer’s memory. It is useful for forensic investigations.
    A.     Nessus
    B.     Memdump
    C.     Wireshark
    D.     Sn1per

9. A Cyber-incident Response Team (CIRT) wants to establish an Incident Response Plan (IRP) at their organization. One common element of the plan is to document incident category definitions. Which of the following is NOT a potential incident category?
    A.     improper usage, loss or theft of equipment
    B.     web, email
    C.     external/removal media, attrition
    D.     exercises (tabletop, walkthroughs, simulations, lessons learned)

10. In the incident response process, after identifying a security event, a Cyber-incident Response Team (CIRT) needs to isolate it. What is this step called?
    A.     Prepare incident response policy, plan, and procedures
    B.     Recovery
    C.     Eradication
    D.     Containment

11. These are alternate business practices, which are “workaround” activities that can temporarily substitute for normal business activities after a disaster.
    A.     The Diamond Model of Intrusion Analysis
    B.     Cyber Kill Chain
    C.     MITRE ATT&CK
    D.     Continuity of Operations Planning (COOP)

12. What helps employees identify and respond to security incidents? It needs to be regularly updated.
    A.     Incident response policy
    B.     Security incident
    C.     Attack framework
    D.     NIST (National Institute of Standards and Technology)

13. This is a network protocol created by Cisco that collects and monitors network traffic. It has an Exporter that sends data about the network to the Collector, which is then viewed on an Analysis Application. It only collects IP traffic.
    A.     Netflow
    B.     sFlow (sampled flow)
    C.     NXLog
    D.     IPFIX (Internet Protocol Flow Information)

14. What type of log file keeps track of successes and failures? Some examples of successes and failures are successful logins and failed logins, successful deletion or failed deletion of a file, and allowed and blocked network packets.
    A.     Security log files
    B.     Application log files
    C.     Call manager log files
    D.     VoIP log files

15. What type of log files store data about whether the call was answered or not, whether it went to voicemail or not, date, time, and duration of the call.
    A.     Application log file
    B.     Authentication log file
    C.     Network log files
    D.     VoIP log files

16.This is a proprietary network sampling protocol that collects and monitors network traffic. It does not collect all network packets; instead, it collects a limited percentage of the packets, so it does not affect traffic flow. It collects traffic on OSI layers 2-7.
    A.     IPFIX (Internet Protocol Flow Information)
    B.     Netflow
    C.     sFlow (sampled flow)
    D.     NXLog

17. What is a court order to maintain different types of data as evidence? It is a legal technique to preserve information relevant to a legal case that is initiated by legal counsel.
    A.     Order of volatility
    B.     Legal hold
    C.     Digital forensics
    D.     Chain of custody

18. What kind of information can be used in decisions in a court of law?
    A.     Counterintelligence
    B.     E-discovery
    C.     Legal hold
    D.     Admissible evidence

19. You are a member of a digital forensics team. You arrive at a crime scene and collect data from a compromised laptop. Which of the following data should you collect FIRST?
    A.     paging/swap files
    B.     CPU cache
    C.     RAM
    D.     Disk drive

20. What is a digital record of when a specific event occurred?
    A.     Timeline
    B.     Tag
    C.     Timestamp
    D.     Time offset

21. What is the difference between the time on a device and the actual time?
    A.     Time offset
    B.     Timestamp
    C.     Tag
    D.     Timeline

22. Which of the following is an operational control?
    A.     Encryption
    B.     Security awareness and training
    C.     Vulnerability assessment
    D.     Antivirus software

23. Which of the following is a compensating control?
    A.     Security audits
    B.     Change management
    C.     Cable locks
    D.     Network Access Control (NAC)

24. Which of the following is a preventative control?
    A.     Using 3DES instead of AES
    B.     Security guards
    C.     Log monitoring
    D.     Login banner warning

25. Which of the following is a technical control?
    A.     Security guards
    B.     Standard Operating Procedures (SOP)
    C.     Antivirus software
    D.     Security awareness and training

26. This international standard implements the security controls requirements that are defined in the ISO/IEC Standard 27701. It also shows how to implement common security controls, and helps organizations develop their own security guidelines.
    A.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 31000
    B.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27701
    C.     General Data Protection Regulation (GDPR)
    D.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27002

27. Company management wants to make sure that the company is implementing the CIA (confidentiality, integrity, and availability) triad to protect and utilize the company’s data. Management also wants to make sure the company is following international cybersecurity standards. What security standard MOST fulfills these requirements?
    A.     National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
    B.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27001
    C.     Payment Card Industry Data Security Standard (PCI DSS)
    D.     General Data Protection Regulation (GDPR)

28. _____ is a physical sciences laboratory and non-regulatory agency that promotes American innovation and industrial competitiveness.
    A.     Center for Internet Security (CIS)
    B.     National Institute of Standards and Technology (NIST)
    C.     Cloud Security Alliance (CSA)
    D.     International Organization for Standardization (ISO)

29. What is a set of data privacy laws which protect the personal data of people in member states of the European Union?
    A.     Payment Card Industry Data Security Standard (PCI DSS)
    B.     General Data Protection Regulation (GDPR)
    C.     National Institute of Standards and Technology Risk Management Framework (NIST RMF)
    D.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27001

30. _____ is an auditing standard that checks to see if a company is complying with laws and regulations.
    A.     General Data Protection Regulation (GDPR)
    B.     Payment Card Industry Data Security Standard (PCI DSS)
    C.     Statement on Standards for Attestation Engagements (SSAE)
    D.     National Institute of Standards and Technology Risk Management Framework (NIST RMF)

31. Asset management is useful to prevent _____.
    A.     Undocumented assets
    B.     Data retention
    C.     Change management
    D.     Job rotation

32. A/an _____ is an agreement between a company and a vendor. It has details about performance expectations, such as minimum uptime and maximum downtime levels. It is often used when contracting services from ISPs (Internet Service Providers). Usually, there is a monetary penalty if the vendor cannot meet agreed expectations.
    A.     Business Partnership Agreement (BPA)
    B.     Service Level Agreement (SLA)
    C.     Measurement Systems Analysis (MSA)
    D.     Memorandum of Understanding (MOU)

33. Cybersecurity professionals often inform their coworkers about this changing threat by posting security alerts on information security web pages or notifying their coworkers by email about this.
    A.     Phishing campaigns
    B.     Onboarding
    C.     Gamification
    D.     Clean desk space

34. According to the principle of least privilege, system administrators should have what kind of accounts?
    A.     only a user account
    B.     a user account and a privileged account
    C.     only a privileged account
    D.     a user account, a privileged account, a guest account, and a service account

35. Which of the following policies is a way to prevent one employee from being successful in malicious activities at an organization?
    A.     Offboarding
    B.     Separation of duties
    C.     Gamification
    D.     Onboarding

36. What is the main advantage of having a diversity of training techniques for user training?
    A.     Helps employees with different backgrounds to work effectively together
    B.     Helps employees to adjust to the organization’s culture
    C.     Encourages employee to see things from a different point of view
    D.     Helps to inform all employees about potential cybersecurity threats

37. This is a step-by-step guide to recover from an IT system outage.
    A.     Functional recovery plan
    B.     Site risk assessment
    C.     Mission essential functions (MEFs)
    D.     Disaster Recovery Plan (DRP)

38. _____ is how much the asset is worth to an organization.
    A.     Impact
    B.     Likelihood of occurrence
    C.     Asset value
    D.     Vulnerability

39. _____ is the practice of identifying, monitoring, and limiting risks to a manageable level.
    A.     Risk management
    B.     Threat
    C.     Vulnerability
    D.     Impact
40. People who use software without paying for it, or use company-purchased software licenses that were not approved for them, create this type of risk.
    A.     Intellectual property (IP) theft risk
    B.     Legacy system risks
    C.     Multiparty risk
    D.     Software compliance/licensing risk

41. A hospital calculates that it is excessively costly to continue to protect themselves against ransomware technology. Instead, the hospital decides to make an air gap between the hospital’s private network and the public Internet. The hospital will also no longer provide online access to patient data over the public Internet. Which of the following is the hospital doing?
    A.     Accepting the risk
    B.     Avoiding the risk
    C.     Mitigating the risk
    D.     Transferring the risk

42. _____ reduces the likelihood that a threat will exploit a vulnerability.
    A.     Risk mitigation
    B.     Security incident
    C.     Impact
    D.     Risk control assessment

43. In the past 2 years, 20 of the web servers failed. The cost to repair each server was $1,000 and the downtime costs the organization $3,000 each time in lost revenue. What is the ARO?
    A.     $80,000
    B.     10
    C.     $40,000
    D.     $4,000

44. Which of the following outlines what the organization will do in case of a disaster to recover?
    A.     Recovery time objective (RTO)
    B.     Business Continuity Plan (BCP)
    C.     Single Point of Failure (SPOF)
    D.     Mean time to repair (MTTR)

45. Script kiddies, hacktivists, organized crime, APTs (Advanced Persistent Threats), competitors, and environmental disasters are examples of _____.
    A.     Environmental disasters
    B.     External disasters
    C.     Internal disasters
    D.     Person-made disasters

46. _____ is any product, system, resource, or process that an organization values.
    A.     Likelihood of occurrence
    B.     Vulnerability
    C.     Impact
    D.     Asset

47. What type of data is collected by a government?
    A.     Critical data
    B.     Government data
    C.     Public data
    D.     Sensitive data

48. What type of data has ownership, such as patents or trade secrets?
    A.     Confidential data
    B.     Public data
    C.     Proprietary data
    D.     Private data

49. What type of data is about monetary transactions?
    A.     Proprietary data
    B.     Critical data
    C.     Confidential data
    D.     Financial information

50. This is the principle of limiting the amount of data that an organization collects.
    A.     Anonymization
    B.     Pseudo-anonymization
    C.     Impact assessment
    D.     Data minimization