51.

Question 51

Which type of threat is a social engineering attack?

1 point

System based

External

App based

Internal

52.

Question 52

Which three (3) of these are among the 5 common pitfalls of data security? (Select 3)

1 point

Failure to recognize the need for centralized data security

Failure to define who owns responsibility for the data itself

Failure to hire an adequately skilled workforce

Failure to move beyond compliance

53.

Question 53

True or False. WireShark has an impressive array of features and is distributed free of charge.

1 point

True

False

54.

Question 54

Port numbers 1024 through 49151 are known as what?

1 point

Registered Ports

Well known ports

Virtual Ports

Dynamic and Private Ports

55.

Question 55

The Decommission step in the DevSecOps Release, Deploy & Decommission phase contains which of these activities?

1 point

IAM controls to regulate authorization

Centralized Key-Value & Secret stores

Creation of Immutable images

Versioning of infrastructure

56.

Question 56

Which form of penetration testing allows the testers partial knowledge of the systems they are trying to penetrate in advance of their attack to streamline costs and focus efforts?

1 point

Red Box Testing

Black Box Testing

White Box testing

Gray Box Testing

57.

Question 57

Which of the OWASP Top 10 Application Security Risks would be occur when there are no safeguards against a user being allowed to execute HTML or JavaScript in the user's browser that can hijack sessions.

1 point

Insecure deserialization

Cross-site scripting

Insufficient logging and monitoring

Security misconfiguration

58.

Question 58

Why should you always look for common patterns before starting a new security architecture design?

1 point

They can help identify best practices

They can shorten the development lifecycle

Some document complete tested solutions

All of the above

59.

Question 59

A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Rapidly analyzing large quantities of unstructured data lends itself best to which of these areas?

1 point

Security analytics

Human expertise

Artificial intelligence

60.

Question 60

The triad of a security operations centers (SOC) is People, Process and Technology. Which part of the triad would network monitoring belong?

1 point

People

Process

Technology

None of the above

61.

Question 61

Which of these is a good definition for cyber threat hunting?

1 point

The act of simulating attacks to identify vulnerabilities, testing new software to help protect the company's data, and helping users adhere to new regulations and processes to ensure the network stays safe

The act of creating and maintaining corporate security structures and ensuring that they function as designed As high-level leaders, they also supervise security teams and have a hand in creating security-related policies and procedures

The act of detecting, investigating, and responding to incidents, including planning and implementing preventative security measures building disaster recovery plans

The act of proactively and aggressively identifying, intercepting, tracking, investigating and eliminating cyber adversaries as early as possible in the cyber kill chain

62.

Question 62

The cyber hunting team and the SOC analysts are informally referred to as the ____ and ____ teams, respectively.

1 point

Blue Red

Attack, Defense

Red, Blue

Visitors, Home

63.

Question 63

Which three (3) soft skills are important to have in an organization's incident response team? (Select 3)

1 point

Problem solving and Critical thinking

Motivational

Communication

Teamwork

64.

Question 64

True or False. Communications of a data breach should be handled by a team composed of members of the IR team, legal personnel and public relations.

1 point

True

False

65.

Question 65

Which three (3) of these statistics about phishing attacks are real? (Select 3)

1 point

Around 15 million new phishing sites are created each month

Phishing attempts tripled between 2017 and 2018

Phishing accounts for nearly 20% of data breaches

30% of phishing messages are opened by their targeted users

66.

Question 66

Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)

1 point

Require a photo ID for all credit card transactions

Maintain an information security policy

Regularly monitor and test networks

Implement strong access control measures

67.

Question 67

Which three (3) are malware types commonly used in PoS attacks to steal credit card data? (Select 3)

1 point

Alina

BlackPOS

vSkimmer

Stuxnet

68.

Question 68

According to a 2018 Ponemon study third party risk management, which three (3) of these were identified as best practices? (Select 3)

1 point

Frequent review of third-party management policies and programs

Evaluation of the security and privacy practices of all third parties

Requirement that all third-parties are bonded against data loss in the event of a breach

An inventory of all third parties with whom you share information

69.

Question 69

You get a phone call from a technician at the "Windows company" who tells you that they have detected a problem with your system and would like to help you resolve it. In order to help, they need you to go to a web site and download a simple utility that will allow them to fix the settings on your computer. Since you only own an Apple Mac, you are suspicious of this caller and hang up. What would the attack vector have been if you had downloaded the "simple utility" as asked?

1 point

Remote Desktop Protocol (RDP)

Software Vulnerabilities

Malicious Links

Phishing

70.

Question 70

Very provocative articles that come up in news feeds or Google searches are sometimes called "click-bait". These articles often tempt you to link to other sites that can be infected with malware. What attack vector is used by these click-bait sites to get you to go to the really bad sites?

1 point

Software Vulnerabilities

Phishing

Malicious Links

Remote Desktop Protocol (RDP)