1.  You get an email from Mickey Mouse about a free trip for two to Walt Disney World. You just have to forward the email to 10 people. What kind of attack does this describe?
    A.     shoulder surfing
    B.     tailgating
    C.     dumpster diving
    D.     hoax

2.  Attackers find a trusted, often visited, website and infect it. What kind of attack is this?
    A.     cross-site scripting
    B.     domain hijacking
    C.     URL hijacking
    D.     watering hole attack

3.  _____ is any act that influences a person to take an action that may or may not be in their best interest.
    A.     application attacks
    B.     social engineering
    C.     cryptographic attacks
    D.     wireless attacks

4.  You received an email from your Professor that said she needs your username and password to update your grades. What kind of social engineering strategy does this attack use?
    A.     Scarcity
    B.     Authority
    C.     Consensus
    D.     Urgency

5.  _____ is a technique often used in credential harvesting.
    A.     prepending
    B.     invoice scam
    C.     phishing
    D.     reconnaissance

6.  Your coworker throws away all his documents, but never shreds them. What kind of potential attack could happen from this?
    A.     privilege escalation
    B.     dumpster diving
    C.     zero day exploit
    D.     phishing

7.  _____ are techniques used to get a user’s login name and password.
    A.     reconnaissance
    B.     prepending
    C.     credential harvesting
    D.     invoice scam

8.  Someone who you don’t know from the Help Desk calls you to help with fixing some computer issues, even though your computer seems to be working fine. What kind of social engineering strategy does this attack use?
    A.     Trust
    B.     Consensus
    C.     Familiarity
    D.     Scarcity

9.  You received an email that said that there were only 10 seconds left to buy a discounted season pass to go see your favorite volleyball team. What kind of social engineering strategy does this attack use?
    A.     Authority
    B.     Trust
    C.     Urgency
    D.     Consensus

10.  You received a phone call from a Help Desk person who says he needs your username and password to troubleshoot a bug on your computer. What kind of social engineering strategy does this attack use?
    A.     Consensus
    B.     Scarcity
    C.     Urgency
    D.     Authority

11.  We enter the administrator’s username and password into the vulnerability scanner. What kind of scanning is this?
    A.     Security Orchestration, Automation, and Response (SOAR)
    B.     credentialed scanning
    C.     non-credentialed scanning
    D.     Security Information and Event Management (SIEM)

12.  This is when a security team looks through the organization's network, looking for evidence of a potential threat.
    A.     Advisories and bulletins
    B.     Cyber maneuver
    C.     False positives
    D.     False negatives

13.  Your vulnerability scanner tells you that your web server is not missing any patches. Before the scan, you updated your web server with all the patches. What do we call this situation?
    A.     true negative
    B.     false positive
    C.     true positive
    D.     false negative

14.  What does a vulnerability scanner use to identify potential vulnerabilities?
    A.     database of known vulnerabilities
    B.     key loggers
    C.     hashing
    D.     false positives

15.  What is analyzing text to detect an opinion or emotion?
    A.     User behavior analysis (UBA)
    B.     Sentiment analysis
    C.     Packet capture
    D.     Log aggregation

16.  _____ is when a pen tester tries to gain access to admin or root privileges from a user’s account.
    A.     pivot
    B.     privilege escalation
    C.     persistence
    D.     lateral movement

17.  What of the following involves creating backdoors, alternate user accounts, and setting up encrypted connections?
    A.     persistence
    B.     pivot
    C.     privilege escalation
    D.     rules of engagement (RoE)

18.  _____ is moving from one compromised host to another.
    A.     pivot
    B.     lateral movement
    C.     persistence
    D.     rules of engagement (RoE)

19.  _____ are the boundaries of a penetration test.
    A.     pivot
    B.     persistence
    C.     rules of engagement (RoE)
    D.     lateral movement

20.  A/an _____ is an individual, nation state, or organization that is responsible for a security incident, attack, or other type of event that affects an organization’s security.
    A.     Structured Threat Information eXpression (STIX)
    B.     Trusted Automated eXchange of Indicator Information (TAXII)
    C.     Automated indicator sharing (AIS)
    D.     Threat actor

21.  This is a service that we have to pay for.
    A.     vulnerability databases
    B.     closed/proprietary intelligence
    C.     open source intelligence (OSINT)
    D.     dark web

22. What is a standard way of storing and sending information about cyber threats?
    A.     indicators of compromise (IoC)
    B.     Structured Threat Information eXpression (STIX)
    C.     Automated Indicator Sharing (AIS)
    D.     Trusted Automated eXchange of Indicator Information (TAXII)

23.  This website is used to share cyber threat indicators and defensive measures.
    A.     Automated Indicator Sharing (AIS)
    B.     Trusted Automated eXchange of Indicator Information (TAXII)
    C.     indicators of compromise (IoC)
    D.     Structured Threat Information eXpression (STIX)
24.  This research source provides details about cybersecurity threats, such as IP addresses, malware signatures, domain names, etc in real-time.
    A.     Threat feeds
    B.     Social media
    C.     Academic journals
    D.     Request for comments (RFC)

25.  These provide recent research on cybersecurity.
    A.     Request for comments (RFC)
    B.     Academic journals
    C.     Vulnerability feeds
    D.     Threat feeds

26.  What is a weakness that threat actors can exploit to cause harm to an organization?
    A.     reputation
    B.     firmware
    C.     vulnerability
    D.     supply chain

27.  What should we do about the default settings on our devices?
    A.     change the network administrator
    B.     use open permissions
    C.     use a packet sniffer
    D.     change username and password

28.  What are operating systems that are no longer in widespread use?
    A.     insecure protocols
    B.     firmware
    C.     legacy platforms
    D.     system integration

29.  You set up your SSID with the name: YouShallNotPass. After several months, you disable the SSID broadcast on your AP, but you notice that there is still a wireless network with the name YouShallNotPass available to wireless users. Which of the following is the MOST likely reason for this?
    A.     bluejacking
    B.     dissociation attack
    C.     bluejacking
    D.     evil twin attack

30.  You notice that on some days, you frequently lose the wireless connection to your AP. However, on other days, there are no problems with the connection. Which of the following is the MOST likely reason for this?
    A.     bluejacking
    B.     rogue AP attack
    C.     jamming attack
    D.     disassociation attack

31.  What is a 48-bit address used to identify network interface cards? It’s also called “hardware address” or “physical address.”
    A.     MAC
    B.     switch
    C.     ARP
    D.     DNS

32.  What is an attack from many computers to one target computer? This creates high network traffic, so users cannot access services on the target computer
    A.     operational technology (OT)
    B.     DDoS
    C.     on-path (person-in-the-middle)
    D.     DoS

33.  A third party is intercepting traffic between two devices, which are unaware of this. What kind of attack is this?
    A.     cross-site scripting
    B.     DoS
    C.     on-path (person-in-the-middle)
    D.     DDoS

34.  An employee who keeps complaining about slow network access sets up his own wireless access point. What is this device called?
    A.     rogue AP
    B.     NFC
    C.     Bluetooth
    D.     RFID

35.  A hacker’s computer tricks the user’s computer to shift from TLS to SSL. What kind of attack is this?
    A.     collision attack
    B.     birthday attack
    C.     supply chain attack
    D.     downgrade attack

36.  What is a super-thin electric device that hackers place inside card readers, hidden from view, so that they can steal credit card information?
    A.     card skimmer
    B.     cloned card
    C.     card shimmer
    D.     USB flash drive

37.  SolarWinds unwittingly sent out software updates to its customers that included the hacked code. What kind of attack is this?
    A.     birthday attack
    B.     adversarial AI attack
    C.     supply chain attack
    D.     downgrade attack

38.  Your organization recently got hacked. The organization’s NIDS (Network Intrusion Detection System) triggered an alert about suspicious network activity from some computers. The NIDS recorded that the same online game was downloaded on all these computers. The help desk recently received calls from users with these same computers. The users complained that their computer’s webcam and microphone kept being turned on and off and network access was slow. Which of the following is the MOST likely malware type?
    A.     worm
    B.     ransomware
    C.     keylogger
    D.     RAT

39.  The Stuxnet worm that targeted Siemens’ SCADA systems in uranium enrichment plants in Iran was probably initiated by an infected _____.
    A.     card shimmer
    B.     USB flash drive
    C.     cloned card
    D.     card skimmer

40.  A/an _____ attack is when we have the same hash value for different inputs.
    A.     collision
    B.     supply chain
    C.     adversarial AI
    D.     downgrade

41.  Your organization recently got hacked. The attackers notified top management that the employee data on the HR (Human Resources) servers was encrypted. They will decrypt the data for a large amount of money. Which of the following is the MOST likely malware type?
    A.     botnet
    B.     crypto-malware
    C.     keylogger
    D.     RAT

42.  What is an easier, quicker way to find a collision attack?
    A.     downgrade attack
    B.     supply chain attack
    C.     birthday attack
    D.     on-premises attack

43.  Some organizations may rent access to resources from another organization. What kind of IT service is this?
    A.     adversarial AI
    B.     on-premises
    C.     supply chain
    D.     cloud

44.  Your organization recently got hacked. All the users who used the same software on their computer that week had the hackers take over their computer and download all of the data from their computer. Which of the following is the MOST likely malware type?
    A.     worm
    B.     logic bomb
    C.     adware
    D.     backdoor

45.  _____ happens when an attacker inputs so much data into an application that the data spills over into parts of memory that the application developers (programmers) did not anticipate.
    A.     race condition attack
    B.     DLL injection attack
    C.     buffer overflow attack
    D.     directory traversal attack

46.  _____ includes letting a program crash and displaying error information.
    A.     Memory leak
    B.     Proper error handling
    C.     Improper error handling
    D.     Replay attack

47.  What attack captures communication between two devices and repeats a user’s credentials to gain access?
    A.     replay attack
    B.     collision attack
    C.     downgrade attack
    D.     brute force attack

48.  A/an _____ happens when a hacker accesses a server to send HTTP requests to a target website or other third party system.
    A.     cross-site request forgery
    B.     SSRF
    C.     client-side request forgery
    D.     API attack

49.  Proper error handling does NOT include _____.
    A.     writing code, so that the program does not crash
    B.     recording the details of a program crash in a log file
    C.     letting a program crash and displaying error information
    D.     giving a user-friendly error message when a program crashes

50.  A/an _____ happens when a hacker is able to create a malicious session with a server.
    A.     resource exhaustion attack
    B.     API attack
    C.     integer overflow attack
    D.     request forgery attack