1. You get an email from Mickey Mouse about a free trip for two to Walt Disney...
Question:
1. You get an email from Mickey Mouse about a free trip for two to Walt Disney World. You just have to forward the email to 10 people. What kind of attack does this describe?
A. shoulder surfing
B. tailgating
C. dumpster diving
D. hoax
2. Attackers find a trusted, often visited, website and infect it. What kind of attack is this?
A. cross-site scripting
B. domain hijacking
C. URL hijacking
D. watering hole attack
3. _____ is any act that influences a person to take an action that may or may not be in their best interest.
A. application attacks
B. social engineering
C. cryptographic attacks
D. wireless attacks
4. You received an email from your Professor that said she needs your username and password to update your grades. What kind of social engineering strategy does this attack use?
A. Scarcity
B. Authority
C. Consensus
D. Urgency
5. _____ is a technique often used in credential harvesting.
A. prepending
B. invoice scam
C. phishing
D. reconnaissance
6. Your coworker throws away all his documents, but never shreds them. What kind of potential attack could happen from this?
A. privilege escalation
B. dumpster diving
C. zero day exploit
D. phishing
7. _____ are techniques used to get a user’s login name and password.
A. reconnaissance
B. prepending
C. credential harvesting
D. invoice scam
8. Someone who you don’t know from the Help Desk calls you to help with fixing some computer issues, even though your computer seems to be working fine. What kind of social engineering strategy does this attack use?
A. Trust
B. Consensus
C. Familiarity
D. Scarcity
9. You received an email that said that there were only 10 seconds left to buy a discounted season pass to go see your favorite volleyball team. What kind of social engineering strategy does this attack use?
A. Authority
B. Trust
C. Urgency
D. Consensus
10. You received a phone call from a Help Desk person who says he needs your username and password to troubleshoot a bug on your computer. What kind of social engineering strategy does this attack use?
A. Consensus
B. Scarcity
C. Urgency
D. Authority
11. We enter the administrator’s username and password into the vulnerability scanner. What kind of scanning is this?
A. Security Orchestration, Automation, and Response (SOAR)
B. credentialed scanning
C. non-credentialed scanning
D. Security Information and Event Management (SIEM)
12. This is when a security team looks through the organization's network, looking for evidence of a potential threat.
A. Advisories and bulletins
B. Cyber maneuver
C. False positives
D. False negatives
13. Your vulnerability scanner tells you that your web server is not missing any patches. Before the scan, you updated your web server with all the patches. What do we call this situation?
A. true negative
B. false positive
C. true positive
D. false negative
14. What does a vulnerability scanner use to identify potential vulnerabilities?
A. database of known vulnerabilities
B. key loggers
C. hashing
D. false positives
15. What is analyzing text to detect an opinion or emotion?
A. User behavior analysis (UBA)
B. Sentiment analysis
C. Packet capture
D. Log aggregation
16. _____ is when a pen tester tries to gain access to admin or root privileges from a user’s account.
A. pivot
B. privilege escalation
C. persistence
D. lateral movement
17. What of the following involves creating backdoors, alternate user accounts, and setting up encrypted connections?
A. persistence
B. pivot
C. privilege escalation
D. rules of engagement (RoE)
18. _____ is moving from one compromised host to another.
A. pivot
B. lateral movement
C. persistence
D. rules of engagement (RoE)
19. _____ are the boundaries of a penetration test.
A. pivot
B. persistence
C. rules of engagement (RoE)
D. lateral movement
20. A/an _____ is an individual, nation state, or organization that is responsible for a security incident, attack, or other type of event that affects an organization’s security.
A. Structured Threat Information eXpression (STIX)
B. Trusted Automated eXchange of Indicator Information (TAXII)
C. Automated indicator sharing (AIS)
D. Threat actor
21. This is a service that we have to pay for.
A. vulnerability databases
B. closed/proprietary intelligence
C. open source intelligence (OSINT)
D. dark web
22. What is a standard way of storing and sending information about cyber threats?
A. indicators of compromise (IoC)
B. Structured Threat Information eXpression (STIX)
C. Automated Indicator Sharing (AIS)
D. Trusted Automated eXchange of Indicator Information (TAXII)
23. This website is used to share cyber threat indicators and defensive measures.
A. Automated Indicator Sharing (AIS)
B. Trusted Automated eXchange of Indicator Information (TAXII)
C. indicators of compromise (IoC)
D. Structured Threat Information eXpression (STIX)
24. This research source provides details about cybersecurity threats, such as IP addresses, malware signatures, domain names, etc in real-time.
A. Threat feeds
B. Social media
C. Academic journals
D. Request for comments (RFC)
25. These provide recent research on cybersecurity.
A. Request for comments (RFC)
B. Academic journals
C. Vulnerability feeds
D. Threat feeds
26. What is a weakness that threat actors can exploit to cause harm to an organization?
A. reputation
B. firmware
C. vulnerability
D. supply chain
27. What should we do about the default settings on our devices?
A. change the network administrator
B. use open permissions
C. use a packet sniffer
D. change username and password
28. What are operating systems that are no longer in widespread use?
A. insecure protocols
B. firmware
C. legacy platforms
D. system integration
29. You set up your SSID with the name: YouShallNotPass. After several months, you disable the SSID broadcast on your AP, but you notice that there is still a wireless network with the name YouShallNotPass available to wireless users. Which of the following is the MOST likely reason for this?
A. bluejacking
B. dissociation attack
C. bluejacking
D. evil twin attack
30. You notice that on some days, you frequently lose the wireless connection to your AP. However, on other days, there are no problems with the connection. Which of the following is the MOST likely reason for this?
A. bluejacking
B. rogue AP attack
C. jamming attack
D. disassociation attack
31. What is a 48-bit address used to identify network interface cards? It’s also called “hardware address” or “physical address.”
A. MAC
B. switch
C. ARP
D. DNS
32. What is an attack from many computers to one target computer? This creates high network traffic, so users cannot access services on the target computer
A. operational technology (OT)
B. DDoS
C. on-path (person-in-the-middle)
D. DoS
33. A third party is intercepting traffic between two devices, which are unaware of this. What kind of attack is this?
A. cross-site scripting
B. DoS
C. on-path (person-in-the-middle)
D. DDoS
34. An employee who keeps complaining about slow network access sets up his own wireless access point. What is this device called?
A. rogue AP
B. NFC
C. Bluetooth
D. RFID
35. A hacker’s computer tricks the user’s computer to shift from TLS to SSL. What kind of attack is this?
A. collision attack
B. birthday attack
C. supply chain attack
D. downgrade attack
36. What is a super-thin electric device that hackers place inside card readers, hidden from view, so that they can steal credit card information?
A. card skimmer
B. cloned card
C. card shimmer
D. USB flash drive
37. SolarWinds unwittingly sent out software updates to its customers that included the hacked code. What kind of attack is this?
A. birthday attack
B. adversarial AI attack
C. supply chain attack
D. downgrade attack
38. Your organization recently got hacked. The organization’s NIDS (Network Intrusion Detection System) triggered an alert about suspicious network activity from some computers. The NIDS recorded that the same online game was downloaded on all these computers. The help desk recently received calls from users with these same computers. The users complained that their computer’s webcam and microphone kept being turned on and off and network access was slow. Which of the following is the MOST likely malware type?
A. worm
B. ransomware
C. keylogger
D. RAT
39. The Stuxnet worm that targeted Siemens’ SCADA systems in uranium enrichment plants in Iran was probably initiated by an infected _____.
A. card shimmer
B. USB flash drive
C. cloned card
D. card skimmer
40. A/an _____ attack is when we have the same hash value for different inputs.
A. collision
B. supply chain
C. adversarial AI
D. downgrade
41. Your organization recently got hacked. The attackers notified top management that the employee data on the HR (Human Resources) servers was encrypted. They will decrypt the data for a large amount of money. Which of the following is the MOST likely malware type?
A. botnet
B. crypto-malware
C. keylogger
D. RAT
42. What is an easier, quicker way to find a collision attack?
A. downgrade attack
B. supply chain attack
C. birthday attack
D. on-premises attack
43. Some organizations may rent access to resources from another organization. What kind of IT service is this?
A. adversarial AI
B. on-premises
C. supply chain
D. cloud
44. Your organization recently got hacked. All the users who used the same software on their computer that week had the hackers take over their computer and download all of the data from their computer. Which of the following is the MOST likely malware type?
A. worm
B. logic bomb
C. adware
D. backdoor
45. _____ happens when an attacker inputs so much data into an application that the data spills over into parts of memory that the application developers (programmers) did not anticipate.
A. race condition attack
B. DLL injection attack
C. buffer overflow attack
D. directory traversal attack
46. _____ includes letting a program crash and displaying error information.
A. Memory leak
B. Proper error handling
C. Improper error handling
D. Replay attack
47. What attack captures communication between two devices and repeats a user’s credentials to gain access?
A. replay attack
B. collision attack
C. downgrade attack
D. brute force attack
48. A/an _____ happens when a hacker accesses a server to send HTTP requests to a target website or other third party system.
A. cross-site request forgery
B. SSRF
C. client-side request forgery
D. API attack
49. Proper error handling does NOT include _____.
A. writing code, so that the program does not crash
B. recording the details of a program crash in a log file
C. letting a program crash and displaying error information
D. giving a user-friendly error message when a program crashes
50. A/an _____ happens when a hacker is able to create a malicious session with a server.
A. resource exhaustion attack
B. API attack
C. integer overflow attack
D. request forgery attack