Incorrect!

You got it wrong

Governance has several goals, including:

Providing strategic direction

Ensuring that objectives are achieved

Verifying that organizational resources are being used apropriately

Directing and monitoring security activities

Ascertaining whether risk is being managed properly

Rate this question:
10

Scroll to Next Question

Correct! Nicely done

_____ is a class of malware that hides the existence of other
malware by modifying the underlying operating system.
rootkit
Correct answer(s):

rootkit
Rate this question:

Correct! You got it right

Select all that apply. Which of the following statements about
advanced persistent threats (APTs) are true?

APTs typically originate from sources such as organized crime groups, activists
or goverments

APTs use obfuscation techniques that help them remain undiscovered for
months or even years
APTs are often long term, multi phase projects with a focus on reconnaissance

The APT attack cycle begins with target penetration an collection of sensitive
information

Although they are often associated with APTs, intelligence agencies are rarely
the perpetrators of APT attacks
Rate this question:
10

Incorrect! Review it
Select all that apply. The internet perimeter should:

Detect and block traffic from infected internal end points

Eliminate threats such as email spam, viruses and worms

Format, encrypt and compress data

Control user traffic bound toward the internet

Monitor internal and external network ports for rogue activity

Rate this question:

Incorrect! Keep trying

What is the correct order of the penetration testing phase?

Planning, discovery, attack, reporting

Attack, discovery, reporting, planning

Planning, attack, discovery, reporting

Attack, planning, discovery, reporting

Rate this question:
4 69

Correct! You got it right

In an attack, the container that delivers the exploit to the target is
called a _____.
payload
Correct answer(s):

payload
Rate this question:
10

Correct! Nicely done

Which three elements of the current threat landscape have
provided increased levels of access and connectivity, and,
therefore, increased opportunities for cybercrime?

Text messaging, Bluetooth technology and SIM cards

Web applications, botnets and primary malware

Financial gains, intellectual property and politics

Cloud computing, social media and mobile computing

Rate this question:
20

Incorrect! Good try

A _____ is defined as a system or combination of systems that
enforces a boundary between two or more networks, typically
forming a barrier between a secure and open environment such
as the Internet.
dmz
Correct answer(s):

firewall
Rate this question:
10

Incorrect! Review it
Choose three. There key benefits of the DMZ system are:

DMZs are based on logical rather than physical connections

An intruder must penetrate three separate devices

Private network addresses are not disclosed to the internet

Excellent performance and scalability as internet usage grows

Internal systems do not have direct access to internet

Rate this question:
10

Correct! Bravo
Virtualization involves:

The creation of a layer between physical and logical access controls

Multiple guests coexisting on the same server in isolation of one another

Simultaneous use of kernel mode and user mode

DNS interrogation, WHOIS queries and network sniffing

Rate this question:
01

Correct! Great
Match.
The well-known ports

Correct

The registered ports

Correct

The dynamic and/or private ports

Correct
Rate this question:

Incorrect! You got it wrong

Vulnerability management begins with an understanding of
cybersecurity assets and their locations, which can be
accomplished by:

Vulnerability scanning

Penetration testing

Maintaining an asset inventory

Using command line tools

Rate this question:
21

Incorrect! Uh-oh!
Which of the following cybersecurity roles is charged with the
duty of managing incidents and remediation?

Board of directors

Executive committee

Cybersecurity management

Cybersecurity practitioners
Rate this question:
10
Correct! Bravo
Three common controls used to protect the availability of
information are:

Redundancy, backups and access controls

Encryption, file permissions and access controls

Access controls, logging and digital signatures

Hashes, logging and backups

Rate this question:
10

Incorrect! Keep trying

_____ are solutions to software programming and coding errors.
q
Correct answer(s):

patches
Rate this question:
11

Correct! Wow
System hardening should implement the principle of __________ or
____________ .

Governance, compliance

Least privilege, access control

Stateful inspection, remote access

Vulnerability assessment, risk mitigation

Rate this question:
10
Correct!
Which of the following best states the role of encryption within an
overall cybersecurity program?

Encryption is the primary means of securing digital assets

Encryption depends upon shared secrets and is therefore an unreliable means of

control

A programs encryption elements should be handled by a third party cryptologist

Encryption is an essential but incomplete form of access control

Rate this question:
10

Correct!
Unlike the IDS, which simply sends an alert when an attack is
happening, the IPS can actually help block the attack.

True

False
Rate this question:
30

Correct! Nice
The _________ layer of the OSI model ensures that data are
transferred reliably in the correct sequence, and the _________
layer coordinates and manages user connections.

Presentation, data link

Transport, session
Physical, application

Data link, network

Rate this question:
10

Correct! Super
The ________ functions as a small, isolated network for an
organization's public servers, VPN termination and modem pools.

Local area network

Demilitarized zone

Wireless protected area

Virtual private network

Rate this question:

Correct! Wow
_____, also called malicious code, is software designed to gain
access to targeted computer systems, steal information or
disrupt computer operations.
malware
Correct answer(s):

malware
Rate this question:
10

Incorrect! Oops!
_____ provides details on how to comply with policies and
standards.
guidelines
Correct answer(s):
procedures
Rate this question:
01

Correct! You got it right

The path or route used to gain access to the target asset is
known as a _____.
attack vector
Correct answer(s):

attack vector
Rate this question:

Correct! Great
A _____ is a weakness in the design, implementation, operation or
internal controls in a process that could be exploited to violate the
system security.
vulnerability
Correct answer(s):

vulnerability
Rate this question:

Correct! Keep going

NIST defines an ________ as a "violation of imminent threat of
violation of computer security policies, acceptable use policies, or
standard security practices."

Disaster

Event

Threat
Incident
Rate this question:
02

Correct!
Match.
ingress

Correct

egress

Correct
Rate this question:
11

Incorrect! Sorry!
_____ provides general guidance and recommendations on what
to do in particular circumstances.
guideline
Correct answer(s):

guidelines
Rate this question:

Correct! Well done

Which of the following is the best definition for cybersecurity?

The process by which an organization manages cybersecurity risk to an

acceptable level

The protection of information from unauthorized acces or disclosure

The protection of paper documents, digital and intellectual property, and verbal
or visual communications

Protecting information assets by addressing threats to information that is

processed, stored or transported by internetworked information systems
Rate this question:
10

Correct! Keep going

Match.
Symmetric key systems

Correct

Aysmmetric key systems

Correct
Rate this question:

Incorrect! Sorry!
_____ includes many components such as directory services,
authentication and authorization services, and user management
capabilities such as provisioning and deprovisioning.
IAM
Correct answer(s):

identity management
Rate this question:
02

Correct! Nice
The number and types of layers needed for defense in depth are a
function of:

Asset value, criticality, relliability of each control and degree of exposure

Threat agents, governance compliance and mobile device policy

Network configuration, navigation controls, user interface and VPN traffic

Isolation, segmentation, internal controls and external controls

Rate this question:
10

Correct!
Select three. The chain of custody contains information
regarding:

Disaster recovery objectives, resources and personnel

Who had access to the evidence, in chronological order

Labor, union and privacy regulations

Proof that the analysis is based on copies identical to the original evidence

The procedures followed in working with the evidence

Rate this question:
20

Incorrect! Review it
Select all that apply. A business impact analysis (BIA) should
identify:

The circumstances under which a disaster should be declared.

The estimated probability of the identified threats actually occurring.

The efficiency and effectiveness of existing risk mitigation controls.

A list of potential vulnerabilities, dangers and/or threats.

Which types of data backups (full, incremental and differential) will be used.
Rate this question:
1 18

Correct! Nicely done

A _____ is anything capable of acting against an asset in a manner
that can cause harm.
threat
Correct answer(s):

threat
Rate this question:
10

Correct! Nicely done

Which element of an incident response plan involves obtaining
and preserving evidence?

Preparation

Identification

Containment

Eradication
Rate this question:

Correct!
Most OS have two modes of operations - ________ for execution of
privileged instructions for the internal operation of the system
and _________ for normal activities.

Kernel mode, user mode

User mode, kernel mode

Safe mode, user mode

Kernel mode, normal mode

Rate this question:
Correct! Well done
A _____ is something of value worth protecting.
asset
Correct answer(s):

asset
Rate this question:

Incorrect! Sorry!
_____ is sued to interpret policies in specific situations.
d
Correct answer(s):

standards
Rate this question:
10

Correct! Keep going

Which of the following are benefits to BYOD?

Acceptable Use Policy is easier to implement

Costs shift to the user

Worker satisfaction increases

Security risk is known to the user

Rate this question:
20

Correct! Nice
_________ is defined as " a model for enabling convenient, on-
demand network access to a shared pool of configurable
resources (e.g., networks, servers, storage, applications and
services) that can be rapidly provisioned and released with
minimal management or service provider interaction."

Software as a service (SaaS)

Cloud computing

Big data

Platform as a service (PaaS)

Rate this question:
10

Correct! Keep going

A _____ covers a small, local area - from a few devices in a single
room to a network across a few buildings.
LAN
Correct answer(s):

LAN
Rate this question:
10

Incorrect! Keep working

_____ communicate required and prohibited activities and
behaviors.
acceptable use policies
Correct answer(s):

policies
Rate this question:
10

Incorrect! Oops!
Select all that apply. Which of the following are considered
functional areas of network management as defined by ISO?
Accounting management

Fault management

Firewall management

Performance management

Security management
Rate this question:

Incorrect! Keep working

Match the layers of the OSI Model to their appropriate functions.
Physical Layer

Correct

Data Link

Correct

Network Layer

Missed
Correct Answer: Translates network addresses and routes data from sender to receiver

Transport Layer

Correct

Session Layer

Correct

Presentation Layer

Incorrect
Correct Answer: Formats, encrypts and compresses data

Application Layer

Correct
Rate this question:
21
Correct! Wow
Choose three. Which types of risk are typically associated with
mobile devices?

Organizational risk

Compliance risk

Technical risk

Physical risk

Transactional risk
Rate this question:
10

Incorrect! Review it
What is the correct order of the incident response process?

Preparation, detection and analysis, investigation, mitigation and recovery,

postincident analysis

Detection and analysis, preparation, investigation, mitigation and recovery,

postincident analysis

Mitigation and recovery, investigation, postincident analysis, preparation,

detection and analysis

Investigation, mitigation and recovery, postincident analysis, preparation,

detection and analysis
Rate this question:
2 58

Correct! Wow
Choose three. According to the NIST cybersecurity framework,
which of the following are considered key functions necessary for
the protection of digital assets?

Encrypt

Protect

Investigate

Recover

Identify
Rate this question:
10

Incorrect! Uh-oh!
Choose three. The SDLC includes:

IT processes for managing and controlling project activity

An objective for each phase of the life cycle that is typically described with key
deliverables, a description of recommended tasks and a summary of related
control objectives for effective management.

Incremental steps or deliverables that lay the foundation for the next phase

Security tools for protecting assets

Processes for managing and preventing cyber threats

Rate this question:
10

Incorrect! Uh-oh!
The core duty of cybersecurity is to identify, mitigate, and manage
_____ to an organization's digital assets.
threat
Correct answer(s):

cyberrisk
Rate this question:
02

Incorrect! Keep trying

A _____ is based on logical rather than physical connections, and
thus, it allows great flexibility.
switc
Correct answer(s):

VLAN
Rate this question:
02