1.

In which framework would you most likely find a matrix of tac9cs used at different
stages of a cyber a=ack lifecycle?

A. CIS Cri9cal Security Controls

B. Cyber Kill Chain
C. OWASP Top Ten
D. MITRE ATT&CK
Answer: D. MITRE ATT&CK

2. In the Diamond Model, what represents the tools, malware, or methods used by the
a=acker?
A. Adversary
B. Infrastructure
C. Capability
D. Result
Answer: C. Capability

3. In the Cyber Kill Chain, which phase is focused on pairing a payload with an exploit?

A. Reconnaissance
B. Weaponiza9on
C. Delivery
D. Installa9on

Answer: B. Weaponiza9on

4. As per NIST guidelines, which document provides guidance specifically on computer

security incident handling?
A. NIST SP 27001
B. NIST SP 27000 – Sub IR
C. NIST SP 800-53
D. NIST SP 800-61

Answer: D. NIST SP 800-61

5. Which tool primarily aggregates and correlates logs from different sources to iden9fy
poten9al security incidents?
A. Vulnerability Scanner
B. Firewall
C. Intrusion Detec9on System (IDS)
D. Security Informa9on and Event Management (SIEM)

Answer: D. Security Informa9on and Event Management (SIEM)

6. If an organiza9on wants to keep logs for a minimum of one year for compliance reasons,
what is this an example of?
A. Data minimiza9on
B. Data reten9on policy
C. Data normaliza9on
D. Data encryp9on

Answer: B. Data reten9on policy

7. Which tool is commonly used for forensic imaging of hard drives?

a) netstat
b) Wireshark
c) dd
d) nmap

Answer: c) dd

8. When dealing with cloud environments, which of the following is a poten9al barrier to
effec9ve digital forensics?
a) Over-reliance on physical servers
b) Too much storage availability
c) Inability to access server logs due to provider restric9ons
d) Decreased scalability
Answer: c)

9. During forensic analysis of a cloud-based incident, it's vital to consider:

a) SLAs with the cloud provider
b) The make and model of user devices
c) The physical loca9on of the user
d) The type of cooling system used in data centers

Answer: a) SLAs with the cloud provider

10. Which of the following is NOT typically a considera9on when placing data on legal hold?
a) Dura9on of the hold
b) Cloud provider's market share showing acceptability by the legal community
c) Specific data types and loca9ons
d) Preserva9on methods and procedures

Answer: b) Cloud provider's market share showing acceptability by the legal community

11. Which document provides detailed technical steps to recover IT systems following a
disrup9on?
A) Business Con9nuity Plan
B) Disaster Recovery Plan
 C) Incident Response Plan
D) Security Policy Document
Answer: B) Disaster Recovery Plan

12. An individual who knowingly causes the transmission of a program that damages a
computer, network, or system could be prosecuted under which sec9on of the CFAA
A) Sec9on 1029
B) Sec9on 1030(a)(5)(A)
C) Sec9on 1041(a)(7)
D) Sec9on 1052(b)(3)
answer: B)

13. Which component of FISMA emphasizes the need for con9nuous monitoring of
informa9on systems?
A) Risk Management Framework (RMF)
B) Federal Agency Security Prac9ces (FASP)
C) Categoriza9on of Informa9on Systems
D) Informa9on System Security Officer (ISSO) responsibili9es

Correct Answer: A) Risk Management Framework (RMF)

14. Which requirement in PCI DSS focuses on the use of strong cryptography and secure
protocols?
A) Requirement 1(Build and Maintain Secure Network and Systems)
B) Requirement 6 (Maintain a Vulnerability Management System)
C) Requirement 9 (Implement Strong Access Control Measures)
D) Requirement 4 (Protect Cardholder Data)
Correct Answer: D) Requirement 4

15. A file in a system has an associated list detailing that User A can read and write, while
User B can only read. This is an example of:

A) Capabili9es Table

B) Role-Based Access

C) Mandatory Access Control with Clearances

D) Access Control List

Answer: D

16. A system uses a table that indicates User X can access Files Y and Z, while User A can
access File B. What best describes this system?

A) ACLs for MAC

B) Capabili9es Table
 C) Role-Based Access with MAC

D) Lafce-Based Access Control

Answer: B

17. In a MAC system, how is the decision made regarding a user's access to a file?

A) Based on the user's role in the organiza9on.

B) Based on the permissions assigned by the file's owner.

C) Based on matching the user's clearance with the file's label.

D) Based on the tasks the user is currently performing.

Answer: C

18. Which process involves an en9ty claiming a specific iden9ty, usually through a unique
iden9fier?

A) Authen9ca9on

B) Authoriza9on

C) Accountability

D) Iden9fica9on

Answer: D

19. Which principle is enforced by the Bell-LaPadula model to prevent informa9on from
flowing from a high-security level to a low-security level?

A) Simple Security Property (ss-property)

B) Star Property (!-property)

C) Discre9onary Security Property (ds-property)

D) Strong Tranquility Property

Answer: A

20. clearance cannot write to objects (like files) at a lower security level?

A) Star Property (!-property)

B) Simple Security Property (ss-property)

C) Discre9onary Access Property

D) Strong Tranquility Property

Answer: A
21. The Bell-LaPadula model is primarily concerned with which of the following aspects of
security?

A) Integrity

B) Availability

C) Confiden9ality

D) Accountability

Answer: C

22. Which model provides a set of eight basic protec9on rights, including the right to
create an object and the right to destroy an object?

A) Graham-Denning

B) Clark-Wilson

C) Bell-LaPadula

D) Zero Trust Architecture

Answer: A

23. Which model focuses on commercial security, addressing the inadequacies of the Bell-
LaPadula and Biba models in that context?

A) Graham-Denning

B) Clark-Wilson

C) Zero Trust Architecture

D) Bell-LaPadula

24. Biba—integrity Bell---confiden9ality

25. Which model does not inherently focus on the separa9on of du9es concept

A) Biba

B) Clark-Wilson

C) Bell-LaPadula

D) Graham-Denning

Answer: A

26. Which type of firewall works at the network layer and makes decisions based on
source and des9na9on IP addresses, port numbers, and protocols?

A) Proxy Firewall
 B) Applica9on Firewall

C) Packet Filtering Firewall

D) Circuit-Level Gateway

27. Which firewall feature keeps track of ac9ve connec9ons to determine if an incoming
packet is part of an established connec9on?

A) Dynamic Packet Filtering

B) State Table

C) Address Restric9ons

D) Applica9on Inspec9on

Answer: B

28. Which is a primary advantage of stateful packet inspec9on over sta9c packet filtering?

A) Faster processing of packets.

B) The ability to understand the context of a connec9on.

C) Simpler rule sets.

D) Lower resource consump9on.

Answer: B

29. If a firewall only allows incoming traffic if it corresponds to a request sent from inside
the network, it's likely using:

A) Address Restric9ons

B) Sta9c Packet Filtering

C) Dynamic Packet Filtering

D) Stateful Packet Inspec9on

Answer: D

30. A firewall that evaluates packets based on both its pre-defined rules and the state of
the connec9on is known as:

A) Dynamic Packet Filtering Firewall

B) Stateful Packet Inspec9on Firewall

C) Sta9c Packet Filtering Firewall

D) Content Filtering Firewall

Answer: B
31. Which of the following is typically used for end-to-end communica9ons between
individual devices in VPN setups?

A) Tunnel Mode

B) Transport Mode

C) Secure Mode

D) Gateway Mode

Answer: B

32. Which protocol separates authen9ca9on, authoriza9on, and accoun9ng processes?

A) RADIUS

B) LDAP

C) TACACS+

D) Diameter

Answer: C

33. Which protocol was specifically designed to provide authen9ca9on in ISP

environments?

A) Diameter

B) SNMP

C) TACACS

D) SSH

Answer: A

34. In terms of security, which protocol encrypts the en9re authen9ca9on packet?

A) RADIUS

B) Diameter

C) TACACS+

D) SMTP

Answer: C

35. Which protocol has an extensible architecture that can support new command codes
and aYributes without affec9ng exis9ng commands?

A) SSH

B) RADIUS
 C) TACACS+

D) Diameter

Answer: D

36. Which of the following is a common use case for a network-based intrusion detec9on
system (NIDS)?

a) Monitoring and analyzing network traffic for signs of intrusion or malicious ac9vity
b) Monitoring and analyzing system files and configura9ons on a specific host or device
c) Detec9ng and preven9ng malware infec9ons
d) Detec9ng and preven9ng unauthorized access to a network
Correct Answer: a)

37. Which of the following IDS techniques can BEST detect zero-day vulnerabili9es?
a) Anomaly-based IDS
b) Signature-based IDS
c) Behavior-based IDS
d) Heuris9c-based IDS

Correct Answer: a) Anomaly-based IDS

38. What is the primary advantage of using signature-based detec9on over anomaly-based
detec9on?
a) Can detect unknown threats
b) Lower false posi9ve rates
c) Requires less computa9onal resources
d) More adaptable to changing environments
Answer: b

39. Which of the following is a common use case for a log file monitor?
a) Detec9ng unauthorized access to a system
b) Blocking malicious traffic
c) Encryp9ng sensi9ve data
d) Scanning for vulnerabili9es
Correct Answer: a)

40. Ques9on: What is the primary purpose of a hashing in informa9on security?

a) Encryp9ng sensi9ve data

b) Ensuring data integrity
c) Hiding data from unauthorized users
d) Securing network communica9ons
Correct Answer: b) Ensuring data integrity

41. Chosen Ciphertext a=acks are mostly used against what kind of cipher?
a. Private Key Cipher
 b. Symmetric key Ciphers
c. Public Key Ciphers
d. Hash Algorithms
Ans. C –
42. What is not a method of steganography?
a. Superimposi9on
b. Injec9on
c. Subs9tu9on
d. Genera9on of a new file

Answer – A

43. Which of the following is another name for rotor system?

A. Hebern Machine
B. Enigma Machine
C. Vernam Cipher
D. Jefferson Disks
Ans- A

44. What is not a method of encryp9on?

a. Subs9tu9on
b. Combina9on
c. Permuta9on
d. Hybrid

Answer – B

45. Which type of encryp9on uses a one way transforma9on that is not reversible
a. MD5
b. RSA
c. DES
d. Diffie-Hellman

Ans. A

46. Which of the following requirements is not a goal of cryptography?

a. Confiden9ality
b. Availability
c. Non-Repudia9on
d. Authen9ca9on

Answer B

47. Which of the following best describes shuffling the order of characters?
a. Permuta9on
b. Rota9on
c. Subs9tu9on
d. Hybrid
Answer A

48. Block Ciphers operate in several modes; which is the simplest?

a. ECB
b. OFB
c. CFB
d. CBC

Answer A

49. Which block cipher mode is suscep9ble to brute force a=acks?

a. OFB
b. ECB
c. CFB
d. CBC

Answer – A

50. Which cryptological algorithm has no key encryp9on?

a. Symmetric
b. Asymmetric
c. IDEA
d. Hash

Answer D

51. What is the block length of the Rijndael Cipher?

a. 56
b. 128
c. 256
d. Variable

Answer – D

52. Which standard defines the format and structure of digital cer9ficates used in many
security protocols, including SSL/TLS?

A) SSL/TLS
B) X.509
C) PKCS#12
D) PGP
Correct Answer: B) X.509

53. Ques9on: What is a key aspect to examine in intranet vulnerability assessments?

A) The aesthe9cs of the intranet interface

B) The content quality on the intranet portals

C) The strength and effec9veness of network security controls

D) The speed of content delivery on the intranet

E) The number of users accessing the intranet daily

Correct Answer: C) The strength and effec9veness of network security controls