Score: 0.

00 of null% Correct: 0 Incorrect: 0

Mock Exam

Question 1: View Explanation

A hacker tries to exploit a weakness in a website's user login page by inputting malicious code
into the username field, hoping to manipulate the underlying database and gain unauthorized
access. Which of the following involves this type of attack, attempting to take advantage of
database misconfigurations?

SQL Injection

Command Injection

Directory Traversal

Cross-Site Scripting (XSS)

Submit

Question 2: View Explanation

An IT manager notices unusual spikes in server traffic from one of the company's database
servers, occurring sporadically late at night when the office is closed. Which of the following is
most likely happening?

Malicious software is locking and encrypting database files.

A Distributed Denial of Service (DDoS) attack is underway.

Sensitive information is being stolen from the database.

A time-based script is corrupting database entries.

Submit

Question 3: View Explanation

To ensure thorough monitoring of unauthorized changes and software on company servers
and workstations, what should a security engineer implement?

Signature-based traffic blocking

Network exit traffic analysis

Task logging system

Score:Install
0.00 ofendpoint
null% management software on Correct:
all systems
0 Incorrect: 0

Submit

Question 4: View Explanation

In a penetration testing engagement, what document typically outlines the estimated time
required for the test?

Business Partnership Agreement

Non-disclosure Agreement

Service Level Agreement

. Statement of Work

Submit

Question 5: View Explanation

A company wants to prevent unauthorized vehicles from entering its premises. Which of the
following would be most effective?

Video surveillance

Access badge

Access control vestibule

Bollards

Submit

Question 6: View Explanation

When a security analyst notices unusual network activity during off-hours, what is most likely
happening?

Ransomware Attack

Network Scanning

Data Breach

Scheduled Maintenance

Submit
Score: 0.00 of null% Correct: 0 Incorrect: 0
Question 7: View Explanation
To prevent tailgating into a secure building, which of the following would be the most effective
solution?

Bollards

Access control vestibule

Video surveillance

Infrared sensors

Submit

Question 8: View Explanation

A logistics company is revising its risk management strategies. They are considering an
approach where some identified risks will not be actively mitigated but will be acknowledged
and monitored. What risk management strategy are they contemplating?

Risk Mitigation

Risk Acceptance

Risk Avoidance

Risk Transfer

Submit

Question 9: View Explanation

During a security audit, an IT team finds unauthorized encryption of company data and a
demand for payment to restore access. What type of malware attack is this?

Ransomware

Logic bomb

Rootkit

Virus

Submit

Question 10: View Explanation

 An organization wants to enhance its security measures to prevent employees from
Score: 0.00 of null% Correct: 0 Incorrect: 0
inadvertently installing harmful applications. What is the most effective strategy?

VPN implementation

Implementing an application allow list

User access control

Regular malware scans

Submit

Question 11: View Explanation

What is used to validate a certificate when presented to a user in a digital transaction?

Online Certificate Status Protocol (OCSP)

Certificate Signing Request (CSR)

Certificate Authority (CA)

Cyclic Redundancy Check (CRC)

Submit

Question 12: View Explanation

In planning for a disaster recovery site, what should a company consider to ensure continuity
despite natural disasters?

Diverse technological platforms

System load balancing

Geographic distribution

Immediate operational site

Submit

Question 13: View Explanation

An organization discovers that an unauthorized version of its software was distributed to users,
containing hidden malicious code. Which vulnerability type does this scenario describe?

SQL injection
Score:Firmware
0.00 of null% Correct: 0 Incorrect: 0
Malicious update

Jailbreaking

Submit

Question 14: View Explanation

A company is discarding a classified storage array and hires an external vendor for disposal.
What is required for this process?

Provide proof of ownership

Maintain an inventory list

Provide disposal certification

Assign a data classification level

Submit

Question 15: View Explanation

hy is a backout plan an essential part of change management in ensuring security?

It provides a record of who approved the change.

It dictates who owns the change process.

It offers a strategy to revert changes if they negatively impact security.

It schedules the implementation of changes.

Submit

Question 16: View Explanation

A financial institution wants to enhance the security of customer account access. What should
they implement?

Attribute-based access controls

Passwordless authentication

Multifactor authentication with hard authentication tokens

Passwords with complex requirements

Score: 0.00 of null% Submit
Correct: 0 Incorrect: 0

Question 17: View Explanation

A software company learns of an exploit in its product that attackers are using, which the
company was previously unaware of. This exploit had not been identified or patched. What
type of vulnerability does this represent?

Supply chain

Mobile device

Zero-day

Firmware

Submit

Question 18: View Explanation

A financial institution uses a technology that encrypts data as it travels across the internet to
ensure secure communication between its branches. What is this technology?

IPSec (Internet Protocol Security)

SASE (Secure Access Service Edge)

VPN (Virtual Private Network)

TLS (Transport Layer Security)

Submit

Question 19: View Explanation

An organization wants to ensure that a document's content remains unaltered during
transmission. What technique should they use?

Hashing

Symmetric encryption

Steganography

Asymmetric encryption

Submit
Score: 0.0020:
Question of null% Correct: 0 Incorrect: 0
View Explanation
To store customer data on a separate part of the network that is not accessible to users on the
main corporate network, the administrator should use:

Data Encryption

Network Segmentation

Virtual Private Network (VPN)

Regular System Updates

Submit

Question 21: View Explanation

In order to enhance the situational and environmental awareness of users transitioning from
remote to in-office work, a company should consider:

Revising the office emergency response plan.

Conducting a survey to understand the specific needs of returning employees.

Modifying the content of current training.

Installing advanced security software on all office devices.

Submit

Question 22: View Explanation

A company operates customer service terminals that are found to be running on outdated,
end-of-life operating systems, the security team is likely to focus on a particular security
concern directly related to the use of such systems. The most relevant security implication they
would document is:

Vulnerability to New Threats

Data Restoration Efficiency

Patch Availability

Upgrade and Maintenance Expenses

Submit

Question 23: View Explanation

 Before integrating a new software solution into its operations, a company evaluates its security
Score: 0.00 of null% Correct: 0 Incorrect: 0
features to ensure it meets their standards. What part of asset management is this?

Disposal/decommissioning

Monitoring/asset tracking

Assignment/accounting

Acquisition/procurement process

Submit

Question 24: View Explanation

In a data center, which two practices should be implemented to prevent data loss through
physical media? (Select two).

Implementing DLP Solutions

Data Encryption

Data Encryption

Secure Media Storage

Disabling USB Ports

Submit

Question 25: View Explanation

An organization's IT department uses software to monitor network traffic for unusual activity.
This is an example of which type of security control?

Corrective

Preventive

Compensating

Detective

Submit

Question 26: View Explanation

For a security analyst to effectively gauge the risk posed to their organization by a newly
disclosed security vulnerability, they would need access to certain key information. The most
 relevant resource to aid in this assessment would be:
Score: 0.00 of null% Correct: 0 Incorrect: 0

Detailed Network Topology Diagrams

Incident Response Team Contact List

Comprehensive Software and Hardware Inventory

Vendor Security Audit Reports

Submit

Question 27: View Explanation

In an effort to maintain high security standards in a corporate network, what action should an
IT administrator take to effectively track and manage any unauthorized modifications or
software installations on all company computers?

Regularly updating firewall rules.

Restricting internet access to pre-approved websites only.

Deploying endpoint management software across all machines.

Implementing a strict password policy for all users.

Submit

Question 28: View Explanation

An organization decides to implement a system where employees must use their fingerprints
to access secure areas. This is an example of which type of security control?

Physical

Managerial

Technical

Operational

Submit

Question 29: View Explanation

An employee of a technology company begins to use unauthorized cloud services to speed up
their work, bypassing the company's approved IT processes. This behavior represents a risk
posed by:
Score:Unskilled Attacker
0.00 of null% Correct: 0 Incorrect: 0
Shadow IT

Insider Threat

Organized Crime

Submit

Question 30: View Explanation

To ensure that a single natural disaster would not result in the complete loss of backup data for
a company planning a disaster recovery site, the company should consider:

Geographic dispersion

Diversifying hardware vendors

Implementing a redundant server system

Cloud-based storage solutions

Submit

Question 31: View Explanation

A company's security team wants to securely verify the integrity of files downloaded from the
internet. Which method should they use?

Key stretching

Symmetric encryption

Data obfuscation

Digital signatures

Submit

Question 32: View Explanation

A university's IT department wants to monitor and respond to suspicious activities on their
network in real-time. Which solution should they implement?

Implement DNS filtering

Enforce Group Policy for operating systems

Update firewall access lists

Score:Deploy
0.00 ofEDR/XDR
null% solutions Correct: 0 Incorrect: 0

Submit

Question 33: View Explanation

A group of journalists at a news agency experience a security breach when several of their
computers are infected with malware. This occurs after they access a popular online forum for
journalists that had been secretly compromised by hackers. Which of the following best
describes this type of attack?

Spoofing

Watering-hole

Vishing

Phishing

Submit

Question 34: View Explanation

In a scenario where a highly secure network, isolated from the internet and external networks
(an air-gapped network), experiences data loss, the most common pathway for this data loss is
often through:

Outdated Firewall Systems

Unsecured Wireless Connections

Removable Devices

Hard Drives

Submit

Question 35: View Explanation

A DevOps team in a software company is looking for an efficient way to automate and manage
the provisioning and management of their cloud infrastructure for various projects. Which of
the following approaches should they adopt to facilitate this process?

Cloud Service Models

Platform as a Service (PaaS)

Infrastructure as Code (IaC)

Score:Virtual
0.00 ofNetwork
null% Provisioning Correct: 0 Incorrect: 0

Submit

Question 36: View Explanation

Question: In the process of implementing Full Disk Encryption (FDE) on all company laptops,
what are the two most critical aspects the IT specialist should consider? (Select two).

Encryption Algorithm Strength

Backup and Recovery Procedures

Key escrow

Certificate authority linking

Submit

Question 37: View Explanation

How does a maintenance window contribute to change management in terms of security?

It provides a controlled timeframe to implement changes.

It dictates the approval process.

It outlines the backout plan.

It ensures all stakeholders are informed.

Submit

Question 38: View Explanation

Which type of threat actor is most likely to be contracted by a foreign government to carry out
cyber-attacks against critical systems in other countries?

Novice hacker

Organized crime group

Disclosure-driven individual

Activist hacker

Submit
Score: 0.0039:
Question of null% Correct: 0 Incorrect: 0
View Explanation
A bank requires all of its vendors to implement measures to prevent data loss on stolen
laptops. Which strategy is the bank demanding?

Access right limitations

. Data obfuscation

Disk encryption

Information categorization

Submit

Question 40: View Explanation

A smartphone user wants to access features not available in the standard operating system.
What method would enable this?

Utilizing scripting vulnerabilities

Jailbreaking

Direct software installation

Exploiting database vulnerabilities

Submit

Question 41: View Explanation

During the incident response process, what is the focus in the preparation phase?

Conducting Post-Incident Reviews

Analyzing the Incident

Restoring Systems to Normal Operation

Developing Response Strategies

Submit

Question 42: View Explanation

A bank implements a security measure ensuring that once a transaction is executed, neither
the customer nor the bank can deny its occurrence. This measure is an implementation of:
Score:Non-repudiation
0.00 of null% Correct: 0 Incorrect: 0
Authentication

Integrity

Gap Analysis

Submit

Question 43: View Explanation

The incident response activity that ensures evidence is properly handled is:

Chain of Custody

Data Recovery

Incident Documentation

Forensic Analysis

Submit

Question 44: View Explanation

A company's IT department implements a system where users must provide evidence of their
identity before gaining access to sensitive data. This process is an example of:

Authentication

Authorization

Accounting

Non-repudiation

Submit

Question 45: View Explanation

A small business is assessing its ability to recover critical functions after a major disruption.
They are focusing on the time it would take to resume these functions. What specific aspect of
Business Impact Analysis are they evaluating?

Mean Time to Repair (MTTR)

Recovery Time Objective (RTO)

Recovery Point Objective (RPO)

Score:Mean Time
0.00 of Between Failures (MTBF)
null% Correct: 0 Incorrect: 0

Submit

Question 46: View Explanation

To enhance security, a financial institution disables all unused ports and protocols on its
servers. What does this action exemplify?

Hardening techniques

Monitoring

Configuration enforcement

Decommissioning

Submit

Question 47: View Explanation

In a scenario where a company's marketing department collects, modifies, and stores sensitive
customer data, and the IT team secures the data during transit and storage, what is the role of
the customer in this data lifecycle?

Data subject

Data processor

Data owner

Data custodian

Submit

Question 48: View Explanation

A security team discovers a significant security flaw in the firmware of their older model
surveillance cameras, which could potentially allow unauthorized network access. To mitigate
this vulnerability quickly, which of the following actions should the security team take?

Upgrading to Newer Camera Models

Applying Firmware Updates

Isolating the Camera Network

Implementing a Firewall
Score: 0.00 of null% Submit
Correct: 0 Incorrect: 0

Question 49: View Explanation

A company decides to implement measures to ensure only authorized personnel can access a
secure facility. Which two methods should be utilized? (Select two).

Mantrap Entryways

Biometric Scanners

Security Patrols

Visitor Logbooks

Keycard Access

Submit

Question 50: View Explanation

A network manager is implementing an intrusion detection system (IDS) to enhance the
security of the company's network. Which of the following actions should the manager take
first?

Disconnect the network from the internet during non-business hours.

Configure the firewall to block all unrecognized traffic.

Define security policies for network traffic.

Set up alerts for any suspicious network activity.

Submit

Question 51: View Explanation

Following a security awareness training session, an employee reported a suspicious call
claiming to need credit card details to close an invoice on behalf of the CFO. Which training
topic did this employee recall?

Targeted phishing of executives

Social engineering tactics

Email phishing awareness

Insider threat awareness

Score: 0.00 of null% Submit
Correct: 0 Incorrect: 0

Question 52: View Explanation

To identify the creator and creation date of a suspicious file found on a server, what should a
security analyst check?

Network activity logs

Server access logs

File's hash value

File's metadata

Submit

Question 53: View Explanation

financial institution wants to secure its email communication against impersonation and fraud.
What technology should they implement?

Deploy NAC policies

Implement email security protocols like DMARC, DKIM, and SPF

Enable DNS filtering

Configure web filter with reputation-based blocking

Submit

Question 54: View Explanation

An organization configures its cloud infrastructure to disable unnecessary services, apply the
latest security patches, and restrict access based on user roles. What practice does this scenario
describe?

Maintaining secure baselines

Hardening targets

Deploying secure baselines

Establishing secure baselines

Submit
Score: 0.0055:
Question of null% Correct: 0 Incorrect: 0
View Explanation
A user finds a website that looks identical to their bank�s site, but the URL has a minor
spelling mistake. After entering their login details, the user realizes the website is fraudulent.
What kind of attack just occurred?

Brand impersonation

Pretexting

Phishing

Typosquatting

Submit

Question 56: View Explanation

What team focuses on both attack simulation and defense strategies to enhance the security of
an organization?

Purple Team

Integrated Security Team

Network Defense Team

Tactical Response Team

Submit

Question 57: View Explanation

In a banking environment, what is the primary reason for conducting regular audits?

Compliance with Regulations

Operational Efficiency

Internal Policy Review

Operational Efficiency

Submit
Score: 0.0058:
Question of null% Correct: 0 Incorrect: 0
View Explanation
healthcare provider needs to ensure that patient data is accessed only by authorized
personnel. What access control strategy should they prioritize?

Setting up discretionary access controls

Implementing role-based access controls (RBAC)

Implementing time-of-day restrictions

Using attribute-based access controls

Submit

Question 59: View Explanation

In a context where a network security analyst is assessing various security flaws within their
organization's computer systems, they need a method to gauge the severity of each flaw to
determine prioritization for fixes. Which system should they utilize to provide a numerical score
that reflects the severity and urgency of each vulnerability?

Vulnerability Severity Rating (VSR)

Security Risk Evaluation Metric (SREM)

Threat Level Index

Common Vulnerability Scoring System (CVSS)

Submit

Question 60: View Explanation

A company wants to enhance the awareness of its staff about security as they transition back
to office work from remote settings. What approach should be taken?

Revise onboarding material

Regular security notifications

Conduct simulated attack exercises

Update ongoing training programs

Submit

Question 61: View Explanation

 A company�s IT department plans to update its customer relationship management (CRM)
Score: 0.00 of null% Correct: 0 Incorrect: 0
software. To minimize the impact on the sales team and customers, the IT department decides
to follow a best practice that allows them to perform the update at a time that would least
affect business operations. The best practice they would likely follow is:

Maintenance Windows

Stakeholder Consultation

Scheduled Downtime

Contingency Planning

Submit

Question 62: View Explanation

For an organization aiming to enhance its cybersecurity infrastructure by implementing a tool
that aggregates and analyzes security-related data from various sources within its network, the
most suitable technology would be:

Network Behavior Analysis Tool

Security Information and Event Management (SIEM)

Unified Threat Management System

Centralized Log Management System

Submit

Question 63: View Explanation

To facilitate secure, remote access to a client's environment for a security consultant, which of
the following technologies would be most appropriate?

Remote Desktop Protocol (RDP)

Secure Shell (SSH)

Wireless Encryption Protocol (WEP)

Virtual Private Network (VPN)

Submit

Question 64: View Explanation

 The strategy represented by a company purchasing cyber insurance to address items listed on
Score: 0.00 of null% Correct: 0 Incorrect: 0
its risk register is:

Risk Avoidance

Risk Transfer

Risk Mitigation

Risk Acceptance

Submit

Question 65: View Explanation

A hospital IT manager needs to ensure that medical staff, administrative staff, and other
employees have access only to the specific systems and data relevant to their job roles. Which
method should the IT manager use to efficiently assign and manage these access privileges?

Password Authentication Protocol (PAP)

Biometric Access System (BAS)

Role-Based Access Control (RBAC)

Firewall Configuration

Submit

Question 66: View Explanation

An online retailer is drafting contracts with a new shipping vendor. What type of agreement is
essential to outline the performance metrics and expectations for timely deliveries?

Business Partners Agreement (BPA)

Service-Level Agreement (SLA)

Memorandum of Understanding (MOU)

on-disclosure Agreement (NDA)

Submit

Question 67: View Explanation

In a company, an IT specialist is planning to enhance the security of data storage systems to
protect against external threats. Which of the following is the best method?
Score:Implementing
0.00 of null% strong password policies Correct: 0 Incorrect: 0
Regularly updating antivirus software

Encryption at rest

Increasing network firewall rules

Submit

Question 68: View Explanation

An international corporation ensures its data complies with the laws and regulations of the
country where it is stored and processed. What consideration is this an example of?

Geolocation

Data at rest

Data in transit

Data sovereignty

Submit

Question 69: View Explanation

A university's IT department is concerned about the growing trend of cyber attacks in the
education sector and is preparing a report for the university's board. The report specifically
focuses on the rise of phishing attacks targeting university systems. Which of the following
best describes the likely perpetrator of these attacks, as outlined in the IT department's report?

Organized crime

Competitive academic institutions

Amateur hacker group

Disgruntled former student

Submit

Question 70: View Explanation

A software development manager aims to verify and maintain the authenticity of the software
code developed by their company, the most effective approach would be:

Conducting Peer Code Reviews

Score:Using Encrypted
0.00 of null% Data Transfer Protocols Correct: 0 Incorrect: 0
Code Signing of Company-Developed Software

Implementing Version Control Systems

Submit

Question 71: View Explanation

A company wants to securely exchange data with a partner organization but needs to ensure
that only they can decrypt the information. What is the best cryptographic approach?

Hashing

Data masking

Symmetric key encryption

Asymmetric key encryption

Submit

Question 72: View Explanation

To prevent malicious code from being introduced during software development, what practice
should be implemented?

Continuous integration testing

Dependency checking

Code review and approval

Dependency checking

Submit

Question 73: View Explanation

A company is setting up a system to protect confidential project information from
unauthorized external transfer. What should be the initial action?

Restrict user access to project files.

Restrict access to external file sharing services.

Apply classifications to the data.

Monitor and control email attachments.

Score: 0.00 of null% Correct: 0
Submit Incorrect: 0

Question 74: View Explanation

A healthcare company is concerned about the security of its patient data handled by third-
party providers. What clause should they ensure is included in their agreements with these
providers?

Non-disclosure Agreement (NDA)

Master Service Agreement (MSA)

Service-Level Agreement (SLA)

Right-to-Audit Clause

Submit

Question 75: View Explanation

To enhance network security, what change should a security analyst recommend if a remote
desktop service is accessible from the internet?

Setting up a VPN and firewall restrictions

Changing Default Port Configurations

Implementing Stronger Encryption

Increasing Password Complexity

Submit

Question 76: View Explanation

An administrator is working to ensure compliance with regulations regarding the storage
duration of customer transaction data. What activity is this?

Data Cataloging

Data Archiving

Data Reconciliation

Data Review

Submit
Score: 0.00 of null% Correct: 0 Incorrect: 0
Question 77: View Explanation
A fraudster contacts a company's finance department via email, pretending to be the Chief
Financial Officer, and urgently requests a wire transfer to an external account for a supposedly
confidential deal. Which of the following techniques is the fraudster using in this scenario?

Identity Fraud

Spear Phishing

Whaling

Fabrication

Submit