Table of Contents
- Question 1
- Question 2
- Question 3
- Question 4
- Question 5
- Question 6
- Question 7
- Question 8
- Question 9
- Question 10
- Question 11
- Question 12
- Question 13
- Question 14
- Question 15
- Question 16
- Question 17
- Question 18
- Question 19
- Question 20
- Question 21
- Question 22
- Question 23
- Question 24
- Question 25
- Question 26
- Question 27
- Question 28
- Question 29
- Question 30
- Question 31
- Question 32
- Question 33
- Question 34
- Question 35
- Question 36
- Question 37
- Question 38
- Question 39
- Question 40
- Question 41
- Question 42
- Question 43
- Question 44
- Question 45
- Question 46
- Question 47
- Question 48
- Question 49
Question 1
Which of the following best describes the principal goal of data science?
A. To collect and archive exhaustive data sets from various source systems for corporate record keeping uses.
B. To mine and analyze large amounts of data in order to uncover information that can be leveraged for operational improvements and business gains.
C. To prepare data for analysts to use as part of analytics applications.
Correct Answer
B. To mine and analyze large amounts of data in order to uncover information that can be leveraged for operational improvements and business gains.
Question 2
What is the primary difference between a data scientist and a data engineer?
A. A data engineer collects data, while a data scientist prepares it for analysis.
B. A data engineer analyzes data, while a data scientist prepares it for analysis.
C. A data engineer prepares data for analysis, while a data scientist does the analysis.
Correct Answer
C. A data engineer prepares data for analysis, while a data scientist does the analysis.
Question 3
A recommended strategy for establishing a data science team is:
A. Focus only on analytics skills when hiring data scientists, as that is the most important area of expertise for the job.
B. Before establishing the team, make sure your company is ready by ensuring that the proper data management frameworks and processes are in place.
C. Set up separate teams of data scientists and data engineers to make sure each job is done as efficiently as possible.
Correct Answer
B. Before establishing the team, make sure your company is ready by ensuring that the proper data management frameworks and processes are in place.
Question 4
True or false? The number of data science jobs far outnumbers the supply of data scientists.
A. True
B. False
Correct Answer
A. True
Question 5
Some companies are integrating aspects of the scientific method into their data science processes, such as following experimental procedures. What is one benefit of doing this?
A. Applying some scientific rigor helps verify that the information produced by data science applications is accurate.
B. Making the process more scientific means that analytics applications will always be successful.
C. Data scientists can work more independently when they’re following defined experimental processes.
Correct Answer
A. Applying some scientific rigor helps verify that the information produced by data science applications is accurate.
Question 6
True or false? Research scientists trained in disciplines such as physics don’t make good data scientists because they often lack a business or technology background.
A. True
B. False
Correct Answer
B. False
Question 7
All of the following are examples of effective data science techniques except:
A. Designing data science projects to find solutions to existing business issues.
B. Using metrics that match analytics goals and provide the information needed to optimize business practices.
C. Making information produced by analytic applications very high-level and academic.
D. Devoting parts of the data science process to long-term analytics projects that will eventually produce business value.
Correct Answer
C. Making information produced by analytic applications very high-level and academic.
Question 8
Can smaller businesses take advantage of data science initiatives even if they can’t afford the high price tag of a dedicated data science team?
A. Yes, there are other ways for them to take advantage of data science techniques.
B. No, data science is only for large organizations with sufficient resources.
Correct Answer
A. Yes, there are other ways for them to take advantage of data science techniques.
Question 9
Which phrase does DevOps accurately describe/encompass/embody?
A. DevOps is a cultural approach to improving communications between the development and operations teams in an organization
B. DevOps is the term describing someone who moderates the exchanges between development and operations
C. DevOps is the name of a job for an employee who can work as both a systems engineer and a developer
D. All of the above
Correct Answer
D. All of the above
Question 10
The DevOps movement is an outgrowth of which software development methodology?
A. Agile
B. Waterfall
C. Promise-based algorithms
D. Test-driven development and model-driven development
Correct Answer
A. Agile
Question 11
Which of these tools is not associated with DevOps?
A. Chef
B. Puppet
C. Juju
D. Liebert MPX
Correct Answer:
D. Liebert MPX
Question 12
The DevOps movement has evolved to solve which problem?
A. Increasingly complex, virtualized IT environments
B. The need for multiple rapidly timed software releases; sometimes many in one day
C. The traditional siloed approach to app development and deployment
D. All of the above
Correct Answer:
D. All of the above
Question 13
True or false? DevOps automation tools rely on coding skills.
A. True
B. False
Correct Answer:
A. True
Question 14
Which of these would not rank as a primary concern when choosing a DevOps tool?
A. Compatibility with cloud platforms, such as Amazon Web Services
B. Integration with environmental sensors on the data center floor
C. Reporting and control integration with collaboration tools
D. Communication with other management or monitoring tools
Correct Answer:
B. Integration with environmental sensors on the data center floor
Question 15
True or false? Most apps are written specifically using the DevOps methodology.
A. True
B. False
Correct Answer:
B. False
Question 16
Which of the following is not a category of authentication?
A. Something you are
B. Something you read
C. Something you know
D. Something you have
Correct Answer:
B. Something you read
Question 17
Which of the following is a potential drawback of MFA on mobile devices?
A. Password sharing with personal accounts
B. More work for users
C. Complicated policy enforcement
D. Lack of support on mobile device hardware
Correct Answer:
B. More work for users
Question 18
Which of the following is a benefit of an on-device mobile authenticator app?
A. It can wipe the device to prevent attacks
B. It adds an additional layer of authentication in case a device is compromised
C. Users don’t have to run partitioned devices
D. None of the above
Correct Answer:
B. It adds an additional layer of authentication in case a device is compromised
Question 19
Which of the following biometric authentication factors isn’t supported by mainstream mobile devices?
A. Iris
B. Fingerprint
C. Tongue
D. Voice
Correct Answer:
C. Tongue
Question 20
Which authentication technology identifies users by relying on mobile carrier technology?
A. Satellite authentication
B. Direct autonomous authentication
C. Carrier cell authentication
D. Central service authentication
Correct Answer:
B. Direct autonomous authentication
Question 21
True or false: Mobile devices can require a location as an authentication factor to access certain assets.
A. True
B. False
Correct Answer:
A. True
Question 22
What can an enterprise information security team learn by looking at its previous data breaches or security incidents?
A. Where the organization historically has had “soft spots”
B. Insecure business processes
C. The cost of a security breach at your organization
D. All of the above
Correct Answer:
D. All of the above
Explanation:
An organization should look at its previous data breaches or security incidents to know where to focus precious time, money and effort. Since every organization is different, defending past weaknesses and fixing past mistakes is a great place to start.
Question 23
With the right data breach prevention strategy, which kind of data breach can be entirely avoided?
A. Malware infection
B. Lost or stolen laptop
C. Account compromise
D. Weak passwords
E. None of the above
Correct Answer:
E. None of the above
Explanation:
No data breach prevention strategy can totally eliminate the risk of a data breach, but the likelihood of breaches due to any of the above can be greatly reduced with the right mix of policy, process, technology and training.
Question 24
Which is not a method to identify a “soft spot” in your enterprise’s security?
A. Penetration test
B. Vulnerability scan
C. Risk assessment
D. Password changes
E. None of the above
Correct Answer:
D. Password changes
Explanation:
Password changes happen commonly in any organization with a short password-change cycle.
Question 25
Where are mistakes most commonly made when an organization is assessing its data breach risk?
A. Assuming all security controls are 100% effective, so it doesn’t plan for failure.
B. Mis-assessing risk by failing to consider how an attacker would approach key systems.
C. Using log data to correlate network activity to high- and low-risk areas.
D. Failing to use modern security metrics to gauge commonly neglected risks.
Correct Answer:
B. Mis-assessing risk by failing to consider how an attacker would approach key systems.
Explanation:
Mistakes can happen in this complex process, causing a potential high-risk finding to not be identified, or classified as a low risk, so the necessary controls wouldn’t be implemented to manage the risk.
Question 26
How should you prioritize your organizational response to the recommendations from a risk assessment?
A. Get a consensus of the security team and IT decision makers.
B. Purchase several security products from emerging startups.
C. Do first whatever can be done most quickly and get an easy
D. Implement all missing security controls to reduce the risk to zero.
E. Apply available resources to identified
Correct Answer:
E. Apply available resources to identified
Explanation:
Every organization’s security posture and attack profile will be unique, so breach prevention resources must be applied to address each organization’s specific needs.
Question 27
In its study of the CISO role, Forrester Research found that:
A. unlike CEOs, most CISOs have similar personalities.
B. most cybersecurity pros don’t aspire to the CISO role because it lacks variety.
C. incompatibility between CISOs and the companies they serve — poor CISO-company fit — is a significant driver of high CISO turnover rates.
D. most CISOs have a clear understanding of their strengths and the kinds of companies and situations in which they excel.
Correct Answer:
C. incompatibility between CISOs and the companies they serve — poor CISO-company fit — is a significant driver of high CISO turnover rates.
Question 28
Nemertes Research CEO Johna Till Johnson suggests recruiting and developing in-house cybersecurity talent by:
A. hosting on-the-job training events, such as cybersecurity boot camps.
B. surveying existing employees beyond the security team to identify those with family members and friends who have the missing skills the company is hunting.
C. both.
D. neither.
Correct Answer:
A. hosting on-the-job training events, such as cybersecurity boot camps.
Question 29
In our feature story on the six types of CISO, the post-breach CISO is one who:
A. exhibits a calm and process-oriented leadership style.
B. should expect to stay in a new role for a few years.
C. should consider moving on to a new position once a company has regained its equilibrium, following a breach.
D. all of the above.
E. none of the above.
Correct Answer:
D. all of the above.
Question 30
According to cybsersecurity expert Michael Cobb, it’s essential to embed security by design throughout the software development process. But key challenges include:
A. getting senior management to realize their company is a likely target of cybercriminals.
B. making stakeholders understand that disregarding security in any part of the development lifecycle creates far-reaching vulnerabilities.
C. both.
D. neither.
Correct Answer:
C. both.
Question 31
Only one in three employees understands that not securing laptops and mobile devices with password protection creates an enormous security risk.
A. True
B. False
Correct Answer:
B. False
Question 32
The customer-facing evangelist CISO is typically:
A. quiet, calm and able to listen well to customers.
B. prone to advocate for aggressive investment in cybersecurity training.
C. one of the most problematic of CISO types.
D. a confident, charismatic leader who thrives in chaos and fast-paced environments.
Correct Answer:
D. a confident, charismatic leader who thrives in chaos and fast-paced environments.
Question 33
Leading experts suggest improving cybersecurity awareness in the workplace by:
A. tailoring training to specific roles and using peer ambassadors to promote security messages.
B, measuring improvements in awareness, while docking pay for those who fail to improve.
C, enlisting marketing pros to help brand internal security training efforts.
D. a and b.
E. a and c.
none of the above.
Correct Answer:
E. a and c.
Question 34
The term shift left refers to the practice of:
A. ignoring phishing emails that appear to come from left-leaning political candidates.
B. introducing security earlier in the development process.
C. educating payment specialists on how cybercriminals create deepfakes to steal company funds.
D. none of the above.
Correct Answer:
B. introducing security earlier in the development process.
Question 35
In the cover story on cybersecurity awareness, CISO Christina Quaine outlines how she:
A. has learned to focus cybersecurity training on the most junior employees, who are the cause of most data breaches.
B. has learned to focus cybersecurity training on the most senior members of the security team because they are most likely to overestimate their ability to recognize potential threats.
C. takes a comprehensive approach to awareness training, which includes scheduled events, ongoing initiatives and techniques aimed at different types of learners.
D. none of the above.
Correct Answer:
C. takes a comprehensive approach to awareness training, which includes scheduled events, ongoing initiatives and techniques aimed at different types of learners.
Question 36
Statistics reported in the 2020 State of Privacy and Security Awareness Report from MediaPRO find evidence that the vast majority of employees in the firms surveyed are not very confident in their ability to recognize a phishing email or when malware has infected their computers.
A. True
B. False
Correct Answer:
A. True
Question 37
True or false? Rathburn said the key aspect of predictive analytics is identifying subgroups of people, such as customers, whose expected behavior differs from that of the overall group being studied.
A. True
B. False
Correct Answer:
A. True
Question 38
According to Rathburn, which type of analysis should companies focus on as part of advanced analytics programs?
A. What-if analysis to test out different business hypotheses and scenarios
B. Who’s-next analysis to predict customer behavior and guide resource allocation
Correct Answer:
B. Who’s-next analysis to predict customer behavior and guide resource allocation
Question 39
In predictive analytics applications, Rathburn said, historical data is:
A. Critical — it must identify who does and doesn’t display the behavior in question
B. Irrelevant — building models to predict future behavior is what counts
C. Nice to have for potential use in checking the results of predictive models
Correct Answer:
A. Critical — it must identify who does and doesn’t display the behavior in question
Question 40
True or false? Rathburn said highly precise information on the behavior of individual customers is more valuable for analytical purposes than general data about groups of customers.
A. True
B. False
Correct Answer:
B. False
Question 41
Predictive models often produce conflicting results, Rathburn said. What did he recommend doing when that happens?
A. Scrapping the models and starting over by developing new ones
B. Implementing a process to identify and reduce false positives in the models
C. Basing business decisions on one set of findings to test a model’s effectiveness
Correct Answer:
B. Implementing a process to identify and reduce false positives in the models
Question 42
Which of the following answers best reflects Rathburn’s view of the potential impact of adding more data for analytical uses — for example, in “big data” analytics environments?
A. Better data ‘resolution’ due to the use of more data fields and dimensions
B. Increased analytical precision from having more records to base findings on
C. Reduced analytical accuracy because of greater data quality problems
D. All of the above
Correct Answer:
D. All of the above
Question 43
How many data records does Rathburn recommend be used in developing predictive models?
A. 2,500 to 5,000
B. 5,000 to 10,000
C. 10,000 to 20,000
D. As many as possible
Correct Answer:
A. 2,500 to 5,000
Question 44
Which of the following did Rathburn NOT list as an essential element of social media analytics?
A. The volume of social media discussions about your company
B. How the online conversation compares to what’s being said about your rivals
C. The number of ‘like’ ratings for posts on your corporate Facebook page
D. The level of engagement by customers in social media conversations
Correct Answer:
C. The number of ‘like’ ratings for posts on your corporate Facebook page
Question 45
Censys was created at the University of Michigan by the team of researchers who also developed what wide-scale internet-scanning tool?
A. Nmap
B. Zmap
C. Nikto
D. Dirbuster
Correct Answer:
B. Zmap
Explanation:
The developers of Censys are also responsible for the development of Zmap, a wide-scale internet port scanner. Nmap was originally written by Gordon Lyon and is now found at its github repository, where public users can submit code and contribute to its further development. Nikto was developed by Chris Sullo and David Lodge; more information may be found at the developers’ website, and the tool itself may be found at its github repository. Dirbuster was originally developed as part of the OWASP Dirbuster project, which is now inactive. Fortunately, the functionality of Dirbuster has been absorbed by the OWASP ZAP (Zed Attack Proxy) team, which has functionally forked Dirbuster into an extension for the ZAP project. Because these tools were all developed by a different team from the one responsible for Censys, these answers are incorrect.
Question 46
Domain registration information returned on a Whois search does not include which of the following?
A. Domain administrator e-mail
B. Domain administrator fax
C. Domain administrator organization
D. Domain administrator GPS coordinates
Correct Answer:
D. Domain administrator GPS coordinates
Explanation:
Although Whois domain registration information can be quite detailed, the most one can expect to find concerning geographic location is a physical address. GPS coordinates are not found in a Whois query, making this the correct answer. Additionally, note that this information may all ultimately be protected by a Whois guard service; for numerous reasons, web administrators may have issues with broadcasting their names, email addresses and home addresses across the internet. To account for this, domain registrars will often front their own information in Whois information for a domain, with a simple email address to contact in the case of abuse or misuse of a domain they have registered on behalf of a client. This allows action to be taken if a site with privatized Whois data is serving malware, engaged in copyright infringement or other situations where there is a legal or ethical duty to shut down a site or require its alteration.
Question 47
Open-source intelligence (OSINT) collection frameworks are used to effectively manage sources of collected information. Which of the following best describes open-source intelligence?
A. Company documentation labeled “Confidential” on an internal company storage share requiring authentication
B. Press release drafts found on an undocumented web page inside a company’s intranet
C. Any information or data obtained via publicly available sources that is used to aid or drive decision-making processes
D. Information gained by source code analysis of free and open-source software (FOSS)
Correct Answer:
C. Any information or data obtained via publicly available sources that is used to aid or drive decision-making processes
Explanation:
Open-source intelligence is any information or data obtained via publicly available sources that is used to aid or drive decision-making processes.
The first two options are incorrect because documentation labeled “Confidential” on network shared storage requiring authentication and websites locked behind a company intranet are clearly meant to share knowledge with individuals within the organization. As such, they are examples of information that would not be discoverable via open-source collection methods. The last option is incorrect because the use of the term “open source” in this case is a red herring, referring to its relevance to software rather than information gathering. Be wary for such misleading answers during the exam.
Question 48
Which method of collecting open-source intelligence consists of the collection of published documents, such as Microsoft Office or PDF files, and parsing the information hidden within to reveal usernames, e-mail addresses, or other sensitive data?
A. Metadata analysis
B. File scraping
C. File mining
D. File excavation
Correct Answer:
A. Metadata analysis
Explanation:
Metadata analysis is the term for collecting open-source intelligence by parsing published documents for information hidden within to reveal usernames, e-mail addresses, or other sensitive data.
File scraping, file mining, and file excavation are all meaningless phrases meant to sound like information security terminology, without having a specific meaning within that context. Be wary of answers in this vein during the exam.
Question 49
Which of the following search engines is not used by FOCA when searching for documents?
A. Bing
B. Google
C. Yahoo
D. DuckDuckGo
Correct Answer:
C. Yahoo
Explanation:
Yahoo is not used by FOCA when it searches for documents, making this the correct answer.
Bing, Google, and DuckDuckGo are all used by FOCA when it searches for documents.
Question 50: What is the process by which large data sets are analyzed to reveal patterns or hidden anomalies?
A. Passive information gathering
B. Footprinting
C. Active information gathering
D. Data mining
Correct Answer:
D. Data mining
Explanation:
Data mining is the process by which large data sets are analyzed to reveal patterns or hidden anomalies.
Passive and active information gathering are incorrect because they are methods of intelligence collection, not analysis. The second option is incorrect because footprinting is the process of conducting reconnaissance against computers and information systems during a penetration test with the aim of finding the most efficient methods of attack that will meet the goals of the assessment.
Question 51: In the following command, which flag is responsible for saving output to both XML and HTML files? theharvester -d example.com -b google -f foo -v -n
A. -v
B. -f
C. -n
D. -b
Correct Answer:
B. -f
Explanation:
The -f flag in theharvester will dump output into both an HTML and XML document (in this case, to foo.xml and foo.html).
The -v, -n, and -b flags, respectively, verify a hostname via DNS resolution, perform a reverse DNS query on the IP ranges discovered to be in use, and allow the user to define the data source (such as Google, Bing, or LinkedIn).
Question 52: Which technique is used during passive reconnaissance to map a user-defined hostname to the IP address or addresses with which it is associated?
A. DNS zone transfer
B. Reverse DNS lookup
C. Investigation
D. Forward DNS lookup
Correct Answer:
D. Forward DNS lookup
Explanation:
A forward DNS lookup queries the name server for a domain or hostname, for which the DNS server will then provide the associated IP address; this function is present at the heart of the internet, as the use of human-readable terms such as “google.com” in web browsers would fail without it. Put another way, in the absence of a service such as DNS, we would be required to use machine-readable logical addresses alone (that is, IP addresses) to do nearly anything across a network.
A DNS zone transfer is a type of DNS transaction wherein a DNS database is replicated to the requesting system. DNS zone transfers can be of great benefit to penetration testers if internal corporate name servers permit them; knowledge of the entirety of an organization’s IP space and hostnames can be of immense value in identifying potential targets during a penetration test. A reverse DNS lookup takes a user-provided IP address and then queries a name server for the host(s) or domain(s) with which that address is associated. Investigation is incorrect because it is not a term with an explicit definition in the lexicon of penetration testing.
Question 53: While footprinting an organization for a penetration test, you discover that a service it relies on uses FTP across port 14147 for data transfers. How could you refine a Shodan search to only reveal FTP servers on that port?
A. FTP port 14147
B. FTP:14147
C. FTP port:14147
D. FTP;port 14147
Correct Answer:
C. FTP port:14147
Explanation:
Search and filter terms in Shodan must be provided in the format search_string filter:value. In the example given, FTP port:14147 will search for FTP connections available on the open Internet and then filter all but those running on port 14147 from the search results.
The other options are incorrect because search and filter terms in Shodan must be provided in the format search_string filter:value.
Question 54: Which free and GNU-licensed tool written for the Windows operating system family gathers information by scraping metadata from Microsoft Office documents, which can include usernames, e-mail addresses, and real names?
A. Maltego
B. FOCA
C. recon-ng
D. theharvester
Correct Answer:
B. FOCA
Explanation:
FOCA is a free, GNU-licensed tool that gathers information by scraping metadata from Microsoft Office documents, which can include usernames, e-mail addresses, and real names. Note that while FOCA can be run in Linux and Unix variants using WINE (a compatibility layer or interface that allows Windows applications to run on *nix operating systems), the question specifically mentions that the tool was written for Windows, rather than stating that it only runs in Windows.
While Maltego and recon-ng are capable of scraping metadata from files with the use of transforms or modules, neither of these tools was written specifically for the Windows operating system family. Theharvester is limited to what can be pulled directly from a website; scraping the contents of files stored on a website is beyond its capabilities. In addition, theharvester is like Maltego and recon-ng in that it was not written specifically for the Windows operating system.
Question 55: Which of the following data sources is not a valid option in theharvester?
A. Google
B. LinkedIn
C. Facebook
D. Twitter
Correct Answer:
C. Facebook
Explanation:
Although theharvester can query many data sources, Facebook is not one of them, which makes it the correct answer. Pay careful attention to questions that are stated with a negating term such as “is not” or “are not.”
Google, LinkedIn, and Twitter are all valid data sources for theharvester, making these incorrect choices for this question.
Question 56: What is the process of assessing a target to collect preliminary knowledge about systems, software, networks, or people without directly engaging the target or its assets?
A. Reconnaissance
B. Passive information gathering
C. Web searching
D. Active information gathering
Correct Answer:
B. Passive information gathering
Explanation:
Passive information gathering is the process of assessing a target to collect preliminary knowledge about systems, software, networks, or people without directly engaging the target or its assets.
Reconnaissance is a broader term that can describe both passive and active information-gathering efforts. Web searching is just one specific activity which is performed while passive information gathering. Active information gathering is the process of collecting information about target systems, software, networks, or people in a manner which requires direct engagement with the target or its assets.
Question 57: Which of the following, dubbed Sunburst, was used by nation-state actors to bypass SolarWinds’ security mechanisms and gain access to its system?
A. Digital signature
B. Backdoor
C. Buffer overflow
D. Adware
Correct Answer:
B. Backdoor
Explanation:
A backdoor is used by both developers and attackers to bypass security mechanisms and gain access to a system or encrypted data. Notably, the massive SolarWinds supply chain attack originated with a critical backdoor, known as Sunburst, hidden in updates for its Orion software.
Question 58: Which of the following malicious programs, appearing to be legitimate, is commonly used to target banking and payment systems to access confidential information?
A. Social engineering
B. Backdoor
C. Ransomware
D. Trojan horse
Correct Answer:
D. Trojan horse
Explanation:
A Trojan horse is a malicious program installed on a device that evades detection by appearing legitimate. Common indicators of this type of malware include unexpected changes to settings or anomalous activity on a computer.
Question 59: Choose the correct malware term that describes a controversial program designed to propagate across networks for the purpose of distributing security patches for known vulnerabilities.
A. Keylogger
B. Patch management
C. Spyware
D. Ethical worm
Correct Answer:
D. Ethical worm
Explanation:
Unlike its malicious counterpart, an ethical worm spreads across a network to distribute security patches for known vulnerabilities. However, its drive-by download capability and potential for unexpected harm make ethical worms controversial among security experts.
Question 60: Made famous by the Maze gang in 2019, the name-and-shame tactic is most commonly used by cybercriminal groups in which of the following attacks?
A. Port scan
B. Logic bomb
C. Distributed denial of service (DDoS)
D. Ransomware
Correct Answer:
D. Ransomware
Explanation:
Name-and-shame campaigns are commonly used in ransomware attacks in which cybercriminal groups publicly announce their victims and threaten to leak sensitive data to compel victims to pay a ransom.
Question 61: Which of the following describes a self-replicating malware that spreads by duplicating itself in order to infect other devices without user interaction?
A. Malicious link
B. Botnet
C. Worm
D. Hybrid virus
Correct Answer:
C. Worm
Explanation:
A worm is a type of malware that does not need a host program to self-replicate and typically spreads without any human intervention or commands from the malware authors.
Question 62: Once installed, which collection of software tools is used to gain remote access to and control over a computer or system?
A. Rootkit
B. Penetration test
C. Virus
D. Logic bomb
Correct Answer:
A. Rootkit
Explanation:
A rootkit is a collection of tools that, once installed, attackers can use to create backdoors in a victim’s system and introduce other types of malware to the network for further attacks.
Question 63: A hybrid virus infects both files and system sectors and may incorporate which of the following?
A. Characteristics of macro viruses
B. Characteristics of file infectors
C. Characteristics of system infectors
D. Any combination of the above
Correct Answer:
D. Any combination of the above
Explanation:
A hybrid virus combines multiple characteristics from the three types of viruses — macro viruses, file infectors and system infectors — to maximize damage and thwart removal efforts.
Question 64: Which of the following is not true of a logic bomb?
A. Lies dormant, typically undetected, until trigger occurs
B. Its level of destruction is always the same
C. Commonly orchestrated by malicious insiders to sabotage the organization
D. Logic bomb triggers are categorized as either positive or negative
Correct Answer:
B. Its level of destruction is always the same
Explanation:
Commonly attributed to malicious, privileged users, a logic bomb is a line of malicious code within a system or other malware that “explodes” when triggered by a certain event. The explosion may occur when a condition is met, known as a positive trigger, or when a condition is not met, known as a negative trigger.
Question 65: Fill in the blanks: ______ is used legitimately in free versions of applications to display advertisements while a program is running but can be classified as ______ if the code records users’ information or browsing habits without their consent and authorization.
A. Social engineering; malvertising
B. Adware; spyware
C. Shareware; malware
D. Adware; ransomware
Correct Answer:
B. Adware; spyware
Explanation:
Adware may collect user or browsing information to display customized banners or popup advertisements while the program is running. However, if this data is collected or sold to third parties without the user’s knowledge and authorization, it is classified as spyware, also known as malvertising.
Question 66: Which of the following is not true of a keylogger?
A. This surveillance technology is sometimes hardware-based.
B. It monitors and records keystrokes typed on a keyboard.
C. It can require physical access to the target’s device for installation.
D. Task managers are enough to detect it.
Correct Answer:
D. Task managers are enough to detect it.
Explanation:
Both hardware-based keyloggers and keylogger software programs are used to surveil targets by monitoring and recording keystrokes on their device. Because there are varying types of keyloggers and capabilities, detection by a task manager alone is unlikely to be successful.
Question 67: Fill in the blank: Phishing, spear phishing, vishing, scareware and watering hole attacks are all types of ______.
A. Probes
B. Insider threats
C. Social engineering
D. Ransomware
Correct Answer:
C. Social engineering
Explanation:
Malicious actors use social engineering to disguise themselves as trusted individuals and manipulate targets into falling for cyber attacks such as phishing, spear phishing, vishing, scareware, watering hole attacks and more.
Question 68: Which of the following is not an indicator of a DoS attack?
A. Degradation of network performance
B. Specific website is unavailable
C. Lower than usual volume of spam email
D. Inability to access any website
Correct Answer:
C. Lower than usual volume of spam email
Explanation:
According to the U.S. Computer Emergency Readiness Team, the most common indicators of a DoS attack include degradation of network performance, a specific website is unavailable, inability to access any network and a higher than usual volume of spam email.
Question 69: Choose the term that describes the dangerous malware that takes over a victim’s machine and abuses compute resources to mine digital currency and transfer it to the criminal’s digital wallet.
A. Bitcoin
B. Cryptominer
C. Monero
D. Graceful degradation
Correct Answer:
B. Cryptominer
Explanation:
Commonly indicated by graceful degradation, cryptominers such as WannaMine hijack control of compute resources on a victim’s machine to mine and deposit cryptocurrency such as bitcoin or Monero into the attacker’s digital wallet.
Question 70: Which of the following attacks uses a botnet to overwhelm a server or other network resource with fraudulent traffic, thus triggering the system to deny access to legitimate users?
A. DDoS
B. DoS
C. IoT
D. Command and control
Correct Answer:
A. DDoS
Explanation:
In a DDoS attack, an attacker creates a botnet to deny legitimate users access to a server or network by slowing down and even crashing a system with a flood of fraudulent traffic.
Question 71: ____________ in HR recruiting platforms could be the reason your company is hiring more men than women.
A. False rejection
B. AI bias
Correct Answer:
B. AI bias
Explanation:
AI bias is caused by false assumptions made during the system’s machine learning process.
False rejection — also known as a type I error — is a mistake made by biometric security systems.
Since the field of AI is dominated by men, it is more likely for the engines to display biases toward men over women. This gender bias in AI algorithms is widespread, affecting most companies that use HR recruitment platforms. Understand how AI bias is impacting HR and discover how it might be possible to create unbiased AI.
Question 72: _____________ is used to assess employees’ execution of tasks and projects in real time.
A. Performance management software
B. Technology-assisted review (TAR)
Correct Answer:
A. Performance management software
Explanation:
Performance management software is designed to replace the annual performance review process by supplying real-time performance tracking, goal setting and feedback.
Technology-assisted review (TAR) — also known as computer-assisted review or predictive coding — refers to the use of software to search through relevant documents for the purposes of e-discovery.
Performance management software can benefit organizations and enable them to build a repository of employee skills, training and performance. These analytics can be used to detect workforce trends and better align talent with the bottom line. Explore some of the best practices for continuous performance management and learn why formal performance review processes are still important.
Question 73: VMware, Microsoft and Citrix are unifying their portfolios of end-user computing (EUC) products and marketing them as _______________.
A. WeWork workspaces
B. Digital workspaces
Correct Answer:
B. Digital workspaces
Explanation:
A digital workspace is the general term for a technology framework that centralizes the management of an enterprise’s applications, data and endpoints, allowing employees to collaborate and work remotely.
WeWork workspaces are physical office spaces that the WeWork company rents out to startup companies, small business and large enterprises.
Several major software companies, such as VMware, Microsoft and Citrix, are currently competing in the market with their digital workspace products. Workspaces are becoming more popular because they can potentially benefit companies by creating a more inspired and engaged workforce. Discover the challenges of a workspace platform deployment and take a look to the future and see what we expect to happen with digital workspaces in 2020.
Question 74: When conducting a user access review to prevent malicious attacks or internal mistakes, which is true of user responsibilities and privileges?
A. They cannot vary for two people hired at the same time.
B. They vary based on employee seniority.
C. They cannot vary for two people in the same role.
D. They can vary for two people in the same role.
Correct Answer:
D. They can vary for two people in the same role.
Explanation:
Responsibilities and privilege can vary for two people in the same role. Many access privileges are granted based on an individual’s role, department or responsibility. However, conducting user access reviews may reveal that a more granular approach is required to ensure database and application security.
Question 75: Which of the following is accepted as the strongest encryption algorithm currently available?
A. TLS
B. Advanced Encryption Standard (AES) 128
C. AES 256
D. AES 192
Correct Answer:
C. AES 256
Explanation:
Organizations with the most sensitive data to transmit and secure should opt for AES 256, which is accepted as the strongest encryption algorithm currently available. AES is the accepted standard based on NIST guidelines and can be used in 128- and 192-bit variants. These options are suitable for organizations with encryption speed and resource use priorities.
Question 76: Which of the following is not a key step in the process of properly testing applications for security vulnerabilities?
A. Determining which applications you have that are in scope and in need of testing
B. Assuming SaaS vendors or hosting providers conduct the necessary vulnerability and penetration testing
C. Understanding the specific requirements for the application security testing process
D. Performing or outsourcing the testing using known methodologies and proven tools
Correct Answer:
B. Assuming SaaS vendors or hosting providers conduct the necessary vulnerability and penetration testing
Explanation:
To properly test applications for security vulnerabilities, you must determine which apps are in need of testing, understand the requirements of the testing process and perform or outsource the test using known and proven tools. Never assume hosting providers of cloud applications are responsible for app testing.
Question 77: Since today’s applications will likely need to integrate with one or more databases, software developers can benefit by learning the following database language(s):
A. SQL
B. NoSQL
C. MySQL
D. Both SQL and NoSQL
Correct Answer:
D. Both SQL and NoSQL
Explanation:
Software developers can benefit from a preliminary understanding of data structures, algorithms and database languages, such as SQL and NoSQL. Those who acquire these database integration and management skills are better equipped to create applications that can process vast quantities of data.
Question 78: What is the best method to secure data in use (information that is being processed, accessed or read) and data in motion (information that is being transported between systems)?
A. Enforcing role-based access to the data
B. Encrypting data when it’s traversing internal or external networks
C. Obtaining proper visibility to detect breaches, assess damage and provide actionable remediation steps
D. All of the above
Correct Answer:
D. All of the above
Explanation:
To secure data in use and in motion, organizations should enforce role-based access and encrypt data traversing internal and external networks, as well as ensure visibility that enables timely network detection and response.
Question 79: To mitigate the damage of ransomware attacks and other incidents, organizations can incorporate the 3-2-1 method of backup into their data security strategy, consisting of:
A. Three types of storage, two copies of the data and one copy stored on premises
B. Three copies of the data, stored on two different types of storage and one copy stored off-site
C. Three copies of the data, using two-factor authentication to access and one copy stored off-site
D. Three copies of the data, using two-factor authentication to access and one tape backup stored offline
Correct Answer:
B. Three copies of the data, stored on two different types of storage and one copy stored off-site
Explanation:
One effective way to improve enterprise data security is to monitor where copies of data are by implementing the 3-2-1 method of data backup. This entails having three copies of the data — one primary and two backups — stored on two different types of storage and one copy of the data stored off-site.
Question 80: Voice ID, fingerprint scan and iris recognition are each examples of:
A. Data protected by PCI DSS
B. Biometric authentication factors
C. Security tokens
D. IoT technology
Correct Answer:
B. Biometric authentication factors
Explanation:
Voice ID, fingerprint and iris scans, and facial recognition are examples of biometric authentication factors. Biometrics are mostly used as one part of two- or multifactor authentication processes to improve an enterprise’s security posture.
Question 81: Following too many failed login attempts, users are forced to validate their identity via an account lockout policy, which includes the following security settings:
A. Account lockout threshold
B. Account lockout duration
C. Reset account lockout counter after
D. All of the above
Correct Answer:
D. All of the above
Explanation:
The account lockout policy is made up of three security settings: account lockout duration, account lockout threshold and reset account lockout counter after. These policy settings can decrease the chances of successful attacks on an organization’s network by preventing attackers from guessing users’ credentials.
Question 82: The following are best practices for IT administrators to ensure remote users meet data security and protection standards, except:
A. Allow applications such as WhatsApp and Facebook Messenger to access business data
B. Audit all systems accessing corporate data and standardize on secure collaborative apps
C. Contact users directly to ensure they are familiar with standard work applications and processes
D. Make efforts to support remote users and proactively ask if they need help
Correct Answer:
A. Allow applications such as WhatsApp and Facebook Messenger to access business data
Explanation:
Under no circumstances, should IT administrators allow unsafe applications, such as WhatsApp and Facebook Messenger, to access business data. This is a direct threat to remote data security and may threaten the organization’s efforts to meet data protection compliance standards.
Question 83: The process of _______, when staff change roles and gain new permissions without eliminating outdated and unneeded privileges, expands the scope of attack in the event of an account compromise.
A. Principle of least privilege
B. Pass the hash
C. Role-based access
D. Privilege creep
Correct Answer:
D. Privilege creep
Explanation:
Privilege creep occurs when users accumulate more permissions than are necessary to perform their specific roles. To detect errors such as privilege creep — which can extend the blast radius in the event of account compromise — organizations should conduct audits of identity and access management processes.