Cyber Security Test Questions Answers Linkedin

0

Cyber Security Test Questions Answers Linkedin



Cyber Security, Computer security, also known as information technology security, is the practice of safeguarding computers, networks, programs and data from unauthorized access or attacks. Cyber security focuses on the following areas of Application Security, Information Security, Network Security and Disaster recovery


1. According to the shared responsibility model, which cloud computing model places the most responsibility on the cloud service provider (CSP)?

  • Hybrid Cloud
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)
  • Infrastructure as a Service (IaaS)

2. Which option removes the risk of multitenancy in cloud computing?

  • private cloud
  • PaaS
  • public cloud
  • IaaS

3. Your organization recently implemented a unified messaging solution and VoIP phones on every desktop. You are responsible for researching the vulnerabilities of the VoIP system. Which type of attack are VoIP phones most vulnerable to experiencing?

  • brute force attacks
  • denial-of-service
  • malware
  • buffer overflow

4. Which security control cannot produce an active response to a security event?

  • cloud access security broker (CASB)
  • intrusion detection system (IDS)
  • intrusion prevention system (IPS)
  • next generation firewall

5. Packet sniffer is also called _.

  • SIEM
  • protocol analyzer
  • UTM
  • data sink

6. Which option tests code while it is in operation?

  • code review
  • dynamic analysis
  • code analysis
  • static analysis

7. Which option describes testing that individual software developers can conduct on their own code?

  • unit testing
  • gray box testing
  • integration testing
  • white box testing

8. In black box penetration testing, what information is provided to the tester about the target environment?

  • limited details of server and network infrastructure
  • all information
  • none
  • limited details of server infrastructure

9. Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?

  • intrusion prevention system (IPS)
  • next generation firewall
  • intrusion detection system (IDS)
  • cloud access security broker (CASB)

10. Which option describes the best defense against collusion?

  • monitoring of normal employee system and data access patterns
  • separation of duties and job rotation
  • applying system and application updates regularly
  • fault tolerant infrastructure and data redundancy

11. During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time?

  • password spray attack
  • rainbow table attack
  • pass-the-hash attack
  • brute force attack

12. Which area is DMZ?

image

 

  • 1
  • 2
  • 3
  • 4

13. You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?

  • file hash
  • asymmetric encryption
  • digital signature
  • symmetric encryption

14. What is the difference between DRP and BCP

  • DRP works to keep a business up and running despite a disaster. BCP works to restore the original business capabilities.
  • BCP works to keep a business up and running despite a disaster. DRP works to restore the original business capabilities.
  • BCP is part of DRP.
  • DRP is part of BCP.

15. Which aspect of cybersecurity do Distributed Denial of Service (DDoS) attacks affect the most?

  • non-repudiation
  • availability
  • integrity
  • confidentiality

16. You need to recommend a solution to automatically assess your cloud-hosted VMs against CIS benchmarks to identify deviations from security best practices. What type of solution should you recommend?

  • Intrusion Detection and Prevention System (IDPS)
  • Cloud Workload Protection Platforms (CWPP)
  • Cloud Security Posture Management (CSPM)
  • Cloud Access Security Brokers (CASBs)

17. _ validates the integrity of data files.

  • Compression
  • Stenography
  • Hashing
  • Symmetric encryption

18. Which is an example of privacy regulation at the state government level in the U.S.?

  • NIST Privacy Framework
  • CCPA
  • GDPR
  • OSPF

19. what is the term for the policies and technologies implemented to protect, limit, monitor, audit, and govern identities with access to sensitive data and resources?

  • privileged account management (PAM)
  • authentication and authorization
  • identity and access management (IAM)
  • least privilege

20. You have configured audit settings in your organization's cloud services in the event of a security incident. What type of security control is an audit trail?

  • corrective control
  • preventive control
  • detective control
  • directive control

21. What is the name for a short-term interruption in electrical power supply?

  • grayout
  • brownout
  • blackout
  • whiteout

22. Your security team recommends adding a layer of defense against emerging persistent threats and zero-day exploits for all endpoints on your network. The solution should offer protection from external threats for network-connected devices, regardless of operating system. Which solution is best suited to meet this requirement?

  • Security Information Event Management (SIEM)
  • Cloud App Security Broker (CASB)
  • Extended Detection and Response (XDR)
  • next generation firewall (NGFW)

23. Which is not a threat modeling methodology?

  • STRIDE
  • MITRE ATT&CK
  • TRIKE
  • TOGAF

24. You organization is conducting a pilot deployment of a new e-commerce application being considered for purchase. You need to recommend a strategy to evaluate the security of the new software. Your organization does not have access to the application's source code.

Which strategy should you choose?

  • unit testing
  • white box testing
  • dynamic application security testing
  • static application security testing

25. You need to disable the camera on corporate devices to prevent screen capture and recording of sensitive documents, meetings, and conversations. Which solution would be be suited to the task?

  • Mobile Device Management (MDM)
  • Data Loss Prevention (DLP)
  • Intrusion Detection and Prevention System (IDPS)
  • cloud access security broker (CASB)

26. How many keys would be necessary to accomodate 100 users in an asymmetric cryptography system?

  • 100
  • 300
  • 200
  • 400

27. Two competing online retailers process credit card transactions for customers in countries on every continent. One organization is based in the United States. The other is based in the Netherlands. With which regulation must both countries comply while ensuring the security of these transactions?

  • Federal Information Security Managment Act (FISMA)
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • General Data Protection Regulation (GDPR)
  • International Organization for Standardization and Internation Electronical Commission (ISO/IEC 27018)

28. What provides a common language for describing security incidents in a structures and repeatable manner?

  • common vulnerabilties and exposures
  • common vulnerability scoring system
  • Common event format
  • common weakness enumeration

29. Which type of application can intercept sensative information such as passwoprds on a network segment?

  • protocol analyzer
  • log server
  • network scanner
  • firewall

30. An attacker has discovered that they can deduce a sensitive piece of confidential information by analyzing multiple pieces of less sensative public data.

  • aggregation
  • SQL injection
  • cross-origin resouce sharing
  • inference

31. You have recovered a server that was compromised in a malware attack to its previous state. What is the final step in the incident response process?

  • Certification
  • Reporting
  • Eradication / Remediation
  • Lessons Learned

32. Sharing account credentials violates the _ aspect of access control.

  • accounting
  • authentication
  • identification
  • authorization

33. Which type of security assessment requires access to source code?

  • dynamic analysis
  • penetration testing
  • static analysis
  • black box testing

34. Which encryption type uses a public and private key pair for encrypting and decrypting data?

  • asymmetric
  • symmetric
  • hashing
  • all of these answers

35. LDAP in directory service stands for ______. 

  • Light Weight Director Access Provider 
  • Light Weight Director Access Protocol 
  • Light Weight Director Access Provider 
  • Light Weight Director Access Protection 

36. You have been tasked with recommending a solution to centrally manage mobile devices used throughout your organization. Which technology would best meet this need?

  • Extended Detection and Responde (XDR)
  • Intrusion Detection and Prevention System (IDPS)
  • Mobile Device Management (MDM)
  • Security Information Event Management (SIEM)

37. Which type of vulnerability cannot be discovered in the course of a typical vulnerability assessment?

  • file permissions
  • buffer overflow
  • zero-day vulnerability
  • cross-site scripting

38. The DLP project team is about to classify your organization's data. Whats is the primary purpose of classifying data?

  • It identifies regulatory compliance requirements.
  • It prioritizes IT budget expenditures.
  • It establishes the value of data to the organization.
  • It quantifies the potential cost of a data breach.

39. You are responsible for managing security of your organization's public cloud infrastructure. You need to implement security to protect the data and applications running in a variety of IaaS and PaaS services, including a new Kubernetes cluster. What type of solution is best suited to this requirement?

  • Cloud Security Posture Management (CSPM)
  • Cloud Workload Protection Platforms (CWPP)
  • Cloud Access Security Brokers (CASBs)
  • Intrusion Detection and Prevention System (IDPS)

40. You choose a cybersecurity framework for your financial organization that implements an effective and auditable set of governance and management processes for IT. Which framework are you choosing?

  • C2M2
  • ISO/IEC 27001
  • NIST SP 800-37
  • COBIT

41. NIST SP 800-53 is one of two important control frameworks used in cybersecurity. What is the other one?

  • ISO 27002
  • ISO 27001
  • NIST SP 800-54
  • NIST SP 751-51

42. Your incident response team is unable to contain an incident because they lack authority to take action without management approval. Which critical step in the preparation phase did your team skip?

  • From an incident response committee to oversee any incidents that may occur.
  • Bring management in as leadership on the incident response team.
  • Get preauthorized to take unilateral action and make or direct emergency changes.
  • Assign a head of the emergency response team who has the correct authority

43. How often is the ISF Standard of Good Practice updated?

  • biannually
  • bimonthly
  • annual
  • monthly

44. You are working in the security operations center analyzing traffic on your network. You detect what you believe to be a port scan. What does this mean?

  • This is normal operation for your business.
  • This could be a precursor to an attack.
  • This could be a specific program being run by your accounting department.
  • This is an in-progress attack and should be reported immediately

45. The ASD Top Four are application whitelisting, patching of applications, patching of operating systems, and limiting administrative privileges. What percent of breaches do these account for?

  • 40 percent
  • 60 percent
  • 85 percent
  • 100 percent

46. FUD is expensive and often causes high drama over low risk. Which computer chip exploits were reported by CNN as needing to be completely replaced, but were later fixed with firmware updates?

  • fire and ice exploits
  • Intel and STMicro CPU exploits
  • meltdown and spectre exploits
  • super microboard and Apple iPhone exploits

47. To prevent an incident from overwhelming resources, _ is necessary.

  • disconnection from the network
  • early containment
  • continuation of monitoring for other incidents
  • eradication of the issues

48. Where would you record risks that have been identified and their details, such as their ID and name, classification of information, and the risk owner?

  • in the risk assessment documentation
  • in the business impact ledger
  • in the risk register
  • in the Orange Book

49. The most notorious military-grade advanced persistent threat was deployed in 2010, and targeted centrifuges in Iran. What was this APT call?

  • duqu
  • agent BTZ
  • stuxnet
  • flame

50. The regulatory requirements for notifications of data breaches, particularly the European General Data Protection Regulations, have had what sort of effect on business?

  • an increased consumer liability in the event of a data breach
  • a decreased consumer liability in the event of a data breach
  • an increased business liability in the event of a data breach
  • a decreased business liability in the event of a data breach

51. Which option describes a core principle of DevSecOps?

  • Testing and release should be 100% automated
  • Role separation is the key to software security
  • Final responsibility for security rests with the architect of the application
  • Everyone in the process is reponsible for security

52. Which information security principle states that organizations should defend systems against any particular attack using several independent methods?

  • separation of duties
  • privileged account management (PAM)
  • least privilege
  • defense-in-depth

53. Which software development lifecycle approach is most compatible with DevSecOps?

  • Model-Driven Development
  • Waterfall
  • Agile
  • Model-Driven Architecture

54. Which option is a mechanism to ensure non-repudiation?

  • MD5
  • Caesar cipher
  • symmetric-key encryption
  • asymmetric-key encryption

55. Executives in your organization exchange emails with external business partners when negotiating valuable business contracts. To ensure that these communications are legally defensible, the security team has recommended that a digital signature be added to these message.

  • What are the primary goals of the digital signature in this scenario? (Choose the best answer.)
  • integrity and non-repudiation
  • privacy and non-repudiation
  • privacy and confidentiality
  • integrity and privacy

56. You have just conducted a port scan of a network. There is no well-known port active. How do you find a webserver running on a host, which uses a random port number?

  • Give up on the current target network and move on to the next one.
  • Switch to another network scanning tool. Resort to more resource-intensive probing, like launching random attacks to all open ports.
  • Turn on additional options in your network scanning tool to further investigate the details (type and version) of applications running on the rest of the active ports.
  • Turn on the stealth mode in your network scanning tool. Check whether you missed any other active ports associated with web servers.

57. Your organization service customer orders with a custom ordering system developed in-hose. You are responsible for recommending a cloud model to meet the following requirements:

    • Control of security required for regulatory compliance
    • Legacy application and database support
    • Scalability to meet seasonal increases in demand

Which cloud model is the best option for these requirements?

  • public cloud
  • hybrid cloud
  • government cloud
  • private cloud

58. When does static application security testing require access to source code?

  • only when assessing regulatory compliance
  • only if following the Agile model
  • always
  • never

59. What is the difference between DevOps and DevSecOps?

  • DevSecOps places security controls in the CI/CD process of DevOps.
  • DevSecOps requires the inclusion of cybersecurity engineers in the CI/CD process of DevOps.
  • DevSecOps slows down the CI/CD process of DevOps.
  • DevSecOps lets cybersecurity engineers dictate the CI/CD process of DevOps.

60. Which compliance framework governs requirements for the U.S. healthcare industry?

  • FedRAMP
  • GDPR
  • PCI-DSS
  • HIPAA

61. In 2014, 4,278 IP addresses of zombie computers were used to flood a business with over one million packets per minute for about one hour. What is this type of attack called?

  • a salami attack
  • a botnet attack
  • a DoS (Denial of Service) attack
  • a DDoS (Distributed Denial of Service) attack

62. You are implementing a cybersecurity program in your organization and want to use the "de facto standard" cybersecurity framework. Which option would you choose?

  • the ISC2 Cypersecurity Framework
  • the NIST Cypersecurity Framework
  • the ISACA Cypersecurity Framework
  • the COBIT Cypersecurity Framework

63. According to NIST, what is the first action required to take advantage of the cybersecurity framework?

  • Identify the key business outcomes.
  • Understand the threats and vulnerabilities.
  • Conduct a risk assessment.
  • Analyze and prioritize gaps to create the action plan.

64. What are the essential characteristics of the reference monitor?

  • It is versatile, accurate, and operates at a very high speed.
  • It is tamper-proof, can always be invoked, and must be small enough to test.
  • It is restricted, confidential, and top secret

65. Which main reference coupled with the Cloud Security Alliance Guidance comprise the Security Guidance for Critical Areas of Focus in Cloud Computing?

  • ISO 27001
  • ISO 27017
  • Cloud Controls Matrix
  • Cloud Security Guidelines

66. Which organization has published the most comprehensive set of controls in its security guideline for the Internet of Things?

  • IoT ISACA
  • IoT Security Foundation
  • OWASP
  • GSMA

67. Which security control scheme do vendors often submit their products to for evaluation, to provide an independent view of product assurance?

  • Common Criteria
  • risk management certification board
  • OWASP security evaluation
  • ISO 27000

68. There are four possible treatments once an assessment has identified a risk. Which risk treatment implements controls to reduce risk?

  • risk acceptance
  • risk avoidance
  • risk mitigation
  • risk transfer

69. You have implemented controls to mitigate the threats, vulnerabilities, and impact to your business. Which type of risk is left over?

  • residual risk
  • inherent risk
  • applied risk
  • leftover risk

70. Which organization, established by NIST in 1990, runs workshops to foster coordination in incident prevention, stimulate rapid reaction to incidents, and allow experts to share information?

  • Forum of Incident Response and Security Teams
  • Crest UK Response Teams
  • Community of Computer Incident Response Teams
  • NIST Special Publication 800-61 Response Teams

71. NIST issued a revision to SP 800-37 in December 2018. It provides a disciplined, structured, and flexible process for managing security and privacy risk. Which type of document is SP 800-37??

  • a risk management framework
  • a guide to risk assessments
  • a guideline for vulnerability testing
  • a step-by-step guide for performing business impact analyses

72. You have just identified and mitigated an active malware attack on a user's computer, in which command and control was established. What is the next step in the process?

  • Reporting
  • Recovery
  • Eradiction / Remediation
  • Lessons Learned

73. Which programming language is most susceptible to buffer overflow attacks?

  • C
  • Java
  • Ruby
  • Python

74. Which list correctly describes risk management techniques?

  • risk acceptance, risk mitigation, risk containment, and risk qualification
  • risk avoidance, risk transference, risk mitigation, and risk acceptance
  • risk avoidance, risk transference, risk containment, and risk quantification
  • risk avoidance, risk mitigation, risk containment, and risk acceptance

75. To implement encryption in transit, such as with the HTTPS protocol for secure web browsing, which type(s) of encryption is/are used?

  • asymmetric
  • neither symmetric or asymmetric
  • both symmetric and asymmetric
  • symmetric

76. Which type of program uses Windows Hooks to capture keystrokes typed by the user, hides in the process list, and can compromise their system as well as their online access codes and password?

  • trojan
  • typethief
  • keylogger
  • keystroke collector

77. How does ransomware affect a victim's files?

  • by destroying them
  • by stealing them
  • by encrypting them
  • by selling them

78. Your computer has been infected, and is sending out traffic to a targeted system upon receiving a command from a botmaster. What condition is your computer currently in?

  • It has become a money mule.
  • It has become a zombie.
  • It has become a bastion host.
  • It has become a botnet.

79. What is the full form of LDAP?  

  • Light Weight Directory Access Provider  
  • Light Weight Directory Access Protocol  
  • Light Weight Directory Access Program  
  • Light Weight Directory Access Protection  

80. What is the full form of CIA under information security?  

  • Confidentiality Integrity Availability 
  • Criminal Investigation Agency  
  • Cost Information Agency 
  • Credit Integrity Assessment 

81. What is called periodic assessment of security vulnerability in computer system?

  • Threat 
  • Attack 
  • Hacking 
  • Security audit  

82. What is called a single point of access for several networking services?   Phishing 

  • Web service 
  • Directory service 
  • Worms  

83. Script files sent mostly through email attachment to attack host computer are called ______. 

  • Worms 
  • Phishing attacks 
  • Trojans 
  • Computer Viruses 

84. Attacking the victims through fake URL resembling that of a valid financial Institution is called____ 

  • Worms 
  • Phishing attack 
  • Trojans 
  • Computer Viruses 

85. Getting the user ID and password from a victim through a dubious program is called _____attack. 

  • Worms 
  • Phishing attack 
  • Trojan 
  • Computer Viruses 

86. A single point of access for several networking services is called _____. 

  • Directory Service 
  • web server 
  • email server 
  • none of them 

87. Directory service permits security administrators to ______. 

  • concentrate on security of directory service instead of individual machines 
  • create new vulnerabilities 
  • damage the security of computers 
  • create new virus 

88. SDLC in software development stands for _____. 

  • Software Development Life Circus 
  • Software Development Life Cycle 
  • Software Drafting Life Cycle 
  • Software Development Lead Cycle 

89. ______of access rights in source code development means verification of role before  permitting access to source code. 

  • verification 
  • maintaining historical records 
  • error handling 
  • log of changes

90. _____in source code development means verification of role before permitting access to source code. 

  • verification 
  • maintaining historical records 
  • error handling 
  • log of changes

91. Which of the following is true of macro viruses?

  • They depend on the operating system to propagate
  • They are larger than traditional viruses
  • They depend on applications to propagate
  • They are written in low-level language to avoid detection

92. Which of the following can prevent virus infections?

  • implementing a firewall
  • implementing an intrusion detection system
  • Patching programs and the operating system
  • All of these

93. Secure Socket layer is a predecessor of which cryptographic protocol?

  • IPSec
  • Transport Layer security
  • SSL 3.0
  • HTTPS

94. An SQL injection is often used to attack what?

  • Small scale machines such as diebold ATMs
  • Large scale sequel databases such as those containing credit card information. c) Servers running SQL databases similar to Hadoop or Hive.
  • Servers built on NoSQL

95. What is internet protocol security?

  • Methods to secure internet protocol (IP) communication.
  • Ways to disconnect your router in an emergency
  • Methods to secure to disconnected computer.
  • Methods to secure your documents from physical breaches

96. Certification of Digital signature by an independent authority is need because

  • it is safe
  • it gives confidence to a business
  • the authority checks and assures customers that the public key indeed belongs to the business  which claims its ownership
  • private key claimed by a sender may not be actually his

97. Most encryption for data stored on a laptop uses ____ cryptography.

  • True
  • Remote wipe
  • Private key
  • Symmetric 

98. What act grants an authenticated party permission to perform an action or access a resource?

  • Zero Trust Security
  • Single Sign-On
  • Role-Based Access Control (RBAC)
  • authorization

99. According to GDPR, a data _ is the person about whom data is being collected.

  • subject
  • processor
  • object
  • controller

100. Which is not a principle of zero trust security?

  • use least privilege access
  • verify explicitly
  • trust but verify
  • assume breach

101. Which attack exploits input validation vulnerabilities?

  • cross-site scripting (XSS)
  • DNS poisoning
  • ARP spoofing
  • pharming attacks

102. You are a security analyst, and you receive a text message alerting you of a possible attack. Which security control is the least likely to produce this type of alert?

  • SIEM
  • packet sniffer
  • IDS
  • IPS

103. What are the primary goals of the digital signature in this scenario? (Choose the best answer.)

  • integrity and non-repudiation
  • privacy and non-repudiation
  • privacy and confidentiality
  • integrity and privacy

104. SQL injection inserts a code fragment that makes a database statement universally true, like _.

  • SELECT * FROM users WHERE username = " OR 1!=1--'
  • SELECT * FROM users WHERE username = " AND 1=1--'
  • SELECT * FROM users WHERE username = " AND 1!=1--'
  • SELECT * FROM users WHERE username = " OR 1=1--'

105. Which type of security assessment requires access to source code?

  • black box testing
  • static analysis
  • dynamic analysis
  • penetration testing

106. Which option is an open-source solution to scanning a network for active hosts and open ports?

  • Autopsy
  • Snort
  • Nmap
  • Wireshark

107. Which malware changes an operating system and conceals its tracks?

  • virus
  • rootkit
  • worm
  • Trojan horse

108. Virtual Private Networks (VPNs) use _ to create a secure connection between two networks.

  • a virtual local area network
  • a wide area network
  • encryption
  • a metropolitan area network

109. What is the process of challenging a user to prove their identity?

  • authorization
  • authentication
  • Single Sign-On
  • Role-Based Access Control (RBAC)

110. Which cyberattack aims to exhaust an application's resources, making the application unavailable to legitimate users?

  • SQL injection
  • dictionary attack
  • Distributed Denial of Service (DDoS)
  • rainbow table attack

111. You are a recent cybersecurity hire, and your first assignment is to present on the possible threats to your organization. Which of the following best describes the task?

  • risk mitigation
  • threat assessment
  • risk management
  • enumeration

112. You are at a coffee shop and connect to a public wireless access point (WAP). What a type of cybersecurity attack are you most likely to experience?

  • back door
  • logic bomb
  • man-in-the-middle attack
  • virus

113. What is the purpose of a Denial of Service attack?

  • exploit a weakness in the TCP/IP stack
  • to execute a Trojan on a system
  • to overload a system so it is no longer operational
  • to shutdown services by turning them off

114. What is called the collective terms of malicious software, such as viruses, worms and trojans?
  • Spam
  • Phishing 
  • Malware 
  • Harm  

115. When implementing a data loss prevention (DLP) strategy, what is the first step in the process?

  • Examine the flow of sensitive data in your organization to better understand usage patterns.
  • Conduct an inventory of all the data in your organization to establish classifications based on sensitivity.
  • Evaluate the features of available DLP products to determine which best meet your organizations's needs.
  • Conduct a risk assessment to determine the best data labeling strategy for your organization.

116. Botnets function with the use of ________.

  • Malware
  • Middleware
  • Application software
  • Firmware           

117. Why would a hacker use a proxy server?

  • To create a stronger connection with the target.
  • To create a ghost server on the network.
  • To obtain a remote access connection.
  • To hide malicious activity on the network.

118. What type of symmetric key algorithm using a streaming cipher to encrypt information?

  • RC4
  • Blowfish
  • SHA
  • MD5

119. Which of the following is not a factor in securing the environment against an attack on security?

  • The education of the attacker
  • The system configuration
  • The network architecture
  • The business strategy of the company

120. . What type of attack uses a fraudulent server with a relay address?

  • NTLM
  • MITM
  • NetBIOS
  • SMB

121. What port is used to connect to the Active Directory in Windows 2000?

  • 80
  • 445
  • 139
  • 389

122. To hide information inside a picture, what technology is used?

  • Rootkits
  • Bitmapping
  • Steganography
  • Image Rendering

123. Which phase of hacking performs actual attack on a network or system?

  • Reconnaissance
  • Maintaining Access
  • Scanning
  • Gaining Access

124. Attempting to gain access to a network using an employee’s credentials is called the ______ mode of ethical hacking.

  • Local networking
  • Social engineering
  • Physical entry
  • Remote networking

125. Which Federal Code applies the consequences of hacking activities that disrupt subway transit systems?

  • Electronic Communications Interception of Oral Communications
  • 18 U.S.§ 1029
  • Cyber Security Enhancement Act 2002
  • 18 U.S.§ 1030

126. Which of the following is not a typical characteristic of an ethical hacker?

  • Excellent knowledge of Windows.
  • Understands the process of exploiting network vulnerabilities.
  • Patience, persistence and perseverance.
  • Has the highest level of security for the organization.

127. Which Nmap scan is does not completely open a TCP connection?

  • SYN stealth scan
  • TCP connect
  • XMAS tree scan
  • ACK scan


Tags:
Post a Comment (0)
Previous Post Next Post