DCI-MCQ Mock Questions

*Required
1) Actively monitoring data streams in search of
malicious code or behavior is an example of: *

load balancing

an Internet proxies

URL filtering

content inspection

2) Which of the following can a security administrator

implement to help identify smurf attacks? *

Load balancer

Spam filters

NIDS

Firewall

3) A security administrator is trying to encrypt

communication. For which of the following reasons
should administrator take advantage of the Subject
Alternative Name (SAN) attribute of a certificate? 

It can protect multiple domains

It provides extended site validation

It does not require a trusted certificate authority

It protects unlimited subdomains

4) After a merger between two companies a security
analyst has been asked to ensure that the
organization’s systems are secured against infiltration
by any former employees that were terminated during
the transition. Which of the following actions are
MOST appropriate to harden applications against
infiltration by former employees? (Select TWO) *

Monitor VPN client access

Reduce failed login out settings

Develop and implement updated access control policies

Review and address invalid login attempts

Increase password complexity requirements

Assess and eliminate inactive accounts

5) Which of the following is BEST used to prevent ARP

poisoning attacks across a network? *

VLAN segregation

IPSec

IP filters

Log analysis

6) Which of the following uses TCP port 22 by

default? *

SSL, SCP, and TFTP

SSH, SCP, and SFTP

HTTPS, SFTP, and TFTP

TLS, TELNET, and SCP

SSH, STELNET, and SCP

7) Which of the following is the BEST choice for

encryption on a wireless network *

WPA2-PSK

AES

WPA3-AES

WPA2-3DES

WEP

8) Which of the following protocols requires the use of

a CA based authentication process? *

FTPS implicit

FTPS explicit

MD5

PEAP-TLS

9) An administrator is updating firmware on routers

throughout the company. Where should the
administrator document this work? *
Event Viewer

Router's System Log

Change Management System

Compliance Review System

10) Which of the following is the BEST reason for

salting a password hash before it is stored in a
database? *

To prevent duplicate values from being stored

To make the password retrieval process very slow

To protect passwords from being saved in readable format

To prevent users from using simple passwords for their

access credentials.

11) Security administrators attempted corrective

action after a phishing attack. Users are still
experiencing trouble logging in, as well as an increase
in account lockouts. Users’ email contacts are
complaining of an increase in spam and social
networking requests. Due to the large number of
affected accounts, remediation must be accomplished
quickly. Which of the following actions should be
taken FIRST? (Select TWO) *

Disable the compromised accounts

Update WAF rules to block social networks

Remove the compromised accounts with all AD groups

Change the compromised accounts’ passwords

Disable the open relay on the email server

Enable sender policy framework (SPF)

12) Which of the following allows an auditor to test

proprietary-software compiled code for security
flaws? *

Fuzzing

Static review

Code signing

Regression testing

13) Krishna, a user, states that his machine has been

behaving erratically over the past week. He has
experienced slowness and input lag and found text
files that appear to contain pieces of her emails or
online conversations with coworkers. The technician
runs a standard virus scan but detects nothing. Which
of the following types of malware has infected the
machine? *
Ransomware

Rootkit

Backdoor

Keylogger

14) An actor downloads and runs a program against a

corporate login page. The program imports a list of
usernames and passwords, looking for a successful
attempt. Which of the following terms BEST describes
the actor in this situation? *

Script kiddie

Hacktivist

Cryptologist

Security auditor

15) An organization wants to utilize a common,

Internet-based third-party provider for authorization
and authentication. The provider uses a technology
based on OAuth 2.0 to provide required services. To
which of the following technologies is the provider
referring? *

SAML

XACML

LDAP

Open ID Connect
16) A penetration tester harvests potential usernames
from a social networking site. The penetration tester
then uses social engineering to attempt to obtain
associated passwords to gain unauthorized access to
shares on a network server. Which of the following
methods is the penetration tester MOST likely
using? *

Escalation of privilege

SQL injection

Active reconnaissance

Proxy server

17) Which of the following controls allows a security

guard to perform a post-incident review? *

Detective

Preventive

Corrective

Deterrent

18) Attackers have been using revoked certificates for

MITM attacks to steal credentials from employees of
Company.com. Which of the following options should
Company.com implement to mitigate these attacks? *

Captive portal

OCSP stapling
Key escrow

Extended validation certificate

19) Which of the following describes the key

difference between vishing and phishing attacks? *

Phishing is used by attackers to steal a person’s identity.

Vishing attacks require some knowledge of the target of

attack.

Vishing attacks are accomplished using telephony services.

Phishing is a category of social engineering attack.

20) Which of the following should a security analyst

perform FIRST to determine the vulnerabilities of a
legacy system? *

Passive scan

Aggressive scan

Credentialed scan

Intrusive scan

21) Which of the following is used to validate the

integrity of data? *

CBC
Blowfish

MD5

RSA

22) An incident responder receives a call from a user

who reports a computer is exhibiting symptoms
consistent with a malware infection. Which of the
following steps should the responder perform NEXT? *

Capture and document necessary information to assist in

the response.

Request the user capture and provide a screenshot or

recording of the symptoms.
Use a remote desktop client to collect and analyze the
malware in real time.
Ask the user to back up files for later recovery.

23) A company wants to host a publicly available

server that performs the following functions: (i)
Evaluates MX record lookup, (ii) Can perform
authenticated requests for A and AAA records, (iii)
Uses RRSIG. Which of the following should the
company use to fulfill the above requirements? *

Advanced DNS Security (ADNSS)

SFTP

Nslookup

DNSSEC

DIG
24) A workstation puts out a network request to
locate another system. Joe, a hacker on the network,
responds before the real system does, and he tricks
the workstation into communicating with him. Which
of the following BEST describes what occurred? *

The hacker used a race condition.

The hacker used a pass-the-hash attack.

The hacker-exploited importer key management.

The hacker exploited weak switch configuration.

25) A company exchanges information with a business

partner. An annual audit of the business partner is
conducted against the SLA in order to verify: *

Performance and service delivery metrics

Backups are being performed and tested

Data ownership is being maintained and audited

Risk awareness is being adhered to and enforced

26) Which of the following would be considered

multifactor authentication? *

Hardware token and smart card

Voice recognition and retina scan

Strong password and fingerprint

PIN and security questions

27) A security auditor is testing perimeter security in a
building that is protected by badge readers. Which of
the following types of attacks would MOST likely gain
access? *

Phishing

Man-in-the-middle

Tailgating

Watering hole

Shoulder surfing

28) Several workstations on a network are found to be

on OS versions that are vulnerable to a specific
attack. Which of the following is considered to be a
corrective action to combat this vulnerability? *

Install an antivirus definition patch

Educate the workstation users

Leverage server isolation

Install a vendor-supplied patch

Install an intrusion detection system

29)A security administrator suspects that a DDoS

attack is affecting the DNS server. The administrator
accesses a workstation with the hostname of
workstation01 on the network and obtains the
following output from the ipconfig command:

Referring to above scenario, the administrator

successfully pings the DNS server from the
workstation. Which of the following commands should
be issued from the workstation to verify the DDoS
attack is no longer occurring? *

dig www.google.com

dig 192.168.1.254

dig workstation01.com

dig 192.168.1.26

30) A security administrator has configured a RADIUS

and a TACACS+ server on the company’s network.
Network devices will be required to connect to the
TACACS+ server for authentication and send
accounting information to the RADIUS server. Given
the following information: (i) RADIUS IP: 192.168.20.45
and (ii)TACACS+ IP: 10.23.65.7; Which of the following
should be configured on the network clients? (Select
two.) *

Accounting port: TCP 389

Accounting port: UDP 1812

Accounting port: UDP 1813

Authentication port: TCP 49

Authentication port: TCP 88

Authentication port: UDP 636

31) Which of the following BEST describes a network-

based attack that can allow an attacker to take full
control of a vulnerable host? *

Remote exploit
Amplification
Sniffing
Man-in-the-middle
32) Company A has acquired Company B. Company A
has different domains spread globally, and typically
migrates its acquisitions infrastructure under its own
domain infrastructure. Company B, however, cannot
be merged into Company A’s domain infrastructure.
Which of the following methods would allow the two
companies to access one another’s resources? *

Attestation

Federation

Single sign-on

Kerberos

33) A Chief Information Officer (CIO) has decided it is

not cost effective to implement safeguards against a
known vulnerability. Which of the following risk
responses does this BEST describe? *

Transference
Avoidance

Mitigation

Acceptance

34) A security administrator installed a new network

scanner that identifies new host systems on the
network. Which of the following did the security
administrator install? *

Vulnerability scanner

Network-based IDS

Rogue system detection

Configuration compliance scanner

34) A security administrator installed a new network
scanner that identifies new host systems on the
network. Which of the following did the security
administrator install? *

Vulnerability scanner

Network-based IDS

Rogue system detection

Configuration compliance scanner

35) Which of the following uses precomputed hashes

to guess passwords? *

Distributed Password Cracking Protocol (DPCP)

Network-based IDS
Rainbow tables

Hash tables

salt and pepper

36) A black hat hacker is enumerating a network and

wants to remain convert during the process. The
hacker initiates a vulnerability scan. Given the task at
hand the requirement of being convert, which of the
following statements BEST indicates that the
vulnerability scan meets these requirements? *

The vulnerability scanner is performing an authenticated

scan.

The vulnerability scanner is performing local file integrity

checks.

The vulnerability scanner is performing in network sniffer

mode.

The vulnerability scanner is performing banner grabbing.

37) Which of the following vulnerability types would

the type of hacker known as a script kiddie be MOST
dangerous against? *

Passwords written on the bottom of a keyboard

Unpatched exploitable Internet-facing services

Unencrypted backup tapes

Misplaced hardware token

38) A procedure differs from a policy in that it: *

is a high-level statement regarding the company’s position

on a topic.

sets a minimum expected baseline of behavior.

provides step-by-step instructions for performing a task.

describes adverse actions when violations occur.

Ann, a user, reports she is unable to access an
application from her desktop. A security analyst
verifies Ann’s access and checks the SIEM for any
errors. The security analyst reviews the log file from
Ann’s system and notices the following output:

39) Which of the following is MOST likely preventing

Ann from accessing the application from the desktop?
Web application firewall
DLP
Host-based firewall
UTM
Network-based firewall

40) A malicious attacker has intercepted HTTP traffic

and inserted an ASCII line that sets the referrer URL.
Which of the following is the attacker most likely
utilizing?

Header manipulation

Cookie hijacking
Cross-site scripting

Xml injection

41)A security administrator is diagnosing a server

where the CPU utilization is at 100% for 24 hours. The
main culprit of CPU utilization is the antivirus
program. Which of the following issue could occur if
left unresolved? (Select TWO) *

Denial Of Service

MITM Attack

DLL injection

Buffer overflow

Resource exhaustion