Test 1 Revision
Test 1 Revision
What are the main challenges associated with information security in most
organisations today?
i. Compliance to government laws and regulations
ii. Lack of qualified and skilled cybersecurity professionals
iii. Relocation of sensitive data from legacy data centers to the cloud
iv. Difficulty in centralizing security in a distributed computing
environment
v. Bring Your Own Device (BYOD) policies in companies
vi. Fragmented and complex privacy and data protection regulations{
a) All
b) i, ii, iii and iv
c) ii, iii, iv, v and vi
d) None
}
Which of the following best describes the relationship between the attacker
Motives, Goals, and Objectives in Information Security Attacks?{
a) Attacks = Motive (Goal) + Method + Vulnerability
b) Attacks = Motive (Goal) + Method + objectives
c) Attacks = Motive + Objectives+ Method
None
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
The use of technologies like IPSec can help guarantee the following:
authenticity, integrity, confidentiality and:
A. non-repudiation.
B. operability.
C. security.
D. usability.
2. Which of the following attack vectors involves the use of a huge network of
compromised systems by attackers to perform denial-of-service attacks on
the target
network or systems?
a. Botnet
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
b. Virus
c. APT
d. Keylogger
3. Which of the following civilian acts enforces “Electronic Transactions and
Code Set
Standards”?
a. HIPAA
b. ISO/IEC
c. PCI/DSS
d. Sarbanes Oxley Act
A. Firewall-management policy
B. Acceptable-use policy
C. Remote-access policy
D. Permissive policy
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
In cyber kill chain, what defines an attacker who install malware on the
target system? {
A. Weaponization
B. Exploitation
C. Command and Control
D. Installation
}
Which of the following best describes the clues, artifacts, and pieces of
forensic data found on the network or operating system of an organization
that indicate a potential intrusion or malicious activity in the organization’s
infrastructure?{
A. Indicators of Attack (IoA)
B. Indicators of Malware(IoM)
C. Indicators of Compromise (IoC)
D. Indicators of Threats (IoT)
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
Which of the best following describes a class of hacker that exploit system
vulnerabilities with no knowledge of the target organisation?{
A. White hats
B. grey hats
C. Black hats
D. Suicide hackers
}
Below are the hacking methodologies that are used during the penetration
testing exercise {
A. Reconnaissance, Scanning, Gaining access, Maintaining access and
Clearing tracks.
B. Reconnaissance, Gaining access, Maintaining access and Clearing
tracks.
C. Reconnaissance, Gaining access, Enumeration, Maintaining access
and Clearing tracks.
D. None
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
Below are the tools that are used for performing reconnaissance except?{
A. IMCP Traceroute
B. TCP Traceroute
C. UDP Traceroute
D. Nmap
}
Below are the tools that are used for performing scanning except?{
A. IMCP Traceroute
B. Unicornscan
C. MegaPing
D. Nmap
}
Below are the tools that are used for performing enumeration except?{
A. NetScan
B. Nbtstat
C. NetBIOS Enumerator
D. Hyena
}
//True of false
Security professionals do not need to perform continuous monitoring of IoCs
to effectively and efficiently detect and respond to evolving cyber threats { }
Understanding IoCs helps security professionals to quickly detect the threats
against the organization and protect the organization from evolving threats {
}
Behavioral Indicators cannot be used to identify specific behavior related to
malicious activities { }
Criminal syndicates are groups of individuals that are involved in organized,
planned, and prolonged criminal activities. They illegally embezzle money by
performing sophisticated cyberattacks { }
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
An ethical hacker can only help the organization to better understand its
security system; it is up to the organization to place the right safeguards on
the network. { }
Technical skills of an Ethical Hacker involves the ability to learn and adopt
new technologies quickly. { }
Non-Technical skills of an Ethical Hacker In-depth knowledge of major
operating environments such as Windows, Unix, Linux, and Macintosh. { }
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
A penetration tester was hired to perform a penetration test for a bank. The
tester began searching for IP ranges owned by the bank, performing lookups
on the bank's DNS servers, reading news articles online about the bank,
watching what times the bank employees come into work and leave from
work, searching the bank's job postings (paying special attention to IT related
jobs), and visiting the local dumpster for the bank's corporate office. What
phase of the penetration test is the tester currently in?
A. Information reporting
B. Vulnerability assessment
C. Active information gathering
D. Passive information gathering
A tester has been hired to do a web application security test. The tester
notices that the site is dynamic and must make use of a back end database.
In order for the tester to see if SQL injection is possible, what is the first
character that the tester should use to attempt breaking a valid SQL request?
A. Semicolon
B. Single quote
C. Exclamation mark
D. Double quote
A. The consultant will ask for money on the bid because of great work.
B. The consultant may expose vulnerabilities of other companies.
C. The company accepting bids will want the same type of format of testing.
D. The company accepting bids will hire the consultant because of the great
work performed.
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
In which of the following phases of the cyber kill chain methodology does the
adversary create a tailored malicious payload based on the vulnerabilities
identified??
a. Installation
b. Command and control
c. Exploitation
d. Weaponization
2. Which of the following terms refers to the patterns of activities and methods
associated with specific threat actors or groups of threat actors that are used
to analyze and profile them to enhance an organization’s security?
a. Tactics, techniques, and procedures
b. Tactics, technology, and procedures
c. Tactics, tricks, and process
d. Tactics, technology, and process
These hackers have limited or no training and know how to use only basic
techniques or tools. What kind of hackers are we talking about?
A. Black-Hat Hackers
B. Script Kiddies
C. White-Hat Hackers
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
D. Gray-Hat Hacker
While checking the settings on the internet browser, a technician finds that
the proxy server settings have been checked and a computer is trying to use
itself as a proxy server. What specific octet within the subnet does the
technician see?
A. 10.10.10.10
B. 127.0.0.1
C. 192.168.1.1
D. 192.168.168.168
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
Malware can enter a system through diverse ways. Which one of the
following way can deliver malware using phishing campaign? {
A. Email attachment
B. Portable hardware
C. Instant Messenger applications
D. Bluetooth and wireless networks
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
//True/False
The components of a malware software depend on the requirements of the
malware author who designs it for a specific target to perform intended tasks
{}
A malicious code is a command that defines malware’s basic functionalities
such as stealing data and creating backdoors { }
An injector is a program that injects its code into other vulnerable running
processes and changes how they execute to hide or prevent its removal { }
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
Which type of malware that restricts access to the computer system’s files
and folders. This malware also demands users for online ransom payment to
the malware creator(s) to remove the restrictions? {
A. Trojan
B. Ransomware
C. Viruses
D. Computer Worms
A worm is a special type of malware that can replicate itself and use memory
but cannot attach itself to other programs { }
A worm takes advantage of file or information transport features on
computer systems and automatically spreads through the infected network,
but a virus does not { }
Below are the tools that can be used to generate worms except?{
A. Batch Worm Generator
B. C++ Worm Generator
C. Maker Thing
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
D. Bat Tool
}
What are programs that hide their presence as well as attacker’s malicious
activities, granting them full access to the server or host at that time, and in
the future? {
A. Rootkits
B. Viruses
C. Ransomware
D. Worms
}
PUAs and also referred to as grayware or junkware and are harmful that they
may pose severe risks to the security and privacy of data stored in the system
where they are installed. What does PUA stand for? {
A. Potentially Unwanted Application
B. Potentially Uninfected Application
C. Potentially Unwanted Access
D. Potentially Uninfected Access
}
A stealthy program that records the user's interaction with the computer and
the Internet without the user's knowledge and sends the information to the
remote attackers is known as?{
A. Spyware
B. Viruses
C. Ransomware
D. Worms
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
Below are the reasons for using Fileless malware in cyber attacks? {
A. All
B. Stealthy in nature, exploits legitimate system tools
C. Living-off the-land, exploits default system tools
D. Trustworthy, Uses tools that are frequently used and trusted
}
Avoid opening email attachments received from unknown senders, Block all
unnecessary ports at the host and firewall, Avoid accepting programs
transferred by instant messaging, Harden weak and default configuration
settings. Which malware type exhibit the above countermeasures? {
A. Trojan
B. Spyware
C. Ransomware
D. Worms
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
Install antivirus software and update it regularly, Schedule regular scans for all
drives after the installation of antivirus software, Pay attention to the
instructions while downloading files from the Internet, Avoid opening
attachments received from an unknown sender and Regularly maintain data
backup. Which malware type exhibit the above countermeasures?{
A. Virus and Worm
B. Spyware
C. Ransomware
D. Trojan
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
a. External threat
b. Intentional threat
c. Natural threat
d. Unintentional threat
3. Which of the following Trojans can an attacker use for the auto-deletion of
files, folders,
and registry entries as well as local network drives to cause the operating
system to fail?
a. Defacement Trojan
b. Backdoor Trojan
c. Destructive Trojan
d. e-Banking Trojan
a. Vulnerability
b. Risk
c. Control
d. Probability
There are three basic forms of threat-sources. These are human threats,
environmental threats, and what other kind of threat?
a. Tangible
b. Intangible
c. Terror
d. Natural
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
When a security analyst prepares for the formal security assessment - what of
the following should be done in order to determine inconsistencies in the
secure assets database and verify that system is compliant to the minimum
security baseline?
A. Data items and vulnerability scanning
B. Interviewing employees and network engineers
C. Reviewing the firewalls configuration
D. Source code review
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
A. NMAP
B. Metasploit
C. Nessus
D. BeEF
The attacker creates a list of all possible passwords from the information
collected through social engineering or any other way and manually inputs
them on the victim’s machine to crack the passwords with high Failure rate.
What is type of password attack is explained? {
A. Password Guessing
B. Offline Attacks
C. Dictionary Attack
D. Brute-Force Attack
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
D. None
}
Social engineers depend on the fact that people are aware of the valuable
information to which they have access and are careless about protecting it {
}
Social engineering does not deal with network security issues; instead, it deals
with the psychological manipulation of a human being to extract desired
information. With the above statement why do you think Social Engineering
can be much effective to avert attacks? {
A. All
B. Security policies are as strong as their weakest link, and human
behavior is the most susceptible factor
C. It is difficult to detect social engineering attempts
D. There is no method that can be applied to ensure complete security
from social engineering attacks
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
During social engineering, you discover that some windows suddenly pop up
while surfing the Internet and ask for user information to login or sign-in. What
type social engineering displays such? {
A. Human-based Social Engineering
B. Computer-based Social Engineering
C. Mobile-based Social Engineering
D. None
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
Which of the following tool can be used for performing Social Engineering
task? {
A. SET
B. GoPhish and OhPhish
C. Netcraft and phishtank
D. All
}
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
C. Active
D. Distributive
DrTM
CSI454 Sample Practice Questions Semester TWO 2022
c. SQL Injection
d. Fraggle
DrTM