Question 1: What physical characteristics can affect the usability of security mechanisms?
- Ambient temperature
- Pollution
- Noise
- All of the above
Question 2: __________ reflects on the potential harmful effect of design choices before technological innovations are put into large-scale deployment
- Seltzer and Schroeder Principles
- The Precautionary Principle
- Latent Design Conditions
- NIST Principles
Question 3: One of the main benefits of analyzing the malware structure that may include the libraries and toolkits and coding techniques, we may find some important data that is possibly helpful to attribution.
What is the prime importance of the above-mentioned benefit?
- Which means being able to identify the likely author and operator
- To understand what damage can be done due to the malware program
- To be able to know the amount of data that has been lost or corrupted
- Both B and C are correct, and A is incorrect
Question 4: The process of developing and evaluating options to address exposure is called?
- Threat Management
- Failure Management
- Incident Management
- Risk Management
Question 5: In Security Architecture and Lifecycle “to group users and data into broad categories using role-access requirements, together with formal data classification and user clearance” is part of which step?
- First Step
- Second Step
- Last Step
- Third Step
Question 6:Syslog provides a generic logging infrastructure that constitutes an extremely efficient data source for many uses. This new specification introduces several improvements over the original implementation. A Syslog entry is a timestamped text message coming from an identified source.
What is the information stored in Syslog?
- Timestamp, Hostname, Process, Priority, and PID
- DNS and Routing info, Data security gateway ID
- Authentication ID, Encryption and decryption info, and data privacy flag
- Routers CPU ID, Transport Layer Security protocol info, and Syslog current version
Question 7: According to The US Government NIST guidelines, “Conduct” is the phase where
- Threats, vulnerabilities, likelihood and impact are identified
- Inform about the actions
- Continually update the risk assessment
- Identifying the purpose
Question 8: With regards to large numbers of unique passwords, what is a way to support people in managing them?
- Limit number of characters to 9
- Expire only passwords with more than 6 characters
- Provide flash drives to save a list of passwords
- Use of password managers
Question 9: Systems benefit from a uniform approach to security infrastructure. Which is NOT a part of this approach?
- User Access
- Reconnaissance
- Roles
- Intrusion detection
Question 10:What is a common technique for permitting data processing without risk to individuals?
- Data integrity
- Data integrity
- Anonymization
- Duplicity
Question 11: This method begins by asking “What is the overall goal of the system or enterprise”
- Systems-Theoretic Accident Model and Process (STAMP)
- The Open Group Architectural Framework (TOGAF)
- SABSA
- Dependency Modelling
Question 12: Which of the following options is not an element of Information Security?
- Reliability
- Integrity
- Confidentiality
- Availability
Question 13: _______ allows scholars, engineers, auditors, and regulators to examine how security controls operate to ensure their correctness, or identify flaws, without undermining their security.
- Least common mechanism
- Open design
- Least privilege
- Least access
Question 14:GDPR brought about a significant change in the ______________ jurisdiction of European data protection law
- Territorial prescriptive
- Territorial assertive
- Territorial data protection
- None of the above
Question 15: The pcap library needs the accessibility of a network interface that can be employed in alleged promiscuous mode, which means that interface will recover all packets from the network, even those packets that are not requested to it. Also, it is not required to bind an IP address to the network interface to capture traffic.
Binding of IP address to the network interface is essential to do what?
- General maintenance and traffic monitoring
- Capture traffic
- Security and incident management
- Traffic configuration
Question 16: The privacy knowledge area is structured in different sections, which is consider part of this paradigm?
- As informational control
- As confidentiality
- As transparency
- All of the above
Question 17: Criteria by which usability is assessed?
- Incompetence
- Incapacity
- Indecision
- None of the above
Question 18: Memory-resident malware such that if the computer is rebooted or the infected running program terminates, it no longer exists anywhere on the system and can evade detection by many anti-virus systems that rely on file scanning.
What is the advantage of memory-resident malware?
- It can easily clean up its attack operations right after its execution ANS
- A memory-resident malware has no advantage in the context of hiding its attack operations
- Cleaning up its attacks is possible, but it may require additional malware utilities
- It is difficult to clean up its attack operations if the compromised system is guarded by real-time anti-virus programs
Question 19: What theme is of high relevance regarding the cost versus benefits trade-offs of security to user systems and cybercriminals
- Verification Methods
- Security Architecture
- Security Economics
- None of the above
Question 20: The golden arches of McDonald’s are protected under what intellectual property law?
- Trade secret
- Copyright
- Logo protection
- Trademark
Question 21: Software programs are protected from illegal distribution under what law?
- SPA
- Trade Secret
- Copyright
- Trademark
Question 22: Which is NOT an aspect of Risk Communication with relation to compliance and accountability?
- Involvement
- Education
- Password Policies
- Training and inducement of behavior change
Question 23: Renn defines three basic abstract elements which are at the core of most risk assessment methods. Which element is NOT part of Renn’s definition?
- Possibility of occurrence (uncertainty)
- Combination of outcomes and possibility of occurrence
- Relationship between risk and security
- Outcomes that have an impact on what human’s value
Question 24: Confidentiality based on the __________ of data, is meant to provide a way to control the extent to which an adversary can make inferences about users’ sensitive information
- Encryption
- Coding
- Cryptography
- Obfuscation
Question 25: Which is a type of onion router used to forward data making use of an anonymous communication network?
- Exit
- Entry
- Middle
- All of the above
Question 26: There are many benefits to analyzing malware. First, we can understand the intended malicious activities to be carried out by the malware.
What is the benefit of understanding intended malicious activities?
- This will not allow us to update our network and endpoint sensors to detect and block such activities
- This will help to identify which machines have malware and take corrective actions
- This will let us remove the malware or even completely wiping the computer clean and reinstalling everything
- Both B and C are correct
Question 27: The 1st dimension of our taxonomy is whether malware is a standalone (or, independent) program or just a sequence of instructions to be embedded in another program.
- Complete software and its working depend on the type of compromised Operating system
- It is an incomplete software and is used just for illustration of the Malware program life cycle
- An incomplete program and it needs the help of already installed programs to plan for attack
- A Standalone Malware program is a complete software that can run on its own when installed on a target system and executed
Question 28: Flaws caused by humans frequently arise in design and code which lead to security vulnerabilities. Which discipline has made a big effort in minimizing these faults?
- Information Technology discipline
- CISO
- Security Architecture
- Software Engineering
Question 29: What is a traditional method for obtaining custody of a cybercriminal who is not present within the state?
- Extradition
- Indictment
- Impeachment
- Recrimination
Question 30: The injection of fake data points into data made available in order to hide real samples is called
- Dummy addition
- Data injection
- Suppression
- None of the above
Question 31: The detection issue is a classification job. The assessment of an IDS, therefore, equates the outcome of the detector with the base reality identified to the evaluator, but not to the detector.
What are the possible outcomes of the detection process?
- True Negatives are normal actions that occur in the trace and should not be stated in alerts by the detector
- True Positives are attack actions that should be stated in alerts by the detector
- False positives are also known as false alerts & False negatives also known as miss or type II errors
- All of the above
Question 32: Layer 3 information, such as IP addresses, the amount and timing of the data transferred, or the duration of the connection, is accessible to observers even if communications are encrypted or obfuscated.
What type of metadata is this in reference to?
- Traffic metadata
- Network metadata
- Wireshark metadata
- Host based metadata
Question 33: There are two principal approaches to formal modelling
- Mathematical, Statistical
- Computational, Symbolic
- Logical, Mathematical
- Symbolic, Logical
Question 34: Most modern malware uses some form of obfuscation to avoid detection as there is a range of obfuscation techniques and there are tools freely available on the Internet for a malware author to use.
polymorphism can be used to defeat detection methods that are based on ‘signatures’
or patterns of malware code which mean?
- The identifiable malware features are changed to be unique to each instance of the malware
- Malware instances look different from each other, but they all maintain the same malware functionality
- Some common polymorphic malware techniques include packing
- All A, B & C are correct.
Question 35: With reference to law, which school of thought has universally prevailed with state authorities
- Second school
- Third school
- First school
- Harvard University
Question 36: There are different categories for evidence depending upon what form it is in and possibly how it was collected. Which of the following is considered supporting evidence?
- Best evidence
- Corroborative evidence
- Conclusive evidence
- Direct evidence
Question 37: Encrypted traffic, and particularly TLS, is common and TLS guarantees both the validation of the server to the client and the privacy of the exchange over the network. But it is difficult to evaluate the payload of packets. The solution is to put a supplementary dedicated box near to the application server, usually named the Hardware Security Module (HSM).
What is the purpose of HSM?
- The HSM is designed to establish the TLS session beforehand the application server delivers any information
- HSM transfers the burden of establishing the TLS session external to the application server
- TLS secured traffic is encrypted and decrypted at the HSM, and streams in clear to the server, and triggers IDPSes and WAFs to evaluate the traffic
- All the options A, B & C include the working functionality of HSM
Question 38: The analogy between quality management and security is not perfect because the
- Threat environment is not static
- Hardware is not powerful enough
- System security is leaked
- Human errors
Question 39: The early-day malware activities were largely nuisance attacks (such as defacing or putting graffiti on an organization’s web page) but Present-day malware attacks are becoming full-blown cyberwars.
An underground eco-system has also emerged to support what?
- The full malware lifecycle that includes development, deployment, operations, and monetization
- The middle half of the malware lifecycle that includes only deployment & operations
- The 2nd half of the malware lifecycle that includes only operations and monetization
- The 1st half of the malware lifecycle that includes only development & deployment
Question 40: Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities.
This supposedly supports the detection of what?
- environmental vulnerability
- 0-day attacks
- economic vulnerability and social vulnerability
- physical and real-time vulnerability
Question 41:”The effectiveness , efficiency and satisfaction with which specified users achieve specified goals in particular environment”
This is the definition of “usability” by
Question 41: Consist of principles which refer to securitu architecture , precise controls and engineering process management ?
- Security Architecture and Design
- Security Capability and Intrinsic Behaviors
- Life Cycle Security
- All of the above
Question 42:________ is the number of characters that most humans can commit to STM without overload
Question 43:In a scenario where the data belongs to the sender and the recipient acts as the data process is an example of ?
- In house processing
- Outsourcing
- Data processing
- None of the above
Question 44:Component-driven methods are good for
- Bringing together multiple stakeholders views of what a system should and should not do
- Exploiting security breaches which emerge out of the complex interactions of many parts og your system
- Establishing system security requirements before you have decided on the system is exact physical design
- Analyzing the risks faced by individuals technical components
Question 45:”International and national statutory and regulatory requirements , compliance obligations and security ethics including data protections and developing doctrines on cyber warfare “
Which of the following option describes the above – mentioned statement ?
- Human Factors
- Privacy & Online Rights
- Risk Management & Governance
- Law & Regulations
Question 46:In SIEM data collection , the transport protocol defines how the alert bilstring is migrated from one place to another .
What are the examples of transport protocols ?
- Syslog , IDXP , HTTP or AMQP
- CLNP Connections Networking Protocol & HSRP Hot Standby Router Protocol
- VRRP Virtua; Router Redundancy Protocol &S7 signing protocol
- Ethernet and TCP / Ip
Question 47:_________ is a principle where conditions appear from previous decisions about said systems
- Precautionary Conditions
- Latent Design Conditions
- NIST conditions
- None of the above
Question 48 :Which is an incident management functions specific to cybersecurity ?
- Backup and Restore
- Security Monitoring
- Recovery files
- None of the above
Question 49 :Which of the following is NOT a core Concept of risk Assessment ?
- Impact
- Risk Analysis
- Likelihood
- Vulnerability
Question 50 :The Domain NAme System translates domain names, significantly bits of text to IP addresses needed for network communications . The DNS protocol is also a regular DDOs enhancer as it is likely for an attacker to impersonate the IP address of a target in a DNS request , this triggering the DNS server to send unwanted traffic to the target
What other protocols are prone to amplification
- S7 Signifying protocol
- NTP Network Time Protocol
- TCP /IP
- ARP
Question 51 :Which is not a Good Security Metric ?
- consistently measured without subjective criteria
- Cheap to gather preferably in an automated way
- Express results with quantitative label units of measure
- Contextually specific and relevant enough to decision makers that they can take a decision
Question 52 :Which one is NOT part of the risk governance model ?
- Emblematic
- Transparent
- Secisiontic
- Technocratic
Question 53 :Which is NOT an aspect of RISK Communication with rekation to compliance and accountability
- Password Policies
- Training and inducement behaviour Change
- Education
- Involvement
Question 54 :Which is a valuable framework for the system engineers and who probe deficiencies and vulnerabilities within such systems ?
- Procedures
- Policies
- IT Service Management
- Code of conduct
Question 55 :Which principle states that controls mined to define and enable operations that can positively be identified as being in accordance with a security policy and reject all others ?
- Penetration testing
- Complete Mediation
- Open Design
- Fail Safe Defaults
Question 55 :Experts Proposed a framework to systematize the attribution efforts of cyberattacks which of the following is NOT a Layer of the framework
- Operational
- Analytical
- Strategic
- Tactical
- Question 55 :What is the good example of a security measure made ineffective due to its 0.1 % utilization and that has been around for over 20 years?
- Log Management
- Email Encryption
- Software Encrytion
- Data backup
Question 55 :Which of the following is not a NIST security architecture strategy ?
- The Reference Monitor Concept
- Defense in Depth
- Isolation
- Behavior
Question 55 :The third Dimension generally applies to only persistent malware based on the layers that include firmware , boot- sector ,operating System kernel , drivers and Application programming Interfaces (APi’s) and user Applications
All the above mentioned layers are presented in which order ?
- All are in the order in which they are implemented
- They are in random Order
- in the context of persistent malware the order of system stack layers does nit matter
- All layer of the system slack are mentioned in the ascending order
Question 55 :As Net flow was designed by the network equipment providers it is exceptionaaly well implemented in networks and extensively used for network angement jobs . It is Standardized and even nonetheless the commercial names vary alike information is gathered by the manufacturers that are supportive of this technology .
Controlling Packets to calculate Net flow Counters Requires access to what ?
- GPU Designed for visual AI
- Routers CPU
- Transit Gateway CPU
Question 56 : Situations where risks are less clear cut there may be a need to include a broadet set of evidence and consider a comparative approach such as cost benefit analysis or cost eefectiveness . This is all true with regards to
- Ambiguous risks
- Uncertain risks
- Complex Risks
- Routine Risks
Question 57 :____________ is the result of a threat exploitying a vunerability , which has a negative effect on the success on the objectives for which we are assessing the risk
- Impact
- Likelihood
- Attack
- Threat
Question 58 :Which of the following is not done by Cyber Criminals ?
- Mask Attack using Trojans as Botnets
- Unauthorized account Access
- Email Spoofing and spamming
- Report vulnerability in any system
Question 59 :In legal research , this term can refer to any systematized collection of primary legislation , secondary legislation , model laws or merely a set of rules publised by public or private organizations
- Codes
- Ethics
- Compliance
- Contracts
Question 60 :TLS guarantees both the validation to the server to the client and the privacy of the exchange over the network . But it is difficult to evaluate the payload of pockets . The solution is to put a supplementary dedicated box near to the application server , usually named as Hardware Security Module (HSM)
What is the purpose of HSM?
- The HSM is designed to establish the TLS session beforehand the application server delivers any information
- HSM tranfers the burden of establishing the TLS session ecternal the application server
- TLS secured traffic is encrypted and decrypted at the HSM and strams in clear to the server and triggers IDPSes and WAFs to evaluate the traffic
- All the Options A, B, & C include the working functionality of HSm
Question 61 :Malware essentially Codifies the malicious activities intended by an attacker and can be analyzed using the Cyber Kill Chain Model which represents ( iterations of ) steps typically involved in a cyberattack
What is the forts step in the Cyber Kill Chain Model that Cyber Attackers Follow ?
- Establishing a command-and-control channel for attackers to remotely commander the victims system
- Reconnaissance is the 1st step where an attacker identifies or attracts the potential targets by scanning
- Exploiting a vulnerability and executing malicious code on the victims system
- The 1st Step is to gain access to the targets by sending crafted input to trigger a vulnerability
Question 62 : Which concept addresses information flows with different privacy needs depending on the entities exchanging the information or the environment in which it is exchanged.
- PII
- PHI
- Integrity of the information
- Contextual integrity
Question 63 : A framework that acknowledges that current systems are interconnected, and provides basis on how to secure them
Question 64 : An adversary cannot determine which candidate a user voted for, this is true for
- Ballot Secrecy
- Ballot anonymity
- Vote confidence
- Vote secrecy
Question 65 :The term ’jurisdiction’ is used to refer to a state, or any political sub-division of a state, that has the authority to do?
- Place probable cause
- Address conflict of law
- Enforce laws or regulations
- All of the above
Question 66 :Anomaly detection is an essential technique for identifying cyber-attacks, since any information regarding the attacks cannot be inclusive enough to propose coverage and the main benefit of anomaly detection is its liberation from the understanding of explicit vulnerabilities.
- This supposedly supports the detection of what?
- economic vulnerability and social vulnerability
- environmental vulnerability
- physical and real-time vulnerability
- 0-day attacks
Question 67 :_________ is oriented towards operational risk and security practices rather than technology.
- STRIDE
- Attack Trees
- FAIR
- Octave Allegro
Question 68 : Cybercrime can be categorized into ________ types
Question 69: What is the best detection approach when dealing with DDoS
- Include monitoring host activities involved in encryption
- Use the layer 7 capability firewall for detection
- Analyze the statistical properties of traffic
- Look for synchronized activities both in C&C like traffic and malicious traffic
Question 70 :Before performing any penetration test, through legal procedure, which key points listed below is not mandatory?
- Type of broadband company used by the firm
- System and network
- Characteristics of work done in the firm
- Know the nature of the organization
Question 71 : Capturing the MAC layer is doable but needs an explicit configuration. Capturing the MAC layer is mandatory to identify attacks like ARP poisoning. For the definite categories of industrial control networks that execute right on top of the Ethernet layer, capturing traffic involves adding a node and could change the real-time conventions.
Understanding the information available in the MAC layer requires what?
- The configuration of the network segment to which the collection network interface is attached.
- Understanding of network architecture.
- Design configuration of the whole network interface
- Network configuration in promiscuous mode.
Question 72 :As with any process of risk management, a key calculation relates to expected impact, being calculated from some estimate of likelihood of events that may lead to impact, and an estimate of the impact arising from those events.
Which is NOT an element of likelihood?
- Command and control
- Presence of vulnerability
- Nature of the threat
- All of the above
Question 73 :Systems benefit from a uniform approach to security infrastructure . Which is NOT a part of this approach ?
- Intrusion Detection
- Reconnaisance
- Roles
- user Access
Question 74 :Which of the following is not a type of peer-to-peer cyber-crime ?
- Injecting trojans to a target victim
- MiTM
- Phishing
- Credit Card details mask in deep web
Question 75 :Why are chances in passive security indicators often missed by human , particularly if they are on the edges of the screen ?
- Humans do not have the physical and mental capacity to review such indicators
- Humans are decting anomates
- Human are busy with alert signals
- Human can only focus on one back at any one time