CERTIFIED CYBER SECURITY PROFESSIONAL

Welcome to your CERTIFIED CYBER SECURITY PROFESSIONAL

Name

Email

DOB

1. Which of the following techniques MOST clearly indicates whether specific risk reduction controls should be implemented?

A. Threat and vulnerability analysis.

B. Risk evaluation.

C. ALE calculation.

D. Countermeasure cost/benefit analysis.

2. In the Open Systems Intercommunication (OSI) model, which protocol works at Layer 4?

A. TCP

B. ARP

C. OSPF

D. CRC

3. Which protocol is used to connect to a secure web server?

A. HTTP

B. HTTPS

C. FTP

D. SMTP

4. Which one of the following elements of information is not considered personally identifiable information that would trigger most US state data breach laws?

A. Student identification number

B. Social Security number

C. Driver’s license number

D. Credit card number

5. In the Open Systems Intercommunication (OSI) model, which hardware works at Layer 3?

A. Switch

B. Cables

C. Router

D. Repeater

6. Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is she using to protect against it?

A. Man-in-the-middle, VPN

B. Packet injection, encryption

C. Sniffing, encryption

D. Sniffing, TEMPEST

7. COBIT, Control Objectives for Information and Related Technology, is a framework for IT management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements?

A. Business owners

B. Data processors

C. Data owners

D. Data stewards

8. What term is used to describe a starting point for a minimum security standard?

A. Outline

B. Baseline

C. Policy

D. Configuration guide

9. The primary goal of computer forensics is which of the following?

A. Report malicious activity to management

B. Obtain evidence of malicious activity

C. Create a record of malicious activity

D. Mitigate damages caused by malicious activity

10. The need to protect sensitive data drives what administrative process?

A. Information classification

B. Remanence

C. Transmitting data

D. Clearing

11. Fran’s company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran’s company considering?

A. SaaS

B. IaaS

C. CaaS

D. PaaS

12. Which one of the following refers to a series of characters used to verify a user's identity?

A. Token serial number

B. Userid

C. Password

D. Security ticket

13. Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem?

A. TCB

B. TPM

C. NIACAP

D. RSA

14. If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message?

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

A. Alice’s public key

B. Alice’s private key

C. Bob’s public key

D. Bob’s private key

15. When Bob receives the encrypted message from Alice, what key does he use to decrypt the message?

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

A. Alice’s public key

B. Alice’s private key

C. Bob’s public key

D. Bob’s private key

16. Which one of the following keys would Bob not possess in this scenario?

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

A. Alice’s public key

B. Alice’s private key

C. Bob’s public key

D. Bob’s private key

17. Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?

A. Alice’s public key

B. Alice’s private key

C. Bob’s public key

D. Bob’s private key

18. What name is given to the random value added to a password in an attempt to defeat rainbow table attacks?

A. Hash

B. Salt

C. Extender

D. Rebar

19. Ben has connected his laptop to his tablet PC using an 802.11g connection. What wireless network mode has he used to connect these devices?

A. Infrastructure mode

B. Wired extension mode

C. Ad hoc mode

D. Stand-alone mode

20. What access control methodology facilitates frequent changes to data permissions for user groups?

A. Rule-based

B. List-based

C. Role-based

D. Ticket-based

21. What is the PRIMARY use of a password?

A. Allow access to files.

B. Identify the user.

C. Authenticate the user.

D. Segregate various user's accesses.

22. Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Of the 802.11 standards listed below, which is the fastest 2.4 GHz option he has?

A. 802.11a

B. 802.11g

C. 802.11n

D. 802.11ac

23. What applications are associated with each of the following TCP ports: 23, 25, and 143.

A. Telnet, SFTP, NetBIOS

B. SSH, SMTP, POP3

C. Telnet, SMTP, IMAP

D. Telnet, SMTP, POP3

24. Attenuation is described as:

A. Line noise that is superimposed on the supply circuit can cause a fluctuation in power.

B. Disruptions on a line caused by things like florescent lighting.

C. Electromagnetic Interference caused by motors, lightning, etc.

D. The loss in signal strength as it travels.

25. What network topology is shown in the image below?

A. A ring

B. A bus

C. A star

D. A mesh

26. Centralized authentication systems should provide which of the following services?

A. Authentication, Authorization and Availability

B. Authentication, Availability and Access Control

C. Authentication, Authorization and Accountability

D. Authentication, Authorization and Access Control

27. Under what conditions would use of a "Class C" hand-held fire extinguisher be preferable to use of a "Class A" hand-held fire extinguisher?

A. When the fire is in its incipient stage.

B. When the fire involves electrical equipment.

C. When the fire is located in an enclosed area.

D. When the fire is caused by flammable products.

28. Voice pattern recognition is what type of authentication factor?

A. Type 1

B. Type 2

C. Type 3

D. Type 4

29. If Susan’s organization requires her to log in with her username, a PIN, a password, and a retina scan, how many distinct types of factor has she used?

A. One

B. Two

C. Three

D. Four

30. Which of the following items are not commonly associated with restricted interfaces?

A. Shells

B. Keyboards

C. Menus

D. Database views

31. What major issue often results from decentralized access control?

A. Access outages may occur.

B. Control is not consistent.

C. Control is too granular.

D. Training costs are high.

32. What message logging standard is commonly used by network devices, Linux and Unix systems, and many other enterprise devices?

A. Syslog

B. Netlog

C. Eventlog

D. Remote Log Protocol (RLP)

33. Jim has been contracted to perform a penetration test of a bank’s primary branch. In order to make the test as real as possible, he has not been given any information about the bank other than its name and address. What type of penetration test has Jim agreed to perform?

A. A crystal box penetration test

B. A grey box penetration test

C. A black box penetration test

D. A white box penetration test

34. Which of the following statements is most accurate of digital signature?

A. It is a method used to encrypt confidential data.

B. It is the art of transferring handwritten signature to electronic media.

C. It allows the recipient of data to prove the source and integrity of data.

D. It can be used as a signature system and a cryptosystem.

35. What type of testing is used to ensure that separately developed software modules properly exchange data?

A. Fuzzing

B. Dynamic testing

C. Interface testing

D. API checksums

36. Key Clustering is defined as

A. Two different plaintext files, that are hashed using the same hash algorithm, yield the same message digest.

B. Two exact plaintext files, that are hashed using the same hash algorithm, yield the same message digest.

C. The same plaintext file, when encrypted by two separate keys, produces the same ciphertext.

D. The same plaintext file, when encrypted by two separate keys, produces the different ciphertext.

37. Referring to the figure below, what technology is shown that provides fault tolerance for the database servers?

A. Failover cluster

B. UPS

C. Tape backup

D. Cold site

38. Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts?

A. Read only

B. Editor

C. Administrator

D. No access

39. Which one of the following is not a privileged administrative activity that should be automatically sent to a log of superuser actions?

A. Purging log entries

B. Restoring a system from backup

C. Logging into a workstation

D. Managing user accounts

40. Which one of the following individuals is most likely to lead a regulatory investigation?

A. CISO

B. CIO

C. Government agent

D. Private detective

41. An electrical device (AC or DC} which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:

A. magnetic field.

B. a degausser.

C. magnetic remanence.

D. magnetic saturation.

42. Toni responds to the desk of a user who reports slow system activity. Upon checking outbound network connections from that system, Toni notices a large amount of social media traffic originating from the system. The user does not use social media, and when Toni checks the accounts in question, they contain strange messages that appear encrypted. What is the most likely cause of this traffic?

A. Other users are relaying social media requests through Toni’s computer.

B. Toni’s computer is part of a botnet.

C. Toni is lying about her use of social media.

D. Someone else is using Toni’s computer when she is not present.

43. Which of the following is a common way that attackers leverage botnets?

A. Sending spam messages

B. Conducting brute-force attacks

C. Scanning for vulnerable systems

D. All of the above

44. Which one of the following statements is not true about code review?

A. Code review should be a peer-driven process that includes multiple developers.

B. Code review may be automated.

C. Code review occurs during the design phase.

D. Code reviewers may expect to review several hundred lines of code per hour.

45. The greatest risk to most organizations through portable computing is:

A. Loss of expensive hardware

B. Vulnerability of remote access

C. Loss of confidential data

D. Tracking and inventory of equipment

46. What is the first step in information protection?

A. Information classification

B. Information identification

C. Information backup

D. Information flow diagrams

47. When using the SDLC, which one of these steps should, you take before the others?

A. Functional requirements determination

B. Control specifications development

C. Code review

D. Design review

48. Which of the following defines the intent of a system security policy?

A. A description of the settings that will provide the highest level of security

B. A brief high-level statement defining what is and is not permitted in the operation of the system

C. A definition of those items that must be denied on the system

D. A listing of tools and applications that will be used to protect the system

49. A signed user acknowledgment of the corporate security policy:

A. Ensures that users have read the policy

B. Ensures that users understand the policy, as well as the consequences for not following the policy

C. Can be waived if the organization is satisfied that users have an adequate understanding of the policy

D. Helps to protect the organization if a user's behaviour violates the policy

50. Which of the following backup processing alternatives describes a computing facility with telecommunications equipment, some systems, but minimal data?

A. Company-owned hot site

B. Commercial hot site

C. Cold site

D. Warm site