Foundation in Cyber Security B2 Posted bymaster September 30, 2021 Leave a comment on Foundation in Cyber Security B2 Welcome to your Foundation in Cyber Security - GKK - B1 Instructions All 20 questions should be attempted. You have 1 hour to complete this paper You must achieve 13 or more out of possible 20 marks (65%) to pass this exam Name Email Enter your DOB (dd/mm/yyyy) 1. An evil twin attack that broadcasts a legitimate SSID for an unauthorized network is an example of what category of threat? Spoofing Information disclosure Repudiation Tampering None 2. FlyAway Travel has offices in both the European Union and the United States and transfers personal information between those offices regularly. Which of the seven requirements for processing personal information states that organizations must inform individuals about how the information they collect is used? Notice Choice Onward Transfer Enforcement None 3. Which one of the following is not one of the three common threat modeling techniques? Focused on assets Focused on attackers Focused on software Focused on social engineering None 4. Which one of the following elements of information is not considered personally identifiable information that would trigger most US state data breach laws? Social Security number Student identification number Driver’s license number Credit card number None 5. Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem? TCB TPM NIACAP RSA None 6. COBIT, Control Objectives for Information and Related Technology, is a framework for IT management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements? Business owners Data processors Data owners Data stewards None 7. What term is used to describe a starting point for a minimum security standard? Outline Baseline Policy Configuration guide None 8. When media is labelled based on the classification of the data it contains, what rule is typically applied regarding labels? The data is labeled based on its integrity requirements. The media is labeled based on the highest classification level of the data it contains. The media is labeled with all levels of classification of the data it contains. The media is labeled with the lowest level of classification of the data it contains. None 9. The need to protect sensitive data drives what administrative process? Information classification Remanence Transmitting data Clearing None 10. Fran’s company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran’s company considering? SaaS IaaS CaaS PaaS None 11. Michael is responsible for forensic investigations and is investigating a medium severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take? Keep the website offline until the investigation is complete. Take the virtualization platform offline as evidence. Take a snapshot of the compromised system and use that for the investigation. Ignore the incident and focus on quickly restoring the website. None 12. If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message? Refer to the following scenario. Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. a. Alice’s public key b. Alice’s private key c. Bob’s public key d. Bob’s private key None 13. When Bob receives the encrypted message from Alice, what key does he use to decrypt the message? Refer to the following scenario. Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. a. Alice’s public key b. Alice’s private key c. Bob’s public key d. Bob’s private key None 14. Which one of the following keys would Bob not possess in this scenario? Refer to the following scenario. Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. a. Alice’s public key b. Alice’s private key c. Bob’s public key d. Bob’s private key None 15. Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature? Refer to the following scenario. Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. a. Alice’s public key b. Alice’s private key c. Bob’s public key d. Bob’s private key None 16. What name is given to the random value added to a password in an attempt to defeat rainbow table attacks? a. Hash b. Salt c. Extender d. Rebar None 17. Ben has connected his laptop to his tablet PC using an 802.11g connection. What wireless network mode has he used to connect these devices? Infrastructure mode Wired extension mode Ad hoc mode Stand-alone mode None 18. Which of the following is not a potential problem with active wireless scanning? Accidently scanning apparent rogue devices that actually belong to guests Causing alarms on the organization’s wireless IPS Scanning devices that belong to nearby organizations Misidentifying rogue devices None 19. Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Of the 802.11 standards listed below, which is the fastest 2.4 GHz option he has? 802.11a 802.11g 802.11n 802.11ac None 20. Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts? Read only Editor Administrator No access None 21. Which of the following options is not a common best practice for securing a wireless network? Turn on WPA2. Enable MAC filtering if used for a relatively small group of clients. Enable SSID broadcast. Separate the access point from the wired network using a firewall, thus treating it as external access. None 22. What network topology is shown in the image below? A ring A bus A star A mesh None 23. Ben has configured his network to not broadcast a SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered? Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer. Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID. Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network. None 24. As part of a penetration test, Alex needs to determine if there are web servers that could suffer from the 2014 Heartbleed bug. What type of tool could he use, and what should he check to verify that the tool can identify the problem? A vulnerability scanner, to see whether the scanner has a signature or test for the Heartbleed CVE number A port scanner, to see whether the scanner properly identifies SSL connections A vulnerability scanner, to see whether the vulnerability scanner detects problems with the Apache web server A port scanner, to see whether the port scanner supports TLS connections None 25. If Susan’s organization requires her to log in with her username, a PIN, a password, and a retina scan, how many distinct types of factor has she used? One Two Three Four None 26. Which of the following items are not commonly associated with restricted interfaces? Shells Keyboards Menus Database views None 28. What major issue often results from decentralized access control? Access outages may occur Control is not consistent Control is too granular Training costs are high None 29. Jim has been contracted to perform a penetration test of a bank’s primary branch. In order to make the test as real as possible, he has not been given any information about the bank other than its name and address. What type of penetration test has Jim agreed to perform? A crystal box penetration test A gray box penetration test A black box penetration test A white box penetration test None 30. Which one of the following is not a privileged administrative activity that should be automatically sent to a log of superuser actions? Purging log entries Restoring a system from backup Logging into a workstation Managing user accounts None 1 out of 6 Time is Up!
