About     Donate     Endpoint     F.A.Q.     Privacy     Sales     Status     T.O.S.     Contact     Boring background Dark background OG background Cyber background


Practice Quiz

This quiz simulation covers the concepts you need to know to pass cybersecurity exams and certifications. See how you measure up with these 20 random questions.
 

  1) Which of the following is not addressed by the data retention policy?
   What data to keep
   For whom data is kept
   How long data is kept
   Where data is kept
 
  2) What best describes two-factor authentication?
   A hard token and a smart card
   A user name and a PIN
   A password and a PIN
   A PIN and a hard token
 
  3) Who is accountable for implementing information security?
   Everyone
   Senior management
   Security officer
   Data owners
 
  4) Many privacy laws dictate which of the following rules?
   Individuals have a right to remove any data they do not want others to know
   Agencies do not need to ensure that the data is accurate
   Agencies need to allow all government agencies access to the data
   Agencies cannot use collected data for a purpose different from what they were collected for
 
  5) Business impact analysis is performed to best identify what?
   Exposure to loss the organization faces
   Impacts of a threat to the organization operations
   Cost-effcient way to eliminate threats
   Impacts of a risk to the organization
 
  6) Which factor is the most important item when it comes to ensuring security is successful in an organization?
   Senior management support
   Effective controls and implementation methods
   Updated and relevant security policies and procedures
   Security awareness by all employees
 
  7) When selecting a security testing method or tool, the practitioner needs to consider many different things, such as:
   Surface and supported technology
   Security roles and responsibilities for staff
   Culture of the organization and likelihood of exposure
   Local annual frequency estimate and standard annual frequency estimate
 
  8) What is an advantage of RSA over DSA?
   It can provide digital signature and encryption functionality
   It uses fewer resources and encrypts faster because it uses symmetric keys
   It is a block cipher rather than a stream cipher
   It employs a one-time encryption pad
 
  9) Tactical security plans are best used to do what?
   Deploy new security technology
   Enable enterprise security management
   Establish high-level security policies
   Reduce downtime
 
  10) What is optimal placement for network based intrusion detection system (NIDS)?
   External Service Provider
   Network Operation Center (NOC)
   Network segments with business critical systems (DMZ) and certain intranet segments
   Network perimeter to alert network admins of suspicious traffic
 
  11) Which is concerned with identifying the root cause but also addressing the underlying issue?
   Change management
   Incident management
   Configuration management
   Problem management
 
  12) Single loss expectancy (SLE) is calculated by using?
   Asset value and annualized rate of occurrence (ARO)
   Asset value, local annual frequency estimate (LAFE), and standard annual frequency estimate (SAFE)
   Asset value and exposure factor
   Local annual frequency estimate and annualized rate of occurrence
 
  13) Triage encompasses which of the following incident response sub-phases?
   Collection, transport, testimony
   Traceback, feedback, loopback
   Detection, identification, notification
   Confidentiality, integrity, availability
 
  14) What is the term for the act of secretly observing and recording someone's keystrokes on a computer?
   Keystroking
   Keylogging
   Logkeying
   Stokelogs
 
  15) Which of the following best determines access of an individual?
   Role
   Clearance
   Partnership with security team
   Job rank or title
 
  16) Which item is not part of a Kerberos authentication implementation?
   Message authentication code
   Ticket granting service
   Authentication service
   Users, programs, and services
 
  17) Before applying a software update to production systems, it is most important that
   The patching is documented
   The systems are backed up
   Full information about the threat that the patch addresses is available
   An independent third-party attests the validity of the patch
 
  18) Which one is the most common security threat with IoT devices?
   Logical Network Segmentation
   Lack of device management
   Lack of system updates against a new vulnerability
   Backdoor
 
  19) Which of the following can help with ensuring that only the needed logs are collected for monitoring?
   Clipping
   Aggregation
   Inference
   XML Parsing
 
  20) In the OSI reference model, on which layer is Ethernet?
   Layer 1 - Physical layer
   Layer 2 - Data-link layer
   Layer 3 - Network layer
   Layer 4 - Transport layer
 
 
© 2024 Black Cat White Hat Security L.L.C. - All rights reserved. - Application Version: 4D.65.6F.77