Practice Quiz

This quiz simulation covers the concepts you need to know to pass cybersecurity exams and certifications. See how you measure up with these 20 random questions.

1) Before applying a software update to production systems, it is most important that

The patching is documented

The systems are backed up

Full information about the threat that the patch addresses is available

An independent third-party attests the validity of the patch

2) What is the process of making digital data unreadable to unauthorized users?

VPN

Encryption

FTP

Deserialization

3) A way to defeat frequency analysis as a method to determine the key is to use what?

Inversion ciphers

Transposition ciphers

Substitution ciphers

Confusion

4) Which phase best defines a business disaster recovery plan?

An approved set of preparations and procedures for responding to a disaster

A set of plans for preventing a disaster

The adequate preparation and procedures for the continuation of all organization functions

A set of preparations and procedures for responding to a disaster without management approval

5) Which one is the most common security threat with IoT devices?

Logical Network Segmentation

Lack of device management

Lack of system updates against a new vulnerability

Backdoor

6) Technical evaluation of assurance to ensure that security requirements have been met is known as?

Accreditation

Evaluation

Validation

Verfication

7) Which item is not part of a Kerberos authentication implementation?

Message authentication code

Ticket granting service

Authentication service

Users, programs, and services

8) What best describes two-factor authentication?

A hard token and a smart card

A user name and a PIN

A password and a PIN

A PIN and a hard token

9) When receiving an email from an unknown contact that has an attachment, you should:

Open the attachment and view the contents

Delete the email

Report the email as Phishing

Forward to your personal email

10) What is the right time to plan for security?

Pre-deployment

Post-deployment

Testing Phase

Monitoring Phase

11) Business impact analysis is performed to best identify what?

Exposure to loss the organization faces

Impacts of a threat to the organization operations

Cost-effcient way to eliminate threats

Impacts of a risk to the organization

12) Which is concerned with identifying the root cause but also addressing the underlying issue?

Change management

Incident management

Configuration management

Problem management

13) In the OSI reference model, on which layer is Ethernet?

Layer 1 - Physical layer

Layer 2 - Data-link layer

Layer 3 - Network layer

Layer 4 - Transport layer

14) When sensitive information is no longer critical but still within the scope of a record retention policy , that information is BEST?

Destroyed

Re-categorized

Degaussed

Released

15) Tactical security plans are best used to do what?

Deploy new security technology

Enable enterprise security management

Establish high-level security policies

Reduce downtime

16) The running key cipher is based on what?

Modular math

Exponentiation

Substitution cipher

XOR math

17) Who is accountable for implementing information security?

Everyone

Senior management

Security officer

Data owners

18) What is optimal placement for network based intrusion detection system (NIDS)?

External Service Provider

Network Operation Center (NOC)

Network segments with business critical systems (DMZ) and certain intranet segments

Network perimeter to alert network admins of suspicious traffic

19) A disadvantage of single sign-on is?

Consistent time-out enforcement across platforms

A compromised password exposes all authorized resources

Use of multiple passwords to remember

Password change control

20) Triage encompasses which of the following incident response sub-phases?

Collection, transport, testimony

Traceback, feedback, loopback

Detection, identification, notification

Confidentiality, integrity, availability