Skip to content

Latest commit

 

History

History
101 lines (72 loc) · 3.42 KB

cybersecurity-quiz.md

File metadata and controls

101 lines (72 loc) · 3.42 KB
Raw

Cybersecurity Assessment

Q1. According to the shared responsbility model, which cloud computing model places the most responsibility on the cloud service provider (CSP)?

  • Hybrid Cloud
  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)

Q2. Which option removes the risk of multitenancy in cloud computing?

  • PaaS
  • public cloud
  • private cloud
  • IaaS

Q3. Your organization recently implemented a unified messaging solution and VoIP phones on every desktop. You are responsible for researching the vulnerabilities of the VoIP system. Which type of attack are VoIP phones most vulnerable to experiencing?

  • denial-of-service
  • brute force attacks
  • malware
  • buffer overflow

Q4. Which security control cannot produce an active response to a security event?

  • cloud access security broker (CASB)
  • intrusion prevention system (IPS)
  • intrusion detection system (IDS)
  • next generation firewall

Q5. Packet sniffer is also called _.

  • SIEM
  • UTM
  • protocol analyzer
  • data sink

Q6. Which option tests code while it is in operation?

  • code review
  • code analysis
  • static analysis
  • dynamic analysis

Q7. Which option describes testing that individual software developers can conduct on their own code?

  • gray box testing
  • integration testing
  • white box testing
  • unit testing

Q8. In black box penetration testing, what information is provided to the tester about the target environment?

  • none
  • limited details of server and network infrastructure
  • all information
  • limited details of server infrastructure

Q9. Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?

  • intrusion prevention system (IPS)
  • next generation firewall
  • cloud access security broker (CASB)
  • intrusion detection system (IDS)

Q10. Which option describes the best defense against collusion?

  • monitoring of normal employee system and data access patterns
  • applying system and application updates regularly
  • fault tolerant infrastructure and data redundancy
  • separation of duties and job rotation

Q11. During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time?

  • rainbow table attack
  • pass-the-hash attack
  • password spray attack
  • brute force attack

Q12. Which area is DMZ?

image

  • 4
  • 1
  • 2
  • 3

Q13. You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?

  • file hash
  • asymmetric encryption
  • digital signature
  • symmetric encryption

Q14. What is the difference between DRP and BCP

  • DRP works to keep a business up and running despite a disaster. BCP works to restore the original business capabilities.
  • BCP works to keep a business up and running despite a disaster. DRP works to restore the original business capabilities.
  • BCP is part of DRP.
  • DRP is part of BCP.