SEC 110 Midterm Study Guide Quizzes
Unit 1-8 Questions With Correct
Answers
\.A company has approached you for their product testing, and you agree to do it. First, you
have to install the necessary plugins for the software through the browser, install the software,
and run the software again.What procedure should you adopt to ensure that you don't
compromise the browser and the computer's operating system? - Answer-Making sure that the
OS's security options are deployed, run the antivirus/antispyware on the files downloaded, run
the software on HSTS/HTTPS mode, and then send a secure cookie to the server.
\.A company has its network compromised. As an expert professional, the organization has
hired you to identify the probable cause of the attack and fix it. As a security professional, you
have noticed the pattern of compromise is unlike anything previously seen. You are looking to
find new information on vulnerabilities like the attack that occurred.Which of the following
actions would help achieve this objective? - Answer-Checking the dark web
\.A company has multiple CAs and intermediate CAs issuing digital certificates in different
departments, with no one cross-checking their work. Which PKI trust model should the
company use? - Answer-Distributed trust model
\.A company monitors the network activity of the organization and stores the logs in a database.
You have been asked to identify whether there are any malicious activities in the network.
Which of the following can denote the upper and lower bounds of their various network
activities? - Answer-KRI
\.A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many
devices. Which approach should the analyst take? - Answer-Scan the most important devices for
as long as it takes for each device
,\.A cybercriminal attempts to trick a computer's user into sharing their personal information by
implementing content to discreetly capture user information over the actual webpage.What
should the user implement to avoid this situation? - Answer-X-Frame
\.A federal appeals court recently made a judgment that caused significant public outrage. Soon
after the ruling, the court's website was hacked, and the content was replaced with the text
"Equal justice for all."Which of the following type of threat actors attacked the court's site? -
Answer-Hacktivists
\.A learning management system application has been written in Python. While running the
application code, the specific program or application that converts the program into machine
language is called what? - Answer-Compiler
\.A machine where the operating system runs an application on top of an operating system is
called _______. - Answer-a virtual machine
\.A manager working in ABC Consulting shared a list of employees from his team who were
eligible for an extra week off. Later, he claimed that he has never shared this list. Which
principle or functionality of a secured communication can be used to substantiate or verify the
manager's claim? - Answer-Nonrepudiation
\.A new e-commerce startup with global operations is looking for a method to manage its
supply-chain data for production. Instead of using bar codes, scanners, paper forms, and
individual databases, making the system difficult to use, which method should be used to
quickly track shipments? - Answer-Blockchain
\.A source computer's ability to reach a specified destination computer can be tested using
which of the following? - Answer-ping
,\.A source computer's ability to reach a specified destination computer can be tested using
which of the following? - Answer-ping
\.A vulnerability assessment engineer performed vulnerability scanning on active directory
servers and discovered that the active directory server is using a lower version of Kerberos. To
alert management to the risk behind using a lower version of Kerberos, he needs to explain
what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can
the attacker perform after exploiting vulnerabilities in Kerberos? - Answer-Use privilege
escalation
\.ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages
and data between offices to communicate important market information, employee decisions,
financial decisions, etc., for management consideration and senior-level decision making. Since
these decisions impact the local employees and global businesses, they suspect that these data
may be prone to attacks from threat actors internally and externally. While one of the senior
systems administrators suggested implementing steganography to achieve this objective, the IT
Department head at another branch suggested implementing cryptography. The management
team has now called you for expert advice to select the best method to implement in the
enterprise.What should your advice be, and why? - Answer-Cryptography should be
implemented because it allows information to be viewed only by authorized users and checks
whether the information has been altered or changed by anybody It also makes the information
unclear, even if other users see it Cryptography is a more advanced technology than
steganography These features make cryptography the right choice for the enterprise to
implement
\.ABC Enterprises plans to upgrade its internal confidential communication channel for the
senior management team, which is geographically spread out, to enhance communication
speed and security. They have decided to use cryptography to achieve this but can't decide on
which model. The CEO has come to you for your suggestion on whether to use RSA or ECC.What
should you recommend to the CEO, and why? - Answer-ECC, as it uses sloping curves to
generate keys This makes it very secure for smaller key sizes making it secure and the
communication exchange extremely fast
, \.ABC Technologies had its computer network compromised through a cybersecurity breach. A
cybersecurity expert was employed to analyze and identify what caused the attack and the
damage caused by the attack. He checked an available database for this purpose and found the
threat actor behind the attack. He also found out the cybercriminal has been attempting to sell
the company's valuable data on the internet.Which are the most probable methods used by the
cybersecurity expert to get to this stage of the investigation? - Answer-The cybersecurity expert
checked with CISCP and also investigated the dark web.
\.Alex is working for Alpha Technology as a system administrator. The enterprise's sales team
uses multiple external drives, often containing confidential data, that they carry between their
offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen
or lost, and why? - Answer-Use encrypted USBs in the enterprise because they automatically
encrypt the information and give Alex remote access to the drive to monitor and disable the
user
\.Alex needs to find a method that can change a single character of plaintext into multiple
characters of ciphertext.Which method should Alex use? - Answer-Diffusion
\.Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an
internet-facing web application server running on port HTTPS. When she finishes the
vulnerability scan, she finds several different vulnerabilities at different levels. How should she
proceed? - Answer-Look at the priority and the accuracy of the vulnerability
\.Alliance Consulting, a company based in France, is shutting down. Louis, the owner of the
company, applied to revoke his digital certificate. He is very busy with the other details of
shutting the company down and needs to be able to check the certificate's status quickly and
easily. Which of the following will help him get a real-time lookup of the certificate's status? -
Answer-OCSP
\.Alpha Tech started a charitable competition in which every team is asked to submit a proposal
for a public health contract asking for a new viral transmission mitigation app.Which team has
selected the correct option? - Answer-Team B has selected BAN
Unit 1-8 Questions With Correct
Answers
\.A company has approached you for their product testing, and you agree to do it. First, you
have to install the necessary plugins for the software through the browser, install the software,
and run the software again.What procedure should you adopt to ensure that you don't
compromise the browser and the computer's operating system? - Answer-Making sure that the
OS's security options are deployed, run the antivirus/antispyware on the files downloaded, run
the software on HSTS/HTTPS mode, and then send a secure cookie to the server.
\.A company has its network compromised. As an expert professional, the organization has
hired you to identify the probable cause of the attack and fix it. As a security professional, you
have noticed the pattern of compromise is unlike anything previously seen. You are looking to
find new information on vulnerabilities like the attack that occurred.Which of the following
actions would help achieve this objective? - Answer-Checking the dark web
\.A company has multiple CAs and intermediate CAs issuing digital certificates in different
departments, with no one cross-checking their work. Which PKI trust model should the
company use? - Answer-Distributed trust model
\.A company monitors the network activity of the organization and stores the logs in a database.
You have been asked to identify whether there are any malicious activities in the network.
Which of the following can denote the upper and lower bounds of their various network
activities? - Answer-KRI
\.A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many
devices. Which approach should the analyst take? - Answer-Scan the most important devices for
as long as it takes for each device
,\.A cybercriminal attempts to trick a computer's user into sharing their personal information by
implementing content to discreetly capture user information over the actual webpage.What
should the user implement to avoid this situation? - Answer-X-Frame
\.A federal appeals court recently made a judgment that caused significant public outrage. Soon
after the ruling, the court's website was hacked, and the content was replaced with the text
"Equal justice for all."Which of the following type of threat actors attacked the court's site? -
Answer-Hacktivists
\.A learning management system application has been written in Python. While running the
application code, the specific program or application that converts the program into machine
language is called what? - Answer-Compiler
\.A machine where the operating system runs an application on top of an operating system is
called _______. - Answer-a virtual machine
\.A manager working in ABC Consulting shared a list of employees from his team who were
eligible for an extra week off. Later, he claimed that he has never shared this list. Which
principle or functionality of a secured communication can be used to substantiate or verify the
manager's claim? - Answer-Nonrepudiation
\.A new e-commerce startup with global operations is looking for a method to manage its
supply-chain data for production. Instead of using bar codes, scanners, paper forms, and
individual databases, making the system difficult to use, which method should be used to
quickly track shipments? - Answer-Blockchain
\.A source computer's ability to reach a specified destination computer can be tested using
which of the following? - Answer-ping
,\.A source computer's ability to reach a specified destination computer can be tested using
which of the following? - Answer-ping
\.A vulnerability assessment engineer performed vulnerability scanning on active directory
servers and discovered that the active directory server is using a lower version of Kerberos. To
alert management to the risk behind using a lower version of Kerberos, he needs to explain
what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can
the attacker perform after exploiting vulnerabilities in Kerberos? - Answer-Use privilege
escalation
\.ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages
and data between offices to communicate important market information, employee decisions,
financial decisions, etc., for management consideration and senior-level decision making. Since
these decisions impact the local employees and global businesses, they suspect that these data
may be prone to attacks from threat actors internally and externally. While one of the senior
systems administrators suggested implementing steganography to achieve this objective, the IT
Department head at another branch suggested implementing cryptography. The management
team has now called you for expert advice to select the best method to implement in the
enterprise.What should your advice be, and why? - Answer-Cryptography should be
implemented because it allows information to be viewed only by authorized users and checks
whether the information has been altered or changed by anybody It also makes the information
unclear, even if other users see it Cryptography is a more advanced technology than
steganography These features make cryptography the right choice for the enterprise to
implement
\.ABC Enterprises plans to upgrade its internal confidential communication channel for the
senior management team, which is geographically spread out, to enhance communication
speed and security. They have decided to use cryptography to achieve this but can't decide on
which model. The CEO has come to you for your suggestion on whether to use RSA or ECC.What
should you recommend to the CEO, and why? - Answer-ECC, as it uses sloping curves to
generate keys This makes it very secure for smaller key sizes making it secure and the
communication exchange extremely fast
, \.ABC Technologies had its computer network compromised through a cybersecurity breach. A
cybersecurity expert was employed to analyze and identify what caused the attack and the
damage caused by the attack. He checked an available database for this purpose and found the
threat actor behind the attack. He also found out the cybercriminal has been attempting to sell
the company's valuable data on the internet.Which are the most probable methods used by the
cybersecurity expert to get to this stage of the investigation? - Answer-The cybersecurity expert
checked with CISCP and also investigated the dark web.
\.Alex is working for Alpha Technology as a system administrator. The enterprise's sales team
uses multiple external drives, often containing confidential data, that they carry between their
offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen
or lost, and why? - Answer-Use encrypted USBs in the enterprise because they automatically
encrypt the information and give Alex remote access to the drive to monitor and disable the
user
\.Alex needs to find a method that can change a single character of plaintext into multiple
characters of ciphertext.Which method should Alex use? - Answer-Diffusion
\.Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an
internet-facing web application server running on port HTTPS. When she finishes the
vulnerability scan, she finds several different vulnerabilities at different levels. How should she
proceed? - Answer-Look at the priority and the accuracy of the vulnerability
\.Alliance Consulting, a company based in France, is shutting down. Louis, the owner of the
company, applied to revoke his digital certificate. He is very busy with the other details of
shutting the company down and needs to be able to check the certificate's status quickly and
easily. Which of the following will help him get a real-time lookup of the certificate's status? -
Answer-OCSP
\.Alpha Tech started a charitable competition in which every team is asked to submit a proposal
for a public health contract asking for a new viral transmission mitigation app.Which team has
selected the correct option? - Answer-Team B has selected BAN
