Which of the following information security elements guarantees that the sender of a
message cannot later deny having sent the message and the recipient cannot deny
having received the message?
A Confidentiality
B Non-repudiation
C Availability
D Integrity - ANSWER B
A phase of the cyber kill chain methodology triggers the adversary's malicious code,
which utilizes a vulnerability in the operating system, application, or server on a
target system. At this stage, the organization may face threats such as
authentication and authorization attacks, arbitrary code execution, physical security
threats, and security misconfiguration.
Which is this phase of the cyber kill chain methodology?
A Reconnaissance
B Weaponization
C Exploitation
D Installation - ANSWER C
Which of the following is a category of hackers who are also known as crackers, use
their extraordinary computing skills for illegal or malicious purposes, and are often
involved in criminal activities?
A Black hats
B White hats
C Suicide hackers
D Script kiddies - ANSWER A
John, a professional hacker, has launched an attack on a target organization to
extract sensitive information. He was successful in launching the attack and
gathering the required information. He is now attempting to hide the malicious acts
by overwriting the server, system, and application logs to avoid suspicion.
Which of the following phases of hacking is John currently in?
A Maintaining access
B Scanning
C Clearing tracks
D Gaining access - ANSWER C
Which of the following risk management phases involves selecting and
implementing appropriate controls for the identified risks to modify them?
,A Risk tracking and review
B Risk identification
C Risk treatment
D Risk assessment - ANSWER C
In which of the following incident handling and response phases are the identified
security incidents analyzed, validated, categorized, and prioritized?
A Incident recording and assignment
B Incident triage
C Containment
D Eradication - ANSWER B
Which of the following phases of risk management is an ongoing iterative process
that assigns priorities for risk mitigation and implementation plans to help determine
the quantitative and qualitative value of risk?
A Risk identification
B Risk treatment
C Risk tracking and review
D Risk assessment - ANSWER D
Jack, a security professional, was instructed to introduce a security standard to
handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and
POS cards. In the process, Jack has employed a standard that offers robust and
comprehensive standards as well as supporting materials to enhance payment-card
data security.
What is the security standard that Jack has employed?
A HIPAA
B SOX
C DMCA
D PCI DSS - ANSWER D
Morris, an attacker, has targeted an organization's network. To know the structure of
the target network, he combined footprinting techniques with a network utility that
helped him create diagrammatic representations of the target network.
What is the network utility employed by Morris in the above scenario?
A Netcraft
B Tracert
C Shodan
D BuzzSumo - ANSWER B
, Which of the following Google advanced search operators displays similar websites
to the specified URL?
A [site:]
B [info:]
C [inurl:]
D [related:] - ANSWER D
Which of the following techniques is used by an attacker to perform automated
searches on the target website and collect specified information, such as employee
names and email addresses?
A Web spidering
B Website mirroring
C Monitoring of web updates
D Website link extraction - ANSWER A
Jude, an attacker, has targeted an organization's communication network. While
conducting initial footprinting, he used a Google dork to find the VoIP login portals of
the organization.
What is the Google dork that helped Jude find the VoIP login portals?
A inurl:8080 intitle:"login" intext:"UserLogin" "English"
B inurl:/voice/advanced/ intitle:Linksys SPA configuration
C inurl:/remote/login?lang=en
D !Host=*.* intext:enc_UserPassword=* ext:pcf - ANSWER A
Stokes, an attacker, decided to find vulnerable IoT devices installed in the target
organization. In this process, he used an online tool that helped him gather
information such as a device's manufacturer details, its IP address, and the location
where it is installed.
What is the online tool that Stokes used in the above scenario?
A DuckDuckGo
B Baidu
C Shodan
D Bing - ANSWER C
CenSys Solutions hired Clark, a security professional, to enhance the Internet
security of the organization. To achieve the goal, Clark employed a tool that provides
various Internet security services, including anti-fraud and anti-phishing services,
application testing, and PCI scanning.
What is the tool used by Clark to perform the above activities?
message cannot later deny having sent the message and the recipient cannot deny
having received the message?
A Confidentiality
B Non-repudiation
C Availability
D Integrity - ANSWER B
A phase of the cyber kill chain methodology triggers the adversary's malicious code,
which utilizes a vulnerability in the operating system, application, or server on a
target system. At this stage, the organization may face threats such as
authentication and authorization attacks, arbitrary code execution, physical security
threats, and security misconfiguration.
Which is this phase of the cyber kill chain methodology?
A Reconnaissance
B Weaponization
C Exploitation
D Installation - ANSWER C
Which of the following is a category of hackers who are also known as crackers, use
their extraordinary computing skills for illegal or malicious purposes, and are often
involved in criminal activities?
A Black hats
B White hats
C Suicide hackers
D Script kiddies - ANSWER A
John, a professional hacker, has launched an attack on a target organization to
extract sensitive information. He was successful in launching the attack and
gathering the required information. He is now attempting to hide the malicious acts
by overwriting the server, system, and application logs to avoid suspicion.
Which of the following phases of hacking is John currently in?
A Maintaining access
B Scanning
C Clearing tracks
D Gaining access - ANSWER C
Which of the following risk management phases involves selecting and
implementing appropriate controls for the identified risks to modify them?
,A Risk tracking and review
B Risk identification
C Risk treatment
D Risk assessment - ANSWER C
In which of the following incident handling and response phases are the identified
security incidents analyzed, validated, categorized, and prioritized?
A Incident recording and assignment
B Incident triage
C Containment
D Eradication - ANSWER B
Which of the following phases of risk management is an ongoing iterative process
that assigns priorities for risk mitigation and implementation plans to help determine
the quantitative and qualitative value of risk?
A Risk identification
B Risk treatment
C Risk tracking and review
D Risk assessment - ANSWER D
Jack, a security professional, was instructed to introduce a security standard to
handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and
POS cards. In the process, Jack has employed a standard that offers robust and
comprehensive standards as well as supporting materials to enhance payment-card
data security.
What is the security standard that Jack has employed?
A HIPAA
B SOX
C DMCA
D PCI DSS - ANSWER D
Morris, an attacker, has targeted an organization's network. To know the structure of
the target network, he combined footprinting techniques with a network utility that
helped him create diagrammatic representations of the target network.
What is the network utility employed by Morris in the above scenario?
A Netcraft
B Tracert
C Shodan
D BuzzSumo - ANSWER B
, Which of the following Google advanced search operators displays similar websites
to the specified URL?
A [site:]
B [info:]
C [inurl:]
D [related:] - ANSWER D
Which of the following techniques is used by an attacker to perform automated
searches on the target website and collect specified information, such as employee
names and email addresses?
A Web spidering
B Website mirroring
C Monitoring of web updates
D Website link extraction - ANSWER A
Jude, an attacker, has targeted an organization's communication network. While
conducting initial footprinting, he used a Google dork to find the VoIP login portals of
the organization.
What is the Google dork that helped Jude find the VoIP login portals?
A inurl:8080 intitle:"login" intext:"UserLogin" "English"
B inurl:/voice/advanced/ intitle:Linksys SPA configuration
C inurl:/remote/login?lang=en
D !Host=*.* intext:enc_UserPassword=* ext:pcf - ANSWER A
Stokes, an attacker, decided to find vulnerable IoT devices installed in the target
organization. In this process, he used an online tool that helped him gather
information such as a device's manufacturer details, its IP address, and the location
where it is installed.
What is the online tool that Stokes used in the above scenario?
A DuckDuckGo
B Baidu
C Shodan
D Bing - ANSWER C
CenSys Solutions hired Clark, a security professional, to enhance the Internet
security of the organization. To achieve the goal, Clark employed a tool that provides
various Internet security services, including anti-fraud and anti-phishing services,
application testing, and PCI scanning.
What is the tool used by Clark to perform the above activities?
