DCOM 258 Midterm Test Questions with Correct Answers Graded A+
The National Institute of Standards and Technology (NIST) provides a framework that classifies
security-related functions. Which description aligns with the "respond" function? - Answers
Identify, analyze, and eradicate threats.
An engineer looks to implement security measures by following the five functions in the
National Institute of Standards and Technology (NIST) Cybersecurity Framework. When
documenting the "detect" function, what does the engineer focus on? - Answers Ongoing
proactive monitoring
A company has an annual contract with an outside firm to perform a security audit on their
network. The purpose of the annual audit is to determine if the company is in compliance with
their internal directives and policies for security control. Select the broad class of security
control that accurately demonstrates the purpose of the audit. - Answers Managerial
How might the goals of a basic network management not be well-aligned with the goals of
security? - Answers Management focuses on availability over confidentiality.
After a poorly handled security breach, a company updates its security policy to include an
improved incident response plan. Which of the following security controls does this update
address? - Answers Corrective
The IT department head returns from an industry conference feeling inspired by a presentation
on the topic of defense in depth. A meeting is scheduled with IT staff to brainstorm ideas for
implementing defense in depth throughout the organization. Which of the following ideas are
consistent with this industry best practice? (Select all that apply.) - Answers -Align managerial
and technical controls with control functions.
-Provide user training on identifying cyber threats.
The _____ requires federal agencies to develop security policies for computer systems that
process confidential information. - Answers Computer Security Act
Which of the following has a cyber security framework (CSF) that focuses exclusively on IT
security, rather than IT service provisioning? - Answers National Institute of Standards and
Technology (NIST)
Which security related phrase relates to the integrity of data? - Answers Modification is
authorized
Any external responsibility for an organization's security lies mainly with which individuals? -
Answers The owner
,A security engineer investigates a recent system breach. When compiling a report of the
incident, how does the engineer classify the actor and the vector? - Answers Threat
A contractor has been hired to conduct security reconnaissance on a company. The contractor
browses the company's website to identify employees and then finds their Facebook pages.
Posts found on Facebook indicate a favorite bar that employees frequent. The contractor visits
the bar and learns details of the company's security infrastructure through small talk. What
reconnaissance phase techniques does the contractor practice? (Select all that apply.) -
Answers -Open Source Intelligence (OSINT)
-Social engineering
Which of the following could represent an insider threat? (Choose two) - Answers -Contractor
-Former employee
A company technician goes on vacation. While the technician is away, a critical patch released
for Windows servers is not applied. According to the National Institute of Standards and
Technology (NIST), what does the delay in applying the patch create on the server? - Answers
Vulnerability
What is Open Source Intelligence (OSINT)? - Answers Using web search tools and social media
to obtain information about the target
One aspect of threat modeling is to identify potential threat actors and the risks associated with
each one. When assessing the risk that any one type of threat actor poses to an organization,
what are the critical factors to profile? (Select the best two) - Answers -Intent
-Motivation
A user with authorized access to systems in a software development firm installs a seemingly
harmless, yet unauthorized program on a workstation without the IT department's sanction.
Identify the type of threat that is a result of this user's action. - Answers Unintentional insider
threat
An IT manager in the aviation sector checks the industry's threat intelligence feed to keep up on
the latest threats and ensure the work center implements the best practices in the field. What
type of threat intelligence source is the IT manager most likely accessing? - Answers An
Information Sharing and Analysis Center (ISAC)
When exploring the deep web, a user will need which of the following to find a specific and
,hidden dark web site? - Answers A specific URL
A Department of Defense (DoD) security team identifies a data breach in progress, based on
some anomalous log entries, and take steps to remedy the breach and harden their systems.
When they resolve the breach, they want to publish the cyber threat intelligence (CTI) securely,
using standardized language for other government agencies to use. The team will transmit
threat data feed via which protocol? - Answers Trusted Automated eXchange of Indicator
Information (TAXII)
Trusted Automated eXchange of Indicator Information (TAXII) - Answers -Data exfiltration by a
malicious actor may have caused the data breach.
-The privacy breach may allow the threat actor to sell the data to other malicious actors.
A system administrator must scan the company's web-based application to identify which ports
are open and which operating system can be seen from the outside world. Determine the syntax
that should be used to yield the desired information if the administrator will be executing this
task from a Linux command line. - Answers nmap -O webapp.company.com
Which statement best explains the differences between black box, white box, and gray box
attack profiles used in penetration testing? - Answers In a black box pen test, the contractor
receives no privileged information, so they must perform reconnaissance. In contrast, a white
box pen tester has complete access and skips reconnaissance. A gray box tester has some, but
not all information, and requires partial reconnaissance.
A contractor has been hired to conduct penetration testing on a company's network. They have
decided to try to crack the passwords on a percentage of systems within the company. They
plan to annotate the type of data that is on the systems that they can successfully crack to
prove the ease of access to data. Evaluate the penetration steps and determine which are being
utilized for this task. (Select all that apply.) - Answers -Test security controls
-Exploit vulnerabilities
Select the statement which best describes the difference between a zero-day vulnerability and a
legacy platform vulnerability. - Answers A legacy platform vulnerability is unpatchable, while a
zero-day vulnerability may be exploited before a developer can create a patch for it.
A system administrator is tasked with scanning the company's network to include a traceroute,
identify which common ports are open, and which software and software versions are running
on each system. Evaluate and select the syntax that should be used to yield the desired
information if the administrator will be executing this task from a Linux command line. -
, Answers nmap -A 10.1.0.0/24
A network manager needs a map of the network's topology. The network manager is using
Network Mapper (Nmap) and will obtain the visual map with the Zenmap tool. If the target IP
address is 192.168.1.1, determine the command within Nmap that will return the necessary data
to build the visual map of the network topology. - Answers nmap -sn --traceroute 192.168.1.1
Considering a Data Breach versus Data Exfiltration, a Data Breach is never intentional, were Data
Exfiltration always is intentional. - Answers False
During a penetration test, systems administrators for a large company are tasked to play on the
white team for an affiliated company. Examine each of the following roles and determine which
role the systems admins will fill. - Answers The systems admins will arbitrate the exercise,
setting rules of engagement and guidance.
By searching through ABC Company's postings on a job board, a hacker is able to determine
from the job requirement descriptions that it uses Windows Server 2008 R2, Windows 7,
PostgreSQL 9, and XenApp 6. Identify the stage of the kill chain this represents. - Answers
Reconnaissance
A hacker is able to install a keylogger on a user's computer. What is the hacker attempting to do
in this situation? - Answers Steal confidential information
An employee calls IT personnel and states that they received an email with a PDF document to
review. After the PDF was opened, the system has not been performing correctly. An IT admin
conducted a scan and found a virus. Determine the two classes of viruses the computer most
likely has. (Select all that apply.) - Answers -Program
-Script
Which situation would require keyboard encryption software be installed on a computer? -
Answers To protect against spyware
An individual receives a text message that appears to be a warning from a well-known order
fulfillment company, informing them that the carrier has tried to deliver his package twice, and
that if the individual does not contact them to claim it, the package will not be delivered. Analyze
the scenario and select the social engineering technique being used. - Answers SMiShing
Which of the following depict ways a malicious attacker can gain access to a target's network?
(Select all that apply.) - Answers -Shoulder surfing
-Phishing
The National Institute of Standards and Technology (NIST) provides a framework that classifies
security-related functions. Which description aligns with the "respond" function? - Answers
Identify, analyze, and eradicate threats.
An engineer looks to implement security measures by following the five functions in the
National Institute of Standards and Technology (NIST) Cybersecurity Framework. When
documenting the "detect" function, what does the engineer focus on? - Answers Ongoing
proactive monitoring
A company has an annual contract with an outside firm to perform a security audit on their
network. The purpose of the annual audit is to determine if the company is in compliance with
their internal directives and policies for security control. Select the broad class of security
control that accurately demonstrates the purpose of the audit. - Answers Managerial
How might the goals of a basic network management not be well-aligned with the goals of
security? - Answers Management focuses on availability over confidentiality.
After a poorly handled security breach, a company updates its security policy to include an
improved incident response plan. Which of the following security controls does this update
address? - Answers Corrective
The IT department head returns from an industry conference feeling inspired by a presentation
on the topic of defense in depth. A meeting is scheduled with IT staff to brainstorm ideas for
implementing defense in depth throughout the organization. Which of the following ideas are
consistent with this industry best practice? (Select all that apply.) - Answers -Align managerial
and technical controls with control functions.
-Provide user training on identifying cyber threats.
The _____ requires federal agencies to develop security policies for computer systems that
process confidential information. - Answers Computer Security Act
Which of the following has a cyber security framework (CSF) that focuses exclusively on IT
security, rather than IT service provisioning? - Answers National Institute of Standards and
Technology (NIST)
Which security related phrase relates to the integrity of data? - Answers Modification is
authorized
Any external responsibility for an organization's security lies mainly with which individuals? -
Answers The owner
,A security engineer investigates a recent system breach. When compiling a report of the
incident, how does the engineer classify the actor and the vector? - Answers Threat
A contractor has been hired to conduct security reconnaissance on a company. The contractor
browses the company's website to identify employees and then finds their Facebook pages.
Posts found on Facebook indicate a favorite bar that employees frequent. The contractor visits
the bar and learns details of the company's security infrastructure through small talk. What
reconnaissance phase techniques does the contractor practice? (Select all that apply.) -
Answers -Open Source Intelligence (OSINT)
-Social engineering
Which of the following could represent an insider threat? (Choose two) - Answers -Contractor
-Former employee
A company technician goes on vacation. While the technician is away, a critical patch released
for Windows servers is not applied. According to the National Institute of Standards and
Technology (NIST), what does the delay in applying the patch create on the server? - Answers
Vulnerability
What is Open Source Intelligence (OSINT)? - Answers Using web search tools and social media
to obtain information about the target
One aspect of threat modeling is to identify potential threat actors and the risks associated with
each one. When assessing the risk that any one type of threat actor poses to an organization,
what are the critical factors to profile? (Select the best two) - Answers -Intent
-Motivation
A user with authorized access to systems in a software development firm installs a seemingly
harmless, yet unauthorized program on a workstation without the IT department's sanction.
Identify the type of threat that is a result of this user's action. - Answers Unintentional insider
threat
An IT manager in the aviation sector checks the industry's threat intelligence feed to keep up on
the latest threats and ensure the work center implements the best practices in the field. What
type of threat intelligence source is the IT manager most likely accessing? - Answers An
Information Sharing and Analysis Center (ISAC)
When exploring the deep web, a user will need which of the following to find a specific and
,hidden dark web site? - Answers A specific URL
A Department of Defense (DoD) security team identifies a data breach in progress, based on
some anomalous log entries, and take steps to remedy the breach and harden their systems.
When they resolve the breach, they want to publish the cyber threat intelligence (CTI) securely,
using standardized language for other government agencies to use. The team will transmit
threat data feed via which protocol? - Answers Trusted Automated eXchange of Indicator
Information (TAXII)
Trusted Automated eXchange of Indicator Information (TAXII) - Answers -Data exfiltration by a
malicious actor may have caused the data breach.
-The privacy breach may allow the threat actor to sell the data to other malicious actors.
A system administrator must scan the company's web-based application to identify which ports
are open and which operating system can be seen from the outside world. Determine the syntax
that should be used to yield the desired information if the administrator will be executing this
task from a Linux command line. - Answers nmap -O webapp.company.com
Which statement best explains the differences between black box, white box, and gray box
attack profiles used in penetration testing? - Answers In a black box pen test, the contractor
receives no privileged information, so they must perform reconnaissance. In contrast, a white
box pen tester has complete access and skips reconnaissance. A gray box tester has some, but
not all information, and requires partial reconnaissance.
A contractor has been hired to conduct penetration testing on a company's network. They have
decided to try to crack the passwords on a percentage of systems within the company. They
plan to annotate the type of data that is on the systems that they can successfully crack to
prove the ease of access to data. Evaluate the penetration steps and determine which are being
utilized for this task. (Select all that apply.) - Answers -Test security controls
-Exploit vulnerabilities
Select the statement which best describes the difference between a zero-day vulnerability and a
legacy platform vulnerability. - Answers A legacy platform vulnerability is unpatchable, while a
zero-day vulnerability may be exploited before a developer can create a patch for it.
A system administrator is tasked with scanning the company's network to include a traceroute,
identify which common ports are open, and which software and software versions are running
on each system. Evaluate and select the syntax that should be used to yield the desired
information if the administrator will be executing this task from a Linux command line. -
, Answers nmap -A 10.1.0.0/24
A network manager needs a map of the network's topology. The network manager is using
Network Mapper (Nmap) and will obtain the visual map with the Zenmap tool. If the target IP
address is 192.168.1.1, determine the command within Nmap that will return the necessary data
to build the visual map of the network topology. - Answers nmap -sn --traceroute 192.168.1.1
Considering a Data Breach versus Data Exfiltration, a Data Breach is never intentional, were Data
Exfiltration always is intentional. - Answers False
During a penetration test, systems administrators for a large company are tasked to play on the
white team for an affiliated company. Examine each of the following roles and determine which
role the systems admins will fill. - Answers The systems admins will arbitrate the exercise,
setting rules of engagement and guidance.
By searching through ABC Company's postings on a job board, a hacker is able to determine
from the job requirement descriptions that it uses Windows Server 2008 R2, Windows 7,
PostgreSQL 9, and XenApp 6. Identify the stage of the kill chain this represents. - Answers
Reconnaissance
A hacker is able to install a keylogger on a user's computer. What is the hacker attempting to do
in this situation? - Answers Steal confidential information
An employee calls IT personnel and states that they received an email with a PDF document to
review. After the PDF was opened, the system has not been performing correctly. An IT admin
conducted a scan and found a virus. Determine the two classes of viruses the computer most
likely has. (Select all that apply.) - Answers -Program
-Script
Which situation would require keyboard encryption software be installed on a computer? -
Answers To protect against spyware
An individual receives a text message that appears to be a warning from a well-known order
fulfillment company, informing them that the carrier has tried to deliver his package twice, and
that if the individual does not contact them to claim it, the package will not be delivered. Analyze
the scenario and select the social engineering technique being used. - Answers SMiShing
Which of the following depict ways a malicious attacker can gain access to a target's network?
(Select all that apply.) - Answers -Shoulder surfing
-Phishing
