Preguna Respuestas

Worm
A ________ is like a Virus, having the ability to spread
Bacteria
without any medium.
Trojan
All the options
Date of birth
Which of these are Personally Identifiable Information? Home address
Name
Fingerprint
All the options
Spoofing
Which of these are cyber threats? Malware
Ransomware
Phishing
Internet can impose a number of Risks and hence True
Cybersecurity is required. False
Potentially unwanted program
What is PUP? Potentially unrelated program
Practically unwanted program
Spyware
________ monitors user activity on internet and transmit None of the options
that information in the background to someone else. Adware
Malware
Spam
Malware
Unsolicited commercial email is known as ________
Spyware
Virus
All the options
Quick Heal
Which of these is an anti-virus program
K7
Norton
Threats times vulnerabilities.
Threats times assets
Risk represents ________
Vulnerabilities
Threats
All them
Non repudiation of messages
The Cryptography can provide
Entity Authentication
Confidentiality
Phishing
The sole purpose of ________ attack, is to fool the victim Spam
and to get all the confidential information Spoofing
Drive-by Download
Confidentiality
________ is the guarantee of data privacy and protection
against unauthorized disclosure.
________ is the guarantee of data privacy and protection Integrity
against unauthorized disclosure. Encryption
Availability
Secret Writing
Cryptography, a word with Greek origins, means Corrupting Data
___________. Open Writing
Closed Writing
If there is a vulnerability but no threat, then there won't True
be a risk. False
Both Party
In symmetric-key cryptography, the same key is used by Third Party
____________. One Party
Multi Party
Shared
In Symmetric-key cryptography, the key used by the Different
sender and the receiver is None
Two keys are used
Incidents should be handled on a first come-first serve False
basis and must be prioritized based on the Business
impact. True

False
Deep packet inspection can be used to give more context
to indicator only.
True

False
UML component diagram is used to identify how a module
validate and processes the data before storing it.
True
MyDLP
MyDLS
Which is a open source data loss prevention solution.
MyDLO
MyDLQ
Defining Objectives to investigate
situation.
Create appropriate control framework.
Which is not part of a Incident Response Preparation
phase? Conduct a critical assessment of your
organization.
Consider the implication of people,
process, technology and information
Mitigate
Which is not a set of activity performed to prevent future Identify
incidents in Incident management ? Solve issues
Analyze
Detection and Analysis is a continuous process of a cyber- True
attack for detecting Malware intrusion and their remote
connections. False
 True
Incident Category can be defined according to business
functional priorities.
False
Take appropriate pre-approved or required
actions
Which is a part of a response phase activities ? Investigate Incidents more thoroughly.
Report Incident to relevant stakeholders.
Perform trend analysis
Take appropriate pre-approved or required
actions
Which is not part of a response follow-up activities ? Perform trend analysis
Report Incident to relevant stakeholders.
Investigate Incidents more thoroughly.
As an email client, we should not use caution when False
opening emails and can download any attachments. True
Smart Card
A ________ is a credit card sized card with an embedded Credit Card
chip, containing information about the user Debit Card
Memory Card
All the options
Spoofing
Which of these are Threats related to Email Security? Spam
Pharming
Phishing
Phishing emails include fake notifications from banks and True
e-payment systems. False
All the options
Gait
Which of these are examples biometrics?
Iris
Signature
Passwords need to be atleast 8 chars of
length
Which of these is true with respect to passwords? Passwords can be kept openly
None of the options
Passwords need to be easy
Remote Authentication Dial-In User
Service.

Remote Authorization Dial-In User Service.

How do we define RADIUS?
Remote Authentication Dial-In Unified
Service.
Remote Authentication Service.
Threat Mitigation
Which helps to prevent the cyber-attacks using various Threat Modelling
security related tools, policies, best practices and
guidelines ?
 Which helps to prevent the cyber-attacks using various
security related tools, policies, best practices and
guidelines ? Proactive hunting
Threat Assessment
Accessible from unauthorized public
networks
Traffic in a VPN is not ________ Invisible from public networks
Restricted to a single protocol in IPsec
Logically separated from other traffic
Proactive hunting
Which helps to predict the cybersecurity potential risks Threat Modelling
effectively ? Threat Assessment
Threat Mitigation
Wi-Fi
Bluetooth
WPA2 is used for security in ________
None of the options
Ethernet
One-to-many relationship
The relationship between a character in the plaintext to a None
character is __________. Many-to-many relationship
Many-to-one relationship
Phishing scams
________ are attempts by individuals to obtain Phishing trips
confidential information from you to falsifying their
identity. Computer viruses
Spyware scams
All them
Non repudiation of messages
The Cryptography can provide _____________.
Confidentiality
Entity Authentication
Dynamic Analysis
Which observes the behavior of the malware in a sandbox- Code Analysis
virtual environment to prevent the malware from actually
infecting production systems. Virtual Analysis
Static Analysis
Architecture Risks
Defining the security control parameter SLA at 98.5% for Architecture Controls
taking appropriate actions to avoid penalty risk if it goes
below 98% must be a part of Architecture Monitoring
Architecture Requirements
Virus
________ are often delivered to a PC through an email Spam
attachment and are often designed to do harm. Email
Portals
Denial-of-service attack
An attempt to make a computer resource unavailable to its Virus attack
intended users is called Worms attack
Botnet process
VPN
A ________ is an extension of an enterprise’s private
intranet across a public Network such as the Internet
across a public Network such as the Internet, creating a
secure private connection.
 A ________ is an extension of an enterprise’s private
intranet across a public Network such as the Internet VSN
across a public Network such as the Internet, creating a VSPN
secure private connection.
VNP
Architecture Controls
Defining five levels of SLA security controls each from 98.9 Architecture Risks
to 98.5 respectively to control penalty risk must be a part
of Architecture Monitoring
Architecture Requirements
Ransomware
A type of malware that demands a ransom if the victim Trojan
wants his or her files back is called ________ Spyware
Adware
Malicious threat
A Hacker or disgruntled employee who is interested in Source threat
specific Asset or information is a type of Specific threat
Non-Malicious threat
Multiple Round
Double Rounds
They Keys used in Cryptography are __________.
Single Round
Round about
All the options
A Botmaster can attack and take control of vulnerable one Wireless LAN
like LAN
Servers
Receiver
Sender
In asymmetric key cryptography, the private key is kept by
All the connected devices to the network
Sender and receiver
Cybersecurity threat is a scenario which will try to exploit False
possible vulnerabilities to enhance security True
Cyber security architecture is all about understanding False
one's Business Scope and requirements only. True
All the options
Governments
Which of these groups exploits cyber vulnerabilities?
Criminals
Hacktivists
Cyber Ethics
Exploring appropriate and ethical behaviors related to Cyber Law
online environments and digital media Cyber Security
Cyber Safety
The CD–ROM stops functioning
Existing program files and icons disappear
Which of the following would most likely not be a The web browser opens to an unusual
symptom of a virus? home page
Odd message or images are displayed on
the screen
 Non-Malicious threat
Attack which happens due to neglected factors like Source threat
compromising with security is a type of Specific threat
Malicious threat
At Operational level threat intelligence real time feed True
protocols are being used. False
Compose Applications
Identify Security Objectives
Which is not part of a threat Modelling process ?
Identify Threats & Vulnerabilities
Survey the Application
Worm
Which of the following is an independent malicious Trap doors
program that does not need any host program? Virus
Trojan horse
Long
In Asymmetric-Key Cryptography, although RSA can be Flat
used to encrypt and decrypt actual messages, it is very
slow if the message is __________. Short
Thin
At Strategic level threat intelligence information can be False
exchanged within it's operating community True
Artificial learning

Which can't be used as a best practice for managing cyber Behavioral modeling and Artificial learning
threats ?
Behavioral modeling
Threat analytics
Firewall
It is a program or hardware device that filters the Cyber Safety
information coming through an internet connection to a
network or computer system. Antivirus
Cookies
Alliance
Which one will not be considered in Cybersecurity threat Reconnaissance
Intrusion Phases ? Exploitation
Weaponized
User Entity and Behavior Analytics
User Enterprise and Behavior Analytics
UEBA stands for
User Entity and Business Analytics
User Enterprise and Business Analytics
At Tactical level threat intelligence research analysis and False
reports can be published after malware analysis. True
Packet filter
Network layer firewall works as a ________ Frame filter
None of the options
Code Red
MacAfee
Which of the following is not an antivirus software?
Avast
 Which of the following is not an antivirus software?

AVG
Threat Modelling
Which helps to determine the effective security controls Threat Mitigation
and measurement techniques ? Proactive hunting
Threat Assessment
Algorithm for performing encryption and
decryption
In cryptography, what is cipher?
Encrypted message
All the options
Full-automated
Which is not a characteristics of Advanced Persistent Infiltrate
threats ? Highly customized
Semi-automated
Encryption
The altering of data so that it is not usable unless the Ergonomics
changes are undone is ________ Biometrics
Compression
Shared
In Symmetric-key cryptography, the key used by the Different
sender and the receiver is __________. None
Two keys are used
Architecture Requirements
A TCS business operations team required to meet 98% SLA Architecture Controls
in FY 2017'18 to avoid non-compliance penalty which must
be a part of Architecture Risks
Architecture Monitoring
Scareware
The type of malware that tricks users by making them Rootkits
believe that their computer has been infected with a virus
is called __________. Spyware
Ransomware
Adware
Which of the following malware is designed for Ransomware
advertising, such as pop-up screens? Spyware
Viruses
Cybersecurity
The method of protecting programs, networks, and Cryptanalysis
systems from digital attacks is commonly known as
__________. Cryptography
Cryptology
Trojans
_________ is commonly known for providing backdoor Botnets
access to the system for malicious users. Worms
Rootkits
Ransomware
The type of malware that restricts access to the computer Spyware
either by encrypting files on the hard drive or by displaying
messages demanding a ransom is called __________. Scareware
Trojans
 Spyware
________ is designed to extract data from its host Trojans
computer for marketing purposes. Ransomware
Adware
Worm
_________ is a standalone software that does not need Ransomware
human help/host program to spread. Virus
Trojan

Potentially Unwanted Program

The common term for a software that is considered as
nonessential, whose implementation can compromise
privacy or weaken the computer's security is called Malicious Program
___________.

What is the common term for a software that is Spam

considered as nonessential, whose implementation can
compromise privacy or weaken the computer's security?
Malware

Malvertising
Which of the following is a new method of spreading
malware by injecting malicious or malware-laden Malnet
advertisements into genuine online advertising networks Adware
and webpages?
Scareware
An error message displayed on the system symbolizes False
virus infection. True
False
Malware cannot inflict physical damage to systems.
True
Malnet
Which of the following is used to draw in users and infect Botnet
them and deploy fast changing infrastructures? Honeynet
Trojans
Ransomware
Programs that are specifically designed to disrupt the Malware
performance of computers/networks are commonly
known as __________. Virus
Trojans
Bot
_________________ is a device infected by malware, Honeypot
which becomes part of a network of infected devices
administered by a single attacker or attack group. Rootkit
Honeynet
Phishing
Which of the following attack method aims to gather Spamming
confidential information by deceiving the victim? Spoofing
Drive-by Download
Weakest
The security posture of an organization is defined by the
Average
______ link in the chain.
Strongest
Encryption
The process of converting a message to an unintelligible
form with the help of an algorithm and a key is known as
_______.
 The process of converting a message to an unintelligible Cryptology
form with the help of an algorithm and a key is known as
_______. Cryptography
Cryptanalysis
Authentication
As an application of cryptography, digital Signatures and Integrity
MACs can be used for _____________. Availability
Confidentiality
DoS Attack
Zero Day Attack
Which of the following is an attack against availability?
Birthday Attack
Man in the Middle Attack
Confidentiality and Integrity
Which of the following security attribute is compromised Integrity
when data or information is changed or tampered, either Repudiation
accidentally or maliciously? Confidentiality
Availability
Confidentiality
Integrity
Passive attacks are considered a threat to _______.
Availability
Authenticity
Intrusion Detection Systems
Which of the following can be considered as an effective Abstraction
solution to ensure integrity? Data Hiding
Encryption
IP Address
Credit Card Information
Which of the following attributes is not a PII? Social Security Number
Account Numbers
Date of Birth
The security attribute that ensures data and services are Availability
available to authorized users whenever required is known Integrity
as ________. Confidentiality

Passive Attack
The type of attack in which the attacker intercepts the
information in transit without altering it.
Invasive Attack
What is the type of attack in which the attacker intercepts
the information in transit without altering it?
Active Attack

Encryption
Which of the following is an effective solution to ensure Network Monitoring
confidentiality? Logging and Auditing
Data Hiding

Assymmetric Key Encryption

Which of the following encryption methods is more suited
for key exchange, non-repudiation, and authentication?
Which of the following encryption methods is more suited
for key exchange, non-repudiation, and authentication?
Symmetric Key Encryption

Trade Secrets
Hardware components
Which of the following is an intangible asset?
Inventory and Machinery
Business Premises
Risk=Threat*Vulnerability
Risk=Threat/Vulnerability
Choose the correct option.
Threat=Risk*Vulnerability
Vulnerability=Threat/Risk
If a student gains unauthorized access to the student Both the options
database and modifies his/her marks, what type of Integrity
violation would it be? Confidentiality
Integrity
Authentication
Hash functions can be leveraged to ensure ________.
Availability
Confidentiality
Which encryption method is more suitable for quickly Symmetric Key Encryption
encrypting large amounts of data? Assymmetric Key Encryption

Confidentiality
The security attribute that aims to achieve data privacy
and protection against unauthorized disclosure is called Integrity
____________.

What is the security attribute that aims to achieve data Availability

privacy and protection against unauthorized disclosure?
Authentication

False
Threats can exploit assets if assets are not vulnerable.
True
Man in the Middle Attack
DoS Attack
Which of the following is an attack against confidentiality?
Cross Site Scripting Attack
Password Attack

Threat Modeling

A process by which potential vulnerabilities and threats

can be recognized, enumerated, and prioritized from a Threat Analysis
hypothetical attacker's pov is called ___________.

A process by which potential vulnerabilities and threats

can be recognized, enumerated, and prioritized from a Threat Landscaping
hypothetical attacker's pov is called _______________.

Threat Hunting

Advanced Persistent Threats

A kind of a network attack, where an unauthorized person Invisible Threats
gains access to a network and remains there undetected
for a long duration is called _________.
A kind of a network attack, where an unauthorized person
gains access to a network and remains there undetected
for a long duration is called _________. Hidden Threats
Malicious threats
6x6
SABSA Framework is commonly represented as _______ 8x8
SABSA matrix. 5x5
4x4
Prepare, Response, and Follow-up
Identify, Decompose, and Mitigate
Which of the following are the three phases of Incident
response maturity assessment? Reconnaissance, Installation, Command,
and control
Prepare, Identify, and analyze
Threat Hunting
Threat Modeling
A proactive process to predict potential risks efficiently.
Threat Analysis
Threat Landscaping
Dynamic Analysis
A type of assessment that is often performed in a sandbox- Static Analysis
virtual environment to prevent malware from actually
infecting production systems is known as _________. Black Box Testing
Penetration Testing
False
Deployment in APTs is fully automated.
True
Phishing
An email security threat in which a perpetrator sends an Vishing
email that appears to be legitimate and seeks sensitive
information is known as _________. Pharming
Spoofing
Firewall
A hardware/software based method that controls
incoming and outgoing data traffic based on a set of
Endpoint Security
guidelines that either permit or deny traffic on a network
or host is _________.
Antivirus
Authentication, Authorization, Accounting
The three chains of RADIUS Security are
___________________. Authentication, Availability, Accounting
Authorization, Availability, Accounting
Network Access Protection
A framework that utilizes a Network Policy Server is called Endpoint Security
__________. Terminal Access Protection
Endpoint Protection
User Authentication
__________ is the process that allows a device to check Password Verification
the identity and authenticity of a person who needs to
connect to a network resource. Integrity Check
User Repudiation
Honeypot
A system set up to lure an attacker, to learn about attack HoneyCloak
methodologies, and to gather evidence of intruders. Camouflage
Honeytrap
 What is the practice and study of techniques for secure Encryption
communication in the presence of third parties, commonly Cybersecurity
called? Cryptography
Cryptanalysis

The common term for a software that is considered as Spam

nonessential, whose implementation can compromise
Potentially Unwanted Program
privacy or weaken the computer's security is called
___________. Malicious Program
Malware
Gait
Signature
Which of the following is a physiological biometric that Facial Recognition
could be used for authentication
Voice Recognition
All the options