01. Which of the following disaster recovery sites would require the MOST time to get operations back online?
a) Colocation
b) Cold
c) Hot
d) Warm
02. A Chief Financial Officer (CFO) has been receiving email messages that have suspicious links embedded from unrecognized senders.
The emails ask the recipient for identity verification. The IT department has not received reports of this happening to anyone else.
Which of the following is the MOST likely explanation for this behavior?
a) The CFO is the target of a whaling attack.
b) The CFO is the target of identity fraud.
c) The CFO is receiving spam that got past the mail filters.
d) The CFO is experiencing an impersonation attack.
03. Why do vendors provide MD5 values for their software patches?
a) To provide the necessary key for patch activation
b) To allow the downloader to verify the authenticity of the site providing the patch
c) To ensure that auto-updates are enabled for subsequent patch releases
d) To allow the recipient to verify the integrity of the patch prior to installation
04. The IT department receives a call one morning about users being unable to access files on the network shared drives. An IT technician investigates and determines the files became encrypted at 12:00 a.m.
While the files are being recovered from backups, one of the IT supervisors realizes the day is the birthday of a technician who was fired two months prior.
Which of the following describes what MOST likely occurred?
a) The fired technician placed a logic bomb.
b) The fired technician installed a rootkit on all the affected users' computers.
c) The fired technician installed ransomware on the file server.
d) The fired technician left a network worm on an old work computer.
05. You have been asked to provide a virtualized environment. Which of the following makes it possible for many instances of an operating system to be run on the same machine?
a) API
b) Virtual machine
c) Hypervisor
d) Container
06. Which of the following would be the BEST method to prevent the physical theft of staff laptops at an open-plan bank location with a high volume of customers each day?
a) Guards at the door
b) Visitor logs
c) Cable locks
d) Cameras
07. What is the term given to a framework or model outlining the phases of attack to help security personnel defend their systems and respond to attacks?
a) Command and control
b) Intrusion kill chain
c) Cyber-incident response
d) CIRT
08. A security manager needed to protect a high-security datacenter, so the manager installed an access control vestibule that can detect an employee's heartbeat, weight, and badge. Which of the following did the security manager implement?
a) A physical control
b) A corrective control
c) A compensating control
d) A managerial control
09. Joe, an employee, knows he is going to be fired in three days. Which of the following characterizations describes the employee?
a) A competitor
b) An insider threat
c) A hacktivist
d) A state actor
10. An organization has a policy in place that states the person who approves firewall controls/changes cannot be the one implementing the changes.
Which of the following describes this policy?
a) Change management
b) Job rotation
c) Least privilege
d) Separation of duties