3.1.

1. Which security term is used to describe anything of value to the organization? It

includes people, equipment, resources, and data.

Vulnerability

Exploit

Asset

Risk
2. Which security term is used to describe a weakness in a system, or its design,
that could be exploited by a threat?

Vulnerability

Asset

Risk

Mitigation
3. Which security term is used to describe a potential danger to a company’s assets,
data, or network functionality?

Vulnerability

Exploit

Threat

Risk
4. Which security term is used to describe a mechanism that takes advantage of a
vulnerability?

Exploit

Threat

Risk
 Mitigation
5. Which security term is used to describe the counter-measure for a potential
threat or risk?

Vulnerability

Exploit

Asset

Mitigation
6. Which security term is used to describe the likelihood of a threat to exploit the
vulnerability of an asset, with the aim of negatively affecting an organization?

Vulnerability

Exploit

Threat

Risk

3.2.6

1. Which type of hacker is described in the scenario: After hacking into ATM machines
remotely using a laptop, I worked with ATM manufacturers to resolve the security
vulnerabilities that I discovered.

White Hat

Gray Hat

Black Hat
2. Which type of hacker is described in the scenario: From my laptop, I transferred
$10 million to my bank account using victim account numbers and PINs after viewing
recordings of victims entering the numbers.

White Hat

Gray Hat
 Black Hat
3. Which type of hacker is described in the scenario: My job is to identify weaknesses
in my company’s network .

White Hat

Gray Hat

Black Hat
4. Which type of hacker is described in the scenario: I used malware to compromise
several corporate systems to steal credit card information. I then sold that information to the
highest bidder.

White Hat

Gray Hat

Black Hat
5. Which type of hacker is described in the scenario: During my research for security
exploits, I stumbled across a security vulnerability on a corporate network that I am
authorized to access.

White Hat

Gray Hat

Black Hat
6. Which type of hacker is described in the scenario It is my job to work with
technology companies to fix a flaw with DNS.

White Hat

Gray Hat

Black Hat

3.3.5

1. Which penetration testing tool uses algorithm schemes to encode the data, which
then prevents access to the data?

Packet Sniffers
 Encryption Tools

Vulnerability Exploitation Tools

Forensic Tools

Debuggers
2. Which penetration testing tool is used by black hats to reverse engineer binary files
when writing exploits? They are also used by white hats when analyzing malware.

Packet Crafting Tools

Rootkit Detectors

Vulnerability Exploitation Tools

Forensic Tools

Debuggers
3. Which penetration testing tool is used to probe and test a firewall’s robustness?

Packet Crafting Tools

Encryption Tools

Rootkit Detectors

Forensic Tools

Debuggers
4. Which penetration testing tool is used by white hat hackers to sniff out any trace of
evidence existing in a computer?

Fuzzers to Search Vulnerabilities

Encryption Tools

Packet Sniffers

Forensic Tools

Debuggers
5. Which penetration testing tool identifies whether a remote host is susceptible to a
security attack?
 Packet Sniffers

Encryption Tools

Vulnerability Exploitation Tools

Forensic Tools

Debuggers

3.4.4

1. Which malware executes arbitrary code and installs copies of itself in the memory
of the infected computer? The main purpose of this malware is to automatically replicate
from system to system across the network.

Adware

Rootkit

Spyware

Virus

Worm
2. Which malware is non-self-replicating type of malware? It often contains malicious
code that is designed to look like something else, such as a legitimate application or file. It
attacks the device from within.

Adware

Rootkit

Spyware

Trojan Horse

Worm
3. Which malware is used to gather information about a user and then, without the
user's consent, sends the information to another entity?

Adware
 Rootkit

Spyware

Virus

Ransomware
4. Which malware typically displays annoying pop-ups to generate revenue for its
author?

Adware

Rootkit

Spyware

Virus

Worm
5. Which malware attempts to convince people to divulge sensitive information?

Phishing

Rootkit

Spyware

Virus

Worm
6. Which malware is installed on a compromised system and provides privileged
access to the threat actor?

Adware

Virus

Spyware

Rootkit

Worm
7. Which malware denies access to the infected computer system and demands
payment before the restriction is removed?

Adware

Rootkit

Spyware

Virus

Ransomware

3.5.10

1. What type of attack is tailgating?

Reconnaissance

Access

DoS

Social Engineering
2. What type of attack is a password attack?

Reconnaissance

Access

DoS

Social Engineering
3. What type of attack is port scanning?

Reconnaissance

Access

DoS

Social Engineering
4. What type of attack is man-in-the-middle?
 Reconnaissance

Access

DoS

Social Engineering
5. What type of attack is address spoofing?

Reconnaissance

Access

DoS

Social Engineering

3.6.7

1. Which attack is being used when threat actors position themselves between a source
and destination to transparently monitor, capture, and control the communication?

Address Spoofing Attack

Amplification and Reflection Attacks

ICMP Attack

MITM Attack

Session Hijacking
2. Which attack is being used when threat actors gain access to the physical network, and
then use an MITM attack to capture and manipulate a legitimate user’s traffic?

Address Spoofing Attack

Amplification and Reflection Attacks

ICMP Attack

MITM Attack
 Session Hijacking
3. Which attack is being used when threat actors initiate a simultaneous, coordinated
attack from multiple source machines?

Address Spoofing Attack

Amplification and Reflection Attacks

ICMP Attack

MITM Attack

Session Hijacking
4. Which attack is being used when threat actors use pings to discover subnets and hosts
on a protected network, to generate flood attacks, and to alter host routing tables?

Address Spoofing Attack

Amplification and Reflection Attacks

ICMP Attack

MITM Attack

Session Hijacking
5. Which attack being used is when a threat actor creates packets with false source IP
address information to either hide the identity of the sender, or to pose as another
legitimate user?

Address Spoofing Attack

Amplification and Reflection Attacks

ICMP Attack

MITM Attack

Session Hijacking

3.7.6

1. Which attack exploits the three-way handshake?

 TCP reset attack

UDP flood attack

TCP SYN Flood attack

DoS attack

TCP session hijacking

2. Which attack uses a four-way exchange to close the connection using a pair of FIN
and ACK segments from each endpoint?

TCP reset attack

UDP flood attack

TCP SYN Flood attack

DoS attack

TCP session hijacking

3. Which attack is being used when the threat actor spoofs the IP address of one host,
predicts the next sequence number, and sends an ACK to the other host?

TCP reset attack

UDP flood attack

TCP SYN Flood attack

DoS attack

TCP session hijacking

4. Which attack is being used when a program sweeps through all the known ports
trying to find closed ports, causing the server to reply with an ICMP port unreachable
message?

TCP reset attack

UDP flood attack

TCP SYN Flood attack

 DoS attack

TCP session hijacking

3.9.6

1. Which network security device ensures that internal traffic can go out and come
back, but external traffic cannot initiate connections to inside hosts?

VPN

ASA Firewall

IPS

ESA/WSA

AAA Server
2. Which network security device contains a secure database of who is authorized to
access and manage network devices?

VPN

ASA Firewall

IPS

ESA/WSA

AAA Server
3. Which network security device filters known and suspicious internet malware sites?

VPN

ASA Firewall

IPS

ESA/WSA
 AAA Server
4. Which network security device is used to provide secure services with corporate
sites and remote access support for remote users using secure encrypted tunnels?

VPN

ASA Firewall

IPS

ESA/WSA

AAA Server
5. Which network security device monitors incoming and outgoing traffic looking for
malware, network attack signatures, and if it recognizes a threat, it can immediately stop it?

VPN

ASA Firewall

IPS

ESA/WSA

AAA Server

3.10.10

1. Which encryption method repeats an algorithm process three times and is

considered very trustworthy when implemented using very short key lifetimes?

Rivest Cipher

Triple DES

Block Cipher

Data Encryption Standard

Stream Cipher
2. Which encryption method encrypts plaintext one byte or one bit at a time. Examples
include RC4 and A5?
 Rivest Cipher

Block Cipher

Data Encryption Standard

Software Encryption algorithm

Stream Cipher
3. Which encryption method uses the same key to encrypt and decrypt data?

Triple DES

Symmetric

Block Cipher

Data Encryption Standard

Asymmetric
4. Which encryption method is a stream cipher and is used to secure web traffic in
SSL and TLS?

Rivest Cipher

Triple DES

Symmetric

Block Cipher

Data Encryption Standard

3.11.12
1. The IT department is reporting that a company web server is receiving an
abnormally high number of web page requests from different locations simultaneously.
Which type of security attack is occurring?

adware

DDoS

phishing

social engineering

spyware
2. What causes a buffer overflow?

launching a security countermeasure to mitigate a Trojan horse

downloading and installing too many software updates at one time

attempting to write more data to a memory location than that location can hold

sending too much information to two or more interfaces of the same device, thereby
causing dropped packets

sending repeated connections such as Telnet to a particular device, thus denying other
data sources
3. Which objective of secure communications is achieved by encrypting data?

authentication

availability

confidentiality

integrity
4. What type of malware has the primary objective of spreading across the network? 

worm

virus

Trojan horse
 botnet
5. Which algorithm can ensure data confidentiality?

MD5

AES

RSA

PKI
6. What three items are components of the CIA triad? (Choose three.)

access

integrity

scalability

availability

confidentiality

intervention
7. Which cyber attack involves a coordinated attack from a botnet of zombie
computers?

DDoS

MITM

ICMP redirect

address spoofing
8. What specialized network device is responsible for enforcing access control policies
between networks?

switch

IDS

bridge
 firewall
9. To which category of security attacks does man-in-the-middle belong?

DoS

access

reconnaissance

social engineering
10. What is the role of an IPS?

to detect patterns of malicious traffic by the use of signature files

to enforce access control policies based on packet content

to filter traffic based on defined rules and connection context

to filter traffic based on Layer 7 information

11. Which type of DNS attack involves the cybercriminal compromising a parent
domain and creating multiple subdomains to be used during the attacks?

cache poisoning

amplification and reflection

tunneling

shadowing
12. Which two types of hackers are typically classified as grey hat hackers? (Choose
two.)

state-sponsored hackers

hacktivists

script kiddies

cyber criminals

vulnerability brokers
13. What is a significant characteristic of virus malware?
 A virus is triggered by an event on the host system.

Once installed on a host system, a virus will automatically propagate itself to other
systems.

A virus can execute independently of the host system.

Virus malware is only distributed over the Internet.

14. A cleaner attempts to enter a computer lab but is denied entry by the receptionist
because there is no scheduled cleaning for that day. What type of attack was just
prevented?

Trojan

shoulder surfing

war driving

social engineering

phishing