1.

Which concept addresses information flows with different privacy needs depending on the
entities exchanging the information or the environment in which it is exchanged.
Contextual integrity

2. ____ is the result of a threat exploiting a vulnerability, which has a negative effect on the
success of the objectives for which we are assessing the risk.
Impact

3. There are two principal approaches to formal modelling.

Computaional, Symbolyc

4. Capturing the MAC layer is doable but needs an explicit configuration. Capturing the MAC
layer is mandatory to identify attacks like ARP poisoning. For the definite categories of
industrial control networks that execute right top of the ethernet layer, capturing traffic
involves adding a node and could change the real-time conventions.
Understanding the information available in the MAC layer requieres what?
The configuration of the network segment to witch the collection network intergace is
attached

5. ___ is the number of characters that most humans can commit to STM without overload.
3

6. In SIEM data collection, the transport protocol defines how the alert bitstring is migrated
from one place to another.
What are examples of transport protocols?
Syslog, IDXP, HTTP, or AMQP

7. Renn defines three basic abstract elements which are at the core of most risk assessment
methods. Which element is not part of renn's definition?
Relationship between risk and security

8. In security architecture and lifecycle "to group users and data into broad categories using
role-access requirements, together whitch formal data classification and user clearance" is
part of which step?
Second step

9. Confidentiality based on the _______ of data, is meant to provide a way to control the
extent to which and adversary can make inferences about users' sensitive information.
Obfuscation

10. Which principle states that controls need to define and enable operations that can
positively be identified as being in accordance with a security policy, and reject all others?
Fail-safe defaults

11. What physical characteritics can effect the usability of security mechanisms?
All of the above
12. There are different categories for evidence depending upon what form it is in and possibly
how it was collected. Wich of the following is condsidered supporting evidence?
Corroborative evidence

13. Which of the following is not a NIST security architecture strategy

Behavior

14. What is common technique for permiting data processing without risk to individuals?
Anonymization

15. The pcap library needs the accessibility of a network interface that can be employed in
alleged promiscuous mode, which means that interfaces will recover all packets from the
network, even those packets that are not requested to it. Also, it is not requiered to bind an
IP address to the network interface to capture traffic.
Capture traffic

16. The early-day malware activities were largely nuisance arracks (such as defacing or putting
graffiti on an organization´s web page) but present-day malware attacks are becoming
full-blown cyberwars.
An underground eco-system has also emerged to support what?
The full malware lifecycle that inlcudes development, deployment, operations and
monetization

17. In legal research, this term can refer to any systematized collection of primary legislation,
secondary legislation, model laws, or merely a set of rules published by public or private
organizations.
Codes

18. Syslog provides a generic logging infrastructure that constitutes an extremely efficent data
source for many uses. This new specificaction introduces several improvements over the
original implementation. A syslog entry is a timestamped text message coming from an
identified source.
What is the information stored in Syslog?
Timestamp, hostname, process, priority, and PID

19. as netflow was designed by network equipment providers, it is exceptionally well

implemented in networks, and extensively used for network management jobs. It is
standardized, and even nonetheless the commercial names vary, alike information is
gathered by the manufacturers that are supportive of this technology.
Controlling packets ti calculate netflow counters requires access to what?.
Router CPU

20. Which is a valuable framework for system engineers and those who probe deficiencies and
vulnerability within such systems?.
Code of conduct

21. According to the US Government NIST guidelines, "Conduct" is the phase where
Threats, vulnerability, likelihood and impact are identified
22. Which is a type of onion router used to forward data making use of an anonymous
communication network?.
All of the above

23. The 1st dimension of our taxonomy is whether malware is a standalone (or, independent)
program or just a sequence of instructions to be embedded in another program.
What assumption rearding the execution property of the standalone malware program is
correct?
A Standalone malware program is a complete software that can run on its own when installed
on a target system and executed

24. One of the main benefits of analyzing the malware structure that may include the libraries
and toolkits and coding techniques, we may find some important data that is possibly
helpful to attribution.
What is the prime importance of the above-mentioned benefit?
Which means being able to identify the likely author and operator.

25. Experts proposed a framework to systematize the attribution efforts of cyberattacks, which
of the following is NOT a layer of this framework.
Analytical

26. Which one is NOT part of the risk governance model?.

Emblematic

27. Memory-resident malware such that if the computer is rebootes or the infected running
program terminates, it no longer exists anywhere on the system and can evade detection
by many anti-virus systems that rely on file scanning.
What is the advantage of memory-resident malware?
It can easily clean up its attack operations right after its execution

28. Situations where risks are less clear cut, there may be a need to include a broader set of
evidence and consider a comparative approach such as cost-benefit analysis or
cost-effectiveness. This is all true with regards to?
Complex risk

29. Software programs are protected from illegal distribution under what law?
Copyright

30. The golden arches of Mcdonald's are proteceted under what intellectual property law?
Trademark

31. International and national statutory and regulatory requirements, compliance obligations,
and security ethics, including data protection and developing doctrines on cyber warfare.
Law & regulation

32. _____ is a principle where conditions appear from previous decisions about said systems.
Latent design conditions
33. What is a good example of a security measure made ineffective due to its 0.1% utilization,
and that has been around for over 20 years?
Email encryption

34. As with any process of risk management, a key calculation relates to expected impact, being
calculated from some estimate of likelihood of events that may lead to impact, and an
estimate of the impact arising from those events.
Which is not an element of likelihood ?
Command and control

35. The analogy between quality management and security is not perfect because the.
Threat environment is not static

36. The third dumension generally applies to only persistent malware based on the layers that
include firmware, boot-sector, operating system kernel, drivers and aplication
programming interfaces (APIs), and user aplications.
All the above-mentioned layers are presented in which order?
All layers of the system stack are mentioned in ascending order

37. Flaws caused by humans frequently arise in design and code which lead to security
vulberabilities. Which discipline has made a big effort in minimizing these faults?
Software engineering

38. Why are changes in passive security indicators often missed by humans, particularly if they
are on the edges of the screen.
Humans can only focus on one task at any one time

39. The detection issue is a classification job. The assessment of an IDS, therefore, equates the
outcome of the detector with the base reality identified to the evaluator, but not to the
derector.
What are the possible outcomes of the detection process?
All the above

40. The collection, analysis, & reporting of digital evidence in support of incidents or criminal
events
Forensics

41. Which is NOT a good Security Metric?

Express results witch qualitative label units of measure

42. The domain name system (DNS) translates domain names, significant bits of text, to IP
addresses needed for network communications. The DNS protocol is also a regular DDoS
enhancer, as it is likely for an attacker to impersonate the IP address of a target in a DNS
request, thus triggering DNS server to send unwanted traffic to the target.
What other protocols are prone to amplification?
Network Time protocol (NTP)
43. With regards to large numbers of unique passwords, what is a way to support people in
managing them?
use of password managers

44. Consists of principles which refer to security architecture, precise controls, and engineering
process management?
Life cycle security

45. Which is NOT an aspect of risk communication with relation to compliance and
accountability?
Password Policies

46. A framework that acknowledges that current systems are interconnected, and provides
basis on how to secure them
NIST

47. GPDR brought about a significant change in the______ jurisdiction of european data
pretection law.
Territorial prescribtive

48. With reference to law, which school of thougth has universally prevailed with state
authorities.
Second school

49. Which is an incident management function specific to cybersecurity?

Security monitoring

50. TLS guarantees both the validation of the server to the client and the privacy of the
exchange over the network. But it is difficult to evalute the payload of packets. The solution
is to put a supplementary dedicated box near to the application server, usually named the
hardware security module (HSM).
What is the purpose oh HSM?
All the options A, B & C include the working functionality of HSM

51. Which of following is NOT a core concept of risk assessment?

Risk Analysis

52. Anomaly detection is an essential technique for identifying cyber-attacks, since any
information regarding the attacks cannot be inclusive enough to propose coverage and the
main benefit of anomaly detection is its liberation from the understanding of explicit
vulnerabilities.
0-day attacks

53. Criteria by which usability is assessed?

None of the above

54. Systems benefit from a uniform approach to security infrastructure. Which is NOT a part of
this approach?
 Reconnaissance

55. What theme is of high relevance regarding the cost versus benefits trade-offs of security to
user systems and cybercriminals
Security Economics

56. ____ is oriented towards operational risk and security practices rather than technology.
Octave Allegro

57. Before performing any penetration test, through legal procedure, which key points listed
below is not mandatory?
Type of broadband company used by the firm

58. In a scenario where the data belong to the sender and the recipient acts as the data process
is an example of?
Outsourcing

59. Malware essentially codifies the malicious activites intended by an attacker and can be
analyzed using the Cyber Kill Chain Model Which represents (iterations of) steps typically
involved in a cyberattack.
What is the first in the cyber kill chain model that cyber attackers follow?.
Reconnaissance is the 1st step where an attacker identifies or attacks the potential targets by
scanning

60. There are many benefits in analyzing malware. First, we can understand the intended
malicious activities to be carried out by the malware.
What is the benefit of understanding intended malicious activities?
Both B and C are correct

61. Which of the following is not a type of peer-to-peer cyber-crime?.

Credit card details leak in deep web

62. Cybercrime can be categorized into ____ types

3

63. What is the best detection approach when dealing with DDoS
Analyze the statistical propertiers of traffic

64. Which of the following is not done by cyber criminals?

Report vulnerability in any system

65. Consists of principles which refer to security architecture, precise controls, and engineering
process management?
All of the above

66. Component-driven methods are good for

Analyzing the risks faced by individual technical components.
67. The privacy knowledge area is structured in different sections, which is considered part of
the paradigm?
All of the above

68. Most modern malware uses some form of obfuscation to avoid detection as there is a range
of obfuscation techniques and there are tools freely available on the internet for a malware
author to use.
Polymorphism can be used to defeat detection methods that are based on "signatures" or
patterns of malware code which mean?
All A, B & C are correct

69. _____ reflects on the potential harmful effect of design choices before technological
innovations are put into large-scale deployment.
The Precautionary Principle

70. What is a traditional method for obtaining custody of a cybercriminal who is not present
within the state?
Extradition

71. ____ allows scholars, engineers, auditors, and regulators to examine how security controls
operate to ensure their correctness, or identify flaws, without undermining their security.
Open design

72. The effectiveness, efficiency and satisfaction with which specified users achieve specified
goals in particular environments.
This is the definition of "usability" by
ISO

73. The process of developing and evaluating options to address exposure is called?
Risk Management

74. Which of the following is not a type of cybercrime?

Installing antivirus protection

75. The injection of fake data points into data made available in order to hide real samples is
called.
Dummy addition

76. This method begins by asking "What is the overall goal of the system or enterprise".
Dependency Modelling

77. Layer 3 information, such as IP addresses, the amount and timing of the data transferred, or
the duration of the connection, is accessible to observers even if communications are
encrypted or obfuscated.
What type of metadata is this in reference to?
Traffic metadata
78. The term "jurisdiction" is used to refer to a state, or any political sub-division of a state,
that has the authority to do?
Enforce laws or regulations

79. An adversary cannot determine which candidate a user voted for, this is true for
Ballot secrecy

80. Which of the following options is not an element of Information Security?

Reliability