Which 3 levels in OSI Model are usually implemented in the software within the operating system?
(a) Data Link, Transport, Application
(b) Application, Presentation, Session
(c) Transport, Session, Presentation
Which of these protocols reside in Layer 3 - Network in the OSI Model?
(a) TCP and IPSec
(b) IP and TCP
(c) IP and IPSec
A netmask can be represented by which two ways?
(a) Pound Notation (80.2012.212.50#24) and Decimal Numbers (Netmask: 255.255.255.0)
(b) Slash Notation (80.212.212.50/32) and Pound Notation (80.2012.212.50#24)
(c) Decimal Numbers (Netmask: 255.255.255.0) and Slash Notation (80.212.212.50/32)
Which is the broadcast address in this network: 172.16.24.0/24
(a) 172.16.24.255
(b) 172.16.24.1
(c) 172.16.24.0
Which one of these is a RFC 1918 ip address?
(a) 9.0.0.1
(b) 172.17.1.30
(c) 172.16.1.30
Shortening an IPv6 address means:
(a) Removing a group of only 0's
(b) Converting 8 groups of 4 hexadecimal numbers into a valid IPv4 address
(c) Removing unused groups of hexadecimal numbers
What is spoofing?
(a) A way of terminating a 3-way handshake connection
(b) Falsifying data, making something appear different than they really are
(c) A way server hides from attacks, a defensive mechanics
What is Zero-Trust architecture?
(a) A network where only some resources/devices are trusted
(b) A network where all systems/resources need explicit access to be able to communicate
(c) A network where we do not trust public network(internet), but we trust local network
You need an IDS (Intrusion Detection System) in addition to IPS (Intrusion Prevention System) to be able to both detect and prevent access
(a) False. IPS is also able to detect if positioned correctly in the network
(b) Neither of the other options are correct
(c) True. IDS and IPS are two separate product or devices, with designed roles on different parts of the network.
(c) IDS tells the IPS to block/prevent.
To be able to detect and block specific file types/documents to be blocked from downloading from the internet, with a firewall, you need:
(a) A Next-Generation Firewall with phaser features
(b) A Next-Generation Firewall with layer 7 features
(c) A Next-Generation Firewall with layer 6 features
A cookie can not be used to control a users session/state
(a) False. Cookies are often used for tracking sessions
(b) True, only supercookies have this feature
Which types of packets can be used to determine if a system is alive on the network?
(a) ICMP Echo Request, ICMP Timestamp Request, TCP SYN, TCP ACK
(b) ICMP Echo Request, TCP SYN, SW-1TCH, ICMP Timestamp Request
(c) ICMP handshake Request, TCP ACK, NMAP
ARP Scanning can only be used to identify hosts/systems on the LAN
(a) True
(b) False
NMAP Timing options (-T) can be used to to avoid detection by
(a) Choose when to scan. E.g. only scan during the night
(b) Timing option is used to time a scan to CPU clocks, so they are in sync, for more efficient scanning
(c) Limit speed on how fast hosts are scanned
What is a strobe of data?
(a) Small amount of traffic trying to hide from detecting
(b) A sudden increase of traffic in the network
What is IDOR?
(a) Invalid Data or Reference
(b) Insecure Direct Object Reference
(c) Insecure Door or Room
What is SQL injection?
(a) It is used to inject malicious code to a database server, through a query
(b) It is used to spoof or inject false headers in a HTTP request
(c) It is used in Buffer Overflow attacks to overwrite memory
What is best practice in defending against SQL injection?
(a) Blocking specific ports that SQL injections are usually attacked via
(b) Programmers will not make web applications that allow user input
(c) Sanitizing users input in a web application
What is CSP - Content Security Policy?
(a) A strict way of sanitizing user input on a website
(b) TLS encryption between server and client
(c) A strict way of controlling where javacsript is allowed to be executed from
Which order of security protocols is correct, going from least to most secure?
(a) WPA, WPA2, WPA3, WEP
(b) WEP, WPA, WPA2, WPA3
(c) WPA, WEP, WPA2, WPA3
Using the same strong password, with high entropy, on multiple sites is good practice
(a) True. Storing passwords in clear text in database is no longer practiced and are now only using strong encryption
(b) False. If one site is breached/hacked and stores passwords in clear text, your password is now in hackers hands
SIEM is commonly used to
(a) Secure the servers that are hosted in the cloud
(b) Do a real-time analysis of security alerts generated by applications, hosts and network hardware
(c) Preventively block attacks against networks
Classifications of incidents should generally be according to
(a) Category, sensitivity, criticality
(b) Category, sensitivity, criticality, SLA, contact channel
(c) Category, sensitivity, criticality, SLA
The 6stages of PICERL are:
(a) Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned
(b) Preparation, Identification, Containment, Eradication, Recovery, Payment
(c) Preparation, Identification, Containment, Eradication, Recovery, Vacation
In which phase of PICERL is blocking attackers usually done?
(a) Eradication
(b) Containment
(c) Preparation
(d) Identification