Free Cram & Latest Exams Dumps

Q19. Henry Is a cyber security specialist hired by BlackEye – Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS.
Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

Q20. Rhett, a security professional at an organization, was instructed to deploy an IDS solution on their corporate network to defend against evolving threats. For this purpose, Rhett selected an IDS solution that first creates models for possible intrusions and then compares these models with incoming events to make detection decisions.
Identify the detection method employed by the IDS solution in the above scenario.

Q21. Maisie. a new employee at an organization, was given an access badge with access to only the first and third floors of the organizational premises. Maisie Hied scanning her access badge against the badge reader at the second-floor entrance but was unsuccessful. Identify the short-range wireless communication technology used by the organization in this scenario.

Q22. Miguel, a professional hacker, targeted an organization to gain illegitimate access to its critical information.
He identified a flaw in the end-point communication that can disclose the target application’s data.
Which of the following secure application design principles was not met by the application in the above scenario?

Q23. Finley, a security professional at an organization, was tasked with monitoring the organizational network behavior through the SIEM dashboard. While monitoring, Finley noticed suspicious activities in the network; thus, he captured and analyzed a single network packet to determine whether the signature included malicious patterns. Identify the attack signature analysis technique employed by Finley in this scenario.

Q24. A software company has implemented a wireless technology to track the employees’ attendance by recording their in and out timings. Each employee in the company will have an entry card that is embedded with a tag. Whenever an employee enters the office premises, he/she is required to swipe the card at the entrance. The wireless technology uses radio-frequency electromagnetic waves to transfer data for automatic identification and for tracking tags attached to objects.
Which of the following technologies has the software company implemented in the above scenario?

Q25. Cassius, a security professional, works for the risk management team in an organization. The team is responsible for performing various activities involved in the risk management process. In this process, Cassius was instructed to select and implement appropriate controls on the identified risks in order to address the risks based on their severity level.
Which of the following risk management phases was Cassius instructed to perform in the above scenario?

Q26. You are investigating a data leakage incident where an insider is suspected of using image steganography to send sensitive information to a competitor. You have also recovered a VeraCrypt volume file S3cr3t from the suspect. The VeraCrypt volume file is available In the Pictures folder of the Attacker Machined. Your task Is to mount the VeraCrypt volume, find an image file, and recover the secret code concealed in the file. Enter the code as the answer. Hint: If required, use sniffer@123 as the password to mount the VeraCrypt volume file.(Practical Question)

Q27. An IoT device that has been placed in a hospital for safety measures, it has sent an alert command to the server. The network traffic has been captured and stored in the Documents folder of the Attacker Machine-1.
Analyze the loTdeviceTraffic.pcapng file and select the appropriate command that was sent by the IoT device over the network.

Q28. Jane Is a newly appointed Chief Financial Officer at BigTech Corp. Within a week, she receives an email from a sender posing as the company’s CEO. instructing her to make an urgent wire transfer. Suspicious. Jane decides to verify the request’s authenticity. She receives another email from the same sender, now attaching a seemingly scanned Image of the CEO’s handwritten note. Simultaneously, she gets a call from an ‘IT support’ representative, instructing her to click on the attached image to download a ‘security patch’. Concerned. Jane must determine which social engineering tactics she encountered.

Q29. Zayn, a network specialist at an organization, used Wireshark to perform network analysis. He selected a Wireshark menu that provided a summary ol captured packets, IO graphs, and flow graphs. Identify the Wireshark menu selected by Zayn in this scenario.

Q30. As the senior network analyst for a leading fintech organization, you have been tasked with ensuring seamless communication between the firm’s global offices. Your network has been built with redundancy in mind, leveraging multiple service providers and a mixture of MPLS and public internet connections.

Q31. Andre, a security professional, was tasked with segregating the employees’ names, phone numbers, and credit card numbers before sharing the database with clients. For this purpose, he implemented a deidentification technique that can replace the critical information in database fields with special characters such as asterisks (*) and hashes (#).
Which of the following techniques was employed by Andre in the above scenario?

Q32. A threat intelligence feed data file has been acquired and stored in the Documents folder of Attacker Machine-1 (File Name: Threatfeed.txt). You are a cybersecurity technician working for an ABC organization. Your organization has assigned you a task to analyze the data and submit a report on the threat landscape. Select the IP address linked with http://securityabc.s21sec.com.

Q33. A software company develops new software products by following the best practices for secure application development. Dawson, a software analyst, is responsible for checking the performance of applications in the client’s network to determine any issue faced by end users while accessing the application.
Which of the following tiers of the secure application development lifecycle involves checking the application performance?

Q34. ProNet, a leading technology firm, has been dynamically evolving its internal infrastructure to cater to an expanding workforce and changing business needs. The company’s current project involves enhancing the overall security of its internal platforms. The company’s security team is focusing on a robust access control system. To make the system efficient, it needs to implement a model that would define access based on roles within the organization, where specific roles would have predefined access to certain resources, and the roles can be assigned to multiple users. The aim is to decrease the administrative work involved in assigning permissions and ensure that users gain only the necessary permissions in line with their job functions.
Which access control model best suits ProNet’s requirement?

Q35. In a multinational corporation, the IT department Implemented a new network security protocol for their global data centers. This protocol was designed to enhance security measures by incorporating advanced access control principles. The protocol employs a combination of methods to ensure that only authorized personnel can access sensitive data. Recently, an incident occurred where an unauthorized user gained access to confidential data. The securityteam discovered that the intruder exploited a specific aspect of the access control system. Which aspect of the access control principles, terminologies, and models was most likely exploited?

Q36. Myles, a security professional at an organization, provided laptops for all the employees to carry out the business processes from remote locations. While installing necessary applications required for the business, Myles has also installed antivirus software on each laptop following the company’s policy to detect and protect the machines from external malicious events over the Internet.
Identify the PCI-DSS requirement followed by Myles in the above scenario.

Q37. Steve, a network engineer, was tasked with troubleshooting a network issue that is causing unexpected packet drops. For this purpose, he employed a network troubleshooting utility to capture the ICMP echo request packets sent to the server. He identified that certain packets are dropped at the gateway due to poor network connection.
Identify the network troubleshooting utility employed by Steve in the above scenario.