Q.1 Reconnaissance in information security is used for _________.
A. Information Gathering
B. Security Testing
C. Information Analysis
D. Security reviews
Ans : Information Gathering
Q.2 A type of computer attack that in which the intruder engages with the targeted system is known as _______.
A. White Box Assessment
B. Passive Reconnaissance
C. Red Team Assessment
D. Active Reconnaissance
Ans : Active Reconnaissance
Q.3 Which of the following should be covered under the security policy?
A. Security update timelines
B. Security strategies
C. Data backup plans
D. Password management policies
E. All of these
Ans : All of these
Q.4 A type of attack that depends on human error rather than on vulnerabilities in the system.
A. Birthday attack
B. Social Engineering attacks
C. Drive-by attack
D. Zero day attack
Ans : Social Engineering attacks
Q.5 The risk level decreases with increase in the likelihood of potential risk.
A. True
B. False
Ans : False
Q.6 Passive fingerprinting sends and collects traffic to/from the target system.
A. True
B. False
Ans : False
Q.7 Which among the following companies have bug bounty programs?
A. Microsoft
B. Facebook
C. Google
D. Mozilla
E. All of these
Ans : All of these
Q.8 Which of the following exploits psychological manipulation in deceiving users to make security mistakes?
A. Fingerprinting
B. Social Engineering
C. Footprinting
D. Reconnaissance
Ans : Social Engineering
Q.9 Which of the following assessment type works to determine whether a threat made/detected, is genuine?
A. Risk Assessment
B. Threat Modeling
C. Threat Assessment
D. Penetration Testing
Ans : Threat Assessment
Q.10 A pen testing method in which a tester with access to an application behind its firewall imitates an attack that could be caused by a malicious insider.
A. Static analysis
B. External Testing
C. Internal Testing
D. Dynamic analysis
Ans : Internal Testing
Q.11 Which of the following is best used for penetration testing?
A. White Box Testing
B. Grey Box Testing
C. Black Box Testing
Ans : Black Box Testing
Q.12 Penetration testing is also called as ethical hacking.
A. True
B. False
Ans : True
Q.13 A continuous service that emulates real-world attackers for the purpose of improving the Blue Team.
A. Red Team
B. Black Team
C. Purple Team
Ans : Red Team
Q.14 The type of testing that is best done during the development life cycle process of the in-house software.
A. White Box Testing
B. Grey Box Testing
C. Black Box Testing
Ans : White Box Testing
Q.15 A valuable training exercise that provides a security team with real-time feedback from a hacker’s perspective.
A. Targeted Testing
B. External Testing
C. Blind Testing
D. Double Blind Testing
Ans : Targeted Testing
Q.16 While performing penetration testing, which of the following method is considered to be a more practical way of scanning?
A. Dynamic analysis
B. Static analysis
C. Inactive analysis
D. Active analysis
Ans : Dynamic analysis
Q.17 The process that involves analyzing entities like TCP and ICMP to identify an application or an operating system:
A. Fingerprinting
B. Social Engineering
C. Reconnaissance
D. Vulnerability Analysis
Ans : Fingerprinting
Q.18 The type of assessment that is best used to identify, classify and prioritize vulnerabilities.
A. Vulnerability Assessment
B. Risk Assessment
C. Penetration Testing
D. Security Audits
Ans : Vulnerability Assessment
Q.19 During the scanning phase of pen testing, which of the following method analyzes an application’s code to determine its behavior during runtime?
A. Static analysis
B. Dynamic analysis
C. Inactive analysis
D. Active analysis
Ans : Static analysis
Q.20 Which of the following is best used with vulnerability assessments?
A. White Box Testing
B. Black Box Testing
C. Grey Box Testing
Ans : White Box Testing
Q.21 An independent group that challenges an organization to improve its effectiveness by pertaining an adversarial role.
A. Black Team
B. Red Team
C. Blue Team
D. Internal security team
Ans : Red Team
Q.22 Which of the following can be considered as a sound example of social engineering attack?
A. An employee giving door access to an unknown person
B. Calling the help desk and tricking them to reset the password for a user account
C. Accessing a database with a cracked passworddsa
D. Installing a hardware keylogger on an employee’s system to capture passwords
Ans : Accessing a database with a cracked password
Q.23 A type of testing with limited knowledge of the internal working of an application.
A. White Box Testing
B. Black Box Testing
C. Grey Box Testing
Ans : Grey Box Testing
Q.24 Which of the following aims to integrate the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red Team into a single objective?
A. Green Team
B. Black Team
C. Purple Team
D. Master Security Team
Ans : Purple Team
Q.25 Which of the following cannot be exploited by remote attackers?
A. Passive Fingerprinting
B. Passive Reconnaissance
C. Active Fingerprinting
D. Active Reconnaissance
Ans : Passive Fingerprinting
