CDS Final UPDATED Questions and
CORRECT Answers
A series of steps that follow the stages of a cyberattack from early reconnaissance to the exfiltration of
data is known as the ____. - CORRECT ANSWER - cyber kill chain
________ is used to maintain awareness of evolving threats in general and is a resource for researching
specific threats as an organization develops usable threat intelligence - CORRECT ANSWER -
open source intelligence
if an intruder can _____ a device, then no electronic protection can deter the loss of information -
CORRECT ANSWER - physically access
which of the following is not a definite indicator of an incident - CORRECT ANSWER - presence
of unfamiliar files
the failure of a technical control to react to the intended stimulus so that it goes unreported is called
a___________ - CORRECT ANSWER - false negative
one of the more commonly seen and most easily avoided incidents is the _______ attack, where
employees are bombarded with numerous attempts to convince them to activate a link embedded in an
email or respond to a request for communications with an unknown outside party, often masquerading as
a known entity - CORRECT ANSWER - phishing
the use of email in fraudulent efforts to compromise the organization is known as ______ - CORRECT
ANSWER - business email compromise
a decoy application or systems simulation that attempt to draw attackers to it and away from actual
production systems is known as a ________ - CORRECT ANSWER - honeypot
_______ is the organized research and investigation of internet addresses owned or controlled by a target
organization - CORRECT ANSWER - footprinting
, the theft of organizational data, either physically or by extraction through the owners networks is called
data _________ - CORRECT ANSWER - exfiltration
in the event that a definite indicator is recognized, the corresponding ______ must be activated
immediately - CORRECT ANSWER - IR plan
a staffed control room where key security technologies, networks, and critical systems are monitored for
incidents is known as _____________ - CORRECT ANSWER - security operations center
Passive Scanning is the process of collecting information about computers by sending traffic and
observing what traffic returns as a result.
t or f - CORRECT ANSWER - False
The Windows Task Manager can be used to review all processes on microsoft windows computers.
t or f - CORRECT ANSWER - false
an incident candidate is an adverse event that is a possible incident.
t or f - CORRECT ANSWER - true
malware includes viruses, worms, trojan horses, and an entire library of malicious scripts designed to steal
information, deny service to needed resources, and generally wreak havoc in the organization.
t or f - CORRECT ANSWER - true
the msot common detection of a denial-of-service attack is a message to a user that they have been locked
out of their computer system, and that their files and data have been encrypted.
t or f - CORRECT ANSWER - false
software designed to penetrate security controls, identitfy valuable content, and then encrypt files and data
in order to extort payment for the key needed to unlock the encryption is known as blackmail.
CORRECT Answers
A series of steps that follow the stages of a cyberattack from early reconnaissance to the exfiltration of
data is known as the ____. - CORRECT ANSWER - cyber kill chain
________ is used to maintain awareness of evolving threats in general and is a resource for researching
specific threats as an organization develops usable threat intelligence - CORRECT ANSWER -
open source intelligence
if an intruder can _____ a device, then no electronic protection can deter the loss of information -
CORRECT ANSWER - physically access
which of the following is not a definite indicator of an incident - CORRECT ANSWER - presence
of unfamiliar files
the failure of a technical control to react to the intended stimulus so that it goes unreported is called
a___________ - CORRECT ANSWER - false negative
one of the more commonly seen and most easily avoided incidents is the _______ attack, where
employees are bombarded with numerous attempts to convince them to activate a link embedded in an
email or respond to a request for communications with an unknown outside party, often masquerading as
a known entity - CORRECT ANSWER - phishing
the use of email in fraudulent efforts to compromise the organization is known as ______ - CORRECT
ANSWER - business email compromise
a decoy application or systems simulation that attempt to draw attackers to it and away from actual
production systems is known as a ________ - CORRECT ANSWER - honeypot
_______ is the organized research and investigation of internet addresses owned or controlled by a target
organization - CORRECT ANSWER - footprinting
, the theft of organizational data, either physically or by extraction through the owners networks is called
data _________ - CORRECT ANSWER - exfiltration
in the event that a definite indicator is recognized, the corresponding ______ must be activated
immediately - CORRECT ANSWER - IR plan
a staffed control room where key security technologies, networks, and critical systems are monitored for
incidents is known as _____________ - CORRECT ANSWER - security operations center
Passive Scanning is the process of collecting information about computers by sending traffic and
observing what traffic returns as a result.
t or f - CORRECT ANSWER - False
The Windows Task Manager can be used to review all processes on microsoft windows computers.
t or f - CORRECT ANSWER - false
an incident candidate is an adverse event that is a possible incident.
t or f - CORRECT ANSWER - true
malware includes viruses, worms, trojan horses, and an entire library of malicious scripts designed to steal
information, deny service to needed resources, and generally wreak havoc in the organization.
t or f - CORRECT ANSWER - true
the msot common detection of a denial-of-service attack is a message to a user that they have been locked
out of their computer system, and that their files and data have been encrypted.
t or f - CORRECT ANSWER - false
software designed to penetrate security controls, identitfy valuable content, and then encrypt files and data
in order to extort payment for the key needed to unlock the encryption is known as blackmail.
