ITS Cybersecurity (QUESTIONS WITH 100% CORRECT
ANSWERS
You are required to keep track of file access.
Which type of auditing should be implemented?
Object Access
Object Access
This determines attempts to access files and other objects.
Process Tracking
This determines events such as program activation and process exits.
Directory Services
This determines whether the operating system generates audit events when an AD DS object is
accessed.
Audit Logon
This determines whether the operating system generates audit events when a user attempts to log on
to the computer.
You are part of a cyber forensics team that needs to examine a hard drive for evidence. Your
supervisor tells you to first make a duplicate of the hard drive.
What is the purpose of making a duplicate of the hard drive?
To preserve the original state of the hard drive.
Surveillance cameras are installed around the building perimeter.
Detective control
A failed disk is replaced and the backup is restored.
Corrective control
New biometric door locks are installed.
Preventive control
Which type of attack is directed toward a specific group of users to trick them into visiting an infected
website?
Watering hole
Targets individuals through phone calls to gather compromising information.
Vishing
Targets a high-profile victim.
Whaling
, Instead of luring, it involves directing an internet user to fake websites.
Pharming
Which type of attack occurs when threat actors utilize botnets on several computers to overwhelm a
target web server?
Distributed Denial-of-Service (DDoS)
An attacker has connected a laptop to a wireless network and attempts to lease all available IP
addresses from the DHCP server.
Which type of attack is occuring?
DHCP Starvation
When an attacker responds to client DHCP and sends the client's incorrect IP address information
such as wrong default gateway or DNS server.
DHCP Spoofing
When an attacker alters DNS records to redirect online traffic to a fraudulent website.
DNS Spoofing
When the attacker creates IP packets with a modified source address to impersonate another
computer system.
IP Spoofing
Which option is a common type of attack launched against IoT devices?
DDos attack
What are the two classes of encryption algorithms?
Asymmetric and Symmetric
What are the two most common hashing algorithms.
SHA-2 and MD5
In which phase of the NIST Incident Response Life Cycle do you investigate network intrusion
detection sensor alerts?
Detection & Analysis Phase
In which phase of the NIST Incident Response Life Cycle are you organizing to respond to security
incidents?
Preparation Phase
In which phase of the NIST Incident Response Life Cycle are you actively working on removing the
malicious activity?
Containment, Eradication, and Recovery Phase
ANSWERS
You are required to keep track of file access.
Which type of auditing should be implemented?
Object Access
Object Access
This determines attempts to access files and other objects.
Process Tracking
This determines events such as program activation and process exits.
Directory Services
This determines whether the operating system generates audit events when an AD DS object is
accessed.
Audit Logon
This determines whether the operating system generates audit events when a user attempts to log on
to the computer.
You are part of a cyber forensics team that needs to examine a hard drive for evidence. Your
supervisor tells you to first make a duplicate of the hard drive.
What is the purpose of making a duplicate of the hard drive?
To preserve the original state of the hard drive.
Surveillance cameras are installed around the building perimeter.
Detective control
A failed disk is replaced and the backup is restored.
Corrective control
New biometric door locks are installed.
Preventive control
Which type of attack is directed toward a specific group of users to trick them into visiting an infected
website?
Watering hole
Targets individuals through phone calls to gather compromising information.
Vishing
Targets a high-profile victim.
Whaling
, Instead of luring, it involves directing an internet user to fake websites.
Pharming
Which type of attack occurs when threat actors utilize botnets on several computers to overwhelm a
target web server?
Distributed Denial-of-Service (DDoS)
An attacker has connected a laptop to a wireless network and attempts to lease all available IP
addresses from the DHCP server.
Which type of attack is occuring?
DHCP Starvation
When an attacker responds to client DHCP and sends the client's incorrect IP address information
such as wrong default gateway or DNS server.
DHCP Spoofing
When an attacker alters DNS records to redirect online traffic to a fraudulent website.
DNS Spoofing
When the attacker creates IP packets with a modified source address to impersonate another
computer system.
IP Spoofing
Which option is a common type of attack launched against IoT devices?
DDos attack
What are the two classes of encryption algorithms?
Asymmetric and Symmetric
What are the two most common hashing algorithms.
SHA-2 and MD5
In which phase of the NIST Incident Response Life Cycle do you investigate network intrusion
detection sensor alerts?
Detection & Analysis Phase
In which phase of the NIST Incident Response Life Cycle are you organizing to respond to security
incidents?
Preparation Phase
In which phase of the NIST Incident Response Life Cycle are you actively working on removing the
malicious activity?
Containment, Eradication, and Recovery Phase
