GOOGLE CYBERSECURITY EXAM
REVIEW QUESTIONS WITH
CORRECT DETAILED ANSWERS
Defense in-depth is? - Answer-It's a layered approach to
vulnerability management that reduces risk.
Defense in-depth strategy? - Answer-perimeter layer
network layer
endpoint layer
application layer
Data layer
Exposure is - Answer-a mistake that can be exploited by a threat.
The common vulnerabilities and
exposures list, or CVE list, - Answer-is an openly accessible dictionary
of known vulnerabilities and exposures.
MITRE is - Answer-a collection of
non-profit research and development centers
The CVE list tests four criteria that
a vulnerability must have before it's assigned an ID. - Answer-1.independent of other
issues ,fixed without having to fix something else.
2.recognized as a potential security risk by whoever reports it.
3.vulnerability must be submitted with supporting evidence.
4.the reported vulnerability
can only affect one codebase,
What which is
a measurement system that scores
the severity of a vulnerability. 0- 10 - Answer-Common vulnerability scoring system,
or CVSS,
4.0 CVSS is considered - Answer-low risk
OSWASP is? - Answer-is a nonprofit open source foundation that works to improve the
securing the web and software.
OSINT is? - Answer-Open source intelligence.
,OSINT is used for? - Answer-used to support cybersecurity activities, like identifying
potential threats and vulnerabilities.Tool used in gathering intelligence
Name some tool used in gathering intelligence - Answer-VirusTotal
MITRE Attack
OSINT fRAMEWORK
Have I been Pwned
The perimeter layer consists of - Answer-authentication technologies that let verified
users in
The network layer is - Answer-associated with authorization controls, like firewalls
Endpoint layer - Answer-
A zero-day refers to? - Answer-an exploit that was previously unknown.
Vulnerability assessment process - Answer-identification
vulnerability anaylsis
risk assessment
remediation
Vulnerability Analysis - Answer-find the source of the problem.
risk assessment - Answer-a score is assigned, how severe and likelihood
vulnerability remediation step - Answer-this step that the vulnerabilities
that can impact the organization are addressed.
A vulnerability scanner - Answer-In general, these tools scan systems to find
misconfigurations or programming flaws.
Authenticated and unauthenticated scans are? - Answer-simulate whether or not a user
has access to a system.
Limited scans analyze - Answer-particular devices on a network, like searching for
misconfigurations on a firewall
Comprehensive scans analyze - Answer-all devices connected to a network. This
includes operating systems, user databases, and more.
A patch update - Answer-is a software and operating system update that addresses
security vulnerabilities within a program or product.
, What are the benefits of manual update deployment strategies? - Answer-control, in
case you have doubts
Penetration Testing - Answer-or pen test, is a simulated attack that helps identify
vulnerabilities in systems, networks, websites, applications, and processes.
Red team tests - Answer-simulate attacks to identify vulnerabilities in systems,
networks, or applications by independent pen testers
Blue team tests - Answer-focus on defense and incident response to validate an
organization's existing security systems.
Purple team tests - Answer-collaborative, focusing on improving the security posture of
the organization by combining elements of red and blue team exercises.
3 common pen test strategies? - Answer-Open-box testing
Close-box testing
Partial knowledge testing
Open-box testing - Answer-is when the tester has the same privileged access that an
internal developer would have—information like system architecture, data flow, and
network diagrams
Close-box testing - Answer-is when the tester has little to no access to internal
systems—similar to a malicious hacker
Partial knowledge testing - Answer-is when the tester has limited access and knowledge
of an internal system—for example, a customer service representative.
Fill in the blank: A vulnerability _________ refers to the internal review process of an
organization's security systems. - Answer-ASSESSMENT
What are the goals of a vulnerability assessment? Select two answers. - Answer-to
identify existing weaknesses and reduce overall threat exposure.
What are two types of vulnerability scans? Select two answers. - Answer-Authenticated
or unauthenticated and limited or comprehensive are two types of vulnerability scans.
Internal and external is another common type of vulnerability scanning.
An attack surface is - Answer-all the potential vulnerabilities that a threat actor could
exploit.
physical attack surface - Answer-is made up of people and their devices. like an
unattended laptop was left in a public area
REVIEW QUESTIONS WITH
CORRECT DETAILED ANSWERS
Defense in-depth is? - Answer-It's a layered approach to
vulnerability management that reduces risk.
Defense in-depth strategy? - Answer-perimeter layer
network layer
endpoint layer
application layer
Data layer
Exposure is - Answer-a mistake that can be exploited by a threat.
The common vulnerabilities and
exposures list, or CVE list, - Answer-is an openly accessible dictionary
of known vulnerabilities and exposures.
MITRE is - Answer-a collection of
non-profit research and development centers
The CVE list tests four criteria that
a vulnerability must have before it's assigned an ID. - Answer-1.independent of other
issues ,fixed without having to fix something else.
2.recognized as a potential security risk by whoever reports it.
3.vulnerability must be submitted with supporting evidence.
4.the reported vulnerability
can only affect one codebase,
What which is
a measurement system that scores
the severity of a vulnerability. 0- 10 - Answer-Common vulnerability scoring system,
or CVSS,
4.0 CVSS is considered - Answer-low risk
OSWASP is? - Answer-is a nonprofit open source foundation that works to improve the
securing the web and software.
OSINT is? - Answer-Open source intelligence.
,OSINT is used for? - Answer-used to support cybersecurity activities, like identifying
potential threats and vulnerabilities.Tool used in gathering intelligence
Name some tool used in gathering intelligence - Answer-VirusTotal
MITRE Attack
OSINT fRAMEWORK
Have I been Pwned
The perimeter layer consists of - Answer-authentication technologies that let verified
users in
The network layer is - Answer-associated with authorization controls, like firewalls
Endpoint layer - Answer-
A zero-day refers to? - Answer-an exploit that was previously unknown.
Vulnerability assessment process - Answer-identification
vulnerability anaylsis
risk assessment
remediation
Vulnerability Analysis - Answer-find the source of the problem.
risk assessment - Answer-a score is assigned, how severe and likelihood
vulnerability remediation step - Answer-this step that the vulnerabilities
that can impact the organization are addressed.
A vulnerability scanner - Answer-In general, these tools scan systems to find
misconfigurations or programming flaws.
Authenticated and unauthenticated scans are? - Answer-simulate whether or not a user
has access to a system.
Limited scans analyze - Answer-particular devices on a network, like searching for
misconfigurations on a firewall
Comprehensive scans analyze - Answer-all devices connected to a network. This
includes operating systems, user databases, and more.
A patch update - Answer-is a software and operating system update that addresses
security vulnerabilities within a program or product.
, What are the benefits of manual update deployment strategies? - Answer-control, in
case you have doubts
Penetration Testing - Answer-or pen test, is a simulated attack that helps identify
vulnerabilities in systems, networks, websites, applications, and processes.
Red team tests - Answer-simulate attacks to identify vulnerabilities in systems,
networks, or applications by independent pen testers
Blue team tests - Answer-focus on defense and incident response to validate an
organization's existing security systems.
Purple team tests - Answer-collaborative, focusing on improving the security posture of
the organization by combining elements of red and blue team exercises.
3 common pen test strategies? - Answer-Open-box testing
Close-box testing
Partial knowledge testing
Open-box testing - Answer-is when the tester has the same privileged access that an
internal developer would have—information like system architecture, data flow, and
network diagrams
Close-box testing - Answer-is when the tester has little to no access to internal
systems—similar to a malicious hacker
Partial knowledge testing - Answer-is when the tester has limited access and knowledge
of an internal system—for example, a customer service representative.
Fill in the blank: A vulnerability _________ refers to the internal review process of an
organization's security systems. - Answer-ASSESSMENT
What are the goals of a vulnerability assessment? Select two answers. - Answer-to
identify existing weaknesses and reduce overall threat exposure.
What are two types of vulnerability scans? Select two answers. - Answer-Authenticated
or unauthenticated and limited or comprehensive are two types of vulnerability scans.
Internal and external is another common type of vulnerability scanning.
An attack surface is - Answer-all the potential vulnerabilities that a threat actor could
exploit.
physical attack surface - Answer-is made up of people and their devices. like an
unattended laptop was left in a public area
