Cybersecurity Test

According to the shared responsibility model, which cloud computing model places the most responsibility on the cloud service provider (CSP)?

HYBRID CLOUD

SOFTWARE AS A SERVICE (SAAS)

PLATFORM AS A SERVICE (PAAS)

INFRASTRUCTURE AS A SERVICE (IAAS)

Which option removes the risk of multitenancy in cloud computing?

PAAS

PUBLIC CLOUD

PRIVATE CLOUD

IAAS

Your organization recently implemented a unified messaging solution and VoIP phones on every desktop. You are responsible for researching the vulnerabilities of the VoIP system. Which type of attack are VoIP phones most vulnerable to experiencing?

DENIAL-OF-SERVICE

BRUTE FORCE ATTACKS

MALWARE

BUFFER OVERFLOW

Which security control cannot produce an active response to a security event?

CLOUD ACCESS SECURITY BROKER (CASB)

INTRUSION PREVENTION SYSTEM (IPS)

INTRUSION DETECTION SYSTEM (IDS)

NEXT GENERATION FIREWALL

Packet sniffer is also called _.

SIEM

UTM

PROTOCOL ANALYZER

DATA SINK

Which option tests code while it is in operation?

CODE REVIEW

CODE ANALYSIS

STATIC ANALYSIS

DYNAMIC ANALYSIS

Which option describes testing that individual software developers can conduct on their own code?

GRAY BOX TESTING

INTEGRATION TESTING

WHITE BOX TESTING

UNIT TESTING

In black box penetration testing, what information is provided to the tester about the target environment?

NONE

LIMITED DETAILS OF SERVER AND NETWORK INFRASTRUCTURE

ALL INFORMATION

LIMITED DETAILS OF SERVER INFRASTRUCTURE

Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?

INTRUSION PREVENTION SYSTEM (IPS)

NEXT GENERATION FIREWALL

CLOUD ACCESS SECURITY BROKER (CASB)

INTRUSION DETECTION SYSTEM (IDS)

Which option describes the best defense against collusion?

MONITORING OF NORMAL EMPLOYEE SYSTEM AND DATA ACCESS PATTERNS

APPLYING SYSTEM AND APPLICATION UPDATES REGULARLY

FAULT TOLERANT INFRASTRUCTURE AND DATA REDUNDANCY

SEPARATION OF DUTIES AND JOB ROTATION

During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time?

RAINBOW TABLE ATTACK

PASS-THE-HASH ATTACK

PASSWORD SPRAY ATTACK

BRUTE FORCE ATTACK

You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?

FILE HASH

ASYMMETRIC ENCRYPTION

DIGITAL SIGNATURE

SYMMETRIC ENCRYPTION

What is the difference between DRP and BCP

DRP WORKS TO KEEP A BUSINESS UP AND RUNNING DESPITE A DISASTER. BCP WORKS TO RESTORE THE ORIGINAL BUSINESS CAPABILITIES.

BCP WORKS TO KEEP A BUSINESS UP AND RUNNING DESPITE A DISASTER. DRP WORKS TO RESTORE THE ORIGINAL BUSINESS CAPABILITIES.

BCP IS PART OF DRP.

DRP IS PART OF BCP.

Which aspect of cybersecurity do Distributed Denial of Service (DDoS) attacks affect the most?

NON-REPUDIATION

INTEGRITY

AVAILABILITY

CONFIDENTIALITY

You need to recommend a solution to automatically assess your cloud-hosted VMs against CIS benchmarks to identify deviations from security best practices. What type of solution should you recommend?

CLOUD SECURITY POSTURE MANAGEMENT (CSPM)

INTRUSION DETECTION AND PREVENTION SYSTEM (IDPS)

CLOUD WORKLOAD PROTECTION PLATFORMS (CWPP)

CLOUD ACCESS SECURITY BROKERS (CASBS)

_ validates the integrity of data files.

COMPRESSION

HASHING

SYMMETRIC ENCRYPTION

STENOGRAPHY

You are part of of an incident response team at your company. While sifting through log files collected by a SIEM, you discover some suspicious log entries that you want to investigate further. Which type of the following best refers to those recorded activities demanding additional scrutiny?

ATTACK

INFORMATION

THREAT

EVENT

Which is an example of privacy regulation at the state government level in the U.S.?

CCPA

GDPR

NIST PRIVACY FRAMEWORK

OSPF

What is the term for the policies and technologies implemented to protect, limit, monitor, audit, and govern identities with access to sensitive data and resources?

IDENTITY AND ACCESS MANAGEMENT (IAM)

PRIVILEGED ACCOUNT MANAGEMENT (PAM)

AUTHENTICATION AND AUTHORIZATION

LEAST PRIVILEGE

You have configured audit settings in your organization's cloud services in the event of a security incident. What type of security control is an audit trail?

PREVENTIVE CONTROL

DETECTIVE CONTROL

DIRECTIVE CONTROL

CORRECTIVE CONTROL

You have configured the audit settings in your organization's cloud services in the event of a security incident. What type of security control is an audit trail?

PREVENTIVE CONTROL

DIRECTIVE CONTROL

DETECTIVE CONTROL

CORRECTIVE CONTROL

What is the name for a short-term interruption in electrical power supply?

GRAYOUT

BLACKOUT

BROWNOUT

WHITEOUT

Your security team recommends adding a layer of defense against emerging persistent threats and zero-day exploits for all endpoints on your network. The solution should offer protection from external threats for network-connected devices, regardless of operating system. Which solution is best suited to meet this requirement?

SECURITY INFORMATION EVENT MANAGEMENT (SIEM)

EXTENDED DETECTION AND RESPONSE (XDR)

NEXT GENERATION FIREWALL (NGFW)

CLOUD APP SECURITY BROKER (CASB)

Which is not a threat modeling methodology?

TRIKE

TOGAF

STRIDE

MITRE ATT&CK

You organization is conducting a pilot deployment of a new e-commerce application being considered for purchase. You need to recommend a strategy to evaluate the security of the new software. Your organization does not have access to the application's source code. Which strategy should you choose?

DYNAMIC APPLICATION SECURITY TESTING

UNIT TESTING

WHITE BOX TESTING

STATIC APPLICATION SECURITY TESTING

You need to disable the camera on corporate devices to prevent screen capture and recording of sensitive documents, meetings, and conversations. Which solution would be be suited to the task?

MOBILE DEVICE MANAGEMENT (MDM)

DATA LOSS PREVENTION (DLP)

INTRUSION DETECTION AND PREVENTION SYSTEM (IDPS)

CLOUD ACCESS SECURITY BROKER (CASB)

How many keys would be necessary to accomodate 100 users in an asymmetric cryptography system?

200

400

100

300

Two competing online retailers process credit card transactions for customers in countries on every continent. One organization is based in the United States. The other is based in the Netherlands. With which regulation must both countries comply while ensuring the security of these transactions?

FEDERAL INFORMATION SECURITY MANAGMENT ACT (FISMA)

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI-DSS)

GENERAL DATA PROTECTION REGULATION (GDPR)

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION AND INTERNATION ELECTRONICAL COMMISSION (ISO/IEC 27018)

What provides a common language for describing security incidents in a structures and repeatable manner?

COMMON EVENT FORMAT

COMMON WEAKNESS ENUMERATION

COMMON VULNERABILTIES AND EXPOSURES

COMMON VULNERABILITY SCORING SYSTEM

Which type of application can intercept sensative information such as passwoprds on a network segment?

LOG SERVER

NETWORK SCANNER

FIREWALL

PROTOCOL ANALYZER

An attacker has discovered that they can deduce a sensitive piece of confidential information by analyzing multiple pieces of less sensative public data.

AGGREGATION

INFERENCE

SQL INJECTION

CROSS-ORIGIN RESOUCE SHARING

What act grants an authenticated party permission to perform an action or access a resource?

ZERO TRUST SECURITY

ROLE-BASED ACCESS CONTROL (RBAC)

AUTHORIZATION

SINGLE SIGN-ON

According to GDPR, a data _____ is the person about whom data is being collected.

PROCESSOR

OBJECT

SUBJECT

CONTROLLER

Which is not a principle of zero trust security?

USE LEAST PRIVILEGE ACCESS

VERIFY EXPLICITLY

TRUST BUT VERIFY

ASSUME BREACH

Which attack exploits input validation vulnerabilities?

ARP SPOOFING

PHARMING ATTACKS

CROSS-SITE SCRIPTING (XSS)

DNS POISONING

You are a security analyst, and you receive a text message alerting you of a possible attack. Which security control is the least likely to produce this type of alert?

IDS

SIEM

PACKET SNIFFER

IPS

Your Name: (required)
Your Email: (required)
Skype Username:
Exams you want to pass:

Exam Type:	Cybersecurity MCQ Skill Test
Questions Type:	Multiple Choice Questions
Total Questions:	36
Time Limit:	30 Minutes
Last Update	July, 2025

Pass Cybersecurity Exam

Cybersecurity Quiz

According to the shared responsibility model, which cloud computing model places the most responsibility on the cloud service provider (CSP)?

Which option removes the risk of multitenancy in cloud computing?

Your organization recently implemented a unified messaging solution and VoIP phones on every desktop. You are responsible for researching the vulnerabilities of the VoIP system. Which type of attack are VoIP phones most vulnerable to experiencing?

Which security control cannot produce an active response to a security event?

Packet sniffer is also called _.

Which option tests code while it is in operation?

Which option describes testing that individual software developers can conduct on their own code?

In black box penetration testing, what information is provided to the tester about the target environment?

Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?

Which option describes the best defense against collusion?

During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time?

You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?

What is the difference between DRP and BCP

Which aspect of cybersecurity do Distributed Denial of Service (DDoS) attacks affect the most?

You need to recommend a solution to automatically assess your cloud-hosted VMs against CIS benchmarks to identify deviations from security best practices. What type of solution should you recommend?

_ validates the integrity of data files.

You are part of of an incident response team at your company. While sifting through log files collected by a SIEM, you discover some suspicious log entries that you want to investigate further. Which type of the following best refers to those recorded activities demanding additional scrutiny?

Which is an example of privacy regulation at the state government level in the U.S.?

What is the term for the policies and technologies implemented to protect, limit, monitor, audit, and govern identities with access to sensitive data and resources?

You have configured audit settings in your organization's cloud services in the event of a security incident. What type of security control is an audit trail?

You have configured the audit settings in your organization's cloud services in the event of a security incident. What type of security control is an audit trail?

What is the name for a short-term interruption in electrical power supply?

Which is not a threat modeling methodology?

You organization is conducting a pilot deployment of a new e-commerce application being considered for purchase. You need to recommend a strategy to evaluate the security of the new software. Your organization does not have access to the application's source code. Which strategy should you choose?

You need to disable the camera on corporate devices to prevent screen capture and recording of sensitive documents, meetings, and conversations. Which solution would be be suited to the task?

How many keys would be necessary to accomodate 100 users in an asymmetric cryptography system?

Two competing online retailers process credit card transactions for customers in countries on every continent. One organization is based in the United States. The other is based in the Netherlands. With which regulation must both countries comply while ensuring the security of these transactions?

What provides a common language for describing security incidents in a structures and repeatable manner?

Which type of application can intercept sensative information such as passwoprds on a network segment?

An attacker has discovered that they can deduce a sensitive piece of confidential information by analyzing multiple pieces of less sensative public data.

What act grants an authenticated party permission to perform an action or access a resource?

According to GDPR, a data _____ is the person about whom data is being collected.

Which is not a principle of zero trust security?

Which attack exploits input validation vulnerabilities?

You are a security analyst, and you receive a text message alerting you of a possible attack. Which security control is the least likely to produce this type of alert?

Cybersecurity Test Explained