01. Shawn, a forensic officer, was appointed to investigate a crime scene that had occurred at a coffee shop. As a part of investigation, Shawn collected the mobile device from the victim, which may contain potential evidence to identify the culprits.
Which of the following points must Shawn follow while preserving the digital evidence?
(Choose three.)
a) Never record the screen display of the device
b) Do not turn the device ON if it is OFF
c) Do not leave the device as it is if it is ON
d) Make sure that the device is charged
02. An organization hired a network operations center (NOC) team to protect its IT infrastructure from external attacks. The organization utilized a type of threat intelligence to protect its resources from evolving threats.
The threat intelligence helped the NOC team understand how attackers are expected to perform an attack on the organization, identify the information leakage, and determine the attack goals as well as attack vectors.
Identify the type of threat intelligence consumed by the organization in the above scenario.
a) Operational threat intelligence
b) Strategic threat intelligence
c) Technical threat intelligence
d) Tactical threat intelligence
03. Which security measure can help prevent SQL injection attacks?
(Select all that apply)
a) Input validation
b) Cross-site scripting (XSS)
c) Using weak passwords
d) Code obfuscation
04. During which phase of the incident response process are containment and eradication activities performed?
a) Preparation
b) Recovery
c) Containment
d) Detection and analysis
05. What is the key difference between a disaster recovery plan and a business continuity plan?
a) Disaster recovery plans focus on data backup, while business continuity plans focus on personnel safety.
b) Disaster recovery plans are concerned with technology recovery, while business continuity plans cover all aspects of business operations.
c) Disaster recovery plans are only applicable to natural disasters, while business continuity plans cover man-made incidents.
d) Disaster recovery plans are shorter and simpler than business continuity plans.
06. In an incident response plan, what are the phases of the incident response lifecycle?
(Select all that apply)
a) Detection and analysis
b) Recovery
c) Prevention
d) Containment
07. Tristan, a professional penetration tester, was recruited by an organization to test its network infrastructure. The organization wanted to understand its current security posture and its strength in defending against external threats.
For this purpose, the organization did not provide any information about their IT infrastructure to Tristan. Thus, Tristan initiated zero-knowledge attacks, with no information or assistance from the organization.
Which of the following types of penetration testing has Tristan initiated in the above scenario?
a) Black-box testing
b) White-box testing
c) Gray-box testing
d) Translucent-box testing
08. Andre, a security professional, was tasked with segregating the employees’ names, phone numbers, and credit card numbers before sharing the database with clients. For this purpose, he implemented a deidentification technique that can replace the critical information in database fields with special characters such as asterisks (*) and hashes (#).
Which of the following techniques was employed by Andre in the above scenario?
a) Tokenization
b) Masking
c) Hashing
d) Bucketing
09. Which of the following are examples of physical security controls?
(Select all that apply)
a) Security guards
b) Firewalls
c) Biometric access control
d) Encryption algorithms
10. What can be used to ensure data confidentiality?
(Select all that apply)
a) Access control lists (ACLs)
b) Encryption
c) Regular system backups
d) Social engineering