CPTIA Practice Questions

Which of the following risk management processes identifies the risks, estimates the impact, and determines sources to recommend proper mitigation measures?

In which of the following phases of incident handling and response (IH&R) process the identified security incidents are analyzed, validated, categorized, and prioritized?

Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company.

While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of

jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.

In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

During the process of detecting and containing malicious emails, incident responders

should examine the originating IP address of the emails.

The steps to examine the originating IP address are as follow:

1. Search for the IP in the WHOIS database

2. Open the email to trace and find its header

3. Collect the IP address of the sender from the header of the received mail

4. Look for the geographic address of the sender in the WHOIS database

Identify the correct sequence of steps to be performed by the incident responders to

examine originating IP address of the emails.

Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk.

What mistake Sam did that led to this situation?

SWA Cloud Services added PKI as one of their cloud security controls. What does PKI stand for?

SecurityTech Inc. is developing a TI plan where it can drive more advantages in less funds. In the process of selecting a TI platform, it wants to incorporate a feature that ranks elements such as intelligence sources, threat actors, attacks, and digital assets of the organization, so that it can put in more funds toward the resources which are critical for the organization’s security.

Which of the following key features should SecurityTech Inc. consider in their TI plan for selecting the TI platform?

Darwin is an attacker residing within the organization and is performing network

sniffing by running his system in promiscuous mode. He is capturing and viewing all

the network packets transmitted within the organization. Edwin is an incident handler

in the same organization.

In the above situation, which of the following Nmap commands Edwin must use to

detect Darwin’s system that is running in promiscuous mode?

John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.

Identify Sarbanes–Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of

securities analysts.