Imagine a scenario where a company, Tech Innovations, implements single sign-on (SSO) for their employees, including Evelyn, Nora, and Liam, to access multiple systems. What is the biggest disadvantage of this approach?

It introduces a single point of failure

The identity provider issues the authorization

Systems must be configured to utilize the federation

Users need to authenticate with each server as they log on

Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach?

Require data at rest encryption on all endpoints

Require data masking for any information stored in the database

Require all new employees to sign an NDA

Require a VPN to be utilized for all telework employees

A cybersecurity analyst, David, is reviewing the logs of a proxy server and saw the following URLs:

Insecure direct object reference

During a routine check, Mason discovers an unknown application running on the company's server. What is the primary purpose of Mason using vulnerability scanning in this scenario?

To identify security weaknesses

During a cybersecurity project, David, Jackson, and Mason discovered that a competitor's web server was compromised to leak sensitive project data. After a detailed investigation, they found that a rootkit had altered the server's BIOS. Once they removed the rootkit and restored the BIOS with a secure version, they pondered on the best method to safeguard the BIOS from future attacks.

Install an anti-malware application

Utilize file integrity monitoring

Evelyn is part of the IT security team at TechSecure, a company focused on enhancing their security infrastructure. She is exploring the use of a TPM to bolster their defenses. Which of the following functions is not typically provided by a TPM? - Remote attestation - Random number generation - Sealing - Secure generation of cryptographic keys - Binding - User authentication

Secure generation of cryptographic keys

Imagine a scenario where a company, CyberTech Inc., has just detected a security breach. Oliver, the head of the Incident Response Team, is tasked with managing the situation. What is the correct order of the Incident Response process that Oliver and his team should follow?

Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned

Containment, Eradication, Identification, Lessons learned, Preparation, and Recovery

Identification, Containment, Eradication, Preparation, Recovery, and Lessons Learned

Lessons Learned, Recovery, Preparation, Identification, Containment, and Eradication

Imagine Mason has implemented the final set of security controls for his company's data system, but discovers that not all risks are eliminated. What should Mason do NEXT?

Mason should accept the risk if the residual risk is low enough

Mason should ignore any remaining risk

Mason should remove the current controls since they are not completely effective

Mason should continue to apply additional controls until there is zero risk

You have been hired as a consultant to help Dion Training develop a new disaster recovery plan. Dion Training has recently grown in the number of employees and information systems infrastructure used to support its employees, including Ava, Arjun, and Evelyn among its faculty. Unfortunately, Dion Training does not currently have any documentation, policies, or procedures for its student and faculty networks. What is the first action you should take to assist them in developing a disaster recovery plan?

Identify the organization's assets

Develop a data retention policy

A cybersecurity analyst is analyzing what they believe to be an active intrusion into their network. The indicator of compromise maps to a suspected nation-state group that has strong financial motives, APT 38. Unfortunately, the analyst finds their data correlation lacking and cannot determine which assets have been affected, so they begin to review the list of network assets online. The following servers are currently online: PAYROLL_DB, DEV_SERVER7, FIREFLY, DEATHSTAR, THOR, and DION. Which of the following actions should the analyst conduct first?

Conduct a data criticality and prioritization analysis

Conduct a Nessus scan of the FIREFLY server

Hardening the DEV_SERVER7 server

Logically isolate the PAYROLL_DB server from the production network

Benjamin, Henry, and David are part of a startup focused on developing innovative software solutions. Their startup needs to efficiently test their applications across various operating systems without investing in multiple physical machines. Which of the following solutions would BEST meet their startup's requirements?

Purchase a high-end computer that has a lot of CPU cores and RAM, install a hypervisor, and configure a virtual machine for each operating system that will be used to test the applications being developed

Purchase multiple workstations, install a VM on each one, then install one operating system that will be used to test the applications being developed in each VM

Purchase one computer, install an operating system on it, create an image of the system, then reformat it, install the next operating system, create another image, and reimage the machine each time you need to test a different application

Purchase multiple inexpensive workstations and install one operating system that will be used to test the applications being developed on each workstation

Imagine Anika's tech startup is scaling up rapidly, and they decide to transition from traditional data centers to infrastructure-as-a-service (IaaS) hosting to enhance their operational efficiency. In this scenario, which technique should Anika's team employ to minimize the risk of data remanence when relocating virtual hosts across servers in the cloud environment?

Zero-wipe drives before moving systems

Span multiple virtual disks to fragment data

During a routine security audit, Liam, the network analyst at a local university, discovers multiple unauthorized access attempts to the campus's networked HVAC control system via the open wireless network provided for students and visitors. The open wireless network is essential for campus connectivity but poses a risk to sensitive systems. How can Liam prevent this type of security breach in the future without restricting network access for guests?

Implement a VLAN to separate the HVAC control system from the open wireless network

Install an IDS to protect the HVAC system

Enable WPA2 security on the open wireless network

Enable NAC on the open wireless network

Penn Test

Authored by Hazem Saleh

Computers

12th Grade

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

70 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

After Samuel forensically imaged a hard drive from a company's server as part of an investigation into a suspected data breach, which of the following actions should he perform FIRST to ensure the evidence is properly handled?

Encrypt the source drive to ensure an attacker cannot modify its contents

Create a hash digest of the source drive and the image file to ensure they match

Digitally sign the image file to provide non-repudiation of the collection

Encrypt the image file to ensure it maintains data integrity

Answer explanation

Creating a hash digest of the source drive and the image file is the first step to ensure data integrity and verify they match, maintaining the evidence's integrity.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Imagine Luna is monitoring a web application for a school project and notices some unusual data patterns. Which of the following tools could Luna use to detect this unexpected output from the application being managed or monitored?

Manual analysis

A behavior-based analysis tool

A signature-based detection tool

A log analysis tool

Answer explanation

Luna should use a behavior-based analysis tool to detect unexpected output as it focuses on identifying abnormal patterns in the data.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Imagine your company, led by Lily and Grace, processes payment information and must adhere to PCI-DSS standards. Anika, the security lead, discovers a data breach. What type of disclosure is required during the incident response?

Notification to federal law enforcement

Notification to your credit card processor

Notification to local law enforcement

Notification to Visa and Mastercard

Answer explanation

During a data breach incident response, notification to your credit card processor is required to adhere to PCI-DSS standards.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

During a forensic investigation of a high-profile data breach at a multinational corporation, what information should be recorded on a chain of custody form?

Any individual who worked with evidence during the investigation, including IT specialists like Ava and forensic analysts like Avery

The law enforcement agent, such as Detective Sophia, who was first on the scene

The list of individuals who made contact with files leading to the investigation, including employees and external consultants

The list of former owners/operators of the workstation involved in the investigation, including previous employees and contractors

Answer explanation

The chain of custody form should record any individual who worked with evidence during the investigation, including IT specialists like Ava and forensic analysts like Avery.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Barbara received a phone call from a colleague asking why she sent him an email with lewd and unusual content. Barbara doesn't remember sending the email to the colleague. What is Barbara MOST likely the victim of?

Ransomware

Spear phishing

Hijacked email

Phishing

Answer explanation

Barbara is most likely the victim of a hijacked email because she doesn't remember sending the lewd email, indicating someone else gained unauthorized access to her email account.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Michael is tasked with enhancing the security measures of his company's website and decides to analyze its DNS records to better understand its network setup. In his analysis, he opts to use nslookup in interactive mode. Which command should he use to specifically request records for the name servers?

request type=ns

locate type=ns

transfer type=ns

set type=ns

Answer explanation

Olivia should use the 'set type=ns' command in nslookup interactive mode to specifically request records for the name servers.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

During a high-security clearance process at a research facility, Michael is asked to authenticate his identity through a system that matches patterns on the eye's surface using near-infrared imaging. Which biometric authentication factor is being used?

Facial recognition

Iris scan

Pupil dilation

Retinal scan

Answer explanation

The correct biometric authentication factor being used in the scenario described is an Iris scan, which matches patterns on the eye's surface using near-infrared imaging.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

72 questions

Всё об Excel

Quiz

•

1st - 12th Grade

70 questions

Communication Skills Quiz

Quiz

•

9th Grade - University

75 questions

COMPUTER 1

Quiz

•

12th Grade

71 questions

Tin học cuối HKII

Quiz

•

12th Grade

70 questions

WAL Quiz

Quiz

•

12th Grade

75 questions

APCS Principles Practice Exam

Quiz

•

8th Grade - University

72 questions

Server, Konsola, Virtual, AD, DHCP, DNS, NAT, IIS, FTP

Quiz

•

7th Grade - Professio...

71 questions

Final exam Review

Quiz

•

9th - 12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

18 questions

[AP CSP] JavaScript Programming Lesson 2025-2026

Lesson

•

9th - 12th Grade

Penn Test

After Samuel forensically imaged a hard drive from a company's server as part of an investigation into a suspected data breach, which of the following actions should he perform FIRST to ensure the evidence is properly handled?

Creating a hash digest of the source drive and the image file is the first step to ensure data integrity and verify they match, maintaining the evidence's integrity.

Imagine Luna is monitoring a web application for a school project and notices some unusual data patterns. Which of the following tools could Luna use to detect this unexpected output from the application being managed or monitored?

Luna should use a behavior-based analysis tool to detect unexpected output as it focuses on identifying abnormal patterns in the data.

Imagine your company, led by Lily and Grace, processes payment information and must adhere to PCI-DSS standards. Anika, the security lead, discovers a data breach. What type of disclosure is required during the incident response?

During a data breach incident response, notification to your credit card processor is required to adhere to PCI-DSS standards.

During a forensic investigation of a high-profile data breach at a multinational corporation, what information should be recorded on a chain of custody form?

The chain of custody form should record any individual who worked with evidence during the investigation, including IT specialists like Ava and forensic analysts like Avery.

Barbara received a phone call from a colleague asking why she sent him an email with lewd and unusual content. Barbara doesn't remember sending the email to the colleague. What is Barbara MOST likely the victim of?

Barbara is most likely the victim of a hijacked email because she doesn't remember sending the lewd email, indicating someone else gained unauthorized access to her email account.

Olivia should use the 'set type=ns' command in nslookup interactive mode to specifically request records for the name servers.

During a high-security clearance process at a research facility, Michael is asked to authenticate his identity through a system that matches patterns on the eye's surface using near-infrared imaging. Which biometric authentication factor is being used?

The correct biometric authentication factor being used in the scenario described is an Iris scan, which matches patterns on the eye's surface using near-infrared imaging.

An attacker recently compromised an e-commerce website for a clothing store. Which of the following methods did the attacker use to harvest an account's cached credentials when the user logged into an SSO system?

The attacker used 'Pass the hash' method to harvest an account's cached credentials when the user logged into an SSO system.

At a university, students like Scarlett, Avery, and Elijah are trying to connect to the campus Wi-Fi but appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?

The most likely cause of the issue is RADIUS authentication failure, which is commonly used for captive portal authentication in universities.

VLAN is the most suitable technology for segmenting the corporate network into an administrative network and an untrusted network.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers