CPTIA Practice Test Questions

135 Questions


Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?


A. Unknown unknowns


B. Unknowns unknown


C. Known unknowns


D. Known knowns





C.   Known unknowns

Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk.
What mistake Sam did that led to this situation?


A. Sam used unreliable intelligence sources.


B. Sam used data without context.


C. Sam did not use the proper standardization formats for representing threat data.


D. Sam did not use the proper technology to use or consume the information.





A.   Sam used unreliable intelligence sources.

Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wireshark to analyze the traffic. What filter did he use to identify ICMP ping sweep attempts?


A. tcp.typc == icmp


B. icrrip.lype == icmp


C. icmp.type == 8 or icmp.type ==0


D. udp.lype — 7





C.   icmp.type == 8 or icmp.type ==0

Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?


A. behaviorial analysis


B. Physical detection


C. Profiling


D. Mole detection





A.   behaviorial analysis

John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.


A. War driving


B. Pharming


C. Skimming


D. Pretexting





B.   Pharming

Which of the following components refers to a node in the network that routes the traffic from a workstation to external command and control server and helps in identification of installed malware in the network?


A. Repeater


B. Gateway


C. Hub


D. Network interface card (NIC)





B.   Gateway

Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target’s network?


A. Risk tolerance


B. Timeliness


C. Attack origination points


D. Multiphased





D.   Multiphased

Investigator Ian gives you a drive image to investigate. What type of analysis are you performing?


A. Real-time


B. Static


C. Dynamic


D. Live





B.   Static

Which of the following GPG18 and Forensic readiness planning (SPF) principles states that “organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business”?


A. Principle 3


B. Principle 2


C. Principle 5


D. Principle 7





C.   Principle 5

The following steps describe the key activities in forensic readiness planning:

1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handling and storing the collected evidence 8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption

Identify the correct sequence of steps involved in forensic readiness planning.


A. 2-->3-->1-->4-->6-->5-->7-->8


B. 3-->4-->8-->7-->6-->1-->2-->5


C. 3-->1-->4-->5-->8-->2-->6-->7


D. 1-->2-->3-->4-->5-->6-->7-->8





B.   3-->4-->8-->7-->6-->1-->2-->5

Which of the following has been used to evade IDS and IPS?


A. Fragmentation


B. TNP


C. HTTP


D. SNMP





A.   Fragmentation

Drake is an incident handler in Dark CLoud Inc. He is intended to perform log analysis in order to detect traces of malicious activities within the network infrastructure.
Which of the following tools Drake must employ in order to view logs in real time and identify malware propagation within the network?


A. Splunk


B. HULK


C. Hydra


D. LOIC





A.   Splunk


Page 3 out of 12 Pages
Previous