Question 1 - multiple choice, shuffle, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

In the context of the Cyber Kill Chain, what is the primary goal during the 'Delivery' stage?

*A: To transmit the malicious payload to the target system

Feedback: Correct! The Delivery stage focuses on transmitting the malicious payload.

B: To exploit vulnerabilities in the target system

Feedback: Incorrect. Exploiting vulnerabilities happens in a later stage.

C: To gather intelligence about the target system

Feedback: Incorrect. Intelligence gathering typically occurs in the earlier Reconnaissance stage.

D: To establish a command-and-control channel

Feedback: Incorrect. Establishing command and control happens after the Delivery stage.

Question 2 - text match, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

What is the term for the practice of proactively searching through networks or datasets to detect and
isolate advanced threats that evade existing security solutions? Please answer in all lowercase.

*A: threathunting

Feedback: Correct! Threat hunting involves proactively searching for advanced threats.

*B: threathunt

Feedback: Correct! Threat hunt is another term used for threat hunting.

*C: threat hunting

Feedback: Correct! Threat hunting involves proactively searching for advanced threats.
Default Feedback: Incorrect. This term refers to activities aimed at identifying and mitigating hidden
threats in cybersecurity.

Question 3 - checkbox, shuffle, partial credit, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

Select all that apply: Which of the following are key components of a SIEM solution?

*A: Event Collection

Feedback: Correct! Event collection is a crucial component of SIEM solutions.

B: User Authentication

Feedback: Incorrect. User Authentication is important for security but is not a core component of SIEM.

*C: Correlation Engine

Feedback: Correct! Correlation engines are essential in analyzing and correlating events in SIEM
solutions.

*D: Incident Response

Feedback: Correct! Incident response is an integral part of SIEM solutions to manage and respond to
threats.

E: Web Hosting

Feedback: Incorrect. Web hosting is not related to SIEM solutions.

Question 4 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Identify and utilize various sources of threat intelligence.

Which of the following is a key component of threat intelligence in cybersecurity?

*A: Indicators of Compromise (IoCs)

Feedback: Correct! Indicators of Compromise (IoCs) are critical in identifying and understanding
threats.
B: Network Address Translation (NAT)

Feedback: Incorrect. NAT is related to IP address management and not specifically to threat intelligence.

C: Virtual Private Network (VPN)

Feedback: Incorrect. A VPN is a technology for creating secure network connections, not a core
component of threat intelligence.

D: Hypertext Transfer Protocol (HTTP)

Feedback: Incorrect. HTTP is a protocol for data communication on the web, not related to threat
intelligence.

Question 5 – numeric, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

Within what range of years did Security Information and Event Management (SIEM) solutions start to
gain popularity?2005

*A: [2005, 2010]

Feedback: Correct! SIEM solutions started gaining popularity between 2005 and 2010.

Default Feedback: Incorrect. SIEM solutions gained popularity in the mid-2000s.

Question 6 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Illustrate the role of AI in threat hunting and threat intelligence

How does AI benefit threat intelligence?

*A: By automating data analysis to detect patterns and anomalies quickly

Feedback: Correct! AI automates data analysis to quickly detect patterns and anomalies, enhancing
threat intelligence.

B: By replacing human cybersecurity experts

Feedback: Incorrect. AI assists but does not replace human cybersecurity experts.
C: By managing corporate finances

Feedback: Incorrect. Managing corporate finances is not a role of AI in threat intelligence.

D: By developing marketing campaigns

Feedback: Incorrect. AI in threat intelligence focuses on security, not marketing.

Question 7 - multiple choice, shuffle, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

What is the primary function of Security Information and Event Management (SIEM) solutions?

*A: To collect and analyze security-related data in real-time

Feedback: Correct! SIEM solutions collect and analyze security-related data in real-time to help
organizations detect and respond to threats.

B: To manage network configurations

Feedback: Incorrect. Managing network configurations is not the primary function of SIEM solutions.

C: To automate routine IT tasks

Feedback: Incorrect. While automation can be a feature, it is not the primary function of SIEM
solutions.

D: To provide customer relationship management

Feedback: Incorrect. SIEM solutions are focused on security, not customer relationship management.

Question 8 - checkbox, shuffle, partial credit, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

Which of the following are key components of Cyber Threat Intelligence (CTI) frameworks?

*A: Data collection

Feedback: Correct! Data collection is a fundamental component of CTI frameworks.

B: Financial auditing

Feedback: Incorrect. Financial auditing is not related to CTI frameworks.

*C: Threat analysis

Feedback: Correct! Threat analysis is another crucial component of CTI frameworks.

D: Marketing strategy

Feedback: Incorrect. Marketing strategy is not a component of CTI frameworks.

*E: Threat sharing

Feedback: Correct! Threat sharing is essential for a comprehensive CTI framework.

Question 9 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

What is the main purpose of threat hunting in cybersecurity?

*A: To proactively search for threats before they cause harm

Feedback: Correct! Threat hunting is a proactive approach to identifying and mitigating potential threats
before they can cause damage.

B: To replace automated security tools

Feedback: Not quite. Threat hunting complements automated security tools but does not replace them.

C: To manage firewall settings

Feedback: Incorrect. Managing firewall settings is not the primary purpose of threat hunting.

D: To provide end-user training

Feedback: No, providing end-user training is not the main goal of threat hunting.

Question 10 - text match, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

What term is used to describe the collection and analysis of information about potential threats to an
organization? Please answer in all lowercase.

*A: threatintelligence

Feedback: Correct! Threat intelligence involves the collection and analysis of information about
potential threats.

*B: threat intelligence

Feedback: Correct! Threat intelligence involves the collection and analysis of information about
potential threats.

Default Feedback: Incorrect. Please review the section on threat intelligence to understand the
terminology used.

Question 11 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

How does threat intelligence benefit an organization's security posture?

*A: By providing information on emerging threats

Feedback: Correct! Threat intelligence helps organizations stay informed about emerging threats.

B: By eliminating the need for security policies

Feedback: Incorrect. Threat intelligence does not eliminate the need for security policies.

C: By automating all security processes

Feedback: No, threat intelligence does not automate all security processes.

D: By reducing the need for skilled personnel

Feedback: Wrong. Threat intelligence does not reduce the need for skilled personnel.

Question 12 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

Which of the following practices is essential for effective threat hunting?

*A: Proactively searching through networks to detect hidden threats

Feedback: Correct! Effective threat hunting involves proactively searching for hidden threats.

B: Installing the latest software updates

Feedback: Incorrect. While installing updates is important, it is not the core of threat hunting.

C: Training employees on security policies

Feedback: No, training is important but not directly related to the practice of threat hunting.

D: Backing up data regularly

Feedback: Incorrect. Regular backups are crucial for data safety but not directly related to threat
hunting.

Question 13 - checkbox, shuffle, partial credit, Medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

Select all that apply: Which of the following are stages in the Cyber Kill Chain?

*A: Reconnaissance

Feedback: Correct! Reconnaissance is the first stage in the Cyber Kill Chain.

*B: Weaponization

Feedback: Correct! Weaponization is the second stage in the Cyber Kill Chain.

C: Authentication

Feedback: Incorrect. Authentication is not a stage in the Cyber Kill Chain.

*D: Exfiltration

Feedback: Correct! Exfiltration is one of the later stages in the Cyber Kill Chain.

E: Encryption

Feedback: No, encryption is not a stage in the Cyber Kill Chain.

*F: Delivery

Feedback: Correct! Delivery is the third stage in the Cyber Kill Chain.

Question 14 - multiple choice, shuffle, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Illustrate the role of AI in threat hunting and threat intelligence

In the context of artificial intelligence in cybersecurity, which of the following best describes the
function of anomaly detection?

*A: Identifying unusual patterns or behaviors that may indicate a security threat

Feedback: Correct! Anomaly detection is used to identify unusual patterns or behaviors that could
indicate a security threat.

B: Blocking unauthorized access to network resources

Feedback: Incorrect. Monitoring and analyzing network activity is related but does not specifically
describe anomaly detection.

C: Encrypting data to prevent unauthorized access

Feedback: Incorrect. Encrypting data is about securing information, not detecting anomalies.

D: Generating reports on system performance

Feedback: No, generating reports on system performance is not the primary function of anomaly
detection.

Question 15 - multiple choice, shuffle, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

Which function of SIEM solutions is crucial for helping organizations comply with regulatory
requirements?

*A: Log management

Feedback: Correct! Log management is essential for compliance with regulatory requirements.

B: Alert generation
Feedback: Incorrect. While alert generation is important, it's not specifically tied to compliance
requirements.

C: Threat intelligence

Feedback: Incorrect. Threat intelligence helps identify threats but is not directly related to compliance.

D: Incident response

Feedback: Incorrect. Incident response is about addressing threats, not compliance.

Question 16 - text match, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning Objective: Illustrate the role of AI in threat hunting and threat intelligence

What is the primary role of AI in threat hunting? Please answer in all lowercase.

*A: detection

Feedback: Correct! AI's primary role in threat hunting is detection.

*B: identification

Feedback: Correct! AI's primary role in threat hunting is identification.

*C: analysis

Feedback: Correct! AI's primary role in threat hunting is analysis.

Default Feedback: Incorrect. Remember to review the role of AI in proactive threat identification and
mitigation.

Question 17 - checkbox, shuffle, partial credit, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Illustrate the role of AI in threat hunting and threat intelligence

Which of the following are benefits of using AI in mitigating threats?

*A: Faster threat detection

Feedback: Correct! AI can rapidly analyze large volumes of data to detect threats faster.
*B: Automated response capabilities

Feedback: Correct! AI can automate responses to detected threats.

C: Elimination of false positives

Feedback: Incorrect. While AI reduces false positives, it doesn't eliminate them entirely.

*D: Continuous monitoring

Feedback: Correct! AI enables continuous monitoring of systems for potential threats.

E: Complete immunity to cyberattacks

Feedback: Incorrect. AI improves defense but doesn't grant complete immunity to cyberattacks.

Question 18 - multiple choice, shuffle, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

Which key component of CTI frameworks involves sharing threat intelligence data with other
organizations?

*A: Threat sharing

Feedback: Correct! Threat sharing is crucial for building a collective defense against cyberthreats.

B: Data collection

Feedback: Incorrect. Data collection involves gathering information on potential threats, not sharing it.

C: Threat analysis

Feedback: Incorrect. Threat analysis involves examining collected data to identify potential threats.

D: Incident response

Feedback: Incorrect. Incident response is about reacting to and mitigating detected threats.

Question 19 - checkbox, shuffle, partial credit, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning Objective: Explain the principles and practices of threat hunting.

Which of the following are essential components of a successful threat-hunting program?

*A: Experienced security analysts

Feedback: Correct! Experienced security analysts are crucial for interpreting data and identifying
potential threats.

*B: Real-time threat intelligence

Feedback: Correct! Real-time threat intelligence provides up-to-date information on threats, which is
essential for effective threat hunting.

*C: Automated threat detection tools

Feedback: Correct! Automated threat detection tools help identify potential threats quickly and
efficiently.

D: Static security policies

Feedback: Incorrect. Static security policies do not adapt to new threats and are not sufficient for a
dynamic threat-hunting program.

E: Annual security reviews

Feedback: Incorrect. Annual security reviews are not frequent enough to support a proactive threat-
hunting program.

Question 20 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

What is a primary benefit of incorporating threat intelligence into an organization's security strategy?

*A: Enhanced ability to predict and mitigate potential threats

Feedback: Correct! Incorporating threat intelligence enhances an organization's ability to predict and
mitigate potential threats.

B: Reduced need for security analysts

Feedback: Incorrect. Threat intelligence does not reduce the need for security analysts; it aids them in
making informed decisions.

C: Complete elimination of cyber threats

Feedback: Incorrect.While threat intelligence helps organizations address threats, no solution can
completely eliminate cyber threats.

D: Increased complexity of security systems

Feedback: Incorrect. The goal of threat intelligence is not to increase complexity but to provide
actionable insights for better security decisions.

Question 21 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

Which of the following best describes the role of threat intelligence in cybersecurity?

*A: Providing information about potential threats to help organizations make informed decisions

Feedback: Correct! Threat intelligence involves gathering and analyzing information about threats to
help organizations make informed decisions about their security posture.

B: Actively searching for threats within an organization's network

Feedback: Incorrect. Actively searching for threats within an organization's network is the role of threat
hunting.

C: Automating the process of identifying and mitigating threats

Feedback: Incorrect. Automating the process of identifying and mitigating threats is related to security
tools, not threat intelligence specifically.

D: Implementing security policies and procedures

Feedback: Incorrect. Implementing security policies and procedures is part of an organization's overall
security strategy, not the specific role of threat intelligence.

Question 22 - checkbox, shuffle, partial credit, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

Which of the following are stages in the Cyber Kill Chain?

*A: Reconnaissance
Feedback: Correct! Reconnaissance is the first stage in the Cyber Kill Chain.

*B: Weaponization

Feedback: Correct! Weaponization is the second stage in the Cyber Kill Chain.

C: Eradication

Feedback: Incorrect. Eradication is not one of the stages in the Cyber Kill Chain.

*D: Delivery

Feedback: Correct! Delivery is a crucial stage in the Cyber Kill Chain.

E: Remediation

Feedback: Incorrect. Remediation is not part of the Cyber Kill Chain stages.

Question 23 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Illustrate the role of AI in threat hunting and threat intelligence

Which artificial intelligence technique is commonly used in cybersecurity for anomaly detection?

*A: Machine learning

Feedback: Correct! Machine learning is widely used in cybersecurity for detecting anomalies.

B: Blockchain

Feedback: Incorrect. Blockchain is primarily used for secure transactions, not anomaly detection.

C: Quantum computing

Feedback: Incorrect. Quantum computing is not yet a common technique for anomaly detection in
cybersecurity.

D: Augmented reality

Feedback: Incorrect. Augmented reality is not related to anomaly detection in cybersecurity.

Question 24 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

In threat hunting, what is the primary purpose of creating a hypothesis?

*A: To guide the investigation towards potential threats

Feedback: Correct! Hypotheses help to focus the threat hunting process by providing a direction for
investigation.

B: To develop new security software

Feedback: Incorrect. While exploring approaches can be valuable, this is not the main purpose of
creating a hypothesis in threat hunting.

C: To replace traditional security solutions

Feedback: Incorrect. Hypotheses in threat hunting do not aim to replace existing security solutions.

D: To document all network activities

Feedback: Incorrect. While network activity documentation can be part of the process, it is not the
primary purpose of creating a hypothesis.

Question 25 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

In threat hunting, which stage involves the identification of potential threats through the analysis of log
data, network traffic, and other information sources?

A: Detection Feedback: Detection is important, but the stage involving identification through analysis of
various sources is different.

B: Discovery

Feedback: Discovery is not the stage where potential threats are identified through analysis.

C: Analysis

Feedback: Good try! Analysis is critical in threat hunting but the stage focusing on this aspect has a
specific name.

*D: Investigation
Feedback: Correct! Investigation involves identifying potential threats by analyzing log data, network
traffic, and other information sources.

Question 26 - checkbox, shuffle, partial credit, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Illustrate the role of AI in threat hunting and threat intelligence

Which of the following are benefits of using AI in threat intelligence?

*A: Speed of data processing

Feedback: Correct! AI can process large volumes of data quickly, which is a significant benefit in threat
intelligence.

B: Ability to generate random encryption keys

Feedback: Incorrect. Generating random encryption keys is not a core benefit of AI in threat
intelligence; it is typically handled by cryptographic algorithms.

*C: Improved accuracy in detecting threats

Feedback: Correct! AI improves the accuracy of threat detection by analyzing patterns in data.

*D: Reduced need for human analysts

Feedback: Correct! AI can automate many tasks, reducing the need for human intervention.

E: Better user interface design

Feedback: No, better user interface design is not related to the benefits of AI in threat intelligence.

Question 27 - text match, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

What is the term used for the shared communication and collaboration in Cyber Threat Intelligence
(CTI) frameworks? Please answer in all lowercase. Please answer in all lowercase.

*A: threat sharing

Feedback: Correct! Threat sharing is essential for effective cyber threat intelligence.
*B: sharing

Feedback: Correct! Sharing is essential for effective cyber threat intelligence.

Default Feedback: Incorrect. Consider the terms related to collaboration in CTI frameworks.

Question 28 - text match, easy

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

What term is used to describe the proactive search for cyber threats that are inside the network but have
not yet been detected by automated tools? Please answer in all lowercase.

*A: threat hunting

Feedback: Correct! Threat hunting is the proactive search for cyber threats inside the network.

*B: hunting

Feedback: Close but not quite. The complete term is more accurate.

*C: cyber hunting

Feedback: Incorrect. The term 'cyber hunting' is not commonly used in this context.

*D: proactive hunting

Feedback: Incorrect. Though proactive, the correct term is 'threat hunting'.

*E: threathunting

Feedback: Correct! Threat hunting is the proactive search for cyber threats inside the network.

*F: cyberhunting

Feedback: Incorrect. The term 'cyber hunting' is not commonly used in this context.

*G: proactivehunting

Feedback: Incorrect. Though proactive, the correct term is 'threat hunting'.

Default Feedback: Incorrect. Refer to the lesson materials on proactive threat searches.

Question 29 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

Which of the following best describes the goal of threat intelligence in organizational security?

*A: To provide information on potential threats to help organizations mitigate risks

Feedback: Correct! The primary goal of threat intelligence is to provide information on potential threats
so that organizations can take measures to mitigate these risks.

B: To develop new cybersecurity tools to prevent attacks

Feedback: Not quite. Developing new cybersecurity tools is important, but it's not the main goal of
threat intelligence.

C: To train employees on cybersecurity best practices

Feedback: Training employees is crucial, but this isn’t the main focus of threat intelligence.

D: To monitor network traffic for suspicious activity

Feedback: Monitoring network traffic is important, but that task falls more under the scope of threat
hunting rather than threat intelligence.

Question 30 - checkbox, shuffle, partial credit, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

Select the elements that contribute to a successful threat-hunting program.

*A: Skilled personnel with deep cybersecurity knowledge

Feedback: Correct! Having skilled personnel is essential for a successful threat-hunting program.

*B: A well-defined process and methodology

Feedback: Correct! A structured process and methodology are crucial components.

C: Over-reliance on automation without human oversight

Feedback: Incorrect. While automation can assist, human oversight is critical for effective threat
hunting.
*D: Access to threat intelligence feeds

Feedback: Correct! Threat intelligence feeds can provide valuable information for threat hunting.

E: Security practices focused solely on compliance

Feedback: Incorrect. Focusing only on compliance without proactive measures may leave gaps in threat
detection and response.

*F: Periodic training and continuous learning

Feedback: Correct! Ongoing training helps keep the team updated on the latest threats and techniques.

Question 31 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Describe threat hunting and threat intelligence.

How does threat hunting differ from automated security tools?

*A: Threat hunting involves human analysis while automated tools rely on pre-defined rules

Feedback: Correct! Threat hunting involves human expertise and intuition, which can identify threats
that automated tools may miss.

B: Threat hunting solely relies on machine learning algorithms

Feedback: Not quite. While machine learning can assist, threat hunting predominantly involves human
analysis.

C: Automated tools are more effective than threat hunting

Feedback: Incorrect. While automated tools are valuable, threat hunting brings in human expertise to
identify more complex threats.

D: Threat hunting is only performed after a data breach

Feedback: Incorrect. Threat hunting is a proactive activity, not just a reactive one.

Question 32 - multiple choice, shuffle, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Comprehend SIEM systems and threat intelligence frameworks.

Which of the following best explains how SIEM solutions help organizations identify and mitigate
threats?

*A: By analyzing event data in real-time to detect suspicious activities

Feedback: Correct! SIEM solutions analyze event data in real-time to detect potentially malicious
activities and generate alerts.

B: By storing all company data in a secure location

Feedback: Incorrect. SIEM solutions do not focus on storing data.

C: By performing automated software updates

Feedback: Incorrect. While automated updates are important, they are not the primary function of SIEM
solutions.

D: By managing user access controls

Feedback: Incorrect. Managing user access is a function of access management tools, not SIEM
solutions.

Question 33 - checkbox, shuffle, partial credit, medium

Question category: Module: Threat Hunting and Threat Intelligence

Learning objective: Explain the principles and practices of threat hunting.

Identify the key activities involved in a successful threat-hunting program.

*A: Data collection and analysis

Feedback: Correct! Data collection and analysis are fundamental activities in threat hunting.

B: Setting up automated alerts

Feedback: Incorrect. While useful, automated alerts do not constitute threat hunting.

*C: Hypothesis generation and testing

Feedback: Correct! Threat hunters often generate and test hypotheses to identify potential threats.

D: Conducting passive monitoring only

Feedback: Incorrect. Threat hunting is an active process, not just passive monitoring.
*E: Utilizing threat intelligence reports

Feedback: Correct! Using threat intelligence reports helps inform the threat-hunting process.

Question 34 - checkbox, shuffle, partial credit, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

Which of the following elements is typically included in a penetration testing report?

*A: Executive summary

Feedback: Correct. An executive summary is typically included as it provides a high-level overview of

the findings.

*B: Detailed technical findings

Feedback: Correct. Detailed technical findings are crucial in a penetration testing report.

C: Incident response plan

Feedback: Incorrect! An incident response plan is typically a separate document and not included in a
penetration testing report.

*D: Recommendations for remediation

Feedback: Correct. Recommendations for remediation are an essential part of a penetration testing
report.

Question 35 - text match, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Identify and explain the different phases of penetration testing.

What term is used to describe the process of verifying that vulnerabilities identified during a penetration
test have been fixed? Please answer in all lowercase.

*A: retesting

Feedback: Correct! Retesting is the process of verifying that the identified vulnerabilities have been
fixed.

*B: re-test
Feedback: Correct! Re-test is the process of verifying that the identified vulnerabilities have been fixed.

*C: verification

Feedback: Correct! Verification or retesting are the process of verifying that the identified
vulnerabilities have been fixed.

*D: validation

Feedback: Correct! validation is the process of verifying that the identified vulnerabilities have been
fixed.

Default Feedback: Incorrect. The correct term describes the process of verifying that vulnerabilities have
been fixed.

Question 36 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

What is the primary purpose of the reporting phase in penetration testing?

*A: To document the vulnerabilities found and provide remediation recommendations

Feedback: Correct! The primary purpose of the reporting phase is to document the vulnerabilities and
provide recommendations for remediation.

B: To exploit discovered vulnerabilities for educational purposes

Feedback: Incorrect. Exploiting vulnerabilities for educational purposes is not the primary goal of the
reporting phase.

C: To test the incident response team's reaction

Feedback: Incorrect. Testing the incident response team is part of the testing phase, not the reporting
phase.

D: To secure permission from management to perform further testing

Feedback: Incorrect. Securing permission from management is done before the testing phases, not
during the reporting phase.

Question 37 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

Which of the following should be considered when writing a penetration testing report?

*A: Clarity and conciseness

Feedback: Correct! Clarity and conciseness ensure the report is easily understood by all stakeholders.

B: Prioritizing aesthetics over content

Feedback: Incorrect. While a visually appealing report is helpful, prioritizing aesthetics over meaningful
content reduces its effectiveness.

*C: Actionable recommendations

Feedback: Correct! Actionable recommendations help the organization address the identified
vulnerabilities.

D: Including summaries without specifics

Feedback: Incorrect. Summaries that lack specific details do not provide the actionable insights needed
to address identified vulnerabilities effectively.

*E: Customization for different audiences

Feedback: Correct! Customizing the report for different audiences ensures that relevant information is
communicated effectively.

Question 38 - numeric, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Perform software penetration testing with a focus on code repositories.

During a code repository scan, what percentage range of critical and high-risk vulnerabilities should
ideally be identified and addressed for optimal security?

*A: [90, 100)

Feedback: Correct! Identifying and addressing 90-100% of vulnerabilities is ideal for optimal security.

Default Feedback: Incorrect. Please review the ideal percentage range for identifying and addressing
vulnerabilities during a code repository scan.

Question 39 - text match, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Identify and explain the different phases of penetration testing.

What is one common vulnerability that penetration testing aims to identify? Please answer in all
lowercase.

*A: sqlinjection

Feedback: Correct! SQL Injection is a common vulnerability targeted during penetration tests.

*B: xss

Feedback: Correct! XSS (Cross-Site Scripting) is another common vulnerability found during
penetration tests.

*C: sql injection

Feedback: Correct! SQL Injection is a common vulnerability targeted during penetration tests.

Default Feedback: Incorrect. Please review the common vulnerabilities that penetration testing focuses
on.

Question 40 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Perform software penetration testing with a focus on code repositories.

Which type of application penetration testing focuses on evaluating the security of software without
running it?

*A: Static Application Security Testing (SAST)

Feedback: Correct! SAST evaluates the security of software without executing it.

B: Dynamic Application Security Testing (DAST)

Feedback: Incorrect. DAST involves testing the application in its running state.

C: Interactive Application Security Testing (IAST)

Feedback: Incorrect. IAST combines elements of both static and dynamic testing.

D: Runtime Application Self-Protection (RASP)

Feedback: Incorrect. RASP is a security measure that operates during the runtime of the application.

Question 41 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Perform software penetration testing with a focus on code repositories.

Which of the following is a benefit of scanning code repositories?

*A: Identifying vulnerabilities early in the development process

Feedback: Correct! Early identification of vulnerabilities is crucial for maintaining security.

B: Increasing the size of the codebase

Feedback: Incorrect. Increasing the size of the codebase is not a benefit of scanning code repositories.

C: Reducing the need for manual code reviews

Feedback: Incorrect. While scanning can complement manual code reviews, it does not reduce the need
for them entirely.

D: Improving the aesthetic quality of the code

Feedback: Incorrect. The aesthetic quality of the code is not related to scanning code repositories.

Question 42 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Perform software penetration testing with a focus on code repositories.

What are some key steps for securing applications during software and application penetration testing?

*A: Identifying and mitigating vulnerabilities

Feedback: Correct! Identifying and mitigating vulnerabilities is an essential step in securing

applications.

B: Optimizing the application's runtime performance

Feedback: Incorrect. While optimizing runtime performance is important, it is not a key step in securing
applications during penetration testing.

*C: Conducting code reviews

Feedback: Correct! Conducting code reviews helps identify potential security flaws.

*D: Implementing security patches

Feedback: Correct! Implementing security patches is crucial for maintaining the security of applications.

E: Testing the application's compatibility with different devices

Feedback: Incorrect. Compatibility testing is valuable for usability but does not address application
security.

Question 43 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

Which of the following are crucial elements to include in the findings section of a penetration testing
report? Select all that apply.

*A: Detailed description of each vulnerability

Feedback: Yes, this is essential for understanding the issues identified.

B: Personal opinions of the tester

Feedback: Incorrect. The report should remain objective and fact-based.

*C: Proof of concept for each vulnerability

Feedback: Correct! Proof of concept helps validate the findings.

*D: Remediation recommendations

Feedback: Yes, providing remediation steps is crucial for addressing the vulnerabilities.

E: Anecdotal evidence from past tests

Feedback: Incorrect. The report should focus on the current test's findings.

Question 44 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards
During the reporting phase of penetration testing, what should be the main focus of the executive
summary?

A: A highly technical breakdown of all vulnerabilities found.

Feedback: The executive summary should be understandable by non-technical stakeholders.

*B: A concise overview of key findings and their business impact.

Feedback: Correct! The executive summary should provide a high-level overview for executives.

C: A detailed explanation of the testing methodologies used.

Feedback: While important, the methodologies are usually covered in a different section of the report.

D: A comprehensive list of all vulnerabilities with remediation steps.

Feedback: This level of detail is typically reserved for the main body of the report.

Question 45- numeric, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning Objective: Explain penetration testing reports and related industry standards

How many days should a penetration tester ideally wait before conducting a follow-up test after the
initial report is submitted? Round off the answer to one decimal point.

*A: 30.0

Feedback: Correct! A follow-up test is typically conducted 30 days after the initial report.

Default Feedback: Please refer to the section on follow-up testing in the course material.

Question 46 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

Which section of a penetration testing report typically contains detailed technical information and
evidence supporting the findings?

A: Executive Summary
Feedback: Incorrect. The Executive Summary should provide a high-level overview, not detailed
technical information.

*B: Findings Section

Feedback: Correct! This section includes the detailed technical information and evidence.

C: Conclusion

Feedback: Incorrect. The Conclusion summarizes the main points without detailed technical
information.

D: Introduction

Feedback: Incorrect. The Introduction sets the stage for the report but does not contain detailed findings.

Question 47 - checkbox, shuffle, partial credit, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Perform software penetration testing with a focus on code repositories.

Which of the following are benefits of performing a security scan on a code repository?

*A: Improves code quality

Feedback: Correct. Performing security scans can identify potential security issues and improve code
quality.

B: Increases code complexity

Feedback: Incorrect. Security scans aim to simplify and secure the code.

*C: Identifies vulnerabilities early

Feedback: Correct. Security scans help in identifying vulnerabilities early in the development cycle.

D: Eliminates the need for manual code reviews

Feedback: Incorrect. While security scans are helpful, they do not eliminate the need for manual code
reviews.

*E: Ensures compliance with security standards

Feedback: Correct. Security scans help ensure that the code complies with security standards and
regulations.
Question 48 - text match, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning Objective: Explain the fundamental concepts and importance of penetration testing.

What is the process of evaluating a system or network to identify security weaknesses called? Please
answer in all lowercase.

*A: pentesting

Feedback: Correct. Pen testing is the process of evaluating a system or network for security weaknesses.

*B: penetrationtesting

Feedback: Correct. Penetration testing is the process of evaluating a system or network for security
weaknesses.

*C: penetration testing

Feedback: Correct. Penetration testing is the process of evaluating a system or network for security
weaknesses.

Default Feedback: Incorrect. Please review the course material on security evaluation processes.

Question 49 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning Objective: Explain the fundamental concepts and importance of penetration testing.

Which of the following is a key step in securing applications during pen testing?

*A: Identifying assets

Feedback: Correct! This is a key step in pen testing as it helps in determining what needs to be
protected.

B: Ignoring potential threats

Feedback: Incorrect. Ignoring potential threats is not a step in securing applications.

*C: Analyzing vulnerabilities

Feedback: Correct! This is a key step in pen testing as it helps in identifying weaknesses in the
application.
*D: Implementing mitigation strategies

Feedback: Correct! This is a key step in pen testing as it helps in addressing identified vulnerabilities.

Question 50 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.

Which type of penetration testing involves testing the application's security from an external network?

A: White-box testing

Feedback: Incorrect. White-box testing involves testing with knowledge of the internal structure.

*B: Black-box testing

Feedback: Correct. Black-box testing involves testing from an external network without internal
knowledge.

C: Gray-box testing

Feedback: Incorrect. Gray-box testing involves partial knowledge of the internal structure.

D: Unit testing

Feedback: Incorrect. Unit testing involves testing individual components of the software.

Question 51 - numeric, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

How many main sections are typically found in a comprehensive penetration testing report? Round off
the answer to one decimal point.

*A: 5.0

Feedback: Correct! A comprehensive penetration testing report typically has five main sections.

Default Feedback: Incorrect. Please review the structure of a comprehensive penetration testing report.

Question 52 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

Which of the following are common components of a penetration testing report? Select all that apply.

*A: Executive Summary

Feedback: Correct! The Executive Summary is a common component of a penetration testing report.

B: Vulnerability Assessment

Feedback: Incorrect. A Vulnerability Assessment is a specific type of security testing, not a component
of the report itself.

*C: Methodology

Feedback: Correct! The Methodology section is commonly included in a penetration testing report.

*D: Recommendations

Feedback: Correct! Recommendations are typically included to suggest remediation steps.

E: Penetration Testing Tools

Feedback: Incorrect. While tools may be mentioned in the report, there is no specific section dedicated
to listing the tools used.

Question 53 - text match, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

What is the term used for a meeting where the penetration testing team presents their findings to
stakeholders? Please answer in all lowercase.

*A: debriefing

Feedback: Correct! A debriefing is a meeting where the findings are presented and discussed.

*B: debrief

Feedback: Correct! A debrief is another term for the meeting where findings are presented and
discussed.
Default Feedback: Incorrect. Please review the course materials on the presentation of findings.

Question 54 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

During the reporting phase of penetration testing, which section of the report typically includes detailed
technical findings and evidence of vulnerabilities?

A: Executive Summary

Feedback: Incorrect. The Executive Summary provides a high-level overview of the findings and
recommendations, not detailed technical findings.

B: Methodology

Feedback: Incorrect. The Methodology section describes the approach and techniques used during the
penetration test, not technical vulnerabilities.

*C: Detailed Findings

Feedback: Correct! The Detailed Findings section typically contains the technical details and evidence
of vulnerabilities identified.

D: Conclusion

Feedback: Incorrect. The Conclusion section summarizes the overall results and recommendations, not
the detailed technical findings.

Question 55 - checkbox, shuffle, partial credit, hard

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Question category: Module: Penetration Testing: Reporting Phase

Select the layers of the OSI model that are most commonly targeted in network attacks.

*A: Application Layer

Feedback: Correct! The Application Layer is one of the most commonly targeted layers in network
attacks.

B: Presentation Layer
Feedback: Incorrect. The Presentation Layer is less commonly targeted compared to other layers.

*C: Transport Layer

Feedback: Correct! The Transport Layer is another commonly targeted layer in network attacks.

D: Session Layer

Feedback: Incorrect. The Session Layer is less commonly targeted compared to other layers.

*E: Network Layer

Feedback: Correct! The Network Layer is also frequently targeted in network attacks.

F: Physical Layer

Feedback: Incorrect. The Physical Layer is less commonly targeted compared to other layers.

Question 56 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Explain penetration testing reports and related industry standards

Which of the following is an essential step to be taken after delivering a penetration testing report?

*A: Conducting a debriefing session with stakeholders

Feedback: Correct! Debriefing with stakeholders ensures they understand the findings and remediation
steps.

B: Deleting the report immediately for confidentiality

Feedback: Incorrect. Deleting the report immediately is not a standard practice and can lead to loss of
important information.

C: Issuing a public statement about the vulnerabilities found

Feedback: Incorrect. Issuing a public statement is not necessary and could expose the organization to
more risks.

D: Archiving the report without any review

Feedback: Incorrect. Simply archiving the report without review can result in unresolved issues or
misunderstandings.
Question 57 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.

Which type of application penetration testing involves the tester having no prior knowledge of the
system?

*A: Black-box testing

Feedback: Correct! Black-box testing involves testing with no prior knowledge of the system.

B: White-box testing

Feedback: Incorrect. White-box testing involves full knowledge of the system.

C: Gray-box testing

Feedback: Incorrect. Gray-box testing involves partial knowledge of the system.

D: Static application security testing

Feedback: Incorrect. Static application security testing involves analyzing the source code without
executing the program.

Question 58 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Identify and explain the different phases of penetration testing.

Which of the following are common steps in software and application penetration testing?

*A: Threat modeling

Feedback: Correct! Threat modeling helps identify potential vulnerabilities.

B: Code obfuscation

Feedback: Incorrect. Code obfuscation is not a common step in penetration testing.

*C: Security assessment

Feedback: Correct! Security assessment is essential for identifying security weaknesses.

D: Performance tuning

Feedback: Incorrect. Performance tuning is more related to optimizing the application's performance,
not security.

*E: Reporting findings

Feedback: Correct! Reporting findings is a crucial step to communicate identified vulnerabilities and
mitigation strategies.

Question 59 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Perform software penetration testing with a focus on code repositories.

Which of the following is a primary benefit of conducting a security scan in a code repository?

*A: Early detection of vulnerabilities

Feedback: Correct! Early detection allows for quicker remediation and enhances overall security.

B: Enhanced collaboration among development teams

Feedback: Incorrect. While collaboration is important, security scans primarily focus on identifying and
addressing vulnerabilities.

C: Improved compliance with security standards

Feedback: Incorrect. While a security scan may contribute to compliance, its primary benefit is the early
detection of vulnerabilities.

D: Identification of potential performance bottlenecks

Feedback: Incorrect. Security scans aim to uncover vulnerabilities, not performance-related issues.

Question 60 - text match, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Describe threat hunting and threat intelligence.

What is the term for a security flaw in a software application that allows an attacker to execute
unauthorized commands? Please answer in all lowercase.

*A: vulnerability
Feedback: Correct! A vulnerability is a security flaw that can be exploited by attackers.

Default Feedback: Incorrect. Review the terminology related to security flaws and their definitions.

Question 61- multiple choice, shuffle, easy

Question category: Module: Get Started with Gen AI in Cybersecurity

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

Which of the following encryption methods is considered the most secure for protecting sensitive data?

*A: AES (Advanced Encryption Standard)

Feedback: Correct! AES is widely regarded as one of the most secure encryption methods.

B: DES (Data Encryption Standard)

Feedback: Incorrect. DES is outdated and no longer considered secure. Consider more modern
encryption methods.

C: MD5 (Message Digest Algorithm 5)

Feedback: Incorrect. MD5 is a hash function and not suitable for encryption. Consider algorithms
designed specifically for encryption.

D: SHA-1 (Secure Hash Algorithm 1)

Feedback: Incorrect. SHA-1 is a hash function and is not suitable for encryption. Consider encryption
algorithms.

Question 62 - text match, easy

Question category: Module: Penetration Testing: Reporting Phase

Learning objective: Perform software penetration testing with a focus on code repositories.

What is the term used to describe the process of identifying security vulnerabilities by examining the
source code without executing it? Please answer in all lowercase.

*A: staticanalysis

Feedback: Correct! Static analysis is used to find vulnerabilities without executing the code.

*B: static_code_analysis
Feedback: Correct! Static code analysis is used to identify vulnerabilities without running the code.

*C: sourcecodeanalysis

Feedback: Correct! Source code analysis involves examining the code to find vulnerabilities without
execution.

*D: static code analysis

Feedback: Correct! Static code analysis is used to identify vulnerabilities without running the code.

*E: static-code-analysis

Feedback: Correct! Static code analysis is used to identify vulnerabilities without running the code.

Default Feedback: Remember, the answer you are looking is not here. Review the module for better
understanding.

Question 63 - text match, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.

What is the term for the process of gathering information about a target without directly interacting with
it? Please answer in all lowercase.

*A: passive

Feedback: Correct! Passive reconnaissance involves gathering information without directly interacting
with the target.

Default Feedback: Incorrect. Please review the types of reconnaissance in penetration testing.

Question 64 - numeric, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Explain penetration testing reports and related industry standards

During a penetration test, if a tester finds 12 vulnerabilities during the discovery phase and 8 of them are
deemed critical, what percentage of the vulnerabilities are critical? Round off the answer to two decimal
point.

*A: 66.67
Feedback: Correct! 66.67% of the vulnerabilities are critical.

Default Feedback: Incorrect. Review how to calculate percentages in the context of penetration testing
findings.

Question 65 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which of the following best describes the discovery phase of penetration testing?

A: The phase where the tester attempts to exploit identified vulnerabilities

Feedback: Incorrect. This describes the exploitation phase of penetration testing.

*B: The phase where the tester gathers information about the target system

Feedback: Correct! The discovery phase involves gathering information about the target system.

C: The phase where the tester reports the findings to the client

Feedback: Incorrect. This describes the reporting phase of penetration testing.

D: The phase where the tester mitigates the discovered vulnerabilities

Feedback: Incorrect. This describes the remediation phase of penetration testing.

Question 66 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning Objective: Implement the attack phase of penetration testing using various tools and
techniques.

What is the primary objective of the attack phase in penetration testing?

A: Gathering information

Feedback: Gathering information is part of the discovery phase.

B: Defining objectives

Feedback: Defining objectives is part of the planning phase.

*C: Exploiting vulnerabilities

Feedback: Correct! The attack phase is focused on exploiting vulnerabilities.

D: Documenting findings

Feedback: Documenting findings is part of the reporting phase.

Question 67 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which phase of penetration testing involves gathering information about the target system without
engaging directly with the target?

A: Planning

Feedback: Planning is about defining objectives, but doesn't involve information gathering yet.

*B: Discovery

Feedback: Correct! Discovery involves gathering information about the target system.

C: Attack

Feedback: The attack phase involves exploiting vulnerabilities, not gathering information.

D: Reporting

Feedback: Reporting is about documenting findings, not gathering information.

Question 68 - text match, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.

During which phase of penetration testing do testers usually define the scope and objectives? Please
answer in all lowercase.

*A: planning

Feedback: Correct! The planning phase involves defining the scope and objectives.
*B: plan

Feedback: Correct! The planning phase involves defining the scope and objectives.

Default Feedback: Remember to review the key phases of penetration testing, focusing on the initial
steps.

Question 69 - checkbox, shuffle, partial credit, hard

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which of the following tools can be used during the discovery phase of penetration testing?

*A: Nmap

Feedback: Correct! Nmap is widely used for network scanning and discovery.

B: Metasploit

Feedback: Metasploit is typically used in the attack phase, not the discovery phase.

*C: Wireshark

Feedback: Correct! Wireshark can be used for network traffic analysis during discovery.

D: John the Ripper

Feedback: John the Ripper is a password cracking tool, used in the attack phase.

*E: Burp Suite

Feedback: Correct! Burp Suite can be used for web application scanning in discovery.

Question 70 - numeric, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Explain penetration testing reports and related industry standards

What is the typical success rate (in percentage) required to consider a penetration test effective? Round
off the answer to one decimal point.

*A: 80.0
Feedback: Good job! An effective penetration test usually has a success rate of around 80%.

Default Feedback: Review the metrics used to evaluate the effectiveness of penetration tests.

Question 71 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which phase of penetration testing involves gathering information about the target system?

*A: Discovery

Feedback: Correct! The Discovery phase involves gathering information about the target system.

B: Planning

Feedback: Incorrect. The Planning phase involves defining the scope and objectives of the test.

C: Attack

Feedback: Incorrect. The Attack phase involves exploiting vulnerabilities found in the target system.

D: Verification

Feedback: Incorrect. The Verification phase involves confirming that the vulnerabilities have been
successfully exploited.

Question 72 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

In which phase of penetration testing do testers attempt to exploit identified vulnerabilities?

*A: Attack

Feedback: Correct! The Attack phase is where testers attempt to exploit identified vulnerabilities.

B: Verification

Feedback: Incorrect. The Verification phase is for confirming that vulnerabilities have been successfully
exploited.
C: Planning

Feedback: Incorrect. The Planning phase involves defining the scope and objectives of the test.

D: Cleanup and Reporting

Feedback: Incorrect. The Cleanup and Reporting phase involves documenting the results and cleaning
up any changes made during testing.

Question 73 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning Objective: Explain the fundamental concepts and importance of penetration testing.

Select all types of penetration tests from the following options:

*A: Application

Feedback: Correct! Application penetration tests focus on finding vulnerabilities in software

applications.

*B: Network

Feedback: Correct! Network penetration tests focus on discovering vulnerabilities in network

infrastructure.

*C: Hardware

Feedback: Correct! Hardware penetration tests focus on identifying weaknesses in physical devices.

*D: Personnel

Feedback: Correct! Personnel penetration tests assess the susceptibility of human resources to various
types of attacks.

E: Database

Feedback: Incorrect. Database penetration tests are not one of the four main types of penetration tests.

F: Cloud

Feedback: Incorrect. Cloud penetration tests are not one of the four main types of penetration tests.
Question 74 - numeric, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning Objective: Explain the fundamental concepts and importance of penetration testing.

How many main types of penetration tests are there? Round off the answer to one decimal point.

*A: 4.0

Feedback: Correct! There are four main types of penetration tests: application, network, hardware, and
personnel.

Default Feedback: Incorrect. Remember to review the types of penetration tests discussed in the lesson.

Question 75 - checkbox, shuffle, partial credit, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Identify and explain the different phases of penetration testing.

Which of the following are phases of penetration testing?

*A: Planning

Feedback: Correct! Planning is a crucial phase in penetration testing.

*B: Discovery

Feedback: Correct! Discovery is one of the five phases of penetration testing.

C: Deployment

Feedback: Incorrect. Deployment is not a phase in penetration testing.

*D: Cleanup

Feedback: Correct! Cleanup is one of the five phases of penetration testing.

E: Analysis

Feedback: Incorrect. Analysis is not a distinct phase in penetration testing.

Question 76 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Identify and explain the different phases of penetration testing.

What is the main purpose of penetration testing in cybersecurity?

*A: To identify and fix security vulnerabilities

Feedback: Correct! Penetration testing helps identify and fix security vulnerabilities before they can be
exploited.

B: To develop new software tools

Feedback: Incorrect. Developing new software tools is not the main purpose of penetration testing.

C: To replace traditional security measures

Feedback: Incorrect. Penetration testing is used in conjunction with traditional security measures, not as
a replacement.

D: To enhance network speed

Feedback: Incorrect. Enhancing network speed is not related to penetration testing.

Question 77 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Identify and explain the different phases of penetration testing.

Which type of penetration test focuses on the internal infrastructure of an organization?

*A: Internal testing

Feedback: Correct! Internal testing focuses on the internal infrastructure of an organization.

B: External testing

Feedback: Incorrect. External testing focuses on evaluating the external defenses of an organization.

C: Blind testing

Feedback: Incorrect. Blind testing is where the testing team has no prior knowledge of the infrastructure.

D: Double-blind testing

Feedback: Incorrect. Double-blind testing is where both the testing team and the security team have no
prior knowledge of the test.
Question 78 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.

Which of the following best defines passive reconnaissance?

*A: Collecting information without directly interacting with the target

Feedback: Correct! Passive reconnaissance involves collecting information without directly interacting
with the target.

B: Scanning the target's network for open ports

Feedback: Incorrect. Scanning for open ports is part of active reconnaissance.

C: Exploiting vulnerabilities found during the scan

Feedback: Incorrect. Exploiting vulnerabilities is not part of reconnaissance.

D: Reporting the vulnerabilities found to the client

Feedback: Incorrect. Reporting is done after the reconnaissance phase.

Question 79 - text match, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Name one tool commonly used for network scanning in active reconnaissance. Please answer in all
lowercase.

*A: nmap

Feedback: Correct! Nmap is a popular tool for network scanning in active reconnaissance.

*B: nessus

Feedback: Correct! Nessus is also used for network scanning in active reconnaissance.

Default Feedback: Incorrect. Consider revisiting the course material on tools used for network scanning
in active reconnaissance.

Question 80 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Identify and explain the different phases of penetration testing.

What is the main objective of the discovery phase in penetration testing?

*A: To gather information about the target system

Feedback: Correct! The main objective of the discovery phase is to gather information about the target
system.

B: To exploit vulnerabilities found in the target system

Feedback: Incorrect. Exploiting vulnerabilities is not the main objective of the discovery phase.

C: To report the findings to the client

Feedback: Incorrect. Reporting findings is done after the discovery phase.

D: To patch the vulnerabilities in the target system

Feedback: Incorrect. Patching vulnerabilities is typically done by the organization, not the penetration
tester.

Question 81 - numeric, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Explain penetration testing reports and related industry standards

During a penetration test, the tester discovered 15 vulnerabilities, of which 6 are low-risk and 3 are
medium-risk. How many high-risk vulnerabilities did the tester find? Round off the answer to one
decimal point.

*A: 6.0

Feedback: Correct! The tester found 6 high-risk vulnerabilities.

Default Feedback: Incorrect. Make sure to subtract the number of low-risk and medium-risk
vulnerabilities from the total number of vulnerabilities to find the high-risk ones.

Question 82 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.
Which of the following tools can be used for passive reconnaissance?

*A: Shodan

Feedback: Correct! Shodan is a search engine for Internet-connected devices and is often used in passive
reconnaissance.

B: Nmap

Feedback: Incorrect. Nmap is usually used for active reconnaissance.

*C: Google Dorking

Feedback: Correct! Google Dorking is a technique that uses advanced Google search queries to find
information that is not readily available.

D: Wireshark

Feedback: Incorrect. Wireshark is typically used for network traffic analysis, which is considered active
reconnaissance.

Question 83 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Identify and explain the different phases of penetration testing.

Which of the following is the first phase of penetration testing?

*A: Planning

Feedback: Correct! Planning is indeed the first phase of penetration testing.

B: Discovery

Feedback: Incorrect. Discovery is the second phase of penetration testing. Try again!

C: Attack

Feedback: Incorrect. Attack comes after the discovery phase. Review the phases again.

D: Verification

Feedback: Incorrect. Verification is not the first phase. Revisit the sequence of the phases.

Question 84 - text match, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning Objective: Discover the strategies used for information gathering and reconnaissance.

What is the term used to describe the second phase of penetration testing, which involves gathering
information about the target? Please answer in all lowercase.

*A: discovery

Feedback: Correct! Discovery is the second phase where information about the target is gathered.

Default Feedback: Incorrect. Please review the phases of penetration testing and try again.

Question 85 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Identify and explain the different phases of penetration testing.

Select the key phases involved in penetration testing.

*A: Planning

Feedback: Correct! Planning is an essential phase in penetration testing.

*B: Discovery

Feedback: Correct! Discovery is a crucial phase in penetration testing.

C: Implementation

Feedback: Incorrect. Implementation is not one of the key phases in penetration testing.

*D: Attack

Feedback: Correct! Attack is one of the key phases in penetration testing.

*E: Verification

Feedback: Correct! Verification is an important phase in penetration testing.

*F: Reporting

Feedback: Correct! Reporting is part of the final phase in penetration testing.

Question 86 - text match, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.

What is the name of the document that outlines the rules and scope for a penetration test engagement?
Please answer in all lowercase.

*A: rulesofengagement

Feedback: Correct! The document is called Rules of Engagement.

*B: roes

Feedback: Correct! ROEs are an abbreviation for Rules of Engagement.

*C: rules of engagement

Feedback: Correct! The document is called Rules of Engagement.

Default Feedback: Incorrect. This document outlines the rules and scope for the engagement.

Question 87 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Select the tools that can be used for the attack phase of penetration testing.

*A: Metasploit

Feedback: Correct! Metasploit is a powerful tool used for the attack phase.

B: Nmap

Feedback: Incorrect. Nmap is generally used in the discovery phase.

*C: John the Ripper

Feedback: Correct! John the Ripper is used for password cracking during the attack phase.

D: Wireshark

Feedback: Incorrect. Wireshark is generally used for network analysis, not specifically attacking.
*E: Burp Suite

Feedback: Correct! Burp Suite can be used for web application attacks during the attack phase.

Question 88 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Explain penetration testing reports and related industry standards

Which of the following best describes the reporting phase of penetration testing?

*A: Documenting findings and providing recommendations

Feedback: Correct! The reporting phase involves documenting the findings and providing
recommendations for remediation.

B: Gaining unauthorized access to systems

Feedback: Incorrect. Gaining unauthorized access to systems is part of the attack phase.

C: Identifying potential vulnerabilities

Feedback: Incorrect. Identifying potential vulnerabilities is part of the discovery phase.

D: Setting objectives and scope

Feedback: Incorrect. Setting objectives and scope is part of the planning phase.

Question 89 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which technique is commonly used during the discovery phase to map out network infrastructure?

*A: Network scanning

Feedback: Correct! Network scanning is commonly used to map out network infrastructure during the
discovery phase.

B: Social engineering

Feedback: Incorrect. Social engineering is a technique generally used in the attack phase.
C: Password cracking

Feedback: Incorrect. Password cracking is generally used in the attack phase.

D: Report generation

Feedback: Incorrect. Report generation is part of the reporting phase.

Question 90 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Select all actions that are part of the discovery phase in penetration testing.

*A: Network scanning

Feedback: Correct! Network scanning is a key action in the discovery phase.

*B: Vulnerability assessment

Feedback: Correct! Vulnerability assessment is also part of the discovery phase.

C: Executing payloads

Feedback: Incorrect. Executing payloads is part of the attack phase, not the discovery phase.

*D: Gathering information about the target

Feedback: Correct! Gathering information is an essential action in the discovery phase.

E: Writing the final report

Feedback: Incorrect. Writing the final report is part of the reporting phase, not the discovery phase.

Question 91 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Identify and explain the different phases of penetration testing.

Which of the following best describes the purpose of the planning phase in penetration testing?

*A: To identify and prioritize potential vulnerabilities

Feedback: Correct! The planning phase in penetration testing involves identifying and prioritizing
potential vulnerabilities.

B: To execute the attack on identified vulnerabilities

Feedback: Incorrect. Executing the attack happens in a later phase, not in the planning phase.

C: To clean up and restore the environment after testing

Feedback: Incorrect. Cleanup and restoration occur after the attack phase, not during the planning phase.

D: To document the results of the penetration test

Feedback: Incorrect. Documentation of results is part of the reporting phase, not the planning phase.

Question 92 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Explain penetration testing reports and related industry standards

Which phase of penetration testing includes the activities of documenting findings and creating a report
for stakeholders?

A: Verification

Feedback: Incorrect. Verification is about confirming the success of the attack and its impact.

B: Cleanup

Feedback: Incorrect. Cleanup phase involves restoring the system to its original state.

C: Planning

Feedback: Incorrect. Planning phase involves defining the scope and goals.

*D: Reporting

Feedback: Correct! The reporting phase involves documenting findings and creating a report for
stakeholders.

Question 93 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.
Identify the correct activities that occur during the discovery phase of penetration testing:

*A: Scanning for open ports

Feedback: Correct! Scanning for open ports is a key activity during the discovery phase.

B: Exploiting vulnerabilities

Feedback: Incorrect. Exploiting vulnerabilities occurs during the attack phase.

*C: Gathering information about the target

Feedback: Correct! Gathering information about the target is a critical activity in the discovery phase.

D: Restoring the system to its original state

Feedback: Incorrect. Restoring systems is part of the cleanup phase.

E: Documenting findings

Feedback: Incorrect. Documenting findings is part of the reporting phase.

F: Defining the scope and goals

Feedback: Incorrect. Defining the scope and goals occurs during the planning phase.

Question 94 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which of the following activities are part of the discovery phase in penetration testing?

*A: Network scanning

Feedback: Correct! Network scanning is an essential activity in the discovery phase to identify open
ports and services.

*B: Social engineering

Feedback: Correct! Social engineering is used to gather information that may help in the penetration test.

C: Reporting findings

Feedback: Incorrect. Reporting is done after the testing phases, not during discovery.
D: Exploiting vulnerabilities

Feedback: Incorrect. Exploiting vulnerabilities is part of the attack phase, not the discovery phase.

*E: Service enumeration

Feedback: Correct! Service enumeration helps in identifying running services, which is part of the
discovery phase.

Question 95 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Identify and explain the different phases of penetration testing.

What is the primary objective of the planning phase in penetration testing?

*A: To allocate resources and define the scope of the test

Feedback: Correct! The planning phase involves resource allocation and defining the scope to ensure an
effective test.

B: To execute attacks on the system

Feedback: Incorrect. Executing attacks is part of the attack phase, not the planning phase.

C: To clean up any changes made during testing

Feedback: Incorrect. Cleanup happens after the attack phase, not during the planning phase.

D: To identify and exploit vulnerabilities

Feedback: Incorrect. Identifying and exploiting vulnerabilities occurs during the discovery and attack
phases.

Question 96 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Planning and Discovery Phases

Learning objective: Explain penetration testing reports and related industry standards

Which of the following is a primary activity performed during the reporting phase of penetration
testing?

*A: Documenting vulnerabilities found

Feedback: Correct! Documenting vulnerabilities is a crucial part of the reporting phase where findings
are compiled and reported to stakeholders.

B: Exploiting discovered vulnerabilities

Feedback: Incorrect. Exploiting discovered vulnerabilities is part of the attack phase, not the reporting
phase.

C: Scanning the network for open ports

Feedback: Incorrect. Scanning the network for open ports is part of the discovery phase.

D: Gathering initial information about the target

Feedback: Incorrect. Gathering initial information about the target is part of the planning phase, not the
reporting phase.

Question 97 - text match, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

During the attack phase, what term is used to describe the process of obtaining higher-level permissions?
Please answer in all lowercase.

*A: privilegeescalation

Feedback: Correct! Privilege escalation is the process of obtaining higher-level permissions during the
attack phase.

*B: elevationofprivileges

Feedback: Correct! Elevation of privileges is another term used to describe this process.

*C: privilege escalation

Feedback: Correct! Privilege escalation is the process of obtaining higher-level permissions during the
attack phase.

*D: elevation of privileges

Feedback: Correct! Elevation of privileges is another term used to describe this process.

Default Feedback: Incorrect. Please review the module on privilege escalation techniques.
Question 98 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Select the actions that are typically performed during the attack phase of penetration testing.

*A: Exploiting vulnerabilities

Feedback: Correct! Exploiting vulnerabilities is a key action during the attack phase.

*B: Elevating privileges

Feedback: Correct! Elevating privileges is an essential action during the attack phase.

*C: Conducting social engineering attacks

Feedback: Correct! Social engineering attacks are often conducted to gain unauthorized access.

D: Documenting network assets

Feedback: Incorrect. Documenting network assets is usually done during the reconnaissance phase.

E: Installing anti-virus software

Feedback: Incorrect. Installing anti-virus software is a defensive measure, not an attack phase action.

Question 99 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Which of the following techniques is commonly used to gain unauthorized access during the attack
phase?

*A: Phishing

Feedback: Correct! Phishing is a commonly used technique to gain unauthorized access during the
attack phase.

B: Firewall configuration
Feedback: Incorrect. Firewall configuration is a defensive measure, not a technique for gaining
unauthorized access.

C: Network monitoring

Feedback: Incorrect. Network monitoring is used to observe network traffic and is not a technique for
gaining unauthorized access.

D: Data encryption

Feedback: Incorrect. Data encryption is a protective measure, not a technique for gaining unauthorized
access.

Question 100 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

What is the primary role of a network protocol analyzer in cybersecurity?

*A: To capture and analyze data packets for insights into network performance and security

Feedback: Correct! Network protocol analyzers help in capturing and analyzing data packets, providing
important insights into network performance and security.

B: To encrypt data packets for secure transmission

Feedback: Incorrect. Encrypting data packets for secure transmission is not the primary role of a
network protocol analyzer.

C: To manage and allocate IP addresses in a network

Feedback: Incorrect. Managing and allocating IP addresses is typically handled by DHCP servers, not
network protocol analyzers.

D: To monitor and control access to network resources

Feedback: Incorrect. Monitoring and controlling access to network resources is generally the job of
firewalls and access control lists, not network protocol analyzers.

Question 101 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Understand and apply port scanning for identifying open ports and potential
vulnerabilities.

Which of the following are common types of port scanning?

*A: SYN scan

Feedback: Correct! SYN scans are a common type of port scanning used to detect open ports.

*B: ACK scan

Feedback: Correct! ACK scans are used to map out firewall rulesets.

*C: UDP scan

Feedback: Correct! UDP scans are used to determine which UDP ports are open.

*D: FIN scan

Feedback: Correct! FIN scans send packets with the FIN flag set to identify open ports.

E: Push scan

Feedback: Incorrect. Push scans are not a recognized type of port scanning.

*F: Connect scan

Feedback: Correct! Connect scans fully establish a connection to determine open ports.

Question 102 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Understand and apply port scanning for identifying open ports and potential
vulnerabilities.

What is the significance of network ports in computer systems?

*A: They serve as communication endpoints for different services and applications

Feedback: Correct! Network ports are crucial as they serve as communication endpoints for various
services and applications.

B: They store temporary information during data transfer

Feedback: Incorrect. Network ports do not store information; they facilitate communication.
C: They are used to allocate memory resources

Feedback: Incorrect. Network ports are not responsible for memory allocation.

D: They provide physical connectivity between devices

Feedback: Incorrect. Network ports provide logical endpoints for communication, not physical
connectivity.

Question 103 - numeric, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Understand and apply port scanning for identifying open ports and potential
vulnerabilities.

During a port scan, how many TCP ports are typically scanned on a computer? Round off the answer to
one decimal point.

*A: 65535.0

Feedback: Correct! There are typically 65535 TCP ports on a computer that can be scanned.

Default Feedback: Incorrect. Remember that port scans often look at all possible TCP ports.

Question 104 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Understand and apply port scanning for identifying open ports and potential
vulnerabilities.

What is the primary purpose of post-attack activities in a cybersecurity context?

A: To conduct vulnerability scans

Feedback: Incorrect. Vulnerability scanning is usually performed before or during the attack phase.

*B: To cover tracks and erase evidence

Feedback: Correct! Post-attack activities often include steps to cover tracks and erase evidence of the
attack.

C: To update firewall rules

Feedback: Incorrect. Updating firewall rules is a defensive measure not typically associated with post-
attack activities.

D: To encrypt sensitive data

Feedback: Incorrect. Encrypting sensitive data is a defensive measure not associated with post-attack
activities.

Question 105 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

What is the primary goal of the attack phase in a cybersecurity context?

A: To gather information about the target system

Feedback: Incorrect. Gathering information is part of the reconnaissance phase.

*B: To exploit vulnerabilities and gain unauthorized access

Feedback: Correct! The attack phase focuses on exploiting vulnerabilities to gain unauthorized access.

C: To document security policies and procedures

Feedback: Incorrect. Documenting policies and procedures is not a goal of the attack phase.

D: To analyze traffic for unusual patterns

Feedback: Incorrect. Analyzing traffic is generally part of network monitoring or the reconnaissance
phase.

Question 106 – numeric, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Use network protocol analyzers to analyze network traffic and detect suspicious
activity.

During a port scan, ports are usually identified by their numbers. What is the port number for HTTPS?
Round off the answer to one decimal point.

*A: 443.0
Feedback: Correct! Port 443 is used for HTTPS traffic.

Default Feedback: Incorrect. Remember to review common port numbers used for various protocols.

Question 107 - numeric, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Use network protocol analyzers to analyze network traffic and detect suspicious
activity.

What is the range of port numbers used by the Transmission Control Protocol (TCP) for well-known
ports?

*A: [0, 1024)

Feedback: Correct! Well-known ports are defined within the range of 0 to 1023.

Default Feedback: Incorrect. Remember that well-known ports are typically in the lower range of port
numbers.

Question 108 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.

Which of the following tools is commonly used for penetration testing?

*A: Nmap

Feedback: Correct! Nmap is a widely-used tool for network discovery and security auditing.

B: Nessus

Feedback: Incorrect. Nessus is a vulnerability scanning tool, not primarily used for penetration testing.

C: Wireshark

Feedback: Incorrect. Wireshark is a network protocol analyzer, useful for traffic analysis but not
primarily a penetration testing tool.

D: OpenVAS

Feedback: Incorrect. OpenVAS is a vulnerability assessment tool, not primarily used for penetration
testing.
Question 109 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Plan a penetration test by defining the scope, objectives, and methodologies.

Which of the following tools is commonly used for penetration testing?

*A: Nmap

Feedback: Correct! Nmap is a widely-used tool for network discovery and security auditing.

B: Nessus

Feedback: Incorrect. Nessus is a vulnerability scanning tool, not primarily used for penetration testing.

C: Wireshark

Feedback: Incorrect. Wireshark is a network protocol analyzer, useful for traffic analysis but not
primarily a penetration testing tool.

D: OpenVAS

Feedback: Incorrect. OpenVAS is a vulnerability assessment tool, not primarily used for penetration
testing.

Question 110 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Identify the actions typically associated with the attack phase in a cybersecurity context.

*A: Gaining unauthorized access

Feedback: Correct! Gaining unauthorized access is a critical action during the attack phase.

*B: Installing malware

Feedback: Correct! Installing malware is often part of the attack phase to compromise systems.

C: Performing vulnerability assessment

Feedback: Incorrect. Vulnerability assessment is generally done before the attack phase during the
reconnaissance phase.

D: Conducting post-mortem analysis

Feedback: Incorrect. Post-mortem analysis typically occurs after the attack phase to understand and
mitigate the impact.

*E: Enumeration

Feedback: Correct! Enumeration is a process often involved in the attack phase to gather more
information about the target.

Question 111 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Use network protocol analyzers to analyze network traffic and detect suspicious
activity.

Which network protocol analyzer is widely used for network troubleshooting and analysis?

*A: Wireshark

Feedback: Correct! Wireshark is a popular network protocol analyzer used for troubleshooting and
analysis.

B: tcpdump

Feedback: Incorrect. While tcpdump is a command-line packet analyzer, it is not as feature-rich or user-
friendly as Wireshark for protocol analysis.

C: Nagios

Feedback: Incorrect. Nagios is a network monitoring tool, not a network protocol analyzer.

D: SolarWinds

Feedback: Incorrect. SolarWinds is a network performance monitoring and management tool, not used
for network protocol analysis.

Question 112 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Discover the strategies used for information gathering and reconnaissance.
Which scan type is most commonly used to identify open ports on a network?

*A: SYN scan

Feedback: Correct! SYN scans are widely used to identify open ports because they are faster and
stealthier than other types of scans.

B: NULL scan

Feedback: Incorrect. While NULL scans are used to probe network ports, they are not used so often.

C: Xmas scan

Feedback: Incorrect. Xmas scans are more specialized and not used often.

D: FIN scan

Feedback: Incorrect. FIN scans are also used in port scanning but are not commonly used.

Question 113 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Discover the strategies used for information gathering and reconnaissance.

What is the primary purpose of a network protocol analyzer like Wireshark?

*A: To capture and analyze data packets

Feedback: Correct! Network protocol analyzers like Wireshark are designed to capture and analyze data
packets for insights into network performance and security.

B: To encrypt network traffic

Feedback: Incorrect. Encrypting network traffic is not the primary purpose of a network protocol
analyzer.

C: To manage network devices

Feedback: Incorrect. Managing network devices is typically done using network management software,
not network protocol analyzers.

D: To create firewall rules

Feedback: Incorrect. Creating firewall rules is not a function of network protocol analyzers.
Question 114- checkbox, shuffle, partial credit, hard

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which of the following can be analyzed using a network protocol analyzer like Wireshark?

*A: TCP handshakes

Feedback: Correct! TCP handshakes can be analyzed using Wireshark to understand the connection
establishment process.

B: Encrypted email contents

Feedback: Incorrect. Encrypted email contents cannot be analyzed unless they are decrypted first.

*C: HTTP requests and responses

Feedback: Correct! Wireshark can capture and analyze HTTP requests and responses.

D: Firewall configurations

Feedback: Incorrect. Firewall configurations are not analyzed using network protocol analyzers.

Question 115 - numeric, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Understand and apply port scanning for identifying open ports and potential
vulnerabilities.

How many well-known ports are there in the TCP/UDP port range? Round off the answer to one decimal
point.

*A: 1024.0

Feedback: Correct! There are 1024 well-known ports in the TCP/UDP port range.

Default Feedback: Incorrect answer. Review the lesson on network ports to understand the range of well-
known ports.

Question 116 - checkbox, shuffle, partial credit, hard

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Select the techniques that can be used to gain unauthorized access during the attack phase.

*A: SQL injection

Feedback: Correct! SQL injection is a technique used to gain unauthorized access.

*B: Cross-site scripting (XSS)

Feedback: Correct! Cross-site scripting (XSS) can also be used to gain unauthorized access.

C: Code review

Feedback: Incorrect. Code review is a method of examining code for vulnerabilities, not a technique for
gaining unauthorized access.

*D: Brute force attacks

Feedback: Correct! Brute force attacks are a common technique for gaining unauthorized access.

Question 117 - numeric, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

What is the minimum number of successful steps typically needed to gain unauthorized access during
the attack phase? Round off the answer to one decimal point.

*A: 1.0

Feedback: Correct! At least one successful step is needed to gain unauthorized access during the attack
phase.

Default Feedback: Incorrect. Review the techniques involved in gaining unauthorized access to
determine the minimum number of successful steps.

Question 118 - text match, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.
During the attack phase, what term is used to describe the process of stealing sensitive information?
Please answer in all lowercase.

*A: exfiltration

Feedback: Correct! Exfiltration is the process of stealing sensitive information during the attack phase.

*B: dataexfiltration

Feedback: Correct! Data exfiltration is another term for the process of stealing sensitive information
during the attack phase.

*C: data exfiltration

Feedback: Correct! Data exfiltration is another term for the process of stealing sensitive information
during the attack phase.

Default Feedback: Incorrect. Review the key actions during the attack phase to find the correct term.

Question 119 - text match, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Name a common technique used in network reconnaissance. Please answer in all lowercase. Please
answer in all lowercase.

*A: ping sweep

Feedback: Correct! Ping sweep is a common network reconnaissance technique.

*B: ping

Feedback: Correct! Ping is often used in network reconnaissance.

*C: traceroute

Feedback: Correct! Traceroute is another technique used in network reconnaissance.

Default Feedback: Please review the lesson materials on common network reconnaissance techniques.

Question 120 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Understand and apply port scanning for identifying open ports and potential
vulnerabilities.

Select all tools that can be used for port scanning.

*A: Nmap

Feedback: Correct! Nmap is a well-known tool for port scanning.

*B: Angry IP Scanner

Feedback: Correct! Angry IP Scanner is also used for port scanning.

C: Wireshark

Feedback: Wireshark is used for analyzing network protocols, not typically for port scanning.

D: Burp Suite

Feedback: Burp Suite is used for web application security testing, not for port scanning.

*E: OpenVAS

Feedback: Correct! OpenVAS can perform port scanning as part of its vulnerability assessment
capabilities.

Question 121 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Which of the following describes a post-attack activity?

*A: Generating a report on the findings

Feedback: Correct! Generating a report on the findings is a crucial post-attack activity.

B: Scanning for open ports

Feedback: Scanning for open ports is part of the reconnaissance phase, not a post-attack activity.

C: Exploiting a vulnerability

Feedback: Exploiting a vulnerability is part of the attack phase, not a post-attack activity.
D: Identifying target systems

Feedback: Identifying target systems is part of the reconnaissance phase, not a post-attack activity.

Question 122 - numeric, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Understand and apply port scanning for identifying open ports and potential
vulnerabilities.

In a port scan, how many ports are there in the range from 1 to 1024 inclusive? Round off the answer to
one decimal point.

*A: 1024.0

Feedback: Correct! The range 1 to 1024 includes exactly 1024 ports.

Default Feedback: Please review the lesson materials on port scanning and port ranges.

Question 123 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which tool is commonly used to perform network vulnerability scans?

*A: Nmap

Feedback: Correct! Nmap is widely used for network vulnerability scans.

B: Wireshark

Feedback: Wireshark is a network protocol analyzer, not primarily for vulnerability scans.

C: Metasploit

Feedback: Metasploit is used for penetration testing, not specifically for vulnerability scans.

D: John the Ripper

Feedback: John the Ripper is a password cracking tool, not used for network vulnerability scans.

Question 124 - multiple choice, shuffle, hard

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Discover the strategies used for information gathering and reconnaissance.

Which scan type is known for being the most stealthy and difficult to detect?

*A: SYN scan

Feedback: Correct! SYN scans are considered stealthy because they do not complete the TCP
handshake.

B: UDP scan

Feedback: Incorrect. UDP scans are not considered the most stealthy type of scan.

C: ACK scan

Feedback: Incorrect. ACK scans are used to map firewall rules but are not the most stealthy type of scan.

D: FIN scan

Feedback: Incorrect. While FIN scans can be stealthy, but they are not considered difficult.

Question 125 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Use network protocol analyzers to analyze network traffic and detect suspicious
activity.

Which of the following best describes how network protocol analyzers capture data packets?

*A: They use network adapters to capture all packets passing through the network.

Feedback: Correct! Network protocol analyzers capture all packets passing through the network using
network adapters.

B: They use firewalls to capture only suspicious packets.

Feedback: Incorrect. Network protocol analyzers do not rely on firewalls to capture data packets; they
capture all packets passing through the network.

C: They utilize antivirus software to filter and capture packets.

Feedback: Incorrect. Antivirus software is not used by network protocol analyzers to capture data
packets.
D: They capture packets only when a network anomaly is detected.

Feedback: Incorrect. Network protocol analyzers capture all packets continuously, not just during
network anomalies.

Question 126 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Use network protocol analyzers to analyze network traffic and detect suspicious
activity.

Which of the following are applications of network protocol analyzers like Wireshark?

*A: Monitoring network performance

Feedback: Correct! Monitoring network performance is a key application of network protocol analyzers.

*B: Detecting network intrusions

Feedback: Correct! Network protocol analyzers are used to detect network intrusions and security
breaches.

C: Blocking malicious IP addresses

Feedback: Incorrect. Network protocol analyzers do not block IP addresses; they capture and analyze
data packets.

D: Managing user access permissions

Feedback: Incorrect. Managing user access permissions is not a function of network protocol analyzers.

*E: Analyzing network traffic for troubleshooting

Feedback: Correct! Analyzing network traffic to identify and resolve issues is a common use of network
protocol analyzers.

Question 127 - checkbox, shuffle, partial credit, hard

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Select the techniques that are involved in elevating privileges during the attack phase.
*A: Password cracking

Feedback: Correct! Password cracking is a common technique for elevating privileges.

B: Social engineering

Feedback: Partially correct. Social engineering is commonly associated with gaining initial access but
can also be used to elevate privileges by targeting privileged users.

*C: Exploiting vulnerabilities

Feedback: Correct! Exploiting vulnerabilities is a common method to elevate privileges.

D: Conducting phishing campaigns

Feedback: Partially correct. Phishing campaigns are typically used for initial access but can also target
privileged users to elevate privileges.

Question 128 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

What is typically the first step in gaining unauthorized access during the attack phase?

*A: Identifying vulnerabilities

Feedback: Correct! Identifying vulnerabilities is typically the first step.

B: Cracking passwords

Feedback: Incorrect. Cracking passwords usually comes after identifying vulnerabilities.

C: Establishing persistence

Feedback: Incorrect. Establishing persistence is usually done after gaining access.

D: Covering tracks

Feedback: Incorrect. Covering tracks is often done near the end of the attack phase.

Question 129 - numeric, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

How many primary techniques are involved in gaining unauthorized access during the attack phase?
Round off the answer to one decimal point.

*A: 3.0

Feedback: Correct! There are three primary techniques: exploiting vulnerabilities, credential stealing,
and social engineering.

Default Feedback: Incorrect. Review the primary techniques involved in gaining unauthorized access.

Question 130 - multiple choice, shuffle, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Which of the following is a critical action in the post-attack phase of a cybersecurity operation?

*A: Eradication

Feedback: Correct! Eradication is a critical action in the post-attack phase, focused on eliminating the
root cause of the security breach.

B: Reconnaissance

Feedback: Incorrect. Reconnaissance is part of the pre-attack phase, not the post-attack phase.

C: Exploitation

Feedback: Incorrect. Exploitation is typically associated with the attack phase, not the post-attack phase.

D: Lateral Movement

Feedback: Incorrect. Lateral movement occurs during the attack phase as the attacker moves within the
network.

Question 131 - multiple choice, shuffle, easy

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Use network protocol analyzers to analyze network traffic and detect suspicious
activity.
What type of data can be captured and analyzed by using a network protocol analyzer like Wireshark?

A: Email contents

Feedback: Incorrect. While network protocol analyzers can capture email traffic, analyzing email
contents is not their primary function.

*B: Data packets

Feedback: Correct! Network protocol analyzers capture and analyze data packets to provide insights into
network performance and security.

C: User passwords

Feedback: Incorrect. Although user passwords can sometimes be captured, it is not the primary focus of
network protocol analyzers.

D: Software code

Feedback: Incorrect. Network protocol analyzers do not capture or analyze software code.

Question 132 - checkbox, shuffle, partial credit, medium

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Which of the following actions is typically involved in the privilege escalation process during the attack
phase of penetration testing?

*A: Cracking password hashes

Feedback: Cracking password hashes is indeed a common action for privilege escalation. Please review
the privilege escalation techniques.

*B: Upgrading user permissions through exploitation

Feedback: Upgrading user permissions through exploitation is a key part of privilege escalation. Please
review the privilege escalation techniques.

C: Installing malware on compromised systems

Feedback: Incorrect! Installing malware is generally more associated with post-exploitation rather than
privilege escalation.
*D: Leveraging vulnerable services for higher privileges

Feedback: Leveraging vulnerable services is a common method for escalating privileges. Please review
the privilege escalation techniques.

Question 133 - checkbox, shuffle, partial credit, hard

Question category: Module: Penetration Testing: Attack Phase

Learning objective: Implement the attack phase of penetration testing using various tools and
techniques.

Select the techniques that can be used to extract sensitive information during the attack phase of
penetration testing.

*A: Keylogging

Feedback: Correct! Keylogging is a technique used to capture keystrokes and gain sensitive information.

*B: Brute force attacks

Feedback: Correct! Brute force attacks can be used to crack passwords and gain sensitive information.

*C: SQL injection

Feedback: Correct! SQL injection is a method to extract data from a database.

D: Patching vulnerabilities

Feedback: Incorrect. Patching vulnerabilities is a defensive measure, but attackers exploit unpatched
vulnerabilities to extract sensitive information.

E: Using steganography

Feedback: Partially correct. While steganography is primarily used to hide information, it can also be
used to exfiltrate stolen data after extraction.

Question 134 - multiple choice, shuffle, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Review common cryptographic attacks and the threat they pose to data security.

Which cryptographic attack involves an attacker attempting to find two different inputs that produce the
same hash value?
*A: Collision attack

Feedback: Correct! A collision attack involves finding two distinct inputs that hash to the same value.

B: Brute force attack

Feedback: Incorrect. A brute force attack involves trying all possible combinations to decrypt data or
crack a password.

C: Side-channel attack

Feedback: Incorrect. A side-channel attack involves exploiting information gained from the physical
implementation of a cryptographic system.

D: Chosen-plaintext attack

Feedback: Incorrect. A chosen-plaintext attack involves the attacker choosing arbitrary plaintexts to be
encrypted and gaining the corresponding ciphertexts.

Question 135 - text match, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Explore vulnerabilities in SSL, TLS, and poor key management and review
strategies to mitigate these issues.

What cryptographic protocol is primarily used to secure communications over a computer network,
commonly used in securing web traffic? Please answer in all lowercase.

*A: ssl

Feedback: Correct! SSL/TLS is widely used to secure communications over the Internet.

*B: tls

Feedback: Correct! SSL/TLS is widely used to secure communications over the Internet.

*C: ssl/tls

Feedback: Correct! SSL/TLS is widely used to secure communications over the Internet.

Default Feedback: Incorrect. Please revisit the section on cryptographic protocols used for securing
communications over networks.

Question 136 - numeric, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

What is the commonly recommended key length for AES encryption to ensure a high level of security?
Round off the answer to one decimal point.

*A: 256.0

Feedback: Correct! A key length of 256 bits is commonly recommended for AES encryption to ensure a
high level of security.

Default Feedback: Incorrect. Please review the recommended key lengths for AES encryption.

Question 137 - multiple choice, shuffle, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Differentiate between symmetric and asymmetric encryption.

Which of the following best describes the role of symmetric encryption in securing data?

*A: It uses a single key for both encryption and decryption

Feedback: Correct! Symmetric encryption utilizes one key for both processes, making it faster but
requiring secure key distribution.

B: It uses two keys, one for encryption and one for decryption

Feedback: Incorrect. This describes asymmetric encryption, not symmetric encryption.

C: It transforms plaintext into ciphertext using a public key

Feedback: Incorrect. Symmetric encryption does not use public keys.

D: It guarantees data integrity without the need for a key

Feedback: Incorrect. Symmetric encryption requires a key and does not inherently guarantee data
integrity.

Question 138 - multiple choice, shuffle, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

Which cryptographic concept ensures that a message has not been altered during transit?

*A: Hashing

Feedback: Correct! Hashing ensures data integrity by producing a unique fixed-length output for each
unique input.

B: Symmetric encryption

Feedback: Incorrect. Symmetric encryption focuses on data confidentiality, not integrity.

C: Asymmetric encryption

Feedback: Incorrect. Asymmetric encryption primarily ensures data confidentiality and secure key
exchange.

D: Steganography

Feedback: Incorrect. Steganography is about hiding information within other data, not ensuring data
integrity.

Question 139 - checkbox, shuffle, partial credit, hard

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

Which of the following are key differences between encryption and hashing?

*A: Encryption is reversible while hashing is not

Feedback: Correct! Encryption can be undone to retrieve the original data, while hashing cannot.

*B: Hashing always produces a fixed-length output

Feedback: Correct! Hashing algorithms produce a fixed-length output regardless of the input size.

*C: Encryption uses a key, whereas hashing does not

Feedback: Correct! Encryption requires a key for the process, while hashing functions do not use keys.

D: Hashing ensures data confidentiality while encryption ensures data integrity

Feedback: Incorrect. Hashing is used to ensure data integrity and to verify data, while encryption
ensures data confidentiality.

E: Both encryption and hashing can be used to decrypt data

Feedback: Incorrect. Only encryption can be used to decrypt data. Hashing is a one-way function and
cannot be reversed.

Question 140 - text match, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Explore vulnerabilities in SSL, TLS, and poor key management and review
strategies to mitigate these issues.

What protocol is used alongside SSL for securing network communication? Please answer in all
lowercase.

*A: tls

Feedback: Correct! TLS is used together with SSL for secure network communication.

Default Feedback: Incorrect. Review the protocols used with SSL for secure communication.

Question 141 - multiple choice, shuffle, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Explore vulnerabilities in SSL, TLS, and poor key management and review
strategies to mitigate these issues.

What is a primary vulnerability associated with SSL?

*A: Weak encryption algorithms

Feedback: Correct! SSL is known for having vulnerabilities related to weak encryption algorithms.

B: Excessive bandwidth consumption

Feedback: Incorrect. SSL's primary vulnerabilities are not related to bandwidth consumption.

C: Lack of support for mobile devices

Feedback: Incorrect. SSL vulnerabilities are not primarily about device support.

D: Incompatibility with modern web browsers

Feedback: Incorrect. SSL vulnerabilities are not about browser compatibility.

Question 142 - checkbox, shuffle, partial credit, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

Which of the following are common cryptographic attacks? Select all that apply.

*A: Brute force attack

Feedback: Correct! A brute force attack is a common method used to break encryption.

B: Phishing attack

Feedback: Incorrect. Phishing is a social engineering attack, not a cryptographic attack.

*C: Man-in-the-middle attack

Feedback: Correct! A man-in-the-middle attack can intercept communication and, when exploiting
cryptographic weaknesses to decrypt or alter messages, is considered a cryptographic attack.

D: SQL injection

Feedback: Incorrect. SQL injection is a database attack, not a cryptographic attack.

*E: Chosen-plaintext attack

Feedback: Correct! In a chosen-plaintext attack, the attacker can choose arbitrary plaintexts to be
encrypted and obtain the corresponding ciphertexts.

Question 143 - multiple choice, shuffle, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Describe the role of cryptanalysis, its techniques, and its use in strengthening and
attacking cryptographic systems.

Which of the following best describes cryptanalysis in the context of cybersecurity?

A: The study of encryption algorithms to improve their security

Feedback: This answer is incorrect. Cryptanalysis focuses on breaking encryption rather than improving
it.
*B: The process of breaking cryptographic codes to gain unauthorized access

Feedback: Correct! Cryptanalysis involves breaking cryptographic codes to understand or retrieve the
original information.

C: The creation of cryptographic algorithms to protect data

Feedback: This answer is incorrect. Cryptanalysis is not about creating encryption but rather about
breaking it.

D: The management of cryptographic keys to ensure data security

Feedback: This answer is incorrect. Key management is a part of cryptography but not cryptanalysis.

Question 144 - text match, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

What is the name of the process of converting plain text into an unreadable format using a key? Please
answer in all lowercase.

*A: encryption

Feedback: Correct! Encryption is the process of converting plain text into an unreadable format using a
key.

Default Feedback: Incorrect. The process you are looking for involves converting readable information
into an unreadable format using a key.

Question 145- multiple choice, shuffle, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Review common cryptographic attacks and the threat they pose to data security.

Which cryptographic attack involves attempting all possible keys until the correct one is found?

*A: Brute-force attack

Feedback: Correct! A brute-force attack involves trying all possible keys until the correct one is found.

B: Man-in-the-middle attack
Feedback: Incorrect. A man-in-the-middle attack involves intercepting communication between two
parties.

C: Replay attack

Feedback: Incorrect. A replay attack involves capturing and reusing valid data transmission.

D: Side-channel attack

Feedback: Incorrect. A side-channel attack exploits physical implementations of cryptographic

algorithms.

Question 146 - checkbox, shuffle, partial credit, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Describe the role of cryptanalysis, its techniques, and its use in strengthening and
attacking cryptographic systems.

Select all the cryptographic techniques that are used for securing communication over networks.

*A: SSL/TLS

Feedback: Correct! SSL/TLS protocols are used to secure communications over networks.

B: SHA-256

Feedback: Incorrect. SHA-256 is a hashing algorithm used for integrity, not directly for securing
communication.

*C: RSA

Feedback: Correct! RSA is an asymmetric encryption algorithm used for securing data transmission.

D: CBC (Cipher Block Chaining)

Feedback: Incorrect. CBC is a mode of operation for block ciphers, not a standalone technique used for
securing communication.

*E: Diffie-Hellman

Feedback: Correct! Diffie-Hellman is used for secure key exchange over an insecure communication
channel.

Question 147 - multiple choice, shuffle, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Differentiate between symmetric and asymmetric encryption.

What is the main advantage of asymmetric encryption over symmetric encryption?

*A: It eliminates the need to share the encryption key securely.

Feedback: Correct! Asymmetric encryption uses a pair of keys, eliminating the need to securely share
the encryption key.

B: It is faster in terms of encryption and decryption speed.

Feedback: Incorrect. Asymmetric encryption is generally slower than symmetric encryption.

C: It uses shorter keys which are more secure.

Feedback: Incorrect. Asymmetric encryption tends to use longer keys for security.

D: It converts plaintext into ciphertext using a hash function.

Feedback: Incorrect. Hash functions are a different concept and not specific to asymmetric encryption.

Question 148 - checkbox, shuffle, partial credit, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Differentiate between symmetric and asymmetric encryption.

Which of the following algorithms are asymmetric encryption algorithms?

*A: RSA

Feedback: Correct! RSA is an example of an asymmetric encryption algorithm.

B: AES

Feedback: Incorrect. AES is a symmetric encryption algorithm.

*C: Elliptic Curve Cryptography (ECC)

Feedback: Correct! ECC is another example of an asymmetric encryption algorithm.

D: DES

Feedback: Incorrect. DES is a symmetric encryption algorithm.

*E: Diffie-Hellman

Feedback: Correct! Diffie-Hellman is used for key exchange in asymmetric encryption.

Question 149 - text match, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

What is the process of converting ciphertext back into plaintext called? Please answer in all lowercase.

*A: decryption

Feedback: Correct! Decryption is the process of converting ciphertext back into plaintext.

*B: deciphering

Feedback: Correct! Deciphering is another term for decryption.

Default Feedback: Incorrect. Please review the concepts of encryption and decryption.

Question 150 - numeric, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Differentiate between symmetric and asymmetric encryption.

What is the recommended minimum key length (in bits) for RSA to ensure security? Round off the
answer to one decimal point.

*A: 2048.0

Feedback: Correct! The recommended minimum key length for RSA to ensure security is 2048 bits.

Default Feedback: Incorrect. Please review the recommended key lengths for RSA to ensure security.

Question 151 - checkbox, shuffle, partial credit, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Review common cryptographic attacks and the threat they pose to data security.

Which of the following are common types of cryptographic attacks?

*A: Brute-force attack

Feedback: Correct! A brute-force attack is a common type of cryptographic attack.

*B: Man-in-the-middle attack

Feedback: Correct! A man-in-the-middle attack is another type of cryptographic attack.

C: Phishing attack

Feedback: Incorrect. A phishing attack is a social engineering attack, not a cryptographic attack.

*D: Side-channel attack

Feedback: Correct! A side-channel attack is a common cryptographic attack.

E: DDoS attack

Feedback: Incorrect. A DDoS attack is a network attack, not specifically a cryptographic attack.

Question 152- multiple choice, shuffle, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Describe the role of cryptanalysis, its techniques, and its use in strengthening and
attacking cryptographic systems.

What is the primary goal of cryptanalysis in cybersecurity?

*A: To find vulnerabilities in cryptographic algorithms

Feedback: Correct! The primary goal of cryptanalysis is to find vulnerabilities in cryptographic

algorithms.

B: To create new cryptographic algorithms

Feedback: Incorrect. Creating new cryptographic algorithms is not the goal of cryptanalysis, but rather a
task for cryptographers.

C: To enhance the speed of encryption processes

Feedback: Incorrect. Enhancing the speed of encryption processes is not the primary goal of
cryptanalysis.

D: To ensure the integrity of data

Feedback: Incorrect. Ensuring the integrity of data is not the main focus of cryptanalysis.

Question 153 - multiple choice, shuffle, hard

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Explore vulnerabilities in SSL, TLS, and poor key management and review
strategies to mitigate these issues.

Which practice is essential to safeguard against cryptographic attacks?

*A: Regularly updating cryptographic keys

Feedback: Correct! Regularly updating cryptographic keys is essential to safeguard against

cryptographic attacks.

B: Using the same key for all encryption processes

Feedback: Incorrect. Using the same key for all encryption processes is not a good practice.

C: Disabling encryption during off-peak hours

Feedback: Incorrect. Disabling encryption during off-peak hours is not a recommended practice.

D: Ignoring minor vulnerabilities in cryptographic algorithms

Feedback: Incorrect. Ignoring minor vulnerabilities is not advisable.

Question 154 - text match, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Explore vulnerabilities in SSL, TLS, and poor key management and review
strategies to mitigate these issues.

What protocol is commonly used to secure communications over the internet by using encryption?
Please answer in all lowercase.

*A: ssl

Feedback: Correct! SSL is commonly used to secure communications over the internet.

*B: tls

Feedback: Correct! TLS is also commonly used to secure communications over the internet.
Default Feedback: Incorrect. Please review the protocols used to secure communications over the
internet.

Question 155 - multiple choice, shuffle, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Describe the role of cryptanalysis, its techniques, and its use in strengthening and
attacking cryptographic systems.

Which of the following best describes the primary purpose of cryptanalysis?

*A: To decrypt messages without access to the key

Feedback: Correct! Cryptanalysis aims to decrypt messages without knowing the key.

B: To manage cryptographic keys in a secure manner

Feedback: Incorrect. Key management involves the creation, exchange, storage, and disposal of
cryptographic keys.

C: To securely hash sensitive data

Feedback: Incorrect. Hashing is the process of converting data into a fixed-size string of characters,
which is typically a digest that cannot be reversed.

D: To encrypt data to ensure confidentiality

Feedback: Incorrect. Encryption is the process of converting data into an unreadable format to protect its
confidentiality.

Question 156 - multiple choice, shuffle, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

What is the primary purpose of hashing in the context of cryptography?

A: To ensure data confidentiality

Feedback: Incorrect. Hashing is not primarily designed to ensure data confidentiality.

*B: To generate a unique digital fingerprint of data

Feedback: Correct! Hashing generates a unique digital fingerprint of data, ensuring data integrity.

C: To encrypt data for secure transmission

Feedback: Incorrect. Hashing does not encrypt data; it generates a fixed-size hash value.

D: To provide a means for secure key exchange

Feedback: Incorrect. Hashing does not provide a means for secure key exchange.

Question 157 - checkbox, shuffle, partial credit, hard

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Differentiate between symmetric and asymmetric encryption.

Which of the following statements about symmetric and asymmetric encryption are correct?

*A: Symmetric encryption uses the same key for encryption and decryption.

Feedback: Correct! Symmetric encryption indeed uses the same key for both encryption and decryption.

B: Asymmetric encryption is generally faster than symmetric encryption.

Feedback: Incorrect. Asymmetric encryption is generally slower than symmetric encryption due to its
computational complexity.

*C: Asymmetric encryption uses a pair of keys for encryption and decryption.

Feedback: Correct! Asymmetric encryption uses a public key for encryption and a private key for
decryption.

*D: Symmetric encryption is best suited for encrypting large amounts of data.

Feedback: Correct! Symmetric encryption is often used for encrypting large amounts of data due to its
speed.

Question 158 - text match, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Describe the role of cryptanalysis, its techniques, and its use in strengthening and
attacking cryptographic systems.

What is the term for attacking a cryptosystem by analyzing its physical side effects? Please answer in all
lowercase.
*A: sidechannel

Feedback: Correct! Side-channel attacks analyze physical side effects.

*B: side-channel

Feedback: Correct! Side-channel attacks analyze physical side effects.

*C: side channel

Feedback: Correct! Side-channel attacks analyze physical side effects.

Default Feedback: Incorrect. This type of attack involves analyzing physical side effects like power
consumption or electromagnetic leaks.

Question 159 - checkbox, shuffle, partial credit, hard

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Review common cryptographic attacks and the threat they pose to data security.

Which of the following are key practices to safeguard against cryptographic attacks? Select all that
apply.

*A: Regularly update cryptographic algorithms and protocols

Feedback: Correct! Regular updates help protect against vulnerabilities.

*B: Use long and complex cryptographic keys

Feedback: Correct! Long and complex keys are harder to break.

C: Reuse cryptographic keys for multiple purposes

Feedback: Incorrect. Reusing keys can make them more vulnerable to attacks.

*D: Store cryptographic keys in secure hardware modules

Feedback: Correct! Secure hardware modules help protect keys from being stolen.

E: Publish cryptographic keys online for transparency

Feedback: Incorrect. Publishing keys online exposes them to attacks.

Question 160 - multiple choice, shuffle, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Explore vulnerabilities in SSL, TLS, and poor key management and review
strategies to mitigate these issues.

What is the primary role of SSL and TLS in network security?

*A: To encrypt data transmitted over the internet

Feedback: Correct! SSL and TLS encrypt data to secure communication over the internet.

B: To manage user authentication and authorization

Feedback: Incorrect. SSL and TLS focus on encryption, not user management.

C: To serve as firewalls blocking unauthorized access

Feedback: Incorrect. Firewalls and SSL/TLS serve different security functions.

D: To scan and remove malware from the network

Feedback: Incorrect. Malware scanning is not a function of SSL/TLS.

Question 161 - multiple choice, shuffle, hard

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Review common cryptographic attacks and the threat they pose to data security.

Which of the following cryptographic attacks exploits the predictable nature of the encryption algorithm
to decrypt data?

*A: Chosen-plaintext attack

Feedback: Correct! A chosen-plaintext attack exploits the predictable nature of the encryption algorithm.

B: Brute force attack

Feedback: Incorrect. A brute force attack tries all possible keys but does not exploit predictability.

C: Replay attack

Feedback: Incorrect. A replay attack reuses valid data transmission.

D: Side-channel attack
Feedback: Incorrect. A side-channel attack gathers information from the physical implementation of a
cryptosystem.

Question 162 - numeric, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Explore vulnerabilities in SSL, TLS, and poor key management and review
strategies to mitigate these issues.

What is the minimum length (in bits) recommended for SSL/TLS keys to be considered secure in 2023?
Round off the answer to one decimal point.

*A: 2048.0

Feedback: Correct! As of 2023, 2048 bits is considered the minimum length for SSL/TLS keys to ensure
security.

Default Feedback: Incorrect. Refer to the latest SSL/TLS key length recommendations for 2023.

Question 163 - checkbox, shuffle, partial credit, hard

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Review common cryptographic attacks and the threat they pose to data security.

Which of the following are common cryptographic attacks? (Select all that apply)

*A: Man-in-the-Middle Attack

Feedback: Correct! Man-in-the-Middle attacks can exploit weaknesses in cryptographic protocols to

intercept or alter encrypted communications, making them a common cryptographic attack.

*B: Padding Oracle Attack

Feedback: Correct! Padding Oracle Attack is a known cryptographic attack that exploits vulnerabilities
in encryption padding schemes.

C: Denial of Service Attack

Feedback: correct. Denial of Service attacks focus on overwhelming systems to disrupt availability, not
on breaking cryptographic systems.

D: Phishing Attack
Feedback: Phishing attacks are social engineering methods aimed at deceiving users to obtain
credentials, not cryptographic attacks.

Question 164 - text match, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

What term describes the practice of hiding messages within other non-secret text or data? Please answer
in all lowercase.

*A: steganography

Feedback: Correct! Steganography is the practice of hiding messages within other non-secret text or
data.

Default Feedback: Incorrect. Please review the section for better understanding.

Question 165 - multiple choice, shuffle, easy

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

Which term describes the process of converting ciphertext back into plaintext?

*A: Decryption

Feedback: Correct! Decryption is the process of converting ciphertext back into plaintext.

B: Encryption

Feedback: Incorrect. Encryption is the process of converting plaintext into ciphertext.

C: Cryptanalysis

Feedback: Incorrect. Cryptanalysis is the study and practice of finding weaknesses in cryptographic
algorithms.

D: Hashing

Feedback: Incorrect. Hashing is the process of converting data into a fixed-size string of characters.
Question 166 - multiple choice, shuffle, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Identify the essential components of modern cybersecurity practices: encryption,
decryption, and hashing.

Which of the following best explains how the Advanced Encryption Standard (AES) works?

*A: AES uses a private key for both encryption and decryption, and it operates on fixed-size blocks of
data.

Feedback: Correct! AES uses the same key for both encryption and decryption and operates on blocks of
data.

B: AES uses a pair of public and private keys and encrypts data in a stream rather than blocks.

Feedback: Incorrect. AES uses a single key for both encryption and decryption and operates on blocks
of data, not streams.

C: AES uses hashing to ensure data integrity and encrypts data with a private key.

Feedback: Incorrect. AES does not use hashing; it uses symmetric encryption with a private key for both
processes.

D: AES encrypts data using a public key and decrypts data with a different private key.

Feedback: Incorrect. AES uses the same key for both encryption and decryption, not a pair of keys.

Question 167 - multiple choice, shuffle, medium

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Review common cryptographic attacks and the threat they pose to data security.

Which of the following statements correctly describes a cryptographic attack known as a brute-force
attack?

*A: An attacker tries all possible keys until the correct one is found.

Feedback: Correct! A brute-force attack involves trying all possible keys until the right one is
discovered.

B: An attacker intercepts a communication and alters its content without detection.

Feedback: Incorrect. This describes a man-in-the-middle attack, not a brute-force attack.

C: An attacker uses a mathematical technique to find a weakness in the encryption algorithm.

Feedback: Incorrect. This describes a cryptanalytic attack, not a brute-force attack.

D: An attacker exploits software vulnerabilities to decrypt sensitive data.

Feedback: Incorrect. This describes an exploitation-based attack, not a brute-force attack.

Question 168 - checkbox, shuffle, partial credit, hard

Question category: Module: Cryptography: Principles and Techniques

Learning objective: Explore vulnerabilities in SSL, TLS, and poor key management and review
strategies to mitigate these issues.

Identify the strategies that can mitigate vulnerabilities associated with SSL, TLS, and key management.

*A: Using strong, unique keys for each session.

Feedback: Correct! Using strong, unique keys for each session reduces the risk of key reuse attacks.

*B: Regularly updating and patching software to address vulnerabilities.

Feedback: Correct! Keeping software updated helps mitigate known vulnerabilities.

*C: Implementing multifactor authentication for accessing encrypted data.

Feedback: Correct! Multifactor authentication adds an additional layer of security.

D: Using weak ciphers to ensure faster performance.

Feedback: Incorrect. Using weak ciphers compromises security and should be avoided.

E: Disabling certificate validation to speed up the connection process.

Feedback: Incorrect. Disabling certificate validation exposes the system to man-in-the-middle attacks.