Security Assessment Fresco play Answers

👊A type of computer attack that in which the intruder engages with the targeted system is known as _______________ 

 Select the appropriate answer from below options: 

 a) Passive Reconnaissance

 b) Active Reconnaissance 

 c) White Box Assessment 

 d) Red Team Assessment

👊Which among the following involves evaluating security against a standard to check for complaince? Choose the correct option from below list

 (1)Security Review

 (2)Securtiy Audits 

(3)Security assessments

(4)Security Analysis 

(5)All of these Answer:-(2)Securtiy Audits

👊A type of attack that depends on human error rather than on vulnerabilities in the system. 

Choose the correct option from below list 

(1)Social Engineering attacks

(2)Birthday attack 

(3)Drive-by attack

(4)Zero day attack 

 Answer:-(1)Social Engineering attacks

👊Assessing security and auditing security mean the same thing.

 Choose the correct option from below list 

(1)False

(2)True 

Answer:-(1)False

👊Which of the following should be covered under the security policy?

Choose the correct option from below list 

(1)Security update timelines 

(2)Password management policies

(3)Data backup plans

(4)All of these 

(5)Security strategies 

Answer:-(4)All of these

👊A technique of testing without having any knowledge of the internal working of the application

Choose the correct option from below list

(1)Grey Box Testing 

(2)White Box Testing 

(3)Black Box Testing

 Answer:-(3)Black Box Testing

👊Which of the following assessment type works to determine whether a threat made detected, is genuine? 

Choose the correct option from below list

(1)Threat Modeling 

(2)Penetration Testing 

(3)Threat Assessment

(4)Risk Assessment

 Answer:-(3)Threat Assessment

👊Which of the following best finds uncommon and eccentric issues? 

Choose the correct option from below list 

(1)Penetration Testing 

(2)Threat Modeling 

(3)Bug Bounty 

(4)Vulnerability Assessment 

(5)Red Team Assessment 

 Answer:-(3)Bug Bounty

👊A process that aims to gain information about a system without directly engaging with the system is known as _______________ 

Choose the correct option from below list

 (1)Active Reconnaissance

 (2)White Box Testing

 (3)Passive Reconnaissance

 (4)Grey Box Testing

 Answer:-(3)Passive Reconnaissance

👊Which of the following aims to integrate the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red Team into a single objective? 

Choose the correct option from below list 

(1)Green Team 

(2)Purple Team 

(3)Black Team 

(4)Master Security Team

 Answer:-(2)Purple Team

👊The type of vulnerability scan that facilitates access to low level data.

 Choose the correct option from below list

 (1)Unauthorized scan 

(2)Authorized Scan 

(3)Inactive vulnerability scan 

(4)Active vulnerability scan 

 Answer:-(2)Authorized Scan

👊Which among the following aims at bringing the level of acceptable risk and the current risk level in line?

Choose the correct option from below list

(1)Threat Modeling 

(2)Grey Box Assessment 

(3)Threat Assessments

(4)Risk Assessments 

 Answer:-(4)Risk Assessments

👊. Reconnaissance in information security is used for _________.

       A. Information Gathering

       B. Security Testing

       C. Information Analysis

       D. Security reviews

Ans : Information Gathering

👊 A type of computer attack that in which the intruder engages with the targeted system is known as _______.

       A. White Box Assessment

       B. Passive Reconnaissance

       C. Red Team Assessment

       D. Active Reconnaissance

Ans : Active Reconnaissance

👊 Which of the following should be covered under the security policy?

       A. Security update timelines

       B. Security strategies

       C. Data backup plans

       D. Password management policies

       E. All of these

Ans : All of these

👊 A type of attack that depends on human error rather than on vulnerabilities in the system.

       A. Birthday attack

       B. Social Engineering attacks

       C. Drive-by attack

       D. Zero day attack

Ans : Social Engineering attacks

👊The risk level decreases with increase in the likelihood of potential risk.

       A. True

       B. False

Ans : False

👊 Passive fingerprinting sends and collects traffic to/from the target system.

       A. True

       B. False

Ans : False

👊Which among the following companies have bug bounty programs?

       A. Microsoft

       B. Facebook

       C. Google

       D. Mozilla

       E. All of these

Ans : All of these

👊 Which of the following exploits psychological manipulation in deceiving users to make security mistakes?

       A. Fingerprinting

       B. Social Engineering

       C. Footprinting

       D. Reconnaissance

Ans : Social Engineering

👊 Which of the following assessment type works to determine whether a threat made/detected, is genuine?

       A. Risk Assessment

       B. Threat Modeling

       C. Threat Assessment

       D. Penetration Testing

Ans : Threat Assessment

👊A pen testing method in which a tester with access to an application behind its firewall imitates an attack that could be caused by a malicious insider.

       A. Static analysis

       B. External Testing

       C. Internal Testing

       D. Dynamic analysis

Ans : Internal Testing

👊 Which of the following is best used for penetration testing?

       A. White Box Testing

       B. Grey Box Testing

       C. Black Box Testing

Ans : Black Box Testing

👊Penetration testing is also called as ethical hacking.

       A. True

       B. False

Ans : True

👊 A continuous service that emulates real-world attackers for the purpose of improving the Blue Team.

       A. Red Team

       B. Black Team

       C. Purple Team

Ans : Red Team

👊The type of testing that is best done during the development life cycle process of the in-house software.

       A. White Box Testing

       B. Grey Box Testing

       C. Black Box Testing

Ans : White Box Testing

👊A valuable training exercise that provides a security team with real-time feedback from a hacker’s perspective.

       A. Targeted Testing

       B. External Testing

       C. Blind Testing

       D. Double Blind Testing

Ans : Targeted Testing

👊While performing penetration testing, which of the following method is considered to be a more practical way of scanning?

       A. Dynamic analysis

       B. Static analysis

       C. Inactive analysis

       D. Active analysis

Ans : Dynamic analysis

👊The process that involves analyzing entities like TCP and ICMP to identify an application or an operating system:

       A. Fingerprinting

       B. Social Engineering

       C. Reconnaissance

       D. Vulnerability Analysis

Ans : Fingerprinting

👊 The type of assessment that is best used to identify, classify and prioritize vulnerabilities.

       A. Vulnerability Assessment

       B. Risk Assessment

       C. Penetration Testing

       D. Security Audits

Ans : Vulnerability Assessment

👊 During the scanning phase of pen testing, which of the following method analyzes an application’s code to determine its behavior during runtime?

       A. Static analysis

       B. Dynamic analysis

       C. Inactive analysis

       D. Active analysis

Ans : Static analysis

👊 Which of the following is best used with vulnerability assessments?

       A. White Box Testing

       B. Black Box Testing

       C. Grey Box Testing

Ans : White Box Testing

👊 An independent group that challenges an organization to improve its effectiveness by pertaining an adversarial role.

       A. Black Team

       B. Red Team

       C. Blue Team

       D. Internal security team

Ans : Red Team

👊Which of the following can be considered as a sound example of social engineering attack?

       A. An employee giving door access to an unknown person

       B. Calling the help desk and tricking them to reset the password for a user account

       C. Accessing a database with a cracked passworddsa

       D. Installing a hardware keylogger on an employee’s system to capture passwords

Ans : Accessing a database with a cracked password

👊 A type of testing with limited knowledge of the internal working of an application.

       A. White Box Testing

       B. Black Box Testing

       C. Grey Box Testing

Ans : Grey Box Testing

👊 Which of the following aims to integrate the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red Team into a single objective?

       A. Green Team

       B. Black Team

       C. Purple Team

       D. Master Security Team

Ans : Purple Team

👊Which of the following cannot be exploited by remote attackers?

       A. Passive Fingerprinting

       B. Passive Reconnaissance

       C. Active Fingerprinting

       D. Active Reconnaissance

Ans : Passive Fingerprinting

   Answers for  Cybersecurity Prolouge

Thank you so much for visiting