100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CIST 2602 PRACTICE EXAM Questions With 100- Errorless Answers Latest Updates 2024 TOP GRADED $8.99   Add to cart

Exam (elaborations)

CIST 2602 PRACTICE EXAM Questions With 100- Errorless Answers Latest Updates 2024 TOP GRADED

 6 views  0 purchase
  • Course
  • CIST 1601 Ch04
  • Institution
  • CIST 1601 Ch04

CIST 2602 PRACTICE EXAM Questions With 100- Errorless Answers Latest Updates 2024 TOP GRADED

Preview 2 out of 12  pages

  • August 13, 2024
  • 12
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CIST 1601 Ch04
  • CIST 1601 Ch04
avatar-seller
TUTOR007
CIST 2602 PRACTICE EXAM Questions
With 100% Errorless Answers Latest
Updates 2024 TOP GRADED
Which of the following BEST describes an unknown penetration test? correct answers The
penetration tester has no information regarding the target or network.


EXPLANATION: An unknown penetration test (also called a black box penetration test) is when
the penetration tester has no information about the target or network. This test can be done by an
external tester and is best for simulating an outside attack that ignores insider threats.

Which type of test simulates an insider threat by giving the tester partial information about the
network and computer systems? correct answers PARTIALLY KNOWN

EXPLANATION: A partially known test (also called a grey box test) simulates an insider threat.
The penetration tester is given partial information about the network and computer systems. This
can be IP configurations, email lists, computer names, or other information an insider would
realistically have.

Which type of testing is typically done by an internal tester who has full knowledge of the
network, computer system, and infrastructure? correct answers KNOWN

EXPLANATION: A known test (also called a white box test) is the opposite of an unknown test
(also called a black box test). The penetration tester is given full knowledge of the network,
computer systems, and infrastructure.

Threats are usually ranked from high to low. A higher number indicates a dangerous threat. A
lower number indicates threats that may be annoyances but aren't necessarily malicious in nature.
What is this high-to-low scale known as? correct answers CONFIDENCE LEVEL'

EXPLANATION:When reviewing threat feeds, you may notice a confidence-level rating. Higher
numbers indicate higher threat potential. Low numbers indicate threats that may be annoyances,
but aren't necessarily malicious in nature.

There are five phases in the security intelligence life cycle. During which phase do you gather
and process information from your internal sources, such as system and application logs? correct
answers COLLECTION

EXPLANATION: The collection phase is when you start pulling information from your
previously identified sources. Information can then be gathered from internal sources, such as

, system and application logs. Additional information can be pulled from external, open-, or
closed-sourced sources.

Which type of intelligence helps security professionals respond to incidents or make decisions on
the spot? correct answers TACTICAL INTELLIGENCE

EXPLANATION:
Tactical intelligence helps security professionals respond to incidents or make decisions on the
spot.

Sophisticated attacks executed by highly skilled hackers with a specific target or objective in
mind are classified as which type of threat? correct answers ADVANCED PERSISTENT
THREAT

EXPLANATION: Advanced persistent threats are sophisticated, continuous hacking campaigns.
The goal of these campaigns is usually to gain access to a system and to gather information or
cause trouble for as long as possible. These attacks are usually executed by highly skilled
hackers who have a specific target or objective in mind. They are often sponsored by government
entities or criminal organizations with deep pockets.

Threats that do not have an existing fix, do not have any security fixes, and do not have available
patches are called what? correct answers ZERO DAY THREATS

EXPLANATION: Zero-day threats are threats that do not have an existing fix. They are not
included in any security scans, and there are no patches available to protect a system from them.

Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that
he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously
alerted the owner and instructed them on how to secure the system. Which type of hacker is
Miguel in this scenario? correct answers SEMI-AUTHORIZED

EXPLANATION: A semi-authorized hacker (also called a grey hat hacker) is something
between an authorized and unauthorized hacker. A semi-authorized hacker may cross ethical
lines, but he or she usually has good intentions and isn't malicious like an unauthorized hacker.

Threat actors can be divided into different types based on their methods and motivations. Which
type of hacker usually targets government agencies, corporations, or other entities they are
protesting? correct answers HACKTIVIST

EXPLANATION: Hacktivists often target government agencies, corporations, or other entities
they are protesting. Hacktivists are known for defacing websites and executing denial-of-service
attacks. Their main purpose is to protest others' actions and campaign for public attention.

During which phase of the Kill Chain framework does an intruder extract or destroy data?
correct answers Action on Objectives

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller TUTOR007. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $8.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79271 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$8.99
  • (0)
  Add to cart