24 + Interview Questions in Security Assessment in Important Topics Page 1 InterviewSolution

1.	Which of the following should be covered under the security policy?
Answer» Which of the FOLLOWING should be covered under the SECURITY policy? Choose the correct option from below list (1)Security update timelines (2)PASSWORD MANAGEMENT policies (3)Data backup plans (4)All of these (5)Security strategies Answer:-(4)All of these

Discussion

2.	Which of the following best finds uncommon and eccentric issues?
Answer» Which of the following best FINDS uncommon and eccentric issues? Choose the correct OPTION from below list (1)Penetration Testing (2)Threat Modeling (3)BUG Bounty (4)Vulnerability Assessment (5)RED Team Assessment Answer:-(3)Bug Bounty

Discussion

3.	A technique of testing without having any knowledge of the internal working of the application
Answer» A technique of testing without having any knowledge of the INTERNAL WORKING of the application Choose the CORRECT option from below list (1)Grey Box Testing (2)White Box Testing (3)BLACK Box Testing Answer:-(3)Black Box Testing

Discussion

4.	A type of attack that depends on human error rather than on vulnerabilities in the system.
Answer» A type of attack that DEPENDS on human error rather than on vulnerabilities in the system. Choose the correct option from below list (1)Social Engineering attacks (2)BIRTHDAY attack (3)Drive-by attack (4)Zero DAY attack Answer:-(1)Social Engineering attacks

Discussion

5.	During the scanning phase of pen testing, which of the following method analyzes an application s code to determine its behavior during runtime?
Answer» During the SCANNING PHASE of pen testing, which of the following method analyzes an applications CODE to determine its behavior during runtime? Choose the correct option from below LIST (1)DYNAMIC analysis (2)active analysis (3)Static analysis (4)inactive analysis Answer:-(3)Static analysis

Discussion

6.	The risk level decreases with increase in the likelihood of potential risk.
Answer» The RISK level decreases with increase in the LIKELIHOOD of POTENTIAL risk. Choose the CORRECT option from below list (1)True (2)FALSE Answer:-(2)False

Discussion

7.	Reconnaissance in information security is used for _______________
Answer» RECONNAISSANCE in information SECURITY is used for _______________ Choose the CORRECT option from below list (1)Security reviews (2)Information Analysis (3)Information Gathering (4)Security Testing Answer:-(3)Information Gathering

Discussion

8.	Assessing security and auditing security mean the same thing.
Answer» Assessing SECURITY and auditing security mean the same thing. Choose the correct OPTION from below list (1)FALSE (2)True Answer:-(1)False

Discussion

9.	Which of the following exploits psychological manipulation in deceiving users to make security mistakes?
Answer» Which of the FOLLOWING EXPLOITS psychological MANIPULATION in deceiving users to make security mistakes? Choose the correct option from below LIST (1)FOOTPRINTING (2)Reconnaissance (3)Social Engineering (4)Fingerprinting Answer:-(3)Social Engineering

Discussion

10.	A type of computer attack that in which the intruder engages with the targeted system is known as _______________
Answer» A type of COMPUTER ATTACK that in which the intruder engages with the targeted system is known as _______________ CHOOSE the correct option from below list (1)Passive RECONNAISSANCE (2)Active Reconnaissance (3)White Box Assessment (4)Red TEAM Assessment Answer:-(2)Active Reconnaissance

Discussion

11.	Which among the following companies have bug bounty programs?
Answer» Which among the following companies have bug BOUNTY programs? Choose the correct option from below list (1)FACEBOOK (2)Google (3)MICROSOFT (4)All of these (5)Mozilla Answer:-(4)All of these

Discussion

12.	The type of security assessment that aims to test the organization's detection and response capabilities
Answer» The TYPE of security assessment that aims to test the organizations detection and response capabilities Choose the CORRECT option from below list (1)Threat Assessment (2)Red TEAM Assessment (3)Penetration Testing (4)Vulnerability Assessment Answer:-(2)Red Team Assessment

Discussion

13.	A process that aims to gain information about a system without directly engaging with the system is known as _______________
Answer» A process that aims to gain information about a SYSTEM without DIRECTLY engaging with the system is known as _______________ CHOOSE the correct option from below list (1)Active Reconnaissance (2)White BOX Testing (3)PASSIVE Reconnaissance (4)Grey Box Testing Answer:-(3)Passive Reconnaissance

Discussion

14.	Passive fingerprinting sends and collects traffic to/from the target system.
Answer» PASSIVE fingerprinting SENDS and COLLECTS traffic to from the target system. Choose the correct option from below list (1)True (2)False Answer:-(2)False

Discussion

15.	Which of the following can be considered as a sound example of social engineering attack?
Answer» Which of the following can be considered as a sound example of social engineering attack? Choose the correct option from below list (1)Accessing a database with a CRACKED password (2)An EMPLOYEE giving door access to an unknown person. (3)Installing a hardware keylogger on an employee s system to CAPTURE PASSWORDS (4)Calling the help desk and tricking them to reset the password for a USER account Answer:-(4)Calling the help desk and tricking them to reset the password for a user account

Discussion

16.	Which of the following is best used for penetration testing?
Answer» Which of the following is best used for penetration testing? Choose the CORRECT OPTION from below list (1)GREY Box Testing (2)White Box Testing (3)BLACK Box Testing Answer:-(3)Black Box Testing

Discussion

17.	Which of the following aims to integrate the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red T
Answer» Which of the FOLLOWING aims to integrate the defensive TACTICS and controls from the Blue Team with the threats and vulnerabilities FOUND by the Red Team into a single objective? Choose the correct option from below list (1)Green Team (2)Purple Team (3)Black Team (4)Master Security Team Answer:-(2)Purple Team

Discussion

18.	Which of the following assessment type works to determine whether a threat made/detected, is genuine?
Answer» Which of the following assessment type works to determine WHETHER a threat made DETECTED, is genuine? Choose the correct option from below list (1)Threat Modeling (2)Penetration Testing (3)Threat Assessment (4)Risk Assessment Answer:-(3)Threat Assessment

Discussion

19.	Which among the following involves evaluating security against a standard to check for complaince?
Answer» Which AMONG the following involves evaluating security against a STANDARD to check for complaince? Choose the correct option from below list (1)Security REVIEW (2)Securtiy Audits (3)Security assessments (4)Security Analysis (5)All of these Answer:-(2)Securtiy Audits

Discussion

20.	A type of testing with limited knowledge of the internal working of an application
Answer» A TYPE of TESTING with limited KNOWLEDGE of the INTERNAL working of an application Choose the correct option from below list (1)Grey Box Testing (2)Black Box Testing (3)White Box Testing Answer:-(1)Grey Box Testing

Discussion

21.	Which among the following aims at bringing the level of acceptable risk and the current risk level in line?
Answer» Which AMONG the following aims at bringing the level of acceptable risk and the current risk level in LINE? Choose the correct option from below list (1)Threat MODELING (2)Grey Box Assessment (3)Threat Assessments (4)Risk Assessments Answer:-(4)Risk Assessments

Discussion

22.	The process that involves analyzing entities like TCP and ICMP to identify an application or an operating system
Answer» The process that involves analyzing entities like TCP and ICMP to IDENTIFY an application or an OPERATING system Choose the correct option from below list (1)Vulnerability ANALYSIS (2)Fingerprinting (3)Reconnaissance (4)SOCIAL Engineering Answer:-(2)Fingerprinting

Discussion

23.	The type of vulnerability scan that facilitates access to low-level data.
Answer» The type of vulnerability scan that facilitates access to low level data. Choose the CORRECT option from below LIST (1)UNAUTHORIZED scan (2)Authorized Scan (3)Inactive vulnerability scan (4)ACTIVE vulnerability scan Answer:-(2)Authorized Scan

Discussion

24.	Penetration testing is also called as ethical hacking.
Answer» Penetration TESTING is also called as ethical hacking. Choose the CORRECT option from below LIST (1)False (2)True Answer:-(2)True

Discussion

Explore topic-wise InterviewSolutions in .

Which of the following should be covered under the security policy?

Which of the following best finds uncommon and eccentric issues?

A technique of testing without having any knowledge of the internal working of the application

A type of attack that depends on human error rather than on vulnerabilities in the system.

During the scanning phase of pen testing, which of the following method analyzes an application s code to determine its behavior during runtime?

The risk level decreases with increase in the likelihood of potential risk.

Reconnaissance in information security is used for _______________

Assessing security and auditing security mean the same thing.

Which of the following exploits psychological manipulation in deceiving users to make security mistakes?

A type of computer attack that in which the intruder engages with the targeted system is known as _______________

Which among the following companies have bug bounty programs?

The type of security assessment that aims to test the organization's detection and response capabilities

A process that aims to gain information about a system without directly engaging with the system is known as _______________

Passive fingerprinting sends and collects traffic to/from the target system.

Which of the following can be considered as a sound example of social engineering attack?

Which of the following is best used for penetration testing?

Which of the following aims to integrate the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red T

Which of the following assessment type works to determine whether a threat made/detected, is genuine?

Which among the following involves evaluating security against a standard to check for complaince?

A type of testing with limited knowledge of the internal working of an application

Which among the following aims at bringing the level of acceptable risk and the current risk level in line?

The process that involves analyzing entities like TCP and ICMP to identify an application or an operating system

The type of vulnerability scan that facilitates access to low-level data.

Penetration testing is also called as ethical hacking.