Priya Dogra – Certification | Jobs | Internships
Related Articles
Question 1: Health information, Credit Card Numbers, Social Security Numbers and Intellectual Property (IP) are examples for
- Administrative Account
- User Account
- Sensitive data that the organization should protect
- Public Information
Question 2: In what ways attackers can use the Privileges to install software on a server machine?
- Install Malware
- Uninstall the Antivirus
- Retrieve the domain controller password
- Connect to C2 Server
Question 3: _______ infects the computer by visiting a website that is running malicious code.
- Social Engineering
- Drive-by-Download method
- Spear-Phishing method
- Social Engineering
Question 4: The first step of a targeted attack is ________.
- External Reconnaissance – Attackers collect data that will help them to attack the organization
- Cyber attackers use a mix method (Spear-Phishing, Drive-by-Download) to breach the organization
- Lateral movement within the organization to take control of additional machines
- Internal Reconnaissance – Attackers collect data inside the network that will help to get to their goal.
Question 5: Organizations should remove local admin rights from standard users.
- True
- False
Question 6: ______ are used by applications to access databases and provide access to other applications.
- User Account
- Local Admin Accounts
- Service Accounts
- Application accounts
Question 7: Monitoring privileged session activity is only recommended for contractors?
- True
- False
Question 8: The “new era” of information technology operations has opened the door to possibilities for various attack vectors to exploit and compromise business. Which of the following are examples of the new risks?
- Employees can take their laptops home or use their own devices at work
- Employee may print sensitive data such as credit card numbers
- Enterprises open their networks to partners and contractors to provide access to business-critical resources
- Many organizations have adopted the cloud infrastructure and social media platforms to conduct and facilitate business.
Question 9: ______ are typically used by the IT staff to perform maintenance or to set up new workstations
- User Accounts
- Local Admin Accounts
- Service Accounts
- Application Accounts
Question 10: Organizations should change administrative password frequently
- True
- False
Question 11: _____ is when attackers manipulate people so they give up confidential information or passwords.
- Social Engineering
- Zero-day- Attacks
- Drive-by-Download method
- Spear-phishing method
Question 12: A successful phishing attack, that caused infiltration of data is an example of _______.
- Unintentional Insiders
- Zero-day Attack
- Malicious Insider
- Exploited Insiders
Question 13: Organizations should analyze user and account behavious to detect anomalous activity
- True
- False
Question 14: ______ may simply take a wrong or careless decision, accidentally delete or modify critical information or lose a laptop with sensitive information.
- Malicious Insiders
- Unintentional Insiders
- Exploited Insiders
- Attackers
Question 15: Organizations should proactively secure and monitor the ise of high-value accounts.
- True
- False
Question 16: Organizations should wait with patching systems until all zero-days exploits are known
- True
- False
Question 17: What are the guiding principles of the CyberArk Blueprint for Privileged Access Management Success?
- Prevent Credential Theft
- Stop Lateral & Vertical Movement
- Limit Privilege Escalation & Abuse
- Protect Against Irreversible Network Takeover Attacks
Question 18: Which of the following answers is a characteristic of a Targeted Attack?
- The attackers try to attack everyone, organizations and individuals in order to get as much money as possible.
- Most of the attacks are unintentional and are caused by an employee that took a careless decision
- The attack is persistent, and the attackers coordinate activities to stay undetected
- The attackers don’t need to spend lots of effort in ensuring that the attack continues after reaching the end-point
Question 19: What are Blueprint’s recommendations based on?
- Decades of Implementation Experience
- Red Team & Incident Response Experience
- PCI-DSS, HIPPA, & SOX
- Stakeholder Interviews & Questionnaires
Question 20: Which account is super user account that an application or service uses to interact with the operating system?
- Administrative Account
- Any User Account
- Service Account
- Root Account
Question 21: ______ may be tricked by external parties into sharing data or passwords.
- Attackers
- Malicious Insiders
- Exploited Insiders
- Unintentional Insiders
Question 22: Which of the following approaches are good ways to identify Phishing emails?
- Don’t Trust the display name
- Hover over the links to see the full URL
- Check for spelling mistakes
- Click on the Attachment
Question 23: ______ includes an email scam that targets individuals within an organization.
- Drive-by-Download method
- Zero-day Attacks
- Social Engineering
- Spear-phishing method
Question 24: What is difference between Malware and Ransomware?
- Ransomware is a type of Malware
- Malware is a type of Ransomware
- The sources of Ransomware is always Phishing emails
- Ransomware needs Privileged Accounts to be successful
Question 25: Which account is a special user account that an application or service uses to interact with the operating system?
- Administrative Account
- Service Account
- Root Account
- Any User Account
Question 26: Organizations should encourage users to be suspicious of unexpected emails.
- True
- False
Question 27: Which accounts are considered privileged accounts?
- Elevated personal user accounts
- End-point account with controlled access
- Shared privileged accounts
- Application accounts
Question 28: What is typical ration between privilege account and the number of employees in an organization?
- Less employees than privileged accounts
- More employees than privileged accounts
- 1:1. Every employees has a singled privileged accounts
Question 29: ____ will deliberately steal information or cause damage.
- Malicious Insiders
- Attackers
- unintentional Insiders
- Exploited Insiders
