Questionmark Perception
Dec 02 2022 |
Logged in as : candidate
Change font size

Introduction

Introduction

This is the EXIN Cyber & IT Security Foundation (CISEF.EN) sample exam. The Rules and Regulations for EXIN’s examinations apply to this exam.

This exam consists of 40 multiple-choice questions. Each multiple-choice question has a number of possible answers, of which only one is correct.

The maximum number of points that can be obtained for this exam is 40. Each correct answer is worth 1 point. You need 26 points or more to pass the exam.

The time allowed for this exam is 60 minutes.

Good luck!





Copyright © EXIN Holding B.V. 2022. All rights reserved.
EXIN® is a registered trademark.

Question

1  of 40
A hub represents the central component, with which a star topology-based network can be built.

What is the main reason that hubs are hardly ever used anymore?

Question

2  of 40
Currently, several technologies are connected to the Internet, for example smartphones, tablets and IoT. Therefore, the number of public IP addresses will not be enough in the future.

Based on this scenario, which statement is correct?

Question

3  of 40
Which IP version best anticipates on the exhaustion of public IP addresses in the near future?

Question

4  of 40
ARP (Address Resolution Protocol) represents one of the most important network protocols in TCP/IP-based network environments.

What does ARP basically do?

Question

5  of 40
A security analyst needs to perform a forensic analysis on a computer, because this computer was used to steal strategic information from the corporate server which was sold to a competitor.

What is the key component that needs to be analyzed?

Question

6  of 40
Which CPU family was developed by Apple?

Question

7  of 40
A consultant is hired by a company that wants advice on how to organize and implement patch management. He recommends that:

1. patches should be tested first.
2. patches should be implemented as soon as possible after they are released.

What additional recommendation should he make?

Question

8  of 40
An Intrusion Detection System (IDS) can be used to monitor and filter network traffic.

From the viewpoint of detection, which main IDS types can be distinguished?

Question

9  of 40
A sandbox represents a well-known mechanism that is used for the execution of applets.

What is the main function of a sandbox?

Question

10  of 40
A software engineer is developing a web application, but the information security manager is worried about the security requirements for this application.

Which assumption made by the software engineer is correct?

Question

11  of 40
The Relational Database Management System is the dominant database management model.

What does a foreign key represent or provide?

Question

12  of 40
After an analysis, a consultant recommends to the client the implementation of a service directory to centrally manage users and groups.

What is an example of Directory Services that the client will need to implement?

Question

13  of 40
Databases are very challenging from a security perspective. One of the more risky vulnerabilities is inference.

How can inference be explained?

Question

14  of 40
Databases are important to the business, so access and activities must be monitored.

What is the main objective of Auditing monitoring?

Question

15  of 40
A digital signature is one of the most important methods to ensure the authenticity of digital information.

How is a digital signature created from the digital fingerprint (hash) of the information?

Question

16  of 40
Referring to the well-known substitution ciphers, such as Caesar's Cipher, what is the result of the word "SECURITY" encrypted through the following schema?

SCHEMA:
A = 1, B = R, C = @, D = /, E = T, I = (, R = !, S = 5, T = -, U = &, Y = X

Question

17  of 40
A network administrator sent a message signed with his private key.

Which of the following is correct?

Question

18  of 40
A governmental organization wants to ensure the integrity of information that is communicated between parties.

What is needed to achieve this?

Question

19  of 40
The Public Key Infrastructure (PKI) consists of hardware, software, protocols, procedures, policies and standards to manage the creation, the administration, the distribution and the revocation of the digital certificates and keys.

What is the purpose of a Certificate Revocation List (CRL)?

Question

20  of 40
Digital certificates represent an important component in any Public Key Infrastructure (PKI).

What should never be included in a digital certificate?

Question

21  of 40
A secure channel has been established between two hosts using TLS (Transport Layer Security) version 1.2.

Regarding this TLS, which of the following statements is correct?

Question

22  of 40
The IPSec security specification provides several methods of implementation.

For what purpose and how is the IPSec tunnel mode used?

Question

23  of 40
What does Security Assertion Markup Language (SAML) provide?

Question

24  of 40
Biometrics become ever more important as a means to verify the identity of users.

Which feature of biometrics represents a major consideration for organizations that want to implement it?

Question

25  of 40
Many organizations strive for Single Sign-on (SSO) for their users.

What is most important to consider when implementing SSO?

Question

26  of 40
What is an attacker able to do when a single salt value is used for all passwords in a database?

Question

27  of 40
In the context of authorization the principle of ‘need-to-know’ is one of the most important ones to consider.

What does the principle of ‘need-to-know’ mean?

Question

28  of 40
How many parties (minimum) have a role in an OpenID Connect authentication data flow?

Question

29  of 40
An organization is not willing to share any resources.

Which deployment model in Cloud Computing represents the most secure one?

Question

30  of 40
What is true about the public cloud?

Question

31  of 40
Identity as a Service (IDaaS) is one of the emerging service models in Cloud Computing.

What does IDaaS provide?

Question

32  of 40
An organization wants to host a web service, but does not want to deal with buying and maintaining hardware or keeping the operating system up-to-date.

What type of service model should they ask for?

Question

33  of 40
There is always a risk when a cloud provider who provides a solution such as SaaS or PaaS goes out of business.

What is this risk for the company who uses this cloud solution?

Question

34  of 40
Why would a CEO of a company want to move the key corporate systems to the cloud?

Question

35  of 40
Social engineering is one of the most successful attack methods of cybercriminals.

What is regarded as a form of social engineering?

Question

36  of 40
There are four main attack categories when it comes to exploiting vulnerabilities.

What is not one of the four main attack categories?

Question

37  of 40
A certain type of attacker knows how to write exploits, uses social engineering to gain information about their target and collects data. The motives of the attacker are unclear and the attacker is not always malicious.

What type of attacker is this?

Question

38  of 40
What tool represents a scanning tool?

Question

39  of 40
Hackers and cyber criminals usually perform their activities according to a well-structured plan.

What is the best order in which these activities are performed within a well-structured plan?

Question

40  of 40
A hacker gained access to a web server, using a carefully thought-out step-by-step plan.

Which step did he take immediately after “Penetration and access”?