AI-based Cybersecurity Training

11 1

Which of the following test is not a penetration test ?

A

White Box Test

B

Grey Box Test

C

Functional test

D

Black Box Test

14 2

Which of the following set of IT tools should you use to test your IT system against FTP server attacks ?

A

Computer with network cards, Linux operating system and Metasploit Framework software

B

Hardware traffic generator with Multiping software

C

VirtualBox software with dedicated toolboxes

D

Wireshark and Burp Suite software

7 3

What is it called when a machine learning model learns patterns in the training data very well but loses the ability to generalize to new, unseen data?

A

Underfitting

B

Overfitting

C

Bias (Bias)

D

Variance

22 4

What types of steganography you can indicate?

A

Text and image steganography

B

Watermarking

C

Audi codecs

D

Cryptography

27 5

What is a common method used in brute force attacks to compromise passwords?

A

Sending phishing emails to users

B

Using a list of common passwords to guess credentials

C

Automatically generating and trying every possible password combination

D

Intercepting passwords through unsecured network connections

1 6

In the realm of cybersecurity, hacking refers to the misuse of devices (such as computers, smartphones, tablets) and networks to?

A

Damage or corrupt systems.

B

Gather information on users.

C

Give away data and documents.

D

Carry out data-related activities.

15 7

At a certain technology company, executives want to test what is the vulnerability of the system to attacks launched from an external computer network? Having developed a test scenario, she wants these tests to be carried out periodically without much involvement of the technical staff, and without time-consuming analysis of the technical documentation of the information system supporting the company's operations. Which type of penetration test will be most suitable for this company?

A

White Box Test

B

Grey Box Test

C

Functional test

D

Black Box Test

6 8

Which of the following scenarios best exemplifies the application of supervised learning?

A

A recommendation system suggesting products based on a user's past purchases.

B

A clustering algorithm grouping similar images together.

C

A reinforcement learning agent learning to play a game through trial and error.

D

A chatbot understanding and responding to natural language queries.

3 9

Which of the following principles of Information Security ensures that information is accessible only to those authorized?

A

Confidentiality

B

Availability

C

Integrity

D

Authentication

20 10

You are dealing with a network issue where a server is experiencing slow response times. You suspect it might be due to excessive traffic on a particular port. Which tcpdump command would be most helpful in confirming this?

A

tcpdump -n dst

B

tcpdump to e

C

tcpdump -v icmp

D

tcpdump -w

10 11

In an e-commerce company, you want to develop a machine learning model to make predictions about whether customers will buy a product or not. In addition to product features, you have various data such as demographic information of customers, past shopping behaviors and interactions on the website. Which of the following algorithms might be best suited for this scenario?

A

Linear Regression

B

KNN

C

Random Forests

D

None of the above

26 12

Which of the following is the primary objective of password security?

A

To increase the speed of the internet connection

B

To protect personal and organizational data from unauthorized access

C

To simplify user authentication

D

To reduce the complexity of login procedures

28 13

A company is concerned about potential brute force attacks on its internal network. Based on what you know about password security, which of the following actions would best protect the company from this type of attack?

A

Allowing employees to use complex passwords that are a minimum of 8 characters long

B

Limiting the number of failed login attempts before locking the account for a specific period

C

Requiring employees to change their passwords every 6 months, regardless of length or complexity

D

Implementing single-factor authentication to reduce password management complexity

38 14

An AI-powered system in a hospital can diagnose diseases and make clinical decisions by analysing patients' heart rhythms, blood values, and laboratory test results. In this case, which of the subfields of artificial intelligence included in the above comments is considered the most important component of this system?

A

Natural Language Processing

B

Expert Systems

C

Computer Vision

D

Fuzzy Logic

8 15

An AI-powered system in a hospital can diagnose disease and make clinical decisions by analyzing patients' heart rhythms, blood values, and laboratory test results. In this case, which of the subfields of artificial intelligence included in the notes above is considered the most important component of this system?

A

Natural Language Processing

B

Expert Systems

C

Computer Vision

D

Fuzzy Logic

49 16

An attacker who performs an ARP poisoning attack on a network both updates the ARP table of the target computer and performs a man-in-the-middle attack. Which of the following situations occurs as a result of this attack?

A

By inserting incorrect IP-MAC mappings into the target computer's ARP table, an attacker can redirect all traffic to his or her computer, allowing him or her to read or modify packets sent by the target computer. At the same time, it can interrupt communication between the two devices and create false communication.

B

The attacker updates the target computer's ARP table, and all traffic on the target computer's network is routed to the correct addresses. There is no man-in-the-middle attack.

C

The attacker leaves false information in the ARP table, but affects not only the traffic of the target computer, but also the traffic of other devices on the network.

D

The attacker only forwards the packets from the target computer and does not modify the ARP table. It does not perform a man-in-the-middle attack.

19 17

An attacker who performs an ARP poisoning attack on a network both updates the ARP table of the target computer and performs a man-in-the-middle attack. Which of the following occurs as a result of this attack?

A

By inserting incorrect IP-MAC mappings into the target computer's ARP table, an attacker can redirect all traffic to his or her computer, allowing him to read or modify packets sent by the target computer. At the same time, it can interrupt communication between the two devices and create a false communication.

B

The attacker updates the target computer's ARP table, and all traffic on the target computer's network is routed to the correct addresses. There is no man-in-the-middle attack.

C

The attacker leaves false information in the ARP table, but affects not only the traffic of the target computer, but also the traffic of other devices on the network.

D

The attacker only forwards the packets of the target computer and does not modify the ARP table. It doesn't do a man-in-the-middle attack.

170 18

Is the use of penetration testing mandatory when securing an IT system?

A

Yes, this is a mandatory process.

B

Testing is not mandatory, but it helps identify threats and vulnerabilities in the system that should be identified and secured.

C

Performing penetration tests is sufficient to secure the system and is always mandatory.

D

Penetration tests are not required and are performed in very exceptional cases.

58 19

A company is concerned about potential brute force attacks on its internal network. Based on what you know about password security, which of the following actions would best protect the company against this type of attack?

A

Allow employees to use complex passwords that are at least 8 characters long

B

Limit the number of failed login attempts before the account is locked for a certain period of time

C

Require employees to change their passwords every 6 months, regardless of length or complexity

D

Implementation of single sign-on to reduce the complexity of password management

24 20

Which of the following scenarios best illustrates a case where symmetric encryption might be more appropriate than asymmetric encryption?

A

Signing documents to ensure their authenticity

B

Secure communication between a server and a web browser

C

Sending encrypted emails to multiple recipients

D

Encrypting large amounts of data stored on an external drive

12 21

Which of the following sentences is true for Black Box Tests?

A

Includes testing a system or application with complete insight into its internal structure and functionality.

B

Can be somewhat influenced by prior knowledge, but less so compared to white box testing.

C

It offers a broader assessment, evaluating the application or system from the viewpoint of an external attacker without any assumptions or internal knowledge.

D

None

35 22

What is the primary role of an Information Security Specialist in an organisation?

A

Implement technical solutions such as firewalls and encryption.

B

Manage the organisation's financial resources.

C

Ensuring the physical security of the company's buildings.

D

None of the above

23 23

The purpose of encryption is to ensure data confidentiality. This is especially important in the case of confidential correspondence. Can asymmetric encryption be used to send emails?

A

Yes

B

No

18 24

A company's IT team noticed an unusual increase in traffic on their network. The following are some data and observations on network traffic: Traffic Growth: In the last 24 hours, 400% more data traffic was observed on the company's network than usual. Source IP Addresses: Most of the traffic originates from IP addresses coming from abroad. Destination Servers: Most of the traffic is routed to the company's web server. Hourly Distribution: Traffic growth is intensifying, especially outside of working hours. Protocols: The majority of traffic uses HTTP and HTTPS protocols. Which of the following probabilities best describes this situation?

A

The company's website was featured on a popular blog, and there was a sudden increase in visitor traffic.

B

The company's web server has launched a new service for users abroad.

C

The company's web server has been subjected to a DDoS attack.

D

The employees of the company started to work overtime outside of working hours

9 25

Which of the following situations is suitable for the use of the K-Means Clustering algorithm?

A

To identify areas with high crime density by analyzing the crime rate in a particular region.

B

Classifying applications as high-risk and low-risk to approve or deny a bank's loan applications.

C

To determine whether there is a linear relationship between the independent variables and the dependent variable in a data set.

D

Predicting which courses a college student should take in the next semester.

29 26

An organization has noticed an increase in failed login attempts on multiple user accounts over a short period. After analyzing the network traffic, the security team identifies a pattern where numerous login attempts are made from the same IP address, using different combinations of usernames and passwords. Which of the following would be the most appropriate strategy to mitigate this threat?

A

Increase the complexity of all user passwords to include special characters and numbers

B

Implement multi-factor authentication (MFA) for all user accounts

C

Disable the IP address making the requests and reset the passwords for affected accounts

D

Increase the password expiration policy to force users to change passwords more frequently

16 27

What is Sniffing?

A

An encryption method used to analyze data packets.

B

A technique used to listen to and analyze network traffic.

C

A type of attack used to bypass firewalls.

D

A method used to physically take over network devices.

30 28

A company wants to develop a comprehensive security plan to defend against a variety of cyber threats, including password attacks, phishing attempts, and man-in-the-middle (MitM) attacks. Which combination of the following strategies would provide the most effective defense across these different threat types?

A

Implement multi-factor authentication (MFA), educate employees on recognizing phishing emails, and use encrypted communication channels

B

Require password changes every 90 days, implement firewalls, and install antivirus software

C

Encourage the use of password managers, limit employee access to sensitive data, and enforce strict password complexity rules

D

Deploy intrusion detection systems (IDS), require the use of strong passwords, and restrict access to corporate resources from public networks

4 29

The Information Security Policy is ?

A

Regularly monitoring and reviewing the effectiveness of the ISMS.

B

Defining organisational boundaries and the specific information assets to be protected.

C

Develop and maintain a formal information security policy.

D

All of the above

5 30

What is the primary role of an Information Security Specialist in an organization?

A

Implement technical solutions such as firewalls and encryption.

B

Manage the organization's financial resources.

C

Ensure physical security of the company's buildings.

D

None of the above

2 31

Which of the following statements defines the type of black hat attack?

A

Their intent is malicious.

B

They do break into security systems for harmful purposes.

C

Also known as cybercriminals or crackers.

D

Motivations do include financial gain.

21 32

What is symmetric encryption?

A

A type of encryption where the same key is used for both encryption and decryption.

B

A type of encryption where different keys are used for encryption and decryption.

C

An encryption technique that involves public and private keys.

D

An encryption method that uses multiple keys for encrypting different parts of the data.

13 33

Is the use of penetration testing mandatory in securing any IT system?

A

Yes it is a mandatory process

B

Performing tests is not mandatory but helps identify threats and vulnerabilities in the system that need to be identified and secured

C

Performing penetration tests is sufficient to secure the system and always mandatory

D

Penetration tests are not required and are performed in very exceptional cases

108 34

A company's IT team noticed an unusual increase in traffic on their network. The following are some data and observations about the network traffic: • Traffic Growth: Over the last 24 hours, there has been a 400% increase in data traffic on the company network compared to normal. • Source IP Addresses: Most of the traffic comes from IP addresses located overseas. • Destination Server: Most of the traffic is directed to the company's web server. • Hourly Distribution: Traffic growth is increasing, especially outside of business hours. • Protocols: Most of the traffic uses HTTP and HTTPS protocols. Which of the following probabilities best describes this situation?

A

The company's website was reviewed on a popular blog, resulting in a sudden increase in visitor traffic.

B

The company's web server has launched a new service for overseas users.

C

The company's web server was subjected to a DDoS attack.

D

The company's employees have started working overtime outside of working hours.

37 35

What is it called when a machine learning model learns patterns in the training data very well, but loses the ability to generalise to new, unseen data?

A

Underfitting

B

Overfitting

C

Bias (Bias)

D

Variance

17 36

A network administrator wants to monitor all traffic on a network using Wireshark. However, it only wants to inspect packets that have the IP address of the destination computer

A

eth.src == 17.17.20.20

B

ip.dst == 17.17.20.20

C

tcp.port == 17.17.20.20

D

arp.src.proto_ipv4 == 17.17.20.20

57 37

What is a commonly used method in brute force attacks to compromise passwords?

A

Sending phishing emails to users

B

Using a list of commonly used passwords to guess login credentials

C

Automatically generate and try every possible password combination

D

Interception of passwords via unsecured network connections

25 38

The organization manages clients' financial data. Due to the increase in cyberattacks aimed at intercepting sensitive data transmitted over the network, it is necessary to implement an appropriate approach to enhance the security of transmitted data. Which of the following solutions would significantly increase the level of security?

A

Symmetric encryption with a dynamically changing key every hour. Encryption keys were additionally exchanged and secured using asymmetric encryption.

B

Using text steganography.

C

Using a firewall to filter network traffic.

D

Implementation of symmetric encryption to encrypt all transmitted data.

AICY Project Self-Assesment Sign Up

Gender

AICY Project
Self-Assesment Sign Up