AI-based Cybersecurity Training

58 1

Een bedrijf maakt zich zorgen over mogelijke brute force-aanvallen op zijn interne netwerk. Op basis van wat u weet over wachtwoordbeveiliging, welke van de volgende acties zou het bedrijf het beste beschermen tegen dit soort aanvallen?

A

Medewerkers toestaan complexe wachtwoorden te gebruiken die minimaal 8 tekens lang zijn

B

Het aantal mislukte inlogpogingen beperken voordat het account voor een bepaalde periode wordt vergrendeld

C

Werknemers verplichten om hun wachtwoord elke 6 maanden te wijzigen, ongeacht de lengte of complexiteit

D

Implementatie van enkelvoudige authenticatie om de complexiteit van wachtwoordbeheer te verminderen

29 2

An organization has noticed an increase in failed login attempts on multiple user accounts over a short period. After analyzing the network traffic, the security team identifies a pattern where numerous login attempts are made from the same IP address, using different combinations of usernames and passwords. Which of the following would be the most appropriate strategy to mitigate this threat?

A

Increase the complexity of all user passwords to include special characters and numbers

B

Implement multi-factor authentication (MFA) for all user accounts

C

Disable the IP address making the requests and reset the passwords for affected accounts

D

Increase the password expiration policy to force users to change passwords more frequently

11 3

Which of the following test is not a penetration test ?

A

White Box Test

B

Grey Box Test

C

Functional test

D

Black Box Test

15 4

At a certain technology company, executives want to test what is the vulnerability of the system to attacks launched from an external computer network? Having developed a test scenario, she wants these tests to be carried out periodically without much involvement of the technical staff, and without time-consuming analysis of the technical documentation of the information system supporting the company's operations. Which type of penetration test will be most suitable for this company?

A

White Box Test

B

Grey Box Test

C

Functional test

D

Black Box Test

38 5

Een AI-aangedreven systeem in een ziekenhuis kan ziekten diagnosticeren en klinische beslissingen nemen door het hartritme, de bloedwaarden en de resultaten van laboratoriumtests van patiënten te analyseren. In dit geval, welke van de deelgebieden van kunstmatige intelligentie die in de bovenstaande opmerkingen zijn opgenomen, wordt beschouwd als het belangrijkste onderdeel van dit systeem?

A

Natural Language Processing

B

Expert Systems

C

Computer Vision

D

Fuzzy Logic

12 6

Which of the following sentences is true for Black Box Tests?

A

Includes testing a system or application with complete insight into its internal structure and functionality.

B

Can be somewhat influenced by prior knowledge, but less so compared to white box testing.

C

It offers a broader assessment, evaluating the application or system from the viewpoint of an external attacker without any assumptions or internal knowledge.

D

None

6 7

Which of the following scenarios best exemplifies the application of supervised learning?

A

A recommendation system suggesting products based on a user's past purchases.

B

A clustering algorithm grouping similar images together.

C

A reinforcement learning agent learning to play a game through trial and error.

D

A chatbot understanding and responding to natural language queries.

23 8

The purpose of encryption is to ensure data confidentiality. This is especially important in the case of confidential correspondence. Can asymmetric encryption be used to send emails?

A

Yes

B

No

8 9

An AI-powered system in a hospital can diagnose disease and make clinical decisions by analyzing patients' heart rhythms, blood values, and laboratory test results. In this case, which of the subfields of artificial intelligence included in the notes above is considered the most important component of this system?

A

Natural Language Processing

B

Expert Systems

C

Computer Vision

D

Fuzzy Logic

170 10

Czy stosowanie testów penetracyjnych jest obowiązkowe w przypadku zabezpieczania systemu informatycznego?

A

Tak, jest to proces obowiązkowy

B

Wykonywanie testów nie jest obowiązkowe, ale pomaga zidentyfikować zagrożenia i podatności systemu, które powinny zostać zidentyfikowane i zabezpieczone

C

Wykonanie testów penetracyjnych jest wystarczające do zabezpieczenia systemu i zawsze obowiązkowe

D

Testy penetracyjne nie są wymagane i są wykonywane w bardzo wyjątkowych przypadkach

37 11

Hoe heet het als een machine learning-model patronen in de trainingsgegevens heel goed leert, maar het vermogen verliest om te generaliseren naar nieuwe, ongeziene gegevens?

A

Underfitting

B

Overfitting

C

Bias (Bias)

D

Variance

22 12

What types of steganography you can indicate?

A

Text and image steganography

B

Watermarking

C

Audi codecs

D

Cryptography

17 13

A network administrator wants to monitor all traffic on a network using Wireshark. However, it only wants to inspect packets that have the IP address of the destination computer

A

eth.src == 17.17.20.20

B

ip.dst == 17.17.20.20

C

tcp.port == 17.17.20.20

D

arp.src.proto_ipv4 == 17.17.20.20

10 14

In an e-commerce company, you want to develop a machine learning model to make predictions about whether customers will buy a product or not. In addition to product features, you have various data such as demographic information of customers, past shopping behaviors and interactions on the website. Which of the following algorithms might be best suited for this scenario?

A

Linear Regression

B

KNN

C

Random Forests

D

None of the above

3 15

Which of the following principles of Information Security ensures that information is accessible only to those authorized?

A

Confidentiality

B

Availability

C

Integrity

D

Authentication

35 16

Wat is de primaire rol van een Information Security Specialist in een organisatie?

A

Implementeer technische oplossingen zoals firewalls en encryptie.

B

Beheer de financiële middelen van de organisatie.

C

Zorgen voor fysieke beveiliging van de gebouwen van het bedrijf.

D

Geen van de bovenstaande

21 17

What is symmetric encryption?

A

A type of encryption where the same key is used for both encryption and decryption.

B

A type of encryption where different keys are used for encryption and decryption.

C

An encryption technique that involves public and private keys.

D

An encryption method that uses multiple keys for encrypting different parts of the data.

14 18

Which of the following set of IT tools should you use to test your IT system against FTP server attacks ?

A

Computer with network cards, Linux operating system and Metasploit Framework software

B

Hardware traffic generator with Multiping software

C

VirtualBox software with dedicated toolboxes

D

Wireshark and Burp Suite software

13 19

Is the use of penetration testing mandatory in securing any IT system?

A

Yes it is a mandatory process

B

Performing tests is not mandatory but helps identify threats and vulnerabilities in the system that need to be identified and secured

C

Performing penetration tests is sufficient to secure the system and always mandatory

D

Penetration tests are not required and are performed in very exceptional cases

2 20

Which of the following statements defines the type of black hat attack?

A

Their intent is malicious.

B

They do break into security systems for harmful purposes.

C

Also known as cybercriminals or crackers.

D

Motivations do include financial gain.

4 21

The Information Security Policy is ?

A

Regularly monitoring and reviewing the effectiveness of the ISMS.

B

Defining organisational boundaries and the specific information assets to be protected.

C

Develop and maintain a formal information security policy.

D

All of the above

49 22

Een aanvaller die een ARP-vergiftigingsaanval op een netwerk uitvoert, werkt zowel de ARP- tabel van de doelcomputer bij als voert een man-in-the-middle-aanval uit. Welke van de volgende situaties gebeurt als gevolg van deze aanval?

A

Door onjuiste IP-MAC-toewijzingen in de ARP-tabel van de doelcomputer in te voegen, kan een aanvaller al het verkeer naar zijn of haar computer omleiden, waardoor hij pakketten kan lezen of wijzigen die door de doelcomputer zijn verzonden. Tegelijkertijd kan het de communicatie tussen de twee apparaten onderbreken en een valse communicatie creëren.

B

De aanvaller werkt de ARP-tabel van de doelcomputer bij en al het verkeer op het netwerk van de doelcomputer wordt naar de juiste adressen geleid. Er is geen man-in-the-middle-aanval

C

De aanvaller laat valse informatie achter in de ARP-tabel, maar beïnvloedt niet alleen het verkeer van de doelcomputer, maar ook het verkeer van andere apparaten op het netwerk.

D

De aanvaller stuurt alleen de pakketten van de doelcomputer door en wijzigt de ARP-tabel niet. Het doet geen man-in-the-middle-aanval.

7 23

What is it called when a machine learning model learns patterns in the training data very well but loses the ability to generalize to new, unseen data?

A

Underfitting

B

Overfitting

C

Bias (Bias)

D

Variance

108 24

Il team IT di un'azienda ha notato un aumento insolito del traffico sulla loro rete. I seguenti sono alcuni dati e osservazioni sul traffico di rete: • Crescita del Traffico: Nelle ultime 24 ore è stato osservato un aumento del 400% del traffico dati sulla rete aziendale rispetto alla norma. • Indirizzi IP di origine: La maggior parte del traffico proviene da indirizzi IP provenienti dall'estero. • Server di destinazione: La maggior parte del traffico è indirizzato al server web aziendale. • Distribuzione Oraria: La crescita del traffico è in aumento, soprattutto al di fuori dell'orario lavorativo. • Protocolli: La maggior parte del traffico utilizza i protocolli HTTP e HTTPS. Quale delle seguenti probabilità descrive meglio questa situazione?

A

Il sito web dell'azienda è stato recensito su un blog popolare, con un aumento improvviso del traffico dei visitatori.

B

Il server web dell'azienda ha lanciato un nuovo servizio per utenti esteri.

C

Il server web dell'azienda è stato sottoposto a un attacco DDoS.

D

I dipendenti dell'azienda hanno iniziato a lavorare straordinari al di fuori dell'orario lavorativo.

9 25

Which of the following situations is suitable for the use of the K-Means Clustering algorithm?

A

To identify areas with high crime density by analyzing the crime rate in a particular region.

B

Classifying applications as high-risk and low-risk to approve or deny a bank's loan applications.

C

To determine whether there is a linear relationship between the independent variables and the dependent variable in a data set.

D

Predicting which courses a college student should take in the next semester.

26 26

Which of the following is the primary objective of password security?

A

To increase the speed of the internet connection

B

To protect personal and organizational data from unauthorized access

C

To simplify user authentication

D

To reduce the complexity of login procedures

16 27

What is Sniffing?

A

An encryption method used to analyze data packets.

B

A technique used to listen to and analyze network traffic.

C

A type of attack used to bypass firewalls.

D

A method used to physically take over network devices.

30 28

A company wants to develop a comprehensive security plan to defend against a variety of cyber threats, including password attacks, phishing attempts, and man-in-the-middle (MitM) attacks. Which combination of the following strategies would provide the most effective defense across these different threat types?

A

Implement multi-factor authentication (MFA), educate employees on recognizing phishing emails, and use encrypted communication channels

B

Require password changes every 90 days, implement firewalls, and install antivirus software

C

Encourage the use of password managers, limit employee access to sensitive data, and enforce strict password complexity rules

D

Deploy intrusion detection systems (IDS), require the use of strong passwords, and restrict access to corporate resources from public networks

57 29

Wat is een veelgebruikte methode bij brute force-aanvallen om wachtwoorden te compromitteren?

A

Phishing e-mails versturen naar gebruikers

B

Een lijst met veelgebruikte wachtwoorden gebruiken om inloggegevens te raden

C

Automatisch genereren en uitproberen van elke mogelijke wachtwoordcombinatie

D

Onderscheppen van wachtwoorden via onbeveiligde netwerkverbindingen

27 30

What is a common method used in brute force attacks to compromise passwords?

A

Sending phishing emails to users

B

Using a list of common passwords to guess credentials

C

Automatically generating and trying every possible password combination

D

Intercepting passwords through unsecured network connections

5 31

What is the primary role of an Information Security Specialist in an organization?

A

Implement technical solutions such as firewalls and encryption.

B

Manage the organization's financial resources.

C

Ensure physical security of the company's buildings.

D

None of the above

18 32

A company's IT team noticed an unusual increase in traffic on their network. The following are some data and observations on network traffic: Traffic Growth: In the last 24 hours, 400% more data traffic was observed on the company's network than usual. Source IP Addresses: Most of the traffic originates from IP addresses coming from abroad. Destination Servers: Most of the traffic is routed to the company's web server. Hourly Distribution: Traffic growth is intensifying, especially outside of working hours. Protocols: The majority of traffic uses HTTP and HTTPS protocols. Which of the following probabilities best describes this situation?

A

The company's website was featured on a popular blog, and there was a sudden increase in visitor traffic.

B

The company's web server has launched a new service for users abroad.

C

The company's web server has been subjected to a DDoS attack.

D

The employees of the company started to work overtime outside of working hours

20 33

You are dealing with a network issue where a server is experiencing slow response times. You suspect it might be due to excessive traffic on a particular port. Which tcpdump command would be most helpful in confirming this?

A

tcpdump -n dst

B

tcpdump to e

C

tcpdump -v icmp

D

tcpdump -w

19 34

An attacker who performs an ARP poisoning attack on a network both updates the ARP table of the target computer and performs a man-in-the-middle attack. Which of the following occurs as a result of this attack?

A

By inserting incorrect IP-MAC mappings into the target computer's ARP table, an attacker can redirect all traffic to his or her computer, allowing him to read or modify packets sent by the target computer. At the same time, it can interrupt communication between the two devices and create a false communication.

B

The attacker updates the target computer's ARP table, and all traffic on the target computer's network is routed to the correct addresses. There is no man-in-the-middle attack.

C

The attacker leaves false information in the ARP table, but affects not only the traffic of the target computer, but also the traffic of other devices on the network.

D

The attacker only forwards the packets of the target computer and does not modify the ARP table. It doesn't do a man-in-the-middle attack.

25 35

The organization manages clients' financial data. Due to the increase in cyberattacks aimed at intercepting sensitive data transmitted over the network, it is necessary to implement an appropriate approach to enhance the security of transmitted data. Which of the following solutions would significantly increase the level of security?

A

Symmetric encryption with a dynamically changing key every hour. Encryption keys were additionally exchanged and secured using asymmetric encryption.

B

Using text steganography.

C

Using a firewall to filter network traffic.

D

Implementation of symmetric encryption to encrypt all transmitted data.

28 36

A company is concerned about potential brute force attacks on its internal network. Based on what you know about password security, which of the following actions would best protect the company from this type of attack?

A

Allowing employees to use complex passwords that are a minimum of 8 characters long

B

Limiting the number of failed login attempts before locking the account for a specific period

C

Requiring employees to change their passwords every 6 months, regardless of length or complexity

D

Implementing single-factor authentication to reduce password management complexity

24 37

Which of the following scenarios best illustrates a case where symmetric encryption might be more appropriate than asymmetric encryption?

A

Signing documents to ensure their authenticity

B

Secure communication between a server and a web browser

C

Sending encrypted emails to multiple recipients

D

Encrypting large amounts of data stored on an external drive

1 38

In the realm of cybersecurity, hacking refers to the misuse of devices (such as computers, smartphones, tablets) and networks to?

A

Damage or corrupt systems.

B

Gather information on users.

C

Give away data and documents.

D

Carry out data-related activities.

AICY Project Self-Assesment Sign Up

Gender

AICY Project
Self-Assesment Sign Up