Rewritten RCCE Level 2 Exam Guide

Questions for June 2024

Question 1: Which two techniques are characteristic of spear phishing? (Choose two.)

(a) Carrying out attacks on organisations using multiple steps.

(b) Attacking a zero-day vulnerability in the browser.

(c) Monitoring an individual's personally identifiable information.

(d) Tricking individuals into clicking on attached files or embedded links.

Question 2: What are two ways to prevent phishing attacks within an organisation?
(Choose two.)

(a) Use phishing-resistant authentication.

(b) Make it mandatory for employees to use phishing-resistant methods.

(c) Click on embedded images on a webpage.

(d) Open personalised emails sent to employees from a fake address.

Question 3: How can you secure IT infrastructure with ML-enabled cyber tools through
deep analytics?

(a) Use of SCADA network on a modern office network.

(b) Upgrading security technologies to those built with Zero Trust principles and/or ML
augmentation.

(c) Implementing ML tools across the office network.

(d) Identifying all attacks inside and outside the office network.

Question 4: What factors can help Phishing attackers exploit a security breach?
(a) Unencrypted client data on a USB stick is lost outside the office.

(b) Emails are exchanged.

(c) Systems have strong default configurations geared towards better security.

(d) A well-guarded client database is maintained.

Question 5: What is privilege escalation?

(a) Limiting permissions to view or edit files.

(b) Granting equal rights to individuals in multi-user accounts.

(c) Exploiting a bug, design flaw, or hardware vulnerability.

(d) Giving access to system files.

Question 6: Identify two methods attackers use to take advantage of privilege escalation.
(Select two.)

(a) Manipulating access tokens to gain access.

(b) Restricting all levels of access to administration.

(c) Stealing or impersonating tokens to gain access.

(d) Having a well-structured mechanism to control privileges.

Question 7: What is one vulnerability of blockchain?

(a) The use of a Reverse Sheet.

(b) TOR using a chain of proxies.

(c) Endpoint vulnerabilities.

(d) Use of both private and public keys.

Question 8: Identify two cyber weapons used for maintaining safety. (Choose two.)

(a) Great Cannon.

(b) Lemon.

(c) remotedrop.

(d) Dual-use cyber weapons.

Question 9: What factors can affect the effective use of cyber weapons?

(a) An outdated antivirus system.

(b) An increase in IP addresses.

(c) The use of Wireshark and PCAP to capture files.

(d) Software feature misuse.

Question 10: What is one approach to understanding quantum entanglement?

(a) Using multiple encryption layers on the network.

(b) Considering the whole universe as one wave function.

(c) The widespread use of hardware platforms.

(d) Using a single sign-on plugin.

Question 11: Identify two practical uses of Quantum Entanglement. (Choose two.)

(a) Using quantum key distribution (QKD) to design a network.

(b) Using an ultra-precise clock to manage things like the stock market.

(c) Application to a country's defence system.

(d) Malicious replacement of software on the existing operating system.

Question 12: What is one step that can prevent cyber bounty hunting?

(a) Transmitting information in each photon.

(b) Mapping IOC and anomaly-based alerts to match behaviours of interest.

(c) Using the BB84 protocol, also known as the Polarized Photons protocol.

(d) Applying quantum entanglement theory to communicate.

Question 13: Identify two security tools commonly used in bug bounty hunting. (Choose
two.)

(a) IronWASP.

(b) Google Dorks.

(c) .onion.

(d) linkscrapper.

Question 14: Identify a component of a Mobile Banking Platform.

(a) Confidentiality and integrity.

(b) Account information and transactions.

(c) Codes or wireless signals.

(d) Computational speeds and time.

Question 15: What would you consider a threat of an ATM Trojan?

(a) Stealing money from ATMs.

(b) White-hat hackers working together.

(c) Firewalls and IDSs that are misconfigured.

(d) Policy-based definitions failing at the defence layer in organisations.

Question 16: What is the world’s most popular encryption algorithm?

(a) Advanced Encryption Standard.

(b) ARP Poisoning.

(c) FERPA.

(d) GDPR.

Question 17: What is one characteristic about information stored in Qubits?

(a) Measure and benchmark your cyber risks.

(b) Add contextuality.

(c) Entanglement.

(d) Prioritize vulnerabilities.

Question 18: What is the Dark Web?

(a) A phenomenon of quantum mechanics.

(b) A subsection of the deep web that stores and manages important data and information.

(c) Stores information as 0s and 1s.

(d) A cipher mode that encrypts and decrypts data in blocks.

Question 19: What is one solution that stealth tools provide against cybercrime?

(a) Enhances communication systems between networks.

(b) Describes the quantum states of all the objects.

(c) Protects communication data from hackers.

(d) Helps to bypass cybercriminals and search for the target.

Question 20: What is an example of an open-source platform in advanced Artificial

Intelligence?

(a) H2O.AI.

(b) Node.js.

(c) ICMP/TCP Dump Attack.

(d) WPA2.

Question 21: Which of the following is not related to Artificial Intelligence?

(a) Natural Language Processing.

(b) Computer Vision.

(c) Penetration Testing.

(d) Automated Speech Recognition.

Question 22: Identify two service capabilities of Azure Machine Learning. (Choose two.)

(a) Using Deepfake technology.

(b) Managing computation using DevOps.

(c) Deploying tool-agnostic Python.

(d) DNS spoofing.

Question 23: What is one weakness of Azure Security Architecture?

(a) Administrative endpoints exposed to the internet.

(b) Credential stuffing attacks.

(c) Password brute-forcing attacks.

(d) Transmitting information in each photon.

Question 24: What is a deep fake?

(a) A fake photo, video, or story generated by artificial intelligence (AI).

(b) Script content dynamically downloaded from web servers.

(c) A solution against cybercrime.

(d) Data mining technology for a wider range of data processing.

Question 25: Which of the following is a deep neural architecture?

(a) SymantecAV.

(b) Recurrent Neural Networks.

(c) Bag of Words.

(d) Dynamic Hash.

Question 26: What is threat modelling?

(a) A method for finding relevant data related to data mining.

(b) A process that searches for data from all web content.

(c) A process for optimizing network security by identifying and preventing threats.

(d) A network where a user can hide their identity.

Question 27: What is P.A.S.T.A.?

(a) A reliable modelling method that is part of the Microsoft Security Development Lifecycle
(SDL).

(b) A six-step systematic approach to privacy assessment.

(c) A threat modelling process that is a risk-centric, seven-step security management process for
a business.

(d) A set of diagrams that depict attacks on a system in the form of trees.

Question 28: What is a Cognitive-Powered Security Intelligence Platform?

(a) An AI-based application used to detect vulnerabilities and defend physical and digital
systems.

(b) A type of malware that encrypts files on the victim's computer.

(c) A dark web site not directly accessible through normal search engines.

(d) A system through which credentials are held, issued, verified, and presented.

Question 29: Identify two capabilities leveraged in the identification of threats using
advanced analytics. (Choose two.)

(a) Sharing intelligence across services.

(b) Hiding traces of intrusion by deleting log files.

(c) Triggering contextual reactions using collective knowledge.

(d) Formatting the whole hard drive of the computer.

Question 30: What is cryptojacking?

(a) A form of cyber-attack where a hacker mines cryptocurrency.

(b) A method for identifying the local importance of a word by its occurrence in a document.

(c) A model where the final dense layer predicts the output probabilities of the stances.
(d) Regular scanning for vulnerability checks using anti-virus software.

Question 31: How can you protect yourself from Cryptojacking?

(a) DNS level identification can determine if your environment has a crypto-mining problem.

(b) Performing regular security risk assessments helps to resolve denial of service-related
vulnerabilities.

(c) A contextual analysis determines the acting force and frequency of the threat actor.

(d) Discovering and uncovering assets on the network.

Question 32: Which of these is a supervised approach in machine learning?

(a) Self-training is used to increase the amount of labelled data for training.

(b) Labelled data are used to train the machine learning models.

(c) A previously learned supervised approach is used to further label the unlabelled commit data.

(d) Identifying open-source software containing vulnerabilities.

Question 33: Choose any two options which characterise program code features in a K-fold
stacking model. (Choose two.)

(a) Lines added to the code.

(b) Lines deleted from the code.

(c) The committer’s ID.

(d) Changed file paths.

Question 34: On a PVR threshold, when is an item considered to be vulnerability-related?

(a) Given a threshold τ, if the PVR is strictly less than τ.

(b) Using natural language features.

(c) Given a threshold τ, if the PVR is strictly greater than τ.

(d) Performing experiments in identifying vulnerability-related commits.

Question 35: What is an implantable medical device?

(a) A device that touches the body.

(b) A device that is inserted into the body.

(c) A device that the user simply needs to look at.

(d) A computer where medical data can be analysed.

Question 36: What is situational crime prevention?

(a) A theory for simulating crimes and ensuring that strategies are in place to prevent them.

(b) Using IoT to keep tabs on the specific categories of crime that go unprevented and
unchecked.

(c) Using the interconnectivity of IoT devices to prevent crimes.

(d) A theory for organising the dimensions and indices used in the analysis of security
vulnerabilities and risks of victimization from cybercrime in public access internet facilities.

Question 37: What is the difference between FMR and FNMR?

(a) FNMR is the percentage of non-mate pairs whose matching scores are greater than or equal
to t, while FMR is the percentage of mate pairs whose matching scores are less than t.

(b) FMR is the percentage of non-mate pairs whose matching scores are greater than or equal to
t, and FNMR is the percentage of mate pairs whose matching scores are less than t.

(c) FMR is the false match ratio, while FNMR is the false non-match ratio.

(d) FMR has a given threshold, while FNMR has no given threshold.
Question 38: What is Principal Component Analysis (PCA)?

(a) This tracks a subject’s face.

(b) This tracks a subject’s fingerprints.

(c) This tracks a subject’s head.

(d) This tracks a subject’s retina.

Question 39: Choose the two main technologies used for facial recognition. (Choose two.)

(a) Adaptive optics.

(b) Face metric.

(c) Eigenface.

(d) Feature extractor.

Question 40: Which of the following are levels of threat intelligence? (Choose any two.)

(a) Theoretical.

(b) Tactical.

(c) Strategic.

(d) Environmental.

Question 41: Which of the following are components of the intelligence cycle? (Choose any
two.)

(a) Reporting.

(b) Incident response.

(c) Dissemination.
(d) Collection.

Question 42: What are two key players in strategic threat analysis? (Choose any two.)

(a) Vectors.

(b) Residual risk.

(c) Information feeds.

(d) Actors.

Question 43: Choose any two differences between traditional and cyber warfare. (Choose
any two.)

(a) Traditional war causes death and damage to land, but cyber war is usually restricted to
causing damage to a vast number of digital devices.

(b) Traditional war did not use weapons, while cyber war uses cyber technology.

(c) Traditional war is confined geographically, but cyber war is not.

(d) Traditional warfare would be led by civilians, and in cyber warfare the main actors would be
state and non-state actors.

Question 44: Choose any two types of artificial intelligence. (Choose any two.)

(a) Artificial sensory intelligence.

(b) Artificial super intelligence.

(c) Reactive memory.

(d) Reactive machines.

Question 45: What is the theory of mind?

(a) Robots simulate and anticipate human needs and emotions.

(b) Animals interpret human actions.

(c) Humans simulate robotic actions.

(d) Robots anticipate actions by other robots.

Question 46: Which of these is performed by offensive AI? (Choose any three.)

(a) Slower and less effective attacks.

(b) Faster and more effective attacks.

(c) Impersonation of trusted users.

(d) Blending with the background to avoid detection.

Question 47: Which of these characterises strong AI?

(a) Strong AI equips systems with the ability to learn from experience.

(b) Strong AI focuses on image recognition.

(c) It accesses marked training data.

(d) It can perform intellectual tasks like a human being.

Question 48: What is the full form of V2X technology?

(a) Vehicle-to-everything.

(b) Vehicle-to-driver.

(c) Vehicle-to-manufacturer.

(d) Vehicle-to-owner.

Question 49: Mention any three benefits of connected cars. (Choose three.)
(a) Navigation.

(b) Privacy.

(c) Safety.

(d) Entertainment. (e) Faster driving.

Question 50: Choose the correct sequence of Modbus itemisation.

(a) Address, error check, data, function code.

(b) Address, function code, error check, data.

(c) Data, address, function code, error check.

(d) Error check, data, function code, address.

Question 51: What are the seven domains of the NIST Smart Grid Conceptual Model?

(a) Bulk generation, transmission, distribution, customer, market, operations, and service
provider.

(b) Bulk generation, innovation, distribution, customer, market, operations, and service provider.

(c) Bulk generation, transmission, distribution, customer, intelligence gathering, operations, and
service provider.

(d) Bulk generation, transmission, distribution, customer, market, risk management, and service
provider.

Question 52: What is the first step in power grid penetration?

(a) Coordinated attack.

(b) Network breach.

(c) Operational access.

(d) Power generation.

Question 53: Choose any three security features of iOS applications. (Choose three.)

(a) Secure boot chain.

(b) Process level sandboxing.

(c) Interruption testing.

(d) Field testing. (e) Data-at-rest encryption.

Question 54: What is Secure Transport API?

(a) Secure Transport API allows access to Apple's implementation of SSLv3, TLS versions 1.0
through 1.2, and DTLS 1.0.

(b) Secure Transport API impedes access to Apple's implementation of SSLv3, TLS versions 1.0
through 1.2, and DTLS 1.0.

(c) It ensures SSL-TLS handshake in iOS platforms.

(d) It imposes transport layer dependence.

Question 55: What are the two types of home automation using Arduino? (Choose two.)

(a) Arduino Star.

(b) Arduino Mega.

(c) Arduino Uno.

(d) Arduino Plus.

Question 56: The Mirai attack is said to be blocked by rebooting the system. What do
experts say?

(a) Experts agree with the idea of rebooting the system.

(b) Experts declare that rebooting might increase the aggression of the attack.
(c) Experts declare that rebooting does not exterminate Mirai, only postponing the attacks for a
while.

(d) They feel that rebooting could cause the attack to rebound on the attacker.

Question 57: What are bricker bots?

(a) They help IoT devices to connect to the internet.

(b) They prevent IoT devices from connecting to the internet.

(c) They cause DDoS attacks.

(d) They can send ransomware.

Question 58: Which of these is not an important tenet of TensorFlow?

(a) Greatly scalable feature of computation with different data sets.

(b) Uses GPU computing.

(c) Does not resort to machine learning procedures.

(d) Optimisation of the same memory and the data used.

Question 59: Choose any two options into which Supervised Learning can be classified?
(Choose two.)

(a) Clustering.

(b) Regression.

(c) Classification.

(d) Layered components.

Question 60: What is a vector?

(a) An arrangement of numbers, which is either constant or more discrete.

(b) A sequence of images that act as an algorithm.

(c) Random images and special characters used for machine learning algorithms.

(d) A series of commands to improve output.

Question 61: What is a scalar?

(a) It can be regarded as a multi-dimensional vector.

(b) It can be considered a one-dimensional vector.

(c) It only addresses direction, not magnitude.

(d) Models of scalar include only height parameters of children.

Question 62: What is a matrix?

(a) One-dimensional arrays organized in the format of rows and columns.

(b) A sequence of constant or discrete numbers.

(c) A series of vectors.

(d) Multi-dimensional arrays organized in the format of rows and columns.

Question 63: Which of these is not a step to build a deep learning model?

(a) Loading the information.

(b) Assembling the model.

(c) Preprocessing the primed data.

(d) Creating a repository of data.

Question 64: Which of these is not a step to overcome cyber threats?

(a) Find out if your computer has some dubious activity.

(b) Fix the problem and try to recover the system.

(c) Unplug the internet cable and shut down the infected machine immediately.

(d) Take some time to consider the next step once you suspect dubious activity.

Question 65: What are the benefits of a CRT device? (Choose any two.)

(a) Decreases paradoxical septal motion.

(b) Correct contraction pattern.

(c) Blocking the left ventricular ejection fraction.

(d) Minimization of haemodynamic display.

Question 66: What is the correct OCTAVE Allegro methodology?

(a) Establish Drivers Phase, Profile Assets Phase, Identify Threats Phase, Risk Mitigation Phase.

(b) Identify Threats Phase, Establish Drivers Phase, Profile Assets Phase, Risk Mitigation Phase.

(c) Profile Assets Phase, Identify Threats Phase, Establish Drivers Phase, Risk Mitigation Phase.

(d) Risk Mitigation Phase, Establish Drivers Phase, Profile Assets Phase, Identify Threats Phase.

Question 67: Which are the functions that are considered for automation by security
analytics? (Choose two.)

(a) Incident responder.

(b) Data link session.

(c) Compliance and policy.

(d) Information gathering.

Question 68: Which of these is a common machine learning technique?

(a) Natural language learning.

(b) Reinforcement learning.

(c) Rote learning.

(d) Aural learning.

Question 69: What are the inputs to be collected for dynamic input modelling? (Choose
two.)

(a) IP meta data.

(b) Config changes.

(c) Static address key.

(d) TCP packet.

Question 70: What are the aptitudes required for risk hunting in cybersecurity? (Choose
two.)

(a) Data linking.

(b) Programming.

(c) Infiltration testing.

(d) Information gathering.

Question 71: Identify the correct definition of ‘group examination’ applied in AI systems.

(a) A system of testing interconnected servers that use geographical proximity as the main
criteria for distributing cached web content and web pages to users.

(b) A protocol designed for better security and improved page load times.
(c) A backpropagation technique employed in AI systems that helps to circulate the derivatives
backward from an output.

(d) A type of solo AI that propels AI search systems to make connections in huge swaths of
information.

Question 72: A factual procedure which comprises isolating groups of similar data points
dependent on specific qualities out of a larger arrangement of data, is called?

(a) Bunching.

(b) Stack counting.

(c) Threat intelligence gathering.

(d) Proxy load monitoring.

Question 73: What is the role of Indicators of Compromise (IoCs) in the risk hunting
process?

(a) To mitigate the delay in lowering the threat response time.

(b) To demonstrate/invalidate a risk in the host system or network.

(c) To send ICMP packets to a target server.

(d) To locate DNS servers and their corresponding risk records for an organization.

Question 74: How is Risk defined in an equation?

(a) Risk = event occurrence x threat.

(b) Risk = data non-availability x threat x action not taken.

(c) Risk = threat x vulnerability x consequence.

(d) Risk = information gathering x action not taken.

Question 75: What is referred to when an examination of existing security capabilities,
structural components, and countermeasures, is conducted?

(a) Vulnerability analysis.

(b) Threat intelligence analysis.

(c) Risk assessment.

(d) Data protocol analysis.

Question 76: Which are the vulnerability tools that are frequently used?

(a) Decision trees.

(b) Direct Expert Elicitation.

(c) Indicators of Compromise.

(d) Vulnerability analysis.

Question 77: How does password-based user authentication create security challenges?
(Choose two.)

(a) By connection to local area networks.

(b) By sophisticated password-guessing tools.

(c) By incomplete or insufficient threat analysis.

(d) By direct server attacks on the central user-store.

Question 78: Which are the international standards applicable to address authentication?
(Choose two.)

(a) PKI – Public key infrastructure.

(b) ITU-T (SG17) – International Telecommunications Union.

(c) RS-485 specifications for electronics and telecommunications standards.

(d) IEEE 802 standard for data linking.

Question 79: What is FIDO (Fast Identity Online) known for?

(a) Standards-based interoperable authentication.

(b) Vulnerability and threat analysis.

(c) Bluetooth and Wi-Fi coexistence authentication mechanism.

(d) Authentication of physical layer specifications of technologies from Ethernet to wireless.

Question 80: Which are the system receptions that are granted passage by PowerShell?
(Choose two.)

(a) Fast Identity Online (FIDO).

(b) Public key infrastructure (PKI).

(c) Windows Management Instrumentation (WMI).

(d) Component Object Model (COM) objects.

Question 81: Which are the security technologies developed as a result of Generation 2
attacks? (Choose two.)

(a) Packet filtering firewall.

(b) Open-source Firewall Toolkit.

(c) Stateful inspection firewall.

(d) Proxy server firewall toolkit.

Question 82: Identify the advancements of the 5th-generation security apparatus. (Choose
two.)
(a) Consolidates advanced threat prevention solutions that share threat intelligence in real-time
with integrated architecture.

(b) Halts disruption and anti-virus products.

(c) Works in cohesion with intrusion detection systems (IDS).

(d) Prevent attacks on virtual instances and cloud deployments.

Question 83: Name any two 5th-generation attacks. (Choose two.)

(a) WannaCry.

(b) NotPetya.

(c) Man-in-the-middle (MitM).

(d) Phishing.

Question 84: What are the objectives of driving digital payments? (Choose two.)

(a) Promote transparency and accountability.

(b) Boost rural economy.

(c) Ease world trade frictions.

(d) Reduce additional currency printing.

Question 85: How does the Unified Payment Interface (UPI) work?

(a) Authenticates e-wallets and internet banking apps.

(b) Works with mobile banking apps.

(c) Authenticates the identity of the user.

(d) Works in tandem with PoS and ATM units.

Question 86: Identify the type of attack: Planting crimeware onto PCs to steal credentials
directly, often using systems to intercept consumers' online account usernames and
passwords.

(a) Cyber espionage.

(b) Phishing.

(c) Ransomware.

(d) DDoS.

Question 87: Which are the features of a graphical user interface? (Choose two.)

(a) Has a rich client platform.

(b) Is compatible with firewalls.

(c) Is integrated with MS Office.

(d) Uses a standard widget toolkit.

Question 88: How is NeSSi useful in large-scale networks?

(a) Promotes transparency and accountability.

(b) Allows distributed simulation in a parallel-execution model.

(c) Parses required session parameters.

(d) Gathers required resources for networking.

Question 89: What is the responsibility of the subnet agent?

(a) Manage an individual subnet.

(b) Distribute tasks in a simulation environment.

(c) Ensure communication between subnets.

(d) Connect a subnet with a central server.

Question 90: What is the function of the platform coordination agent?

(a) Receive events from NCA and relay them to SA.

(b) Handle clusters of SAs.

(c) Interconnect subnets.

(d) Compute available resources.

Question 91: Which is the method employed by cybercriminals to target servers and
domains, making digital services unavailable for users?

(a) WannaCry.

(b) Distributed denial of service (DDoS).

(c) Phishing.

(d) Trojan virus attack.

Question 92: How does a DDoS attack work?

(a) An attacker hacks into the email server of the targeted users.

(b) An attacker generates false domains and usernames identical to registered users.

(c) An attacker creates multiple login credentials and connects with the botnets.

(d) An attacker creates a control and command server network of bots.

Question 93: Identify two symptoms of DDoS attacks. (Choose two.)

(a) Unavailability of websites.

(b) A drastic increase in the number of spam emails.

(c) A reduction in the number of registered users.

(d) A sudden increase in network speed.

Question 94: What is a Challenge Collapsar (CC) attack?

(a) An assault where standard HTTP requests are sent to a focused web server, in which the
URIs require tedious calculations to deplete the resources of the specific web server.

(b) An assault on user credentials, rendering servers unavailable or showing them as overloaded
even when idle.

(c) An assault where there is a huge number of unregistered/false users and a consequential
reduction in network speed.

(d) An assault where users are flooded with suspicious emails and spam emails.

Question 95: What are the objectives of endpoint security management? (Choose two.)

(a) Promote transparency and accountability among networks.

(b) Ensure that network security administration is policy-based.

(c) Grant access to network resources based on endpoint device compliance.

(d) Identify the existence of any hidden endpoints.

Question 96: What are the salient features of endpoint security? (Choose two.)

(a) Pre-set policies.

(b) ID-based access to a security management dashboard.

(c) A customizable dashboard for security management.

(d) A single comprehensive console for security management.

Question 97: What is the main criterion for upgrading endpoint security clients?
(a) An initial client must be installed first, followed by the software blade package.

(b) The initial client and software blade package must be installed simultaneously.

(c) The full Disk Encryption Software Blade must be removed before any upgrade or installation.

(d) The software and configuration settings must remain unchanged.

Question 98: Which are the features of a graphical user interface? (Choose two.)

(a) Has a rich client platform.

(b) Is compatible with firewalls.

(c) Is integrated with MS Office.

(d) Uses a standard widget toolkit.

Question 99: How is NeSSi useful in large-scale networks?

(a) Promotes transparency and accountability.

(b) Allows distributed simulation in a parallel-execution model.

(c) Parses required session parameters.

(d) Gathers required resources for networking.

Question 100: What is the responsibility of the subnet agent?

(a) Manage an individual subnet.

(b) Distribute tasks in a simulation environment.

(c) Ensure communication between subnets.

(d) Connect a subnet with a central server.

Question 101: What is the function of the platform coordination agent?

(a) Receive events from NCA and relay to SA.

(b) Handle clusters of SAs.

(c) Interconnect subnets.

(d) Compute available resources.