Knowledge Tests

What is assessed?

The following subjects will be covered and assessed:

• Attacks and Threats: Attacks that can be carried out against computer networks. Everything is covered, including malware and phishing attacks.
• Risk Management: The process of reducing the probability and consequences of unacceptable events.
• Security Tools: Software that helps protect a computer or network from unauthorized access or attack.
• Cyber Operations: Teams and procedures responsible for defending organizations and responding to incidents.
• Network Security: The process of securing a computer network from unauthorized access and use.

Exam Format and Delivery

This is a multiple-choice-question examination (MCQ). You take the exam in your browser using MCSI's Online Learning Platform. To pass, you must obtain a 90 percent pass rate.

Designed for beginners

This exam is for persons who have one or two years of work experience or a bachelor's degree in information security. It is also applicable to self-taught individuals.

The benefits of MCQ exams

It's been scientifically proven that taking an MCQ test improves the retention of the information being tested. Furthermore, taking a test has been shown to improve the retention of non-tested information if it is related to the tested material in a specific way.

All of our students are encouraged to take our Knowledge Tests to reinforce existing cybersecurity knowledge or learn knowledge that will help them advance in their jobs.

Certificate of Completion

If you pass this exam, you will earn a Certificate of Completion. This certificate can be added to your LinkedIn page as well as your resume.

Unlimited Attempts

Don't be concerned about failure. The main goal is to study and then concentrate on practical skills. These are the most crucial ones. As a result, using our Knowledge Tests, you can retake the exam as many times as necessary till you pass. The questions are designed to be challenging, and passing them is a rewarding experience. We also hope that allowing you to fail without repercussions will motivate you to try harder and not look for methods to cheat.

No exam renewal

This is not a phoney certification. We're not attempting to persuade you to renew it every few years, pay for an ongoing subscription, or purchase other products in order to maintain your CPEs. You pay once, pass your exam, and that's all with us. Your certificate is good for the rest of your life. Then, we recommend that you concentrate on more advanced, practical certificates. In this field, practical skills are the most vital.

MCSI is a well-known and respected name in the field of cyber security education and training. Obtaining your MCSI certification will demonstrate your understanding of cyber security principles, technologies, and procedures, which will assist you in defending companies and individuals against threats.

• Demonstrate your knowledge of cyber-attacks and threats

  Every year, cyber-attacks and threats become more widespread and complex. Individuals, corporations, and governments must be aware of these dangers and take actions to protect themselves now more than ever. Cyber-attacks can result in financial loss, data loss, and even death.

  Malware

  Computer malware is a type of software that is created with the intent of harming or disabling computers. Viruses, ransomware, and spyware are examples of malware that can be installed mistakenly or maliciously. Malware has the ability to corrupt files, slow down computer performance, and steal data. It can also allow hackers to remotely access and control computer systems.

  Phishing

  Phishing is a sort of cyberattack in which an attacker impersonates a trustworthy entity in an electronic conversation in order to get sensitive information such as usernames, passwords, and credit card numbers. Phishing is most commonly done by email, however it can also be done via text messaging and social media platforms.

  Person-in-the-Middle

  A person-in-the-middle (PitM or MitM) attack is a type of computer security attack in which the attacker places themselves between two communicating parties in order to read, manipulate, or disrupt the conversation. This can be done for a variety of purposes, including monetary gain, espionage, or simply to cause mischief. In some circumstances, the attacker may even impersonate one of the communication parties to obtain access to information that they would not otherwise have access to.

  Zero-Day Exploit

  Zero-day exploits are security vulnerabilities that are unknown to the public and the vendor. These vulnerabilities are typically discovered by security researchers and are not fixed until a security patch is released. Because zero-day exploits are unknown, they can be used to attack systems without being detected.

  Denial-of-Service Attack

  A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Attackers can use a number of methods to achieve this, such as flooding the target machine with requests so that it can't respond to legitimate traffic.

  SQL Injection

  A SQL injection vulnerability is a security hole that allows an attacker to inject malicious SQL code into an SQL statement, potentially resulting in the execution of the code by the database. This can allow the attacker to access and manipulate data, steal information, or even take complete control of the database. SQL injection vulnerabilities are a common security vulnerability, and are often exploited by attackers.

  Web Shell

  A web shell is a script that can be uploaded to a web server to provide an attacker with a remote command line interface. This can be used to execute commands on the server and to access the file system. Web shells are often used to upload and run malicious code, or to steal sensitive information. They can also be used to take control of the server and to launch a denial of service attack.

  Malicious Insider

  A malicious insider is an employee who intentionally harms their organization. They may steal or leak confidential information, sabotages systems, or even commit fraud. Malicious insiders can cause a great deal of damage, and are a serious threat to businesses.

  Ransomware

  Ransomware is a type of malware that locks users out of their devices or encrypts their files and demands a ransom payment to unlock them. The ransomware can be delivered through a variety of means, including phishing emails, infected websites, or trojan horses. Once installed, the ransomware will typically display a message informing the user that their device has been locked or their files have been encrypted and demanding a ransom payment to unlock them.

  Data Spill

  A data spill is an inadvertent release of confidential or sensitive information. This can include, but is not limited to, the release of Personally Identifiable Information (PII), Protected Health Information (PHI), or credit card numbers. Data spills can occur in a number of ways, including but not limited to: emailing the wrong person, leaving documents in a public place, or uploading files to the wrong server. The consequences of a data spill can be significant, including fines, loss of customers, and damage to reputation. Data spills should be taken seriously and steps should be taken to prevent them from occurring.

  Identity Theft

  A crime in which someone acquires key pieces of personal information such as name, Social Security number, or credit card number, in order to impersonate another person. Identity theft can be committed in a variety of ways, including stealing mail, hacking into computer systems, or stealing personal information from the victim. The goal of identity theft is usually to gain access to the victim's finances or to obtain government benefits in the victim's name.

  Advanced Persistent Threat

  An Advanced Persistent Threat (APT) is a cyberattack that is carried out over a long period of time and is meant to achieve a specific goal, such as stealing confidential data. APTs are often conducted by state-sponsored actors or criminal organizations and can be very difficult to detect.

• Show that you have an understanding of risk management techniques and strategies

  The process of discovering, assessing, and responding to information security risks is known as risk management. The risk of harm to an organization's information assets is known as information security risk. Risk management is critical for safeguarding an organization's data and ICT assets.

  Risk Management Process

  There are three steps in the risk management process: identification, assessment, and response. Identification is the process of identifying the information assets that need to be protected and the risks that threaten them. Assessment is the process of quantifying the potential damage that could be caused by a risk and determining the likelihood that it will occur. Response is the process of developing a plan to mitigate or eliminate the risks.

  Risk Register

  An information security risk register is a document that catalogues and tracks all known information security risks faced by an organization. It includes information on the nature of each risk, who is responsible for managing it, and how it is being mitigated. The register can be used to identify and prioritize risks, track progress in mitigating them, and ensure that risks are adequately managed.

  CIA Triad

  The CIA triad is a model for understanding information security that classifies information assets into three categories: confidentiality, integrity, and availability. Each category is important for protecting different types of data. Confidentiality protects the privacy of data, integrity protects the accuracy of data, and availability ensures that data is accessible when needed. The CIA triad is a fundamental principle in information security and is used to make decisions about how to protect information.

  Risk Rating

  Information security risk rating is the process of assessing and classifying the severity of risks to information assets. This is typically done by identifying the threats and vulnerabilities that could impact the confidentiality, integrity, or availability of those assets. Risks are then rated on a scale of low, medium, or high, depending on their severity.

  Organizations use risk ratings to help them make informed decisions about how to manage their information security risks. They can use this information to prioritize risks and determine which ones need to be addressed first. Risk ratings can also be used to measure the effectiveness of information security controls and strategies.

• Affirm that you are familiar with the enterprise security tools that are used to protect systems and data

  An enterprise information security tool is a software application that helps organizations protect their computer networks and user data. These tools usually provide a variety of features, such as the ability to monitor network traffic, detect intrusions, and block access to certain websites. They can also help organizations manage passwords and user accounts, as well as encrypt sensitive data.

  Penetration Testing Tools

  Penetration testing tools are software applications used by security professionals to identify vulnerabilities in networks, systems, and applications. By identifying these vulnerabilities, organizations can determine the risk that an attacker could exploit them and take steps to mitigate that risk.

  There are a variety of penetration testing tools available, each with its own strengths and weaknesses. Some of the most popular tools include Nmap, Metasploit, and Kali Linux. Nmap is a versatile tool that can be used to scan for open ports and services on a target system. Kali is a Linux distribution that contains a large number of penetration testing tools.

  Anti-virus Software

  Anti-virus software is a type of computer program that is designed to protect your computer from viruses. A virus is a type of malware that can harm your computer by corrupting your data or by infecting your system files. Anti-virus software usually runs in the background of your computer and it will scan all of your files for signs of a virus. If it finds a virus, it will quarantine the file and notify you so that you can take action to remove the virus. Anti-virus software is essential for protecting your computer from malware and viruses.

  Endpoint Detection and Response

  Endpoint Detection and Response (EDR) is a term for software that monitors and defends endpoint devices, such as laptops, desktops, servers, and smartphones. EDR software is designed to detect malicious activity on devices, including malware and ransomware, and to respond to incidents. Some EDR software also includes features that allow administrators to investigate incidents, gather forensics data, and generate reports.

  SIEM

  Security information and event management (SIEM) is a term for the practice of collecting, storing, analyzing, and reporting on security alerts and events from multiple sources. SIEM is used to identify potential threats to an organization's computer systems and to help manage security risks. The collected data can be used to create reports that help identify trends and potential vulnerabilities. SIEM tools can also be used to help administrators respond to security incidents.

  Proxies

  Proxy servers are used to protect networks and users from potentially harmful content on the internet. They work by acting as a filter between the user and the internet. This means that any requests made by the user are first sent through the proxy server, which then decides whether or not to allow the request to be fulfilled. This can help to protect users from inappropriate or dangerous content, as well as from data theft and other online threats. Proxy servers can also be used to improve performance, by caching content and reducing the amount of data that needs to be downloaded each time a user accesses a website.

  Secure Operating Environment

  Secure Operating Environment (SOE) is a security-enhanced environment in which users with proper clearance privileges can run their applications. The SOE provides controlled access to the network and its resources, using firewalls, intrusion detection/prevention systems, and other security measures. It isolates user applications and data from the underlying operating system, preventing unauthorized access and malware infection.

  Vulnerability Scanner

  A vulnerability scanner is a type of security software that is used to identify security vulnerabilities in computer systems or networks. These scanners work by scanning systems for known vulnerabilities, and then reporting them to the user. Vulnerability scanners can be used to find security holes in systems that could be exploited by hackers, and can help administrators secure their systems against attack.

• Demonstrate that you are familiar with the various cybersecurity operations groups

  The goal of Security Operations is to protect an organization's systems and data from unauthorized access, destruction, or theft. Security Operations teams use a variety of tools and techniques to achieve this goal, including firewalls, intrusion detection and prevention systems, anti-virus software, and user authentication mechanisms. They also work closely with other parts of the organization, such as Information Technology (IT) and Human Resources (HR), to ensure that security policies and procedures are implemented and followed.

  Cybersecurity Operations Center

  A cybersecurity operations center, or CSOC, is a facility where cyber security experts work together to protect an organization's computer networks and systems. CSOCs monitor networks for signs of attack, investigate incidents, and work to prevent future breaches. They use a variety of tools and techniques to detect and respond to cyber threats, including automated systems, threat intelligence, and human analysts. CSOCs play a critical role in protecting organizations from cybercrime and other online threats.

  Incident Response Team

  An Incident Response Team (IRT) is a group of individuals who respond to computer security incidents. The team is typically composed of experts in computer security, law enforcement, and forensics. The goal of the IRT is to minimize the damage caused by the incident, and to investigate and prosecute the perpetrators.

  Red Team

  A Red Team is a group of experts that is used to test the security of an organization. They are typically brought in to test the organization's defenses and find any potential vulnerabilities. Red Teams are also used to test the response of the organization to a security incident.

  Threat Hunting Team

  The Threat Hunting Team is responsible for the identification and eradication of cyber threats on the network. They use a variety of methods, including advanced analytics and manual review, to find and remove malicious actors from the network. The Threat Hunting Team is an important part of the organization's cybersecurity strategy, and their work helps to protect the network and its users from cyber threats.

  Infrastructure Security Team

  The Infrastructure Security team is responsible for ensuring the security of the company's computer networks and systems. They work closely with the IT department to maintain security posture and protect the company's infrastructure from online threats. The Infrastructure Security team uses a variety of tools and techniques to secure the network, including firewalls, intrusion detection systems, and antivirus software.

The images below illustrate examples of questions that could appear in the exam. Please note that none of the finest questions will be released. These samples should, however, give you an indication of what to expect.

What does SIEM stand for?

What is Continuous Security Monitoring?

What is Ransomware?