Applied Cybersecurity Midterm Review
which is an example of modern day malware and primarily used to coordinate malicious activity at a large scale? (A) Rootkits (B) Trojan Horse (C) Botnets
Botnets
Alice sends Bob an encrypted message, but he cannot read the contents without a decryption key. What form is the message in while it is encrypted? (A) Keys (B) Ciphertext (C) Plain text (D) Algorithm
Ciphertext
A perpetrator inserts the sleeve into the card slot of an ATM. With a customer attempt to make a transaction in inserts are credit card, it sits in the sleeve, out of sight from the customer, who thinks that the machine has malfunction. After the customer leaves, the perpetrator can then remove the sleeve with the victims card in it. This is what type of attack? (A) Skimmer (B) Fake ATMs (C) Lebanese loop
Lebanese loop
What is the name of an executable program that is embedded in a document and can be used for malicious purposes? (A) Micro Virus (B) Macro Virus (C) Boot sector virus
Macro virus
Assurance refers to how trust is provided and managed in computer systems. Which of the following is trust management not dependent upon? (A) Passwords (B) Policies (C) Protections (D) Permissions
Passwords
If Alice wants to send an encrypted message to Bob using symmetric encryption, which type of key must they use? (A) Shared Secret Key (B) Public Key (C) Private Key (D) Both Private and Public Key
Shared Secret Key
In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate? (A) The source address field (B) The checksum field (C) The destination address field (D) The source port field
The source address field
Malware is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. True or False
True
When using a biometric device for authentication purposes, a biometric sample is converted into a feature vector and that vector is compared against a stored reference vector. If the similarity is good enough, then the biometric sample is excepted as being a match. true or false
True
What type of malware is able to spread copies of itself without the need to inject itself into other programs? (A) Rootkit (B) Trojan Horse (C) Worm (D) Botnet
Worm
This version of a botnet is a toolkit for building and deploying a customized Trojan botnet. An attacker can customize the payload of the attack to be deployed and the type of information to capture during the attack. Available payloads include not only classic spyware, but also more sophisticated attacks, such as grabbing usernames and passwords only for specific web sites specified by the attacker. This botnet has been used extensively to steal credentials for social network sites, banking sites, and shopping sites. What is the name of this botnet? (A) Sality (B) Zeus (C) Mocmex (D) Code Red
Zeus
What does the acronym A.A.A. stand for? (A) Assurance, Alteration, Anonymity (B) Assurance, Authenticity, Anonymity (C) Assurance, Authentication, Anonymity (D) Assurance, Access Control, Anonymity
Assurance, Authenticity, Anonymity
Which of the following is not an example of a social engineering attack? (A) Buffer Overflow (B) Pretexting (C) Baiting (D) Quid Pro Quo
Buffer overflow
In order for an attacker to control bots from the bot herder, what type of model does the attacker need to establish? (A) Command and Control (B) Worm Propagation (C) Zero-day attacks
Command and Control
____________ is a tactic where a person registers a domain name in anticipation of that domain being desirable or important to another organization, with the intent of selling the domain to that organization for what can sometimes be a significant profit. (A) Top-level domain (B) Tunneling (C) Authoritative name server (D) Cybersquatting
Cybersquatting
An attacker that monitors the power consumption of a processor to statistically analyze the recorded information in an effort to reveal details about the crypto system of the underline cryptographic key is known as what type of attack? (A) Emendation attack (B) Differential power analysis (C) Social engineering (D) Smart card cloning
Differential power analysis
What is the correct order or the virus life cycle? (A) Dormant, Action, Propagation, Triggering (B) Action, Dormant, Propagation, Triggering (C) Dormant, Propagation, Triggering, Action (D) Dormant, Propagation, Action, Triggering
Dormant, Propagation, Triggering, Action
Malware is used to attack software systems. Malware is short for what two words? (A) Manipulating Software (B) Malevolent Software (C) Mischievous Software (D) Malicious Software
Malicious Software
Given the IP Address: 192.168.2.128 and the Subnet mask: 255.255.255.0 Which part of the IP address identifies the particular device in the network? (A) 2.128 (B) 192.168 (C) 192.168.2 (D) 128
128
Given the IP Address: 192.168.2.128 and the Subnet mask: 255.255.255.0 What is the broadcast address? (A) 10.10.10.10 (B) 192.168.2.255 (C) 255.255.255.1 (D) 192.168.255.255
192.168.2.255
Which model is useful for determining access control rights, but lacks scalability? (A) Role-Based Access Control (RBAC) (B) Access Control Lists (ACL) (C) Access Control Matrices (D) Capabilities
Access Control Matrices
Which is not part of the ten security principles? (A) Psychological Acceptability (B) Open Design (C) Access Control Models (D) Economy of Mechanism (E) Complete Mediation (F) Least Privilege (G) Fail-Safe Defaults (H) Work Factor
Access control models
Which protocol translates IP address into MAC address? (A) Memory Access Card Protocol (B) User Datagram Protocol (UDP) (C) Address Resolution Protocol (D) None
Address Resolution Protocol
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? (A) SYN Flood (B) Brute Force attack (C) Address Resolution Protocol(ARP) poisoning (D) Internet Protocol (IP) spoofing
Address Resolution Protocol (ARP) poisoning
Secure Shell (SSH) network protocol is used for: (A) Issuing remote commands (B) Secure file transfer (C) All of the mentioned (D) Secure access for automated processes
All of the mentioned
Developing a worm is a complex project consisting of numerous tasks. One of the tasks is to identify a vulnerability still unpatched in a popular application or operating system. ___________ ___________ vulnerabilities are among the most common ones exploited by worms. (A) Trap Doors (B) Trojan Horse (C) Root Kits (D) Buffer overflows
Buffer overflows
Similar to a hash function that can be used to verify the integrity of data, what important principle is used in computer forensics to ensure the contents collected during an investigation remain unaltered? (A) password cracking (B) Chain of custody (C) Live CD boot (D) Cold boot attack
Chain of custody
During the encryption process, an encryption algorithm converts the plaintext into what? (A) Cryptosystem (B) Ciphertext (C) Private Key (D) Encryption Key
Ciphertext
Which of the following is not an example of emanation blocking? (A) Closed-circuit television (B) Windowless room (C) Electrical grounding (D) Sound dampening materials
Closed circuit television
Commonly referred to as the C.I.A. Triad in cybersecurity, what security goals represent the acronym C.I.A.? (A) Confidentiality, Integrity, Authenticity (B) Confidentiality, Integrity, Availability (C) Ciphertext, Integrity, Availability (D) Confidentiality, Integrity, Assurance
Confidentiality, Integrity, Availability
Your company is experiencing a large increase in brute force password attacks lately. What type of attack is being used to get mini passwords in a short amount of time? (A) Buffer overflow (B) Pretexting (C) Social engineering (D) Dictionary attack
Dictionary attack
Which of the following is an application layer protocol that is responsible for resolving domains names to IP addresses on the Internet? For instance, in order for you to connect to an Internet web server from your mobile phone web browser, you enter a website address and then a certain protocol is used to translate that website address into an IP address. (A) Transmission Control Protocol (TCP) (B) Domain Name System (DNS) (C) Address Resolution Protocol (ARP) (D) Hypertext Transfer Protocol (HTTP)
Domain Name System (DNS)
You are hired as a Cybersecurity Consultant. The client wants to know which method should be used to protect the contents of their messages in the event someone is intercepting their information. Which method should you recommend to protect the contents of the message if it is intercepted via eavesdropping? (A) Physical Security (B) Access Control (C) Authentication (D) Encryption
Encryption
A computer worm is a malware program that spreads copies of itself without the need to inject itself in other programs, but worms DO require human intervention in order to spread to other computer systems. True or False
False
According to Fail-Safe defaults principle, the mobile applications should sometimes prioritize usability over security? true or false
False
Audio recordings of keystrokes and spinning hard disk drives cannot be used as an attack to determine what data is being entered or processed. True or false
False
Hardware keyloggers, such as a USB key logger, can only be used after the operating system is fully booted. True or false
False
Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address. True or False
False
Symmetric encryption is being considered by a company to use for protecting their data, but they're concerned about how long it will take to encrypt the data because it is slower than asymmetric encryption. Is it accurate that symmetric encryption is slower than asymmetric? true or false
False
Video monitoring systems are effective physical intrusion detection tools whose main goal is prevent attacks. True or false
False
When using Public Key Encryption, it is recommended security practice to share the Private Key with other people true or false
False
To block electromagnetic emanations in the air, we can surround sensitive equipment with metallic conductive shooting or a mesh of such material, or the holes in the mesh or smaller than the wave length of the electromagnetic radiation. This is what type of emanation mitigation? (A) Wiretapping (B) UV protection (C) Security by obscurity (D) Faraday cage
Faraday cage
You are hired as a Cybersecurity Penetration Tester for Company A. They want you to gather as much information as possible about their network. Which technique will allow you to determine which ports are open, which services may be running on the company network, and what version operating systems are in use? (A) Encapsulating Security Payload (ESP) (B) DNS Cache Poisoning (C) Tunneling (D) Fingerprinting
Fingerprinting
What is the correct order of phases when a hacker is planning an attack on a target? (A) Covering Tracks and Placing Backdoors, Footprinting, Scanning, and Enumeration, Gaining Access (B) Gaining Access, Footprinting, Scanning, and Enumeration, Covering Tracks and Placing Backdoors (C) Footprinting, Scanning and Enumeration, Gaining Access, Covering Tracks and Placing Backdoors (D) Handprinting, Gaining Access, Scanning and Enumeration, Covering Tracks and Placing Backdoors
Footprinting, Scanning and Enumeration, Gaining Access, Covering Tracks and Placing Backdoors
You are hired as an auditor to verify the integrity of financial data for a company. Which option should you use to compute the checksum of the data? (A) Hash Function (B) Shared Secret Key (C) Brute-Force Decryption (D) Digital Certificate
Hash function
An attacker intercepted data and modified the time stamp of a file to cover their activities. Which security goal is compromised by modifying the time stamp of the file? (A) Availability (B) Integrity (C) Confidentiality (D) Assurance
Integrity
Rootkits are sneaky, but they are not impossible to detect. User mode rootkits can be detected by checking for modifications to files on disk. On Windows, important code libraries are digitally signed, so that any tampering would invalidate the digital signature and be detected. Another commonly employed technique is to periodically compute a cryptographic hash function for critical system components while the system is offline. This hash can be recomputed while the system is online, and if the hashes do not match, then a rootkit may be altering these files. In addition, kernel mode anti-rootkit software can detect code injection in system processes. If the cryptographic hashes do not match, then the rootkit violated which of the three primary security principles? (A) Confidentiality (B) Assurance (C) Availability (D) Integrity
Integrity
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? (A) Transmission Control Protocol(TCP) (B) Hypertext Transfer Protocol(HTTP) (C) Internet Control Message Protocol (ICMP) (D) User Datagram Protocol (UDP)
Internet Control Message Protocol (ICMP)
As the Chief Information Security Officer at a large organization, you task your team to implement a system (software or hardware) that can be used to detect signs of malicious activity on the company network and on individual computers. This system should compile real-time data about the functioning of network components and computers. That real-time data should then be processed against site policies that define probable incidents. (Hint: three words)
Intrusion Detection System
Alice and Bob are communicating on the network and noticed that their data is being intercepted, modified, and re-transmitted in an unauthorized manner. What type of alteration attack is occurring to their communications? (A) Repudiation (B) Denial of service (DoS) (C) Masquerading (D) Man-in-the-middle attack (MITM)
Man-in-the-middle attack (MITM)
The task of the _______ layer, which is also known as the Internet layer for the Internet, is to provide for the moving of packets between any two hosts, on a best effort basis. (A) Network (B) Application (C) Physical (D) Transport
Network
One way to detect a _________ virus is to focus on the fact that it must use a different encryption key each time the virus encrypts and replicates itself. This choice implies that the body of the virus must also include generic code for an encryption algorithm, so that it can encrypt copies of itself with new keys. A _________ virus might still have a signature related to its ability to encrypt itself. The encryption code may itself initially be encrypted, so a virus detection algorithm would, in this case, have to identify this decryption code first. (A) Polymorphic (B) Biomorphic (C) Unimorphic (D) Metamorphic
Polymorphic
Bob wants to digitally sign a message to send to Alice. In order for Bob to digitally sign the message, he encrypts the message using his ______. The created message can be decrypted using ______. (A) Public Key, Alice's Private Key (B) Private Key, Bob's Public Key (C) Public Key, Bob's Private Key (D) Private Key, Alice's Public Key
Private Key, Bob's Public Key
You are hired as a cyber security consultant to implement digital signatures. Which encryption model will provide a method for performing digital signatures? (A) Shared secret (B) Public Key (C) Symmetric Key (D) Hash Functions
Public Key
You are hired as the Chief Information Security Officer (CISO) at a company and tasked with defending against insider attacks. There have been rampant issues with employees in the software development team performing various methods of insider attacks. You are creating a new policy to help limit these types of attacks. From the list below, which of the following is not recommended for defending against insider attacks? (A) Avoid single points of failure (B) Limit Authority and reporting tools (C) Control software installations (D) Publish unverified code
Publish unverified code
Once __________ code is loaded into the kernel, several techniques may be employed to achieve stealth. One of the most common methods is known as function hooking. Because the __________ is running with kernel privileges, it can directly modify kernel memory to replace operating system functions with customized versions that steal information or hide the existence of the __________. (A) Rootkit (B) Virus (C) Trojan Horse (D) Worm
Rootkit
An attacker wants to overwhelm a server on the network by exploiting the Transmission Control Protocol (TCP) three-way handshake connection. Which of the following network attacks will overload servers and deny access to legitimate users? (A) Man in the Middle (B) Brute Force (C) Smurf (D) SYN Flood
SYN Flood
Another heuristic for combating zero-day attacks is to run programs in an isolated run-time environment that monitors how they interact with the "outside world." Potentially dangerous actions, like reading and writing to existing files, writing to a system folder, or sending and receiving packets on the Internet, are flagged. A user running such a detection program in the background would be alerted each time an untrusted program performs one of these potentially unsafe actions. Such a run-time environment, which is a type of virtual machine, is sometimes referred to as a ____________. (A) Botnet (B) Hash function (C) Sandbox (D) Trojan Horse
Sandbox
Techniques used by hackers to secretly read information on the users screen either by physically viewing the data, installing small cameras to capture the information as it is being read, or using binoculars to view a victims monitor through an open window is what type of eavesdropping method? (A) Forensics (B) Wiretapping (C) Keylogger (D) Shoulder surfing
Shoulder surfing
A door with a highly secure lock does little good if the door can be removed by unscrewing its hinges. What is this type of attack called?(A) Privilege Escalation (B) Wiretapping (C) Side-channel attack (D) Eaves dropping
Side channel attack
_______ is a device that reads and stores magnetic stripe information on a card is swiped. An attacker can install a _______ over the card slot of an ATM and stores customers credit information without their knowledge. Later, this information can be retrieved and use to make duplicates of the original cards. (A) Skimmer (B) Lebanese Loop (C) Fake ATMs
Skimmer
If a company wants to implement a firewall that can tell when packets are part of legitimate sessions originating within a trusted network and maintain tables containing information on each active connection, which type of firewall should they implement? (A) Application Firewall (B) Stateless Firewall (C) Stateful Firewall
Stateful Firewall
Which of the following is not a candidate for biometric identification? (A) Facial recognition (B) Strong password (C) DNA (D) Fingerprints
Strong password
You are responsible for configuring access control for a new group of users in your organization. What type of access control elements are the group and the users considered? (A) Access rights (B) Object (C) Subject
Subject
What type of malware appears to perform some useful task, but also does something harmful? (A) Phishing (B) Rootkit (C) Trojan Horse (D) Worm
Trojan horse
A Cybersecurity team is deciding which type of encryption to use for a large company. They decided to use Public Key Encryption instead of Symmetric Key Encryption because the Public Key Encryption model requires fewer overall keys to be maintained within the large company. Is that an accurate statement? true or false
True
A backdoor is a hidden feature or command in a program that has been embedded by a programmer and can be activated by the attacker True or False
True
A bot or a bot zombie is a compromised computer under the control of an attacker. True or False
True
A common technique by an attacker to bypass malware scanners is to encrypt the virus to make it harder for the antivirus or malware software to identify the virus. True or False
True
A company that is inundated with ICMP echo requests, also known as a ping flood attack, so that legitimate customers can no longer establish a connection to the company is an example of a Denial of Service, or DoS attack. True or False
True
A honeypot can be used as a tool to detect intrusions, including port scans, where a computer is used as "bait" to lure intruders into thinking they've gained access to important resources. True or False
True
A network engineer is experiencing IPv4 exhaustion and running out of available public IPv4 addresses to assign to connected devices on the network. The network engineer should implement Network Address Translation (NAT) to mitigate the IPv4 exhaustion problem and use private IP addresses internally within the company network. True or False
True
A security consultant recommends a government agency use IPsec tunnel mode to transfer data because the entire original packet, including the header and payload, are encrypted whereas the transport mode only encrypts or authenticates the payload of the packet and not the header. Is this an accurate recommendation? True or False
True
A security developer wants to program a new application to send data using a protocol that is reliable and guarantees delivery of all packets in an ordered fashion. While User Datagram Protocol (UDP) is faster, the developer chooses Transmission Control Protocol (TCP) because it meets the reliability requirements. Is this a good choice by the developer? True or False
True
A trusted authority that issues certificates is called a certificate authority (CA). true or false
True
An employee at your company is planning a security breach. They are part of the organization that controls and builds software and assets that other employees attempt to protect. This is an example of an insider attack. True or false
True
Because RFID chips operate using radio waves, they can release information without the need for direct physical contact. true or false
True
Bob suspects Internet Protocol packet header values are being modified in transit on the network. Bob should check the header checksum value to verify whether the packet is error free. True or false
True
Company A partners with Company B and needs to send data securely between their data centers to prevent eavesdropping. The security engineers from both companies recommend using a tunneling protocol to encrypt the traffic. Will a tunneling protocol help the companies avoid eavesdropping and encrypt data transferred between the two companies? True or False
True
Computer viruses resemble the anatomy of biological viruses. One of the terms used to describe the vulnerabilities that malware exploit to perform their attacks are called vectors True or False
True
Eve the attacker wants to capture network traffic on an open WiFi connection to collect usernames and passwords. In order for Eve to capture that traffic, promiscuous mode must be enabled to capture traffic between other hosts on a network. True or false
True
Experts study the infected files looking for code fragments that are unique to a particular virus. This helps them to create a virus signature. True or False
True
Human guards are susceptible to social engineering attacks and may grant and attacker access to a highly secure environment. True or false
True
In Role Based Access Control (RBAC) model, administrators define roles before specifying access rights. true or false
True
In regards to access control, one of the best ways to defend against the attacks is to prevent them in the first place. true or false
True
Jill lives in an apartment complex. She does not put a password on her WiFi and thus allows any of her neighbors into her local area network. With this configuration, Jill is setting herself up for ARP spoofing attack. True or false
True
Kerchkhoff's principle states that all aspects of cryptosystems can be opened and shared, but the private key must be kept secret. true or false
True
Smart cards provide more secure authentication mechanisms than magnetic stripe cards. true or false
True
The CEO of company ABC hired a penetration test to expose any vulnerabilities in their environment. The penetration tester completes many steps to conduct the vulnerability assessment such as footprinting, scanning, and gaining access to systems. After the test is complete, the last phase is to produce the final report and documentation. True or False
True
The GSM challenge response protocol is used to allow a cell phone, using its Sim card, to communicate to the network providers base station? True or false
True
The security goal of ensuring information is accessible for authorized users is called availability True or false
True
The three main components of a computing environment our electricity, temperature, and limited conductance. true or false
True
You are an employee and a student at a University that has implemented role-based access control (RBAC). Can you be a member of more than one roll at a time, such as the student role and the employee role? true or false
True
Which of the following is not an example of a rootkit characteristic? (A) modifies the operating system to hide its existence (B) Easy to detect (C) A special kind of memory-resident virus
easy to detect
According to open design principle, we should keep cryptographic algorithms secret to achieve the confidentiality goal. true or false
false
A zero-day attack is an attack that exploits a vulnerability that was previously unknown, even to the software designers who created the system containing the vulnerability. True or false
true
Identity is based on a combination of three things: something that a person has, something the person knows, and something the person is. true or false
true
Mallory is an attacker that wants to use IP Spoofing in her next attack on company A. In order for Mallory to conduct the attack with IP Spoofing, she needs to send packets from an IP address that appears to originate from another IP address. True or false
true
The self-replication property is what distinguishes computer viruses from other kinds of malware, such as logic bombs. True or false
true
What type of passive attack involves an attacker eavesdropping on network traffic by monitoring electrical impulses? (A) Social engineering (B) shoulder surfing (C) Wiretapping (D) Phishing email
wire tapping
