Cyber Security- Final Exam
When the code that the attacker injects into a website remains on the website for a period of time and is visible to other users, it is called what type of attack? a.) Persistent XSS b.) SQL Injection c.) Non-persistent XSS d.) Half-persistent XSS
a.) Persistent XSS
A company that is inundated with ICMP echo requests, also known as a ping flood attack, so that legitimate customers can no longer establish a connection to the company is an example of a Denial of Service, or DoS attack. a.) True b.) False
a.) True
Experts study the infected files looking for code fragments that are unique to a particular virus. This helps them to create a virus signature. a.) True b.) False
a.) True
The three main components of a computing environment are Electricity, Temperature, Limited Conductance. a.) True b.) False
a.) True
Cyber Stalking is NOT a punishable offense. a.) True b.) False
b.) False
When using Public-Key Encryption, it is a recommended security practice to share the Private Key with other people. a.) True b.) False
b.) False
Which statement is not correct about HTTPS protocol: a.) It addresses confidentiality and integrity goals b.) In HTTPS, the server and Client generate a shared public key to encrypt the messages c.) Adds an additional layer of security known as SSL (secure socket layer) or TLS (Transport later security) to HTTP d.) HTTPS requires the web server to send its public key to the web browser
b.) In HTTPS, the server and Client generate a shared public key to encrypt the messages
You are a Cybersecurity Professional hired to exfiltrate data out of a company. You use tactics such as electronic eavesdropping techniques, spyware, and photocopying of files in order to gain value about the company. What type of attack is this considered? a.) Sophisticated Glamour b.) Industrial Espionage c.) Nigerian Fraud d.) Pump and Dump
b.) Industrial Espionage
You are hired as a Cybersecurity Consultant to implement digital signatures. Which encryption model will provide a method for performing digital signatures? a.) Hash Functions b.) Public Key c.) Symmetric Key d.) Shared Secret
b.) Public Key
What type of malware is able to spread copies of itself without the need to inject itself in other programs? a.) Botnet b.) Trojan Horse c.) Worm d.) Rootkit
c.) Worm
Malware is used to attack software systems. Malware is short form of what two words? a.) Manipulating Software b.) Mischievous Software c.) Malevolent Software d.) Malicious Software
d.) Malicious Software
When an attacker gets the user to click on a specially crafted URL with script in it and the web service reflects it back, what type of attack is that called? a.) Persistent XSS b.) SQL Injection c.) Half-persistent XSS d.) Non-persistent XSS
d.) Non-persistent XSS
Assurance refers to how trust is provided and managed in computer systems. Which of the following is trust management not dependent upon? a.) Policies b.) Permissions c.) Protections d.) Passwords
d.) Passwords
Techniques used by hackers to secretly read information on a user's screen either by physically viewing the data, installing small cameras to capture the information as it is being read, or using binoculars to view a victim's monitor through an open window is what type of eavesdropping method? a.) Forensics b.) Keylogger c.) Wiretapping d.) Shoulder Surfing
d.) Shoulder Surfing
What type of malware appears to perform some useful task, but also does something harmful? a.) Worm b.) Rootkit c.) Phishing d.) Trojan Horse
d.) Trojan Horse
As the Chief Information Security Officer at a large organization, you task your team to implement a system (software or hardware) that can be used to detect signs of malicious activity on the company network and on individual computers. This system should compile real-time data about the functioning of network components and computers. That real-time data should then be processed against site policies that define probable incidents. (Hint: three words) ______________
Intrusion Detection System
Given the IP Address: 192.168.2.128 and the Subnet mask: 255.255.255.0 Which part of the IP address identifies the particular device in the network? a.) 128 b.) 192.168.2 c.) 192.168 d.) 2.128
a.) 128
Mallory (an attacker) forced Alice to log into her google account. Her goal was to obtain information about Alice's search history. What kind of vulnerability most likely Mallory exploited to launch the attack? a.) CSRF b.) Phishing c.) SQL Injection d.) XSS
a.) CSRF
Alice sends Bob an encrypted message, but he cannot read the contents without a decryption key. What form is the message in while it is encrypted? a.) Ciphertext b.) Keys c.) Plaintext d.) Algorithm
a.) Ciphertext
Your company is experiencing a large increase in brute-force password attacks lately. What type of attack is being used to guess many passwords in a short amount of time? a.) Dictionary Attack b.) Buffer Overflow c.) Social Engineering d.) Pretexting
a.) Dictionary Attack
Which of the following is not an example of a rootkit characteristic? a.) Easy to detect b.) Modifies the operating system to hide its existence c.) A special kind of memory resident virus
a.) Easy to detect
As a penetration tester, you a required to perform all of the following phases except which one? a.) Encrypt Data b.) Reporting and Documentation c.) Scoping Target Systems d.) Perform Cleanup
a.) Encrypt Data
You are hired as a Cybersecurity Consultant. The client wants to know which method should be used to protect the contents of their messages in the event someone is intercepting their information. Which method should you recommend to protect the contents of the message if it is intercepted via eavesdropping? a.) Encryption b.) Physical Security c.) Authentication d.) Access Control
a.) Encryption
An attacker wants to move from a low-level bankers account they recently hacked all the way up to the administrator account. What phase is the attacker in? a.) Gaining Access b.) Footprinting c.) Scanning and Enumeration d.) Covering Tracks and Placing Backdoors
a.) Gaining Access
You are hired as an auditor to verify the integrity of financial data for a company. Which option should you use to compute the checksum of the data? a.) Hash Function b.) Digital Certificate c.) Brute-Force Decryption d.) Shared Secret Key
a.) Hash Function
The task of the _______ layer, which is also known as the Internet layer for the Internet, is to provide for the moving of packets between any two hosts, on a best effort basis. a.) Network b.) Physical c.) Application d.) Transport
a.) Network
A web programmer wants to create a site that is capable of dynamically generating variables based on user input. Which language should the programmer use to help generate that dynamic data? a.) PHP b.) LMTH c.) HTML d.) PGP
a.) PHP
Bob wants to digitally sign a message to send to Alice. In order for Bob to digitally sign the message, he encrypts the message using his _______ . The created message can be decrypted using _______. a.) Private Key, Bob's Public Key b.) Public Key, Bob's Private Key c.) Public Key, Alice's Private Key d.) Private Key, Alice's Public Key
a.) Private Key, Bob's Public Key
_____ is a device that reads and stores magnetic stripe information when a card is swiped. An attacker can install a _____ over the card slot of an ATM and store customers' credit information without their knowledge. Later, this information can be retrieved and used to make duplicates of the original cards. a.) Skimmer b.) Fake ATMs c.) Lebanese Loop
a.) Skimmer
A Cybersecurity team is deciding which type of encryption to use for a large company. They decided to use Public Key Encryption instead of Symmetric Key Encryption because the Public Key Encryption model requires fewer overall keys to be maintained within the large company. Is that an accurate statement? a.) True b.) False
a.) True
A SQL injection attack involves placing SQL statements in the user input. a.) True b.) False
a.) True
A backdoor is a hidden feature or command in a program that has been embedded by a programmer and can be activated by the attacker. a.) True b.) False
a.) True
A bot or a bot zombie is a compromised computer under the control of an attacker. a.) True b.) False
a.) True
A common technique by an attacker to bypass malware scanners is to encrypt the virus to make it harder for the antivirus or malware software to identify the virus. a.) True b.) False
a.) True
A honeypot can be used as a tool to detect intrusions, including port scans, where a computer is used as "bait" to lure intruders into thinking they've gained access to important resources. a.) True b.) False
a.) True
A network engineer is experiencing IPv4 exhaustion and running out of available public IPv4 addresses to assign to connected devices on the network. The network engineer should implement Network Address Translation (NAT) to mitigate the IPv4 exhaustion problem and use private IP addresses internally within the company network. a.) True b.) False
a.) True
A security consultant recommends a government agency use IPsec tunnel mode to transfer data because the entire original packet, including the header and payload, are encrypted whereas the transport mode only encrypts or authenticates the payload of the packet and not the header. Is this an accurate recommendation? a.) True b.) False
a.) True
A security developer wants to program a new application to send data using a protocol that is reliable and guarantees delivery of all packets in an ordered fashion. While User Datagram Protocol (UDP) is faster, the developer chooses Transmission Control Protocol (TCP) because it meets the reliability requirements. Is this a good choice by the developer? a.) True b.) False
a.) True
A trusted authority that issues certificates is called a certificate authority (CA). a.) True b.) False
a.) True
A zero-day attack is an attack that exploits a vulnerability that was previously unknown, even to the software designers who created the system containing the vulnerability. a.) True b.) False
a.) True
According to OWASP, the top threat was injection attacks in both 2013 and 2017. a.) True b.) False
a.) True
An employee at your company is planning a security breach. They are part of the organization that controls and builds software and assets that other employees attempt to protect. This is an example of an insider attack. a.) True b.) False
a.) True
As a Data Analyst, you need to tighten data access in your company. One of the methods you decide to implement is granting access based on a need-to-know basis. Is this a good way to better protect data from Industrial Espionage? a.) True b.) False
a.) True
As a security analyst, you are required to find ways to gain access to protected environments within your organization. Social engineering, backdoors, and web application vulnerabilities are good examples of ways to gain access. a.) True b.) False
a.) True
As a security researcher, you want to find out information about the ports, services, and their states of a remote target. You should use nmap to collect this information. a.) True b.) False
a.) True
As part of the footprint process, enumeration is used to perform an in-depth information gathering about a specific target. a.) True b.) False
a.) True
Attackers can footprint a target organization by simply viewing the job postings listed on their website or LinkedIn to determine what systems the organization uses and may be easiest to exploit. a.) True b.) False
a.) True
Because RFID chips operate using radio waves, they can release information without the need for direct physical contact. a.) True b.) False
a.) True
Bob suspects Internet Protocol packet header values are being modified in transit on the network. Bob should check the header checksum value to verify whether the packet is error free. a.) True b.) False
a.) True
Company A partners with Company B and needs to send data securely between their data centers to prevent eavesdropping. The security engineers from both companies recommend using a tunneling protocol to encrypt the traffic. Will a tunneling protocol help the companies avoid eavesdropping and encrypt data transferred between the two companies? a.) True b.) False
a.) True
Computer viruses resemble the anatomy of biological viruses. One of the terms used to describe the vulnerabilities that malware exploit to perform their attacks are called vectors. a.) True b.) False
a.) True
Eve the attacker wants to capture network traffic on an open WiFi connection to collect usernames and passwords. In order for Eve to capture that traffic, promiscuous mode must be enabled to capture traffic between other hosts on a network. a.) True b.) False
a.) True
HTTPS should always be used when available while browsing the Internet because the 'S' in HTTPS stands for 'secure'. a.) True b.) False
a.) True
Human guards are susceptible to social engineering attacks and may grant an attacker access to a highly secure environment. a.) True b.) False
a.) True
Identity is based on a combination of three things: something the person has, something the person knows, and something the person is. a.) True b.) False
a.) True
Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and assumes another person's personal identity in some way that involves fraud or deception, typically for economic gain." a.) True b.) False
a.) True
If a website is configured to use HTTP over port 80, then the data in transit is vulnerable to eavesdropping and man-in-the-middle attacks. a.) True b.) False
a.) True
If user input to be stored in the database is not properly sanitized, it may be possible for an attacker to inject malicious code that will execute in the browser of other visitors. a.) True b.) False
a.) True
In Role Based Access Control (RBAC) Model, administratorsdefine roles before specifying access rights. a.) True b.) False
a.) True
In order to avoid scams on the Internet, you should consider the source, independently verify claims, research the opportunity, watch our for high pressure pitches, and be skeptical. a.) True b.) False
a.) True
In regards to Access Control, one of the best ways to defend against attacks is to prevent them in the first place. a.) True b.) False
a.) True
Industrial espionage is NOT restricted to technology companies. a.) True b.) False
a.) True
Jill lives in an apartment complex. She does not put a password on her WiFi and thus allows any of her neighbors into her local area network. With this configuration, Jill is setting herself up for ARP spoofing attack. a.) True b.) False
a.) True
Kerchkhoffs' Principle states that all aspects of cryptosystems can be open and shared, but the private key must be kept secret. a.) True b.) False
a.) True
Mallory is an attacker that wants to use IP Spoofing in her next attack on company A. In order for Mallory to conduct the attack with IP Spoofing, she needs to send packets from an IP address that appears to originate from another IP address. a.) True b.) False
a.) True
Maltego is a tool included included in Kali Linux that can help an attacker or security professional map out a network environment to build out a structured map of the connections between the devices. a.) True b.) False
a.) True
Malware is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. a.) True b.) False
a.) True
Smart Cards provide more secure authentication mechanisms than magnetic stripe cards. a.) True b.) False
a.) True
The CEO of company ABC hired a penetration test to expose any vulnerabilities in their environment. The penetration tester completes many steps to conduct the vulnerability assessment such as footprinting, scanning, and gaining access to systems. After the test is complete, the last phase is to produce the final report and documentation. a.) True b.) False
a.) True
The GSM Challenge-Response Protocol is used to allow a cellphone, using its SIM card, to communicate to the network provider's base station? a.) True b.) False
a.) True
The scanning phase consists of collecting details obtained during the footprinting phase in order to target the attack more precisely. a.) True b.) False
a.) True
The security goal of ensuring information is accessible for authorized users is called availability. a.) True b.) False
a.) True
The self-replication property is what distinguishes computer viruses from other kinds of malware, such as logic bombs. a.) True b.) False
a.) True
When using a biometric device for authentication purposes, a biometric sample is converted into a feature vector and that vector is compared against a stored reference vector. If the similarity is good enough, then the biometric sample is accepted as being a match. a.) True b.) False
a.) True
You are an employee and a student at a University that has implemented Role Based Access Control (RBAC). Can you be a member of more than one role at a time, such as the student role and the employee role? a.) True b.) False
a.) True
This version of a botnet is a toolkit for building and deploying a customized Trojan botnet. An attacker can customize the payload of the attack to be deployed and the type of information to capture during the attack. Available payloads include not only classic spyware, but also more sophisticated attacks, such as grabbing usernames and passwords only for specific web sites specified by the attacker. This botnet has been used extensively to steal credentials for social network sites, banking sites, and shopping sites. What is the name of this botnet? a.) Zeus b.) Sality c.) Code Red d.) Mocmex
a.) Zeus
Which model is useful for determining access control rights, but lacks scalability? a.) Capabilities b.) Access Control Matrices c.) Access Control Lists (ACL) d.) Role-Based Access Control (RBAC)
b.) Access Control Matrices
Which protocol translates IP address into MAC address? a.) Memory Access Card Protocol b.) Address Resolution Protocol c.) User Datagram Protocol (UDP) d.) None
b.) Address Resolution Protocol
Secure Shell (SSH) network protocol is used for: a.) Secure file transfer b.) All of the mentioned c.) Issuing remote commands d.) Secure access for automated processes
b.) All of the mentioned
In order for an attacker to control bots from the bot herder, what type of model does the attacker need to establish? a.) Zero-day attacks b.) Command and control c.) Worm propagation
b.) Command and control
Commonly referred to as the C.I.A. Triad in cybersecurity, what security goals represent the acronym C.I.A.? a.) Confidentiality, Integrity, Assurance b.) Confidentiality, Integrity, Availability c.) Confidentiality, Integrity, Authenticity d.) Ciphertext, Integrity, Availability
b.) Confidentiality, Integrity, Availability
An attacker that monitors the power consumption of a processor to statistically analyze the recorded information in an effort to reveal details about the cryptosystem of the underlying cryptographic key is know as what type of attack? a.) Social Engineering b.) Differential Power c.) Analysis d.) Smart Card Cloning Emanation Attack
b.) Differential Power
A computer worm is a malware program that spreads copies of itself without the need to inject itself in other programs, but worms DO require human intervention in order to spread to other computers and systems. a.) True b.) False
b.) False
According to Fail-safe defaults principle, the mobile applications should sometimes prioritize usability over security. a.) True b.) False
b.) False
According to open design principle, we should keep cryptographic algorithms secret to achieve the confidentiality goal. a.) True b.) False
b.) False
Alice is not concerned about security of the cookies on her local computer because they never hold sensitive information. a.) True b.) False
b.) False
Audio recordings of keystrokes and spinning hard disk drives cannot be used as an attack to determine what data is being entered or processed. a.) True b.) False
b.) False
Hardware keyloggers, such as a USB keylogger, can only be used after the operating system is fully booted. a.) True b.) False
b.) False
Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address. a.) True b.) False
b.) False
Stalking often involves harassing or threatening behavior that an individual engages in one time. a.) True b.) False
b.) False
Symmetric encryption is being considered by a company to use for protecting their data, but they're concerned about how long it will take to encrypt the data because it is slower than asymmetric encryption. Is it accurate that symmetric encryption is slower than asymmetric? a.) True b.) False
b.) False
Universities are not susceptible to Industrial Espionage. a.) True b.) False
b.) False
Video monitoring systems are effective physical intrusion detection tools whose main goal is to prevent attacks. a.) True b.) False
b.) False
You are hired as a cybersecurity penetration tester to find gaps in a company's firewall. During the port scanning operation with nmap, you find that port 80, used for HTTP traffic, is accessible but nmap is unable to determine whether the port is open or closed. Is the port in a filtered state? a.) True b.) False
b.) False
You are hired as a Cybersecurity Penetration Tester for Company A. They want you to gather as much information as possible about their network. Which technique will allow you to determine which ports are open, which services may be running on the company network, and what version operating systems are in use? a.) Encapsulating Security Payload (ESP) b.) Fingerprinting c.) DNS Cache Poisoning d.) Tunneling
b.) Fingerprinting
Rootkits are sneaky, but they are not impossible to detect. User mode rootkits can be detected by checking for modifications to files on disk. On Windows, important code libraries are digitally signed, so that any tampering would invalidate the digital signature and be detected. Another commonly employed technique is to periodically compute a cryptographic hash function for critical system components while the system is offline. This hash can be recomputed while the system is online, and if the hashes do not match, then a rootkit may be altering these files. In addition, kernel mode anti-rootkit software can detect code injection in system processes. If the cryptographic hashes do not match, then the rootkit violated which of the three primary security principles? a.) Availability b.) Integrity c.) Confidentiality d.) Assurance
b.) Integrity
A perpetrator inserts this sleeve into the card slot of an ATM. When a customer attempts to make a transaction and inserts their credit card, it sits in the sleeve, out of sight from the customer, who thinks that the machine has malfunctioned. After the customer leaves, the perpetrator can then remove the sleeve with the victim's card. This is what type of attack? a.) Fake ATMs b.) Lebanese Loop c.) Skimmer
b.) Lebanese Loop
What is the name of an executable program that is embedded in a document and can be used for malicious purposes? a.) Boot sector virus b.) Macro virus c.) Micro virus
b.) Macro virus
Alice and Bob are communicating on the network and notice that their data is being intercepted, modified, and retransmitted in an unauthorized manner. What type of alteration attack is occurring to their communications? a.) Masquerading b.) Man-in-the-middle attack (MITM) c.) Repudiation d.) Denial of Service (DoS)
b.) Man-in-the-middle attack (MITM)
A Prince from a foreign country emails you to make an arrangement to accept millions of dollars on their behalf. All you have to do it pay the fee to transfer the funds for $1,300. After the funds are transferred, the Prince will compensate you with a portion of the millions. What type of scam is this called? a.) Pump and Dump b.) Nigerian Fraud c.) Cyber Stalking d.) Identity Theft
b.) Nigerian Fraud
A stock trader takes a stock that is worthless and buys a lot of it. Then the trader artificially inflates its value through false and misleading positive statements, in order to sell the cheaply purchased stock at a higher price. In a short period the price of the stock comes back to its original, low-valued price. What type of scam is this called? a.) Bid shielding b.) Pump and dump c.) Shill bidding d.) Bid siphoning
b.) Pump and dump
You're a security consultant that must find the method an attacker used to breach an organization. Upon investigation, you notice that one of their input forms on a web page is not sanitizing the input data before running the command against the back-end database. What is the most likely attack vector used during the breach? a.) Web-Form Injection b.) SQL Injection c.) CSRF d.) XSS
b.) SQL Injection
An attacker wants to overwhelm a server on the network by exploiting the Transmission Control Protocol (TCP) three-way handshake connection. Which of the following network attacks will overload servers and deny access to legitimate users? a.) Man in the Middle b.) SYN Flood c.) Brute Force d.) Smurf
b.) SYN Flood
If Alice wants to send an encrypted message to Bob using symmetric encryption, which type of key must they use? a.) Both Private and Public Key b.) Shared Secret Key c.) Public Key d.) Private Key
b.) Shared Secret Key
There are many auction scams to know about. Which one of the following is not an area of FTC bidding fraud? a.) Shill bidding b.) Shoulder surfing c.) Bid siphoning d.) Bid shielding
b.) Shoulder surfing
If a company wants to implement a firewall that can tell when packets are part of legitimate sessions originating within a trusted network and maintain tables containing information on each active connection, which type of firewall should they implement? a.) Application Firewall b.) Stateful Firewall c.) Stateless Firewall
b.) Stateful Firewall
You are responsible for configuring access control for a new group of users in your organization. What type of access control element are the group and the users considered? a.) Object b.) Subject c.) Access Rights
b.) Subject
In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate? a.) The destination address field b.) The source address field c.) The source port field d.) The checksum field
b.) The source address field
A security researcher discovers that a URL link is different from the spoofed URL viewed in the address bar. What type of attack or technique is being used? a.) URL Forwarding b.) URL Obfuscation c.) URL Redirect d.) URL Back-propagation
b.) URL Obfuscation
As an ongoing effort to protect against Industrial Espionage, the Chief Information Security Office at your aerospace company tasks you with identifying best practices to protect your data. Which one of the following is not a best practice to protect against Industrial Espionage? a.) Log the use portable storage devices b.) Use shared user accounts c.) Encrypt hard drives d.) Implement separation of duties e.) Conduct exit interviews f.) Implement security policies
b.) Use shared user accounts
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? a.) Internet Protocol (IP) spoofing b.) Brute Force attack c.) Address Resolution Protocol (ARP) poisoning d.) SYN Flood
c.) Address Resolution Protocol (ARP) poisoning
As an Information Security professional, you are charged with determining how to protect the data in your organization. What is the best first step to conduct in order to protect data in your organization? a.) Eavesdropping b.) Spyware c.) Asset Identification d.) Espionage
c.) Asset Identification
Which is an example of modern day malware and primarily used to coordinate malicious activity at a large-scale? a.) Rootkits b.) Trojan Horse c.) Botnets
c.) Botnets
Which of the following is not an example of a social engineering attack. a.) Pretexting b.) Quid Pro Quo c.) Buffer Overflow d.) Baiting
c.) Buffer Overflow
Developing a worm is a complex project consisting of numerous tasks. One of the tasks is to identify a vulnerability still unpatched in a popular application or operating system. ___________ ___________ vulnerabilities are among the most common ones exploited by worms. a.) Trojan Horse b.) Trap Doors c.) Buffer Overflows d.) Root Kits
c.) Buffer Overflows
A security professional is concerned about the company web browsers running a script from a vulnerable site and malicious script from a malicious site. What type of attack is the security professional concerned about? a.) Injection b.) XSS c.) CSRF d.) HTTPS
c.) CSRF
Similar to a hash function that can be used to verify the integrity of data, what important principle is used in computer forensics to ensure the contents collected during an investigation remain unaltered? a.) Live CD Boot b.) Cold Boot Attack c.) Chain of Custody d.) Password Cracking
c.) Chain of Custody
What is the correct order of phases when a hacker is planning an attack on a target? a.) Covering Tracks and Placing Backdoors, Footprinting, Scanning and Enumeration, Gaining Access b.) Gaining Access, Footprinting, Scanning and Enumeration, Covering Tracks and Placing Backdoors c.) Footprinting, Scanning and Enumeration, Gaining Access, Covering Tracks and Placing Backdoors d.) Handprinting, Gaining Access, Scanning and Enumeration, Covering Tracks and Placing Backdoors
c.) Footprinting, Scanning and Enumeration, Gaining Access, Covering Tracks and Placing Backdoors
As a Security Consultant, you must recommend a way for a company to better protect data on mobile devices. The company uses Microsoft Windows on all employee laptops which are vulnerable to theft as the employees travel around the world. What is the best recommendation you can provide to the company to help protect the data on those Windows laptops, especially if the device is stolen? a.) Have employees sign an nondisclosure agreement (NDA) b.) Conduct background checks c.) Implement BitLocker encryption d.) Conduct security awareness training
c.) Implement BitLocker encryption
An attacker intercepted data and modified the time stamp of a file to cover their activities. Which security goal is compromised by modifying the time stamp of the file? a.) Availability b.) Assurance c.) Integrity d.) Confidentiality
c.) Integrity
If parents name their child "Robert`); DROP TABLE Students;--" What is the child's nickname? a.) Dropping Bobby Tables b.) Little Drop Tables c.) Little Bobby Tables d.) Dropping Students tables
c.) Little Bobby Tables
From 2006-2009, what popular company was vulnerable to a CSRF vulnerability that would allow an attacker to change account details such as the name, shipping address, email, and password? a.) Amazon b.) HBO c.) Netflix d.) Hulu
c.) Netflix
An incident response team is assisting a company with a recent data breach. The attacker that caused the breach left clues behind that may be used by the incident response team to forensically identify the attacker. Which one of the following items could lead to the identification of the attacker if they did not cover their tracks after the attack? a.) Changing the user name b.) Delete temp files c.) Not modifying time stamps
c.) Not modifying time stamps
Once __________ code is loaded into the kernel, several techniques may be employed to achieve stealth. One of the most common methods is know as function hooking. Because the __________ is running with kernel privileges, it can directly modify kernel memory to replace operating system functions with customized versions that steal information or hide the existence of the __________. a.) Virus b.) Trojan Horse c.) Rootkit d.) Worm
c.) Rootkit
Bob is developing a dynamic web application that depends on a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? a.) Non Persistent XSS b.) Click Jacking c.) SQL Injection d.) Persistent XSS
c.) SQL Injection
Bob recently viewed an auction listing on a website. The item he wants is too expensive and decides to use an attack to lower the price of the item. What type of attack should Bob use? a.) Command Injection b.) Cross Site Request Forgery c.) SQL Injection d.) Cross Site Scripting (XSS)
c.) SQL Injection
Another heuristic for combating zero-day attacks is to run programs in an isolated run-time environment that monitors how they interact with the "outside world." Potentially dangerous actions, like reading and writing to existing files, writing to a system folder, or sending and receiving packets on the Internet, are flagged. A user running such a detection program in the background would be alerted each time an untrusted program performs one of these potentially unsafe actions. Such a run-time environment, which is a type of virtual machine, is sometimes referred to as a ____________. a.) Trojan Horse b.) Hash Function c.) Sandbox d.) Botnet
c.) Sandbox
Which of the following is not a candidate for biometric identification? a.) DNA b.) Facial Recognition c.) Strong Password d.) Fingerprints
c.) Strong Password
Which one of these low-tech methods is considered the Achilles heel for most organizations in regards to data security? a.) The network web server b.) The network file share c.) The network printer d.) The network database
c.) The network printer
An auditor asks you to verify the devices on your network using a certain command that shows the path between your device and the destination, showing each route hop along the path. Which command tool should you use? a.) Scanner b.) Nethop c.) Traceroute d.) Ping
c.) Traceroute
What type of footprinting tool can be used to query database information, such as server address and owner's name, on specific domains and IP addresses? a.) Ping b.) Traceroute c.) Whois d.) Nslookup
c.) Whois
What type of passive attack involves an attacker eavesdropping on network traffic by monitoring electrical impulses? a.) Shoulder Surfing b.) Phishing Email c.) Wiretapping d.) Social Engineering
c.) Wiretapping
Given the IP Address: 192.168.2.128 and the Subnet mask: 255.255.255.0 What is the broadcast address? a.) 10.10.10.10 b.) 192.168.255.255 c.) 255.255.255.1 d.) 192.168.2.255
d.) 192.168.2.255
Which of the following is a proper defense against XSS attack. a.) Checking that inputs are in the expected form b.) Escaping dynamic data before inserting them into HTML c.) Sanitizing data before sending them to the database d.) All of these are defense mechanisms against XSS
d.) All of these are defense mechanisms against XSS
What does the acronym A.A.A. stand for? a.) Assurance, Authentication, Anonymity b.) Assurance, Access Control, Anonymity c.) Assurance, Alteration, Anonymity d.) Assurance, Authenticity, Anonymity
d.) Assurance, Authenticity, Anonymity
During the encryption process, an encryption algorithm converts the plaintext into what? a.) Encryption Key b.) Crytosystem c.) Private Key d.) Ciphertext
d.) Ciphertext
Which of the following is not an example of emanation blocking? a.) Sound-dampening Materials b.) Electrical Grounding c.) Windowless Room d.) Closed-circuit Television
d.) Closed-circuit Television
____________ is a tactic where a person registers a domain name in anticipation of that domain being desirable or important to another organization, with the intent of selling the domain to that organization for what can sometimes be a significant profit. a.) Authoritative name server b.) Tunneling c.) Top-level domain d.) Cybersquatting
d.) Cybersquatting
Which of the following is an application layer protocol that is responsible for resolving domains names to IP addresses on the Internet? For instance, in order for you to connect to an Internet web server from your mobile phone web browser, you enter a website address and then a certain protocol is used to translate that website address into an IP address. a.) Transmission Control Protocol (TCP) b.) Hypertext Transfer Protocol (HTTP) c.) Address Resolution Protocol (ARP) d.) Domain Name System (DNS)
d.) Domain Name System (DNS)
What is the correct order of the virus life cycle? a.) Dormant, Action, Propagation, Triggering b.) Action, Dormant, Propagation, Triggering c.) Dormant, Propagation, Action, Triggering d.) Dormant, Propagation, Triggering, Action
d.) Dormant, Propagation, Triggering, Action
To block electromagnetic emanations in the air, we can surround sensitive equipment with metallic conductive shielding or a mesh of such material, where the holes in the mesh are smaller than the wave lengths of the electromagnetic radiation. This is what type of emanation mitigation? a.) UV Protection b.) Wiretapping c.) Security by Obscurity d.) Faraday Cage
d.) Faraday Cage
Alice the attacker wants to start footprinting a target company to gather information and conduct reconnaissance. Which of the following techniques should not be used? a.) Social Engineering b.) Dumpster Diving c.) Internet Searching d.) Install Rootkit
d.) Install Rootkit
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? a.) User Datagram Protocol (UDP) b.) Hypertext Transfer Protocol (HTTP) c.) Transmission Control Protocol (TCP) d.) Internet Control Message Protocol (ICMP)
d.) Internet Control Message Protocol (ICMP)
What type of attack uses forged web pages created to fraudulently acquire sensitive information? a.) SQL Injection b.) XSS c.) CSRF d.) Phishing
d.) Phishing
One way to detect a _________ virus is to focus on the fact that it must use a different encryption key each time the virus encrypts and replicates itself. This choice implies that the body of the virus must also include generic code for an encryption algorithm, so that it can encrypt copies of itself with new keys. A _________ virus might still have a signature related to its ability to encrypt itself. The encryption code may itself initially be encrypted, so a virus detection algorithm would, in this case, have to identify this decryption code first. a.) Metamorphic b.) Biomorphic c.) Unimorphic d.) Polymorphic
d.) Polymorphic
You are hired as the Chief Information Security Officer (CISO) at a company and tasked with defending against insider attacks. There have been rampant issues with employees in the software development team performing various methods of insider attacks. You are creating a new policy to help limit these types of attacks. From the list below, which of the following is not recommended for defending against insider attacks? a.) Control software installations b.) Avoid single points of failure c.) Limit authority and reporting tools d.) Publish unverified code
d.) Publish unverified code
A door with a highly secure lock does little good if the door can be removed by unscrewing its hinges. What is this type of attack called? a.) Eavesdropping b.) Privilege Escalation c.) Wiretapping d.) Side-Channel Attack
d.) Side-Channel Attack
Which one item is not part of the ten security principles? a.) Fail-Safe Defaults b.) Complete Mediation c.) Open Design d.) Economy of Mechanism e.) Least Privilege f.) Work Factor g.) Access Control Models h.) Psychological Acceptability
g.) Access Control Models
