IntroToCyberSec

What three items are components of the CIA triad? (*CHOOSE THREE*) access intervention confidentiality integrity scalability availability

confidentiality integrity availability

What is the best method to prevent Bluetooth from being exploited? Only use Bluetooth when connecting to a known SSID. Only use Bluetooth to connect to another smartphone or tablet. Always use a VPN when connecting with Bluetooth. Always disable Bluetooth when it is not actively used.

Always disable Bluetooth when it is not actively used.

How can a user prevent others from eavesdropping on network traffic when operating a PC on a public Wi-Fi hot spot? Create strong and unique passwords. Use WPA2 encryption. Connect with a VPN service. Disable Bluetooth.

Connect with a VPN service.

What type of attack disrupts services by overwhelming network devices with bogus traffic? port scans zero-day brute force DDoS

DDoS

How can users working on a shared computer keep their personal browsing history hidden from other workers that may use this computer? Use only an encrypted connection to access websites. Operate the web browser in private browser mode. Reboot the computer after closing the web browser. Move any downloaded files to the recycle bin.

Operate the web browser in private browser mode.

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks? Snort Nmap Netflow SIEM

Snort

Which technology removes direct equipment and maintenance costs from the user for data backups? network attached storage a cloud service an external hard drive a tape

a cloud service

Behavior-based analysis involves using baseline information to detect _____________ that could indicate an attack.

anomalies

Which type of technology can prevent malicious software from monitoring user activities, collecting personal information, and producing unwanted pop-up ads on a user computer? two factor authentication firewall password manager antispyware

antispyware

A _______________ is a group of compromised or hacked computers (bots) controlled by an individual with malicious intent.

botnet

Which method is used to check the integrity of data? authentication checksum backup encryption

checksum

As data is being stored on a local hard disk, which method would secure the data from unauthorized access? two factor authentication a duplicate hard drive copy data encryption deletion of sensitive files

data encryption

What is the motivation of a white hat attacker? discovering weaknesses of networks and systems to improve the security level of these systems studying operating systems of various platforms to develop a new system taking advantage of any vulnerability for illegal personal gain fine tuning network devices to improve their performance and efficiency

discovering weaknesses of networks and systems to improve the security level of these systems

A user is surfing the Internet using a laptop at a public WiFi cafe. What should be checked first when the user connects to the public network? if the laptop requires user authentication for file and media sharing if the laptop web browser is operating in private mode if the laptop Bluetooth adapter is disabled if the laptop has a master password set to secure the passwords stored in the password manager

if the laptop requires user authentication for file and media sharing

What is the last stage of the Cyber Kill Chain framework? gathering target information creation of malicious payload remote control of the target device malicious action

malicious action

A network administrator is conducting a training session to office staff on how to create a strong and effective password. Which password would most likely take the longest for a malicious user to guess or break? mk$$cittykat104# 10characters super3secret2password1 drninjaphd

mk$$cittykat104#

The individual user profile on a social network site is an example of a/an _____________ identity.

online

What is an example of "hacktivism"? A teenager breaks into the web server of a local newspaper and posts a picture of a favorite cartoon character. A country tries to steal defense secrets from another country by infiltrating government networks. A group of environmentalists launch a denial of service attack against an oil company that is responsible for a large oil spill. Criminals use the Internet to attempt to steal money from a banking company.

A group of environmentalists launch a denial of service attack against an oil company that is responsible for a large oil spill.

Match the type of cyber attackers to the description. (*Not all options are used*) -hacktivists -script-kiddies -state-sponsored attackers -terrorists gather intelligence or commit sabotage on specific goals on behalf of their government make political statements, or create fear, by causing physical or psychological damage to victims make political statements in order to create an awareness of issues that are important to them

*state-sponsored attackers*- gather intelligence or commit sabotage on specific goals on behalf of their government *terrorists*- make political statements, or create fear, by causing physical or psychological damage to victims *hacktivists*- make political statements in order to create an awareness of issues that are important to them

Why do IoT devices pose a greater risk than other computing devices on a network? IoT devices cannot function on an isolated network with only an Internet connection. Most IoT devices do not require an Internet connection and are unable to receive new updates. Most IoT devices do not receive frequent firmware updates. IoT devices require unencrypted wireless connections.

Most IoT devices do not receive frequent firmware updates.

Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network? HTTPS NAT NetFlow Telnet

NetFlow

Which tool is used to provide a list of open ports on network devices? Whois Tracert Ping Nmap

Nmap

A user is having difficulty remembering passwords for multiple online accounts. What is the best solution for the user to try? Create a single strong password to be used across all online accounts. Share the passwords with the network administrator or computer technician. Write the passwords down and place them out of sight. Save the passwords in a centralized password manager program.

Save the passwords in a centralized password manager program.

A consumer would like to print photographs stored on a cloud storage account using a third party online printing service. After successfully logging into the cloud account, the customer is automatically given access to the third party online printing service. What allowed this automatic authentication to occur? The password entered by the user for the online printing service is the same as the password used on the cloud storage service. The user is on an unencrypted network and the password for the cloud storage service is viewable by the online printing service. The account information for the cloud storage service was intercepted by a malicious application. The cloud storage service is an approved application for the online printing service.

The cloud storage service is an approved application for the online printing service.

In what way are zombies used in security attacks? They are infected machines that carry out a DDoS attack. They probe a group of machines for open ports to learn which services are running. They are maliciously formed code segments used to replace legitimate applications. They target specific individuals to gain corporate or personal information.

They are infected machines that carry out a DDoS attack.

An employee points out a design flaw in a new product to the department manager. Is the behavior of the employee ethical or unethical?

ethical

During a meeting with the Marketing department, a representative from IT discusses features of an upcoming product that will be released next year. Is the behavior of the employee ethical or unethical?

ethical

Any device that controls or filters traffic going in or out of the network is known as a _______________

firewall

Which type of attack allows an attacker to use a brute force approach? password cracking social engineering packet sniffing denial of service

password cracking

Which configuration on a wireless router is not considered to be adequate security for a wireless network? enabling wireless security implement WPA2 encryption prevent the broadcast of an SSID modify the default SSID and password of a wireless router

prevent the broadcast of an SSID

What is another name for confidentiality of information? accuracy consistency trustworthiness privacy

privacy

What is the purpose of a rootkit? to gain privileged access to a device while concealing itself to deliver advertisements without user consent to replicate itself independently of any other programs to masquerade as a legitimate program

to gain privileged access to a device while concealing itself

What is the most common goal of search engine optimization (SEO) poisoning? to increase web traffic to malicious sites to build a botnet of zombies to trick someone into installing malware or divulging personal information to overwhelm a network device with maliciously formed packets

to increase web traffic to malicious sites

What is the primary goal of a DoS attack? to scan the data on the target server to obtain all addresses in the address book within the server to prevent the target server from being able to handle additional requests to facilitate access to external networks

to prevent the target server from being able to handle additional requests

Which two characteristics describe a worm? (*CHOOSE TWO*) infects computers by attaching to software code executes when software is run on a computer travels to new computers without any intervention or knowledge of the user hides in a dormant state until needed by an attacker is self-replicating

travels to new computers without any intervention or knowledge of the user is self-replicating

What are three methods that can be used to ensure confidentiality of information? (*CHOOSE THREE*) two factor authentication data encryption file permission settings version control backup username ID and password

two factor authentication data encryption username ID and password

Alicia, a company employee, has lost her corporate identification badge. She is in a hurry to get to a meeting and does not have time to visit Human Resources to obtain a temporary badge. You lend her your identification badge until she can obtain a replacement. Is the behavior of the employee ethical or unethical?

unethical

An employee is at a restaurant with friends and describes an exciting new video game that is under development at the company the employee works for. Is the behavior of the employee ethical or unethical?

unethical

An employee is laid off after fifteen years with the same company. The employee is then hired by another company within a week. In the new company, the employee shares documents and ideas for products that the employee proposed at the original company. Is the behavior of the employee ethical or unethical?

unethical

Which example illustrates how malware might be concealed? An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware. A botnet of zombies carry personal information back to the hacker. An attack is launched against the public website of an online retailer with the objective of blocking its response to visitors. A hacker uses techniques to improve the ranking of a website so that users are redirected to a malicious site.

An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware.

Which tool can identify malicious traffic by comparing packet contents to known attack signatures? Nmap Netflow IDS Zenmap

IDS

What is a reason that internal security threats might cause greater damage to an organization than external security threats? Internal users have better hacking skills. Internal users can access the infrastructure devices through the Internet. Internal users have direct access to the infrastructure devices. Internal users can access the corporate data without authentication.

Internal users have direct access to the infrastructure devices.

Which statement describes cyberwarfare? It is simulation software for Air Force pilots that allows them to practice under a simulated war scenario. Cyberwarfare is an attack carried out by a group of script kiddies. It is Internet-based conflict that involves the penetration of information systems of other nations. It is a series of personal protective equipment developed for soldiers involved in nuclear war.

It is Internet-based conflict that involves the penetration of information systems of other nations.