Cyber Security 6, 7, 8, 9, 10
A security model gives guidelines for security design. True False
False
Critical infrastructure security is less important than enterprise security architecture True False
False
Cyber Law is a very well defined area of the law. True False
False
Decryption is the process of scrambling data so that an unauthorized party cannot easily read it. True False
False
Networking equipment should be left unlocked so users can assist with networking troubleshooting in case system administrators are unavailable. True False
False
Physical access controls are the hardware and software solutions used to manage access to resources and systems. True False
False
Risk can be totally reduced to zero. True False
False
The two ways to prevent Social engineering attacks are: Question options: Office policies and procedures Lock up all the computers User awareness and training Install and alarm system
Office policies and procedures User awareness and training
In social engineering, attacker use the following techniques to gain victim's trust: Question options: Dress in professional clothes Pretend to know information about you Appear to be an expert Speak with certain accents
Pretend to know information about you Appear to be an expert
A subject is generally someone or something that:(select 2) Provides service Requests service Policy Is a user
Requests service Is a user
________ is the chance that something will occur.
Risk
What is a device that provides a service on behalf of a network in order to reduce the attack surface of a particular service? a)Proxy b)Switch c)Router d)VLAN
a)Proxy
_________ ciphers transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128 bits.
block
Which wireless network protocol should be used since it is the most secure? a)WEP b)SSL c)WPA2 d)WPA
c)WPA2
Enterprise architecture consists of (select 2) a. Vulnerability Assessment b. Risk Assessment c. People d. Technology
c. People d. Technology
_____________ is a way to store and transmit data so only the intended recipient can read or process it.
cryptography
Which is NOT an example of a risk? a)Equipment malfunction b)Natural Disaster c)Loss of data d)Implementing security controls
d)Implementing security controls
Which of the following is a risk a company in New Mexico would likely choose to accept? a)Power outage b)Software bugs c)Fire d)Tsunami
d)Tsunami
________ prevents an attacker from using a dictionary attack to try to guess passwords.
salting
Authorization is to determine what level access you after you are authenticated. True False
true
By asking specific and innocuous questions, the attacker can piece enough information together to get sensitive information Question options: True False
true
Users are the weakest link in a social engineering attack Question options: True False
true
What are the two ways to prevent social engineering attack on your organization? Question options: Monitor your employees internet usage Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information Have your employees followed by a security organization Have a third party come to your company and attempted to hack into your network
Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information Have a third party come to your company and attempted to hack into your network
Which of the following techniques can be used to identify and kill a phishing attack Question options: Turn off your computer Remove the USB drive Send warning to people about specific phishing emails Delete unread phishing emails in people's email box
Send warning to people about specific phishing emails Delete unread phishing emails in people's email box
Why is difficult to dissuade a hacker who is motivated by ideology? It's easy to change their mind It's easy to hack them back They believe deeply that they are right, and their mind can't be changed They can be paid to make them stop the attack
They believe deeply that they are right, and their mind can't be changed
Cryptography is a way to store and transmit data so only the intended recipient can read or process it. True False
True
Data integrity is a critical component to the design, implementation and usage of any system that stores, processes, or transmits data. True False
True
Internet of Things (IoT) has different security challenges than enterprise security architecture. True False
True
Operating System and application updates should be tested in a controlled environment prior to being implemented on the production Network. True False
True
Principle of least privilege is one of the security design principles. True False
True
Qualitative Risk Management is subjective and uses adjectives to characterize risk. True False
True
Users performing similar functions should be placed in a single True False
True
Which of the following roles should NOT be part of the incident response team? a)Accounting b)Forensic analysis c)Law enforcement d)Management
a)Accounting
Which of the Following is NOT an step in risk analysis? a)Notifying management that a risk is unacceptable b)Identifying the impact of losing an asset c)Determining the vulnerability of an asset d)Identifying critical assets
a)Notifying management that a risk is unacceptable
Which of the following is NOT an endpoint protection method? a)Proxies b)Host based firewall c)Keeping operating systems patched d)Monitoring logs and alerts
a)Proxies
Why is maintaining the integrity of Network Time Protocol particularly important? a)Security will have incorrect Timestamps b)Services do not use Network Time protocol to synchronize the time c)Networking protocols would not know which time zone to use d)Network Administrators would not know the time.
a)Security will have incorrect Timestamps
Why can parts of cybersecurity be considered subjective? a)The acceptable amount of risk is difficult to determine b)Cybersecurity colleagues usually think their opinions are correct over others c)Cybersecurity professionals only need to care about technical facets of a company d)Upper management doesn't think it's important
a)The acceptable amount of risk is difficult to determine
Security architecture is used to support the following (answer two) a. Enforce Confidentiality, Integrity, Availability b. Protect Data and Systems c. Prevent people from gaining entry into your building d. Understand cyber crime
a. Enforce Confidentiality, Integrity, Availability b. Protect Data and Systems
The two core ideas of an effective security design is based on (select 2) a. Restriction b. Simplicity c. Technology d. People
a. Restriction b. Simplicity
A federal employee with security clearance has someone following her as she opens the door to a secure building is called Question options: a) Quid Pro Quo b) Tailgating c) Phishing d) Pretexting
b) Tailgating
Types of data integrity include all except: a) Hashing algorithms b) Upgrades c) Salting d) HMAC
b) Upgrades
Types of Access Control include all except: a)Physical Access Control b)Computer Access Control c)Logical Access Control d)Administrative Access Control
b)Computer Access Control
If you set the log alert threshold too ________, you will get alerts about unimportant events that can be ignored. a)High b)Low c)Smooth d)Fast
b)Low
In which case is it legal to access a computer without express authorization from the owner? a)To fix the computer b)Never c)To test the computer's defenses d)To convince them of your beliefs
b)Never
Operating System patches usually provide updates and improvement to functionality or ____________. a)Tune the machine to provide better performance b)Provide security fixes for known vulnerabilities c)Upgrade the CPU d)Make sure that backups are being performed correctly
b)Provide security fixes for known vulnerabilities
Which risk handling method involves upper management choosing to address a risk by not implementing any mitigations? a)Risk transference b)Risk acceptance c)Risk mitigation d)Risk avoidance
b)Risk acceptance
Which is protocol used to securely communicate between a web server and a client (web browser) a)SFTP b)SSL/TLS c)FTP d)SSH
b)SSL/TLS
Phishing is a type of social engineering where: Question options: a) Attacker tries to collect materials from discarded hard drive b) Is a technical support center call c) Attacker attempt to acquire sensitive information through email d) A Fake website looks like a legitimate website
c) Attacker attempt to acquire sensitive information through email
What is the Single Loss Expectancy if an Asset is determined to be worth $400,000 and the expsoure factor is 50%? a)$50 b)$400,000 c)$200,000 d)$50,000
c)$200,000
In terms of cyber law, what is jurisdiction? a)Picking jurors who are familiar with cybersecurity b)Picking lawyers who are familiar with cybersecurity c)Having authority over the location of where a cyber crime was committed d)Proving who committed a cyber crime
c)Having authority over the location of where a cyber crime was committed
Which of the following is NOT a factor that should be taken into consideration when selecting security controls? a)Ease of implementation b)Cost c)Vendor location d)Effectiveness
c)Vendor location
The following criteria are most commonly used to evaluate a security architecture a. Graham-Denning Model b. State-Machine Model c. Common Criteria (CC) d. Trusted Computer System Evaluation Criteria (TCSEC)
c. Common Criteria (CC) d. Trusted Computer System Evaluation Criteria (TCSEC)
Social Engineering is ___________ Question options: a) Social engineers using social media b) Sending a package to your house c) Using technical means to hack into a system d) The clever manipulation of the natural human tendency to trust
d) The clever manipulation of the natural human tendency to trust
How might a hacker cause a psychological effect on a victim? a)Making them think they are being watched and their computer is "owned" b)Making them lost faith in government c)Making them lost faith in a figure of authority or power d)All of the above
d)All of the above
What is chain of custody? a)The chain of personnel that are part of the incident response team b)Showing computer evidence to your management c)Making sure your personnel have custody of their children d)Assuring the list of personnel that have had access to evidence
d)Assuring the list of personnel that have had access to evidence
Security mechanism should make the resource easy to access. Which of the following security design principle says that: a)Principle of separation of privilege b)Principle of Least Common Mechanism c)Open Design d)Principle of psychological acceptability
d)Principle of psychological acceptability
Which of the following is NOT a motivation for cyber crime? a)Politics b)Money c)Curiosity d)Test computer performance
d)Test computer performance
Spam filters and anti-virus software WILL prevent all phishing attack True false
false
The results of a cyber crime cannot be intangible, only tangible. True False
false
Using Computer systems illegally in pursuit of a political means is cyber terrorism. True False
true