Cyber Security 6, 7, 8, 9, 10

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

A security model gives guidelines for security design. True False

False

Critical infrastructure security is less important than enterprise security architecture True False

False

Cyber Law is a very well defined area of the law. True False

False

Decryption is the process of scrambling data so that an unauthorized party cannot easily read it. True False

False

Networking equipment should be left unlocked so users can assist with networking troubleshooting in case system administrators are unavailable. True False

False

Physical access controls are the hardware and software solutions used to manage access to resources and systems. True False

False

Risk can be totally reduced to zero. True False

False

The two ways to prevent Social engineering attacks are: Question options: Office policies and procedures Lock up all the computers User awareness and training Install and alarm system

Office policies and procedures User awareness and training

In social engineering, attacker use the following techniques to gain victim's trust: Question options: Dress in professional clothes Pretend to know information about you Appear to be an expert Speak with certain accents

Pretend to know information about you Appear to be an expert

A subject is generally someone or something that:(select 2) Provides service Requests service Policy Is a user

Requests service Is a user

________ is the chance that something will occur.

Risk

What is a device that provides a service on behalf of a network in order to reduce the attack surface of a particular service? a)Proxy b)Switch c)Router d)VLAN

a)Proxy

_________ ciphers transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128 bits.

block

Which wireless network protocol should be used since it is the most secure? a)WEP b)SSL c)WPA2 d)WPA

c)WPA2

Enterprise architecture consists of (select 2) a. Vulnerability Assessment b. Risk Assessment c. People d. Technology

c. People d. Technology

_____________ is a way to store and transmit data so only the intended recipient can read or process it.

cryptography

Which is NOT an example of a risk? a)Equipment malfunction b)Natural Disaster c)Loss of data d)Implementing security controls

d)Implementing security controls

Which of the following is a risk a company in New Mexico would likely choose to accept? a)Power outage b)Software bugs c)Fire d)Tsunami

d)Tsunami

________ prevents an attacker from using a dictionary attack to try to guess passwords.

salting

Authorization is to determine what level access you after you are authenticated. True False

true

By asking specific and innocuous questions, the attacker can piece enough information together to get sensitive information Question options: True False

true

Users are the weakest link in a social engineering attack Question options: True False

true

What are the two ways to prevent social engineering attack on your organization? Question options: Monitor your employees internet usage Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information Have your employees followed by a security organization Have a third party come to your company and attempted to hack into your network

Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information Have a third party come to your company and attempted to hack into your network

Which of the following techniques can be used to identify and kill a phishing attack Question options: Turn off your computer Remove the USB drive Send warning to people about specific phishing emails Delete unread phishing emails in people's email box

Send warning to people about specific phishing emails Delete unread phishing emails in people's email box

Why is difficult to dissuade a hacker who is motivated by ideology? It's easy to change their mind It's easy to hack them back They believe deeply that they are right, and their mind can't be changed They can be paid to make them stop the attack

They believe deeply that they are right, and their mind can't be changed

Cryptography is a way to store and transmit data so only the intended recipient can read or process it. True False

True

Data integrity is a critical component to the design, implementation and usage of any system that stores, processes, or transmits data. True False

True

Internet of Things (IoT) has different security challenges than enterprise security architecture. True False

True

Operating System and application updates should be tested in a controlled environment prior to being implemented on the production Network. True False

True

Principle of least privilege is one of the security design principles. True False

True

Qualitative Risk Management is subjective and uses adjectives to characterize risk. True False

True

Users performing similar functions should be placed in a single True False

True

Which of the following roles should NOT be part of the incident response team? a)Accounting b)Forensic analysis c)Law enforcement d)Management

a)Accounting

Which of the Following is NOT an step in risk analysis? a)Notifying management that a risk is unacceptable b)Identifying the impact of losing an asset c)Determining the vulnerability of an asset d)Identifying critical assets

a)Notifying management that a risk is unacceptable

Which of the following is NOT an endpoint protection method? a)Proxies b)Host based firewall c)Keeping operating systems patched d)Monitoring logs and alerts

a)Proxies

Why is maintaining the integrity of Network Time Protocol particularly important? a)Security will have incorrect Timestamps b)Services do not use Network Time protocol to synchronize the time c)Networking protocols would not know which time zone to use d)Network Administrators would not know the time.

a)Security will have incorrect Timestamps

Why can parts of cybersecurity be considered subjective? a)The acceptable amount of risk is difficult to determine b)Cybersecurity colleagues usually think their opinions are correct over others c)Cybersecurity professionals only need to care about technical facets of a company d)Upper management doesn't think it's important

a)The acceptable amount of risk is difficult to determine

Security architecture is used to support the following (answer two) a. Enforce Confidentiality, Integrity, Availability b. Protect Data and Systems c. Prevent people from gaining entry into your building d. Understand cyber crime

a. Enforce Confidentiality, Integrity, Availability b. Protect Data and Systems

The two core ideas of an effective security design is based on (select 2) a. Restriction b. Simplicity c. Technology d. People

a. Restriction b. Simplicity

A federal employee with security clearance has someone following her as she opens the door to a secure building is called Question options: a) Quid Pro Quo b) Tailgating c) Phishing d) Pretexting

b) Tailgating

Types of data integrity include all except: a) Hashing algorithms b) Upgrades c) Salting d) HMAC

b) Upgrades

Types of Access Control include all except: a)Physical Access Control b)Computer Access Control c)Logical Access Control d)Administrative Access Control

b)Computer Access Control

If you set the log alert threshold too ________, you will get alerts about unimportant events that can be ignored. a)High b)Low c)Smooth d)Fast

b)Low

In which case is it legal to access a computer without express authorization from the owner? a)To fix the computer b)Never c)To test the computer's defenses d)To convince them of your beliefs

b)Never

Operating System patches usually provide updates and improvement to functionality or ____________. a)Tune the machine to provide better performance b)Provide security fixes for known vulnerabilities c)Upgrade the CPU d)Make sure that backups are being performed correctly

b)Provide security fixes for known vulnerabilities

Which risk handling method involves upper management choosing to address a risk by not implementing any mitigations? a)Risk transference b)Risk acceptance c)Risk mitigation d)Risk avoidance

b)Risk acceptance

Which is protocol used to securely communicate between a web server and a client (web browser) a)SFTP b)SSL/TLS c)FTP d)SSH

b)SSL/TLS

Phishing is a type of social engineering where: Question options: a) Attacker tries to collect materials from discarded hard drive b) Is a technical support center call c) Attacker attempt to acquire sensitive information through email d) A Fake website looks like a legitimate website

c) Attacker attempt to acquire sensitive information through email

What is the Single Loss Expectancy if an Asset is determined to be worth $400,000 and the expsoure factor is 50%? a)$50 b)$400,000 c)$200,000 d)$50,000

c)$200,000

In terms of cyber law, what is jurisdiction? a)Picking jurors who are familiar with cybersecurity b)Picking lawyers who are familiar with cybersecurity c)Having authority over the location of where a cyber crime was committed d)Proving who committed a cyber crime

c)Having authority over the location of where a cyber crime was committed

Which of the following is NOT a factor that should be taken into consideration when selecting security controls? a)Ease of implementation b)Cost c)Vendor location d)Effectiveness

c)Vendor location

The following criteria are most commonly used to evaluate a security architecture a. Graham-Denning Model b. State-Machine Model c. Common Criteria (CC) d. Trusted Computer System Evaluation Criteria (TCSEC)

c. Common Criteria (CC) d. Trusted Computer System Evaluation Criteria (TCSEC)

Social Engineering is ___________ Question options: a) Social engineers using social media b) Sending a package to your house c) Using technical means to hack into a system d) The clever manipulation of the natural human tendency to trust

d) The clever manipulation of the natural human tendency to trust

How might a hacker cause a psychological effect on a victim? a)Making them think they are being watched and their computer is "owned" b)Making them lost faith in government c)Making them lost faith in a figure of authority or power d)All of the above

d)All of the above

What is chain of custody? a)The chain of personnel that are part of the incident response team b)Showing computer evidence to your management c)Making sure your personnel have custody of their children d)Assuring the list of personnel that have had access to evidence

d)Assuring the list of personnel that have had access to evidence

Security mechanism should make the resource easy to access. Which of the following security design principle says that: a)Principle of separation of privilege b)Principle of Least Common Mechanism c)Open Design d)Principle of psychological acceptability

d)Principle of psychological acceptability

Which of the following is NOT a motivation for cyber crime? a)Politics b)Money c)Curiosity d)Test computer performance

d)Test computer performance

Spam filters and anti-virus software WILL prevent all phishing attack True false

false

The results of a cyber crime cannot be intangible, only tangible. True False

false

Using Computer systems illegally in pursuit of a political means is cyber terrorism. True False

true


Kaugnay na mga set ng pag-aaral

Chapter 7: The Flow of Food: Service

View Set

Unit 8: Natural Selection/Adaptations

View Set

Internal Combustion Engine Final

View Set