Foundations of Cybersecurity
What tool is used to lure an attacker so that an administrator can capture, log, and analyze the behavior of the attack?
Honeypot
What is the best method to avoid getting spyware on a machine?
Install software only from trusted websites.
What are two objectives of ensuring data integrity?
1) Data is not changed by unauthorized entities 2) Data is unaltered during transit.
What are two methods that ensure confidentiality?
1. Authentication 2. Encryption
What are two examples of administrative access controls?
1. Background checks 2. hiring practices
Which two tools used for incident detection can be used to detect anomalous behavior, to detect command and control traffic, and to detect infected hosts
1. Intrusion Detection System 2. NetFlow
What are three types of sensitive information?
1. PII 2. Classified 3. Business
For the purpose of authentication, what three methods are used to verify identity?
1. Something you are 2. Something you have 3. Something you know
What are two security implementations that use biometrics?
1. Voice Recognition 2. Fingerprint
What three tasks are accomplished by a comprehensive security policy?
1. defines legal consequences of violations 2. sets rules for expected behavior 3. gives security staff the backing of management
When describing malware, what is the difference between a virus and a worm?
A virus replicates itself by attaching to another file whereas a worm can replicate itself independently.
What does the acronym IoE represent?
Internet of Everything
Which are tactics used by a social engineer to obtain personal information from an unsuspecting target?
Intimidation
Which is a method to protect a computer from malware?
Keep software up to date
What is an example of an Internet data domain?
Which is a common hash function?
MD5
programs processing and changing data, and equipment failures?
Modification
What name is given to a storage device connected to a network?
NAS
Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?
Open Authorization
A medical office employee sends emails to patients about recent patient visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?
Patient Records
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
Phishing
What is the best approach to prevent a compromised IoT device from maliciously accessing data and devices on a local network?
Place all IoT devices that have access to the Internet on an isolated network.
What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?
Privacy
What principle prevents the disclosure of information to unauthorized people, resources, and processes?
confidentiality
What action will an IDS take upon detection of malicious traffic?
create a network alert and log the detection
Which method helps to ensure data integrity?
Hashing
What service determines which resources a user can access along with the operations that a user can perform?
authorization
A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
availability
Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time?
block
Which of the following is one of the three states of data?
At rest
An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?
Bluesnarfing
What are the three foundational principles of the cybersecurity domain?
C.I.A (confidentiality, integrity, and availability)
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
Confidentiality
What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?
Cross-site scripting
What is the term used to describe the science of making and breaking secret codes?
Cryptology
The IT department is reporting that a company web server is receiving an abnormally high number of webpage requests from different locations simultaneously. Which type of security attack is occurring?
DDoS
What type of attack uses zombies?
DDoS
A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?
Deterrent
What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?
ECC
What type of attack targets an SQL database using the input field of a user?
SQL Injection
What name is given to an amateur hacker?
Script Kiddie
What is a method of sending information from one device to another using removable media?
Sneaker Net
A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?
Spyware
What type of cipher encrypts plaintext one byte or onebit at a time?
Stream Cipher
Which two reasons describe why Wired Equipment Privacy (WEP) is a weak protocol?
The key is static and repeats on a congested network.
True or False? An employee does something as a company representative with the knowledge of that company and this action is deemed illegal. The company would be legally responsible for this action.
True
What is a secure virtual network called that uses the public network?
VPN
What mechanism can organizations use to prevent accidental changes by authorized users?
Version Control
What is the difference between a virus and a worm?
Worms self-replicate but viruses do not.
What is the meaning of the term logic bomb?
a malicious program that hides itself in a legitimate program
What is an example of a Cyber Kill Chain?
a planned process of cyberattack
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?
a type of ransomware
What does the term vulnerability mean?
a weakness that makes a target susceptible to an attack
What encryption algorithm uses one key to encrypt data and a different key to decrypt data?
asymmetric
For what purpose would a network administrator use the Nmap tool?
detection and identification of open ports
Thwarting cyber criminals includes which of the following?
establishing early warning systems
What term is used to describe the technology that replaces sensitive information with a non-sensitive version?
masking
Which stage of the kill chain used by attackers focuses on the identification and selection of targets?
reconnaissance
Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?
smishing
What is one main function of the Cisco Security Incident Response Team?
to ensure company, system, and data preservation
What is the main purpose of cyberwarfare?
to gain advantage over adversaries
Which term describes the technology that protects software from unauthorized access or modification?
watermarking