Intro to cyber Final Quizzes

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

List four strategies for risk control:

Avoidance Transference Mitigation Acceptance

What is the term used to describe a type of attack where a computer works methodically through all possible passwords? Cryptographic attack Denial-of-service attack Brute force attack Man in the middle attack

Brute force attack

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court? a. Rules of evidence b. Law of probability c. Chain of custody d. Policy of seperation

Chain of custody

Ethical Hackers __ Don't exist Work outside the law Are motivated by financial gain Do penetration testing to identify vulnerabilities.

Do penetration testing to identify vulnerabilities.

T/F A good risk management strategy involves annual monitoring.

False

Your organization has decided to use a biometric system to authenticate users. If the FAR is high, what happens? Legitimate users are denied access to the organization's resources. Legitimate users are granted access to the organization's resources. Illegitimate users are granted access to the organization's resources. Illegitimate users are denied access to the organization's resources.

Illegitimate users are granted access to the organization's resources.

List at least three different categories of assets for an organization,

People Data and information Software/Hardware

When cataloging digital evidence, the primary goal is to do what? a. Make bitstream images of all hard drives. b. Preserve evidence intgrity c. Avoid removing the evidence from the scene d. Prohibit the computer from being turned on.

Preserve evidence intgrity

Check all of the things that could indicate an email is a phishing attempt. multiple senders sense of urgency Grammatical errors Too good to be true

all

In the recovery phase of incident response, one step is ____ a. Restore data from clean backups b. Rebuild systems from scratch c. Restore confidence d. All of the above

d. All of the above

t/f Fraud is not a cyber crime.

f

t/f With a computer, always work on the original since when a person commits a crime something is always left behind.

f

Which are types of social engineering? hacking phishing whaling pretexting

hacking phishing whaling pretexting

Liability is _______ legal obligation to make restitution insuring employees know what constitutes acceptable behavior Making a valid effort to protect others None of the above

legal obligation to make restitution

Which of the following is NOT true about a threat? Any activity that represents a possible loss of availiability Any activity that represents a possible loss of confidentiality Any activity that represents a possible danger ALL are true. Any activity that represents a possible loss of integrity

All are true

Which is not true about digital forensics? a. Used to investigate what happened during attack on assets b. Used to determine how the attack occured c. Involved the preservation of computer media for evidentially analysis d. All of the above are true

All of the above are true

Which is not a type of hacking? Hactivism Nation-State Cyber Ethical

Cyber

All but one of the following are examples of two-factor authentication. Which of these is the odd one out, because it does not involve two factors? Password and Authentication App The chip and PIN on a bank card Fingerprint and PIN Entering your password twice

Entering your password twice

Which is NOT TRUE about the Computer Fraud and Abuse Act? It is the umbrella for anti- hacking law It contains 7 different parts on hacking Implementation is recommended but not required It doe not address cyber bullying

Implementation is recommended but not required

Why should you note all cable connections for a computer you want to seize as evidence? a. To know what outside connections existed b. In case other devices were connected c. To know what peripheral devices exist d. To know what hardware existed.

In case other devices were connected

Select the correct formula for calculating risk Risk = Asset Valuation x Vulnerability Valuation + Threat Valuation Risk = Asset Valuation x Threat Valuation x Vulnerability Valuation Risk = Asset Valuation - Asset Loss Cost * Threat Valuation Risk = Critical Asset Value * Threat likelihood

Risk = Asset Valuation x Threat Valuation x Vulnerability Valuation

List the three types of authentication and give an example of each. Something you _____________ Something you _____________ Something you _____________

Something you know: password/pin Something you have: cryptographic identification device Something you are: biometric

Which activity is not usually included in computer forensics? a. The secure collection of computer data. b. The examination of physical systems c. the identification of suspect data d. The application of laws to computer practice

The examination of physical systems

Which one of the following is not considered good practice when managing passwords? The password should be long and complex enough to make it difficult for someone else to guess The password should be stored in plaintext The password should not be shared with other people The same password should not be used across multiple locations

The password should be stored in plaintext

Which of the following is an example of a threat to a computer system? Act of human error or failure Force of nature Technological obsolescence All are threats.

all are threats

In preparing to collect incident data, ___ a. Collect only subjective data b. Collect all data available c. Pass all information onto management d. Document all information on the data that was acquired, such as location.

d

Incident response risk assessment requires a quantitative analysis which is __ a. Subjective - values, words, experts b. Collection of data within the organization c. Vulnerability assessment d. Objective - numbers, values and formulas

d

t/f A Business Continuity Planning is to establish critical business operations after a disaster impacts operations.

f

t/f A documentation trail is beneficial but not required.

f

t/f An incident response team should be formed once an incident is confirmed.

f

t/f Most Windows logs are turned on automatically.

f

t/f Most computer criminals are not really "criminals".

f

t/f Reacting to incidents is lost costly and more effective than preventing incidents.

f

Which is NOT a way to avoid being caught in a phishing scheme? Use Firewalls Think before you click Install Anit-virus software never send attachments

never send attachments

Risk Analysis in Information Systems is primarily: quantitaive qualitative monitoring asset valuation

qualitative

List the 5 steps of the Risk Management process

step 1: Asset Identification and Valuation step 2: Threat Identification step 3: Vulnerability Identification step 4: Risk Assessment step 5: Risk Control

t/f Incident response planning prepares IR team to be ready to react to an incident.

t

t/f Most attacks occur by exploiting a vulnerability.

t

t/f Privacy is the state of being free from unsanctioned intrusion.

t

t/f Single loss expectation is used to determine the total cost of an incident.

t

t/f Social Engineering is getting information through deception.

t

t/f When an affidavit is signed, it becomes a search warrent.

t

t/f When managing an incident, strong decisions making and communication are critical.

t

t/f incidents create pandemonium if not prepared.

t


Kaugnay na mga set ng pag-aaral

Module 01: Introduction to ethical hacking

View Set

ST 351 - Lesson 4 Practice Problems

View Set