Security exam 1 (ch 1 - 5)
What can you do on your local computer to protect your privacy? A. Install a virus scanner B. Install a firewall C. Set you browser's security settings D. Set your computer's filter settings
C. Set you browser's security settings
What is the term for a seller bidding on her own item to drive up the price? A. Bid siphoning B. Bid shielding C. Shill bidding D. Ghost bidding
C. Shill bidding
What can you do with a firewall to help protect against virus attacks? a. There is nothing you can do on a firewall to stop virus attacks b. Shut down all unneeded ports c. close all incoming ports d. none of these
b. Shut down all unneeded ports
You are explaining the history of networking to a group of first-year students? What did Vint Cerf invent? a. The first computer virus b. TCP c. Email d. The world wide web
b. TCP
Which of the following is the best definition of sensitive information? a. any information that is protected by privacy laws b. any information that, if accessed by unauthorized personnel, could damage your organization in any way c. any information worth more than $1,000 d. any information that has an impact on national security
b. any information that, if accessed by unauthorized personnel, could damage your organization in any way
You are trying to form policies for your organization to mitigate the threat of viruses. You want to ensure that you address the most common way for a virus to spread. What is the most common way for a virus to spread? a. by FTP b. by email attachment c. by copying to shared folders d. by downloading from a website
b. by email attachment
What class of address is the IP address 193.44.34.12? a. b b. c c. d d. a
b. c
There are many threats on the internet. Which of the following is currently the most common threat on the internet? a. phreaking b. computer virus c. illegal software d. auction fraud
b. computer virus
what is the most common class of DoS attacks? a. smurf b. distributed denial of service c. ping of death d. SYN floods
b. distributed denial of service
John is trying to simply connect three computers in a small network. He does not need any sort of routing capability and is not concerned about network traffic What is the simplest device for connecting computers? a. router b. hub c. interface d. NIC
b. hub
The most desirable approach to security is one that is which of the following? a. perimeter and dynamic b. layered and dynamic c. perimeter and static d. layered and static
b. layered and dynamic
All DoS attacks are predicated on overwhelming a system's workload capacity. Therefore, measuring the workload of a system is critical. Which of the following is not a valid way to define a computer's workload? a. storage capacity b. max voltage c. speed of network connection d. number of simultaneous users
b. max voltage
Shelly is trying to teach new employees how to handle emailed security alerts. Which of the following is true regarding emailed security alerts? a. You can trust attachments on security alerts b. most companies do not send alerts via email c. you must follow them d. most companies send alerts via email
b. most companies do not send alerts via email
What type of attack is dependent on sending packets that are too large for the server to handle? a. smurf attack b. ping of death c. DDoS d. slammer attack
b. ping of death
Defining your security strategy is an important step in securing a network. You are trying to classify devices based on the approach they take to security. An intrusion detection system is an example of which of the following? a. perimeter security b. proactive security c. good security practices d. hybrid security
b. proactive security
Which of the following is the best description of doxing? a. framing someone for a crime b. putting personal information out in public domain c. stealing personal information d. a DoS malware attack
b. putting personal information out in public domain
What is malware? a. software that is not properly configured for your system b. software that has some malicious purpose c. software that is not functioning properly d. software that damages your system
b. software that has some malicious purpose
What is the most significant weakness in a DoS attack from the attacker's viewpoint? a. the attack is often unsuccessful b. the attack must be sustained c. the attack is easy to stop d. the attack is difficult to execute
b. the attack must be sustained
You are trying to explain security to a nontechnical manager. She has taken a rather extreme view of computer security. Which of the following is one of the extreme viewpoints about computer security? a. there is no danger if you use Linux b. there are no imminent dangers to your system c. microsoft will handle security d. the federal government will handle security
b. there are no imminent dangers to your system
Internet address of the form www.chuckeasttom.com are called what? a. user-friendly web addresses b. uniform resource locators c. user-accessible web addresses d. uniform address identifiers
b. uniform resource locators
You are trying to develop methods to mitigate the threat of viruses in your company. Which of the following is the safest way to send and receive attachments? a. Use virus scanners before opening attachments b. use a code word indicating that an attachment is legitimate c. send only spreadsheet attachments d. use encryption
b. use a code word indicating that an attachment is legitimate
You are examining a list of IP addresses. Some are internal, some are external, and some are no valid. Which of the following is not a valid IP? a. 245.200.11.1 b. 127.0.0.1 c. 295.253.254.01 d. 131.156.5.2
c. 295.253.254.01 (first number limit is 255)
The first computer incident-response team is affiliated with what university? a. California Technical University b. Harvard c. Carnegie-Mellon University d. MIT
c. Carnegie-Mellon University
What is the name of the very first virus ever detected? a. Mimail b. Unnamed c. Creeper d. Wabbit
c. Creeper
Dorothy is a network administrator. her system has been experiencing an attack that is using bots to send fake requests to the cloud resources her company uses. This is disrupting the availability of these resources. How is this attack best described? a. DoS b. PDos c. DDoS d. EDos
c. DDoS
What protocol translates web addresses into IP addresses? a. DHCP b. SMTP c. DNS d. TFTP
c. DNS
Aliya is active on online auctions but wants to avoid auction fraud. What are the four categories of auction fraud? a. Failure to disclose, sending something of lesser value, failure to send, sending something of greater value b. Failure to disclose, sending something to the wrong address, failure to send, failure to deliver c. Failure to send, failure to disclose, sending something of lesser value, failure to deliver d. Failure to send, failure to disclose, sending something to the wrong address, failure to deliver
c. Failure to send, failure to disclose, sending something of lesser value, failure to deliver
As of 2022, which of the following is the fastest-growing target for cyber attacks? a. laptops b. USB devices c. IoT d. Servers
c. IoT
What is the name of the point where the backbones of the Internet connect? a. Connectors b. Switches c. Network Access Points d. Routers
c. Network Access Points
Sharice is trying to teach a new technician basic networking terms. What should she tell this new technician NIC stands for? a. Network interface connector b. Network interaction connector c. Network interface card d. Network interaction card
c. Network interface card
Which of the following is a method that any person can use to protect against virus attacks? a. Use encrypted transmissions b. Set up a firewall c. Never open unknown email attachments d. Use secure email software
c. Never open unknown email attachments
Which of the following is a device used to connect two or more networks? a. NIC b. Hub c. Router d. Switch
c. Router
What virus exploited buffer overflows? a. Sobig b. Schlayer c. Sasser D. Mimail
c. Sasser
The IP address of 127.0.0.1 always refers to your what? a. nearest router b. ISP c. Self d. Nearest NAP
c. Self
You are explaining the history of networking to a group of first-year students. What did Tim Berners-Lee invent? a. TCP b. Email c. The World Wide Web d. The first computer virus
c. The World Wide Web
What is typically the goal of identity theft? a. To avoid criminal prosecution b. To invade privacy c. To make illicit purchases d. To discredit the victim
c. To make illicit purchases
Which of the following was one of the three universities involved in the original distributed network set up by a government agency? a. MIT b. Princeton c. UC Berkeley d. Harvard
c. UC Berkeley (also UCLA, Stanford, and Utah)
John is a network security administrator for a midsized college. He is trying to explain to a new hire what a virus is. Which of the following is the best definition of a virus? a. a program used in a DoS attack b. a program that causes harm to your computer c. a program that self-replicates d. a program that slows down your network
c. a program that self-replicates
Which of the following is the most basic security activity? a. password protection b. firewall c. authentification d. autiting
c. authentification
When considering the various attacks that can be executed on your system, it is important to understand which attacks are most common. Of the following, which is one of the most common and simplest attacks on a system? a. session hacking b. password cracking c. denial of service attack d. buffer overflow
c. denial of service attack
Which of the following is a step that all computer users should take to protect against virus attacks? a. show down all incoming ports b. use nonstandard email clients c. install and use antivirus software d. purchase and configure a firewall
c. install and use antivirus software
Sheryl is explaining the OSI model to new technicians at her company. She is trying to explain what protocols operate at the various layers of the OSI model. At what layer of the OSI model does TCP operate? A. Transport B. Application C. Network D. Data link
A. Transport
What is the term for submitting a fake but very high bid to deter other bidders? A. Bid siphoning B. Bid shielding C. Shill bidding D. Ghost bidding
B. Bid shielding
you are trying to identify all potential DoS attack vectors. in doing so, you hope to provide mitigation for each of these attack vectors. why will protecting against trojan horse attacks reduce DoS attacks? a. a trojan horse will often open ports and thus allow DoS attacks b. if you can stop a trojan horse attack, you will also stop DoS attacks c. many denial of service attacks are conducted by using a trojan horse to get an unsuspecting machine to execute the DoS attack d. a trojan horse has much the same effect as a DoS attack
c. many denial of service attacks are conducted by using a trojan horse to get an unsuspecting machine to execute the DoS attack
What are the three approaches to security? a. internal, external, and hybrid b. high security, medium security, and low security c. perimeter, layered, hybrid d. perimeter, complete, none
c. perimeter, layered, hybrid
Elizabeth is explaining various hacking terms to the class. She is in the process of discussing the history of phone system hacking. What is the term for hacking a phone system? a. hacking b. telco-hacking c. phreaking d. cracking
c. phreaking
Malek is explaining various malware types to new technical support personnel. He is explaining to them the various types of malware so that they can recognize them. What type of malware is a key logger? a. buffer overflow b. trojan horse c. spyware d. virus
c. spyware
you are attempting to explain various DoS attacks to a new security tech. you want to make sure she can differentiate between these diff attacks and notice the signs of a specific attack. what type of defense depends on changing the server so that unfinished handshaking times out sooner? a. SYN cookies b. RST cookies c. stack tweaking d. hash tweaking
c. stack tweaking
Juan has installed a new T1 line in a medical office. The front desk receptionist asked what speed they can expect. A T1 line sends data at what speed? a. 100 Mbps b. 56.6 Kbps c. 155 Mbps d. 1.54 Mbps
d. 1.54 Mbps
Which U.S. government agency created the distributed network that formed the basis for the internet? a. Department of Energy b. NASA c. Central Intelligence Agency d. Advanced Research Projects Agency
d. Advanced Research Projects Agency
Mohaned has found malware on his network. the malware encrypts files demanding ransom and also blocks 600 Windows processes. What malware has Mohaned found? a. Thanatos b. Schlayer c. Pegasus d. Cl0p
d. Cl0p
Elizabeth has found malware on a system in her company. The malware blocks about 600 Windows processes and demands a ransom. What has Elizabeth found? a. Thanatos b. Schlayer c. Kedi RAT d. Clop
d. Clop
John is working with command-line utilities to gather diagnostic information about a computer that cannot connect to the network. Which utility provides information about a machine's network configuration? a. Pint b. MyConfig c. Tracert d. IPConfig
d. IPConfig
Which of the following is a unique hexadecimal number that identifies your network called? a. NIC address b. MAC ID c. NIC ID d. MAC address
d. MAC address
You are assigned to attach connectors to segments of cable. What type of connector is used with network cable? a. RJ-12 b. RJ-85 c. RJ-11 d. RJ-45
d. RJ-45
What type of defense depends on sending the client an incorrect SYN/ACK? a. hash tweaking b. stack tweaking c. RST cookies d. SYN cookies
d. SYN cookies
A range of countermeasures can help defend against DoS attacks. What are the three methods for protecting against SYN flood attacks? a. DoS cookies, SYN cookies, stack deletion b. DoS cookies, RST cookies, stack deletion c. SYN cookies, DoS cookies, stack tweaking d. SYN cookies, RST cookies, stack tweaking
d. SYN cookies, RST cookies, stack tweaking
Malek is purchasing cable to use in setting up small office networks. He wants to stock up on commonly used cable. What type of cable do most networks use? a. Phone cable b. STP c. Net cable d. UTP
d. UTP
What do law enforcement officials usually require of a victim in order to pursue harassment allegations? a. a verifiable threat of death or serious injury b. a credible threat of death or serious injury c. a verifiable threat of harm d. a credible threat of harm
d. a credible threat of harm
Which of the following types of privacy law affects computer security? a. any privacy law b. any federal privacy law c. any state privacy law d. any privacy law applicable to your organization
d. any privacy law applicable to your organization
no attack mitigation strategy is perfect, and you need to allow at least some traffic into and out of your network, or else your network is of no use. what can you do with your firewall to defend at least some of DoS attacks? a. block all incoming traffic on port 80 b. block all incoming TCP packets c. block all incoming traffic d. block all incoming ICMP packets
d. block all incoming ICMP packets
In addition to the primary way a virus scanner works, what other way can a virus scanner work? a. by blocking all unknown files b. by blocking files that copy themselves c. by comparing files against a list of known virus profiles d. by looking at files for virus-like behaviors
d. by looking at files for virus-like behaviors
while there is a wide range of different ways to execute a DoS attack, they all are predicated on the same idea. What is the basic concept behind a DoS attack? a. Computers don't handle TCP packets well b. computers cannot handle large loads c. computers cannot handle large volumes of TCP traffic d. computers can handle a finite load
d. computers can handle a finite load
Jared is explaining various attacks to students in an introduction to cybersecurity class. He wants to make certain they fully understand the different attacks. What does a buffer-overflow attack do? a. it overflows the system b. it puts more email in an email system than it can hold c. it overflows a port with too many packets d. it puts more data in a buffer than it can hold
d. it puts more data in a buffer than it can hold
how can securing internal routers help protect against DoS attacks? a. attacks cannot occur if the internal router is secured b. because attacks originate outside the network, securing internal routers cannot help protect against DoS c. securing the router will only stop router based DoS attacks d. it will prevent an attack from propagating across network segments
d. it will prevent an attack from propagating across network segments
Mary is teaching an introductory cybersecurity course to freshmen. She is explaining to them the major threats. Which of the following is not one of the three major classes of threats? a. DoS attacks b. a computer virus c. Attempts to intrude on the system d. online auction fraud
d. online auction fraud
Which of the following best describes polycloud? a. using a private and public cloud b. using cloud and local resources c. using more than one cloud provider for resilience and redundancy d. using more than one cloud provider for the services offered
d. using more than one cloud provider for the services offered
What protocol is used to send an email, and on what port does it work? a. SMTP, port 25 b. POP3, port25 c. SMTP, port 110 d. POP3, port110
a. SMTP, port 25
It is important to understand the different types of DoS attacks and the symptoms of those attacks. Leaving a connection half-open is a symptom of which type of attack? a. SYN flood attack b. DDoS attack c. smurf attack d. partial attack
a. SYN flood attack
You have just taken over as network security administrator for a small community college. you want to take steps to secure your network. Before you can formulate a defense for a network, what do you need? a. a clear picture of the dangers to be defended against b. appropriate security certifications c. the help of an outside consultant d. to finish this textbook
a. a clear picture of the dangers to be defended against
What is a penetration tester? a. a person who hacks a system to test its vulnerabilities b. a person who hacks a system by faking a legitimate password c. a person who hacks a system without being caught d. a person who is an amateur hacker
a. a person who hacks a system to test its vulnerabilities
Being able to define attack terms is an important skill for a cybersecurity professional. What is a computer virus? a. any program that self-replicates b. any program that is downloaded to your system without your permission c. any program that can change your Windows Registry d. Any program that causes harm to your system
a. any program that self-replicates
Being able to define attack terms is an important skill for a cybersecurity professional. What is spyware? a. any software that monitors your system b. the only software that logs keystroke c. any software used to gather intelligence d. the only software that monitors what websites you visit
a. any software that monitors your system
What is the primary way a virus scanner works? a. by comparing files against a list of known virus profiles b. by blocking files that copy themselves c. by blocking all unknown files d. by looking at files for virus-like behaviors
a. by comparing files against a list of known virus profiles
What is war-driving? a. driving looking for wireless networks to hack b. driving and seeking rival hackers c. driving and seeking a computer drive d. driving and using a wireless connection for hacking
a. driving looking for wireless networks to hack
Why is it useful to have a separate credit card dedicated to online purchases?
a. if the credit card number is used illegally, you will limit your financial liability
Which factor about the WannaCry virus is especially interesting to security practitioners? a. it could have been prevented with good patch management b. it deleted critical system files c. it was difficult to protect against d. it was very sophisticated and likely an example of nation-state weaponized malware
a. it could have been prevented with good patch management
Isabelle is responsible for cybersecurity at her company. She is concerned that a virus would cause damage to the IT systems. What is the most common damage caused by virus attacks? a. slowing down networks by virus traffic b. corrupting the operating system c. changing the Windows registry d. deleting files
a. slowing down networks by virus traffic
Juan is explaining various DoS attacks to security operators at his company. which attack causes a network to perform a DoS attack on one of its own servers? a. smurf attack b. ping of death c. SYN flood d. DDoS
a. smurf attack
What is the name for the hacking technique that involves using persuasion and deception to get a person to provide information to help compromise security? a. social engineering b. conning c. human intel d. soft hacking
a. social engineering
What type of cable is used for most networks? a. unshielded twisted-pair b. shielded untwisted-pair c. unshielded untwisted-pair d. shielded twisted-pair
a. unshielded twisted-pair
Which of these involves examining traffic to determine if it is part of a DoS attack and then blocking suspected traffic? a. upstream filtering b. RST cookies c. Stack tweaking d. hash tweaking
a. upstream filtering
Which of the following is the primary reason that Microsoft Outlook is so often a target for virus attacks? a. Outlook is more commonly used that other email systems b. It is easy to write programs that access Outlook's inner mechanisms c. Outlook copies virus files faster d. Many hackers dislike microsoft
b. It is easy to write programs that access Outlook's inner mechanisms
Gunther is setting up encrypted remote communications so that the server administrators can remotely access servers. What protocol is used for remotely logging on to a computer in a secure manner? a. HTTP b. SSH c. SMTP d. Telnet
b. SSH
Juan is a network administrator for a small graphic design company. In April 2021, his company was hit by a virus that specifically. targeted macOS and was a first-stage downloader for other malware components. What attack was this? a. Sasser b. Shlayer c. Pegasus d. Mirai
b. Shlayer
What is a cookie?
a. A small file that contains data and is stored on your computer
if you are a website developer and concerned about DoS attacks, what is one mitigation technique you can implement in the website itself? a. CAPTCHA b. Bandwidth throttling c. web application firewall d. encryption with HTTPS
a. CAPTCHA
you want to make sure your team can identify the various DoS attack vectors. what type of attack uses the victim's own network routers to perform a DoS attack on the target? a. DDoS b. ping of death c. smurf attack d. slammer attack
a. DDoS
Which layer of the OSI model is divided into two sublayers? a. Data link b. session c. presentation d. network
a. Data link
Mohammed needs to open a firewall port so that web traffic can be passed through the firewall. What protocol is used for web pages, and on which port does it work? a. HTTP, port 80 b. DHCP, port 80 c. DHCP, port 21 d. HTTP, port 21
a. HTTP, port 80
What must exist for cyber stalking to be illegal in a state or territory?
a. Nothing; existing stalking laws can apply
Which of the following is something a Trojan horse might do? a. Open a backdoor for malicious software b. Alter your IP address c. Change ports on your computer d. Change your memory configuration
a. Open a backdoor for malicious software