Cyber Security Exam #3

Virus

-Attaches itself to or copies itself into another program or file on a computer. -Infects a host program

How to detect insider threats

-Conduct regular security -Maintain a log of all the accounts and users that access the organization's system -Monitor common data sources

Worm

A self contained program that replicates and sends copies of itself to other computers without user input or action

Thieves recently rammed a truck through the entrance of your company's main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again? a. Bollards b. Guards c. CCTV d. Mantrap

Bollards

Adware

By injecting advertising directly into the pages you are browsing

Synchronous Token

Calculates a number at both the authentication server and the device

Phishing

Fake emails, text messages and websites created to look like they are from authentic companies. They are sent by criminals to steal personal and financial information from you. This is also known as "spoofing"

True or False: Insider attacks usually require the advance knowledge of network.

False

You are reviewing security controls and their usefulness. You notice that account lockout policies are in place. Which of the following attacks will these policies thwart? (choose two) a. DNS poisoning b. Replay c. Buffer overflow d. Brute force e. Dictionary

Brute Force and Dictionary

Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve two factor authentication? a. Username b. PIN c. Security question d. Fingerprint scan

Fingerprint Scan

The security manager at your company recently updated the security policy. One of the changes requires two-factor authentication. Which of the following will meet this requirement? a. Hardware token and PIN b. Finger print and retina scan c. Password and PIN d. PIN and security questions

Hardware token and Pin

Which of the following choices BEST describes the characteristics of malicious insider? a. High loyalty toward their organization b. High level of rationality c. High level of ethical values d. High level of compulsive behavior

High level of compulsive behavior

Which of the following choices BEST describes the organizational trigger in insider threats (TWO)? a. High level of physical access controls b. High level of time pressure c. High level of security training d. High availability and easy of acquiring information

High level of time pressure, High availability and easy of acquiring information

List five factors for authentication

Knowledge, Ownership, Biometrics, locations, Action

You maintain a training lab with 18 computers. You have enough rights and permissions on these machines so that you can configure them as needed for classes. However, you do not have the rights to add them to your organization's domain. Which of the following choices BEST describes this example? a. Least privilege b. Need to know c. User-based privileges d. BYOU

Least Privilege

List three solutions to prevent insider threats

Least privilege policy, Strict password and account management policies, Periodic security awareness training for all employees

List five physical controls

Locks/Keys, Mantrap, ID Cards, Alarm Systems, Guards

After Tom turned on his computer, he saw a message indicating that unless he made a payment, his hard drive would be formatted. What does this indicate? A. Armored virus B. Backdoor C. Ransomwares D. Trojan

Ransomwares

Which group is the most likely target of a social engineering attack? a. Receptionists and administrative assistants b. Information security response team c. Internal auditors d. Independent contractors

Receptionists and administrative assistants

A security auditor discovered that several employees in the accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. What policy is she recommending? a. Role-based access control b. BYODU c. Separation of duties d. Job rotation

Separation of duties

Within the context of information security, ____________________ is the process of using interpersonal skills to convince people to reveal access credentials or other valuable information to the attacker.

Social Engineering

What is Social Engineering?

The process of using social skills to convince people to reveal access credentials or other valuable information.

What type of malicious software masquerades as legitimate software to entice the user to run it? a. Virus b. Worm c. Trojan horse d. Backdoor

Trojan horse

True or False: A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment

True

True or False: An insider threat is occurred by a current or former employee, contractor or business partner who has or had authorized access to an organization's network systems, data or premises.

True

True or False: Fingerprints, palm prints and retina scans are types of biometrics.

True

True or False: Unlike viruses, worms do NOT require a host program in order to survive and replicate.

True

Spyware

Used by third parties to infiltrate your computer (i.e., specifically threaten the confidentiality of information).

A telecommuting employee calls into his organization's IT help-desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password? a. Verify the user's name b. Disable the user's account c. Verify the user's identity d. Enable the user's account

Verify the user's identity

Asynchronous Token Challenge-Response

involves a dialogue between the authentication service and the remote entity that it's trying to authenticate

two-factor authentication

something you know and something unique to you

Lisa recently developed an application for the Human Resources department. Personnel use this application to store and manage employee data, including PII. She programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance on the application if necessary. Which of the following does this describe? a. Virus b. Worm c. Backdoor d. Trojan

Backdoor

During a log review, Danielle discovers a series of logs that show login failures: Jan 31 11:39:14 ip-10-0-0-2 sshd[29092]" Invalid user admin from remotehost passwd=aaaaaaaaa Jan 31 11:39:19 ip-10-0-0-2 sshd[29098]" Invalid user admin from remotehost passwd=aaaaaaaab What type of attack has Danielle discovered? a. Dictionary attack b. Man-in-the-middle attack c. Brute-force attack d. Hash attack

Brute Force Attack

Sean wants to ensure that other people cannot view data on his mobile device if he leaves it unattended. What should he implement? a. Encryption b. Cable lock c. Screen lock d. Remote wiping

Screen Lock

When an attacker talk to an organization's help desk and persuades them to reset a password for them due to the help desk employee's trust and willingness to help, what type of attack succeeded? a. Trojan b. Social engineering c. Phishing d. Man-in-the-middle

Social Engineering

Trojan Horse

Software that appears to be useful but instead allows access to a computer without the user's knowledge or consent.

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? a. Spear phishing b. Pharming c. Adware d. Command injection

Spear Phishing

Users in your organization have reported receiving a similar email from the same sender. The email included a link, but after recent training on emerging threats, all the users chose not to click the link. Security investigators determined the link was malicious and was designed to download ransomeware. Which of the following BEST describes the email? a. Phishing b. Spam c. Spear phishing d. Vishing

Spear Phishing

Of the following malware types, which one is MOST likely to monitor a user's computer? a. Trojan b. Spyware c. Ransomwares d. Adware

Spyware

Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe? a. Spear phishing b. Vishing c. Mantrap d. Tailgating

Tailgating

Pharming

Convince you that the site is real and legitimate by spoofing or looking almost identical to the actual site down to the smallest details. You may enter your personal information and unknowingly give it to someone with malicious intent

True or False: You should use easy-to-remember personal information to create secure passwords

False

True or False: A worm is self-Contained program that has to trick the user into running it

False A worm is self-contained program that replicates and sends copies of itself to other computers, generally across a network.

True or False: A phishing attack "poisons" a domain name on a domain name server.

False That is called DNS poisoning

True or False: The main difference between a virus and a worm is that a virus does not need a host program to infect.

False The main difference between the two are viruses attaches itself to or copies itself into another program or file on a computer and a worm is a self-contained program that replicates and sends copies of itself to other computers without user input or action and does not need a host program to infect.

True or False: Insider threat is always occurred by the insider who has malicious intention (e.g., fraud, unauthorized trading, and espionage)

False -Who: a current or former employee, contractor or business partner, who has or had authorized access to -Assets: an organization's network systems, data or premises, and uses that access to compromise the confidentiality, integrity or availability -Intention: whether or not out of malicious intent

Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be MOST effective at reducing the success of these attacks? a. Implement a BYOD (bring your own device) policy b. Update the an AUP (acceptable use policy) c. Implement a least privilege policy d. Implement a program to increase security awareness

Implement a program to increase security awareness

Insider Threat Activities

Insider threats can include fraud, theft of intellectual property or trade secrets, unauthorized trading, espionage and IT infrastructure sabotage.