Cyber Security Final
List at least five physical security controls.
1. Guards 2. Dogs 3. ID Cards/Badges 4. Mantraps 5. Locks/Keys
List five factors for authentication.
1. Knowledge 2. Ownership 3. Characteristics 4. Location 5. Action
List three solutions to prevent insider threats.
1. Least Privilege Policy 2. Separation of Duties 3. Periodic Risk Assessments
Which of the following cloud services would be used to rent software, OS, and storage over the Internet? A. SaaS B. PaaS C. IaaS D. XaaS
B. PaaS
Which of the following is the major controller of the cloud infrastructure service market? A. Microsoft B. Google C. Amazon D. Apple
C. Amazon
________ validate the identity of the owner of the public key.
Certificate Authorities
___________ attacks leverage the fact that users are often logged into multiple sites at the same time and use one site to trick the browser into sending malicious requests to another site without the users' knowledge.
Cross Site Request Forgery (XSRF or CSRF)
_________ attacks occur when an attacker embeds malicious scripts without permission in a third-party website that are later run by innocent visitors to that site.
Cross Site Scripting (XSS)
________ is to verify the integrity of the file and provide non-repudiation.
Digital Signature
A web beacon can track information about your device (T/F)
False
Hashing functions require the use of keys. (T/F)
False
Insider attacks usually require the advance knowledge of network. (T/F)
False
Insider threat is always occurred by the insider who has malicious intention (e.g., fraud, unauthorized trading, and espionage). (T/F)
False
MAC addresses are a unique identifier allotted to communication devices and are not changeable. (T/F)
False
You should use easy-to-remember personal information to create secure passwords. (T/F)
False
Session Hijacking is the process in which a user's or organization's cloud account credentials are stolen and exploited by an unauthorized attacker. (T/F)
False, Account Hijacking
Symmetric encryption uses two different keys: public key(to encipher) and private key(to decipher). (T/F)
False, Asymmetric Encryption
Digital Certificates are the encrypted messages that can be mathematically proven to be authentic. (T/F)
False, Digital Signature
IaaS (Infrastructure as a Service) gives the customer access to applications running in the cloud. (T/F)
False, Software as a Service (SaaS)
WEP (Wired Equivalent Privacy) is the strongest encryption protocol for the wireless network.
False, WPA2 (or 3)
The spoofed ARP packets contain the attacker's ________ and the target's ________.
MAC address, IP address
What is the difference between MAC spoofing and ARP spoofing?
MAC spoofing is just changing the MAC address, which anyone can do for their device. ARP spoofing you need to request access to the switch, the vulnerability is that ARP tables only remember the most updated mapping.
__________ enables a user to allow third-party application to access APIs on that user's behalf; for example, when Facebook asks a user if a new application can have access to his photos.
OAuth
ARP (address resolution protocol) works for mapping an IP address to a MAC address. (T/F)
True
ARP spoofing attack "poisons" the ARP table mapping an IP address to a MAC address. (T/F)
True
An Application Program Interface (API) refers to tools for creating software applications. (T/F)
True
An insider threat is occurred by a current or former employee, contractor or business partner who has or had authorized access to an organization's network systems, data or premises. (T/F)
True
Cloud venders expose a set of software interface or APIs in which customers use to interact with cloud services. (T/F)
True
Cookies are designed for websites to remember stateful information (e.g., items added in the cart in Amazon.com. (T/F)
True
Cookies are inherently harmless. (T/F)
True
Electromagnetic Interception is the reconstruction of data from electromagnetic emissions (T/F)
True
Fingerprints, palm prints and retina scans are types of biometrics. (T/F)
True
Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in clear text. (T/F)
True
PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities. (T/F)
True
Popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms. (T/F)
True
Pure asymmetric key encryption is not widely used, except with digital certificates. (T/F)
True
To be secure interfaces and APIs, strong authentication and access controls are required with encrypted transmission. (T/F)
True
WAP (wireless access point) is the connection between a wired and wireless network. (T/F)
True
_________ is a technique used to gain unauthorized access to Wi-Fi wireless network by driving vehicle.
Wardriving
Which of the following is NOT an example of Physical Security control? a. Antivirus Software b. Security Guards c. A locked server room
a. Antivirus Software
Thieves recently rammed a truck through the entrance of your company's main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again? a. Bollards b. Guards c. CCTV d. Mantrap
a. Bollards
What does eavesdropping compromise? a. Confidentiality b. Integrity c. Availability
a. Confidentiality
What main part of the CIA triangle does account hijacking affect? a. Confidentiality b. Integrity c. Accessibility
a. Confidentiality
An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it could not meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid? a. Digital signature b. Integrity c. Decryption d. Encryption
a. Digital signature
The security manager at your company recently updated the security policy. One of the changes requires two-factor authentication. Which of the following will meet this requirement? a. Hardware token and PIN b. Finger print and retina scan c. Password and PIN d. PIN and security questions
a. Hardware token and PIN
Homer is able to connect to his company's wireless network with his smartphone but not with his laptop computer. Which of the following is the MOST likely reason for this disparity? a. His company's network has a MAC address filter in place. b. His company's network has enabled SSID broadcast. c. His company's network has enabled WEP. d. His company's network has enabled WPA2 Enterprise.
a. His company's network has a MAC address filter in place.
Why are WEP keys easy to crack? a. Its use of static encryption keys b. Using switch in the transmission c. Both A and B
a. Its use of static encryption keys
You maintain a training lab with 18 computers. You have enough rights and permissions on these machines so that you can configure them as needed for classes. However, you do not have the rights to add them to your organization's domain. Which of the following choices BEST describes this example? a. Least privilege b. Need to know c. User-based privileges d. BYOU
a. Least privilege
Which of the following options would be used to prevent cloud account hijacking? a. Multi-factor authentication b. Using the same password for every account c. Encrypting sensitive data before it enters the cloud d. A&B
a. Multi-factor authentication
To avoid the nefarious use of cloud computing, which of the following is the BEST safeguard? a. Rigorous registration process b. Paid service c. OAuth d. Firewall
a. Rigorous registration process
Which of the following is a NSA specification for protection against electromagnetic interference? a. TEMPEST b. SPECTRE c. GHOST d. APACHE
a. TEMPEST
What is NOT a good way to protect your information? a. Use an http web address b. Have the latest protection installed on your computers c. Change the default settings on your computer
a. Use a http web address
Jemar recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code: <body onload="document.getElementByID('myform').submit()"> <form id="myForm"action="gcgapremium.com/purchase.php"method="post" <input name="Buy Now" value="Buy Now"/> </form> </body> Which of the following is the MOST likely explanation? a. XSRF(cross-site request forgery) b. Bufferoverflow c. SQL injection d. ARP spoofing
a. XSRF(cross-site request forgery)
An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of characters (more data into the database application's memory than it can handle). What is MOST likely occurring? a. XSRF b. Buffer overflow c. HTML injection d. DNS poisoning
b. Buffer overflow
Homer wants to use digital signatures for his emails and realized he needs a certificate. Which of the following will issue Homer a certificate? a. IT department b. CA (CertificateAuthority) c. Email service company d. Recovery agent
b. CA(CertificateAuthority)
Which part of CIA is harmed by WEP cracking? a. Integrity b. Confidentiality c. Availability
b. Confidentiality
Which of the following terms describes the process of making and using codes to secure the transmission of information? a. Algorithm b. Cryptography c. Steganography d. Philosophy
b. Cryptography
Which of the following cannot put you at risk for getting infected with spyware? a. Blindly letting trusted software install other software b. Downloading a community verified mod for your favorite video game c. Downloading freeware from an unofficial link d. Opening an email attachment that you are not sure of the contents inside
b. Downloading a community verified mod for your favorite video game
Which of the following choices BEST describes the organizational trigger in insider threats (TWO)? a. High level of physical access controls b. High level of time pressure c. High level of security training d. High availability and easy of acquiring information
b. High level of time pressure and d. High availability and easy of acquiring information
A small business owner modified his wireless router with the following settings: PERMIT 1A:2B:3C:4D:5E:6F DENY 6F:5E:4D:3C:2B:1A After saving the settings, an employee reports that he cannot access the wireless network anymore. What is the MOST likely reason that the employee cannot access the network? a. IP address filtering b. MAC address filtering c. DNS filtering d. URL filtering
b. MAC address filtering
What kind of insider threat is most common? a. Malicious b. Negligent c. Third Party
b. Negligent
In what type of attack does the attacker send unauthorized commands directly to a database? a. XSS (cross-site scripting) b. SQL injection c. XSRF(cross-site request forgery) d. Database dumping
b. SQL injection
Joe wants to send a secure email to Marge so he decides to encrypt it. Joe wants to ensure that Marge can verify that he sent it. Which of the following does Marge need to verify the certificate that Joe used in this process in valid? a. The CA (Certificate Authority)'s private key b. The CA's public key c. Marge's public key d. Marge's private key
b. The CA's public key
Which network system should you NOT use? a. WPA b. WEP c. WPA2
b. WEP
What does WEP stand for? a. Wide Encrypted Protocol b. Wireless Equivalent Privacy c. Wifi Ensured Protection
b. Wireless Equivalent Privacy
What is The Cloud? a. A fluffy white thing in the sky b. A downloaded computer program c. A software and services that run on the Internet d. A website on the internet
c. A software and services that run on the Internet
HTML injection is a? a. SQL injection b. Cross Scripting Attack c. Code Injection d. LDAP injection
c. Code Injection
Rachel at ABC corp. stores her public key where it can be accessed. Alex at XYZ corp. retrieves it and uses it to encrypt his session (symmetric) key. He sends it to Rachel, who decrypts Alex's session key with her private key, and then uses Alex's session key for short-term private communications. What is MOST likely occurring? a. Symmetric encryption b. Asymmetric encryption c. Hybrid encryption d. Hashing
c. Hybrid encryption
Of the following choices, which one is a cloud computing option model that the vendor provides access to a computer, but customers must manage the system, including keeping it up to data with current patches? a. Platform as a Service b. Software as a Service c. Infrastructure as a Service d. Private
c. Infrastructure as a Service
A code review of a web application discovered that the application is not performing boundary checking. What should the web developer add to this application to resolve this issue? a. XSRF b. XSS c. Input validation d. Antivirus software
c. Input validation
What's a drawback to eavesdropping solutions? a. It is an extremely time consuming process. b. It isn't very effective at stopping the eavesdropper. c. It exchanges confidentiality for availability. d. Mrs. Kuem will give you a bad grade.
c. It exchanges confidentiality for availability.
Jane and Carl work in an organization that includes a PKI (public key). Carl needs to send a message to Jane. What does Carl use in this process? a. Carl's public key b. Carl's private key c. Jane's public key d. Jane's private key
c. Jane's public key
Malicious users inject malicious code or software in Adobe PDF and MS office and upload it to the cloud service. Customers who download the Adobe PDF and the MS office will also execute the malwares. Which of the following choices BEST describes this example? a. Account hijacking b. Session hijacking c. Nefarious use of cloud computing d. SQL injection
c. Nefarious use of cloud computing
Looking at logs for an online web application, you see that someone has entered the following phrase into several queries: 'or '1'='1'-- Which of the following is the MOST likely explanation for this? a. Bufferoverflow b. XSS (cross-site scripting) c. SQL injection d. Domain hijacking
c. SQL injection
Your organization hosts a web site and the web site accesses a database server in the internal network. ACLs (access control list) on firewalls prevent any connections to the database sever except from the web server. Database fields hosting customer data are encrypted an all data in transit between the web site server and the database several are encrypted. Which of the following represents the GREATEST risk to the data on the server? a. Theft of the database server b. HTML injection c. SQL injection d. Sniffing
c. SQL injection
Sean wants to ensure that other people cannot view data on his mobile device if he leaves it unattended. What should he implement? a. Encryption b. Cable lock c. Screen lock d. Remote wiping
c. Screen lock
A security auditor discovered that several employees in the accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. What policy is she recommending? a. Role-based access control b. BYOU c. Separation of duties d. Job rotation
c. Separation of duties
Who should have access to an organization's server room? a. The janitor b. The receptionist c. The network administrator
c. The network administrator
A telecommuting employee calls into his organization's IT help-desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password? a. Verify the user's name b. Disable the user's account c. Verify the user's identity d. Enable the user's account
c. Verify the user's identity
While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent? a. Man-in-the-Middle b. Phishing c. XSS (cross-site scripting) d. Domain hijacking
c. XSS (cross-site scripting)
Of the following choices, which one does not involve insiders? a. Employees b. Competitors c. Business associates d. A random hacker
d. A random hacker
A good way for a company to prevent cloud account hijacking is to: a. Use multi-factor authentication b. Restrict the range of IP addresses that can access cloud account applications c. Encrypt sensitive data sent to the cloud d. All of the above
d. All of the Above
Of the following choices , which one is the best way to detect an inside threat ? a. Inform and Train your employees on the Importance of security awareness b. Log and audit employee's online actions c. Monitor any suspicious behavior d. All of the above
d. All of the Above
What type of threat did Mr. Justice cause through his actions ? a. Confidentiality b. Integrity c. Availability d. All of the above
d. All of the Above
Which part of CIA do HTML injection Attacks affect? a. Confidentiality b. Integrity c. Accessibility d. All of the Above
d. All of the Above
Where can an insider threat take place? a. An accounting firm b. A grocery store c. An airline company d. All of the above
d. All of the above
What term is used to describe a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message? a. Private-key encryption b. Symmetric encryption c. Advanced Encryption Standard (AES) d. Asymmetric encryption
d. Asymmetric encryption
Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve two factor authentication? a. Username b. PIN c. Security question d. Fingerprint scan
d. Fingerprint scan
A function converts data into a string of characters and the string of characters cannot be reversed to re-create the original data. What type of function is this? a. Symmetric encryption b. Asymmetric encryption c. Stream cipher d. Hashing
d. Hashing
Which of the following choices BEST describes the characteristics of malicious insider? a. High loyalty toward their organization b. High level of rationality c. High level of ethical values d. High level of compulsive behavior
d. High level of compulsive behavior
Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be MOST effective at reducing the success of these attacks? a. Implement a BYOD (bring your own device) policy b. Update the an AUP (acceptable use policy) c. Implement a least privilege policy d. Implement a program to increase security awareness
d. Implement a program to increase security awareness
You are planning to deploy a WLAN and you want to ensure it is secure. Which of the following provides the BEST security? a. Implementing WPA b. Disabling SSID broadcast c. EnablingMACfiltering d. Implementing WPA2
d. Implementing WPA2
Which of the following terms is used to describe the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext? a. Cipher b. Code c. Cleartext d. Key
d. Key
Which of the following wireless security mechanisms is subject to a spoofing attack? a. WEP b. WPA c. WPA 2 Enterprise d. MAC address filtering
d. MAC address filtering
Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren't any visitors in the conference room. You want to prevent theses connections, while maintaining easy access for visitors in the conference room. Which of the following is the BEST solutions? a. Disable SSID broadcasting b. Enable MAC filtering c. Use wireless jamming d. Reduce antenna power
d. Reduce antenna power
Bart is in a break area outside the office. He told Lisa that he forgot his badge inside and asked Lisa to let him follow her when she goes back inside. What does this describe? a. Spear phishing b. Vishing c. Mantrap d. Tailgating
d. Tailgating
A war driver is capturing traffic from a wireless network. When an authorized client connects, the attacker is able to implement a brute force attack to discover the encryption key. What type of attack did this war driver use? a. WPS attack b. HTML injection c. Packet injection d. WPA cracking
d. WPA cracking
