D430 Quiz Questions
What is the purpose of the FISMA framework? A. To establish information security policies and procedures for federal agencies B. To regulate the use of personal health information C. To protect student educational records D. To ensure the security of financial data
A.) The purpose of the FISMA framework is to establish information security policies and procedures for federal agencies. (FI = federal information)
Which of the following is a guideline for privacy and compliance as applied to cybersecurity? A. Use strong, unique passwords B. Store sensitive data in plaintext C. Share sensitive data with unauthorized personnel D. Use unencrypted email to transmit sensitive data
A.) Using strong, unique passwords is a guideline for privacy and compliance as applied to cybersecurity.
Which security principle is violated when a hacker gains unauthorized access to a system? A. Confidentiality B. Integrity C. Availability D. Efficiency
A.) When a hacker gains unauthorized access to a system, it violates the confidentiality security principle.
Which of the following is a vulnerability assessment tool that can be used to scan a network for vulnerabilities? A. WireShark B. NMAP C. Hping3 D. Kismet/Netstumbler
B.) NMAP is a vulnerability assessment tool that can be used to scan a network for vulnerabilities.
Which of the following acts regulates the use of personal health information? A. FISMA B. HIPAA Accountability Act C. FERPA Act D. SOX
B.) The HIPAA Accountability Act regulates the use of personal health information.
Which of the following is a requirement of the HIPAA Accountability Act? A. Encryption of customer financial information during transmission B. Protection of customer health information C. Reporting of security breaches to customers D. Regulation of the use of personal health information
B.) The HIPAA Accountability Act requires protection of customer health information.
Which of the following is a requirement of the PCI DSS? A. Protection of customer health information B. Encryption of customer financial information during transmission C. Reporting of security breaches to customers D. Regulation of the use of personal health information
B.) The PCI DSS requires encryption of customer financial information during transmission.
Which of the following is a security principle that involves verifying the identity of a user or system? A. Confidentiality B. Integrity C. Availability D. Authentication
D.) Authentication is a security principle that involves verifying the identity of a user or system.
Which of the following is NOT a buffer overflow protection mechanism? A. AMD enhanced Virus protection B. Address space layout randomization (ASLR) C. Intel Executable Disable (XD) D. CANVAS
D.) CANVAS is a vulnerability assessment tool, not a buffer overflow protection mechanism.
Which of the following tools can be used to locate vulnerabilities in firewalls? A. Kismet/Netstumbler B. NMAP C. WireShark D. Hping3
D.) Hping3 can be used to locate vulnerabilities in firewalls.
Which of the following is NOT a type of vulnerability assessment tool? A. Nessus B. Metasploit C. CANVAS D. Nikto
D.) Nikto is a web server analysis tool, not a vulnerability assessment tool.
Which of the following is NOT a guideline in privacy and compliance as applied to cybersecurity? A. Use strong passwords B. Follow a principle of least privilege C. Use encryption to protect sensitive data D. Share sensitive data with unauthorized personnel
D.) Sharing sensitive data with unauthorized personnel is not a guideline in privacy and compliance as applied to cybersecurity.
Which of the following is a command line sniffer for Unix/Linux OS? A. Kismet/Netstumbler B. NMAP C. WireShark D. TCPDump
D.) TCPDump is a command line sniffer for Unix/Linux OS.
Which of the following frameworks regulates the protection of customer financial information? A. FISMA B. HIPAA Accountability Act C. FERPA Act D. GLBA
D.) The GLBA framework regulates the protection of customer financial information.
Which of the following frameworks is designed to protect against credit card fraud? A. FISMA B. HIPAA Accountability Act C. FERPA Act D. PCI DSS
D.) The PCI DSS framework is designed to protect against credit card fraud.
Which of the following is a requirement of the SOX framework? A. Protection of customer health information B. Encryption of customer financial information during transmission C. Reporting of security breaches to customers D. Regulation of financial reporting for public companies
D.) The SOX framework regulates financial reporting for public companies.
Which of the following is NOT a security principle? A. Confidentiality B. Integrity C. Availability D. Efficiency
D.) The three security principles are confidentiality, integrity, and availability.
Which of the following is NOT a type of fuzzer? A. MiniFuzz B. Binscope C. Regex Fuzzer D. WireShark
D.) WireShark is a packet sniffer and protocol analyzer, not a type of fuzzer.
Which of the following security principles refers to the accuracy and completeness of information? A. Confidentiality B. Integrity C. Availability D. Authentication
B.) Integrity refers to the accuracy and completeness of information.
Which of the following is a vulnerability assessment tool made by Rapid7? A. Nessus B. Metasploit C. CANVAS D. Nikto
B.) Metasploit is a vulnerability assessment tool made by Rapid7.
What is the purpose of a web server analysis tool like Nikto? A. To identify and prioritize security vulnerabilities in a web server B. To encrypt web server traffic C. To prevent unauthorized access to a web server D. To monitor web server traffic for security threats
A.) The purpose of a web server analysis tool like Nikto is to identify and prioritize security vulnerabilities in a web server.
What is the purpose of the FERPA Act? A. To protect student educational records B. To establish information security policies and procedures for federal agencies C. To regulate the use of personal health information D. To ensure the security of financial data
A.) The purpose of the FERPA Act is to protect student educational records.
What is the purpose of the Burp Suite web analysis tool? A. To identify and prioritize security vulnerabilities in a web application B. To encrypt web application traffic C. To prevent unauthorized access to a web application D. To monitor web application traffic for security threats
A.) The purpose of the Burp Suite web analysis tool is to identify and prioritize security vulnerabilities in a web application.
Which of the following is a vulnerability assessment tool that can be used to identify and exploit vulnerabilities in a system? A. Nessus B. Metasploit C. CANVAS D. Burp Suite
B.) Metasploit is a vulnerability assessment tool that can be used to identify and exploit vulnerabilities in a system.
What is a honeypot? A. A vulnerable system designed to attract attackers B. A tool for detecting network vulnerabilities C. An encryption tool for securing data D. A type of virus that spreads through a network
A.) A honeypot is a vulnerable system designed to attract attackers.
Which of the following security principles refers to keeping sensitive information private? A. Confidentiality B. Integrity C. Availability D. Authentication
A.) Confidentiality refers to keeping sensitive information private.
Which of the following is a type of fuzzer that is used to test the robustness of software? A. MiniFuzz B. Binscope C. Regex Fuzzer D. WireShark
A.) MiniFuzz is a type of fuzzer that is used to test the robustness of software.
Which of the following tools can be used to scan for open ports on a network? A. Nessus B. WireShark C. Hping3 D. CANVAS
A.) Nessus can be used to scan for open ports on a network.
Which of the following is a web server analysis tool that can be used to scan a web server for vulnerabilities? A. Nikto B. CANVAS C. Metasploit D. Nessus
A.) Nikto is a web server analysis tool that can be used to scan a web server for vulnerabilities.
What is the primary goal of cyber defense? A. To prevent unauthorized access to systems and data B. To maximize system efficiency C. To improve system performance D. To reduce maintenance costs
A.) The primary goal of cyber defense is to prevent unauthorized access to systems and data.
What is the purpose of a firewall? A. To prevent unauthorized access to a network B. To increase network speed C. To detect and remove viruses D. To encrypt network traffic
A.) The purpose of a firewall is to prevent unauthorized access to a network.
What is the purpose of a vulnerability assessment tool like Nessus? A. To identify and prioritize security vulnerabilities in a network B. To encrypt network traffic C. To prevent unauthorized access to a network D. To monitor network traffic for security threats
A.) The purpose of a vulnerability assessment tool like Nessus is to identify and prioritize security vulnerabilities in a network.
Which of the following is a guideline for privacy and compliance as applied to cybersecurity? A. Share sensitive data with unauthorized personnel B. Follow a principle of least privilege C. Use weak passwords D. Store sensitive data in plaintext
B.) Following a principle of least privilege is a guideline for privacy and compliance as applied to cybersecurity.
Which of the following is a security principle that involves ensuring that information is not modified without authorization? A. Confidentiality B. Integrity C. Availability D. Authentication
B.) Integrity is a security principle that involves ensuring that information is not modified without authorization.
Which of the following is a buffer overflow protection mechanism at the operating system level for Windows, MAC, and Linux? A. AMD enhanced Virus protection B. Address space layout randomization (ASLR) C. Intel Executable Disable (XD) D. Nikto
B.) Address space layout randomization (ASLR) is a buffer overflow protection mechanism at the operating system level for Windows, MAC, and Linux.
Which of the following is a type of fuzzer that is used to test the compatibility of software? A. MiniFuzz B. Binscope C. Regex Fuzzer D. WireShark
B.) Binscope is a type of fuzzer that is used to test the compatibility of software.
Which of the following is a security principle that involves ensuring that authorized users have access to information when needed? A. Confidentiality B. Integrity C. Availability D. Authentication
C.) Availability is a security principle that involves ensuring that authorized users have access to information when needed.
Which of the following security principles refers to ensuring that authorized users have access to information when needed? A. Confidentiality B. Integrity C. Availability D. Authentication
C.) Availability refers to ensuring that authorized users have access to information when needed.
Which of the following is a buffer overflow protection mechanism at the chipset level for Intel processors? A. AMD enhanced Virus protection B. Address space layout randomization (ASLR) C. Intel Executable Disable (XD) D. CANVAS
C.) Intel Executable Disable (XD) is a buffer overflow protection mechanism at the chipset level for Intel processors.
Which of the following tools can be used to detect wireless access points? A. NMAP B. Hping3 C. Kismet/Netstumbler D. Nessus
C.) Kismet/Netstumbler can be used to detect wireless access points.
Which of the following is a type of fuzzer that is used to test the security of software? A. MiniFuzz B. Binscope C. Regex Fuzzer D. WireShark
C.) Regex Fuzzer is a type of fuzzer that is used to test the security of software.
Which of the following is NOT a requirement of the GLBA? A. Privacy notices to customers B. Safeguards for customer information C. Protection of customer health information D. Reporting of security breaches
C.) The GLBA does not require protection of customer health information.
Which of the following is a type of packet sniffer and protocol analyzer? A. Kismet/Netstumbler B. NMAP C. WireShark D. TCPDump
C.) WireShark is a type of packet sniffer and protocol analyzer.