IFT 302 Final Exam Prep

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which type of surveillance camera can be viewed from virtually anywhere in the world? - A digital camera - A digital IP camera - An analog camera - A hybrid camera

- A digital IP camera

Which of the following options represent physical barriers? (Select all that apply) - A surveillance camera - An RFID badge reader - A locked door - A receptionist

- A locked door - A receptionist

Which of the following best describes the meaning of lux rating as it applies to surveillance cameras? - Rating for the size of the camera lens - Specifies the color resolution of the camera - Amount of light required for an acceptable image - Resolution of the camera lens

- Amount of light required for an acceptable image

Using natural design elements such as structures and landscaping to guide people as they enter and exit spaces is referred to as: - Natural access control - Ingress/egress planning - Crowd control features - Physical access management

- Natural access control

Which of the following options represent physical barriers? (Select all that apply) - A surveillance camera - A locked door - A receptionist - An RFID badge reader

A locked door, A receptionist

This technical access control manages and documents accounts (authorizing, establishing, activating, modifying, reviewing, disabling, and removing). - Access enforcement - Separation of functions - Concurrent session control - Account management

Account management

The OODA loop and Deming Cycle (PDCA) have a similar structure and objective. They also share one term. Which one is it? - Distinguish - Act - Availability - Decide

Act

A mathematical process or series of structured steps for performing some function. - Heuristic - Substitution - Transposition - Algorithm

Algorithm

A type of cryptography that uses a cipher with two separate keys, one public and one private, to encrypt and decrypt messages? - Psychic - Asymmetric - Telepathic - Symmetric

Asymmetric

The security goal that seeks continuous operation is: - Auditing - Availability - Authentication - Integrity

Availability

The security goal that seeks continuous operation is: - Auditing - Integrity - Authentication - Availability

Availability

The easiest and most logical way to combat malware. - Risk Acceptance - Behavior Avoidance - Threat Mitigation - Role Transference

Behavior Avoidance

Trying all possible keys until finding the right key. - Brute force attack - Algorithmic process - Social engineering - Heuristic process

Brute force attack

_____ is a type of image sensor used in cameras designed to produce the highest quality images. - Charged coupled device - Fish-eye lens - Infrared - Photo-electric sensor

Charged coupled device

_____ is a type of image sensor used in cameras designed to produce the highest quality images. - Charged coupled device - Photo-electric sensor - Infrared - Fish-eye lens

Charged coupled device

This term refers to an individual's need to create their own subjective social reality and is part of the several processes that we use to remember how to operate ourselves, meaning how and why we decide to do things. - Social Engineering - Threat Modeling - Problem Solving - Cognitive Bias

Cognitive Bias

The security goal that seeks to ensure that only authorized people are given access is: - Authentication - Auditing - Availability - Confidentiality

Confidentiality

What is CIA? - Cohesiveness, Ingenuity, Accuracy - Confidentiality, Integrity, Availability - Can Initiate access? - Containerize, Integrate, Accountability

Confidentiality, Integrity, Availability

In Robert Cialdini's Principles of Persuasion, he discusses factors in which we may be more apt to respond favorably to persuasion or influence. The desire to do what we've said we'll do is an example of: - Consistency - Reciprocity - Liking - Authority

Consistency

The desire to do what we've said we'll do is an example of: - Liking - Consistency - Reciprocity - Authority

Consistency

Possible infection symptoms include: - Contact by law enforcement - Bounces of forged emails - Alerts from security software - Unusual and lucrative offers from royalty - Deja vu - Precisely targeted advertisements

Contact by law enforcement, Bounces of forged emails, Alerts from security software

Mechanisms or protections against behavior that is outside an expected norm. - Controls - Encryption - Motive - Money

Controls

Which of the following is not a subsystem involved in infrastructure security management? - Corporate cybersecurity policies - Video surveillance systems - Access-control and monitoring systems - Intrusion-detection and reporting systems

Corporate cybersecurity policies

These sorts of controls reduce the consequences of an incident, perhaps by limiting the damage that is likely to occur no matter what other controls exist. - Deterrent - Preventative - Corrective - Detective

Corrective

Which of the following are Internal Controls? - Corrective - Detective - Preventative - Deterrent - ACLs

Corrective, Detective, Preventative, Deterrent

This attack uses Javascript to perform commands on the user's system, when the user visits sites using a vulnerable browser. - Key Logging - Man-in-the-Browser (MitB) - Cross Site Scripting (XSS) - Man-in-the-Middle (MitM)

Cross Site Scripting (XSS)

What are Technical Controls, monitoring and planned responses - Cyber Security - Software Assurance - OODA - Deming Cycle - Threat Processing

Cyber Security

_____ provides detailed, actionable data about supply and demand in the cybersecurity job market.

CyberSeek

Which layer controls how data is packaged and moved between communication points? - Transmission - Human - Data - Link - Physical

Data

Which OSI model layer is responsible for controlling how data is packaged and moved between communication points? - Application layer - Data link layer - Transport layer - Network layer

Data link layer

Two tools used in reverse engineering malware include: - Decompilers and Debuggers - Static and Destructive Analysis - Behavioral and Threat Analysis - Winsome and Losesome

Decompilers and Debuggers

The act of unscrambling ciphertext into plaintext. - Decryption - Transposition - Symmetric - Substitution

Decryption

A non-encrypted message is:

Decyphered OR Plaintext

In the STRIDE model, what does the 'D' stand for? - Denial of service - Disclosure of Information - Destruction - Deliberate

Denial of service

These sorts of controls are intended to reduce attacks on a system merely by advertising that they're there. Much like a wall or barbed wire fence, or an armed guard, these controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed. - Deterrent - Corrective - Preventive - Detective

Deterrent

SETA is an important tool for an organization seeking to improve knowledge of cybersecurity topics pertains to? - Public awareness - Research - Education - Analysis

Education

Collecting intelligence information from people as part of human intelligence is known as:

Elicitation OR Social engineering

Where components are isolated from other components in a way that limits the amount of damage any fault could cause. - Modularity - Encapsulation - Information hiding - Cohesion

Encapsulation

Which of the following are software development techniques intended to reduce the frequency and severity of vulnerabilities in software. - Encapsulation - Behavioral-based Anti-malware - Wireless Equivalent Privacy - Endpoint Detection & Response - Information Hiding - Internet Protocol Security - Modularity

Encapsulation, Information Hiding, Modularity

_____ is a report that incorrectly authenticates the individual, which could provide access to equipment or data that this person should not have. - False acceptance - True negative failure - TPS cover sheet - True positive failure

False acceptance

_____ is a report that incorrectly authenticates the individual, which could provide access to equipment or data that this person should not have. - TPS cover sheet - True positive failure - False acceptance - True negative failure

False acceptance

_____ provides security templates for various systems.

FedRAMP

This device uses a set of rules about what traffic will be allowed to enter or leave a network. - Content filter - Firewall - Data loss prevention - Network intrusion detection and protection

Firewall

This system monitors the host operating system's logs, including processing, memory usage, file structures, and accesses or merely attempted accesses to files, functions, and network ports, looking for abnormal behavior. - NIDS - EDR - HIDS - SIEM

HIDS

These sorts of anti malware and intrusion detection systems build a model of acceptable baseline behavior, use inference engines to make decisions on what they detect, and flag exceptions to that model? - Mapping Based - Prevention Based - Signature Based - Heuristic based

Heuristic based

These sorts of antimalware and intrusion detection systems build a model of acceptable baseline behavior, use inference engines to make decisions on what they detect, and flag exceptions to that model. - Signature based - Heuristic based - Host based - Network based

Heuristic based

A message alerting a user to a non-existent threat, which may falsely indicate malware infection and cause them to perform tasks to actually expose their system to actual malware. - Hoaxware - Remote Access Trojan - Payload propagation - Honeypot

Hoaxware

Which of the following cameras provides the ability to maintain a degree of secrecy by using illumination that is undetectable by a human eye? - Infrared security camera - color camera - CCD camera - Black-and-white camera

Infrared security camera

What does it mean when a virus is wormable? - It gets up early - It is easy to find and kill - It is devious - It can propagate by itself

It can propagate by itself

Which component is considered the core of the operating system? - Kernel - System call interface - Security module - Hardware

Kernel

The process of issuing keys to valid users of a cryptosystem so that they can communicate. - Substitution - Key distribution - Symmetric - Decryption

Key distribution

This device can be used to record and store input into a computer system. - Bluetooth transmitter - KVM switch - LCD display - Key logger

Key logger

_____ is a type of security device used for programming, controlling, and operating access control and management devices. - Stingray - Keypad - Multimeter - TI-85+

Keypad

_____ is a type of security device used for programming, controlling, and operating access control and management devices. - Multimeter - Stingray - Keypad - TI-85+

Keypad

A password, passphrase, or PIN are examples of which authentication factor? - Possession - Location - Inherence - Knowledge

Knowledge

Which layer of the OSI model represents the human user of a network application? - Layer 4 - Layer 2 - Layer 0 - Layer 8

Layer 8

Which are viable ways that attackers can hide their conduct from network security appliances? - Unique patterns - Encryption - Operator fatigue - Packet fragmentation attack - Payload obfuscation

Literally all of them

These sorts of risks are those that might have simple to effect mitigations, like putting on a seat belt, looking twice before crossing the street, or tying your shoes. - High likelihood, Low impact - Low likelihood, High impact - Moderate likelihood, High impact - Low-hanging fruit

Low-hanging fruit

In which type of network attack to attackers update their own MAC addresses with the target's MAC address to cause a switch to forward traffic to both locations? - Man-in-the-middle - N/A - This is not possible - MAC duplicating - MAC flooding

MAC duplicating

Which organization manages and maintains the Common Vulnerabilities & Exposures database? - MITRE Corporation - Hewlett Packard Enterprise - Northrop Grumman - Lockheed Martin

MITRE Corporation

Dividing processing tasks or programs into subtasks that have a single purpose, small enough to understand, with as simple logic as possible, and with independent execution, to avoid things like race conditions. - Modularity - Farming - Project management - Compartmentalization

Modularity

This system receives logs from firewalls and other network equipment, including from the operating systems of connected computers. Also, this system can operate in stealth mode, passively as if it's merely a bump on the wire, and hidden from the detection of an attacker. - HIPS - EDR - SIEM - NIDS

NIDS

NICE stands for

National Initiative for Cybersecurity Education

NIST stands for

National Institute of Standards and Technology

Network managers plan for changes in traffic load using which of the following mechanisms or tactics? - Network load balancing - Shunning - Heuristic based scanning - Capacity planning - Network protocol analysis

Network load balancing, Shunning, Capacity planning

What is OODA? - Available - Orient - Observe - Debate - Act - Decide - Authentication - Awareness - Options - Open

Observe, Orient, Decide, Act

The part of your computer that is the environment architecture, which abstracts the low-level interfaces to bare processing hardware or peripherals. It allows convenient use and interfaces to the user and hides the tedious low-level stuff, to include resource scheduling and allocation, memory management, deadlock avoidance, and interfaces for low-level hardware - Operating System - The Stack - Buffer boundary - Memory Transit Authority

Operating System

Which are viable ways that attackers can hide their conduct from network security appliances? - Signature reuse - Capacity planning - Packet Fragmentation Attacks - Operator fatigue - Denial of Service attacks

Packet Fragmentation Attacks, Operator fatigue, Denial of Service Attacks

Otherwise known as red team or tiger team analysis, uses a team of experts that try to crack the target system. - Penetration - Assurance - End-to-End - Verification

Penetration

Several factors can be used to identify someone as an Insider Threat. These include: - Personal - Behavioral - Authority - Security Model - Organizational - Liking

Personal, Behavioral, and Organizational

Which of the following is the most fundamental step in providing physical security for network connectivity devices? - Placing devices in secure wall cabinets or locating them within the security of the server room to provide physical protection - Resetting the manufacturer's default passwords - Disabling any management features that are not needed - Configuring device management settings so that required features are as secure as necessary to provide the performance level needed

Placing devices in secure wall cabinets or locating them within the security of the server room to provide physical protection

A smart card, token, or identification device are examples of which authentication factor? - Inherence - Possession - Knowledge - Location

Possession

Several types of internal controls exist. They include: - Standards - Ethics - Preventative - Corrective - Detective

Preventative, Corrective, Detective

This sort of malicious activity is where a legitimate file is replaced by a different and potentially malicious file. - Cross Site Scripting (XSS) - Man-in-the-Browser (MitB) - Program download substitution - Drive-by-download

Program download substitution

When a virus is labeled as 'wormable' it implies that it does what? - Is harmless until clicked - Allows remote access - Propagates independently - Known but unpatched

Propagates independently

This server type allows clients to dial into a computer from a remote site, even if they are not connected to a LAN. - RAS - SAN - NAS - FTP

RAS

Malware that makes multiple copies of itself on a single computer until it clogs the system. - Stuxnet - Slammer - Rabbit virus - Remote Access Trojan

Rabbit virus

In Robert Cialdini's Principles of Persuasion, he discusses factors in which we may be more apt to respond favorably to persuasion or influence. In this context, the term used for your obligation to give when you receive is: - Reciprocity - Commitment - Liking - Authority

Reciprocity

Term used for your obligation to give when you receive is: - Commitment - Authority - Liking - Reciprocity

Reciprocity

An independent group that challenges an organization to improve its effectiveness by assuming an adversarial role. - Red team - Blue team - Open source intelligence - Black hat conference

Red team

_____ are technologies used to report alarm conditions to key personnel or remote monitoring organizations. - Remote notification systems - Force sensors - Keypad - Unlocked condition monitoring

Remote notification systems

_____ are technologies used to report alarm conditions to key personnel or remote monitoring organizations. - Unlocked condition monitoring - Remote notification systems - Force sensors - Keypad

Remote notification systems

In the STRIDE model, what does the 'R' stand for? - Review - Repudiation - Revocable - Reliability

Repudiation

NIST CSF Core - Respond - Protect - Compliance - Recover - Detect - Identify

Respond Protect Recover Detect Identify

Enumerate the probability and impact of each risk describes which step in the Risk Management process? - Control Evaluation - Risk Identification - Risk Analysis - Control Monitoring

Risk Analysis

Enumerate the probability and impact of each risk describes which step in the Risk Management process? - Privilege of Access - Recovery Steps - Risk Analysis - Threat Ranking

Risk Analysis

A persuasive argument based on the short supply of a good for sale is an example of: - Consistency - Reciprocity - Liking - Scarcity

Scarcity

In Robert Cialdini's Principles of Persuasion, he discusses factors in which we may be more apt to respond favorably to persuasion or influence. A persuasive argument based on the short supply of a good for sale is an example of: - Scarcity - Consistency - Liking - Reciprocity

Scarcity

These appliances gather logs from various devices (servers, firewalls, routers, etc.) and attempt to correlate the log data and provide analysis capabilities. - Network Intrusion Detection and Prevention System (NIDPS) - Host based Intrusion Prevention System (HIPS) - Security Information and Event Management (SIEM) - Incident Response System (IRS)

Security Information and Event Management (SIEM)

In Bruce Schneier's Ted Talk, he discusses the Security Mirage. He discusses how our feeling of security chases our model of security, which chases the reality of our security. In some cases, the security model and security reality don't match up, but yet we tend to feel secure. What is this called? - Threat Modeling - Cognitive Disonance - Security Trade Off - Security Theatre

Security Theatre

In some cases, the security model and security reality don't match up, but yet we tend to feel secure. What is this called? - Security Trade Off - Threat Modeling - Cognitive Disonance - Security Theatre

Security Theatre

These sorts of antimalware and intrusion detection systems perform simple pattern-matching functions and report or act on situations when there's a match. - Anomaly based - Heuristic based - Honeypot based - Signature based

Signature based

Defined as the level of confidence that software is free from vulnerabilities and that it functions in the intended manner. - Software Development Life Cycle - Risk Management Model - Software Assurance - Information Assurance

Software Assurance

Which cloud service model does this describe? Provider gives users access to specific application software (CRM, e-mail, games). The provider gives the customer's network-based access to a single copy of an application created specifically for SaaS distribution and use. - Software as a Service (SaaS) - Infrastructure as a Service (IaaS) - Platform as a Service (Paas) - Security as a Service (SaaS)

Software as a Service (SaaS)

Which are factors of authentication?

Something you have Something you are Something you know

The lecture mentioned this product as a popular example of a SIEM. - Splunk for Security - ESET Enterprise Inspector - McAfee Enterprise Security Manager - Norton Internet Security

Splunk for Security

In the STRIDE model, what does the 'S' stand for? - Security - Situational awareness - Systems - Spoofing

Spoofing

This famous worm was created by an advanced persistent threat group known as the Equation Group to find and disable specific nuclear enriching centrifuges. - Wannacry - CryptoLocker - Stuxnet - Mirai botnet

Stuxnet

This cryptographic primitive describes the replacement of a character or set of bits with another character or set of bits. - Sophistication - Transposition - Substitution - Heuristic

Substitution

This form of cryptography uses the same key to encrypt as it does to decrypt. - Caesar cipher - Symmetric - Turing and Flowers - Asymmetric

Symmetric

_____ employs structures, systems, and devices to prevent unauthorized entry and create a clear difference between what is public and private. - Common sense security - Territorial reinforcement - Logical security - Natural access control

Territorial reinforcement

In the lecture, when referring to Cloud Service Providers (CSP) seeking to meet possibly over-stringent regulatory compliance standards, your instructor described them as a high-water mark. What does the adoption of such a standard provide to reassure its clients and potential clients? - The water level at the highest recorded point - Getting more than they paid for - Getting less than they paid for - The lowest acceptable risk level

The lowest acceptable risk level

When referring to Cloud Service Providers (CSP) seeking to meet possibly over-stringent regulatory compliance standards, your instructor described them as a high-water mark. What does the adoption of such a standard provide to reassure its clients and potential clients? - Getting more than they paid for - The lowest acceptable risk level - The water level at the highest recorded point - Getting less than they paid for

The lowest acceptable risk level

Securing which of the following involves controlling who can move (walk, drive, fly) across the physical or logical line that marks this perimeter, such as property lines or the exterior walls of a building or complex? - The interior space - The primary zone - The outer perimeter - The inner perimeter

The outer perimeter

_____ is a condition monitoring system that can record and signal each time a specific gate or door is unlocked (access granted) and what type of access is granted. - Force sensor monitoring - Photo-electric monitoring - Open condition monitoring - Unlocked condition monitoring

Unlocked condition monitoring

_____ is a condition monitoring system that can record and signal each time a specific gate or door is unlocked (access granted) and what type of access is granted. - Open condition monitoring - Force sensor monitoring - Photo-electric monitoring - Unlocked condition monitoring

Unlocked condition monitoring

Tests the system or execution "correctness", optimal and boundary conditions, or tries to break the system or the unit under test. - Verification - Penetration - End-to-End - Assurance

Verification

This service creates a secure tunnel between a set of routers or between an application and its server. - Virtual Private Network - Remote Access Service - Secure Shell - Remote Desktop Protocol

Virtual Private Network

Defined as the exploitation of an unknown vulnerability or a known but unpatched vulnerability. - Black Hat conference - Common weakness exploitation - Zero Day Initiative - Zero-day attack

Zero-day attack


Ensembles d'études connexes

Digital Marketing Exam 2 (CH 4,6,7,8,9,10,12)

View Set

End of Semester Test: Algebra 2A - Plato

View Set

Chapter 47: Caring for Clients with Disorders of the Liver, Gallbladder, or Pancreas

View Set

SPI Review Edelman Ultrasound Physics

View Set

Mastering Biology Chapter 11 Test #2

View Set