Applied Cybersecurity Midterm Review

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

which is an example of modern day malware and primarily used to coordinate malicious activity at a large scale? (A) Rootkits (B) Trojan Horse (C) Botnets

Botnets

Alice sends Bob an encrypted message, but he cannot read the contents without a decryption key. What form is the message in while it is encrypted? (A) Keys (B) Ciphertext (C) Plain text (D) Algorithm

Ciphertext

A perpetrator inserts the sleeve into the card slot of an ATM. With a customer attempt to make a transaction in inserts are credit card, it sits in the sleeve, out of sight from the customer, who thinks that the machine has malfunction. After the customer leaves, the perpetrator can then remove the sleeve with the victims card in it. This is what type of attack? (A) Skimmer (B) Fake ATMs (C) Lebanese loop

Lebanese loop

What is the name of an executable program that is embedded in a document and can be used for malicious purposes? (A) Micro Virus (B) Macro Virus (C) Boot sector virus

Macro virus

Assurance refers to how trust is provided and managed in computer systems. Which of the following is trust management not dependent upon? (A) Passwords (B) Policies (C) Protections (D) Permissions

Passwords

If Alice wants to send an encrypted message to Bob using symmetric encryption, which type of key must they use? (A) Shared Secret Key (B) Public Key (C) Private Key (D) Both Private and Public Key

Shared Secret Key

In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate? (A) The source address field (B) The checksum field (C) The destination address field (D) The source port field

The source address field

Malware is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. True or False

True

When using a biometric device for authentication purposes, a biometric sample is converted into a feature vector and that vector is compared against a stored reference vector. If the similarity is good enough, then the biometric sample is excepted as being a match. true or false

True

What type of malware is able to spread copies of itself without the need to inject itself into other programs? (A) Rootkit (B) Trojan Horse (C) Worm (D) Botnet

Worm

This version of a botnet is a toolkit for building and deploying a customized Trojan botnet. An attacker can customize the payload of the attack to be deployed and the type of information to capture during the attack. Available payloads include not only classic spyware, but also more sophisticated attacks, such as grabbing usernames and passwords only for specific web sites specified by the attacker. This botnet has been used extensively to steal credentials for social network sites, banking sites, and shopping sites. What is the name of this botnet? (A) Sality (B) Zeus (C) Mocmex (D) Code Red

Zeus

What does the acronym A.A.A. stand for? (A) Assurance, Alteration, Anonymity (B) Assurance, Authenticity, Anonymity (C) Assurance, Authentication, Anonymity (D) Assurance, Access Control, Anonymity

Assurance, Authenticity, Anonymity

Which of the following is not an example of a social engineering attack? (A) Buffer Overflow (B) Pretexting (C) Baiting (D) Quid Pro Quo

Buffer overflow

In order for an attacker to control bots from the bot herder, what type of model does the attacker need to establish? (A) Command and Control (B) Worm Propagation (C) Zero-day attacks

Command and Control

____________ is a tactic where a person registers a domain name in anticipation of that domain being desirable or important to another organization, with the intent of selling the domain to that organization for what can sometimes be a significant profit. (A) Top-level domain (B) Tunneling (C) Authoritative name server (D) Cybersquatting

Cybersquatting

An attacker that monitors the power consumption of a processor to statistically analyze the recorded information in an effort to reveal details about the crypto system of the underline cryptographic key is known as what type of attack? (A) Emendation attack (B) Differential power analysis (C) Social engineering (D) Smart card cloning

Differential power analysis

What is the correct order or the virus life cycle? (A) Dormant, Action, Propagation, Triggering (B) Action, Dormant, Propagation, Triggering (C) Dormant, Propagation, Triggering, Action (D) Dormant, Propagation, Action, Triggering

Dormant, Propagation, Triggering, Action

Malware is used to attack software systems. Malware is short for what two words? (A) Manipulating Software (B) Malevolent Software (C) Mischievous Software (D) Malicious Software

Malicious Software

Given the IP Address: 192.168.2.128 and the Subnet mask: 255.255.255.0 Which part of the IP address identifies the particular device in the network? (A) 2.128 (B) 192.168 (C) 192.168.2 (D) 128

128

Given the IP Address: 192.168.2.128 and the Subnet mask: 255.255.255.0 What is the broadcast address? (A) 10.10.10.10 (B) 192.168.2.255 (C) 255.255.255.1 (D) 192.168.255.255

192.168.2.255

Which model is useful for determining access control rights, but lacks scalability? (A) Role-Based Access Control (RBAC) (B) Access Control Lists (ACL) (C) Access Control Matrices (D) Capabilities

Access Control Matrices

Which is not part of the ten security principles? (A) Psychological Acceptability (B) Open Design (C) Access Control Models (D) Economy of Mechanism (E) Complete Mediation (F) Least Privilege (G) Fail-Safe Defaults (H) Work Factor

Access control models

Which protocol translates IP address into MAC address? (A) Memory Access Card Protocol (B) User Datagram Protocol (UDP) (C) Address Resolution Protocol (D) None

Address Resolution Protocol

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? (A) SYN Flood (B) Brute Force attack (C) Address Resolution Protocol(ARP) poisoning (D) Internet Protocol (IP) spoofing

Address Resolution Protocol (ARP) poisoning

Secure Shell (SSH) network protocol is used for: (A) Issuing remote commands (B) Secure file transfer (C) All of the mentioned (D) Secure access for automated processes

All of the mentioned

Developing a worm is a complex project consisting of numerous tasks. One of the tasks is to identify a vulnerability still unpatched in a popular application or operating system. ___________ ___________ vulnerabilities are among the most common ones exploited by worms. (A) Trap Doors (B) Trojan Horse (C) Root Kits (D) Buffer overflows

Buffer overflows

Similar to a hash function that can be used to verify the integrity of data, what important principle is used in computer forensics to ensure the contents collected during an investigation remain unaltered? (A) password cracking (B) Chain of custody (C) Live CD boot (D) Cold boot attack

Chain of custody

During the encryption process, an encryption algorithm converts the plaintext into what? (A) Cryptosystem (B) Ciphertext (C) Private Key (D) Encryption Key

Ciphertext

Which of the following is not an example of emanation blocking? (A) Closed-circuit television (B) Windowless room (C) Electrical grounding (D) Sound dampening materials

Closed circuit television

Commonly referred to as the C.I.A. Triad in cybersecurity, what security goals represent the acronym C.I.A.? (A) Confidentiality, Integrity, Authenticity (B) Confidentiality, Integrity, Availability (C) Ciphertext, Integrity, Availability (D) Confidentiality, Integrity, Assurance

Confidentiality, Integrity, Availability

Your company is experiencing a large increase in brute force password attacks lately. What type of attack is being used to get mini passwords in a short amount of time? (A) Buffer overflow (B) Pretexting (C) Social engineering (D) Dictionary attack

Dictionary attack

Which of the following is an application layer protocol that is responsible for resolving domains names to IP addresses on the Internet? For instance, in order for you to connect to an Internet web server from your mobile phone web browser, you enter a website address and then a certain protocol is used to translate that website address into an IP address. (A) Transmission Control Protocol (TCP) (B) Domain Name System (DNS) (C) Address Resolution Protocol (ARP) (D) Hypertext Transfer Protocol (HTTP)

Domain Name System (DNS)

You are hired as a Cybersecurity Consultant. The client wants to know which method should be used to protect the contents of their messages in the event someone is intercepting their information. Which method should you recommend to protect the contents of the message if it is intercepted via eavesdropping? (A) Physical Security (B) Access Control (C) Authentication (D) Encryption

Encryption

A computer worm is a malware program that spreads copies of itself without the need to inject itself in other programs, but worms DO require human intervention in order to spread to other computer systems. True or False

False

According to Fail-Safe defaults principle, the mobile applications should sometimes prioritize usability over security? true or false

False

Audio recordings of keystrokes and spinning hard disk drives cannot be used as an attack to determine what data is being entered or processed. True or false

False

Hardware keyloggers, such as a USB key logger, can only be used after the operating system is fully booted. True or false

False

Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address. True or False

False

Symmetric encryption is being considered by a company to use for protecting their data, but they're concerned about how long it will take to encrypt the data because it is slower than asymmetric encryption. Is it accurate that symmetric encryption is slower than asymmetric? true or false

False

Video monitoring systems are effective physical intrusion detection tools whose main goal is prevent attacks. True or false

False

When using Public Key Encryption, it is recommended security practice to share the Private Key with other people true or false

False

To block electromagnetic emanations in the air, we can surround sensitive equipment with metallic conductive shooting or a mesh of such material, or the holes in the mesh or smaller than the wave length of the electromagnetic radiation. This is what type of emanation mitigation? (A) Wiretapping (B) UV protection (C) Security by obscurity (D) Faraday cage

Faraday cage

You are hired as a Cybersecurity Penetration Tester for Company A. They want you to gather as much information as possible about their network. Which technique will allow you to determine which ports are open, which services may be running on the company network, and what version operating systems are in use? (A) Encapsulating Security Payload (ESP) (B) DNS Cache Poisoning (C) Tunneling (D) Fingerprinting

Fingerprinting

What is the correct order of phases when a hacker is planning an attack on a target? (A) Covering Tracks and Placing Backdoors, Footprinting, Scanning, and Enumeration, Gaining Access (B) Gaining Access, Footprinting, Scanning, and Enumeration, Covering Tracks and Placing Backdoors (C) Footprinting, Scanning and Enumeration, Gaining Access, Covering Tracks and Placing Backdoors (D) Handprinting, Gaining Access, Scanning and Enumeration, Covering Tracks and Placing Backdoors

Footprinting, Scanning and Enumeration, Gaining Access, Covering Tracks and Placing Backdoors

You are hired as an auditor to verify the integrity of financial data for a company. Which option should you use to compute the checksum of the data? (A) Hash Function (B) Shared Secret Key (C) Brute-Force Decryption (D) Digital Certificate

Hash function

An attacker intercepted data and modified the time stamp of a file to cover their activities. Which security goal is compromised by modifying the time stamp of the file? (A) Availability (B) Integrity (C) Confidentiality (D) Assurance

Integrity

Rootkits are sneaky, but they are not impossible to detect. User mode rootkits can be detected by checking for modifications to files on disk. On Windows, important code libraries are digitally signed, so that any tampering would invalidate the digital signature and be detected. Another commonly employed technique is to periodically compute a cryptographic hash function for critical system components while the system is offline. This hash can be recomputed while the system is online, and if the hashes do not match, then a rootkit may be altering these files. In addition, kernel mode anti-rootkit software can detect code injection in system processes. If the cryptographic hashes do not match, then the rootkit violated which of the three primary security principles? (A) Confidentiality (B) Assurance (C) Availability (D) Integrity

Integrity

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? (A) Transmission Control Protocol(TCP) (B) Hypertext Transfer Protocol(HTTP) (C) Internet Control Message Protocol (ICMP) (D) User Datagram Protocol (UDP)

Internet Control Message Protocol (ICMP)

As the Chief Information Security Officer at a large organization, you task your team to implement a system (software or hardware) that can be used to detect signs of malicious activity on the company network and on individual computers. This system should compile real-time data about the functioning of network components and computers. That real-time data should then be processed against site policies that define probable incidents. (Hint: three words)

Intrusion Detection System

Alice and Bob are communicating on the network and noticed that their data is being intercepted, modified, and re-transmitted in an unauthorized manner. What type of alteration attack is occurring to their communications? (A) Repudiation (B) Denial of service (DoS) (C) Masquerading (D) Man-in-the-middle attack (MITM)

Man-in-the-middle attack (MITM)

The task of the _______ layer, which is also known as the Internet layer for the Internet, is to provide for the moving of packets between any two hosts, on a best effort basis. (A) Network (B) Application (C) Physical (D) Transport

Network

One way to detect a _________ virus is to focus on the fact that it must use a different encryption key each time the virus encrypts and replicates itself. This choice implies that the body of the virus must also include generic code for an encryption algorithm, so that it can encrypt copies of itself with new keys. A _________ virus might still have a signature related to its ability to encrypt itself. The encryption code may itself initially be encrypted, so a virus detection algorithm would, in this case, have to identify this decryption code first. (A) Polymorphic (B) Biomorphic (C) Unimorphic (D) Metamorphic

Polymorphic

Bob wants to digitally sign a message to send to Alice. In order for Bob to digitally sign the message, he encrypts the message using his ______. The created message can be decrypted using ______. (A) Public Key, Alice's Private Key (B) Private Key, Bob's Public Key (C) Public Key, Bob's Private Key (D) Private Key, Alice's Public Key

Private Key, Bob's Public Key

You are hired as a cyber security consultant to implement digital signatures. Which encryption model will provide a method for performing digital signatures? (A) Shared secret (B) Public Key (C) Symmetric Key (D) Hash Functions

Public Key

You are hired as the Chief Information Security Officer (CISO) at a company and tasked with defending against insider attacks. There have been rampant issues with employees in the software development team performing various methods of insider attacks. You are creating a new policy to help limit these types of attacks. From the list below, which of the following is not recommended for defending against insider attacks? (A) Avoid single points of failure (B) Limit Authority and reporting tools (C) Control software installations (D) Publish unverified code

Publish unverified code

Once __________ code is loaded into the kernel, several techniques may be employed to achieve stealth. One of the most common methods is known as function hooking. Because the __________ is running with kernel privileges, it can directly modify kernel memory to replace operating system functions with customized versions that steal information or hide the existence of the __________. (A) Rootkit (B) Virus (C) Trojan Horse (D) Worm

Rootkit

An attacker wants to overwhelm a server on the network by exploiting the Transmission Control Protocol (TCP) three-way handshake connection. Which of the following network attacks will overload servers and deny access to legitimate users? (A) Man in the Middle (B) Brute Force (C) Smurf (D) SYN Flood

SYN Flood

Another heuristic for combating zero-day attacks is to run programs in an isolated run-time environment that monitors how they interact with the "outside world." Potentially dangerous actions, like reading and writing to existing files, writing to a system folder, or sending and receiving packets on the Internet, are flagged. A user running such a detection program in the background would be alerted each time an untrusted program performs one of these potentially unsafe actions. Such a run-time environment, which is a type of virtual machine, is sometimes referred to as a ____________. (A) Botnet (B) Hash function (C) Sandbox (D) Trojan Horse

Sandbox

Techniques used by hackers to secretly read information on the users screen either by physically viewing the data, installing small cameras to capture the information as it is being read, or using binoculars to view a victims monitor through an open window is what type of eavesdropping method? (A) Forensics (B) Wiretapping (C) Keylogger (D) Shoulder surfing

Shoulder surfing

A door with a highly secure lock does little good if the door can be removed by unscrewing its hinges. What is this type of attack called?(A) Privilege Escalation (B) Wiretapping (C) Side-channel attack (D) Eaves dropping

Side channel attack

_______ is a device that reads and stores magnetic stripe information on a card is swiped. An attacker can install a _______ over the card slot of an ATM and stores customers credit information without their knowledge. Later, this information can be retrieved and use to make duplicates of the original cards. (A) Skimmer (B) Lebanese Loop (C) Fake ATMs

Skimmer

If a company wants to implement a firewall that can tell when packets are part of legitimate sessions originating within a trusted network and maintain tables containing information on each active connection, which type of firewall should they implement? (A) Application Firewall (B) Stateless Firewall (C) Stateful Firewall

Stateful Firewall

Which of the following is not a candidate for biometric identification? (A) Facial recognition (B) Strong password (C) DNA (D) Fingerprints

Strong password

You are responsible for configuring access control for a new group of users in your organization. What type of access control elements are the group and the users considered? (A) Access rights (B) Object (C) Subject

Subject

What type of malware appears to perform some useful task, but also does something harmful? (A) Phishing (B) Rootkit (C) Trojan Horse (D) Worm

Trojan horse

A Cybersecurity team is deciding which type of encryption to use for a large company. They decided to use Public Key Encryption instead of Symmetric Key Encryption because the Public Key Encryption model requires fewer overall keys to be maintained within the large company. Is that an accurate statement? true or false

True

A backdoor is a hidden feature or command in a program that has been embedded by a programmer and can be activated by the attacker True or False

True

A bot or a bot zombie is a compromised computer under the control of an attacker. True or False

True

A common technique by an attacker to bypass malware scanners is to encrypt the virus to make it harder for the antivirus or malware software to identify the virus. True or False

True

A company that is inundated with ICMP echo requests, also known as a ping flood attack, so that legitimate customers can no longer establish a connection to the company is an example of a Denial of Service, or DoS attack. True or False

True

A honeypot can be used as a tool to detect intrusions, including port scans, where a computer is used as "bait" to lure intruders into thinking they've gained access to important resources. True or False

True

A network engineer is experiencing IPv4 exhaustion and running out of available public IPv4 addresses to assign to connected devices on the network. The network engineer should implement Network Address Translation (NAT) to mitigate the IPv4 exhaustion problem and use private IP addresses internally within the company network. True or False

True

A security consultant recommends a government agency use IPsec tunnel mode to transfer data because the entire original packet, including the header and payload, are encrypted whereas the transport mode only encrypts or authenticates the payload of the packet and not the header. Is this an accurate recommendation? True or False

True

A security developer wants to program a new application to send data using a protocol that is reliable and guarantees delivery of all packets in an ordered fashion. While User Datagram Protocol (UDP) is faster, the developer chooses Transmission Control Protocol (TCP) because it meets the reliability requirements. Is this a good choice by the developer? True or False

True

A trusted authority that issues certificates is called a certificate authority (CA). true or false

True

An employee at your company is planning a security breach. They are part of the organization that controls and builds software and assets that other employees attempt to protect. This is an example of an insider attack. True or false

True

Because RFID chips operate using radio waves, they can release information without the need for direct physical contact. true or false

True

Bob suspects Internet Protocol packet header values are being modified in transit on the network. Bob should check the header checksum value to verify whether the packet is error free. True or false

True

Company A partners with Company B and needs to send data securely between their data centers to prevent eavesdropping. The security engineers from both companies recommend using a tunneling protocol to encrypt the traffic. Will a tunneling protocol help the companies avoid eavesdropping and encrypt data transferred between the two companies? True or False

True

Computer viruses resemble the anatomy of biological viruses. One of the terms used to describe the vulnerabilities that malware exploit to perform their attacks are called vectors True or False

True

Eve the attacker wants to capture network traffic on an open WiFi connection to collect usernames and passwords. In order for Eve to capture that traffic, promiscuous mode must be enabled to capture traffic between other hosts on a network. True or false

True

Experts study the infected files looking for code fragments that are unique to a particular virus. This helps them to create a virus signature. True or False

True

Human guards are susceptible to social engineering attacks and may grant and attacker access to a highly secure environment. True or false

True

In Role Based Access Control (RBAC) model, administrators define roles before specifying access rights. true or false

True

In regards to access control, one of the best ways to defend against the attacks is to prevent them in the first place. true or false

True

Jill lives in an apartment complex. She does not put a password on her WiFi and thus allows any of her neighbors into her local area network. With this configuration, Jill is setting herself up for ARP spoofing attack. True or false

True

Kerchkhoff's principle states that all aspects of cryptosystems can be opened and shared, but the private key must be kept secret. true or false

True

Smart cards provide more secure authentication mechanisms than magnetic stripe cards. true or false

True

The CEO of company ABC hired a penetration test to expose any vulnerabilities in their environment. The penetration tester completes many steps to conduct the vulnerability assessment such as footprinting, scanning, and gaining access to systems. After the test is complete, the last phase is to produce the final report and documentation. True or False

True

The GSM challenge response protocol is used to allow a cell phone, using its Sim card, to communicate to the network providers base station? True or false

True

The security goal of ensuring information is accessible for authorized users is called availability True or false

True

The three main components of a computing environment our electricity, temperature, and limited conductance. true or false

True

You are an employee and a student at a University that has implemented role-based access control (RBAC). Can you be a member of more than one roll at a time, such as the student role and the employee role? true or false

True

Which of the following is not an example of a rootkit characteristic? (A) modifies the operating system to hide its existence (B) Easy to detect (C) A special kind of memory-resident virus

easy to detect

According to open design principle, we should keep cryptographic algorithms secret to achieve the confidentiality goal. true or false

false

A zero-day attack is an attack that exploits a vulnerability that was previously unknown, even to the software designers who created the system containing the vulnerability. True or false

true

Identity is based on a combination of three things: something that a person has, something the person knows, and something the person is. true or false

true

Mallory is an attacker that wants to use IP Spoofing in her next attack on company A. In order for Mallory to conduct the attack with IP Spoofing, she needs to send packets from an IP address that appears to originate from another IP address. True or false

true

The self-replication property is what distinguishes computer viruses from other kinds of malware, such as logic bombs. True or false

true

What type of passive attack involves an attacker eavesdropping on network traffic by monitoring electrical impulses? (A) Social engineering (B) shoulder surfing (C) Wiretapping (D) Phishing email

wire tapping


संबंधित स्टडी सेट्स

Chapter 12 Nutrition and Fitness

View Set

Chapter 10: Drug Therapy in Pediatric Patients

View Set

Ch 18 Management of Patients with Upper Respiratory Tract Disorders

View Set

3.2: Constitutional Monarchy in England

View Set