CyberSecurity 1, 2, 3, 4, 5
Which methods help to ensure data integrity? Checksum Version control Authorization Repudiation
Checksum Version control
______________ access involves steps taken to ensure that attacker can return to the system later to perform more damage.
Maintaining
What is the term for custom code tailored to achieve a desired effect on a system, such as a reverse shell?
Shellcode
What is the challenge associated with Symmetric Key encryption? a) Secure delivery of the key to trusted parties b) Not all operating systems support it c) It is too computatoinally intensive for most systems d) Secure delivery of the algorithm to trusted parties
a) Secure delivery of the key to trusted parties
What principle prevents the disclosure of information to unauthorized people, resources, and processes? a) confidentiality b) integrity c) availability d) nonrepudiation
a) confidentiality
What kind of backup requires the last FULL backup, and only the most recent back up since the full, to do a restore? a)Differential b)Segmented c)Incremental d)Full
a)Differential
Which is NOT an example of physical security? a)Firewall b)Door lock c)Closed Circuit Cameras d)Guard dog
a)Firewall
Which term is associated with AUTHORIZED testing of a system's vulnerabilities: a)Penetration Testing b)Hacking c)Scanning d)Risk
a)Penetration Testing
Which tool is a packet sniffer that can be used to listen to traffic on a network segment? a)Wireshark b)Nmap c)Linux d)SNMPWalk
a)Wireshark
Why does an organization need Cyber Security? (select all that apply) Question options: a. To protect the data the organization collects and uses b. To enable the safe operation of applications implemented on the organization's IT systems c. To protect the organization's ability to function d. To endanger the technology assets in use at the organization
a,b,c
A virus that has infected your computer system can (select answers that apply): a. Provide criminals with access to your computer and contact lists. b. Scan and find personal information like passwords on your computer. c. Delete your files. d. Annoy you with unwanted junk mail.
a. Provide criminals with access to your computer and contact lists. b. Scan and find personal information like passwords on your computer.
The purpose of a security attack is typically for the following reason(s) a. To gain unauthorized access b. To cause harm to people's assets c. To report people to the authorities d. To cause bodily harm to people
a. To gain unauthorized access b. To cause harm to people's assets
What are the three states of data? (select all that apply) a. at rest b. in-transit c. in-cloud d. in-process
a. at rest b. in-transit d. in-process
What are the three foundational principles of the cybersecurity domain? (select all that apply) a. availability b. confidentiality c. integrity d. encryption
a. availability b. confidentiality c. integrity
An untrained employee is what kind of a threat actor? a) Malicious insider b) Ignorant insider c)Hacker d)Cracker
b) Ignorant insider
What does the first dimension of the cybersecurity cube identify? Question 1 options: a) tools b) goals c) safeguards d) rules
b) goals
Which of the following is NOT a type of hacker? a)White hat b)Red hat c)Black hat d)Gray hat
b)Red hat
For the purpose of authentication, what methods are used to verify identity? (select all that apply) a. where you are b. what you have c. what you are d. what you know
b. what you have c. what you are d. what you know
Which attack method requires the use of very large text files to exploit a system? a)Debugger b)Network Scanner c)Password Cracker d)Reverse Engineering
c)Password Cracker
Some of the Common Frameworks include: a) International Standards Organization (ISO) b) National Institute for Standards and Technology (NIST) c) Control Objectives for Information and Related Technology (COBIT) d) All of the above
d
What service determines which resources a user can access along with the operations that a user can perform? a) accounting b) authentication c) biometric d) authorization
d) authorization *
Which of the following is an example of system hardening? a)Using complex passwords b)Putting a password on the BIOS c)Turning off unused services d)All of the above
d)All of the above
Which step of the hacker methodology is totally passive and involves no direct interaction with the target system? a)Maintaining access b)Privilege escalation c)Scanning and enumeration d)Reconnaissance
d)Reconnaissance
Which of the following is NOT an action an IPS would take to prevent an attack? a) Shut down a port b)Create a firewall rule c)Shut down a service d)Send a buffer overflow to the attacking system
d)Send a buffer overflow to the attacking system
A risk is the chance that a vulnerability on a system will be ___________.
exploited
A virus is a purposefully hidden malicious or damaging code within an authorized computer program. True False
false
Authentication is guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. True False
false
Containment is the means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature. True False
false
Cyber Terrorists are financially motivated and tries to steal your money. True False
false
Network Defense is generally easier than Network Offense because you have less threats to consider. True False
false
Security policies addresses how someone can connect to the organizations network from home or while traveling True False
false
System misconfigurations are not a threat to security of the company's computer systems True False
false
What is the most basic cyber defense tool?
firewall
A Cyber Security framework is a series of documented, agreed and understood policies, procedures, and processes. True False
true
A set of cybersecurity activities, desired outcomes, and applicable references is called a framework core. True False
true
A stateful firewall looks at network traffic in the context of other incoming network traffic. True False
true
A threat actor is a person or a system that causes a security attack. True False
true
IT certifications are used extensively in the IT industry to show that someone has a baseline of technical skills and are used by companies in hiring decisions. True False
true
People are the most important part of an effective security countermeasure operation. True False
true
Social Media sites such as facebook or twitter can be used to cause a security attack. True False
true
Spoofing often imitates a legitimate website to gather personal information. True False
true
Tactical Threat Intelligence tries to understand the Tactics, Techniques, and Procedures of threat actors. True False
true
The National Institute for Standards and Technology (NIST) develops tests, test methods, reference data, proof-of concept implementations, and technical analyses to advance the development and productive use of information technology. True False
true
The script kiddies are less savvy threat actors than the hackers True False
true
Two-factor authentication is the use of two independent mechanisms for authentication, (e.g., requiring a smart card and a password) typically the combination of something you know, are or have. True False
true
Using secure programming techniques when writing software is a good security best practice True False
true
A vulnerability is a weakness or flaw in a system that can be exploited. True False
True
Heuristics-based Anti Virus software examines the behavior of a piece of software to determine if it is malicious. True False
True
Nmap is a very popular network scanner. True False
True
The purpose of encryption is to prevent unauthorized parties from accessing data. True False
True
