CyberSecurity Midterm Study Questions (Quiz #1-5)
The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium. True False
True
The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks. True False
True
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using? Cross-site scripting Session hijacking SQL injection Typosquatting
Typosquatting
What is NOT a typical sign of virus activity on a system? Unexplained decrease in available disk space Unexpected error messages Unexpected power failures Sudden sluggishness of applications
Unexpected power failures
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? Vishing Urgency Whaling Authority
Urgency
Which one of the following is NOT a commonly accepted best practice for password security? Use at least six alphanumeric characters. Do not include usernames in passwords. Include a special character in passwords. Include a mixture of uppercase characters, lowercase characters, and numbers in passwords.
Use at least six alphanumeric characters.
Question 11 Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? Cracker White-hat hacker Black-hat hacker Grey-hat hacker
White-hat hacker
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? Whois Simple Network Management Protocol (SNMP) Ping Domain Name System (DNS)
Whois
What type of network connects systems over the largest geographic area? Wide area network (WAN) Metropolitan area network (MAN) Local area network (LAN) Storage area network (SAN)
Wide area network (WAN)
Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve? Reduced operating costs Access to a high level of expertise Developing in-house talent Building internal knowledge
Access to a high level of expertise
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about? Identification Authentication Authorization Accountability
Accountability
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements? Applying security updates promptly Using encryption for communications Removing IoT devices from the network Turning IoT devices off when not in use
Applying security updates promptly
What is NOT a good practice for developing strong professional ethics? Set the example by demonstrating ethics in daily activities Encourage adopting ethical guidelines and standards Assume that information should be free Inform users through security awareness training
Assume that information should be free
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in? Monitor Audit Improve Secure
Audit
During which phase of the access control process does the system answer the question,"What can the requestor access?" Identification Authentication Authorization Accountability
Authorization
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? Identification Authentication Accountability Authorization
Authorization
Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement? Privacy Bring Your Own Device (BYOD) Acceptable use Data classification
Bring Your Own Device (BYOD)
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? Dictionary attack Rainbow table attack Social engineering attack Brute-force attack
Brute-force attack
Which information security objective allows trusted entities to endorse information? Validation Authorization Certification Witnessing
Certification
Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs? Voice over IP (VoIP) Audio conferencing Video conferencing Collaboration
Collaboration
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message? Encryption Hashing Decryption Validation
Decryption
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit? Does the organization have an effective password policy? Does the firewall properly block unsolicited network connection attempts? Who grants approval for access requests? Is the password policy uniformly enforced?
Does the firewall properly block unsolicited network connection attempts?
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working? Application Presentation Session Data Link
Presentation
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Evil twin Wardriving Bluesnarfing Replay attack
Evil Twin
An attacker uses exploit software when wardialing. True False
False
Change doesn't create risk for a business. True False
False
Configuration changes can be made at any time during a system life cycle and no process is required. True False
False
Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks. True False
False
The auto industry has not yet implemented the Internet of Things (IoT). True False
False
The four central components of access control are users, resources, actions, and features. True False
False
The weakest link in the security of an IT infrastructure is the server. True False
False
You must always use the same algorithm to encrypt information and decrypt the same information. True False
False
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use? Internet Small Computer System Interface (iSCSI) Fibre Channel (FC) Fibre Channel over Ethernet (FCoE) Secure Shell (SSH)
Fibre Channel over Ethernet (FCoE)
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? Firewall Hub Switch Router
Hub
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve? Confidentiality Integrity Authentication Nonrepudiation
Integrity
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? Confidentiality Integrity Availability Nonrepudiation
Integrity
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit? Is the level of security control suitable for the risk it addresses? Is the security control in the right place and working well? Is the security control effective in addressing the risk it was designed to address? Is the security control likely to become obsolete in the near future?
Is the security control likely to become obsolete in the near future?
Which one of the following measures the average amount of time that it takes to repair a system, application, or component? Uptime Mean time to failure (MTTF) Mean time to repair (MTTR) Recovery time objective (RTO)
Mean time to repair (MTTR)
Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? Password protection Antivirus software Deactivating USB ports Vulnerability scanning
Password Protection
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? Polymorphic virus Stealth virus Cross-platform virus Multipartite virus
Polymorphic virus
Which approach to cryptography provides the strongest theoretical protection? Quantum cryptography Asymmetric cryptography Elliptic curve cryptography Classic cryptography
Quantum cryptography
Which formula is typically used to describe the components of information security risks? Risk = Likelihood X Vulnerability Risk = Threat X Vulnerability Risk = Threat X Likelihood Risk = Vulnerability X Cost
Risk = Threat X Vulnerability
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? Description of the risk Expected impact Risk survey results Mitigation steps
Risk survey results
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request? SOC 1 SOC 2 SOC 3 SOC 4
SOC 3
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network? Transmission Control Protocol/Internet Protocol (TCP/IP) Secure Sockets Layer (SSL) Domain Name System (DNS) Dynamic Host Configuration Protocol (DHCP)
Secure Sockets Layer (SSL)
Which of the following is not a Tenant of Information Systems Security Confidentiality Integrity Security Availability
Security
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type? Service level agreement (SLA) Blanket purchase agreement (BPA) Memorandum of understanding (MOU) Interconnection security agreement (ISA)
Service level agreement (SLA)
Which type of virus targets computer hardware and software startup functions? Hardware infector System infector File infector Data infector
System infector
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? Network IDS System integrity monitoring CCTV Data loss prevention
System integrity monitoring
An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident. True False
True
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet. True False
True
Which term describes any action that could damage an asset? Risk Countermeasure Vulnerability Threat
Threat
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? Virus Worm Trojan horse Logic bomb
Trojan horse
An alteration threat violates information integrity. True False
True
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control. security kernel CPU memory co-processor
security kernel