Quiz 1 - 3 CS Course
Data in transit
A VPN service can be used for secure? (1.3.3.3: Securing Data in Transit)
To filter network traffic.
What is the primary purpose of a firewall? (1.3.4.5: Firewalls)
Kali
Which Linux distribution is specifically packaged for information security tasks such as security research or penetration testing?
Drivers
Which of the following is a Linux kernel-mode component? Sessions, Drivers, GNU Core Utilities (CLI), tty
Unpatched vulnerabilities
Which of the following is a common threat vector that occurs when software flaws are not addressed?
Active Directory (AD)
Which of the following terms provides a means to manage users and centralize network resource access management in Windows Environment? (1.5.2.2: Active Directory)
Nmap
Which tool can be used to scan and map computers on a network? (1.7.4.11: Tools of the Pentester)
Which state of data represents data that are actively being used?
Data in use
Reputation loss, financial impact, legal liability
How do breaches affect an organization? (1.1.4.4: How Breaches Affect an Organization)
Malicious activity aiming to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
How does the National Institute of Standards and Technology (NIST) define an 'attack' in the context of cybersecurity?
Select
In the risk management framework ,which phase of the framework involves determining the applicable controls needed to reduce business risk to an acceptable level?
Persistence
The Installation Phase related to Cyber Kill Chain, in most cases, represents? (1.7.3.1: Phases of the Cyber Kill Chain)
What is a common security issue in Linux systems?
Weak passwords, excessive superuser privileges, and vulnerabilities like unintended flaws that can be exploited.
Certification
What achievement is proof of technical knowledge backed by an industry-standard provider such as Microsoft or CompTIA?
Financial loss due to theft or destruction of data, Damage to reputation and loss of customer trust, Legal and regulatory penalties for non-compliance
What are some potential impacts of a cybersecurity breach? (1.1.4.6: Scale & Impact of a Breach)
Monitoring and filtering network traffic
What can be accomplished using a firewall?
Requiring more than one method of verification to access an account.
What does Multi-Factor Authentication (MFA) involve?
Preventing the unauthorized disclosure of sensitive information to protect sensitive data
What does confidentiality in cybersecurity specifically aim to protect?
Availability
What does the "A" in the CIA triad stand for? (1.2.3.0: Confidentiality, Integrity & Availability)
A set of rules and practices to manage user permissions and actions in a web application
What is Access Control as defined in the OWASP Top 10?
It offers robust functionality by closely with the operating system
What is a defining characteristic of a desktop application?
All of the above
What is a key driver for business investment in cybersecurity? Protection of company financial assets against cyber threats and potential breaches Assurance of operational continuity to prevent disruptions from cyber incidents Fulfillment of regulatory and compliance obligations related to information security
It has a folder-based file system.
What is a true statement about the Windows Operating System?
Software designed to help accomplish a task on a computer
What is an application in computing?
Password cracking
What is not considered a social engineering tactic? (1.7.4.1: Social Engineering Tactics)
Windows Defender ATP proactively seeks out misconfigured endpoints
What is one of the key functionalities of Windows Defender Advanced Threat Protection (ATP)?
A community-driven organization focused on application security
What is the Open Web Application Security Project (OWASP)?
Determine server purpose and requirements.
What is the first step to take when hardening a Linux system?
Creating new content from existing data
What is the primary focus of generative AI? (1.2.7.4: Generative AI)
Providing various IT solutions and services for business operations and customer support.
What is the primary function of Microsoft's Enterprise features, products, and services?
To separate internal networks from untrusted external traffic
What is the purpose of a demilitarized zone (DMZ)?
To verify network connectivity between hosts.
What is the purpose of the ping command? (1.3.1.6: Networking Command Examples)
Business continuity
What organizational plan is developed to deal with disasters and other difficult situations such as cyberattacks, outages, or supply chain failures? Correct answer:
Ethical hacker
What type of professional do organizations hire to legally hack into their networks and identify weak entry points?
On-path attack
Which attack allows an attacker sitting in between two stations to intercept information and sometimes to even change that information? (1.7.4.5: Well-Known Attacks)
ipconfig
Which command is used in Windows operating systems to display all current network configuration values, including IP addresses?
mkdir
Which command is used to create a new directory in the Linux operating system? (1.4.1.9: Linux Core Command Examples)
Segmentation
Which concept is used to divide a network into multiple zones? (1.3.4.1: Network Segmentation)
iptables
Which control enables the creation of rules that allow or block traffic?
Poor patch management
Which is a likely cause of the continued issues related to the EternalBlue vulnerability?
LAN Local Area Network
Which network infrastructure type connects users and end devices located in a small area such as an office building?
A hacker operates for moral and legal purposes.
Which of the following approaches would be considered as an ethical hacker? (1.2.4.9: Hacker Classifications)
Reviewing the LinkedIn profiles of target organizations' employees.
Which of the following definitions does not describe an active attack? (1.3.2.5: Passive vs. Active Attacks)
Market Share
Which of the following is NOT a standard term in cybersecurity terminology? Asset, Threat, Risk, Market Share
Convenience
Which of the following is NOT considered a factor of risk? Threat, Convenience, Cost, Mitigation
Data under investigation
Which of the following is not one of the three states of data? (1.3.3.0: Three States of Data)
Asset + vulnerability + threat = risk
Which of the following is the correct equation for risk? (1.2.2.0: Risk? What Is It?)
DoS
Which of the following options best describes an attack that renders a machine inaccessible to its intended users by flooding the target with traffic or sending it information that triggers a crash? (1.7.4.12: Well-Known Attacks)
Command and control (C2)
Which of the following options best describes the Lockheed Martin Cyber Kill Chain phase whereby the attacker opens and maintains a communication channel between the target and the attacker? (1.7.3.1: Phases of the Cyber Kill Chain)
Hardening
Which term best describes actions taken to increase infrastructure security?