Cyber Security II
What best describes vulnerabilities? Select one: a. The amount of risk that remains after steps have been taken to mitigate risk b. Any type of activity or event that can result in a loss of C.I.A. c. A flaw or weakness in system security procedures, design, implementation, or internal controls d. Net negative impact of the exercise of a vulnerability
A flaw or weakness in system security procedures, design, implementation, or internal controls
Which choice describes the main difference between risk management and risk assessments? Select one: a. Risk management is a point-in-time event, while a risk assessment is a continuing process. b. A risk assessment is a point-in-time event, while risk management is an continuing process. c. Risk assessments are comprehensive in scope, while risk management is concentrated on a specific system. d. Risk assessment is one part of an overall risk management strategy for an organization.
A risk assessment is a point-in-time event, while risk management is an continuing process.
What is Kerberos? Select one: a. A security model by MAC. b. A three-headed dog of Hades. c. A remote authentication protocol for dial in to server. d. A trusted third-party authentication protocol.
A trusted third-party authentication protocol.
Which process is needed to operate the system in the company? Select one: a. Certification process b. Accreditation process c. Quality control process d. Configuration process
Accreditation process
Which best describes IPS compared to IDS? Select one: a. An inline monitoring system that can modify the environment to block an attack b. A system used to analyze vulnerabilities aganist a host machine c. An active device that detects and alertsd administrators d. A passive device that detects and alertsd administrators
An active device that detects and alertsd administrators
What best describes threats? Select one: a. A flaw or weakness in system security procedures, design, implementation, or internal controls b. Any type of activity or event that can result in a loss of C.I.A. c. The amount of risk that remains after steps have been taken to mitigate risk d. Net negative impact of the exercise of a vulnerability
Any type of activity or event that can result in a loss of C.I.A.
If an organization wants to implement a policy to define how long long archives and other data are kept Select one: a. Data loss prevention b. Storage media c. Transmission d. Archiving and Retention Requirements
Archiving and Retention Requirements
Of the following, which management is needed to manage the hardware and software items in your company? Select one: a. Risk management b. Asset management c. Software management d. Project management
Asset management
________created by one or more logs that track events occurring on a system or network Select one: a. Clipping levels b. Audit Trails c. Auditing with Logs d. Accountability e. security audit
Audit Trails
________ used to record details such as who, what, when, and where for any events of interest Select one: a. Clipping levels b. security audit c. Audit Trails d. Accountability e. Auditing with Logs
Auditing with Logs
When a company decide to block access to FaceBook completely. What risk management strategy are they using? Select one: a. Transfer b. Avoid c. Mitigate d. Accept
Avoid
Investigator uses which method to create an image of a drive for forensics investigation? Select one: a. Hashing b. Bit copy tool c. Diskcopy command d. Xcopy
Bit copy tool
______ used to generate alerts when the threshold is exceeded Select one: a. security audit b. Auditing with Logs c. Accountability d. Audit Trails e. Clipping levels
Clipping levels
Of the following, which is the first phase of forensics investigation process? Select one: a. Reporting b. Examination c. Analysis d. Collection
Collection
An individual is dishonest or unethical and using a computer in an unauthorized manner is considered as? a. Cyber Stalking b. Net Crime c. Computer abuse d. Cyber Terrorism e. Computer crime
Computer abuse
Which of the following data needs to be most protected? Select one: a. Public b. Sensitive c. Private d. Confidential
Confidential
_______ is the practice of ensuring that systems are configured with security in mind Select one: a. Change management b. Project management c. Configuration management d. Group policy
Configuration management
Common among adults is to use of the Internet to harass another person is called? Select one: a. Cyber Stalking b. Net Crime c. Cyber bullying d. Cyber Terrorism e. Cyber Warfare
Cyber Stalking
He uses the Internet to attack a victim through harassment, coercion, or intimidation is an example of? Select one: a. Cyber bullying b. Cyber Terrorism c. Cyber Warfare d. Net Crime e. Cyber Stalking
Cyber bullying
According to discretionary access control model, which entity is authorized to grant access to other users? Select one: a. Group Lead b. Data Owner c. Security Supervisor d. Boss
Data Owner
The procedure to secure data moving in a media is called? Select one: a. Data at process b. Data at rest c. Data at execution d. Data at motion
Data at motion
The ability of hackers to gain knowledge by piecing together unclassified data to determine classified or secret information is called? Select one: a. Data acquisition b. Data inference c. Data collection d. Data analysis
Data inference
If a company wants to ensure that a file is only stored once on a system. Which policy you would recommend? Select one: a. Data loss prevention b. Archiving and Retention Requirements c. Storage media d. Transmission e. Deduplication
Deduplication
What is the purpose of tunneling protocol? Select one: a. Encapsulate data b. Allow dial-in c. None of the above d. Speed up data transfer
Encapsulate data
_____________are controls implemented to protect against risks from USB devices, mobile phones, thin clients, and virtualization Select one: a. Firewall b. AV c. Endpoint devices d. IDS
Endpoint devices
A fault tolerance for one or more servers is called Select one: a. Failover cluster b. RAID 10 c. Load balance d. Dual CPUs
Failover cluster
Which application can be used to detect intrusion on the host machine? Select one: a. AV software b. HIDS c. HIPS d. NIDS
HIDS
Which Protocol is used to protect data in motion? Select one: a. IPsec b. SMTP c. SFTP d. L2T
IPsec
Which protocol can be used by itself as a tunneling? Select one: a. IPsec b. SSH c. L2TP d. MPPE
IPsec
The process of submitting a user name is called? Select one: a. Accounting b. Accountability c. Identification d. Authentication
Identification
The purpose of system hardening is to Select one: a. Implement configuration management b. Increase the security of the operating system c. Document changes to operating system d. Increase policy awareness
Increase the security of the operating system
What is the main concern with using the single sign-on? Select one: a. Increases the unauthorized access if a password is revealed b. The security administrator's assignment would increase c. Makes it hard to remember passwords d. Access rights of users would be decreased
Increases the unauthorized access if a password is revealed
Which protocol doesn't encrypt the traffic itself? Select one: a. MPPE b. L2TP c. IPsec d. SSH
L2TP
How can you control call forwarding in your phone system? Select one: a. Setup a password on the phone system b. Limit which phone numbers can use this feature c. Stop all long distance calls d. Restrict long distance calls
Limit which phone numbers can use this feature
The company decided to install several technical controls in their system. What risk management strategy are they using? Select one: a. Transfer b. Accept c. Avoid d. Mitigate
Mitigate
SEMs are designed to do: Select one: a. Update the vulnerabilities database b. Identifies lists of applications installed on the system c. To give administratorts an opportunity to perform vulnerability tests d. Monitoring an enterprise for security events
Monitoring an enterprise for security events
What makes MS-CHAP v2 better than MS-CHAP? Select one: a. Use of a nonce b. Mutual authentication c. Support for biometrics d. Use of certificates
Mutual authentication
____________ is used to control which clients are granted access to a network based on the health status. Select one: a. Firewall b. NAC c. Radius d. IDS
NAC
Which application can be used to detect intrusion on the network? Select one: a. NIDS b. AV software c. HIDS d. HIPS
NIDS
If the cost of the control is significantly lower than the losses without the control, then the cost of control is? Select one: a. Justified b. Requires further investigation c. Maybe justified d. Not justified
Not justified
Health is defined by criteria such as (Choose more than one answer) Select one or more: a. OS is up-to-date b. User can login c. firewall enabled d. Quarantine is enabled e. up-to-date antivirus
OS is up-to-date firewall enabled up-to-date antivirus
As a security professional, you were asked to perform a vulnerability assessment, what is your first step before starting the process? Select one: a. Collect all documentations b. List all discovered vulnerabilities c. Obtain permission from the business owner d. Perform discovery on the network
Obtain permission from the business owner
The purpose of order of volatility is to Select one: a. Examining volatile data first b. Obtaining volatile data first c. Examining non-volatile data first d. Obtaining non-volatile data first
Obtaining volatile data first
Which control can be used to prevent password sniffing attacks from occuring? Select one: a. Static and repeated passwords b. Encryption and frequent passwords c. Static and one-time password d. One-time passwords and encryption
One-time passwords and encryption
A good example of nontechnical control is? Select one: a. Policy b. Firewall c. IDS d. IPS
Policy
Chain of custody is used to: Select one: a. Get permission from my boss b. Proof that evidence has been protected c. The amount of effort required to acquire different data sources d. Data collection method
Proof that evidence has been protected
Of the following choices, what deserves the lowest level of protection based commercial companies' standards? Select one: a. Sensitive b. Private c. Public d. Confidential
Public
A company using a numerical-based risk analysis to locate risks. What type of risk analysis is this? Select one: a. Qualitative analysis b. Total cost of ownership c. Return on investment d. Quantitative analysis
Quantitative analysis
uses two or more drives in an array and uses striping without parity Select one: a. RAID 1 b. RAID 0 c. RAID 10 d. RAID 5
RAID 0
__________ uses two disks only to provide data protection Select one: a. RAID 10 b. RAID 0 c. RAID 5 d. RAID 1
RAID 1
_________uses three or more drives in an array and uses striping with parity Select one: a. RAID 5 b. RAID 0 c. RAID 1 d. RAID 10
RAID 5
When the costs and savings are about the same, then we need to implement________________ to determine whether the cost is justified Select one: a. ROI b. NDB c. SLA d. RFI
ROI
The last step in vulnerability assessment is? Select one: a. Document vulnerabilities b. Analyze results c. Remediate d. Discovery
Remediate
What is the acronym for RADUIS? Select one: a. Remote Authentication Dialing User System b. Remote Authentication Dial-in User Service c. Remote Access Dial-in User System d. Roaming Access Dial-in User Service
Remote Authentication Dial-in User Service
Kerberos can prevent which one of the following attacks? Select one: a. Tunneling attack b. Replay attack c. Procedure attack d. Negative attack
Replay attack
Of the following, which is the last phase of forensics investigation? Select one: a. Collection b. Analysis c. Examination d. Reporting
Reporting
Which regulatory requirements mandate specific protections for data related to publicly held companies? Select one: a. SOX b. PII c. HIPPA d. SCACS
SOX
Which protocol is needed to provide a secure VoIP communication? Select one: a. NAC b. TACACS c. SRTP d. PSTN
SRTP
Which one of the following represents an ALE calculation? Select one: a. Single loss expectancy x annualized rate of occurrence. b. Asset value x loss expectancy. c. Gross loss expectancy x loss frequency. d. actual spare cost
Single loss expectancy x annualized rate of occurrence.
___________ refer to mandatory activities, actions, or rules Select one: a. Procedures b. Policy c. Standards d. Guidelines
Standards
What best describes residual risk? Select one: a. The amount of risk that remains after steps have been taken to mitigate risk. b. Any type of activity or event that can result in a loss of C.I.A. c. A flaw or weakness in system security procedures, design, implementation, or internal controls d. Net negative impact of the exercise of a vulnerability
The amount of risk that remains after steps have been taken to mitigate risk.
How do you describe the purpose of examination in forensics investigation? Select one: a. The analyst develops a plan that prioritizes the sources, establishing the order in which the data should be acquired b. The investigator starts assessing and extracting the relevant pieces of information from the composed data while protecting its integrity c. The investigator collects data related to the event identified following by labeling, recording and integrity preservation d. The investigator searches for the evidence and begins investigation immediately
The investigator collects data related to the event identified following by labeling, recording and integrity preservation
How do you describe the purpose of assembly of data in forensics investigation? Select one: a. The analyst should create a plan that prioritizes the sources, establishing the order in which the data should be acquired b. The investigator collects data related to the event identified following by labeling, recording and integrity preservation c. The investigators collect the evidence and begin investigation immediately d. The investigator should start assessing and extracting the relevant pieces of information from the composed data while protecting its integrity
The investigator should start assessing and extracting the relevant pieces of information from the composed data while protecting its integrity
When a company decides to buy insurance to deal with any losses, which one of the following is being applied? Select one: a. Mitigate b. Accept c. Avoid d. Transfer
Transfer
Which mode encrypts and encapsulates the entire packet? Select one: a. Encryption mode b. Hidden mode c. Transport mode d. Tunnel mode
Tunnel mode
Discretionary Access Controls (DAC) are: Select one: a. Less flexible than mandatory access controls. b. Concerned with information flow. c. Based upon security labels. d. Widely used in commercial environments.
Widely used in commercial environments.
Which of the following is not part of logical access security? Select one: a. username b. cipher locks c. passwords. d. access profiles
cipher locks
Mandatory Access control requires attaching labels to all objects. Which is considered as objects? Select one: a. devices, processes and I/O pipe b. files, directories, sockets and processes c. files, directories, and print queue d. users, programs and windows
files, directories, and print queue
Preventive controls are used to Select one: a. takes action to reverse the effects of an event b. identify the event either as it is occurring or after it has occurred c. focused on stopping losses due to risks d. focused on reducing losses due to risks to an acceptable level
focused on stopping losses due to risks
The purpose of DRP is to Select one: a. help an organization prepare for emergencies that can interrupt the mission of the business b. Document changes to operating system c. identifies steps to recover critical systems d. Increase policy awareness
identifies steps to recover critical systems
Detective controls are used to Select one: a. focused on reducing losses due to risks to an acceptable level b. focused on stopping losses due to risks c. identify the event either as it is occurring or after it has occurred d. takes action to reverse the effects of an event
identify the event either as it is occurring or after it has occurred
What is the definition of control? Select one: a. A preventive method used to implement firewall to stop attackers b. A corrective method used to correct security violations c. means, methods, actions, techniques, processes, procedures, or devices that reduce the vulnerability of a system d. means, methods, actions, techniques, processes, procedures, or devices to stop attackers for starting an attack against the system
means, methods, actions, techniques, processes, procedures, or devices that reduce the vulnerability of a system
__________examines an organization's practices and operations to determine whether they conform to the organization's policies or applicable laws Select one: a. Accountability b. security audit c. Audit Trails d. Auditing with Logs e. Clipping levels
security audit
Corrective controls are used to Select one: a. focused on stopping losses due to risks b. takes action to reverse the effects of an event c. focused on reducing losses due to risks to an acceptable level d. identify the event either as it is occurring or after it has occurred
takes action to reverse the effects of an event
There are three ways to authenticate to the computer security software are by something you know, something you are, and something: Select one: a. your essential b. you have c. you can become d. Non-trivial
you have
