Cyber Security Intro Class Exam

Ace your homework & exams now with Quizwiz!

What is the Open Web Application Security Project (OWASP)?

A community-driven organization focused on application security

Which of the following standards is most applicable to a company that utilizes any payment card for its operations?

PCI-DSS

What type of information could include addresses, date of birth, or social security numbers?

PII

Which duty is the primary focus of data loss prevention (DLP)?

Preventing unauthorized sharing of privileged information

What risk response or treatment approach has been adopted when an organization decides to purchase insurance?

Transfer

Local Area Network (LAN)

a computer network that covers a small area

Purple Team

1. A mode of penetration testing where red and blue teams share information and collaborate throughout the engagement. 2. Made up of both the blue and red teams to work together to maximize their cyber capabilities through continuous feedback and knowledge transfer between attackers and defenders.

Wide Area Network (WAN)

A network that connects devices in geographically separated areas. ex: the internet

Vulnerablity

A weakness that allows a threat agent to bypass security.

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

Supply Chain Attack

An attack that targets the end-to-end process of manufacturing, distributing, and handling goods and services.

zero-day attack

Attack between the time a software vulnerability is discovered and a patch to fix the problem is released.

What is application fuzzing?

Automated data is injected into an app to test response and security.

What organizational plan is developed to deal with disasters and other difficult situations such as cyber-attacks, outages, or supply chain failures?

Business Continuity

What achievement is proof of technical knowledge backed by an industry-standard provider such as Microsoft or CompTIA?

Certification

Which paired term is the primary security control deployed during the Identify and Plan stages of the SSDLC?

Communication and review

Which of the following network attacks causes a service to fail by flooding the target with traffic?

Denial of Service (DOS)

What is the first step to take when hardening a Linux system?

Determine server purpose and requirements

DDoS

Distributed Denial of Service

What type of professional is hired by organizations to legally hack into their networks and identify weak entry points?

Ethical Hacker

On-Path attack

Formerly known as man in the middle where the attacker redirects the victims traffic without there knowledge.

Which term best describes actions taken to increase infrastructure security?

Hardening

What is a true statement about the Linux Operating System?

It has an open-source file system

Which Linux distro is specifically packaged for information security tasks such as security research or penetration testing?

Kali

Which network infrastructure type connects users and end devices located in a small area such as an office building?

Local Area Network (LAN)

Red Team

Offensive side of cybersecurity. Provide security assessments outlining an organization's system defense efficacy and resilience.

Define PII

Personally Identifiable Information

Which is a likely cause of the continued issues related to the EternalBlue common vulnerabilities and exposures (CVE)?

Poor patch management

Which organizational security team is responsible for providing security assessments outlining an organization's system defense efficacy and resilience?

Red Team

The Risk Management Framework is a flexible risk-based approach that integrates security, privacy, and cyber supply chain risk management into the system development life cycle. Which phase of the framework involves determining the applicable controls needed to reduce business risk to an acceptable level?

Select

Which term refers to the idea of moving security earlier in the Secure Software Development Lifecycle (SSDLC) to avoid downstream bugs and vulnerabilities?

Shift Left

Which term best describes the main attack method used in the SolarWinds attack?

Supply-chain attack

Blue Team

The defensive team in a penetration test or incident response exercise.

What is the purpose of a Demilitarized Zone (DMZ)?

To separate internal networks from untrusted external traffic

Which term is the input vehicle for a server-side request forgery (SSRF) attack?

User-supplied URL

Server message block (SMB) exploitation. Define SMB. LIKELY NOT ON EXAM

a communication protocol used for shared access on resources (printers, files, serial ports etc.). So basically, SMB provides client applications a method of reading, writing, creating & deleting files on a remote server.

CIA

a fundamental cybersecurity model that acts as a foundation in the development of security policies designed to protect data. The three letters in CIA Triad stand for Confidentiality, Integrity, and Availability.

Ransomware

a type of malicious software designed to block access to a computer system until a sum of money is paid.

Which of the choices below best describes an attack resulting from an unknown vulnerability exploit or a known vulnerability without a current patch?

a. Patching Attack b. Zero-Day Attack c. Same-Day Attack d. Phishing

Denial of Service (DOS)

attack floods a network or server with service requests to prevent legitimate users' access to the system

Which state of data represents data that are actively being used? a. Data at rest b. Data in use c. Data in transit d. All of the above

b. Data in use

Which of the following is a Linux kernel-mode component? a. GNU Core Utilities (CLI) b. Drivers c. Sessions d. TTY

b. Drivers

Which of the following can be accomplished using a firewall? a. Configuring interfaces on a switch b. Monitoring and filtering network traffic c. Scanning for Buffer Overflow vulnerabilities in software d. Assigning IP addresses to external visitors

b. Monitoring and filtering network traffic

Which of the following is NOT considered a factor of risk? a. Mitigation b. Cost c. Convenience d. Threat

c. Convenience

What is a true statement about the Windows Operating System? a. It has a ring-topology file system b. It has an open-source file system c. It has a folder-based file system d. It has a tree-like file system

c. It has a folder-based file system

Which of the following is an identity associated with a session for proper access control? a. Password b. Group c. User Account d. None of the above

c. User Account

Which control enables the creation of rules that allow or block traffic?

iptables

Metropolitan Area Network (MAN)

network that spans a metropolitan area, usually a city and its major suburbs. Its geographic scope falls between a WAN and a LAN

Malware

software designed to infiltrate or damage a computer system without the user's informed consent

Exploit

to take advantage of


Related study sets

Chapter 2 financial statements and cash flow

View Set

W6: Motion In The Ocean/Ocean Conveyer Belt

View Set

AIPB, Mastering Adjusting Entries, Accrued Expenses (Liabilities)

View Set

Chapter 36 Osteoarthritis and Gout

View Set

Nursing Process and Critical Thinking

View Set

Modern Refrigeration & AC Chapter 15

View Set