CyberSecurity 1, 2, 3, 4, 5

Ace your homework & exams now with Quizwiz!

Which methods help to ensure data integrity? Checksum Version control Authorization Repudiation

Checksum Version control

______________ access involves steps taken to ensure that attacker can return to the system later to perform more damage.

Maintaining

What is the term for custom code tailored to achieve a desired effect on a system, such as a reverse shell?

Shellcode

What is the challenge associated with Symmetric Key encryption? a) Secure delivery of the key to trusted parties b) Not all operating systems support it c) It is too computatoinally intensive for most systems d) Secure delivery of the algorithm to trusted parties

a) Secure delivery of the key to trusted parties

What principle prevents the disclosure of information to unauthorized people, resources, and processes? a) confidentiality b) integrity c) availability d) nonrepudiation

a) confidentiality

What kind of backup requires the last FULL backup, and only the most recent back up since the full, to do a restore? a)Differential b)Segmented c)Incremental d)Full

a)Differential

Which is NOT an example of physical security? a)Firewall b)Door lock c)Closed Circuit Cameras d)Guard dog

a)Firewall

Which term is associated with AUTHORIZED testing of a system's vulnerabilities: a)Penetration Testing b)Hacking c)Scanning d)Risk

a)Penetration Testing

Which tool is a packet sniffer that can be used to listen to traffic on a network segment? a)Wireshark b)Nmap c)Linux d)SNMPWalk

a)Wireshark

Why does an organization need Cyber Security? (select all that apply) Question options: a. To protect the data the organization collects and uses b. To enable the safe operation of applications implemented on the organization's IT systems c. To protect the organization's ability to function d. To endanger the technology assets in use at the organization

a,b,c

A virus that has infected your computer system can (select answers that apply): a. Provide criminals with access to your computer and contact lists. b. Scan and find personal information like passwords on your computer. c. Delete your files. d. Annoy you with unwanted junk mail.

a. Provide criminals with access to your computer and contact lists. b. Scan and find personal information like passwords on your computer.

The purpose of a security attack is typically for the following reason(s) a. To gain unauthorized access b. To cause harm to people's assets c. To report people to the authorities d. To cause bodily harm to people

a. To gain unauthorized access b. To cause harm to people's assets

What are the three states of data? (select all that apply) a. at rest b. in-transit c. in-cloud d. in-process

a. at rest b. in-transit d. in-process

What are the three foundational principles of the cybersecurity domain? (select all that apply) a. availability b. confidentiality c. integrity d. encryption

a. availability b. confidentiality c. integrity

An untrained employee is what kind of a threat actor? a) Malicious insider b) Ignorant insider c)Hacker d)Cracker

b) Ignorant insider

What does the first dimension of the cybersecurity cube identify? Question 1 options: a) tools b) goals c) safeguards d) rules

b) goals

Which of the following is NOT a type of hacker? a)White hat b)Red hat c)Black hat d)Gray hat

b)Red hat

For the purpose of authentication, what methods are used to verify identity? (select all that apply) a. where you are b. what you have c. what you are d. what you know

b. what you have c. what you are d. what you know

Which attack method requires the use of very large text files to exploit a system? a)Debugger b)Network Scanner c)Password Cracker d)Reverse Engineering

c)Password Cracker

Some of the Common Frameworks include: a) International Standards Organization (ISO) b) National Institute for Standards and Technology (NIST) c) Control Objectives for Information and Related Technology (COBIT) d) All of the above

d

What service determines which resources a user can access along with the operations that a user can perform? a) accounting b) authentication c) biometric d) authorization

d) authorization *

Which of the following is an example of system hardening? a)Using complex passwords b)Putting a password on the BIOS c)Turning off unused services d)All of the above

d)All of the above

Which step of the hacker methodology is totally passive and involves no direct interaction with the target system? a)Maintaining access b)Privilege escalation c)Scanning and enumeration d)Reconnaissance

d)Reconnaissance

Which of the following is NOT an action an IPS would take to prevent an attack? a) Shut down a port b)Create a firewall rule c)Shut down a service d)Send a buffer overflow to the attacking system

d)Send a buffer overflow to the attacking system

A risk is the chance that a vulnerability on a system will be ___________.

exploited

A virus is a purposefully hidden malicious or damaging code within an authorized computer program. True False

false

Authentication is guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. True False

false

Containment is the means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management, or legal nature. True False

false

Cyber Terrorists are financially motivated and tries to steal your money. True False

false

Network Defense is generally easier than Network Offense because you have less threats to consider. True False

false

Security policies addresses how someone can connect to the organizations network from home or while traveling True False

false

System misconfigurations are not a threat to security of the company's computer systems True False

false

What is the most basic cyber defense tool?

firewall

A Cyber Security framework is a series of documented, agreed and understood policies, procedures, and processes. True False

true

A set of cybersecurity activities, desired outcomes, and applicable references is called a framework core. True False

true

A stateful firewall looks at network traffic in the context of other incoming network traffic. True False

true

A threat actor is a person or a system that causes a security attack. True False

true

IT certifications are used extensively in the IT industry to show that someone has a baseline of technical skills and are used by companies in hiring decisions. True False

true

People are the most important part of an effective security countermeasure operation. True False

true

Social Media sites such as facebook or twitter can be used to cause a security attack. True False

true

Spoofing often imitates a legitimate website to gather personal information. True False

true

Tactical Threat Intelligence tries to understand the Tactics, Techniques, and Procedures of threat actors. True False

true

The National Institute for Standards and Technology (NIST) develops tests, test methods, reference data, proof-of concept implementations, and technical analyses to advance the development and productive use of information technology. True False

true

The script kiddies are less savvy threat actors than the hackers True False

true

Two-factor authentication is the use of two independent mechanisms for authentication, (e.g., requiring a smart card and a password) typically the combination of something you know, are or have. True False

true

Using secure programming techniques when writing software is a good security best practice True False

true

A vulnerability is a weakness or flaw in a system that can be exploited. True False

True

Heuristics-based Anti Virus software examines the behavior of a piece of software to determine if it is malicious. True False

True

Nmap is a very popular network scanner. True False

True

The purpose of encryption is to prevent unauthorized parties from accessing data. True False

True


Related study sets

Economics Chapter 1, 2, and 3!!!!

View Set

Select the statements that explain marking and categorizing messages. Check all that apply.

View Set

CMGT 410 - Wk 5 - Apply: Post-Test

View Set

Unit 1 InQuizitive Assignment Government 2305

View Set

Chapter Test A Circular Motion and Gravitation

View Set

u.s. government and politics--unit 1

View Set

The Skeletal System- Chapter 7 Divisions of the Skeleton: Axial and Appendicular

View Set