cybersecurity final
What tool is used to lure an attacker so that an administrator can capture, log, and analyze the behavior of the attack?
Honeypot
What is the best method to avoid getting spyware on a machine?
Install software only from trusted websites.**
What is an example of "hacktivism"?
A group of environmentalists launch a denial of service attack against an oil company that is responsible for a large oil spill.
When describing malware, what is a difference between a virus and a worm?
A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
What three items are components of the CIA triad? (Choose three.)
Integrity & Confidentiality & Availability
What is a reason that internal security threats might cause greater damage to an organization than external security threats?
Internal users have direct access to the infrastructure devices
Which statement describes cyberwarfare?
It is Internet-based conflict that involves the penetration of information systems of other nations.
Which statement describes cybersecurity?
It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm.
Why do IoT devices pose a greater risk than other computing devices on a network?
Most IoT devices do not receive frequent firmware updates.
Which two tools used for incident detection can be used to detect anomalous behavior, to detect command and control traffic, and to detect infected hosts? (Choose two.)
NetFlow & intrusion detection system
Which tool is used to provide a list of open ports on network devices?
Nmap
The individual user profile on a social network site is an example of a/an ______________ identity
Online
Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?
Open Authorization
How can users working on a shared computer keep their personal browsing history hidden from other workers that may use this computer?
Operate the web browser in private browser mode.
A medical office employee sends emails to patients about recent patient visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?
Patient records
What is the best approach to prevent a compromised IoT device from maliciously accessing data and devices on a local network?
Place all IoT devices that have access to the Internet on an isolated network. **
Which method is used to check the integrity of data?
checksum
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
confidentiality
What action will an IDS take upon detection of malicious traffic?
create a network alert and log the detection
A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
availability
What is the best method to prevent Bluetooth from being exploited?
Always disable Bluetooth when it is not actively used.
Which example illustrates how malware might be concealed?
An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware.
How can a user prevent others from eavesdropping on network traffic when operating a PC on a public Wi-Fi hot spot?
Connect with a VPN service. **
The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?
DDoS
What type of attack uses zombies?
DDoS
What are two objectives of ensuring data integrity? (Choose two.)
Data is not changed by unauthorized entities. & Data is unaltered during transit.
A user is having difficulty remembering passwords for multiple online accounts. What is the best solution for the user to try?
Save the passwords in a centralized password manager program. **
Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
Snort
A consumer would like to print photographs stored on a cloud storage account using a third party online printing service. After successfully logging into the cloud account, the customer is automatically given access to the third party online printing service. What allowed this automatic authentication to occur?
The cloud storage service is an approved application for the online printing service.
In what way are zombies used in security attacks?
They are infected machines that carry out a DDoS attack.
An employee does something as a company representative with the knowledge of that company and this action is deemed illegal. The company would be legally responsible for this action.
True
What are three methods that can be used to ensure confidentiality of information? (Choose three.)
Two-factor authentication & Data encryption & Username ID and password
Which technology removes direct equipment and maintenance costs from the user for data backups?
a cloud service
What is an example of the a Cyber Kill Chain?
a planned process of cyberattack
Which type of technology can prevent malicious software from monitoring user activities, collecting personal information, and producing unwanted pop-up ads on a user computer?
antispyware
As data is being stored on a local hard disk, which method would secure the data from unauthorized access?
data encryption
For what purpose would a network administrator use the Nmap tool?
detection and identification of open ports
What is the motivation of a white hat attacker?
discovering weaknesses of networks and systems to improve the security level of these systems
Match the type of cyber attackers to the description. (Not all options are used.)
gather intelligence or commit sabotage on specific goals on behalf of their government- State-sponsored attackers make political statements in order to create an awareness of issues that are important to them- Hacktivists make political statements, or create fear, by causing physical or psychological damage to victims- Terrorists
A user is surfing the Internet using a laptop at a public WiFi cafe. What should be checked first when the user connects to the public network?
if the laptop requires user authentication for file and media sharing
Which two characteristics describe a worm? (Choose two.)
is self-replicating & travels to new computers without any intervention or knowledge of the user
What is the last stage of the Cyber Kill Chain framework?
malicious action
A network administrator is conducting a training session to office staff on how to create a strong and effective password. Which password would most likely take the longest for a malicious user to guess or break?
mk$$cittykat104#
Which type of attack allows an attacker to use a brute force approach?
password cracking
Which configuration on a wireless router is not considered to be adequate security for a wireless network?
prevent the broadcast of an SSID
Which stage of the kill chain used by attackers focuses on the identification and selection of targets?
reconnaissance
What is one main function of the Cisco Security Incident Response Team?
to ensure company, system, and data preservation
What is the main purpose of cyberwarfare?
to gain advantage over adversaries
What is the purpose of a rootkit?
to gain privileged access to a device while concealing itself
What is the most common goal of search engine optimization (SEO) poisoning?
to increase web traffic to malicious sites
What is the primary goal of a DoS attack?
to prevent the target server from being able to handle additional requests **
What are two security implementations that use biometrics? (Choose two.)
voice recognition & fingerprint