CyberSecurity Midterm Study Questions (Quiz #1-5)

Ace your homework & exams now with Quizwiz!

The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium. True False

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks. True False

True

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using? Cross-site scripting Session hijacking SQL injection Typosquatting

Typosquatting

What is NOT a typical sign of virus activity on a system? Unexplained decrease in available disk space Unexpected error messages Unexpected power failures Sudden sluggishness of applications

Unexpected power failures

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? Vishing Urgency Whaling Authority

Urgency

Which one of the following is NOT a commonly accepted best practice for password security? Use at least six alphanumeric characters. Do not include usernames in passwords. Include a special character in passwords. Include a mixture of uppercase characters, lowercase characters, and numbers in passwords.

Use at least six alphanumeric characters.

Question 11 Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? Cracker White-hat hacker Black-hat hacker Grey-hat hacker

White-hat hacker

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? Whois Simple Network Management Protocol (SNMP) Ping Domain Name System (DNS)

Whois

What type of network connects systems over the largest geographic area? Wide area network (WAN) Metropolitan area network (MAN) Local area network (LAN) Storage area network (SAN)

Wide area network (WAN)

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve? Reduced operating costs Access to a high level of expertise Developing in-house talent Building internal knowledge

Access to a high level of expertise

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about? Identification Authentication Authorization Accountability

Accountability

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements? Applying security updates promptly Using encryption for communications Removing IoT devices from the network Turning IoT devices off when not in use

Applying security updates promptly

What is NOT a good practice for developing strong professional ethics? Set the example by demonstrating ethics in daily activities Encourage adopting ethical guidelines and standards Assume that information should be free Inform users through security awareness training

Assume that information should be free

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in? Monitor Audit Improve Secure

Audit

During which phase of the access control process does the system answer the question,"What can the requestor access?" Identification Authentication Authorization Accountability

Authorization

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? Identification Authentication Accountability Authorization

Authorization

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement? Privacy Bring Your Own Device (BYOD) Acceptable use Data classification

Bring Your Own Device (BYOD)

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? Dictionary attack Rainbow table attack Social engineering attack Brute-force attack

Brute-force attack

Which information security objective allows trusted entities to endorse information? Validation Authorization Certification Witnessing

Certification

Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs? Voice over IP (VoIP) Audio conferencing Video conferencing Collaboration

Collaboration

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message? Encryption Hashing Decryption Validation

Decryption

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit? Does the organization have an effective password policy? Does the firewall properly block unsolicited network connection attempts? Who grants approval for access requests? Is the password policy uniformly enforced?

Does the firewall properly block unsolicited network connection attempts?

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working? Application Presentation Session Data Link

Presentation

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Evil twin Wardriving Bluesnarfing Replay attack

Evil Twin

An attacker uses exploit software when wardialing. True False

False

Change doesn't create risk for a business. True False

False

Configuration changes can be made at any time during a system life cycle and no process is required. True False

False

Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks. True False

False

The auto industry has not yet implemented the Internet of Things (IoT). True False

False

The four central components of access control are users, resources, actions, and features. True False

False

The weakest link in the security of an IT infrastructure is the server. True False

False

You must always use the same algorithm to encrypt information and decrypt the same information. True False

False

David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use? Internet Small Computer System Interface (iSCSI) Fibre Channel (FC) Fibre Channel over Ethernet (FCoE) Secure Shell (SSH)

Fibre Channel over Ethernet (FCoE)

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? Firewall Hub Switch Router

Hub

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve? Confidentiality Integrity Authentication Nonrepudiation

Integrity

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? Confidentiality Integrity Availability Nonrepudiation

Integrity

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit? Is the level of security control suitable for the risk it addresses? Is the security control in the right place and working well? Is the security control effective in addressing the risk it was designed to address? Is the security control likely to become obsolete in the near future?

Is the security control likely to become obsolete in the near future?

Which one of the following measures the average amount of time that it takes to repair a system, application, or component? Uptime Mean time to failure (MTTF) Mean time to repair (MTTR) Recovery time objective (RTO)

Mean time to repair (MTTR)

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? Password protection Antivirus software Deactivating USB ports Vulnerability scanning

Password Protection

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? Polymorphic virus Stealth virus Cross-platform virus Multipartite virus

Polymorphic virus

Which approach to cryptography provides the strongest theoretical protection? Quantum cryptography Asymmetric cryptography Elliptic curve cryptography Classic cryptography

Quantum cryptography

Which formula is typically used to describe the components of information security risks? Risk = Likelihood X Vulnerability Risk = Threat X Vulnerability Risk = Threat X Likelihood Risk = Vulnerability X Cost

Risk = Threat X Vulnerability

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? Description of the risk Expected impact Risk survey results Mitigation steps

Risk survey results

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request? SOC 1 SOC 2 SOC 3 SOC 4

SOC 3

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network? Transmission Control Protocol/Internet Protocol (TCP/IP) Secure Sockets Layer (SSL) Domain Name System (DNS) Dynamic Host Configuration Protocol (DHCP)

Secure Sockets Layer (SSL)

Which of the following is not a Tenant of Information Systems Security Confidentiality Integrity Security Availability

Security

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type? Service level agreement (SLA) Blanket purchase agreement (BPA) Memorandum of understanding (MOU) Interconnection security agreement (ISA)

Service level agreement (SLA)

Which type of virus targets computer hardware and software startup functions? Hardware infector System infector File infector Data infector

System infector

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? Network IDS System integrity monitoring CCTV Data loss prevention

System integrity monitoring

An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident. True False

True

Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet. True False

True

Which term describes any action that could damage an asset? Risk Countermeasure Vulnerability Threat

Threat

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? Virus Worm Trojan horse Logic bomb

Trojan horse

An alteration threat violates information integrity. True False

True

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control. security kernel CPU memory co-processor

security kernel


Related study sets

Chapter 24: Management of Patients With Chronic Pulmonary Disease

View Set

Chapter 2 Quiz Types of Policies

View Set

Microeconomics Final Exam Review

View Set

Driver's Manual: Part 12, Driving Emergencies

View Set

CRMS Unit 3: Federalist vs. Antifederalists - Who would say that?

View Set

Organizational Behavior Ch.9/11 Quiz

View Set

chapter 4 - process costing - 201 -

View Set

Econ 102 - Iowa State - Amani - Midterm 3

View Set

NUR 211- Exam 2 Practice Questions

View Set

Chapter 6:Accountability and Legal Aspects of Nursing

View Set