Foundations of Cybersecurity

Ace your homework & exams now with Quizwiz!

What tool is used to lure an attacker so that an administrator can capture, log, and analyze the behavior of the attack?

Honeypot

What is the best method to avoid getting spyware on a machine?

Install software only from trusted websites.

What are two objectives of ensuring data integrity?

1) Data is not changed by unauthorized entities 2) Data is unaltered during transit.

What are two methods that ensure confidentiality?

1. Authentication 2. Encryption

What are two examples of administrative access controls?

1. Background checks 2. hiring practices

Which two tools used for incident detection can be used to detect anomalous behavior, to detect command and control traffic, and to detect infected hosts

1. Intrusion Detection System 2. NetFlow

What are three types of sensitive information?

1. PII 2. Classified 3. Business

For the purpose of authentication, what three methods are used to verify identity?

1. Something you are 2. Something you have 3. Something you know

What are two security implementations that use biometrics?

1. Voice Recognition 2. Fingerprint

What three tasks are accomplished by a comprehensive security policy?

1. defines legal consequences of violations 2. sets rules for expected behavior 3. gives security staff the backing of management

When describing malware, what is the difference between a virus and a worm?

A virus replicates itself by attaching to another file whereas a worm can replicate itself independently.

What does the acronym IoE represent?

Internet of Everything

Which are tactics used by a social engineer to obtain personal information from an unsuspecting target?

Intimidation

Which is a method to protect a computer from malware?

Keep software up to date

What is an example of an Internet data domain?

LinkedIn

Which is a common hash function?

MD5

programs processing and changing data, and equipment failures?

Modification

What name is given to a storage device connected to a network?

NAS

Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?

Open Authorization

A medical office employee sends emails to patients about recent patient visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?

Patient Records

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

Phishing

What is the best approach to prevent a compromised IoT device from maliciously accessing data and devices on a local network?

Place all IoT devices that have access to the Internet on an isolated network.

What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?

Privacy

What principle prevents the disclosure of information to unauthorized people, resources, and processes?

confidentiality

What action will an IDS take upon detection of malicious traffic?

create a network alert and log the detection

Which method helps to ensure data integrity?

Hashing

What service determines which resources a user can access along with the operations that a user can perform?

authorization

A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

availability

Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time?

block

Which of the following is one of the three states of data?

At rest

An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?

Bluesnarfing

What are the three foundational principles of the cybersecurity domain?

C.I.A (confidentiality, integrity, and availability)

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

Confidentiality

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

Cross-site scripting

What is the term used to describe the science of making and breaking secret codes?

Cryptology

The IT department is reporting that a company web server is receiving an abnormally high number of webpage requests from different locations simultaneously. Which type of security attack is occurring?

DDoS

What type of attack uses zombies?

DDoS

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

Deterrent

What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?

ECC

What type of attack targets an SQL database using the input field of a user?

SQL Injection

What name is given to an amateur hacker?

Script Kiddie

What is a method of sending information from one device to another using removable media?

Sneaker Net

A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?

Spyware

What type of cipher encrypts plaintext one byte or onebit at a time?

Stream Cipher

Which two reasons describe why Wired Equipment Privacy (WEP) is a weak protocol?

The key is static and repeats on a congested network.

True or False? An employee does something as a company representative with the knowledge of that company and this action is deemed illegal. The company would be legally responsible for this action.

True

What is a secure virtual network called that uses the public network?

VPN

What mechanism can organizations use to prevent accidental changes by authorized users?

Version Control

What is the difference between a virus and a worm?

Worms self-replicate but viruses do not.

What is the meaning of the term logic bomb?

a malicious program that hides itself in a legitimate program

What is an example of a Cyber Kill Chain?

a planned process of cyberattack

A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?

a type of ransomware

What does the term vulnerability mean?

a weakness that makes a target susceptible to an attack

What encryption algorithm uses one key to encrypt data and a different key to decrypt data?

asymmetric

For what purpose would a network administrator use the Nmap tool?

detection and identification of open ports

Thwarting cyber criminals includes which of the following?

establishing early warning systems

What term is used to describe the technology that replaces sensitive information with a non-sensitive version?

masking

Which stage of the kill chain used by attackers focuses on the identification and selection of targets?

reconnaissance

Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?

smishing

What is one main function of the Cisco Security Incident Response Team?

to ensure company, system, and data preservation

What is the main purpose of cyberwarfare?

to gain advantage over adversaries

Which term describes the technology that protects software from unauthorized access or modification?

watermarking


Related study sets

Chapter 03 Organization : Structure and Control

View Set

Data Structures and algorithms interview questions

View Set

BUS CH 9,10,14 concept questions

View Set

Chapter 7 Prioritizing Client Care; Leadership, Delegation, and Emergency Response Planning

View Set

Professional Military Knowledge Eligibility Exam (PMK-EE) for E-4: Naval Heritage

View Set