HW questions for cyber

Which of the following is NOT true about RATs? A RAT creates an opening into the victim's computer, allowing the threat actor unrestricted access. A RAT allows the attacker to not only monitor what the user is doing but also can change computer settings, browse and copy files, and even use the computer to access other computers connected on the network. A RAT gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols. A RAT and a worm have the same basic function.

A RAT and a worm have the same basic function.

Which of the following is NOT a technology used by spyware? Active tracking technologies Automatic download of software System-modifying software Tracking software

Active tracking technologies

Which of the following AAA elements is applied immediately after a user has logged into a computer with their username and password? Authorization Authentication Recording Identification

Authorization

What is a publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate? CR CX CB CA

CR

Which of the following is NOT a form of obfuscation? Tokenization Data masking Ciphering Steganography

Ciphering

Layla has encrypted a document so that it can only be viewed by those who have been provided the key. What protection has she given to this document? Confidentiality Authentication Obfuscation Integrity

Confidentiality

Serafina is studying to take the Security+ certification exam. Which of the following of the CIA elements ensures that only authorized parties can view protected information? Availability Credentiality Confidentiality Integrity

Confidentiality

Which specific type of control is intended to mitigate (lessen) damage caused by an attack? Compensating control Corrective control Restrictive control Preventive control

Corrective control

Which of the following is NOT a personal technique used by social engineering attackers to gain the trust of the victim? Use evasion and diversion. Demand compliance. Provide a reason. Project confidence.

Demand compliance.

Which of the following controls is NOT implemented before an attack occurs? Directive control Deterrent control Preventive control Detective control

Detective control

What is a technology used to associate a user's identity to a public key and has been digitally signed by a trusted third party? Digital certificate Digital codebook Digital signing repository (DSR) Digital signature

Digital certificate

Which control is designed to ensure that a particular outcome is achieved by providing incentives? Detective control Directive control Incentive control Deterrent control

Directive control

Which social engineering attack is masquerading as a real or fictitious character and then playing out the role of that person on a target? Pretending Impersonation Acting Pretexting

Impersonation

Zeinab has been asked by her supervisor to speak with an angry customer who claims that they never received notification of a change in the terms of service agreement. Zeinab learned that an automated "read receipt" was received, showing that the customer opened the email with the new terms of service outlined. What action will Zeinab now take regarding this customer? Nonrepudiation Obfuscation Repudiation Integrity

Nonrepudiation

Which of the following performs a real-time lookup of a certificate's status? Remote lookup protocol (RLP) Pinning OCSP Clipping

OCSP

Cillian is explaining to an intern why ransomware is considered to be the most serious malware threat. Which of the follow reasons would Cillian NOT give? Attacks from ransomware have a high impact on organizations. Ransomware attacks occur with a very high frequency. Launching a ransomware attack is relatively inexpensive and does not require a high degree of skill. Once a device is infected with ransomware, it will never function normally.

Once a device is infected with ransomware, it will never function normally.

Ville has been asked by his supervisor to review the contents of a questionable digital certificate. Which of the following would Ville NOT find in it? Owner's private key Serial number of the digital certificate Owner's name or alias Name of the issuer

Owner's private key

Which of the following is false about the CompTIA Security+ certification? Security+ is one of the most widely acclaimed security certifications. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. The Security+ certification is a vendor-neutral credential.

Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.

Who is responsible for verifying the credentials of an applicant for a digital certificate? CA Intermediate CSR CSR Registration authority

Registration authority

Ginevra is explaining to her roommate the relationship between security and convenience. Which statement most accurately indicates this relationship? Security and convenience are inversely proportional. Any proportions between security and convenience depends on the type of attack. Security and convenience have no relationship. Security and convenience are directly proportional.

Security and convenience are inversely proportional.

Vittoria is working on her computer information systems degree at a local college and has started researching information security positions. Because she has no prior experience, which of the following positions would Vittoria most likely be offered? Security administrator Security officer Security manager Security technician

Security technician

Tobias received an SMS text that falsely said his bank account was overdrawn and to avoid a $45 fee, he should contact the bank immediately with an explanation. What type of social engineering attack is this? Texting attack SMS phishing IM vectoring Smishing

Smishing

Which of the following creates the most secure ciphertext? Redundant function Sponge function Stream cipher Block cipher

Sponge function

Aaliyah wants to send a message to a friend, but she does not want anyone else to know that she is communicating with them. Which technique would she use? Steganography Ciphering Cryptography Encryption

Steganography

Which algorithm uses the same key to both encrypt and decrypt data? Symmetric cryptographic algorithm Pairwise keypair algorithm Hashing algorithm Asymmetric cryptographic algorithm

Symmetric cryptographic algorithm

Which of the following is NOT a means by which a person requesting a digital certificate can be authenticated? Employee badge Telephone number Birth certificate Email

Telephone number

Ansgar is studying how digital certificates can be used. Which of the following is NOT a use of a digital certificate To encrypt messages for secure email communications To encrypt channels to provide secure communication between clients and servers To verify the identity of clients and servers on the web To verify the authenticity of the CA

To verify the authenticity of the CA

Which of the following groups have the lowest level of technical knowledge for carrying out cyberattacks? Unskilled attackers Nation-state actors Hacktivists Organized crime

Unskilled attackers

Which of the following is sometimes called a "network virus" because it enters a computer to move through the network? Trojan Worm Fileless virus File-based virus

Worm

Which of the following is NOT a Microsoft Windows common LOLBin? Macro PowerShell DLR .NET Framework

DLR

What is the strongest technology that would assure Alice that Bob is the sender of a message? Digital certificate Digest Digital signature Encrypted signature

Digital certificate

What is false or inaccurate information that comes from a malicious intent? Misinformation Half-truths Varication Disinformation

Disinformation

What word is the currently accepted term that is used today to refer to network-connected hardware devices? Host Endpoint Device Client

Endpoint

Which of the following is NOT a type of data reconnaissance? Shoulder surfing Dumpster diving Excel dorking Purchasing used technology equipment

Excel dorking

Which of the following types of computer viruses is malicious computer code that becomes part of a file? Jump virus File-based virus Fileless virus RAM-Check virus

File-based virus

What is the attack surface of social engineering? Manipulation Persuasion Deception Human vectors

Human vectors

Bjorn just received a phone call in which the person claimed to be a senior vice president demanding that his password be reset, or else Bjorn's supervisor would be contacted about his lack of cooperation. Bjorn was convinced that this was a social engineering attack. Which principle of human manipulation did the attacker attempt on Bjorn? Fright Intimidation Authority Urgency

Intimidation

Which of the following is NOT a feature of blocking ransomware? A message on the user's screen appears pretending to be from a reputable third party. It prevents a user from using their computer in a normal fashion. It is the earliest form of ransomware. It can be defeated by a double power cycle.

It can be defeated by a double power cycle.

Finn's team leader has just texted him that an employee, who violated company policy by bringing in a file on a USB flash drive, has just reported that their computer is infected with locking ransomware. Why would Finn consider this a serious situation? The employee would have to wait at least an hour before their computer could be restored. The organization may be forced to pay up to $500 for the ransom. It can encrypt all files on any network that is connected to the employee's computer. It sets a precedent by encouraging other employees to violate company policy.

It can encrypt all files on any network that is connected to the employee's computer.

Alarik is explaining to a colleague about digital certificates. Which of the following statements would he use to correctly describe the need for digital certificates? It can speed up processing time when using a web browser. It can prove the ownership of a public key so that it cannot be abused. It can confirm the true identity of the sender of an encrypted message. It can replace digital signatures with a more robust technology

It can replace digital signatures with a more robust technology

Which of the following is NOT true about BEC? It takes advantage of electronically making payments or transferring funds. It is decreasing in popularity among threat actors. It takes advantage of the size and complexity of large enterprises. It is not limited to businesses

It is decreasing in popularity among threat actors.

Which of the following is NOT true about a root digital certificate? The next level down is one or more intermediate certificates. It is the endpoint of the chain. It is created and verified by a CA. It is self-signed.

It is the endpoint of the chain.

Which of the following is NOT correct about a one-time pad (OTP)? It was used during the Cold War. The recipient must have a copy of the pad to decrypt the message. It requires a cipher disk. It combines plaintext with a random key.

It requires a cipher disk.

Which of the following is NOT correct about "security through obscurity"? It is essentially impossible to achieve. Proprietary cryptographic algorithms are a common example. It attempts to hide its existence from outsiders. It should only be used as a general information security protection in extreme circumstances.

It should only be used as a general information security protection in extreme circumstances.

What is data called that is to be encrypted by inputting it into a cryptographic algorithm? Ciphertext Cleartext Byte-text Plaintext

Plaintext

What is the difference between a keylogger and spyware? Spyware can be installed using a hardware device while a keylogger cannot. Spyware typically secretly monitors users but unlike a keylogger makes no attempts to gather sensitive user keyboard input. Spyware is illegal while a keylogger is not. A keylogger operates much faster than spyware.

Spyware typically secretly monitors users but unlike a keylogger makes no attempts to gather sensitive user keyboard input.

Wolfgang-Cashman is a new intern at the online company WebHighSchoolStore.com. He has been assigned the task of researching all of the similar domain names to theirs in order to counteract attacks. What is Wolfgang-Cashman combating? Spimming Redactioning Typo squatting Mistranslations

Typo squatting

Albrecht received a call from a senior vice president of finance who had received a phishing email and had deleted it. What type of phishing attack was this? Phishing spear Harpooning Dolphining Whaling

Whaling

Karyme needs to select a hash algorithm that will produce the longest and most secure digest. Which would she choose? RipeMD160 SHA-256 XRA3-512 Whirlpool

Whirlpool

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. through products, people, and procedures on the devices that store, manipulate, and transmit the information on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network through a long-term process that results in ultimate security using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources

through products, people, and procedures on the devices that store, manipulate, and transmit the information