A defined way to breach the security of an IT system through a vulnerability” is the definition of which key cybersecurity term? • Exploit
A flaw, loophole, oversight, or error that can be exploited to violate system security policy.” Is the definition of which key cybersecurity term? • Vulnerability
A flood of maliciously generated packets swamp a receiver’s network interface preventing it from responding to legitimate traffic. This is characteristic of which form of attack? • A Denial of Service (DOS) attack
A large scale Denial of Service attack usually relies upon which of the following? • A botnet
A major metropolitan police department gets a warrant from a judge to hack into the computer of a suspected crime boss. A skilled penetration tester working for the department conducts the hack and retrieves incriminating evidence. What color hat does this officer wear? • A Gray hat
A person calls you at work and tells you he is a lawyer for your company and that you need to send him specific confidential company documents right away, or else! Assuming the caller is not really a lawyer for your company but a bad actor, what kind of attack is this? • A Social Engineering attack
A political motivation is often attributed to which type of actor? • Hactivist
A replay attack and a denial of service attack are examples of which? • Security architecture attack
About how many unfilled cybersecurity jobs are expected by the year 2022? • 1.8 million
According to a 2018 report by Domo, over what period of time do the following things occur: 49,380 videos are uploaded to Instagram, 25,000 gifs are sent on Facebook Messenger, 4.2 million videos are viewed on Snapchat and 473,400 tweets are sent on Twitter? • Every 1 minute
According to a Forbes Magazine study, the annual cost of cybercrime in the United States alone has reached how much? • $100B
According to the Vulnerability Assessment Methodology, Vulnerabilities are determined by which 2 factors? • Potential Impacts and Adaptive Capacity
Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it so, in anger, she deletes it without allowing its delivery to Bob. Which precept of the CIA Triad would have been violated? • Availability
Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it but forwards it on to Bob from an anonymous address she controls. Which precept of the CIA Triad would have been violated? • Integrity
Alice sends an unencrypted message to Bob but it is intercepted by Trudy. Trudy reads the message but does not in any way interfere with its content or delivery. Which precept of the CIA Triad would have been violated? • Confidentiality
An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack? • Advanced Persistent Threat
An event, natural or man-made, able to cause a negative impact to an organization.” Is the definition of which key cybersecurity term? • Threat
Antivirus software can be classified as which form of threat control? • Technical controls
Botnets can be used to orchestrate which form of attack? • All of the above
Cryptography, digital signatures, access controls and routing controls considered which? • Specific security mechanisms
Encrypting your email is an example of addressing which aspect of the CIA Triad? • Confidentiality
How would you classify a piece of malicious code designed collect data about a computer and its users and then report that back to a malicious actor? • Spyware
How would you classify a piece of malicious code designed to cause damage and spreads from one computer to another by attaching itself to files but requires human actions in order to replicate? • Virus
How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files? • Trojan Horse
If an organization responds to an intentional threat, that threat is now classified as what? • An attack
In addition to the movie War Games, what other event made the need for advanced cybersecurity apparent? • 9/11
In incident management, a data inventory, data classification and data management process are part of which key concept? • E-Discovery
In incident management, an event that has a negative impact on some aspect of the network or data is called what? • Incident
In John’s example of friends and enemies, what is the name used to refer to the intruder? • Trudy
In order for a network card (NIC) to engage in packet sniffing, it must be running in which mode? • Promiscuous
In the examples using Bob, Alice and Trudy, what aspect of cybersecurity is being illustrated? • The security of communication between Alice and Bob that risks interception by Trudy.
In the video Hacking organizations, which three (3) governments were called out as being active hackers? • Israel
• United States
• China
Jeff Crume described 5 challenges in security today Which three (3) of these are challenges because their numbers are increasing rapidly? • Threats
• Alerts
• Needed knowledge
Jeff Crume described five challenges in security today. Which two (2) of these are challenges because their numbers are decreasing? • Available analysis
• Available time
Managers in the Singapore office at your company can access documents that managers in other offices cannot access, nor can nonmanager employees in the Singapore office. Which 2 access criterial types were likely involved in setting this up? • Groups
• Physical location
Most cyber attacks come from which one of the following sources? • Internal factors, such as current and former employees.
Only the sender and intended receiver of a message can “understand” the message contents is an example of which basic security concept? • Confidentiality
Policies and training can be classified as which form of threat control? • Administrative controls
Protocol suppression, ID and authentication are examples of which? • Security Mechanism
Put yourself in others’ shoes – reframe the problem is an example of which of the 5 Key Skills of Critical Thinking? • Understand Context
The Critical Thinking Model presented places critical thinking at the overlap of which four (4) competencies? • Interpersonal skills and competencies.
• Critical thinking characteristics (attitudes & behaviors).
• Technical and experimental knowledge, intellectual skills and competencies.
• Technical skills and competencies.
The International Telecommunication Union (ITU) X.800 standard addresses which three (3) of the following topics? • Access Control
• Authentication
• Data Confidentiality
The motivation for more security in open systems is driven by which three (3) of the following factors? • Society’s increasing dependance on computers.
• The desire by a number of organizations to use OSI recommendations.
• The appearence of data protection legislation in several countries.
The purpose of security services includes which three (3) of the following? • Often replicate functions found in physical documents
• Enhance security of data processing systems and information transfer.
• Are intended to counter security attacks.
The sender and receiver of a message can positively identity each other’s identity is an example of which basic security concept? • Authentication
The use of digital signatures is an example of which concept? • Non-repudiation
The video Hacking organizations called out several countries with active government sponsored hacking operations in effect. Which one of these was among those named? • Israel
Traffic flow analysis is classified as which? • A passive attack
Trudy changes the meeting time in a message she intercepts from Alice before she forwards it on to Bob. This is a violation of which aspect of the CIA Triad? • Integrity
True or False: An application that runs on your computer without your authorization but does no damage to the system is not considered malware. • False
True or False: An individual hacks into a military computer and uses it to launch an attack on a target he personally dislikes. This is considered an act of cyberwarfare. • False
True or False: Authentication, Access Control and Data Confidentiality are all addressed by the ITU X.800 standard. • True
True or False: Only acts performed with intention to do harm can be classified as Organizational Threats • False
True or False: Passive attacks are easy to detect because the original messages are usually alterned or undelivered. • False
True or False: The accidental disclosure of confidential data by an employee is considered a legitimate organizational threat. • True
True or False: The accidental disclosure of confidential information by an employee is considered an attack. • False
True or False: While many countries are preparing their military for a future cyberwar, there have been no “cyber battles” to-date. • False
Trusted functionality, security labels, event detection and security audit trails are all considered which? • Pervasive security mechanisms
Trusted functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism? • Passive security mechanism
Vulnerabilities are weaknesses in a system that can be exploited. Which are the two (2) most common ways in which vulnerabilities are introduced to a system? • Many systems are shipped with known and unknown security holes, such as insecure default settings. • Many vulnerabilities occur as a result of misconfiguration by the system administrator.
What are the four (4) types of actors identified in the video A brief overview of types of actors and their motives? • Internal
• Hackers
• Hactivists
• Governments
What challenges are expected in the future? • All of the above
What was shown in the movie War Games that concerned President Reagan? • A teenager hacked into a Pentagon computer that was capable of launching nuclear weapons.
What were the three (3) main cybersecurity concerns arising from the 9 11 attacks?
/• How did this happen?
• Could an attack like this happen in the virtual world too?
• Who wrote the malware that took control of the 4 airplanes navigation systems?
Which aspect of a comprehensive approach to cybersecurity includes these items: classification, implementation steps, asset control and documentation? • Asset management
Which aspect of a comprehensive approach to cybersecurity includes these items: policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security? • Administrative controls
Which aspect of a comprehensive approach to cybersecurity includes these items: network infrastructure, endpoints, servers, identity management, vulnerability management, monitoring and logging? • Technical controls
Which aspect of a comprehensive approach to cybersecurity includes these items: evaluate, create teams, establish baselines, identify and model threats, identify use cases, identify risks, establish monitoring and control requirements? • Security program
Which countermeasure can be helpful in combating an IP Spoofing attack? • Ingress filtering
Which countermeasure should be used agains a host insertion attack? • All of the above.
Which four (4) of the following are known hacking organizations? • Syrian Electronic Army
• Fancy Bears
• Guardians of Peace
• Anonymous
Which hacker organization hacked into the Democratic National Convension and released Hillery Clinton’s emails? • Fancy Bears
Which is not one of the phases of the intrusion kill chain? • Activation
Which is the National Institute of Standards’ (NIST) definition of cybersecurity? • The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Which is the presenter, Kristin Dahl’s definition of Critical Thinking? • Critical thinking is the controlled, purposeful thinking directed toward a goal.
Which of the following is an example of a social engineering attack? • Calling an employee and telling him you are from IT support and must observe him logging into his corporate account.
Which of the following is considered a legitimate challenge to implementing a comprehensive cybersecurity solution? • All of the above
Which of the following measures can be used to counter a mapping attack? • All of the above.
Which of the following statements is True? • Passive attacks are hard to detect because the original message is delivered unchanged and can pass an integrity check.
Which of these common motivations is often attributed to a hactivist? • Political action and movements
Which of these hacks resulted in over 100 million credit card numbers being stolen? • 2015 Target Stores hack
Which of these is not a known hacking organization? • The Ponemon Institute
Which of three (3) these approaches could be used by hackers as part of a Business Email Compromise attack? • Attorney impersonation
• CEO Fraud, where CEO sends email to an employee
• Account compromise
Which security role would be responsible for conducting information security assessments for organizations, including analyzing events, alerts and alarms? • Information Security Analyst
Which social engineering attack involves a person instead of a system such as an email server? • Vishing
Which statement best describes access control? • Prevention of unauthorized use of a resource
Which statement best describes Authentication? • Assurance that the communicating entity is the one claimed
Which three (3) are components of the CIA Triad? • Integrity
• Availability
• Confidentiality
Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists? • NIST SP 800-42 Guidelines on Network Security Testing.
• Federal Financial Institutions Examination Council (EFFECT) Information Technology Examination.
• Open Source Security Testing Methodology Manual (OSSTMM).
Which three (3) factors make cybersecurity far more difficult now that it was in the past when you only needed to protect the computer? • Multiple different vendors, each supporting different technology and protocols • Mobile technology – everyone has a smartphone • Data protection – your data is everywhere
Which three (3) security challenges face today’s organizations? Which three (3) security challenges face today’s organizations? • Protection of enforcement structure can complicate solutions
• Solutions can be attacked themselves
• Security is not as simple as it seems
Which tool did Javier say was crucial to his work as a SOC analyst? • SIEM (Security Information and Event Management)
Which two (2) measures can be used to counter a Denial of Service (DOS) attack? • Use traceback to identify the source of the flooded packets.
• Implement a filter to remove flooded packets before they reach the host.
Which type of actor hacked the 2016 US Presidential Elections? • Government
Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives? • Black Hats
Which type of attack can be addressed using a switched Ethernet gateway and software on every host on your network that makes sure their NICs is not running in promiscuous mode • Packet Sniffing
Who are Alice, Bob and Trudy? • They are fictional characters used to illustrate how cryptography works.
Why are cyber attacks using SWIFT so dangerous? • SWIFT is the protocol used by all banks to transfer money
You fail to backup your files and then drop your laptop breaking it into many small pieces. You have just failed to address which aspect of the CIA Triad? • Availability

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 151

IS5403 QUIZ SOLUTIONS

Other Links:

See other websites for quiz:

Leave a ReplyCancel Reply