IS5403 QUIZ

  1. “A defined way to breach the security of an IT system through a vulnerability” is the definition of which key cybersecurity term?   Exploit
  2. “A flaw, loophole, oversight, or error that can be exploited to violate system security policy.” Is the definition of which key cybersecurity term?   Vulnerability
  3. “A situation involving exposure to a danger.” Is the definition of which key cybersecurity term?   Risk
  4. “An event, natural or man-made, able to cause a negative impact to an organization.” Is the definition of which key cybersecurity term?   Threat
  5. A large scale Denial of Service attack usually relies upon which of the following?   A botnet
  6. A major metropolitan police department gets a warrant from a judge to hack into the computer of a suspected crime boss. A skilled penetration tester working for the department conducts the hack and retrieves incriminating evidence. What color hat does this officer wear?   A Gray Hat
  7. A political motivation is often attributed to which type of actor?   Hactivist
  8. A replay attack and a denial of service attack are examples of which?   Security architecture attack
  9. About how many unfilled cybersecurity jobs are expected by the year 2022?   1.8 million
  10. According to a 2018 report by Domo, over what period of time do the following things occur: 49,380 videos are uploaded to Instagram, 25,000 gifs are sent on Facebook Messenger, 4.2 million videos are viewed on Snapchat and 473,400 tweets are sent on Twitter?   Every 1 minute
  11.  According to the Vulnerability Assessment Methodology, Vulnerabilities are determined by which 2 factors?   Potential Impacts and Adaptive Capacity
  12. Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it so, in anger, she deletes it without allowing its delivery to Bob. Which precept of the CIA Triad would have been violated?   Availability
  13. Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it but forwards it on to Bob from an anonymous address she controls. Which precept of the CIA Triad would have been violated?   Integrity
  14. Alice sends an unencrypted message to Bob but it is intercepted by Trudy. Trudy reads the message but does not in any way interfere with its content or delivery. Which precept of the CIA Triad would have been violated?   Confidentiality
  15. An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack?  Advanced Persistent Threat
  16. An example of weaponizing a cybervulnerability is the use of the Stuxnet virus. Which attack by a government actor successfully used this virus?   Stuxnet was used to disable uranium processing equipment in an Iranian nuclear facility.
  17. Antivirus software can be classified as which form of threat control?  Technical controls
  18. Between 2010 and 2016 the number of new software vulnerabilities discovered during this 7-year period was in what range?    7000 to 10,000
  19. Botnets can be used to orchestrate which form of attack?   All of the above
  20. Cryptography, digital signatures, access controls and routing controls considered which?  Specific security mechanisms
  21. Describe why comprehensive cybersecurity can be very complex to implement in reality.   Translation of simple business requirements into technical specifications and deployment decisions can be very difficult -The protection mechanism itself is subject to attack – Protectors have to be right all the time. Attackers only have to be right once.
  22.  functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism?   Passive security mechanism
  23. How would you classify a piece of malicious code designed collect data about a computer and its users and then report that back to a malicious actor?   Spyware
  24. How would you classify a piece of malicious code designed to cause damage and spreads from one computer to another by attaching itself to files but requires human actions in order to replicate?   Virus
  25. How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files?  Trojan Horse
  26. If an organization responds to an intentional threat, that threat is now classified as what?  An attack
  27.  In addition to specific events, what other factor has led to an enhanced need for strong cybersecurity?   Computing devices like PCs and smartphones are now used by a large majority of people.
  28.  In addition to the movie War Games, what other event made the need for advanced cybersecurity apparent?   9/11
  29.  In John’s example of friends and enemies, what is the name used to refer to the intruder?   Trudy
  30. In order for a network card (NIC) to engage in packet sniffing, it must be running in which mode?  Promiscuous
  31. In the examples using Bob, Alice and Trudy, what aspect of cybersecurity is being illustrated?   The security of communication between Alice and Bob that risks interception by Trudy.
  32. In the video Hacking organizations, which three (3) governments were called out as being active hackers?   Israel
    United States
    China
  33. Jeff Crume described 5 challenges in security today. Which three (3) of these are challenges because their numbers are increasing rapidly?   Threats
    Needed knowledge
    Alerts
  34. Jeff Crume described five challenges in security today. Which two (2) of these are challenges because their numbers are decreasing?   Available analysts
    Available time
  35. Most cyberattacks come from which one (1) of the following sources?   Internal factors, such as current and former employees.
  36. Protocol suppression, ID and authentication are examples of which?   Security Mechanism
  37. Put yourself in others’ shoes – reframe the problem is an example of which of the 5 Key Skills of Critical Thinking?   Understand Context
  38.  The Critical Thinking Model presented places critical thinking at the overlap of which four (4) competencies?   Interpersonal skills and competencies.
    Technical skills and competencies.
    Technical and experimental knowledge, intellectual skills and competencies.
    Critical thinking characteristics (attitudes & behaviors).
  39. The International Telecommunication Union (ITU) X.800 standard addresses which three (3) of the following topics?   Access Control
    Authentication
    Data Confidentiality
  40. The motivation for more security in open systems is driven by which three (3) of the following factors?   Society’s increasing dependance on computers.
    The desire by a number of organizations to use OSI recommendations.
    The appearence of data protection legislation in several countries.
  41. The purpose of security services includes which three (3) of the following? Often replicate functions found in physical documents
    Enhance security of data processing systems and information transfer.
    Are intended to counter security attacks.
  42. The sender and receiver of a message can positively identity each other’s identity is an example of which basic security concept?   Authentication
  43. The video Hacking organizations called out several countries with active government sponsored hacking operations in effect. Which one of these was among those named?  Israel
  44. to a Forbes Magazine study, the annual cost of cybercrime in the United States alone has reached how much?   $100B
  45. Traffic flow analysis is classified as which?   A passive attack
  46. Translation of simple business requirements into technical specifications and deployment decisions can be very difficult -The protection mechanism itself is subject to attack – Protectors have to be right all the time. Attackers only have to be right once.   Confidentiality
  47. True or False: An application that runs on your computer without your authorization but does no damage to the system is not considered malware.   False
  48. True or False: Authentication, Access Control and Data Confidentiality are all addressed by the ITU X.800 standard.   True
  49. True or False: Only acts performed with intention to do harm can be classified as Organizational Threats   False
  50. True or False: Passive attacks are easy to detect because the original messages are usually alterned or undelivered.   False
  51. True or False: The accidental disclosure of confidential data by an employee is considered a legitimate organizational threat.   True
  52. True or False: The accidental disclosure of confidential information by an employee is considered an attack.  False
  53. True or False: While many countries are preparing their military for a future cyberwar, there have been no “cyber battles” to-date.  False
  54.  Trusted functionality, security labels, event detection and security audit trails are all considered which?   Pervasive security mechanisms
  55. Vulnerabilities are weaknesses in a system that can be exploited. Which are the two (2) most common ways in which vulnerabilities are introduced to a system?   Many systems are shipped with known and unknown security holes, such as insecure default settings.
    Many vulnerabilities occur as a result of misconfiguration by the system administrator    .
  56. What are the four (4) types of actors identified in the video A brief overview of types of actors and their motives?   Internal
    Hackers
    Hactivists
    Governments
  57. What challenges are expected in the future?   All of the above
  58. What was shown in the movie War Games that concerned President Reagan?   A teenager hacked into a Pentagon computer that was capable of launching nuclear weapons.
  59. Which American president first recognized the need for a national policy on cybersecurity?   Ronald Reagan
  60. Which aspect of a comprehensive approach to cybersecurity includes these items: classification, implementation steps, asset control and documentation?   Asset management
  61. Which aspect of a comprehensive approach to cybersecurity includes these items: policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security?   Administrative controls
  62. Which aspect of a comprehensive approach to cybersecurity includes these items: network infrastructure, endpoints, servers, identity management, vulnerability management, monitoring and logging?   Technical controls
  63. Which aspect of a comprehensive approach to cybersecurity includes these items: evaluate, create teams, establish baselines, identify and model threats, identify use cases, identify risks, establish monitoring and control requirements?   Security program
  64. Which countermeasure can be helpful in combating an IP Spoofing attack?  Ingress filtering
  65. Which countermeasure should be used agains a host insertion attack?   All of the above.
  66. Which four (4) of the following are known hacking organizations?  Syrian Electronic Army
    Fancy Bears
    Guardians of Peace
    Anonymous
  67. Which hacker organization hacked into the Democratic National Convension and released Hillery Clinton’s emails?   Fancy Bears
  68. Which is not one of the phases of the intrusion kill chain?   Activation
  69. Which is the National Institute of Standards’ (NIST) definition of cybersecurity?  The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
  70. Which is the presenter, Kristin Dahl’s definition of Critical Thinking?    Critical thinking is the controlled, purposeful thinking directed toward a goal.
  71. Which of the following is an example of a social engineering attack?  Calling an employee and telling him you are from IT support and must observe him logging into his corporate account.
  72. Which of the following is considered a legitimate challenge to implementing a comprehensive cybersecurity solution?   All of the above
  73. Which of the following measures can be used to counter a mapping attack?  All of the above.
  74. Which of the following statements is True?   Passive attacks are hard to detect because the original message is delivered unchanged and can pass an integrity check.
  75. Which of these common motivations is often attributed to a hactivist?  Political action and movements
  76. Which of these hacks resulted in over 100 million credit card numbers being stolen?   2015 Target Stores hack
  77. Which of these is not a known hacking organization?  The Ponemon Institute
  78. Which of three (3) these approaches could be used by hackers as part of a Business Email Compromise attack?   Attorney impersonation
    CEO Fraud, where CEO sends email to an employee
    Account compromise
  79. Which security role would be responsible for conducting information security assessments for organizations, including analyzing events, alerts and alarms?   Information Security Analyst
  80. Which social engineering attack involves a person instead of a system such as an email server?  Vishing
  81. Which statement best describes access control?   Prevention of unauthorized use of a resource
  82. Which statement best describes Authentication?   Assurance that the communicating entity is the one claimed
  83. Which three (3) are components of the CIA Triad?   Integrity
    Confidentiality
    Availability
  84. Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?  NIST SP 800-42 Guidelines on Network Security Testing.
    Federal Financial Institutions Examination Council (EFIEC) Information Technology Examination.
    Open Source Security Testing Methodology Manual (OSSTMM).
  85. Which three (3) factors make cybersecurity far more difficult now that it was in the past when you only needed to protect the computer?   Mobile technology – everyone has a smartphone
    Data protection – your data is everywhere
    Multiple different vendors, each supporting different technology and protocols
  86. Which three (3) security challenges face today’s organizations?   Solutions can be attacked themselves
    Protection of enforcement structure can complicate solutions
    Security is not as simple as it seems
  87. Which tool did Javier say was crucial to his work as a SOC analyst?  SIEM (Security Information and Event Management)
  88. Which two (2) measures can be used to counter a Denial of Service (DOS) attack?   Use traceback to identify the source of the flooded packets.

    Implement a filter to remove flooded packets before they reach the host.
  89. Which type of actor hacked the 2016 US Presidential Elections?  Government
  90. Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives?   Black Hats
  91. Who are Alice, Bob and Trudy?   They are fictional characters used to illustrate how cryptography works.
  92. Why are cyber attacks using SWIFT so dangerous?   SWIFT is the protocol used by all banks to transfer money

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 126

Leave a Reply

Your email address will not be published. Required fields are marked *