IS5403

1. Jeff Crume described 5 challenges in security today. Which three (3) of these are challenges because their numbers are increasing rapidly?

  1. Needed knowledge
  2. Threats
  3. Alerts

2. About how many unfilled cybersecurity jobs are expected by the year 2022?

  1. 1.8 million

3. Which is the National Institute of Standards’ (NIST) definition of cybersecurity?

  1.  The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

4. Which three (3) are components of the CIA Triad?

  1. Confidentiality
  2. Integrity
  3. Availability

5. “A flaw, loophole, oversight, or error that can be exploited to violate system security policy.” Is the definition of which key cybersecurity term?

  1. Vulnerability

6. “An event, natural or man-made, able to cause a negative impact to an organization.” Is the definition of which key cybersecurity term?

  1. Threat

7. Most cyber attacks come from which one of the following sources?

  1. Internal factors, such as current and former employees.

8. Vulnerabilities are weaknesses in a system that can be exploited. Which are the two (2) most common ways in which vulnerabilities are introduced to a system?

  1. Many vulnerabilities occur as a result of misconfiguration by the system administrator.
  2. Many systems are shipped with known and unknown security holes, such as insecure default settings.

9. Which security role would be responsible for conducting information security assessments for organizations, including analyzing events, alerts and alarms?

  1. Information Security Analyst

10. Which American president first recognized the need for a national policy on cybersecurity?

  1. Ronald Reagan

11. In addition to specific events, what other factor has led to an enhanced need for strong cybersecurity?

  1. Computing devices like PCs and smartphones are now used by a large majority of people.

12. Between 2010 and 2016 the number of new software vulnerabilities discovered during this 7-year period was in what range?

  1. 7000 to 10,000

13. An example of weaponizing a cybervulnerability is the use of the Stuxnet virus. Which attack by a government actor successfully used this virus?

  1. Stuxnet was used to disable uranium processing equipment in an Iranian nuclear facility.

14. Which three (3) factors make cybersecurity far more difficult now than it was in the past when you only needed to protect the computer?

  1. Data protection – your data is everywhere
  2. Mobile technology – everyone has a smartphone
  3. Multiple different vendors, each supporting different technology and protocols

15. Which aspect of a comprehensive approach to cybersecurity includes these items: classification, implementation steps, asset control and documentation?

  1. Asset management

16. Which aspect of a comprehensive approach to cybersecurity includes these items: policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security?

  1. Administrative controls

17. Which aspect of a comprehensive approach to cybersecurity includes these items: network infrastructure, endpoints, servers, identity management, vulnerability management, monitoring and logging?

  1. Technical controls

18. Which three (3) security challenges face today’s organizations?

  1. Solutions can be attacked themselves
  2. Protection of enforcement structure can complicate solutions
  3. Security is not as simple as it seems

19. In John’s example of friends and enemies, what is the name used to refer to the intruder?

  1. Trudy

20. Describe why comprehensive cybersecurity can be very complex to implement in reality.

  1. The laws of operation in cyberspace differ from those in the real world

21. Only the sender and intended receiver of a message can “understand” the message contents is an example of which basic security concept?

  1. Confidentiality

22. The sender and receiver of a message can positively identity each other’s identity is an example of which basic security concept?

  1. Authentication

23. Which is the presenter, Kristin Dahl’s definition of Critical Thinking?

  1. Critical thinking is the controlled, purposeful thinking directed toward a goal.

24. The Critical Thinking Model presented places critical thinking at the overlap of which four (4) competencies?

  1. Interpersonal skills and competencies.
  2. Technical skills and competencies.
  3. Theoretical and experimental knowledge, intellectual skills and competencies
  4. Critical thinking characteristics (attitudes & behaviors).

25. Put yourself in others’ shoes – reframe the problem is an example of which of the 5 Key Skills of Critical Thinking?

  1. Understand Context

26. What are the four (4) main types of actors identified in the video A brief overview of types of actors and their motives?

  1. Internal
  2. Hactivists
  3. Hackers
  4. Governments

28. Which of these common motivations is often attributed to a hactivist?

  1. Political action and movements

29. In the video Hacking organizations, which three (3) governments were called out as being active hackers?

  1. China
  2. United States
  3. Israel

30. Which four (4) of the following are known hacking organizations?

  1. Anonymous
  2. Syrian Electronic Army
  3. Fancy Bears
  4. Guardians of Peace

31. Which of these hacks resulted in over 100 million credit card numbers being stolen?

  1. 2015 Target Stores hack

32. Which of the following statements is True?

  1. Passive attacks are hard to detect because the original message is delivered unchanged and can pass an integrity check.

33. The purpose of security services includes which three (3) of the following?

  1. Are intended to counter security attacks.
  2. Often replicate functions found in physical documents
  3. Enhance security of data processing systems and information transfer.

34. Which statement best describes access control?

  1. Prevention of unauthorized use of a resource

35. The International Telecommunication Union (ITU) X.800 standard addresses which three (3) of the following topics?

  1. Data Confidentiality
  2. Access Control
  3. Authentication

36. Protocol suppression, ID and authentication are examples of which?

  1. Security Mechanism

37. The motivation for more security in open systems is driven by which three (3) of the following factors?

  1. Society’s increasing dependance on computers.
  2. The appearence of data protection legislation in several countries.
  3. The desire by a number of organizations to use OSI recommendations.

38. True or False: The accidental disclosure of confidential data by an employee is considered a legitimate organizational threat

  1. True

39. True or False: The accidental disclosure of confidential information by an employee is considered an attack.

  1. False

40. A replay attack and a denial of service attack are examples of which?

  1. Security architecture attack

41. True or False: An application that runs on your computer without your authorization but does no damage to the system is not considered malware.

  1. False

42. How would you classify a piece of malicious code designed to cause damage and spreads from one computer to another by attaching itself to files but requires human actions in order to replicate?

  1. Virus

43. How would you classify a piece of malicious code designed collect data about a computer and its users and then report that back to a malicious actor?

  1. Spyware

44. A large scale Denial of Service attack usually relies upon which of the following?

  1. A botnet

45. Antivirus software can be classified as which form of threat control?

  1. Technical controls

46. Which of the following measures can be used to counter a mapping attack?

  1. All of the above.

47. In order for a network card (NIC) to engage in packet sniffing, it must be running in which mode?

  1. Promiscuous

48. Which countermeasure can be helpful in combating an IP Spoofing attack?

  1. Ingress filtering

49. Which two (2) measures can be used to counter a Denial of Service (DOS) attack?

  1. Implement a filter to remove flooded packets before they reach the host.
  2. Use traceback to identify the source of the flooded packets.

50. Which countermeasure should be used agains a host insertion attack?

  1. All of the above.

51. Which is not one of the phases of the intrusion kill chain?

  1. Which is not one of the phases of the intrusion kill chain?

52. Which social engineering attack involves a person instead of a system such as an email server?

  1. Vishing

53. Which of the following is an example of a social engineering attack?

  1. Calling an employee and telling him you are from IT support and must observe him logging into his corporate account.

54. True or False: While many countries are preparing their military for a future cyberwar, there have been no “cyber battles” to-date.

  1. False

55. Which tool did Javier say was crucial to his work as a SOC analyst?

  1. SIEM (Security Information and Event Management)

56. Encrypting your email is an example of addressing which aspect of the CIA Triad?

  1. Confidentiality

57. You fail to backup your files and then drop your laptop breaking it into many small pieces. You have just failed to address which aspect of the CIA Triad?

  1. Availability

58. The use of digital signatures is an example of which concept?

  1. Non-repudiation

59. Trudy forwards a message from Alice to Bob, but changes the timestamp on Alice’s message before sending it to make it look like it came in later. This is a violation of which aspect of the CIA Triad?

  1. Integrity

60. Managers in the Singapore office at your company can access documents that managers in other offices cannot access, nor can non-manager employees in the Singapore office. Which two (2) access criteria types were likely involved in setting this up?

  1. Physical location
  2. Groups

61. In incident management, an event that has a negative impact on some aspect of the network or data is called what?

  1. Incident

62. In incident management, a data inventory, data classification and data management process are part of which key concept?

  1. E-Discovery

63. Which phase of the Incident Response Process do steps like Identify cyber security incident, Define objectives and investigate situation and Take appropriate action fall into?

  1. Phase 2: Respond

64. In the context of security standards and compliance, which two (2) of these items are goals of frameworks and best practices?

  1. They help translate the business needs into technical or operational needs.
  2. They seek to improve performance, controls and metrics.

65. A company document that says employees may not do online shopping while at work would be which of the following?

  1. Policy

66. Which three (3) of these are compliance standards that must be adhered to by companies is some industries / countries?

  1. SOX
  2. HIPPA 
  3. PCI/DSS

67. A method of evaluating computer and network security by simulating an attack on a computer system or network from external or internal threats is know as which of the following?

  1. A pentest

68. The OWASP “Top 10” provides guidance on what

  1. The top 10 application vulnerabilities reported each year.

69 Firewalls contribute to the security of your network in which three (3) ways?

  1. Prevent Denial of Service (DOS) attacks.
  2. Allow only authorized access to inside the network.
  3. Prevent unauthorized modifications to internal data from an outside actor.

70. Which packets are selected for inspection by a packet filtering firewall?

  1. Every packet entering or leaving a network.

71. True or False: Application Gateways are an effective way to control which individuals can establish telnet connections through the gateway.

  1. True

72. Why are XML gateways used?

  1. XML traffic passes through conventional firewalls without inspection.

73. Which three (3) things are True about Stateless firewalls?

  1. They are faster than Stateful firewalls.
  2. They are also known as packet-filtering firewalls.
  3. They filter packets based upon Layer 3 and 4 information only (IP address and Port number)

74. True or False: Most Antivirus/Antimalware software works by comparing each file encountered on your system against a compressed (zipped) version of known malware maintained by the vendor on the local host.

  1. False

75. How many unique encryption keys are required for 2 people to exchange a series of messages using asymmetric public key cryptogrophy?

  1. 4

76. What is Cryptographic Strength?

  1. All of the above.

78. What is the primary difference between Symmetric and Asymmetric encryption?

  1. The same key is used to both encrypt and decrypt the message.

79. Which type of cryptographic attack is characterized by an attack based upon trial and error where many millions of keys may be attempted in order to break the encrypted message?

  1. Brute force

80. What is the correct sequence of steps required for Alice to send a message to Bob using asymmetric encryption?

  1. Alice requests Bob’s public key and uses it to encrypt her message. Alice then sends the encrypted message to Bob who decrypts it using his private key.

81. A skilled penetration tester wants to show her employer how smart she is in hopes of getting a promotion. Without obtaining permission, she hacks into the company’s new online store to see if there are any weaknesses that can be hardened before the system goes live. She does not do any damage and writes a useful report which she sends over her boss’s head to the CISO. What color hat was she wearing?

A) A Gray Hat

82. Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?

  1. NIST SP 800-42 Guidelines on Network Security Testing.
  2. Open Source Security Testing Methodology Manual (OSSTMM).
  3. Information Systems Security Assessment Framework (ISSAF)

83. According to the Vulnerability Assessment Methodology, Potential Impacts are determined by which 2 factors?

  1. Exposure and Sensitivity

85. In digital forensics, the term Chain of Custody refers to what?

  1. The record that documents the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence.

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 397

Leave a Reply

Your email address will not be published. Required fields are marked *