Chapter 1 Cybersecurity Fundamentals Flashcards

1
Q

Which of the following is a collection of industry standards and best practices to help organizations manage cybersecurity risks?

A. MITRE

B. NIST Cybersecurity Framework

C. ISO Cybersecurity Framework

D. CERT/cc

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_________ is any potential danger to an asset.

A. Vulnerability

B. Threat

C. Exploit

D. None of these answers is correct.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A ___________ is a weakness in the system design, implementation, software, or code, or the lack of a mechanism.

A.. Vulnerability

B. Threat

C. Exploit

D. None of these answers are correct.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is a piece of software, a tool, a technique, or a process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system?

A. Exploit

B. Reverse shell

C. Searchsploit

D. None of these answers is correct.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is referred to as the knowledge about an existing or emerging threat to assets, including networks and systems?

A. Exploits

B. Vulnerabilities

C. Threat assessment

D. Threat intelligence

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following are examples of malware attack and propagation mechanisms?

A. Master boot record infection

B. File infector

C. Macro infector

D. All of these answers are correct.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vulnerabilities are typically identified by a ___________.?

A. CVE

B. CVSS

C. PSIRT

D. None of these answers is correct.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SQL injection attacks can be divided into which of the following categories?

A. Blind SQL injection

B. Out-of-band SQL injection

C. In-band SQL injection

D. None of these answers is correct.

E. All of these answers are correct.

A

E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a type of vulnerability where the flaw is in a web application but the attack is against an end user (client)?

A. XXE

B. HTML injection

C. SQL injection

D. XSS

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is a way for an attacker to perform a session hijack attack?

A. Predicting session tokens

B. Session sniffing

C. Man-in-the-middle attack

D. Man-in-the-browser attack

E. All of these answers are correct.

A

E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A denial-of-service attack impacts which of the following?

A. Integrity

B. Availability

C. Confidentiality

D. None of these answers is correct.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following are examples of security mechanisms designed to preserve confidentiality?

A. Logical and physical access controls

B. Encryption

C. Controlled traffic routing

D. All of these answers are correct.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An attacker is able to manipulate the configuration of a router by stealing the administrator credential. This attack impacts which of the following?

A. Integrity

B. Session keys

C. Encryption

D. None of these answers is correct.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is a cloud deployment model?

A. Public cloud

B. Community cloud

C. Private cloud

D. All of these answers are correct.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following cloud models include all phases of the system development life cycle (SDLC) and can use application programming interfaces (APIs), website portals, or gateway software?

A. SaaS

B. PaaS

C. SDLC containers

D. None of these answers is correct.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is not a communications protocol used in IoT environments?

A. Zigbee

B. INSTEON

C. LoRaWAN

D. 802.1X

A

D

17
Q

Which of the following is an example of tools and methods to hack IoT devices?

A. UART debuggers

B. JTAG analyzers

C. IDA

D. Ghidra

E. All of these answers are correct.

A

E

18
Q

Which of the following is an adverse event that threatens business security and/or disrupts service?

A. An incident

B. An IPS alert

C. A DLP alert

D. A SIEM alert

A

A

19
Q

Which of the following are standards being developed for disseminating threat intelligence information?

A. STIX

B. TAXII

C. CybOX

D. All of these answers are correct.

A

D

20
Q

Which type of hacker is considered a good guy?

A. White hat

B. Black hat

C. Gray hat

D. All of these answers are correct.

A

A

21
Q

Which of the following is not an example of ransomware?

AWannaCry

B. Pyeta

C. Nyeta

D. Bad Rabbit

E. Ret2Libc

A

E

22
Q

Which of the following is the way you document and preserve evidence from the time that you started the cyber-forensics investigation to the time the evidence is presented in court?

A. Chain of custody

B. Best evidence

C. Faraday

D. None of these answers is correct.

A

A

23
Q

Software and hardware vendors may have separate teams that handle the investigation, resolution, and disclosure of security vulnerabilities in their products and services. Typically, these teams are called ________.

A. CSIRT

B. Coordination Center

C. PSIRT

D. MSSP

A

C

24
Q

Which of the following are the three components in CVSS?

A. Base, temporal, and environmental groups

B. Base, temporary, and environmental groups

C. Basic, temporal, and environmental groups

D. Basic, temporary, and environmental groups

A

A

25
Q

Which of the following are IoT technologies?

A. Z-Wave

B. INSTEON

C. LoRaWAN

D. A and B

E. A, B, and C

F. None of these answers is correct.

A

E

26
Q

Which of the following is a type of cloud deployment model where the cloud environment is shared among different organizations?

A. Community cloud

B. IaaS

C. PaaS

D. None of these answers is correct.

A

A

27
Q

____________ attacks occur when the sources of the attack are sent spoofed packets that appear to be from the victim, and then the sources become unwitting participants in the DDoS attacks by sending the response traffic back to the intended victim.

A. Reflected DDoS

B. Direct DoS

C. Backtrack DoS

D. SYN flood

A

A

28
Q

Which of the following is a nonprofit organization that leads several industry-wide initiatives to promote the security of applications and software?

A. CERT/cc

B. OWASP

C. AppSec

D. FIRST

A

B