Exam Questions Flashcards
A company’s IT policy manual states that “All company computers, workstations, application servers, and mobile devices must have current versions of antivirus software.”
Which principle or concept of cybersecurity does this policy statement impact?
Operating system security
Accounting policy
Physical security
Access control policy
Operating system security
An organization’s procedures document states that “All electronic communications should be encrypted during transmission across networks using encryption standards specified in the data encryption policy.”
Which security principle is this policy addressing?
Confidentiality
Interruption
Control
Availability
Confidentiality
A company’s website policy states that “To gain access to the corporate website, each employee must provide a valid user name and password, and then answer one of six security questions accurately.”
Which type of security does the policy address?
Operations
Application
Human element
Physical
Operations
An organization notices unauthorized visitors following employees through a restricted doorway.Which vulnerability should be addressed in the organization’s security policy?
Pretexting
Phishing
Baiting
Tailgating
Tailgating
A company wants to update its access control policy. The company wants to prevent hourly employees from logging in to company computers after business hours. Which type of access control policy should be implemented?
Attribute-based
Mandatory
Discretionary
Physical
Attribute-based
A new software development company has determined that one of its proprietary algorithms is at a high risk for unauthorized disclosure. The company’s security up to this point has been fairly lax. Which procedure should the company implement to protect this asset?
Relocate the algorithm to encrypted storage.
Create multiple off-site backups of the algorithm.
Store the algorithm on highly available servers.
Transfer the algorithm onto servers in the demilitarized zone.
Relocate the algorithm to encrypted storage.
In addition to a username and corresponding password, a desktop application asks users to submit a special code. This code is produced by an application running on the users’ mobile phone.Which authentication technique is the phone application providing?
Something you have
Something you know
Something you are
Something you do
Something you have
Employees are required to swipe their access cards and then to use an iris scanner to access protected areas in the company’s data center.Which two authentication techniques are used to protect the data center?
Something you have and something you are
Something you have and something you know
Something you do and something you are
Something you know and something you do
Something you have and something you are
Which security solution can an organization deploy to prevent unauthorized external access to its internal network?
Firewall
Sniffer
IDS
VPN
Firewall
A restaurant needs to protect its customers’ credit card information.Which security standard should the restaurant follow?
PCI DSS
SOX
FERPA
FISMA
PCI DSS
A petroleum company has a group of computers used to monitor flow of materials in the refining process. These computers are never connected to the Internet or other corporate network, and they host proprietary monitoring software which the company has registered as a trade secret.Which type of security will be able to help protect its software against theft?
Application
Network
Physical
Operating system
Physical
An organization wants to minimize the impact of user credential theft by ensuring that only HR staff can access employee personal information.Which security mechanism should it implement?
Turn on logging and auditing.
Remove all unnecessary services.
Apply the principle of least privilege.
Apply the latest software patches.
Apply the principle of least privilege.
An organization wants to prevent malware from infecting its workstations, mobile devices, and web applications.Which security tool should it implement?
Antivirus
Firewall
Fuzzer
Scanner
Antivirus
How can an operating system be hardened in accordance to the principle of least privilege?
Restrict account permissions.
Implement account auditing.
Remove unnecessary software.
Remove unneeded services.
Restrict account permissions.
A company implements an Internet-facing web server for its sales force to review product information. The sales force can also update its profiles and profile photos, but not the product information. There is no other information on this server. Which content access permissions should be granted to the sales force based on the principle of least privilege?
Limited read access only
Limited write access only
Read and limited write access
Read and write access
Read and limited write access
A corporation has discovered that some confidential personnel information has been used inappropriately.How can the principle of least privilege be applied to limit access to confidential personnel records?
Only allow access to those who work in the human resources department.
Only allow access to those who need access to perform their job.
Only allow access to department heads and executives.
Only allow access to those with elevated security permissions.
Only allow access to those who need access to perform their job.
A user runs an application that has been infected with malware that is less than 24 hours old. The malware then infects the operating system.Which safeguard should be implemented to prevent this type of attack?
Limit user account privileges.
Modify the default user accounts.
Install the latest security updates.
Uninstall unnecessary software.
Limit user account privileges.
A company was the victim of a security breach resulting in stolen user credentials. An attacker used a stolen username and password to log in to an employee email account.Which security practice could have reduced the post-breach impact of this event?
Operating system hardening
Mutual authentication
Multifactor authentication
Network segmentation
Multifactor authentication
A module in a security awareness course shows a user making use of two-factor authentication using a hardware token.Which security failure is being addressed by this training module?
Weak passwords
Tailgating
Malware infections
Pretexting
Weak passwords
A student downloads free software from a website and this software includes some malware.Which tool can locate this vulnerability?
Asymmetric encryption
Antivirus software
Access control list
Honeypot
Antivirus software
Which type of tool can be used to detect vulnerabilities in source code related to improper handling of user input?
Fuzzer
Port scanner
Sniffer
Honeypot
Fuzzer
Which tool should an application developer use to help identify input validation vulnerabilities?
A fuzzer
A sniffer
A scanner
A filter
A fuzzer
A systems administrator enables operating system logging to capture unsuccessful log in attempts. Which attack can be uncovered by reviewing such logs?
Brute force
Denial of service
Stolen password
Spear phishing
Brute force
A small IT firm is required to authenticate remote customers who access the firm’s network.Which protection technique should the IT firm employ to satisfy this requirement?
Certificates
Data encryption
File encryption
RAID
Certificates
A company has files stored on a server that are critical to the organization’s viability. The administrator has assigned the appropriate permissions to the files.How should the administrator provide additional confidentiality protection for the files at rest?
File encryption
File compression
Network encryption
Network compression
File encryption
A health company must comply with HIPAA regulations. It decides to encrypt databases that contain HIPAA information.Which resource is the health company directly trying to protect?
Application
Server
Data
Operating system
Data
At a small company, an employee makes an unauthorized data alteration.Which component of the CIA triad has been compromised?
Integrity
Confidentiality
Availability
Authenticity
Integrity
An organization plans to encrypt data in transit on a network.Which aspect of data is the organization attempting to protect?
Authenticity
Possession
Availability
Integrity
Integrity
Which aspect of the CIA triad is violated by an unauthorized database roll back or undo?
Integrity
Confidentiality
Availability
Identification
Integrity
A company’s website has suffered several denial of service (DoS) attacks and wishes to thwart future attacks.
Which security principle is the company addressing?
Availability
Confidentiality
Possession
Authenticity
Availability
An organization has a requirement that all database servers and file servers be configured to maintain operations in the presence of a failure.
Which principle of the CIA triad is this requirement implementing?
Availability
Confidentiality
Utility
Integrity
Availability
Which tool can be used to map devices on a network, along with their operating system types and versions?
Port scanner
Stateful firewall
Packet filter
Packet sniffer
Port scanner
Which web attack is a server-side attack?
SQL injection
Cross-site scripting
Cross-site request forgery
Clickjacking
SQL injection
A new start-up company has started working on a social networking website. The company has moved all its source code to a cloud provider and wants to protect this source code from unauthorized access.
Which cyber defense concept should the start-up company use to maintain the confidentiality of its source code?
File encryption
Alarm systems
Antivirus software
Account permissions
File encryption
A company has an annual audit of installed software and data storage systems. During the audit, the auditor asks how the company’s most critical data is used. This determination helps the auditor ensure that the proper defense mechanisms are in place to protect critical data.
Which principle of the Parkerian hexad is the auditor addressing?
Utility
Possession
Authenticity
Integrity
Utility
Which web attack is possible due to a lack of input validation?
SQL injection
Cross-site request forgery
Clickjacking
Extraneous files
SQL injection
Which cybersecurity term is defined as the potential for an attack on a resource?
Threat
Vulnerability
Risk
Impact
Threat
Which security type deliberately exposes a system’s vulnerabilities or resources to an attacker?
Intrusion detection
Intrusion prevention
Firewalls
Honeypots
Honeypots
An organization employs a VPN to safeguard its information.
Which security principle is protected by a VPN?
Data in motion
Data in storage
Data at rest
Data in use
Data in motion
A malicious hacker was successful in a denial of service (DoS) attack against an institution’s mail server. Fortunately, no data was lost or altered while the server was offline.
Which type of attack is this?
Interruption
Interception
Modification
Fabrication
Interruption
A company has had several successful denial of service (DoS) attacks on its email server.
Which security principle is being attacked?
Availability
Confidentiality
Integrity
Possession
Availability
A file is stored in a marketing folder and is accessible only to members of the marketing group. An attacker uses a phishing scam to gain the credentials of a user who is a member of the marketing group, and then reads the file.
Which leg of the CIA triad is being targeted?
Confidentiality
Availability
Integrity
Control
Confidentiality
An attacker performs a buffer overflow attack on an organization’s web server. The web server locks up and must be restarted to restore functionality.
Which part of the CIA triad is under attack?
a. Confidentiality
b. Integrity
c. Availability
d. Control
Availability
Some malware hides itself by replacing some system administrator commands on a server, but the server continues to function normally for its users.
Which component of the CIA triad has been compromised?
a. Integrity
b. Availability
c. Authenticity
d. Confidentiality
Integrity
Which component of the CIA triad will be impacted if an attacker cuts network cables?
a. Availability
b. Confidentiality
c. Authenticity
d. Integrity
Availability
Which two principles of the CIA triad can be violated by a fabrication attack?
a. Integrity and availability
b. Confidentiality and availability
c. Confidentiality and integrity
d. Integrity and authenticity
Integrity and availability
Which two principles of the CIA triad can be violated by an interruption attack?
a. Integrity and availability
b. Confidentiality and availability
c. Confidentiality and integrity
d. Integrity and authenticity
Integrity and availability
Which attack category targets the confidentiality of data?
a. Interception
b. Interruption
c. Modification
d. Fabrication
Interception
Which file action implements the principle of confidentiality from the CIA triad?
a. Compression
b. Hash
c. Backup
d. Encryption
Encryption
Which cyber defense concept suggests limiting permissions to only what is necessary to perform a particular task?
a. Defense in depth
b. Authorization
c. Authentication
d. Principle of least privilege
Principle of least privilege
A company institutes a new policy that “All office computer monitors must face toward employees and must face away from doorways. The monitor screens must not be visible to people visiting the office.”
Which principle of the CIA triad is this company applying?
a. Confidentiality
b. Utility
c. Integrity
d. Availability
Confidentiality
In the system room of a small company, an emergency power shut-down switch was installed right next to a light switch. As a result, employees sometimes shut down the power accidentally when they leave the data center.
Which type of control should be implemented to mitigate the risk of accidental shut down?
a. Physical
b. Logical
c. Administrative
d. Technical
Physical
A company developing and distributing open source applications realizes that attackers are copying the publicly available, open source code and inserting malware into the code.
Which type of cryptographic tool should the company use to protect the integrity of its open source applications?
a. Hash functions
b. Asymmetric cryptography
c. Symmetric cryptography
d. Block cipher
Hash functions
After considerable research, attackers directed a spear phishing attack at employees at a single bank. One employee opened a message, resulting in a breach that delivered ransomware.
Which type of control should be implemented to prevent future spear phishing attacks?
a. Mutual authentication
b. Strong passwords
c. Input validation
d. Employee training
Employee training
A bank wants to ensure user interactions with the online banking website are confidential.
Which security solution should be implemented?
a. SSH/FTP
b. VPN
c. AES
d. SSL/TLS
SSL/TLS
What is an example of symmetric key encryption?
a. RSA
b. ECC
c. AES
d. MD5
AES
Which asymmetric cryptographic algorithm can provide confidentiality for data in motion?
a. RSA
b. 3DES
c. AES
d. MD5
RSA
A company has just completed an audit of disaster protection strategies. The company has decided it must keep and be able to retrieve backup data for a period of 30 years. The company has implemented tape backups using 8mm digital audio tapes.
Which factor could impact the company’s ability to access information from the backup tapes?
a. Technical obsolescence
b. Tape access speed
c. Reading tape header
d. Network speed
Technical obsolescence
A military installation is evaluating backup solutions for its critical data. This installation operates in a harsh environment that is subjected to heat, humidity, and magnetic fields.
Which physical media should be selected to ensure the integrity of backups is preserved given these harsh operating conditions?
a. Flash drives
b. Tape media
c. Optical media
d. Hard drives
Flash drives
A university research group wants to collect data on animals that are native to southern Arizona, which is a hot, dry region. They plan to camp in tents for the summer at the edge of a national park and to use optical media to backup photos and research notes.
Which physical or environmental factor may damage their optical media?
a. Electric shocks
b. Temperature
c. Humidity
d. Magnetic fields
Temperature
A company has instituted a policy to prevent data leakage. The policy requires that any data stored on USB storage devices must be encrypted with at least 256-bit encryption.
Which principle that is part of the Parkerian hexad but not the CIA triad would be violated if one of these devices was stolen?
a. Possession
b. Confidentiality
c. Authenticity
d. Integrity
Possession
A company is concerned about potential phishing attacks through email. As a result, a new company policy dictates that all email must be digitally signed before it is sent to any customers or partners.
Which security principle that is part of Parkerian hexad but not part of the CIA triad is precipitating this policy change?
a. Authenticity
b. Confidentiality
c. Utility
d. Control
Authenticity
In order to continue processing credit card payments, a retail store arranges for an external auditor to perform regular external and internal vulnerability scans.
Which regulation are they addressing?
a. PCI DSS
b. HIPAA
c. GLBA
d. FCRA
PCI DSS
A hospital allows its patients to pay by credit card.
Which set of regulations apply to the hospital’s operations?
a. HIPAA and PCI DSS
b. HIPAA and FCRA
c. FERPA and HITECH
d. FERPA and PCI DSS
HIPAA and PCI DSS
While visiting a country in the European Union, an American purchases an expensive bottle of perfume with a credit card.
What does the European Union Directive 95/46/EC regulation safeguard for the purchaser?
a. Personally identifiable information
b. Right to return goods
c. Computer fraud and abuse
d. Unfair trade practices
Personally identifiable information
Which U.S. law defines security standards exclusively for federal agencies?
a. FISMA
b. FERPA
c. HIPAA
d. GLBA
FISMA
Which U.S. law regulates the confidentiality and accuracy of a publicly traded corporation’s financial reports?
a. SOX
b. FERPA
c. FISMA
d. HIPAA
SOX
A bank website accepts online loan applications. It requires applicants to review and sign a disclosure document explaining the organization’s information sharing practices.
Which federal law protects consumer’s financial information?
a. SOX
b. FERPA
c. HIPAA
d. GLBA
GLBA
A retail store has hired a third party to audit its computer and network systems that process credit card payments.
Which industry standard is the retail store addressing?
a. PCI DSS
b. FERPA
c. SOX
d. HIPAA
PCI DSS
An accounting firm stores financial data for many customers. The company policy requires that employees only access data for customers they are assigned to. The company implements a written policy indicating an employee can be fired for violating this requirement.
Which type of control has the company implemented?
a. Deterrent
b. Detective
c. Preventive
d. Active
Deterrent
A tornado destroyed a data center. Which side of the CIA triad is most affected?
Authenticity
Authenticity
Availability
Utility
Integrity
Availability
Which attribute of the Parkerian hexad allows for proper attribution of the owner of a dataset?
Possession
Availability
Authenticity
Integrity
Authenticity
What element of the Parkerian Hexad is concerned with usefulness?
Integrity
Confidentiality
Utility
Availability
Utility
Which type of attack category is an attack against confidentiality?
Interception.
Modification.
Fabrication.
Interruption.
Interception.
Which two attributes are included in the concept of risk? Choose two answers.
Threats
Frequency
Vulnerabilities
Impacts
Threats
Vulnerabilities
Which phase of the incident response (IR) process includes putting the system back better than the original state?
Post-incident activity.
Containment.
Recovery.
Detection and Analysis
Recovery.
Which concept refers to adding layers of security to our networks?
Administrative control depth.
Defense in depth.
Physical control depth.
Logical control depth.
Defense in depth
Which combination of factors demonstrates multi-factor authentication?
Fingerprint and voice print
Password and Pin
Password and fingerprint
Voice print and weight
Password and fingerprint
What is the name of the process where the client authenticates the server and the server authenticates the client?
Token-based authentication
Mutual authentication
Two-factor authentication
Multifactor authentication
Mutual authentication
What is an example of identification?
Text to cell phone
Employee Number
Update Access
Fingerprint
Employee Number
What is an example of authentication?
Username
First Car
Read Only
Pin
Pin
Which factors demonstrate multi-factor authentication?
Vein patterns and iris scan
Username and email address
Childhood pet and Mother’s maiden name
Mother’s maiden name and voice print
Mother’s maiden name and voice print
What is an objective for performing an audit?
To ensure a company can respond effectively to a disaster.
To ensure compliance and detect misuse.
To ensure potential risks are identified and analyzed.
To ensure proper access is granted to resources
To ensure compliance and detect misuse.
What are two common values for a network access control list (ACL)? Choose two answers.
Accept
Agree
Disagree
Deny
Allow
Deny , Allow
What are two common types of access control lists (ACLs)? Choose two answers.
File system
Allow
Network
Deny
Database system
File system
Network
Which access control model allows access to be determined by the owner of the resource?
Mandatory access control (MAC)
Attribute-based access control (ABAC)
Role-based access control (RBAC)
Discretionary access control (DAC)
Discretionary access control (DAC)
Which form of access control uses CAPTCHAs?
Attribute-based access control (ABAC)
Rule-based access control (RBAC)
Media access control (MAC)
Discretionary Access Control (DAC)
Attribute-based access control (ABAC)
What is the disadvantage of logging?
Highly configurable
Resources
Reactive tool
History of activities
Resources
Which cryptographic algorithm is obsolete?
Hash functions
Asymmetric key cryptography
Caeser cypher
Symmetric key cryptography
Caeser cypher
Which two laws protect the privacy of medical records and electronic health care information? Choose two answers.
HIPAA
PCI-DSS
HITECH
SOX
GLBA
HIPAA
HITECH
What jurisdiction does the General Data Protection Regulation regulate?
China
Russia
The European Union
The United States
The European Union
What are two acts that regulate health care in the United States? Choose two answers.
HIPAA
COPPA
HITECH
FERPA
HITECH
HIPAA
Which act regulates the United Sates department of education?
GLBA
FERPA
GDPR
FISMA
FERPA
Which act regulates federal departments in the United States?
GLBA
SOX
GDPR
FISMA
FISMA
Which act regulates customer privacy in the finance industry?
GLBA
SOX
GDPR
FISMA
GLBA
Which act regulates reporting of publicly traded companies?
CFAA
SOX
GDPR
FOIA
SOX
What is one of the three states of data?
Compromised
Data in motion
Safe
Valid
Data in motion
Which type of algorithm is a symmetric key?
ECC
RSA
SHA
DES
DES
Which type of algorithm is an asymmetric key?
ECC
MD5
SHA
DES
ECC
Which two types of algorithms are hashing algorithms? Choose two answers.
MD5
3DES
SHA
ECC
AES
RC4
SHA
MD5
Which type of compliance is achieved by law?
Security
Privacy
Industry
Regulatory
Regulatory
Which type of compliance is achieved by stakeholder agreement?
Privacy
Regulatory
Industry
Security
Industry
Which two types of compliance are laws? Choose two answers.
Privacy Act
GDPR
HIPAA
Least privilege
Privacy Act
HIPAA
What act deals with the online privacy of minors under 13?
FISMA
GLBA
FERPA
COPPA
COPPA
Which term refers to the process of gathering and analyzing information to support business decisions?
Competitive Counterintelligence
Purple Dragon
Operational Security
Competitive Intelligence
Competitive Intelligence
What is the correct order of steps in the Operations Security Process?
Identification of critical information; Analysis of threats; Analysis of vulnerabilities;
Assessment of risks; Application of countermeasures.
Identification of critical information; Analysis of vulnerabilities; Assessment of risks; Analysis of threats; Application of countermeasures.
Assessment of risks; Analysis of threats; Analysis of vulnerabilities; Identification of critical information; Application of countermeasures.
Identification of critical information; Analysis of threats; Assessment of risks; Application of countermeasures; Analysis of vulnerabilities.
Identification of critical information; Analysis of threats; Analysis of vulnerabilities; Assessment of risks; Application of countermeasures.
What describes vulnerability analysis?
The identification of the monetary loss caused by a weakness.
The identification of weaknesses that can be used to cause harm.
The identification of physical assets critical to the organization.
The identification of information critical to an organization.
The identification of weaknesses that can be used to cause harm.
Which type of attack is conducted on people to gather information?
Clickjacking
Social Engineering
Cross site scripting (XSS)
Cross site request forgery (CSRF)
Social Engineering
Which type of data is collected by law enforcement agents without using technology as its primary tool?
Human intelligence
Open-source Intelligence
Discovery order
Cease and desist order
Human intelligence
Which social engineering technique uses electronic communications to carry out an attack that is broad in nature?
Pretexting
Phishing
Baiting
Tailgating
Phishing
Which type of intrusion detection system (IDS) is used to analyze activities on the network interface of a particular asset?
Perimeter-based
Application protocol-based
Network-based
Host-based
Host-based
Which security mechanism hardens operating systems (OS) by limiting user access to the minimum permissions needed to carry out tasks?
Apply the principle of least privilege
Disable unessential services
Disable unnecessary software
Implement logging and auditing
Apply the principle of least privilege
Which tool is used for port scanning and to discover devices on a network?
HIDS
Anti-malware
Nmap
Wireshark
Nmap
What is reduced by hardening an operating system?
The principle of least privilege
The attack surface
The need to implement logging
The number of needed updates
The attack surface
You are tasked with designing a system to securely store user passwords for a new web application. Which of the following approaches should you use to ensure the passwords are not stored in plain text and cannot be easily accessed if the database is compromised?
A) Encrypt the passwords using a symmetric key and store the key in the same database.
B) Store the passwords in plain text for easy retrieval during login verification.
C) Use a hash function to transform the passwords into fixed-length strings and store the hashed values.
D) Compress the passwords using a lossless compression algorithm to reduce storage space.
Correct Answer: C) Use a hash function to transform the passwords into fixed-length strings and store the hashed values.
Explanation:
Hash functions are ideal for password storage because they create unique, fixed-length outputs that cannot be reversed, ensuring passwords are not easily retrievable if the database is compromised.
Which access control model is concerned with confidentiality?
Biba
Brewer and Nash
Sutherland
Bell-LaPadula
Bell-LaPadula
Which of the following is a primary requirement of the Gramm-Leach-Bliley Act (GLBA)
A) Conduct annual penetration testing for all financial institutions.
B) Allow customers to opt-out of information sharing with non-affiliated third parties.
C) Mandate encryption of all data at rest for financial institutions.
D) Require financial institutions to report all breaches to federal law enforcement within 72 hours.
B) Allow customers to opt-out of information sharing with non-affiliated third parties.
Explanation:
The GLBA requires financial institutions to inform customers about their data-sharing practices and give them the option to opt-out of sharing their personal information with non-affiliated third parties. This is part of the act’s Privacy Rule.
Which of the following is a requirement under the Children’s Online Privacy Protection Act (COPPA)?
A) Websites must verify the identity of all users regardless of age.
B) Operators of websites directed at children under 13 must obtain parental consent before collecting personal information.
C) Businesses must store children’s personal information for at least five years.
D) Parents must approve all website content that children under 13 can access.
B) Operators of websites directed at children under 13 must obtain parental consent before collecting personal information.
Explanation:
COPPA requires operators of websites and online services directed at children under 13 to obtain verifiable parental consent before collecting, using, or disclosing the child’s personal information. It aims to protect the privacy and safety of children online.
Question:
What is Kismet primarily used for?
A) Performing penetration tests on web applications.
B) Monitoring wireless networks and detecting unauthorized devices.
C) Scanning networks for open ports and vulnerabilities.
D) Encrypting data transmissions over Wi-Fi networks.
Correct Answer:
B) Monitoring wireless networks and detecting unauthorized devices.
Explanation:
Kismet is an open-source wireless network detector, packet sniffer, and intrusion detection system. It is widely used for monitoring Wi-Fi networks, identifying devices, and detecting unauthorized or suspicious activity on a network.
Question:
Which type of Intrusion Detection System (IDS) is best suited for detecting zero-day attacks?
A) Signature-based IDS
B) Host-based IDS
C) Anomaly-based IDS
D) Network-based IDS
Correct Answer:
C) Anomaly-based IDS
Explanation:
An anomaly-based IDS identifies unusual activity by comparing current behavior to an established baseline. This approach allows it to detect previously unknown threats, including zero-day attacks, unlike signature-based IDS, which only identifies known threats.
Question:
Which framework does FISMA require federal agencies to follow for managing information security risks?
A) ISO/IEC 27001
B) OWASP Top 10
C) NIST Risk Management Framework (RMF)
D) CIS Controls
Correct Answer:
C) NIST Risk Management Framework (RMF)
Explanation:
FISMA mandates federal agencies to follow the NIST Risk Management Framework, which provides guidelines for identifying, assessing, and managing cybersecurity risks in federal information systems.
Question:
What is the primary purpose of Wireshark?
A) Encrypting network traffic for secure communication.
B) Scanning for vulnerabilities in software applications.
C) Capturing and analyzing network traffic in real-time.
D) Managing and allocating IP addresses in a network.
Correct Answer:
C) Capturing and analyzing network traffic in real-time.
Explanation:
Wireshark is a powerful network protocol analyzer used to capture, inspect, and troubleshoot network traffic. It is widely used by network administrators, security analysts, and developers for diagnosing issues and studying network protocols.
Question:
What does the concept of “Defense in Depth” primarily emphasize in cybersecurity?
A) Relying on a single, robust security control to protect systems.
B) Using multiple, layered security measures to protect systems and data.
C) Deploying firewalls and antivirus software as the only defense mechanisms.
D) Prioritizing physical security over digital security controls.
Correct Answer:
B) Using multiple, layered security measures to protect systems and data.
Explanation:
Defense in Depth is a cybersecurity strategy that employs multiple layers of security controls across different areas (e.g., network, application, endpoint) to provide redundancy and mitigate risks in case one control fails. It enhances an organization’s ability to prevent, detect, and respond to threats.
How do you define possession in the parkerian hexad model
Definition: Ensuring that the ownership or physical control of information is maintained.
Example: Preventing the theft of a USB drive containing confidential data.
How do you define utility in the parkerian hexad model
Definition: Ensuring that information is useful and meets the needs of the intended purpose.
Example: Ensuring that encrypted files are accessible to authorized users with the correct decryption keys.
How do you define authenticity in the parkerian hexad model
Definition: Ensuring that data, communications, and systems are genuine and come from trusted sources.
Example: Using digital signatures to verify the sender of an email.
What does integrity of data refer to?
The level of assurance which can be given as to how structured data is
The level of assurance which can be given as to how accurate and trustworthy data is
The level of assurance which can be given as to how strong data is
The level of assurance which can be given as to how relevant the data is
Correct Answer:
The level of assurance which can be given as to how accurate and trustworthy data is
Explanation:
Integrity of data refers to maintaining and ensuring the accuracy, consistency, and trustworthiness of data over its lifecycle. This includes preventing unauthorized modifications, corruption, or loss of information to ensure it remains reliable and truthful.
You are conducting an OSINT investigation to gather publicly available information about a company’s recent activities. Which of the following sources would NOT typically be considered part of OSINT?
Options:
A. Public social media profiles of the company’s employees.
B. A press release published on the company’s official website.
C. A confidential internal memo obtained through unauthorized access.
D. News articles from reputable online publications about the company.
Correct Answer:
C. A confidential internal memo obtained through unauthorized access.
Explanation:
OSINT refers to gathering information from publicly available sources. A confidential memo is not publicly available and would involve unauthorized methods to access, which is outside the scope of OSINT.
What is integrity in information security?
Ensuring that data is accurate and has not been tampered with.
What is the purpose of asymmetric cryptography?
It uses a pair of keys (public and private) for secure communication, with one key encrypting and the other decrypting data.
An organization sees an increase in recent operating system vulnerabilities. To address these vulnerabilities, the organization modifies its patching procedures to install critical security patches within 10 days of release.
Which defense in depth layer does the new policy address?
Host
Data
Application
Network
Host
Explanation: The Host layer in the defense-in-depth model refers to the protection of individual devices, servers, or endpoints, including their operating systems and software.
An organization’s IT infrastructure includes network switches, file servers, and database servers.
What should the organization use to minimize false positives and protect the infrastructure from known attacks?
Signature-based intrusion detection
Anomaly-based intrusion detection
Stateful packet inspection
Deep packet inspection
Signature-based intrusion detection
Explanation: Signature-based Intrusion Detection Systems (IDS): These systems rely on a database of known attack patterns (signatures). They compare network traffic or system activity against these signatures to detect threats.
The IT department is updating its policies and procedures to ensure that critical functions continue to operate during an expected hurricane.
Which policies and procedures are being updated?
Disaster recovery plan
Business continuity plan
Physical security plan
Program management plan
Business continuity plan
A user runs an application that has been infected with malware. This malware then performs a brute force attack on the built-in administrator account on Windows systems. The malware successfully cracks the password, and is used to compromise other systems in the environment.
Which safeguard should be implemented to prevent this type of attack?
Turn on logging and auditing.
Modify the default user accounts.
Disable remote desktop access.
Uninstall unnecessary software.
Modify the default user accounts
Explanation: The malware successfully brute-forced the built-in administrator account. This suggests that the account was either enabled with a weak password or left with its default configuration, which made it a prime target. To mitigate this risk
Question:
Which of the following best describes a hardware token used in multi-factor authentication (MFA)?
A. A physical device that generates a one-time password (OTP) for login.
B. A software application that stores passwords securely.
C. A fingerprint scanner used to verify a user’s identity.
D. A device that encrypts data during transmission.
A. A physical device that generates a one-time password (OTP) for login.
Explanation: A hardware token is a physical device, such as a key fob or smart card, that generates a one-time password (OTP) for use in multi-factor authentication. It provides an additional layer of security beyond just passwords. Other options describe different types of security methods.
Question:
What is the primary purpose of SSL (Secure Sockets Layer) in network security?
A. To prevent unauthorized access to data by encrypting communications between a web server and a browser.
B. To authenticate the identity of a user before granting access to a system.
C. To monitor network traffic and detect malicious activities.
D. To store and manage passwords securely.
A. To prevent unauthorized access to data by encrypting communications between a web server and a browser.
Explanation: SSL (now largely replaced by TLS) is a cryptographic protocol used to secure communication between a web server and a browser by encrypting the data transmitted between them. It ensures confidentiality, integrity, and authentication, protecting sensitive information during transmission. Other options describe different security functions.
What is the primary function of a Virtual Private Network (VPN)?
A. To protect a system from malware and viruses.
B. To encrypt internet traffic and provide secure access to a remote network over the internet.
C. To monitor network activity for suspicious behavior.
D. To manage user authentication for secure logins.
B. To encrypt internet traffic and provide secure access to a remote network over the internet.
Explanation: A VPN creates a secure, encrypted connection over the internet, allowing users to access remote networks as if they were physically connected to that network. This ensures privacy and security, particularly when using public or unsecured networks. Other options refer to different types of security solutions.
What is the primary function of Wireshark in network security?
A. To monitor and block incoming network traffic
B. To scan for vulnerabilities in a network
C. To capture and analyze network packets in real-time
D. To encrypt network communications
C. To capture and analyze network packets in real-time
Explanation: Wireshark is a network protocol analyzer that allows users to capture and examine data packets transmitted over a network. It is primarily used for network troubleshooting, analysis, and monitoring of network traffic, but it does not perform functions like blocking traffic or encrypting communications.
Question:
Which of the following is the first step in the incident response process?
A. Containment
B. Eradication
C. Identification
D. Recovery
C. Identification
Explanation: The first step in the incident response process is Identification, where the organization detects and confirms that a security incident has occurred. Once identified, the other steps such as containment, eradication, and recovery follow to manage and resolve the incident.
What is the purpose of an access control list
An Access Control List (ACL) is a security feature used to manage and enforce permissions for accessing resources in a system, such as files, directories, networks, or applications. Its primary purpose is to specify who (or what) is allowed to perform certain actions on a resource and to prevent unauthorized access.
What is pretexting
Pretexting is a type of social engineering technique where an attacker fabricates a false scenario or pretext to manipulate someone into revealing sensitive information or taking specific actions.
Describe California Senate Bill 1386 (SB 1386)
requires businesses and government agencies to notify individuals if their unencrypted personal information has been accessed by an unauthorized person due to a security breach
What is ISO/IEC 27000
This standard specifically provides an overview and a vocabulary for the entire ISO/IEC 27000 family.
Which of the following best describes the primary objective of ISO/IEC 27001?
A. To provide technical specifications for implementing firewalls and antivirus software
B. To establish a framework for managing information security risks within an organization
C. To ensure compliance with national data protection laws
D. To define the physical security measures required for data centers
Correct Answer:
B. To establish a framework for managing information security risks within an organization
Explanation:
ISO/IEC 27001 is an international standard that provides a framework for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS) to manage and reduce information security risks effectively. The other options focus on specific aspects of security but do not encompass the comprehensive scope of ISO/IEC 27001.
What is cross site request forgery
Cross-Site Request Forgery (CSRF or XSRF) is a type of cyber attack where an attacker tricks a victim into performing actions on a web application where the victim is authenticated, without their consent.
What is TLS
Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication over a network, such as the Internet
EXAMPLE: When you shop online, TLS ensures the safety of your sensitive information, such as credit card details.
What type of malware is self replicating
ANSWER: WORM
It is a self-replicating malicious program that spreads across networks without needing human interaction or attaching itself to other programs, unlike a virus.
Describe a buffer overflow attack
A buffer overflow attack is a type of cyberattack that exploits a buffer overflow vulnerability in software to corrupt memory and manipulate the program’s execution. Attackers use this method to inject malicious code, crash applications, or gain unauthorized access to systems.
What is ISO/IEC 27002
Provides best practices and controls for implementing information security based on the requirements in ISO/IEC 27001.
Question:
Which of the following is an example of a physical control in cybersecurity?
A. Implementing multi-factor authentication for system access
B. Installing surveillance cameras to monitor building entrances
C. Conducting regular employee security awareness training
D. Encrypting data stored on servers
Correct Answer:
B. Installing surveillance cameras to monitor building entrances
Explanation:
Physical controls are measures designed to protect the physical assets and infrastructure of an organization, such as surveillance cameras, locks, or security guards. The other options involve technical (A and D) or administrative (C) controls.
what are logical controls
logical controls protect the systems, networks, and environments that process, transmit, and store your data.
Which of the following is an example of an administrative control in cybersecurity?
A. Installing a firewall to monitor network traffic
B. Conducting employee security awareness training
C. Encrypting sensitive files on a server
D. Using biometric scanners to control access to a data center
Correct Answer:
B. Conducting employee security awareness training
Explanation:
Administrative controls involve policies, procedures, and training to manage security risks. Employee training helps raise awareness about threats and best practices, making it a clear example of an administrative control. The other options (A, C, D) are examples of technical or physical controls.
A user attempts to log into a system, but the login is restricted due to an account lockout policy after repeated failed attempts. Which security concept does this primarily support?
Confidentiality
Integrity
Avaialbility
Accountability
confidentiality
You are a cybersecurity specialist at a medium-sized organization. Recently, your company experienced an incident where an attacker tried to exploit a known vulnerability in your web application to gain unauthorized access to sensitive data. The attack was detected but not stopped in time, causing a minor data breach. To prevent such incidents in the future, you decide to implement a solution that can monitor network traffic in real-time and automatically block suspicious activity before it can cause harm.
Question:
Which of the following solutions would best address your need to automatically detect and prevent malicious activity in real-time?
A. Firewall – A device that filters network traffic based on predefined rules.
B. Intrusion Detection System (IDS) – A system that monitors network traffic and alerts administrators of suspicious activity.
C. Intrusion Prevention System (IPS) – A system that monitors network traffic and actively blocks malicious activity in real-time.
D. Antivirus Software – A program that scans for and removes malware from individual devices.
Correct Answer:
C. Intrusion Prevention System (IPS) – An IPS is specifically designed to detect malicious traffic and take immediate action, such as blocking it, to prevent potential attacks.
Which of the following best describes the primary function of an Intrusion Detection System (IDS)?
A. Blocking malicious traffic in real-time to prevent attacks.
B. Monitoring network or system activity for suspicious behavior and generating alerts.
C. Filtering network traffic based on predefined access rules.
D. Removing malware from infected devices.
B. Monitoring network or system activity for suspicious behavior and generating alerts.
Explanation:
An IDS is designed to monitor network or system activity and notify administrators of potential threats or suspicious activity. Unlike an IPS, it does not actively block traffic.
In which of the following scenarios would Rule-Based Access Control (RBAC) be most appropriately applied?
A. When permissions need to be granted dynamically based on an employee’s current department and job role.
B. When access needs to be granted based on a predefined set of policies, such as time of day or the location of the user.
C. When access decisions depend on individual user attributes, such as certifications or security clearance level.
D. When permissions are manually assigned to users based on individual needs and responsibilities.
Correct Answer:
B. When access needs to be granted based on a predefined set of policies, such as time of day or the location of the user.
This is because Rule-Based Access Control focuses on applying access policies based on defined conditions and rules rather than user roles or attributes.
A company wants to simplify its access management system. Employees are grouped based on their job functions, such as “HR,” “IT Support,” and “Sales.” Each group needs specific access rights to perform their duties, and new employees should automatically inherit the access rights of their group when they are assigned to a role. Which type of access control is most appropriate for this scenario?
A. Rule-Based Access Control
B. Role-Based Access Control
C. Attribute-Based Access Control
D. Discretionary Access Control
Correct Answer:
B. Role-Based Access Control
This is because RBAC allows access rights to be assigned based on roles, ensuring employees automatically receive appropriate permissions when assigned to a predefined role.
A hospital needs to manage access to patient records. Doctors can access only the records of their assigned patients, nurses can access records during their shift hours, and access is further restricted based on the user’s location within the hospital. Which type of access control is most appropriate for this scenario?
A. Rule-Based Access Control
B. Role-Based Access Control
C. Attribute-Based Access Control
D. Discretionary Access Control
Correct Answer:
C. Attribute-Based Access Control
This is because ABAC evaluates multiple attributes, such as the user’s role (doctor or nurse), time (shift hours), and location, to make access decisions dynamically.
