Exam Questions Flashcards by Austin Urbanski

A company’s IT policy manual states that “All company computers, workstations, application servers, and mobile devices must have current versions of antivirus software.”

Which principle or concept of cybersecurity does this policy statement impact?

Operating system security

Accounting policy

Physical security

Access control policy

Operating system security

How well did you know this?

Not at all

Perfectly

An organization’s procedures document states that “All electronic communications should be encrypted during transmission across networks using encryption standards specified in the data encryption policy.”

Which security principle is this policy addressing?

Confidentiality

Interruption

Control

Availability

Confidentiality

How well did you know this?

Not at all

Perfectly

A company’s website policy states that “To gain access to the corporate website, each employee must provide a valid user name and password, and then answer one of six security questions accurately.”

Which type of security does the policy address?

Operations

Application

Human element

Physical

Operations

How well did you know this?

Not at all

Perfectly

An organization notices unauthorized visitors following employees through a restricted doorway.Which vulnerability should be addressed in the organization’s security policy?

Pretexting

Phishing

Baiting

Tailgating

How well did you know this?

Not at all

Perfectly

A company wants to update its access control policy. The company wants to prevent hourly employees from logging in to company computers after business hours. Which type of access control policy should be implemented?

Attribute-based

Mandatory

Discretionary

Physical

Attribute-based

How well did you know this?

Not at all

Perfectly

A new software development company has determined that one of its proprietary algorithms is at a high risk for unauthorized disclosure. The company’s security up to this point has been fairly lax. Which procedure should the company implement to protect this asset?

Relocate the algorithm to encrypted storage.

Create multiple off-site backups of the algorithm.

Store the algorithm on highly available servers.

Transfer the algorithm onto servers in the demilitarized zone.

Relocate the algorithm to encrypted storage.

How well did you know this?

Not at all

Perfectly

In addition to a username and corresponding password, a desktop application asks users to submit a special code. This code is produced by an application running on the users’ mobile phone.Which authentication technique is the phone application providing?

Something you have

Something you know

Something you are

Something you do

Something you have

How well did you know this?

Not at all

Perfectly

Employees are required to swipe their access cards and then to use an iris scanner to access protected areas in the company’s data center.Which two authentication techniques are used to protect the data center?

Something you have and something you are

Something you have and something you know

Something you do and something you are

Something you know and something you do

Something you have and something you are

How well did you know this?

Not at all

Perfectly

Which security solution can an organization deploy to prevent unauthorized external access to its internal network?

Firewall

Sniffer

IDS

VPN

Firewall

How well did you know this?

Not at all

Perfectly

A restaurant needs to protect its customers’ credit card information.Which security standard should the restaurant follow?

PCI DSS

SOX

FERPA

FISMA

PCI DSS

How well did you know this?

Not at all

Perfectly

A petroleum company has a group of computers used to monitor flow of materials in the refining process. These computers are never connected to the Internet or other corporate network, and they host proprietary monitoring software which the company has registered as a trade secret.Which type of security will be able to help protect its software against theft?

Application

Network

Physical

Operating system

Physical

How well did you know this?

Not at all

Perfectly

An organization wants to minimize the impact of user credential theft by ensuring that only HR staff can access employee personal information.Which security mechanism should it implement?

Turn on logging and auditing.

Remove all unnecessary services.

Apply the principle of least privilege.

Apply the latest software patches.

Apply the principle of least privilege.

How well did you know this?

Not at all

Perfectly

An organization wants to prevent malware from infecting its workstations, mobile devices, and web applications.Which security tool should it implement?

Antivirus

Firewall

Fuzzer

Scanner

Antivirus

How well did you know this?

Not at all

Perfectly

How can an operating system be hardened in accordance to the principle of least privilege?

Restrict account permissions.

Implement account auditing.

Remove unnecessary software.

Remove unneeded services.

Restrict account permissions.

How well did you know this?

Not at all

Perfectly

A company implements an Internet-facing web server for its sales force to review product information. The sales force can also update its profiles and profile photos, but not the product information. There is no other information on this server. Which content access permissions should be granted to the sales force based on the principle of least privilege?

Limited read access only

Limited write access only

Read and limited write access

Read and write access

Read and limited write access

How well did you know this?

Not at all

Perfectly

A corporation has discovered that some confidential personnel information has been used inappropriately.How can the principle of least privilege be applied to limit access to confidential personnel records?

Only allow access to those who work in the human resources department.

Only allow access to those who need access to perform their job.

Only allow access to department heads and executives.

Only allow access to those with elevated security permissions.

Only allow access to those who need access to perform their job.

How well did you know this?

Not at all

Perfectly

A user runs an application that has been infected with malware that is less than 24 hours old. The malware then infects the operating system.Which safeguard should be implemented to prevent this type of attack?

Limit user account privileges.

Modify the default user accounts.

Install the latest security updates.

Uninstall unnecessary software.

Limit user account privileges.

How well did you know this?

Not at all

Perfectly

A company was the victim of a security breach resulting in stolen user credentials. An attacker used a stolen username and password to log in to an employee email account.Which security practice could have reduced the post-breach impact of this event?

Operating system hardening

Mutual authentication

Multifactor authentication

Network segmentation

Multifactor authentication

How well did you know this?

Not at all

Perfectly

A module in a security awareness course shows a user making use of two-factor authentication using a hardware token.Which security failure is being addressed by this training module?

Weak passwords

Tailgating

Malware infections

Pretexting

Weak passwords

How well did you know this?

Not at all

Perfectly

A student downloads free software from a website and this software includes some malware.Which tool can locate this vulnerability?

Asymmetric encryption

Antivirus software

Access control list

Honeypot

Antivirus software

How well did you know this?

Not at all

Perfectly

Which type of tool can be used to detect vulnerabilities in source code related to improper handling of user input?

Fuzzer

Port scanner

Sniffer

Honeypot

Fuzzer

How well did you know this?

Not at all

Perfectly

Which tool should an application developer use to help identify input validation vulnerabilities?

A fuzzer

A sniffer

A scanner

A filter

A fuzzer

How well did you know this?

Not at all

Perfectly

A systems administrator enables operating system logging to capture unsuccessful log in attempts. Which attack can be uncovered by reviewing such logs?

Brute force

Denial of service

Stolen password

Spear phishing

Brute force

How well did you know this?

Not at all

Perfectly

A small IT firm is required to authenticate remote customers who access the firm’s network.Which protection technique should the IT firm employ to satisfy this requirement?

Certificates

Data encryption

File encryption

RAID

Certificates

How well did you know this?

Not at all

Perfectly

A company has files stored on a server that are critical to the organization's viability. The administrator has assigned the appropriate permissions to the files.How should the administrator provide additional confidentiality protection for the files at rest? File encryption File compression Network encryption Network compression

File encryption

A health company must comply with HIPAA regulations. It decides to encrypt databases that contain HIPAA information.Which resource is the health company directly trying to protect? Application Server Data Operating system

Data

At a small company, an employee makes an unauthorized data alteration.Which component of the CIA triad has been compromised? Integrity Confidentiality Availability Authenticity

Integrity

An organization plans to encrypt data in transit on a network.Which aspect of data is the organization attempting to protect? Authenticity Possession Availability Integrity

Integrity

Which aspect of the CIA triad is violated by an unauthorized database roll back or undo? Integrity Confidentiality Availability Identification

Integrity

A company’s website has suffered several denial of service (DoS) attacks and wishes to thwart future attacks. Which security principle is the company addressing? Availability Confidentiality Possession Authenticity

Availability

An organization has a requirement that all database servers and file servers be configured to maintain operations in the presence of a failure. Which principle of the CIA triad is this requirement implementing? Availability Confidentiality Utility Integrity

Availability

Which tool can be used to map devices on a network, along with their operating system types and versions? Port scanner Stateful firewall Packet filter Packet sniffer

Port scanner

Which web attack is a server-side attack? SQL injection Cross-site scripting Cross-site request forgery Clickjacking

SQL injection

A new start-up company has started working on a social networking website. The company has moved all its source code to a cloud provider and wants to protect this source code from unauthorized access. Which cyber defense concept should the start-up company use to maintain the confidentiality of its source code? File encryption Alarm systems Antivirus software Account permissions

File encryption

A company has an annual audit of installed software and data storage systems. During the audit, the auditor asks how the company’s most critical data is used. This determination helps the auditor ensure that the proper defense mechanisms are in place to protect critical data. Which principle of the Parkerian hexad is the auditor addressing? Utility Possession Authenticity Integrity

Utility

Which web attack is possible due to a lack of input validation? SQL injection Cross-site request forgery Clickjacking Extraneous files

SQL injection

Which cybersecurity term is defined as the potential for an attack on a resource? Threat Vulnerability Risk Impact

Threat

Which security type deliberately exposes a system’s vulnerabilities or resources to an attacker? Intrusion detection Intrusion prevention Firewalls Honeypots

Honeypots

An organization employs a VPN to safeguard its information. Which security principle is protected by a VPN? Data in motion Data in storage Data at rest Data in use

Data in motion

A malicious hacker was successful in a denial of service (DoS) attack against an institution’s mail server. Fortunately, no data was lost or altered while the server was offline. Which type of attack is this? Interruption Interception Modification Fabrication

Interruption

A company has had several successful denial of service (DoS) attacks on its email server. Which security principle is being attacked? Availability Confidentiality Integrity Possession

Availability

A file is stored in a marketing folder and is accessible only to members of the marketing group. An attacker uses a phishing scam to gain the credentials of a user who is a member of the marketing group, and then reads the file. Which leg of the CIA triad is being targeted? Confidentiality Availability Integrity Control

Confidentiality

An attacker performs a buffer overflow attack on an organization’s web server. The web server locks up and must be restarted to restore functionality. Which part of the CIA triad is under attack? a. Confidentiality b. Integrity c. Availability d. Control

Availability

Some malware hides itself by replacing some system administrator commands on a server, but the server continues to function normally for its users. Which component of the CIA triad has been compromised? a. Integrity b. Availability c. Authenticity d. Confidentiality

Integrity

Which component of the CIA triad will be impacted if an attacker cuts network cables? a. Availability b. Confidentiality c. Authenticity d. Integrity

Availability

Which two principles of the CIA triad can be violated by a fabrication attack? a. Integrity and availability b. Confidentiality and availability c. Confidentiality and integrity d. Integrity and authenticity

Integrity and availability

Which two principles of the CIA triad can be violated by an interruption attack? a. Integrity and availability b. Confidentiality and availability c. Confidentiality and integrity d. Integrity and authenticity

Integrity and availability

Which attack category targets the confidentiality of data? a. Interception b. Interruption c. Modification d. Fabrication

Interception

Which file action implements the principle of confidentiality from the CIA triad? a. Compression b. Hash c. Backup d. Encryption

Encryption

Which cyber defense concept suggests limiting permissions to only what is necessary to perform a particular task? a. Defense in depth b. Authorization c. Authentication d. Principle of least privilege

Principle of least privilege

A company institutes a new policy that “All office computer monitors must face toward employees and must face away from doorways. The monitor screens must not be visible to people visiting the office.” Which principle of the CIA triad is this company applying? a. Confidentiality b. Utility c. Integrity d. Availability

Confidentiality

In the system room of a small company, an emergency power shut-down switch was installed right next to a light switch. As a result, employees sometimes shut down the power accidentally when they leave the data center. Which type of control should be implemented to mitigate the risk of accidental shut down? a. Physical b. Logical c. Administrative d. Technical

Physical

A company developing and distributing open source applications realizes that attackers are copying the publicly available, open source code and inserting malware into the code. Which type of cryptographic tool should the company use to protect the integrity of its open source applications? a. Hash functions b. Asymmetric cryptography c. Symmetric cryptography d. Block cipher

Hash functions

After considerable research, attackers directed a spear phishing attack at employees at a single bank. One employee opened a message, resulting in a breach that delivered ransomware. Which type of control should be implemented to prevent future spear phishing attacks? a. Mutual authentication b. Strong passwords c. Input validation d. Employee training

Employee training

A bank wants to ensure user interactions with the online banking website are confidential. Which security solution should be implemented? a. SSH/FTP b. VPN c. AES d. SSL/TLS

SSL/TLS

What is an example of symmetric key encryption? a. RSA b. ECC c. AES d. MD5

AES

Which asymmetric cryptographic algorithm can provide confidentiality for data in motion? a. RSA b. 3DES c. AES d. MD5

RSA

A company has just completed an audit of disaster protection strategies. The company has decided it must keep and be able to retrieve backup data for a period of 30 years. The company has implemented tape backups using 8mm digital audio tapes. Which factor could impact the company’s ability to access information from the backup tapes? a. Technical obsolescence b. Tape access speed c. Reading tape header d. Network speed

Technical obsolescence

A military installation is evaluating backup solutions for its critical data. This installation operates in a harsh environment that is subjected to heat, humidity, and magnetic fields. Which physical media should be selected to ensure the integrity of backups is preserved given these harsh operating conditions? a. Flash drives b. Tape media c. Optical media d. Hard drives

Flash drives

A university research group wants to collect data on animals that are native to southern Arizona, which is a hot, dry region. They plan to camp in tents for the summer at the edge of a national park and to use optical media to backup photos and research notes. Which physical or environmental factor may damage their optical media? a. Electric shocks b. Temperature c. Humidity d. Magnetic fields

Temperature

A company has instituted a policy to prevent data leakage. The policy requires that any data stored on USB storage devices must be encrypted with at least 256-bit encryption. Which principle that is part of the Parkerian hexad but not the CIA triad would be violated if one of these devices was stolen? a. Possession b. Confidentiality c. Authenticity d. Integrity

Possession

A company is concerned about potential phishing attacks through email. As a result, a new company policy dictates that all email must be digitally signed before it is sent to any customers or partners. Which security principle that is part of Parkerian hexad but not part of the CIA triad is precipitating this policy change? a. Authenticity b. Confidentiality c. Utility d. Control

Authenticity

In order to continue processing credit card payments, a retail store arranges for an external auditor to perform regular external and internal vulnerability scans. Which regulation are they addressing? a. PCI DSS b. HIPAA c. GLBA d. FCRA

PCI DSS

A hospital allows its patients to pay by credit card. Which set of regulations apply to the hospital’s operations? a. HIPAA and PCI DSS b. HIPAA and FCRA c. FERPA and HITECH d. FERPA and PCI DSS

HIPAA and PCI DSS

While visiting a country in the European Union, an American purchases an expensive bottle of perfume with a credit card. What does the European Union Directive 95/46/EC regulation safeguard for the purchaser? a. Personally identifiable information b. Right to return goods c. Computer fraud and abuse d. Unfair trade practices

Personally identifiable information

Which U.S. law defines security standards exclusively for federal agencies? a. FISMA b. FERPA c. HIPAA d. GLBA

FISMA

Which U.S. law regulates the confidentiality and accuracy of a publicly traded corporation’s financial reports? a. SOX b. FERPA c. FISMA d. HIPAA

SOX

A bank website accepts online loan applications. It requires applicants to review and sign a disclosure document explaining the organization’s information sharing practices. Which federal law protects consumer’s financial information? a. SOX b. FERPA c. HIPAA d. GLBA

GLBA

A retail store has hired a third party to audit its computer and network systems that process credit card payments. Which industry standard is the retail store addressing? a. PCI DSS b. FERPA c. SOX d. HIPAA

PCI DSS

An accounting firm stores financial data for many customers. The company policy requires that employees only access data for customers they are assigned to. The company implements a written policy indicating an employee can be fired for violating this requirement. Which type of control has the company implemented? a. Deterrent b. Detective c. Preventive d. Active

Deterrent

A tornado destroyed a data center. Which side of the CIA triad is most affected? Authenticity Authenticity Availability Utility Integrity

Availability

Which attribute of the Parkerian hexad allows for proper attribution of the owner of a dataset? Possession Availability Authenticity Integrity

Authenticity

What element of the Parkerian Hexad is concerned with usefulness? Integrity Confidentiality Utility Availability

Utility

Which type of attack category is an attack against confidentiality? Interception. Modification. Fabrication. Interruption.

Interception.

Which two attributes are included in the concept of risk? Choose two answers. Threats Frequency Vulnerabilities Impacts

Threats Vulnerabilities

Which phase of the incident response (IR) process includes putting the system back better than the original state? Post-incident activity. Containment. Recovery. Detection and Analysis

Recovery.

Which concept refers to adding layers of security to our networks? Administrative control depth. Defense in depth. Physical control depth. Logical control depth.

Defense in depth

Which combination of factors demonstrates multi-factor authentication? Fingerprint and voice print Password and Pin Password and fingerprint Voice print and weight

Password and fingerprint

What is the name of the process where the client authenticates the server and the server authenticates the client? Token-based authentication Mutual authentication Two-factor authentication Multifactor authentication

Mutual authentication

What is an example of identification? Text to cell phone Employee Number Update Access Fingerprint

Employee Number

What is an example of authentication? Username First Car Read Only Pin

Which factors demonstrate multi-factor authentication? Vein patterns and iris scan Username and email address Childhood pet and Mother's maiden name Mother's maiden name and voice print

Mother's maiden name and voice print

What is an objective for performing an audit? To ensure a company can respond effectively to a disaster. To ensure compliance and detect misuse. To ensure potential risks are identified and analyzed. To ensure proper access is granted to resources

To ensure compliance and detect misuse.

What are two common values for a network access control list (ACL)? Choose two answers. Accept Agree Disagree Deny Allow

Deny , Allow

What are two common types of access control lists (ACLs)? Choose two answers. File system Allow Network Deny Database system

File system Network

Which access control model allows access to be determined by the owner of the resource? Mandatory access control (MAC) Attribute-based access control (ABAC) Role-based access control (RBAC) Discretionary access control (DAC)

Discretionary access control (DAC)

Which form of access control uses CAPTCHAs? Attribute-based access control (ABAC) Rule-based access control (RBAC) Media access control (MAC) Discretionary Access Control (DAC)

Attribute-based access control (ABAC)

What is the disadvantage of logging? Highly configurable Resources Reactive tool History of activities

Resources

Which cryptographic algorithm is obsolete? Hash functions Asymmetric key cryptography Caeser cypher Symmetric key cryptography

Caeser cypher

Which two laws protect the privacy of medical records and electronic health care information? Choose two answers. HIPAA PCI-DSS HITECH SOX GLBA

HIPAA HITECH

What jurisdiction does the General Data Protection Regulation regulate? China Russia The European Union The United States

The European Union

What are two acts that regulate health care in the United States? Choose two answers. HIPAA COPPA HITECH FERPA

HITECH HIPAA

Which act regulates the United Sates department of education? GLBA FERPA GDPR FISMA

FERPA

Which act regulates federal departments in the United States? GLBA SOX GDPR FISMA

FISMA

Which act regulates customer privacy in the finance industry? GLBA SOX GDPR FISMA

GLBA

Which act regulates reporting of publicly traded companies? CFAA SOX GDPR FOIA

SOX

What is one of the three states of data? Compromised Data in motion Safe Valid

Data in motion

Which type of algorithm is a symmetric key? ECC RSA SHA DES

DES

Which type of algorithm is an asymmetric key? ECC MD5 SHA DES

ECC

Which two types of algorithms are hashing algorithms? Choose two answers. MD5 3DES SHA ECC AES RC4

SHA MD5

Which type of compliance is achieved by law? Security Privacy Industry Regulatory

Regulatory

Which type of compliance is achieved by stakeholder agreement? Privacy Regulatory Industry Security

Industry

Which two types of compliance are laws? Choose two answers. Privacy Act GDPR HIPAA Least privilege

Privacy Act HIPAA

What act deals with the online privacy of minors under 13? FISMA GLBA FERPA COPPA

COPPA

Which term refers to the process of gathering and analyzing information to support business decisions? Competitive Counterintelligence Purple Dragon Operational Security Competitive Intelligence

Competitive Intelligence

What is the correct order of steps in the Operations Security Process? Identification of critical information; Analysis of threats; Analysis of vulnerabilities; Assessment of risks; Application of countermeasures. Identification of critical information; Analysis of vulnerabilities; Assessment of risks; Analysis of threats; Application of countermeasures. Assessment of risks; Analysis of threats; Analysis of vulnerabilities; Identification of critical information; Application of countermeasures. Identification of critical information; Analysis of threats; Assessment of risks; Application of countermeasures; Analysis of vulnerabilities.

Identification of critical information; Analysis of threats; Analysis of vulnerabilities; Assessment of risks; Application of countermeasures.

What describes vulnerability analysis? The identification of the monetary loss caused by a weakness. The identification of weaknesses that can be used to cause harm. The identification of physical assets critical to the organization. The identification of information critical to an organization.

The identification of weaknesses that can be used to cause harm.

Which type of attack is conducted on people to gather information? Clickjacking Social Engineering Cross site scripting (XSS) Cross site request forgery (CSRF)

Social Engineering

Which type of data is collected by law enforcement agents without using technology as its primary tool? Human intelligence Open-source Intelligence Discovery order Cease and desist order

Human intelligence

Which social engineering technique uses electronic communications to carry out an attack that is broad in nature? Pretexting Phishing Baiting Tailgating

Phishing

Which type of intrusion detection system (IDS) is used to analyze activities on the network interface of a particular asset? Perimeter-based Application protocol-based Network-based Host-based

Host-based

Which security mechanism hardens operating systems (OS) by limiting user access to the minimum permissions needed to carry out tasks? Apply the principle of least privilege Disable unessential services Disable unnecessary software Implement logging and auditing

Apply the principle of least privilege

Which tool is used for port scanning and to discover devices on a network? HIDS Anti-malware Nmap Wireshark

Nmap

What is reduced by hardening an operating system? The principle of least privilege The attack surface The need to implement logging The number of needed updates

The attack surface

You are tasked with designing a system to securely store user passwords for a new web application. Which of the following approaches should you use to ensure the passwords are not stored in plain text and cannot be easily accessed if the database is compromised? A) Encrypt the passwords using a symmetric key and store the key in the same database. B) Store the passwords in plain text for easy retrieval during login verification. C) Use a hash function to transform the passwords into fixed-length strings and store the hashed values. D) Compress the passwords using a lossless compression algorithm to reduce storage space.

Correct Answer: C) Use a hash function to transform the passwords into fixed-length strings and store the hashed values. Explanation: Hash functions are ideal for password storage because they create unique, fixed-length outputs that cannot be reversed, ensuring passwords are not easily retrievable if the database is compromised.

Which access control model is concerned with confidentiality? Biba Brewer and Nash Sutherland Bell-LaPadula

Bell-LaPadula

Which of the following is a primary requirement of the Gramm-Leach-Bliley Act (GLBA) A) Conduct annual penetration testing for all financial institutions. B) Allow customers to opt-out of information sharing with non-affiliated third parties. C) Mandate encryption of all data at rest for financial institutions. D) Require financial institutions to report all breaches to federal law enforcement within 72 hours.

B) Allow customers to opt-out of information sharing with non-affiliated third parties. Explanation: The GLBA requires financial institutions to inform customers about their data-sharing practices and give them the option to opt-out of sharing their personal information with non-affiliated third parties. This is part of the act’s Privacy Rule.

Which of the following is a requirement under the Children’s Online Privacy Protection Act (COPPA)? A) Websites must verify the identity of all users regardless of age. B) Operators of websites directed at children under 13 must obtain parental consent before collecting personal information. C) Businesses must store children’s personal information for at least five years. D) Parents must approve all website content that children under 13 can access.

B) Operators of websites directed at children under 13 must obtain parental consent before collecting personal information. Explanation: COPPA requires operators of websites and online services directed at children under 13 to obtain verifiable parental consent before collecting, using, or disclosing the child’s personal information. It aims to protect the privacy and safety of children online.

Question: What is Kismet primarily used for? A) Performing penetration tests on web applications. B) Monitoring wireless networks and detecting unauthorized devices. C) Scanning networks for open ports and vulnerabilities. D) Encrypting data transmissions over Wi-Fi networks.

Correct Answer: B) Monitoring wireless networks and detecting unauthorized devices. Explanation: Kismet is an open-source wireless network detector, packet sniffer, and intrusion detection system. It is widely used for monitoring Wi-Fi networks, identifying devices, and detecting unauthorized or suspicious activity on a network.

Question: Which type of Intrusion Detection System (IDS) is best suited for detecting zero-day attacks? A) Signature-based IDS B) Host-based IDS C) Anomaly-based IDS D) Network-based IDS

Correct Answer: C) Anomaly-based IDS Explanation: An anomaly-based IDS identifies unusual activity by comparing current behavior to an established baseline. This approach allows it to detect previously unknown threats, including zero-day attacks, unlike signature-based IDS, which only identifies known threats.

Question: Which framework does FISMA require federal agencies to follow for managing information security risks? A) ISO/IEC 27001 B) OWASP Top 10 C) NIST Risk Management Framework (RMF) D) CIS Controls

Correct Answer: C) NIST Risk Management Framework (RMF) Explanation: FISMA mandates federal agencies to follow the NIST Risk Management Framework, which provides guidelines for identifying, assessing, and managing cybersecurity risks in federal information systems.

Question: What is the primary purpose of Wireshark? A) Encrypting network traffic for secure communication. B) Scanning for vulnerabilities in software applications. C) Capturing and analyzing network traffic in real-time. D) Managing and allocating IP addresses in a network.

Correct Answer: C) Capturing and analyzing network traffic in real-time. Explanation: Wireshark is a powerful network protocol analyzer used to capture, inspect, and troubleshoot network traffic. It is widely used by network administrators, security analysts, and developers for diagnosing issues and studying network protocols.

Question: What does the concept of “Defense in Depth” primarily emphasize in cybersecurity? A) Relying on a single, robust security control to protect systems. B) Using multiple, layered security measures to protect systems and data. C) Deploying firewalls and antivirus software as the only defense mechanisms. D) Prioritizing physical security over digital security controls.

Correct Answer: B) Using multiple, layered security measures to protect systems and data. Explanation: Defense in Depth is a cybersecurity strategy that employs multiple layers of security controls across different areas (e.g., network, application, endpoint) to provide redundancy and mitigate risks in case one control fails. It enhances an organization’s ability to prevent, detect, and respond to threats.

How do you define possession in the parkerian hexad model

Definition: Ensuring that the ownership or physical control of information is maintained. Example: Preventing the theft of a USB drive containing confidential data.

How do you define utility in the parkerian hexad model

Definition: Ensuring that information is useful and meets the needs of the intended purpose. Example: Ensuring that encrypted files are accessible to authorized users with the correct decryption keys.

How do you define authenticity in the parkerian hexad model

Definition: Ensuring that data, communications, and systems are genuine and come from trusted sources. Example: Using digital signatures to verify the sender of an email.

What does integrity of data refer to? The level of assurance which can be given as to how structured data is The level of assurance which can be given as to how accurate and trustworthy data is The level of assurance which can be given as to how strong data is The level of assurance which can be given as to how relevant the data is

Correct Answer: The level of assurance which can be given as to how accurate and trustworthy data is Explanation: Integrity of data refers to maintaining and ensuring the accuracy, consistency, and trustworthiness of data over its lifecycle. This includes preventing unauthorized modifications, corruption, or loss of information to ensure it remains reliable and truthful.

You are conducting an OSINT investigation to gather publicly available information about a company's recent activities. Which of the following sources would NOT typically be considered part of OSINT? Options: A. Public social media profiles of the company's employees. B. A press release published on the company’s official website. C. A confidential internal memo obtained through unauthorized access. D. News articles from reputable online publications about the company.

Correct Answer: C. A confidential internal memo obtained through unauthorized access. Explanation: OSINT refers to gathering information from publicly available sources. A confidential memo is not publicly available and would involve unauthorized methods to access, which is outside the scope of OSINT.

What is integrity in information security?

Ensuring that data is accurate and has not been tampered with.

What is the purpose of asymmetric cryptography?

It uses a pair of keys (public and private) for secure communication, with one key encrypting and the other decrypting data.

An organization sees an increase in recent operating system vulnerabilities. To address these vulnerabilities, the organization modifies its patching procedures to install critical security patches within 10 days of release. Which defense in depth layer does the new policy address? Host Data Application Network

Host Explanation: The Host layer in the defense-in-depth model refers to the protection of individual devices, servers, or endpoints, including their operating systems and software.

An organization’s IT infrastructure includes network switches, file servers, and database servers. What should the organization use to minimize false positives and protect the infrastructure from known attacks? Signature-based intrusion detection Anomaly-based intrusion detection Stateful packet inspection Deep packet inspection

Signature-based intrusion detection Explanation: Signature-based Intrusion Detection Systems (IDS): These systems rely on a database of known attack patterns (signatures). They compare network traffic or system activity against these signatures to detect threats.

The IT department is updating its policies and procedures to ensure that critical functions continue to operate during an expected hurricane. Which policies and procedures are being updated? Disaster recovery plan Business continuity plan Physical security plan Program management plan

Business continuity plan

A user runs an application that has been infected with malware. This malware then performs a brute force attack on the built-in administrator account on Windows systems. The malware successfully cracks the password, and is used to compromise other systems in the environment. Which safeguard should be implemented to prevent this type of attack? Turn on logging and auditing. Modify the default user accounts. Disable remote desktop access. Uninstall unnecessary software.

Modify the default user accounts Explanation: The malware successfully brute-forced the built-in administrator account. This suggests that the account was either enabled with a weak password or left with its default configuration, which made it a prime target. To mitigate this risk

Question: Which of the following best describes a hardware token used in multi-factor authentication (MFA)? A. A physical device that generates a one-time password (OTP) for login. B. A software application that stores passwords securely. C. A fingerprint scanner used to verify a user’s identity. D. A device that encrypts data during transmission.

A. A physical device that generates a one-time password (OTP) for login. Explanation: A hardware token is a physical device, such as a key fob or smart card, that generates a one-time password (OTP) for use in multi-factor authentication. It provides an additional layer of security beyond just passwords. Other options describe different types of security methods.

Question: What is the primary purpose of SSL (Secure Sockets Layer) in network security? A. To prevent unauthorized access to data by encrypting communications between a web server and a browser. B. To authenticate the identity of a user before granting access to a system. C. To monitor network traffic and detect malicious activities. D. To store and manage passwords securely.

A. To prevent unauthorized access to data by encrypting communications between a web server and a browser. Explanation: SSL (now largely replaced by TLS) is a cryptographic protocol used to secure communication between a web server and a browser by encrypting the data transmitted between them. It ensures confidentiality, integrity, and authentication, protecting sensitive information during transmission. Other options describe different security functions.

What is the primary function of a Virtual Private Network (VPN)? A. To protect a system from malware and viruses. B. To encrypt internet traffic and provide secure access to a remote network over the internet. C. To monitor network activity for suspicious behavior. D. To manage user authentication for secure logins.

B. To encrypt internet traffic and provide secure access to a remote network over the internet. Explanation: A VPN creates a secure, encrypted connection over the internet, allowing users to access remote networks as if they were physically connected to that network. This ensures privacy and security, particularly when using public or unsecured networks. Other options refer to different types of security solutions.

What is the primary function of Wireshark in network security? A. To monitor and block incoming network traffic B. To scan for vulnerabilities in a network C. To capture and analyze network packets in real-time D. To encrypt network communications

C. To capture and analyze network packets in real-time Explanation: Wireshark is a network protocol analyzer that allows users to capture and examine data packets transmitted over a network. It is primarily used for network troubleshooting, analysis, and monitoring of network traffic, but it does not perform functions like blocking traffic or encrypting communications.

Question: Which of the following is the first step in the incident response process? A. Containment B. Eradication C. Identification D. Recovery

C. Identification Explanation: The first step in the incident response process is Identification, where the organization detects and confirms that a security incident has occurred. Once identified, the other steps such as containment, eradication, and recovery follow to manage and resolve the incident.

What is the purpose of an access control list

An Access Control List (ACL) is a security feature used to manage and enforce permissions for accessing resources in a system, such as files, directories, networks, or applications. Its primary purpose is to specify who (or what) is allowed to perform certain actions on a resource and to prevent unauthorized access.

What is pretexting

Pretexting is a type of social engineering technique where an attacker fabricates a false scenario or pretext to manipulate someone into revealing sensitive information or taking specific actions.

Describe California Senate Bill 1386 (SB 1386)

requires businesses and government agencies to notify individuals if their unencrypted personal information has been accessed by an unauthorized person due to a security breach

What is ISO/IEC 27000

This standard specifically provides an overview and a vocabulary for the entire ISO/IEC 27000 family.

Which of the following best describes the primary objective of ISO/IEC 27001? A. To provide technical specifications for implementing firewalls and antivirus software B. To establish a framework for managing information security risks within an organization C. To ensure compliance with national data protection laws D. To define the physical security measures required for data centers

Correct Answer: B. To establish a framework for managing information security risks within an organization Explanation: ISO/IEC 27001 is an international standard that provides a framework for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS) to manage and reduce information security risks effectively. The other options focus on specific aspects of security but do not encompass the comprehensive scope of ISO/IEC 27001.

What is cross site request forgery

Cross-Site Request Forgery (CSRF or XSRF) is a type of cyber attack where an attacker tricks a victim into performing actions on a web application where the victim is authenticated, without their consent.

What is TLS

Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication over a network, such as the Internet EXAMPLE: When you shop online, TLS ensures the safety of your sensitive information, such as credit card details.

What type of malware is self replicating

ANSWER: WORM It is a self-replicating malicious program that spreads across networks without needing human interaction or attaching itself to other programs, unlike a virus.

Describe a buffer overflow attack

A buffer overflow attack is a type of cyberattack that exploits a buffer overflow vulnerability in software to corrupt memory and manipulate the program's execution. Attackers use this method to inject malicious code, crash applications, or gain unauthorized access to systems.

What is ISO/IEC 27002

Provides best practices and controls for implementing information security based on the requirements in ISO/IEC 27001.

Question: Which of the following is an example of a physical control in cybersecurity? A. Implementing multi-factor authentication for system access B. Installing surveillance cameras to monitor building entrances C. Conducting regular employee security awareness training D. Encrypting data stored on servers

Correct Answer: B. Installing surveillance cameras to monitor building entrances Explanation: Physical controls are measures designed to protect the physical assets and infrastructure of an organization, such as surveillance cameras, locks, or security guards. The other options involve technical (A and D) or administrative (C) controls.

what are logical controls

logical controls protect the systems, networks, and environments that process, transmit, and store your data.

Which of the following is an example of an administrative control in cybersecurity? A. Installing a firewall to monitor network traffic B. Conducting employee security awareness training C. Encrypting sensitive files on a server D. Using biometric scanners to control access to a data center

Correct Answer: B. Conducting employee security awareness training Explanation: Administrative controls involve policies, procedures, and training to manage security risks. Employee training helps raise awareness about threats and best practices, making it a clear example of an administrative control. The other options (A, C, D) are examples of technical or physical controls.

A user attempts to log into a system, but the login is restricted due to an account lockout policy after repeated failed attempts. Which security concept does this primarily support? Confidentiality Integrity Avaialbility Accountability

confidentiality

You are a cybersecurity specialist at a medium-sized organization. Recently, your company experienced an incident where an attacker tried to exploit a known vulnerability in your web application to gain unauthorized access to sensitive data. The attack was detected but not stopped in time, causing a minor data breach. To prevent such incidents in the future, you decide to implement a solution that can monitor network traffic in real-time and automatically block suspicious activity before it can cause harm. Question: Which of the following solutions would best address your need to automatically detect and prevent malicious activity in real-time? A. Firewall – A device that filters network traffic based on predefined rules. B. Intrusion Detection System (IDS) – A system that monitors network traffic and alerts administrators of suspicious activity. C. Intrusion Prevention System (IPS) – A system that monitors network traffic and actively blocks malicious activity in real-time. D. Antivirus Software – A program that scans for and removes malware from individual devices.

Correct Answer: C. Intrusion Prevention System (IPS) – An IPS is specifically designed to detect malicious traffic and take immediate action, such as blocking it, to prevent potential attacks.

Which of the following best describes the primary function of an Intrusion Detection System (IDS)? A. Blocking malicious traffic in real-time to prevent attacks. B. Monitoring network or system activity for suspicious behavior and generating alerts. C. Filtering network traffic based on predefined access rules. D. Removing malware from infected devices.

B. Monitoring network or system activity for suspicious behavior and generating alerts. Explanation: An IDS is designed to monitor network or system activity and notify administrators of potential threats or suspicious activity. Unlike an IPS, it does not actively block traffic.

In which of the following scenarios would Rule-Based Access Control (RBAC) be most appropriately applied? A. When permissions need to be granted dynamically based on an employee's current department and job role. B. When access needs to be granted based on a predefined set of policies, such as time of day or the location of the user. C. When access decisions depend on individual user attributes, such as certifications or security clearance level. D. When permissions are manually assigned to users based on individual needs and responsibilities.

Correct Answer: B. When access needs to be granted based on a predefined set of policies, such as time of day or the location of the user. This is because Rule-Based Access Control focuses on applying access policies based on defined conditions and rules rather than user roles or attributes.

A company wants to simplify its access management system. Employees are grouped based on their job functions, such as "HR," "IT Support," and "Sales." Each group needs specific access rights to perform their duties, and new employees should automatically inherit the access rights of their group when they are assigned to a role. Which type of access control is most appropriate for this scenario? A. Rule-Based Access Control B. Role-Based Access Control C. Attribute-Based Access Control D. Discretionary Access Control

Correct Answer: B. Role-Based Access Control This is because RBAC allows access rights to be assigned based on roles, ensuring employees automatically receive appropriate permissions when assigned to a predefined role.

A hospital needs to manage access to patient records. Doctors can access only the records of their assigned patients, nurses can access records during their shift hours, and access is further restricted based on the user's location within the hospital. Which type of access control is most appropriate for this scenario? A. Rule-Based Access Control B. Role-Based Access Control C. Attribute-Based Access Control D. Discretionary Access Control

Correct Answer: C. Attribute-Based Access Control This is because ABAC evaluates multiple attributes, such as the user’s role (doctor or nurse), time (shift hours), and location, to make access decisions dynamically.