Introduction to Cybersecurity: Course Final Exam Flashcards
Which of the following firewalls hides or masquerades the private addresses of network hosts?
Reverse proxy firewall
Host-based firewall
Proxy server
Network address
translation firewall
Network layer firewall
Network Address Translation Firewall
Carrying out a multi-phase, long-term, stealthy and advanced operation against a specific target is often referred to as what?
Advanced persistent treat
Network sniffing
Social engineering
Script kiddies
Rainbow tables
Advanced persistent threat
You are configuring access settings to require employees in your organization to authenticate first before accessing certain web pages. Which requirement of information security is addressed through this configuration?
Scalability
Avaiability
Integrity
Confidentiality
Confidentiality
What are the objectives of ensuring data integrity? (Choose two correct answers)
Data is unaltered during transit
Data is not changed by unauthorized entities
Data is encrypted while in transit and when stored on disks
Access to the data is authenticated
Data is available all the time
Data is unaltered during transit
Data is not changed by unauthorized entities
An organization is experiencing overwhelming visits to a main web server. You are developing a plan to add a couple of more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
Scalability
Integrity
Confidentiality
Availability
Availability
What of the following are examples of cracking an encrypted password? (Choose four correct answers)
Imtimidation
Brute force attack
Network sniffing
Rainbow tables
Social engineering
Spraying
Dictionary attack
Brute Force Attack
Rainbow Tables
Spraying
Dictionary Attack
Improper management of physical access to a resource, such as a file, can lead to what type of security vlnerability?
Weaknesses in security practices
Race conditions
Access Control problems
Buffer overlow
Non-validated input
Access Control problems
A medical office employee sends emails to patients about their recent visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?
Contact information
Next appointment
Patient records
First and last name
Patient records
What is the best way to avoid getting spyware on a machine?
Install the latest antivirus updates
Install the latest web browser updates
Install software only from trusted websites
Install the latest operating system updates
Install software only from trusted websites
ou are surfing the Internet using a laptop at a public Wi-Fi cafe. What should you check first before you connect to the public network?
That the Bluetooth adapter is disabled
If the laptop requires user authentication for file and media sharing
That the laptop web browser is operating in private mode
If the laptop has a master password set to secure the passwords stored in the password manager
If the laptop requires user authentication for file and media sharing
What is the main function of the Cisco Security Incident Response Team?
To design next generation routers and switches that are less prone to cyber attacks
To design polymorphic malware
To ensure company, system and data preservation
To provide standards for new encrpytion techniques.
To ensure company, system and data preservation
Which of the following firewalls are placed in front of web services to protect, hide, offload and distribute access to web servers?
Appication layer firewall
proxy server
Transport layer firewall
Network layer firewall
Reverse proxy server
Reverse proxy server
Which of the following certifications meets the U.S. Depratment of Defensive Directive 8570.01-M reuqirements, which is important for anyone looking to work in IT security for the federal goverment?
EC Council Certified Ethnical hacker
Microsoft Technology Associate Security Fundamentals
ISACA CSX Cybersecurity Fundamentals
CompTIA Security+
ISC2 Certified Information Systems Security Professional
Palo Alto Networks Certified Cybersecurity Associate
CompTIA Security+
One of your colleagues has lost her identification badge. She is in a hurry to get to a meeting and does not have time to visit Human Resources to get a temporary badge. You lend her your identification badge until she can obtain a replacement.
Is this behavior ethical or unethical?
Ethical
Unethical
Unethical
Which of the following certifications tests your understanding and knowledge in how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner?
Palo Alto Networks Certified Cybersecurity Associate
ISC2 Certified Information Systems Security Professional
Microsoft Technology Associate Security Fundamentals
CompTIA Security+
ISACA CSX Cybersecurity Fundamentals
EC Council Certified Ethical Hacker
EC Council Certified Ethical Hacker
What is the main purpose of cyberwarfare?
To develop advanced network devices
To gain advanced over adversaries
To protect cloud-based data centers
To simulate possible war scenarios among nations
To gain advantage over adversaries
What vulnerability occurs when the output of an event depends on ordered or timed outputs?
Weaknesses in security practices
Non-validated input
Race conditions
Buffer overflow
Access control problems
Race conditions
What do you call the vulnerabilities discovered by Google security researchers that affect almost all CPUs released since 1995? (Select two correct answers)
Shell shock
WannaCry
NotPetva
Spectre
Meltdown
Spectre
Meltdown
If developers attempt to create their own security algorithms, it will likely introduce what type of vulnerabilities?
Buffer overflow
Race conditions
Weaknesses in security practices
Non-validated input
Access control problems
Weaknesses in security practices
Whcih technology creates a security token that allows a user to log in to a desired web appication using credentials from a social media website?
Open authorization
VPN service
Password manager
In-private browsing mode3
Open authorization
Which of the following security implementations use biometrics? (Choose two correct answers)
Fingerprint
Phone
Credit card
Voice recognition
Fob
Fingerprint
Voice recognition
Which of the following firewalls filters traffic based on source and destination IP addresses?
Network layer firewall
Proxy server
Application layer firewall
Transport layer firewall
Network address translation firewall
Network layer firewall
Whcih of the following firewalls filters web content requests such as URLs and domain names?
Application layer firewall
Proxy server
Reverse proxy server
Network layer firewall
Network address translation firewall
Proxy server
A port scan returns a ‘dropped’ response. What does this mean?
A service is listening ont he port
Connections to the port will be denied
There was no reply from the host
There was no reply from the host
During a meeting with the Marketing department, a representative from IT discusses fetaures of an upcoming product that will be released next year. Is thsi employee’s behavior ethnical or unethical?
Ethical
Unethical
Ethical
Which of the following is an entry-level certifcation for newcomers who are preparing to start their career in cybersecurity?
CompTIA Security+
Microsoft Technology Associate Security Fundamentals
ISC2 Certificed Information Systems Security Professional
ISACA CSX Cybersecurity Fundamentals
EC Council Certified Ethnical Hacker
Palo Alto Networks Certified Cybersecurity Associate
Palo Alto Networks Certified Cybersecurity Associate
‘Cybersecurity certifications are a way for you to verify your skills and knowledge and can also boost your career.’
True
False
True
When describing malware, what is a difference between a virus and a worm?
A virus focuses on gaining privileged access to a device, whereas a worm does not
A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks.
A virus can be used to deliver advertisements without user consent, whereas a worm cannot.
A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
An employee is laid off after fifteen years with the same organization. The employee is then hired by another organization within a week. In the new organization, the employee shared documents and ideas for products that the employee proposed at the original organiozation. Is the employee’s behavior.
Ethical
Unethical
Unethical
Which of the following firewalls filters traffic based on the user, device, role, application type and threat profile?
Context aware application firewall
host-based firewall
network address translation firewall
Networ layer firewall
Application layer firewall
Context aware application firewall
What names are given to a database where all cryptocurrency transactions are recorded? (Select two correct answers)
Blockchain
Table
Ledger
Spreadsheet
Blockhain
Ledger
Which of the following items are states of data (Choose three correct answers)
Storage
Text
ASCII
Transmission
Binary
Processing
Storage
Transmission
Processing
‘Internet-based cameras and gaming gear are not subject to security breaches.’
True
False
False
What vulnerability occurs when data is written beyond the memory areas allocated to an application?
Buffer overflow
Access control problems
Race conditions
Weaknesses in security practices
Non-validated input
Buffer overflow
An organization’s IT department reports that their web server is receiving an abnormally high number of web page requests from different locations simultaneously. What type of security attack is occuring?
Phising
Adware
Social engeering
DDoS
Spyware
DDoS
Which of the following are commonly used port scanning applications? (Select two correct answers)
Zenmap
Port number
Sequence number
Nmap
Zenmap
Nmap
What action will an IDS take upon detection of malicious traffic?
Block or deny all traffic
Create a network alert and log the detection
Drop only packets identified as malicious
Reroute malicious traffic to a honeypot
Create a network alert and log the detection
Which of the following statements best describes cybersecurity?
It is the name of a comprehensive security application for end users to protect workstations from being attacked
It is a standard-based model for developing firewall technologies to fight against cybercrime
It is a framework for security policy development
It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauhtorized use or harm
It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauhtorized use or harm
‘After a data breach, it’s important to educate employees, partners and customers on how to prevent future breaches.’
True
False
True
An employee points out a desig flaw in a new product to the department manager.
Ethical
Unethical
Ethical
‘Data coming into a program should be sanitized, as it could have malicious content, designed to force the program to behave in an unintended way.’ This statement describes what security vulnerability?
Weaknesses in security practices
Access control problems
Buffer overflow
Non-validated input
Race conditions
Non-validated input
Which of the following are examples of on-path attacks? (Choose two correct answers)
SEO poisoning
Man-in-the-Mobile
Ransomware
DDoS
Man-in-the-Middle
Worms
Man-in-the-Mobile
Man-in-the-Middle
Which of the following firewalls filters traffic based on application, program or service?
Context aware application firewall
Proxy server
Application layer firewall
Host-based firewall
Network layer firewall
Application layer firewall
A port scan returns a ‘closed’ response. What does this mean?
There was no reply from the host
A service is listening on the port
Connections to the port will be denied
Connections to the port will be denied
‘Cryptocurrency transactions are digital.’
True
False
True
What do you call a digital asset designed to work as a medium of exchange that uses strong encryption to secure a financial transaction?
Apple Pay
Google Pay
Near Field Communications
Cryptocurrency
Cryptocurrency
Which of the following tools used for incident detection can be used to detect anomalous behavior, command and control traffic, and detect infected hosts? (Choose two correct answers)
Intrusion detection system
Reverse proxy server
NetFlow
Nmap
Honeypot
Intrusion detection system
NetFlow
What name is given to a group of bots, connected through the Internet, with the ability to be controlled by a malicious individual or group?
Hacker network
Crime syndicate
Zombie
Botnet
Botnet
What is the best approach for preventing a compromised IoT device from maliciously accessing data and devices on a local network?
Install a software firewall on every network device
Place all IoT devices that have access to the Internet on an isolated network
Disconnect all IoT devices from the Internet
Set the security settings of workstation web browsers to a higher level
Place all IoT devices that have access to the Internet on an isolated network
What name is given to the emerging threat that hides on a computer or mobile device and uses that machine’s resources to mine cryptocurrencies?
Phishing
Bluejacking
Cryptoransomware
Cryptojacking
Cryptojacking
A port scan returns an ‘open’ response. What does this mean?
A service is listening on the port
Connections to the port will be denied
There was no reply from the host
A service is listening on the port
An employee is at a restaurant with friends and tells them about an exciting new video game that is under development at the organization they work for. Is this employee’s behavior ethical or unethical?
Ethical
Unethical
Unethical
‘An advanced persistent threat (APT) is usually well funded.’
True
False
True
In networking, what name is given to the identifier at both ends of a transmission to ensure that the right data is passed to the correct application?
IP address
Port number
MAC address
Sequence number
Port number
‘An employee does something as an organization representative with the knowledge of that organization and this action is deemed illegal. The organization is legally responsible for this action.’
True
False
True
What tool is used to lure an attacker so that an administrator can capture, log and analyze the behavior of the attack?
NetFlow
Honeypot
IDS
Nmap
Honeypot
‘A data breach does not impact the reputation of an organization.’
True
False
False
Which of the following certifications is aimed at high school and early college students, as well as anyone interested in a career change?
CompTIA Security+
Microsoft Technology Associate Security Fundamentals
ISACA CSX Cybersecurity Fundamentals
ISC2 Certified Information Systems Security Professional
EC Council Certified Ethical Hacker
Palo Alto Networks Certified Cybersecurity Associate
Microsoft Technology Associate Security Fundamentals
Which of the following firewalls filters traffic based on source and destination data ports and filtering based on connection states?
Network address translation firewall
Network layer firewall
Transport layer firewall
Application layer firewall
Host-based firewall
Transport layer firewall
Which of the following are categories of security measures or controls? (Choose three correct answers)
Firewalls
Guards
Camera
Policy and procedure
Technology
Awareness, training and education
Policy and procedure
Technology
Awareness, training and education
‘A botnet can have tens of thousands of bots, or even hundreds of thousands.’
True
False
True
For what purpose would a network administrator use the Nmap tool?
To protect the private IP addresses of internal hosts
To identify specific network anomalies
To detect and identify open ports
To collect and analyze security alerts and logs
To detect and identify open ports
Which of the following certifications does not expire or require periodic recertification and is geared towards post-secondary graduates and those interested in a career change?
EC Council Certified Ethical Hacker
ISACA CSX Cybersecurity Fundamentals
CompTIA Security+
Palo Alto Networks Certified Cybersecurity Associate
ISC2 Certified Information Systems Security Professional
Microsoft Technology Associate Security Fundamentals
ISACA CSX Cybersecurity Fundamentals
What type of attack uses zombies?
Spear phising
Trojan horse
DDoS
SEO poisoning
DDoS
What is the purpose of a backdoor?
To enable software vendors to update software
For government access
To gain unauthorized access to a system without normal authentication procedures
To allow developers to debug software
To gain unauthorized access to a system without normal authentication procedures
Which of the following firewalls filters ports and system service calls on a single computer operating system?
Network address translation firewall
Transport layer firewall
Host-based firewall
Network layer firewall
Application layer firewall
Host-based firewall
What type of attack disrupts services by overwhelming network devices with bogus traffic?
DDoS
Zero-day
Brute force
Port scans
DDoS
‘Cryptocurrencies are handled on a centralized exchange.’
True
False
False
Several @Apollo employees have reported that the network access is slow. After investigation, the network administrator has learned that one employee downloaded a third-party scanning program for the printer. What type of malware might have been introduced that is causing slow performance of the network?
Spam
Phishing
Worm
Virus
Worm
What is an example of cyber kill chain?
a planned process of cyber attack
a planned process of cyber attack
An organization’s process of identifying and assessing risk with the goal of reducing these threats to an acceptable level is known as what?
Business continuity
Disaster recovery
Risk management
Vulnerability
scanning
Risk management
An employee is laid off after fifteen years with the same organization. The employee is then hired by another organization within a week. In the new organization, the employee shares documents and ideas for products that the employee proposed at the original organization.
Is the employee’s behavior ethical or unethical?
Ethical
Unethical
Unethical
Which stage of the kill chain used by attackers focuses on the identification and selection of targets?
delivery
exploitation
weaponization
reconnaissance
reconnaissance
An employee does something as a company representative with the knowledge of that company and this action is deemed illegal. The company would be legally responsible for this action.
True
False
False
Which term describes the private browser mode for Google Chrome?
Private tab
Private browsing
Incognito
InPrivate
Incognito
What type of infiltration method allows attackers to quietly capture two-step verification SMS messages sent to users in a Man-in-the-Mobile (MITMO) attack?
Pretexting
Botnet
DoS
On-Path attack
On-Path Attack
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
availability
integrity
scalability
confidentiality
