Introduction to Cybersecurity Tools and Cyber Attacks Week Three

Question 1

Encrypting your email is an example of addressing which aspect of the CIA Triad?

Answer 1

Confidentiality

Question 2

You fail to backup your files and then drop your laptop breaking it into many small pieces. You have just failed to address which aspect of the CIA Triad?

Answer 2

Avaliability

Question 3

The use of digital signatures is an example of which concept?

Answer 3

Non-repudiation

Question 4

Trudy forwards a message from Alice to Bob, but changes the timestamp on Alice’s message before sending it to make it look like it came in later. This is a violation of which aspect of the CIA Triad?

Answer 4

Integrity

Question 5

Managers in the Singapore office at your company can access documents that managers in other offices cannot access, nor can non-manager employees in the Singapore office. Which two access criteria types were likely involved in setting this up?

Answer 5

Physical Location and Groups

Question 6

In incident management, an event that has a negative impact on some aspect of the network or data is called what?

Answer 6

Incident

Question 7

In incident management, a data inventory, data classification and data management process are part of which key concept?

Answer 7

E-Discovery

Question 8

Which phase of the Incident Response Process do steps like Identify cyber security incident, Define objectives and investigate situation and Take appropriate action fall into?

Answer 8

Phase 2: Respond

Question 9

In the context of security standards and compliance, which two of these items are goals of frameworks and best practices?

Answer 9

They help translate the business needs into technical or operational needs

They seek to improve performance, controls, and metrics

Question 10

A company document that says employees may not do online shopping while at work would be which of the following?

Answer 10

Policy

Question 11

Which three of these are compliance standards that must be adhered to by companies is some industries / countries?

Answer 11

SOX, PCI/DSS, and HIPPA

Question 12

A method of evaluating computer and network security by simulating an attack on a computer system or network from external or internal threats is know as which of the following?

Answer 12

A pentest

Question 13

The OWASP “Top 10” provides guidance on what?

Answer 13

The top 10 application vulnerabilities reported each year.

Question 14

Which two key components are part of incident response?

Answer 14

Response Team and Investigation

Question 15

Which is not part of the Sans Institutes Audit process?

Answer 15

Help to translate the business needs into technical or operational needs

Question 16

Which key concept to understand incident response is defined as “data inventory, helps to understand the current tech status, data classification, data management, we could use automated systems. Understand how you control data retention and backup.”

Answer 16

E-Discovery

Question 17

Which is not included as part of the IT Governance process?

Answer 17

Audits

Question 18

Trudy reading Alice’s message to Bob is a violation of which aspect of the CIA Triad?

Answer 18

Confidentiality

Question 19

A hash is a mathematical algorithm that helps assure which aspect of the CIA Triad?

Answer 19

Integrity

Question 20

A successful DOS attack against your company’s servers is a violation of which aspect of the CIA Triad?

Answer 20

Avaliability

Question 21

Which of these is an example of the concept of non-repudiation?

Answer 21

Alice sends a message to Bob and Bob knows for a certainty that it came from Alice and no one else.

Question 22

You have been asked to establish access to corporate documents in such a way that they can be read from anywhere, but only modified while the employees are in the office. Which 2 access criteria types were likely involved in setting this up?

Answer 22

Physical location and Transaction type

Question 23

In incident management, an observed change to the normal behavior of a system, environment or process is called what?

Answer 23

Event

Question 24

In incident management, tools like SIEM, SOA and UBA are part of which key concept?

Answer 24

Automated System

Question 25

Which phase of the Incident Response Process do steps like Carry out a post incident review and Communicate and build on lessons learned fall into?

Answer 25

Follow Up

Question 26

In the context of security standards and compliance, which two of these are considered normative and compliance items?

Answer 26

They serve as an enforcement mechanism for government, industry or clients.

They are rules to follow for a specific industry.

Question 27

A company document that details how an employee should request Internet access for her computer would be which of the following?

Answer 27

Procedure

Question 28

Which of these is a methodology by which to conduct audits?

Answer 28

OCTAVE

Question 29

Mile 2 CPTE Training teaches you how to do what?

Answer 29

Conduct a pentest