Lesson 1

Question 1

confidentiality

Answer 1

A cybersecurity objective that ensures unauthorized individuals are not able to gain access to sensitive information.

Question 2

network access control (NAC)

Answer 2

The collected protocols, policies, and hardware that govern access on a device’s network interconnections.

Question 3

advanced persistent threat (APT)

Answer 3

A threat actor who gains unauthorized access to a computer network and remains undetected for an extended period.

Question 4

risk

Answer 4

A probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities.

Question 5

threat

Answer 5

An outside force that may exploit a vulnerability.

Question 6

vulnerability

Answer 6

A weakness in a device, a system, an application, or a process that might allow an attack to occur.

Question 7

integrity

Answer 7

A cybersecurity objective that ensures there are no unauthorized modifications to information or systems, which can be either intentionally or unintentionally.

Question 8

availability

Answer 8

A cybersecurity objective that ensures information and systems are accessible to authorized users at all times.

Question 9

sandboxing

Answer 9

A cybersecurity practice where you run, observe, and analyze and code in a safe and isolated environment on a network, called “sandbox”, that isolates the host machine from the potentially malicious program or unsafe code.

Question 10

demilitarized zone (DMZ)

Answer 10

A special network zone designed to house systems that receive connections from the outside world

Question 11

A threat actor who gains unauthorized access to a computer network and remains undetected for an extended period.

Answer 11

advanced persistent threat (APT)

Question 12

The collected protocols, policies, and hardware that govern access on a device’s network interconnections.

Answer 12

network access control (NAC)

Question 13

A special network zone designed to house systems that receive connections from the outside world

Answer 13

demilitarized zone (DMZ)

Question 14

The pentbox cd pentbox-1.8/

Answer 14

is an open-source security suite that houses many security and stability testing-oriented tools for networks and systems.

Question 15

iptables is a command-line interface that is used

Answer 15

to set up and maintain tables for the Netfilter firewall for IPv4, which is included in the Linux kernel.

Question 16

web application firewalls (WAFs)

Answer 16

WAFs are specialized firewalls designed to protect against web application attacks, such as SQL injection and cross-site scripting.

Question 17

Any device that wishes to join an 802.1x authentication must be running an 802.1x

Answer 17

supplicant that can communicate with the authenticator before joining the wireless network.

Question 18

The Remote Access Dial-In User Service (RADIUS) protocol is an authentication protocol used for communications

Answer 18

between authenticators and the authentication server during the 802.1x authentication process

Question 19

The red team plays the role of the

Answer 19

attacker and uses reconnaissance and exploitation tools to attempt to gain access to the protected network. The red team’s work is similar to that of the testers during a penetration test.

Question 20

The blue team is responsible for

Answer 20

securing the targeted environment and keeping the red team out by building, maintaining, and monitoring a comprehensive set of security controls.

Question 21

The white team

Answer 21

coordinates the exercise and serves as referees, arbitrating disputes between the team, maintaining the technical environment, and monitoring the results.

Question 22

Operational security controls are practices and procedures that bolster cybersecurity.

Answer 22

A penetration test is an example of operational security control.

Question 23

Encryption software, network firewalls, and antivirus software are all examples of

Answer 23

technical security controls.