Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BYU-i CIT270 2021 > Module 1 > Flashcards

Module 1 Flashcards

1
Q

After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered?

  • Security administrator
  • Security technician
  • Security officer
  • Security manager
A

Security manager

The security manager reports to the CISO and supervises technicians, administrators, and security staff.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is FALSE about the CompTIA Security+ certification?

  • The Security+ certification is a vendor-neutral credential.
  • Security+ is one of the most widely acclaimed security certifications.
  • Security+ is internationally recognized as validating a foundation level of security skills and knowledge.
  • The Security+ certification is a vendor-neutral credential.
    • Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
A

Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.

The value for an IT professional who holds a CompTIA security certification is significant. On average, an employee with a CompTIA certification will command a salary that is between 5 to 15 percent higher than their counterparts with similar qualifications but lacking a certification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is TRUE regarding the relationship between security and convenience?

  • Security and convenience are equal in importance.
  • Security is less important than convenience.
  • Security and convenience are inversely proportional.
  • Security and convenience have no relationship.
A

Security and convenience are inversely proportional. The relationship between these two is inversely proportional so that as security is increased, convenience is decreased

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the term used to describe the connectivity between an organization and a third party?

  • Network layering
  • System integration
  • Resource migration
  • Platform support
A

System integration
Almost all third parties today require that they can access the organization’s computer network. This gives these external entities the ability to perform their IT-related functions (such as outsourced code development) and even do basic tasks such as submitting online invoices. This connectivity between the organization and the third party is known as system integration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.

  • through a long-term process that results in ultimate security
  • through products, people, and procedures on the devices that store, manipulate, and transmit the information
  • using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources
  • on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network
A

-through products, people, and procedures on the devices that store, manipulate, and transmit the information
The products, people, and procedures on the devices that store, manipulate, and transmit the information provide the security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In an interview, the interviewer introduced the following scenario:
An enterprise is hosting all its computing resources on a cloud platform, and you need to identify which vulnerability is most likely to occur.

Which of the following should you choose?

  • Zero-day vulnerability
  • Configuration vulnerability
  • Physical access vulnerability
  • Third-party vulnerability
A

-Configuration vulnerability
Misconfiguration vulnerabilities are often found in cloud platforms, as company personnel responsible for securing the platform might improperly configure the resources, resulting in a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Zero-day vulnerabilities and configuration vulnerabilities can heavily impact a system if exploited. How should you differentiate between a zero-day vulnerability and a configuration vulnerability?

  • A zero-day vulnerability is an easily fixable vulnerability recognized by a software developer, whereas a configuration vulnerability is a major vulnerability present in a system exploited by a threat actor before the software developer can fix it.
  • A zero-day vulnerability results from improper hardware configurations, whereas a configuration vulnerability results from improper software configuration.
  • A zero-day vulnerability results from users improperly configuring software, whereas a configuration vulnerability results from the developers improperly configuring the software.
  • A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software.
A

A zero-day vulnerability is an unknown vulnerability in released software that is found and exploited by a threat actor, whereas a configuration vulnerability is caused by improper settings in hardware or software.

A zero-day vulnerability is uncovered first by threat actors, who exploit it to penetrate systems. A configuration vulnerability occurs when a user misconfigures the system or fails to configure it past the default settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Social engineering is a means of eliciting information by relying on the weaknesses of individuals. How should you differentiate between the social engineering techniques of phishing and pharming?

  • Phishing involves digging through trash receptacles to find information that can be useful in an attack, whereas pharming involves sending millions of unsolicited emails to a large volume of users.
  • Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP.
  • Phishing involves sending millions of generic email messages to a large volume of users, whereas pharming targets specific users by sending emails customized to the recipients, including their names and personal information.
  • Phishing involves sending customized emails to recipients, including their names and personal information, to make the message appear legitimate, whereas pharming is a variant of phishing that specifically targets wealthy individuals or senior executives within a business.
A

Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise, whereas pharming is a redirection technique that attempts to exploit how a URL is converted into its corresponding IP.
Correct. Phishing involves sending an email message or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information or taking action. Pharming is a redirection technique that attempts to exploit a URL by converting its corresponding IP address. A threat actor may install malware on a user’s computer that redirects traffic away from its intended target to a fake website instead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which issue can arise from security updates and patches?

  • Difficulty resetting passwords
  • Difficulty patching firmware
  • Difficulty updating settings
  • Difficulty installing databases
A

Difficulty patching firmware

Updating firmware to address a vulnerability can often be difficult and requires specialized steps. Furthermore, some firmware cannot be patched.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A federal appeals court recently made a judgment that caused significant public outrage. Soon after the ruling, the court’s website was hacked, and the content was replaced with the text “Equal justice for all.”

Which of the following type of threat actors attacked the court’s site?

  • Insiders
  • State actors
  • Cyberterrorists
  • Hacktivists
A

Hacktivists are individuals who attack a computer system or network for socially or politically motivated reasons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is the most common method for delivering malware?

  • Social media
  • Email
  • Identity theft
  • Removable media
A

Email

Almost 94 percent of all malware is delivered through email to an unsuspecting user. The goal is to trick the user into opening an attachment that contains malware or click a hyperlink that takes the user to a fictitious website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Attackers have taken over a site commonly used by an enterprise’s leadership team to order new raw materials. The site is also visited by leadership at several other enterprises, so taking this site will allow for attacks on many organizations.

Which type of malicious activity is this?

  • Spear phishing
  • Vishing
  • Hoax
  • Watering hole
A

Watering hole

A watering hole attack is directed towards a smaller group of specific individuals, such as the top executives working for a manufacturing company. These executives all tend to visit a common website, such as a parts supplier to the manufacturer. An attacker who wants to target this group of executives tries to determine the common website they frequent and then infects it with malware that will make its way onto the group’s computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Threat actors focused on financial gain often attack which of the following main target categories?

  • Social media assets
  • REST services
  • Product lists
  • Individual users
A

Individual users

This category focuses on individuals as the victims. Threat actors steal and use data, credit card numbers, online financial account information, or social security numbers or send millions of spam emails to peddle counterfeit drugs, pirated software, fake watches, and pornography to profit from their victims.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your enterprise has played fast and loose with customer information for years. While there has been no significant breach of information that could damage the organization and/or their customers, many in the enterprise feel it is only a matter of time before a major leak occurs.

Which type of threat actor is an employee who wishes to personally ensure that the enterprise is exposed and blocked from accessing their customers’ information until they ensure more secure protocols?

Hacktivist
Script kiddy
Insider
State actor

A

Hacktivist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is an attack vector used by threat actors to penetrate a system?

  • Email
  • Phishing
  • Intimidation
  • Urgency
A

Email

Almost 94 percent of all malware is delivered through email to an unsuspecting user. The goal is to trick the user into opening an attachment that contains malware or click on a hyperlink that takes the user to a fictitious website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?

a. Cyberterrorists
b. Competitors
c. Brokers
d. Resource managers

A

c. Brokers

17
Q

Which of the following is not a recognized attack vector?

a. Supply chain
b. Social media
c. On-prem
d. Email

A

c. On-prem

18
Q

Which of the following is not an issue with patching?

a. Difficulty patching firmware
b. Few patches exist for application software
c. Delays in patching OSs
d. Patches address zero-day vulnerabilities

A

d. Patches address zero-day vulnerabilities

19
Q

What is an objective of state-sponsored attackers?

a. To right a perceived wrong
b. To amass fortune over of fame
c. To spy on citizens
d. To sell vulnerabilities to the highest bidder

A

c. To spy on citizens

20
Q

What is an objective of state-sponsored attackers?

a. To right a perceived wrong
b. To amass fortune over of fame
c. To spy on citizens
d. To sell vulnerabilities to the highest bidder

A

c. To spy on citizens

21
Q

Which tool is most commonly associated with state actors?

a. Closed-Source Resistant and Recurrent Malware (CSRRM)
b. advanced persistent threat (APT)
c. Unlimited Harvest and Secure Attack (UHSA)
d. Network Spider and Worm Threat (NSAWT)

A

b. advanced persistent threat (APT)

22
Q

How do vendors decide which should be the default settings on a system?

a. Those that are the most secure are always the default settings.
b. There is no reason specific default settings are chosen.
c. Those settings that provide the means by which the user can immediately begin to use the product.
d. The default settings are always mandated by industry standards.

A

c. Those settings that provide the means by which the user can immediately begin to use the product.

23
Q

Which of the following is not a reason a legacy platform has not been updated?

a. Limited hardware capacity
b. An application only operates on a specific OS version
c. Neglect
d. No compelling reason for any updates

A

d. No compelling reason for any updates

24
Q

Which of the following groups use advanced persistent threats?

a. Brokers
b. Criminal syndicates
c. Shadow IT
d. State actors

A

d. State actors

25
Q

Which of the following groups have the lowest level of technical knowledge?

a. Script kiddies
b. Hacktivists
c. State actors
d. Insiders

A

a. Script kiddies

26
Q

Which of the following ensures that only authorized parties can view protected information?

a. Authorization
b. Confidentiality
c. Availability
d. Integrity

A

b. Confidentiality

27
Q

Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization?

a. Black hat hackers
b. White hat hackers
c. Gray hat hackers
d. Red hat hackers

A

b. White hat hackers

28
Q

Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks were mainly for what purpose?

a. Fortune
b. Fame
c. Financial gain
d. Personal security

A

b. Fame

29
Q

Which of the following is not true regarding security?

a. Security is a goal.
b. Security includes the necessary steps to protect from harm.
c. Security is a process.
d. Security is a war that must be won at all costs.

A

d. Security is a war that must be won at all costs.

30
Q

Which of the following is not used to describe those who attack computer systems?

a. Threat actor
b. Hacker
c. Malicious agent
d. Attacker

A

b. Hacker

31
Q

Which of the following of the CIA Triad ensures that information is correct, and no unauthorized person has altered it?

a. Confidentiality
b. Integrity
c. Availability
d. Assurance

A

b. Integrity

BYU-i CIT270 2021 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions