NexGenT Cyber Security Flashcards
All of the following are examples of real security and privacy threats except: a. Hackers b. Virus c . Spam d. Worms
C – Spam is not an actual threat, only an annoyance. Most popular email
hosting services filter to a folder you do not see. Clicking on them does not
yield any malware or viruses either.
Malware is
a. Machine made
b. Bugs
c. Man made
d. All of the above
C – Malware is man made with malicious intent. As of now computers can
not program themselves to create malicious code.
Unsolicited commercial email is identified as
a. Spam
b. Spyware
c. Malware
d. Virus
A – Unsolicited email is known as spam. As discussed it is actually not
malware and causes no harm. Often times it’s just commercials for products.
Which of these is not a threat?
a. Adware
b. Trojan Horses
c. Pop Up Ads
d. Ransomware
C – Pop up ads are not an actual threat. While annoying they typically do
not cause any sorts of problems for your actual devices.
Which of the following is a class of computer threat?
a. DDoS Attack
b. Soliciting
c. Spamming
d. Phishing
D – Phishing is a class of computer threats. By far the most popular way to fool users. Typically this is used as an entry point for more malicious malware down the road.
Hacking a computer is illegal and punishable by law
a. True
b. False
A – True, Causing harm to another entities property is always a crime and
carries a severe punishment when caught.
A penetration tester ______
a. Is an Ethical Hacker
b. Identifies potential vulnerabilities
c. Reports mitigations
d. All of the above
D – All of the above. Penetration testers are ethical hackers who identifies
potential vulnerabilities and provides ways to fix them.
This type of security professional breaks down malware code to understand how it works a. CISO b. Penetration Tester c. Architect d. Reverse Engineer
D – Reverse Engineers are proficient and code and able to work their way
around and understand what makes an exploit work and disable them.
Dorking is a function of which tool?
a. Metasploit
b. Google
c. TraceRoute
d. All of the above
B – Dorking is done with Google, it’s an invaluable tool.
Nmap’s primary function is to
a. Find malware
b. Discover hosts on a network
c. Stop spam
d. None of the above
Nmap’s primary use is to ping all the devices on a network and map
them.
Encryption improves a computers a. Performance b. Longevity c . Reliability d. Security
D – Encryption is all about securing the data, that is the first and foremost goal
of any cryptographic scheme.
In a symmetric key encryption
a. only public keys are used for encryption
b. private and public keys are symmetric
c. one private key is used for encryption and decryption
d. None of the above
C – In Symmetric key encryption there is only 1 key that is used for both
encrypting and decrypting the data. While efficient and easy to implement, it is
not secure when dealing with a large volume of users.
In asymmetric key encryption if A wants to send an encrypted message
a. A encrypts with their private key
b. A encrypts with B’s private key
c. A encrypts using their public key
d. A encrypts with B’s public key
B – In order for B to be able to decrypt it has to be encrypted with their public
key in the first place. If it was encrypted with A’s public key, B would not be able to
decrypt it.
In asymmetric key encryption if B wants to decrypt A’s message
a. B decrypts with A’s public key
b. B decrypts with A’s private key
c. B decrypts with B’s public key
d. B decrypts with B’s private key
C – B would only be able to decrypt this with their own private key. Private keys
are never shared.
Hashing is a one way function
a. True
b. False
A – True – Hashing is designed to be a one way function, it is different from
typical encryption / decryption.
Which is the best use case for hashing?
a. Storing user passwords
b. Sending encrypted emails
c. Sharing keys
d. All of the above
A – Hashing is best used for user passwords. You do not want to be able to see
their actual text but at the same time would like to check if what is entered is
accurate. If it matches each time, then it is the correct password.
Salting hashed data makes it
a. Harder to crack
b. Easier to crack
c. A more compressed file
d. None of these
A – Salting hashed data makes it harder to crack, it adds in arbitrary values that
will be tougher for hackers to make sense of the data.
What is the most important factor of cryptographic algorithms?
a. How fast the process time is
b. Efficiency
c. Large key sizes so it’s tougher to crack
d. All of the above
C – Large key sizes are a very important factor. The goal is to make data as
secure as possible. Processing time and efficiency do not matter if the data can
not be secured.
You can derive a private key from a public key, and a public key from a
private key.
a. True
b. False
B – False. You can never derive keys from one another, makes them secure.
Which internet protocols utilize cryptography?
a. SSL
b. TLS
c. PKI
d. All of the above
D – All of the above. Cryptographic fundamentals are the basis for all secure
protocols on the internet.
When firewalls are placed in a network, which zone contains Internet-facing services?
a. Outside zone
b. Enterprise network zone
c. Demilitarized zone
d. Inside zone
C - Explanation: The demilitarized zone (DMZ) is where Internet-facing servers/services are placed
What is the reason firewalls are considered stateful?
a. Firewalls keep track of the zone states
b. Firewalls keep accounting on the state of packets
c. Firewalls track the state of a TCP conversation
d. Firewalls transition between defense states
C - Explanation: Firewalls keep track of the TCP conversation via the SYN-SYN/ACK-ACK three-way
handshake. This is done so that a DoS attack such as a SYN flood can be mitigated
What is a benefit of site-to-site IPSec VPNs?
a. Lower bandwidth requirements
b. Lower latency
c. Scalability
d. Support for multicast
C - Explanation: Site-to-site IPSec VPNs offer scalability as a benefit. This is because each remote
office only needs an Internet connection to create a VPN tunnel back to the main office
Which protocol does IPSec use to check integrity of data packets?
a. AH
b. ESP
c. IKE
d. ISAKMP
A - Explanation: IPSec uses the Authentication Header protocol to check data integrity. This is done
by creating a numerical hash of the data via SHA1, SHA2, or MD5 algorithms
WPA-Personal is also vulnerable. What is the biggest vulnerability it has?
a. Poor encryption strength
b. Weak passwords
c. Lengthy initialization vectors
d. MSCHAPv1 authentication
B - Explanation: The biggest vulnerability in WPA networks is weak passwords. While additional
recent vulnerabilities have been discovered, weak passwords remain the biggest problem for
WPA-Personal