Quiz Questions Flashcards
Which of the following standards is most applicable to a company that utilizes any payment card for its operations?
PCI-DSS
What organizational plan is developed to deal with disasters and other difficult situations such as cyber-attacks, outages, or supply chain failures?
Business Continuity
What type of information could include addresses, date of birth, or social security numbers?
PII
Which of the choices below best describes an attack resulting from an unknown vulnerability exploit or a known vulnerability without a current patch?
Zero-day attack
The Risk Management Framework is a flexible risk-based approach that integrates security, privacy, and cyber supply chain risk management into the system development life cycle. Which phase of the framework involves determining the applicable controls needed to reduce business risk to an acceptable level?
Select
Which of the following is NOT considered a factor of risk?
Convenience because Cost, Mitigation and Threat are
What type of professional is hired by organizations to legally hack into their networks and identify weak entry points?
Ethical Hacker
Which organizational security team is responsible for providing security assessments outlining an organization’s system defense efficacy and resilience?
Red Team
What risk response or treatment approach has been adopted when an organization decides to purchase insurance?
Transfer
What achievement is proof of technical knowledge backed by an industry-standard provider such as Microsoft or CompTIA?
Certification
Which of the following is a Linux kernel-mode component?
Drivers
Which of the following is an identity associated with a session for proper access control?
User Account
What is the purpose of a Demilitarized Zone (DMZ)?
To separate internal networks from untrusted external traffic
Which of the following network attacks causes a service to fail by flooding the target with traffic?
Denial of Service DOS
Which control enables the creation of rules that allow or block traffic?
iptables
Which network infrastructure type connects users and end devices located in a small area such as an office building?
Local Area Network (LAN)
Which state of data represents data that are actively being used?
Data in use
Which of the following can be accomplished using a firewall?
Monitoring and filtering network traffic
Which Linux distro is specifically packaged for information security tasks such as security research or penetration testing?
Kali
What is the first step to take when hardening a Linux system?
Determine server purpose and requirements
Which is a likely cause of the continued issues related to the EternalBlue common vulnerabilities and exposures (CVE)?
Poor patch management
Which term best describes actions taken to increase infrastructure security?
Hardening
What is a true statement about the Windows Operating System?
It has a folder-based file system
Which term refers to the idea of moving security earlier in the Secure Software Development Lifecycle (SSDLC) to avoid downstream bugs and vulnerabilities?
Shift Left
What is the Open Web Application Security Project (OWASP)?
A community-driven organization focused on application security
Which term is the input vehicle for a server-side request forgery (SSRF) attack?
User-supplied URL
What is application fuzzing?
Automated data is injected into an app to test response and security.
Which term best describes the main attack method used in the SolarWinds attack?
Supply-chain attack
Which paired term is the primary security control deployed during the Identify and Plan stages of the SSDLC?
Communication and review
Which duty is the primary focus of data loss prevention (DLP)?
Preventing unauthorized sharing of privileged information
What type of hacker breaks into organization for personal gain?
Unethical hacker
What type of attack uses links in an email?
Phishing
Which type of network, below is a the internet considered to be?
WAN
Which attack involves sniffing data between two or more computers?
On-Path
Reviewing systems for possible weakness is called?
Vulnerability assessment
Select all that are involved in risk calculations
Risk Threat + Asset =Vulnerability
Which of the following is a type of antivirus?
ClamAV
What part of the CIA triad ensures that data hasn’t changed in transit?
Integrity
The primary use for NMAP tool is to scan network computers?
True
What type of team would a SOC analyst belong to?
Blue Team
Which government agency is part of DHS?
CISA
What tool can be used for password cracking?
Hydra
True or false OWASP is a government agency?
False they are non-profit
Multiple controls to protect an asset is called?
Defense in Depth
SSDLC involves?
Applications
Testing of code for constant improvement is called?
Shift Left
How would you harden a Linux server?
Remove unnecessary services
What does a firewall do?
Inspects and filters incoming traffic
What type of attack is based on a vendor’s equipment?
Supply Chain attack
The primary purpose of a router is?
Allow separate networks to communicate
What is one of the leading causes of KNOWN vulnerabilities being exploited?
Poor patch management
The most powerful account in Linux is?
Root
Something used to show potential employers your IT knowledge?
Certifications
VPN is used to secure data at rest?
False it secures data in transit
Which regulation involves software for medical use?
HIPPA
What does DLP stand for?
Data Loss Prevention
With proper planning, all vulnerabilities can be eliminated?
False
When hackers exploit a new software vulnerability it is know as?
Zero-day
What is network segmentation?
Dividing the network into multiple zones
SQL injection involves?
A database and a website
