quiz1

Question 1

Security is:
To be free from ____

Answer 1

danger

Question 2

As security is increased, ____ is often decreased

Answer 2

convenience

Question 3

There are three types of information protection (often called the CIA Triad)
___
___
___

Answer 3

Confidentiality - only approved individuals may access information

integrity - ensures information is correct and unaltered

Availability - ensures information is accessible to authorized users

Question 4

A ___ ___ is an individual or entity responsible for cyber incidents against the
technology equipment of enterprises and users

Answer 4

threat actor
or attacker

Question 5

three types of hackers

Answer 5

black hat hacker
white hat hacker
grey hat hacker

Question 6

____ ____ are individuals who want to
perform attacks, yet lack technical knowledge
to carry them out

Answer 6

script kiddies

Question 7

Individuals that are strongly motivated by ideology (for the sake of their principles or beliefs)
are ____

Answer 7

hacktivists

Question 8

Governments are increasingly employing their own state-sponsored attackers for launching
cyberattacks against their foes
these are __ __

Which type of threat actor is often involved in multiyear intrusion campaigns targeting highly
sensitive economic, proprietary, or national security information?

Answer 8

state actors
The attacks are targeted at foreign governments and state
infrastructures with the goal of gaining a competitive advantage on the world stage or
in an actual warfare situation.

Question 9

what is apt

Answer 9

advanced persistent threat

Question 10

Employees, contractors, and business partners can pose an ___ ___ of manipulating
data from the position of a trusted employee

Answer 10

insider threat

Question 11

One of the most successful types of attack is ___ ___
it does not even exploit ___ ___

Answer 11

social engineering
technological vulnerabilities

Question 12

Cybersecurity vulnerabilities can be categorized into
__
__
__
__
__

Answer 12

platforms,
configurations,
third parties,
patches,
zero-day vulnerabilities

Question 13

vulnerabilities - platforms
3 platforms with vulnerabilities

Answer 13

legacy platforms
on-premises platforms
cloud platforms

Question 14

vulnerabilities - third parties
One of the major risks of third-party system integration involves the principle of the

Answer 14

weakest link

Question 15

vulnerabilities - patches

Answer 15

firmware, application software, OS

Question 16

An ___ ___ is a pathway or avenue used by a threat actor to penetrate a system

categories

Answer 16

Attack vector

• Email
• Wireless
• Removable media
• Direct access
• Social media
• Supply chain
• Cloud

Question 17

___ ___is a means of eliciting information (gathering data) by relying on the
weaknesses of individuals

Answer 17

social engineering

Question 18

social engineering psychological approaches often include:

___ is masquerading as a real or fictitious character and then playing the role
of that person with a victim

___ is sending an email message or displaying a web announcement that falsely
claims to be from a legitimate enterprise in an attempt to trick the user into surrender
private information or taking action

Answer 18

impersonation

Phishing

Question 19

variations of phishing attacks (4)

Answer 19

spear phishing
whaling
vishing
smishing

Question 20

social engineering psychological approaches often include:

___ is when an attacker directs a user to a fake lookalike site filled with ads for
which the attacker receives money for traffic generated to the site

__ is unsolicited email that is sent to a large number of recipients

Answer 20

redirection

spam

Question 21

___ is Attackers purchase fake sites because the domain names of sites are spelled
similarly to actual sites

Answer 21

typo squatting

Question 22

____ is the attacker attempts to exploit
how a URL is converted into its corresponding IP address

Answer 22

pharming

Question 23

T/F
image spam cannot be filtered

Answer 23

T

Question 24

___ is spam delivered through instant messaging (IM) instead of email

Answer 24

spim

Question 25

___ are false warnings, often contained in an email message claiming to come from
the IT department

Answer 25

Hoaxes

Question 26

A ___ ___ ___ is directed toward a smaller group of specific individuals

Answer 26

watering hole attack (social engineering)

Question 27

___ ___ take advantage of user actions that can result in compromised security

Answer 27

physical attacks (is social engineering)

Question 28

Types of physical attacks

___ ___ involves digging through trash receptacles to find information that can
be useful in an attack

___ occurs when an authorized person opens an entry door, one or more individuals can follow behind and also enter

___ ___ allows an attacker to casually observe someone entering secret
information, such as the security codes on a door keypad

Answer 28

dumpster diving
tailgating
shoulder surfing

these are social engineering

Question 29

what is google dorking

Answer 29

electronic version of dumpster diving where you search for documents and data online that could be used in an attack

Question 30

what is zero day

Answer 30

Zero day attacks are attacks on vulnerabilities in software systems that are
discovered by threat actors before the system developers can issue a patch to
correct the vulnerability.

Question 31

impacts of attacks

__ _
__ __: stealing data to distribute it to other parties

__ __: stealing data to disclose it in an unauthorized fashion

__ __: taking personally identifiable information to impersonate someone

Answer 31

data loss
data exfiltration
data breach
identity theft

Question 32

Impacts of attacks
effects on the enterprise
__ __: the attack may make systems inaccessible

__ __: This results in lost productivity

__: Attacks may effect the public perception of the enterprise

Answer 32

availability loss
financial loss
reputation

Question 33

penetration testing
involves
Defining ____ and ___should be conducted

• Examining who should perform the tests and the rules for ____
• Knowing __ __ __ a penetration test

Answer 33

Defining what it is and why such a test should be conducted

• Examining who should perform the tests and the rules for engagement
• Knowing how to perform a penetration test

Question 34

defining penetration test
penetration test attempt to exploit vulnerabilities in order to help
- __ __ __
- provide a clearer picture of their ___
- determine how they could __ __ __ __ __

Answer 34

uncover new vulnerabilities

nature

be used against the organization

Question 35

A scan of network defenses usually finds only ___ ___ to be addressed

Answer 35

surface problems

Question 36

who should perform the penetration test

__ __ __: (pros)little are no additional cost, quick, training
(cons) inside knowledge, lack of expertise, reluctance to reveal

__ __ __ __: (pros) expertise, credentials, experience, focus
(cons) contractor has sensitive info

__ __ __: ___ __, faster testing ability to rotate teams, multiple at once

Answer 36

internal security personnel

external pen tester consultants

crowdsourced pen testers, bug bounty

Question 37

rules of engagement
___: sets when the testing will occur

___: involves several elements that define the relevant test boundaries: environment, internal targets, external targets, other boundaries

___: is the receipt of prior written approval to conduct the pen test

__: in a pen test should be part of the scope that is discussed in the
planning stages

__: should __ with the organization during the following occasions:
* Initiation
* Incident response
* Status
* Emergency

__: everything related to the pen test has been remove

__: Once the pen test is completed, a __ should be generated to document its objectives,
methods used, and results
* The __ should be divided into two parts:
* An executive summary designed for a less technical audience
* A more technical summary written for security professionals

Answer 37

timing
scope
authorization
exploitation
communication
cleanup
reporting

Question 38

performing a penetration test
A variety of actions take place when performing a pen test, however, they can be grouped
into two phases:

The first task is to perform preliminary information gathering from outside the
organization (called ___)

_____ ( two types)
1. ___ involves directly probing for vulnerabilities and useful information
2. _____ occurs when the tester uses tools that do not raise any
alarms
____

Answer 38

footprinting

Reconnaissance
- active
- passive
* Penetration

Question 39

A pen test is intended to simulate the actions of a ___ ___

Answer 39

threat actor

Question 40

___ ___ is searching for wireless signals from an automobile or on foot while using a portable device

Answer 40

war driving

Question 41

___ ___ uses drones, which are officially known as unmanned aerial vehicles
(UAVs)

Answer 41

war flying

Question 42

what does OSINT stand for

Answer 42

open source intelligence

Question 43

When a vulnerability is discovered, the pen tester must determine how to ___ __ ___ __using another vulnerability to continue moving toward the
target

Answer 43

pivot/turn to another system

Question 44

__ __ in some ways complements pen testing

Answer 44

Vulnerability scanning in some ways complements pen testing

Question 45

A _________ ____ is a frequent and ongoing process that continuously identifies
vulnerabilities and monitors cybersecurity progress

Answer 45

A vulnerability scan

Question 46

Conducting a vulnerability scan involves:
* Knowing __ __ __ and __ __
* Selecting a __ __ __
* Interpreting ____ ____

Answer 46

Conducting a vulnerability scan involves:
* Knowing what to scan and how often
* Selecting a type of scan
* Interpreting vulnerability information

Question 47

When and What to Scan
* Two primary reasons for not conducting around-the-clock vulnerability scans:
_____ ____
_____ ___

Answer 47

• Workflow interruptions
• Technical constraints

Question 48

Two data management tools are used for collecting and analyzing vulnerability scan data:
___
___

Answer 48

SIEM
SOAR

Question 49

SIEMS can also perform ___ ___, which is the process of computationally
identifying and categorizing opinions to determine the writer’s attitude toward a particular
topic

Answer 49

sentiment analysis

Question 50

___ ___ is proactively searching for cyber threats that thus far have gone undetected in a network

investigation often use crowdsourced data such as:
___ and ___
___ ___ feeds

info from a ___ __

Answer 50

threat hunting

advisories and bulletins
threat feeds
fusion center

Question 51

features of SIEM

Answer 51

aggregation
correlation
automated alerting and triggers
time synchronization
event duplication
logs

Question 52

A cybersecurity ____ is a series of documented processes used to define policies
and procedures for implementing and managing security controls in an enterprise
environment

Answer 52

framework

Question 53

Industry ____ are typically developed by established professional organizations or
government agencies using the expertise of seasoned security professionals

Answer 53

regulations

Question 54

A cybersecurity ___ is a document approved through consensus by a recognized standardization
body

Answer 54

standard

Question 55

cybersecurity ___/__ ___ __ are usually distributed by hardware
manufacturers and software developers

Answer 55

Benchmark/secure configuration guides

Question 56

___ is software that enters a computer system without the user’s knowledge or consent
and then performs an unwanted and harmful action

Answer 56

Malware

Question 57

Types of malware that imprisons are
___: prevents a user’s endpoint device from properly and fully functioning until
a fee is paid

and
___: is a type of malware that imprisons users and encrypts all files on the
device so that none of them can be opened, cost increases

Answer 57

ransomware and cryptomalware

Question 58

Malware that infects a computer to launch attacks on other computers include

____

___: is a malicious program that uses a computer network to replicate (sometimes
called a network virus)

___: Another type of malware allows the infected computer to be placed under the remote
control of an attacker for the purpose of launching attacks

Answer 58

virus, worm ,bot

Question 59

two types of viruses

____ virus: is malicious code that is attached to a file that reproduces itself on the same computer without any human intervention

___: does not attach itself to a file but instead takes advantage of native services
and processes that are part of the OS to avoid detection and carry out its attacks

Answer 59

file based

fileless

Question 60

two common types of snooping malware

___: is tracking software that is deployed without the consent or control of the user

___: silently captures and stores each keystroke that a user types on the
computer’s keyboard

Answer 60

spyware

keylogger

Question 61

Deceive

A ___ is software that the user does not want on their computer

___: is an executable program that masquerades as performing a benign
activity but also does something malicious

Answer 61

pup (potentially unwanted program)

trojan

Question 62

A ___ has the basic functionality of a Trojan but also gives the threat agent unauthorized
remote access to the victim’s computer by using specially configured communication
protocols

Answer 62

RAT (remote access trojan)

Question 63

evade
This category of malware attempts to help malware or attacks evade detection

___: gives access to a computer, program, or service that circumvents any
normal security protections

__ __: is computer code that is typically added to a legitimate program but lies
dormant and evades detection until a specific logical event triggers it

___: is malware that can hide its presence and the presence of other malware on the
computer

Answer 63

backdoor

logic bomb

rootkit

Question 64

What is the primary action that cryptomalware performs?
a. Imprison
b. Launch
c. Snoop
d. Deceive

Answer 64

imprison

Question 65

____ ___: Another category of attacks look for vulnerabilities in applications or manipulate applications
in order to compromise them

Common targets of attackers using application attacks are Internet web server

Answer 65

application attacks

Question 66

scripting
In a ___ ___ ___ (XSS) attack, a website that accepts user input without validating
it and uses that input in a response can be exploited
* An attacker can take advantage in an XSS attack by tricking a valid website into feeding a
malicious script to another user’s web browse

Answer 66

cross site scripting

Question 67

Attacks called ____ introduce new input to exploit a vulnerability

most common:

Answer 67

injections
sql injection

Question 68

request forgery is a: ____

two types:
_____ : takes advantage of an authentication “token” that a website sends to a user’s web
browser
___: takes advantage of a trusting relationship between web servers
- exploit how a web server processes external information received from
another server

Answer 68

request that has been fabricated

cross site request forgery (CSFR)

Server site request forgery (SSRF)

Question 69

____ ___are commonly used against digital identities

Answer 69

replay attacks

Question 70

Other attacks are directly focused on vulnerabilities in the software applications
* These include:

___ __: are called resource exhaustion attacks because they
“deplete” parts of memory and thus interfere with the normal operation of the program in
RAM.

a ____ overflow attack occurs when a process attempts to store data in RAM beyond
the boundaries of a fixed-length storage buffer

a ___ overflow attack: an attacker changes the value of a variable to something
outside the range that the programmer had intended by using an integer overflow

___ ___ __: Some attacks are the result of poor coding on the part of software developers
* Software that allows the user to enter data but has improper input handling features
does not filter or validate user input to prevent a malicious action

attacks on __ __ __

Answer 70

memory vulnerabilities
- buffer overflow attack
- integer overflow attack

improper exception handling

attacks on external software components

Question 71

which type of application attack might use the following syntax:
‘whatever’ AND email IS NULL

a. Cross-site scripting
b. Client-side request forgery
c. SQL injection
d. Buffer overflow

Answer 71

c

Question 72

The prime advantages of using AI to combat threats are
___ ___
and
greater ___ in __

Answer 72

continual learning and greater speed in response

Question 73

Risks associated with using AI and ML are called __ __ __

risk 1. ____ of ML algorithms

risk 2. ___ training data for Ml

Answer 73

adversarial artificial intelligence

security

tainted