Updated - INFO 310 FINAL

Question 1

Protection of Assets, Prevention Detection, and Recovery

Answer 1

Goal of Cybersecurity

Question 2

confidentiality, Integrity, Availability.

Answer 2

CIA

Question 3

the concealment of information or resources

Answer 3

Confidentiality (CIA)

Question 4

the trustworthiness of data or resources

Answer 4

Integrity (CIA)

Question 5

the ability to use information or resources

Answer 5

Availability (CIA)

Question 6

Deception, Disruption, Disclosure, Usurpation

Answer 6

Categories of Threats

Question 7

The acceptance of false data

Answer 7

Deception (Category of threat)

Question 8

the interruption or prevention of correct operation

Answer 8

Disruption (Category of threat)

Question 9

The unauthorized access to information

Answer 9

Disclosure (Category of threat)

Question 10

the unauthorized control of some part of a system

Answer 10

Usurpation (Category of threat)

Question 11

the unauthorized interception of information, is a form of disclosure

Answer 11

Snooping or eavesdropping (Type of threat)

Question 12

an unauthorized change of information is a form of usurpation, deception, and disclosure.

Answer 12

Modification or alteration (Type of threat)

Question 13

an impersonation of one entity by another, is a form of both deception and usurpation.

Answer 13

Masquerading or spoofing (Type of threat)

Question 14

a false denial that an entity sent (or created) something, is a form of deception.

Answer 14

Repudiation of origin

Question 15

a false denial that an entity received some information or mes- sage, is a form of deception

Answer 15

Denial of receipt

Question 16

a temporary inhibition of a service, is a form of usurpation, al- though it can play a supporting role in deception.

Answer 16

Delay

Question 17

a long-term inhibition of service, is a form of usurpation often also used as a mechanism of deception.

Answer 17

Denial of service

Question 18

Asset, Threat, Vulnerability, Risk

Answer 18

The Core of Cybersecurity

Question 19

People, property, and information of value

Answer 19

Asset

Question 20

Anything that can exploit a vulnerability, intentionally or acciden- tally, and obtain, damage, or destroy an asset.

Answer 20

Threat

Question 21

Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.

Answer 21

Vulnerability

Question 22

The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.

Answer 22

Risk

Question 23

Asset + Threat + Vulnerability = Risk.

Answer 23

Formula for calculating risk

Question 24

Any cipher based on substitution, using multiple substitution alphabets.

Answer 24

Polyalphabetic Ciphers

Question 25

message wrapped around a rod of a certain size then can be read.

Answer 25

Scytale Encryption

Question 26

A method of encryption by which the positions held by units of plaintext […] are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.

Answer 26

Transposition Ciphers

Question 27

The study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers.

Answer 27

Frequency Analysis

Question 28

s the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives.

Answer 28

Social Engineering

Question 29

The practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.

Answer 29

Phishing (SE)

Question 30

The practice of eliciting information or attempting to influence action via the telephone, may include such tools as phone spoofing.

Answer 30

Vishing (SE)

Question 31

The practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system

Answer 31

Impersonation (SE)

Question 32

· Ensures Authentication · Ensures Non-Repudiation · Ensures Confidentiality · Ensures Integrity

Answer 32

Properties of encryption

Question 33

Uses a single key for both encryption and decryption

Answer 33

Secret Key Cryptography (SKC) (AKA Symmetric Encryption)

Question 34

Uses one key for encryption and another for decryption

Answer 34

Public Key Cryptography (PKC) (AKA Asymmetric Encryption)

Question 35

Uses a mathematical transformation to create a digital fingerprint or message digest

Answer 35

Hash Functions (AKA Checksum)

Question 36

Physical, Link, Network, Transport, and Application

Answer 36

The Layers of the Internet Protocol Model

Question 37

Wire, open air, optic fibers

Answer 37

Physical layer IPM

Question 38

Ethernet, Wifi, 4G

Answer 38

Link layer IPM

Question 39

Internet protocol, inter control ICMP (nter Control Messaging Protocol)

Answer 39

Network layer IPM

Question 40

Transmission Control Protocol (TCP) User Datagram Protocol (UDP)

Answer 40

Transport Layer (IPM)

Question 41

Email > Simple Mail Transfer Protocol (SMTP) - Websites
>
HyperText Transfer Protocol (HTTP) -
File Sharing
>
File Transfer Protocol (FTP)
>
Server Message Block (smb)

Answer 41

Application Layer IPM

Question 42

public domain on the internet. Created by Internet Service Providers (ISP) to connect to other ISPs around the world. Creates the internet.

Answer 42

Public IP

Question 43

private to a Local Area Network (LAN). They are assigned in a LAN by the Dynamic Host Configuration Protocol (DHCP).

Answer 43

Private IP

Question 44

it is a unique identifier. It has two components: the network address and the host address. A subnet mask then sep- arates the IP address into network and host addresses.

Answer 44

Internet Protocol (IP) Address

Question 45

the process of verifying that an individual, entity or website is who it claims to be. This in the context of web applications is commonly performed by submitting a username or ID and one or more items of private information that only a given user should know

Answer 45

Authentication

Question 46

An attestation of identity, qualification, competence, or authority issued to an individual by a third party

Answer 46

Credential

Question 47

sequence of network HTTP request and response transactions associated to the same user. […] provide the ability to establish variables - such as access rights and localization settings - which will apply to each and every interaction a user has with the web application for the duration of the session.

Answer 47

Web Session

Question 48

is almost exclusively in Javascript (JS) runs with an interpreter. Makes web pages come alive. Credential information is stored and sent from the client

Answer 48

Client side code

Question 49

Server side services listen for a request and then respond to that request part of the N-tier application design

Answer 49

Server Side

Question 50

Presentation, logic, data

Answer 50

N-Tier Application

Question 51

Translates data in to something the user can understand

Answer 51

Presentation tier

Question 52

Coordinates the application, processes commands makes logical decisions and evaluations and performs calculations. Provides communication between the presentation and data tier

Answer 52

Logic Tier

Question 53

Information is stored and retrieved from a database, datastore or filesystem. Provides information back to the logic tier

Answer 53

Data Tier

Question 54

does nothing except provide a pathway for the electrical signals to travel along

Answer 54

Hub

Question 55

are the connectivity points of an Ethernet network that forward data only to the port that connects to the destination device. It does this by learning the MAC address of the devices attached to it, and then by matching the destination MAC address in the data it receives.

Answer 55

Switch

Question 56

ill normally create, add, or divide on the Network Layer as they are normally IP-based devices.Receives a packet of data, it reads the header of the packet to define the destination address

Answer 56

Router

Question 57

use the wireless infrastructure network mode to provide a connection point between WLANs and a wired Ethernet LAN.

Answer 57

Wireless Access Point

Question 58

Encrypted Connection over the internet from a device to a network

Answer 58

Virtual Private Network (VPN)

Question 59

A networking device, either hardware or software based, that controls access to your organization’s network.

Answer 59

Firewall

Question 60

implemented through software applications to monitor and control network traffic between a computer or a network of computers and the internet or other networks- Use network operating systems such as Linux/Unix, Windows Servers and Mac OS Servers

Answer 60

Software Firewalls

Question 61

Dedicated network device Many routers and WAPs have this functionality built in

Answer 61

Hardware Firewalls

Question 62

a 32-bit number that masks an IP address, and divides the IP address into network address and host address. network bits to all “1”s and setting host bits to all “0”s

Answer 62

Subnet Mask

Question 63

allocates and manages IP addresses on the internet. is a set of Internet protocol (IP) standards that is used to create unique identifiers for networks and individual devices.

Answer 63

Classless inter-domain routing (CIDR)

Question 64

A dictionary of CVE attempting to standardize across the industry

Answer 64

CVE - Common Vulnerabilities and Exposures

Question 65

Maintain accurate inventory of assets Define and set stan- dards>Maintain awareness and detect new vulnerabilities>Reme- diate or mitigate identified vulnerabilities >Continuously monitor IT environment

Answer 65

Goals of Vulnerability Management Program (4)

Question 66

Apply Patches -
Update configurations -
Deactivate unnecessary services and channels

Answer 66

Remediation

Question 67

reducing, lessening, or minimizing the severity, impact, or likelihood of potential threats, risks, or vulnerabilities- Compensating Network Controls - Procedural or Physical Controls

Answer 67

Mitigation

Question 68

tend to lack motivation and rely on script created by more ad- vanced hackers. They utilize easy to use software to do things such as port scanning. Blue hats are “vindictive “ - these.

Answer 68

Script Kiddies

Question 69

newbie hackers. Unlike script kiddies, these hackers have the drive to become a more advanced hacker

Answer 69

Green Hat

Question 70

malicious hacker who hacks for personal gain, typically financial

Answer 70

Black Hat

Question 71

Use their skills in order to help individuals, businesses and gov- ernment.

Answer 71

White Hat/Ethical Hackers

Question 72

: shifts between ethical and non-ethical hacking practices

Answer 72

Grey Hat

Question 73

Digital vigilantes working to right a perceived wrong in the world

Answer 73

Hacktivists:

Question 74

government employees who attempt to acquire classified informa- tion about other governments

Answer 74

Nation State Hackers (AKA APT)

Question 75

: a disgruntled employee or corporate spy

Answer 75

Malicious Insider

Question 76

1) Provide training 2)Define security requirements 3)Define met- rics and compliance reporting 4) Perform threat modeling 5) Establish design requirementsà6) Define and use cryptography standards 7)Manage the security risk of using 3rd party compo- nentsà8) Use approved tools 9) Perform SAST 10) Perform DAST 11)Perform penetration testing 12) Establish a standard incident response process

Answer 76

Microsoft secure development lifecycle 12 parts

Question 77

Thesepermissions grants the right to read the contents of the file and read the permissions of a directory.

Answer 77

permission Read (r)

Question 78

Implies the ability to change the contents of a file. Or create new files in a directory

Answer 78

Permission write(w)

Question 79

the right to execute the files if they are programs. Regarding directories, it allows you to enter any directories and access files

Answer 79

Permission Execute (x)

Question 80

exploiting a bug or design flaw to gain elevated access to re- sources that are normally protected from a user or application

Answer 80

Privilege escalation

Question 81

o a lower level privilege user accesses functions or content revised for higher privilege users or applications

Answer 81

Vertical privilege escalation

Question 82

o a normal user accesses functions or content reserved for other normal users

Answer 82

Horizontal privilege escalation

Question 83

Type of permissions that only allow a person to have the permis- sions necessary to complete their role. For example, an employ will only be given permissions needed to complete their job. Pre- vents lower level employees from accessing additional information that is not relevant to them

Answer 83

Role Based Access Controls

Question 84

a process by which potential threats, such as structural vulnera- bilities or the absence of appropriate safeguards, can be identi- fied, enumerated, and mitigations can be prioritized. This is about finding problems should be done early in the development.

Answer 84

Threat Modeling

Question 85

lists all of the assets and considers how attacker could threaten them

Answer 85

Asset based approach (TM)

Question 86

Talking about human threat agents can make the threat seem real

Answer 86

Modeling Attacker

Question 87

models that focus on software being built or system being de- ployed

Answer 87

Software model

Question 88

any place where entities of different privilege interact. Threats tend to cluster around these.

Answer 88

Trust boundary

Question 89

follows the flows of data often ideal for threat modeling

Answer 89

Dataflow Diagrams (DFD) (Software model)

Question 90

This model is fairly complex if starting from scratch likely can be adapted

Answer 90

Unified modeling language (UML) (Software model)

Question 91

o represent flows between various participants; each lane edge is labeled to identify a participant; each message is represented by a line between participants.

Answer 91

Swim line diagrams (Software model)

Question 92

represents the various states a system could be in and the tran- sitions between those states.

Answer 92

state diagram (Software model)

Question 93

STRIDE: A well accepted approach to thinking of threats when threat modeling: List what each acronym stands for:

Answer 93

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of privilege.

Question 94

Pretending to be someone or something other than yourself. This VIOLATES AUTHENTICATION.

Answer 94

spoofing

Question 95

Modification of something on a disk in memory or network. This VIOLATES INTEGRITY

Answer 95

Tampering

Question 96

claiming that you did not do something VIOLATES NONREPUDI- ATION

Answer 96

Repudiation

Question 97

Absorbing the resources needed to provide a service. VIOLATES AVAILABILITY.

Answer 97

Denial of Service

Question 98

providing information to someone not authorized to see it VIO- LATES CONFIDENTALLITY

Answer 98

Information Disclosure

Question 99

Allowing someone to do something they are not authorized to do. Violates AUTHORIZATION

Answer 99

elevation of privilege

Question 100

SQL, Network file system NFS, Standard messaging block (SMB), Rsyslog

Answer 100

Data tier languages and Protocols List

Question 101

• A language used in programming and designed to manage data held in databases. PORTS: 3306 (MySQL/MariaDB)>5432 Postgres>1433 MS SQL

Answer 101

Structured Query Language - SQL

Question 102

Distributed file system protocol runs on port: 2249

Answer 102

Network file system (NFS)

Question 103

o A network protocol for shared access to files printers and serial ports (445 or 139)

Answer 103

Standard messaging block (SMB)

Question 104

A utility for sending logs to remote log systems

Answer 104

Rsyslog

Question 105

Minimize attack surface, Principle of least privilege, Encryption, Tokenization, Federation

Answer 105

Protecting Data (5 rules)

Question 106

Implement physical, Network, logistical controls on data.

Answer 106

Minimizing attack surface

Question 107

access to data should be controlled by permissions that are veri- fied before allowing users to access the data.

Answer 107

Principle of least privilege

Question 108

prevents data visibility in the event of unauthorized access or theft

Answer 108

Encryption

Question 109

Substituting sensitive data with non-sensitive equivalent. This is then used to map back to the data

Answer 109

Tokenization

Question 110

A type of meta-database file system that is geographically de- centralized and transparently maps multiple databases in to one single one.

Answer 110

Federation

Question 111

o Categories: provide organizational structure o Specialty Areas: subgroups of categories containing cybersecu- rity work.
o Work Roles: the most detailed grouping of cybersecurity related work which includes KSAs and tasks for the role.
o Knowledge, skills and abilities: The skills required to perform a work role.
o Task - specific task assigned to the work role

Answer 111

NICE: National Initiative for Cybersecurity Education (parts and what they do

Question 112

Open Web Application Security Project

Answer 112

OWASP

Question 113

Top ten critical security risks to applications A1: Injection A2: Bro- ken authentication A3: Sensitive data exposure A4: XML External Entities A5: Broken access control A6: Security misconfiguration A7: Cross Site Scripting (XSS) A8: Insecure deserialization A9: Vulnerable components A10: Insufficient logging and monitoring.

Answer 113

OWASP TOP 10: list them

Question 114

Injection of a string in to a query in order to modify a response: attacker sends hostile data in to an interpreter How does it work: There are flaws in the code that when a specific string is injected do something different than they were meant to do.

Answer 114

SQLi

Question 115

requires keeping data separate from commands and queries. Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.”o Never Insert Untrusted Data Except in Allowed Locations o HTML Escape Before Inserting Untrusted Data into HTML Ele- ment Content
o Use a trusted library”

Answer 115

SQLi mitigation (3 parts)

Question 116

A type of application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.

Answer 116

XSS - Cross Site Scripting

Question 117

The application or API includes invalidated or un-escaped user input as HTML output.

Answer 117

Reflected XSS:

Question 118

The application or API stores unsanitized user input that can be viewed at a later date.

Answer 118

Stored XSS

Question 119

JavaScript frameworks, single-page applications, and APIs that dynamically include attacker-controllable data to a page are vul- nerable to this XSS attack.

Answer 119

DOM XSS

Question 120

Escaping untrusted HTTP request data based on the context in the HTML output, Using frameworks that automatically escape XSS by design, such as the latest Ruby on Rails and React JS.

Answer 120

XSS mitigation

Question 121

the analysis of computer software that is performed WITHOUT executing programs.

Answer 121

Static Application Security Testing (SAST):

Question 122

the analysis of computer programs DURING their execution. It does not require the source code and therefore detects vulnera- bilities by performing attacks itself.

Answer 122

Dynamic Application Security Testing (DAST)

Question 123

operated solely for a single organization

Answer 123

Private: cloud infrastructure

Question 124

services are rendered over a network that is open for public use

Answer 124

Public cloud infrastructure

Question 125

a composition of public cloud and private environment

Answer 125

Hybrid cloud

Question 126

refers to online services that provide high-level APIs used to deref- erence various low-level details of underlying network infrastruc- ture like physical computing resources,location, data partitioning, scaling, security, backup etc.

Answer 126

Infrastructure as a service

Question 127

consumer does not manage or control the underlying cloud infra- structure. This includes the network, servers, operating systems or storage. The user does control the deployed applications and possible the configuration settings for the application hosting en- vironment.

Answer 127

Platform as a service

Question 128

the applications are accessible via a thin client interface such as a web browser or program interface. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage and even individual application capabilities.

Answer 128

Software as a Service (SaaS)

Question 129

These primarily contain computer security-related information

Answer 129

Networking Security Logs

Question 130

contains system events and audit records

Answer 130

Operating System logs

Question 131

contains application level events or audit information

Answer 131

Application logs

Question 132

typically hidden within another seemingly innocuous program. It can create copies of itself and insert them into other programs and files to perform a harmful action. Uncommon today and comprises less than 10% of all malware

Answer 132

Viruses

Question 133

It’s distinctive trait is that it is self-replicating and can spread without user action.

Answer 133

Worms

Question 134

Masquerades as a legitimate program but contains malicious code. It requires the user to execute the corrupted/malicious file. Typically spread via social engineering

Answer 134

Trojan Horse

Question 135

Most these programs are trojans, which means they must be spread through social engineering of some sort. Once the user executes the corrupted/malicious file, it looks for and encrypts the users’ files. The hacker then holds the files as hostage in exchange for a ransom. Can be prevented by creating a good backup. According to studies, about 25% of victims choose to pay the ransom while 30% do not get their files unlocked

Answer 135

Ransomware

Question 136

if you get infected with this, you’re basically **ed. These allow the hacker to have “root” privilege and create/edit/delete files as they please. They can conceal themselves from anti-mal- ware systems and are very difficult to detect. This is because “root” privilege is greater than that of the victim/user. They are extraordinarily hard to create and only the most advanced attacks utilize them. Tech companies are very proactive about patching vulnerabilities that are susceptible to a these.

Answer 136

Rootkit

Question 137

a method of bypassing normal authentication procedures, typically over a connection to a network such as the internet. It allows the hacker to spy, invisibly, on the victims activities. May be installed by Trojan horses, worms, implants or “other methods”.

Answer 137

Backdoor

Question 138

attempts to expose the victim to unwanted and potentially ma- licious advertising. Common ____ programs may re-direct a user’s browser searches to a copycat page that contains promo- tions for other products

Answer 138

Adware

Question 139

a logical collection of internet-connected devices whose security has been compromised and control ceded to a third party. Each compromised device is known as “bot”. They are rented out by cyber criminals as commodities for a variety of purposes (such as a DDoS attack)

Answer 139

Botnet

Question 140

many viruses have a “signature”, or a recognizable series of ones and zeros. These anti-virus programs work by spotting these signatures and stopping the files before they can cause damage

Answer 140

Signature Based Detection

Question 141

monitors system processes to determine if a program is attempt- ing to engage in malicious behavior against the operating system

Answer 141

Behavior Based Detection

Question 142

the most common first step, works by moving the malicious file into a protected area on the hard drive. This area is separate from any other file that could activate the malicious software

Answer 142

Quarantining Removal

Question 143

aims to stop the initialization and spread of the virus during the start up process

Answer 143

Startup Detection/Removal

Question 144

Operating system ____ ____ provides administrators with a known working point to which they can restore the settings back to.

Answer 144

Restore points

Question 145

Asymmetric cryptography requires that both the encoder and decoder have a shared key? T/F

Answer 145

FALSE

Question 146

Masquerading is a form of both deception and disruption. T/F

Answer 146

FALSE

Question 147

AES is an algorithm for which type of encryption?

Answer 147

Symmetric Key Encryption

Question 148

Select the one that best describes Asymmetric cryptography :- Requires a secured channel to exchange a shared key. - Securely generates a shared key between two parties over an insecure channel. - Has been superseded by elliptical curve based encryption. - Leverages the same key to encrypt and decrypt data.

Answer 148

Securely generates a shared key between two parties over an insecure channel.

Question 149

What algorithm is considered a secure hash today?

Answer 149

SHA3-512

Question 150

Diffe-Hellman and RSA are algorithms for which type of encryption?

Answer 150

Asymmetric Key Encryption

Question 151

The polyalphabetic cipher is intended to prevent frequency analysis? T/F

Answer 151

TRUE

Question 152

The Vigenère cipher is an example of what?

Answer 152

A polyalphabetic cipher

Question 153

A 404 HTTP response indicates that the URL requested is not found on the server. T/F

Answer 153

TRUE

Question 154

[_______] translates more readily memorized domain names to the numerical IP addresses.

Answer 154

Domain Name System

Question 155

Which protocols are not part of the application layer? 1- TCP (Transmission Control Protocol) 2 - SMTP (Simple Mail Transfer Protocol) 3 - HTTP (HyperText Transfer Protocol) 4 - ICMP (ping)

Answer 155

1 and 4

Question 156

A 5XX HTTP response status indicates an error occurred on the server. T/F

Answer 156

TRUE

Question 157

The network ID for IP address 172.35.16.12 with a subnet mask of 255.255.255.0 is:

Answer 157

172.35.16.0

Question 158

What would you type into a command prompt in order to view the IP address of your computer (Windows or Linux is acceptable)?

Answer 158

ipconfig

Question 159

[______] is a process by which a server maintains the state of an entity interacting with it.

Answer 159

Session Management

Question 160

[_____] data is a combination of structured and unstructured data and requires mapping or advanced tools to derive information.

Answer 160

Big

Question 161

The process of verifying that an individual, entity, or website is who it claims to be.

Answer 161

Authentication

Question 162

When the secure flag is set on a cookie, JavaScript cannot access the cookie.T/F

Answer 162

FALSE

Question 163

[_______] is a sequence of network HTTP request and response transactions associated to the same user.

Answer 163

A Web session

Question 164

Any inactive data that is stored physically in any digital form is called [________].

Answer 164

Data at Rest

Question 165

The [___________] coordinates the application, processes commands, makes logical decisions and evaluations, and performs calculations.Correct!

Answer 165

Logic Tier

Question 166

Compute the Network ID and Host ID for the IP address 192.168.1.55 with a subnet mask of 255.255.255.0.

Answer 166

Network ID: 192.168.1.0Host ID: 0.0.0.55

Question 167

Which binary is computated under the 1’s of the subnet mask?

Answer 167

Network ID

Question 168

Which binary is computated under the 0’s of the subnet mask?

Answer 168

Host ID

Question 169

This type of malware masquerades as a legitimate program but contains malicious instructions.

Answer 169

Trojan

Question 170

This type of malware has the distinctive trait that it’s self-replicating without required interaction.

Answer 170

Worm

Question 171

The two broad techniques for detecting malware are ____ -based and ___ -based.

Answer 171

signature behavior

Question 172

The most common first step in malware removal and recovery is:

Answer 172

quarantining

Question 173

The type of malware that provides a method of bypassing normal authentication procedures, usually over a connection to a network such as the Internet, is called a:

Answer 173

backdoor

Question 174

The process of learning more about the assets that you can access including the network, computers, applications, and their versions is called:

Answer 174

footprinting

Question 175

When a social engineer uses a lie with a made-up story to go along with it in order to gain trust, it is called:

Answer 175

pretexting

Question 176

The practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information is called:

Answer 176

phishing

Question 177

[________] use their skills in order to help individuals, businesses, and government.

Answer 177

ethical hackers

Question 178

Government employees attempting to acquire classified information about other governments are often known as [__________]

Answer 178

Advanced Persistent Threats

Question 179

The four forms of valid credentials are :

Answer 179

What you know, what you have, what you are, and where you are.

Question 180

What cipher should an developer select for symmetric encryption?

Answer 180

AES

Question 181

This type of response status indicates a client-side error response from the server.

Answer 181

4XX

Question 182

This type of response status indicates a server side error response from the server.

Answer 182

5XX

Question 183

192.168.0.35 is an example of this type of IP address.

Answer 183

IPv4

Question 184

Which protocols are NOT part of the Application layer (select all that apply)?1. FTP (File Transfer Protocol) 2. ICMP (ping) 3. SMTP (Simple Mail Transfer Protocol) 4. HTTP (HyperText Transfer Protocol ) 5. TCP(Transmission Control Protocol ) 6. IP (Internet Protocol)

Answer 184

56

Question 185

The polyalphabetic cipher is intended to prevent frequency analysis? T/F

Answer 185

TRUE

Question 186

What are the domains within the field of cybersecurity?

Answer 186

Operational Security, Network Security, Application Security, End-user Education, Information Security

Question 187

The host ID for IP Address 172.35.16.12 with a subnet mask of 255.255.255.0 is :

Answer 187

0.0.0.12

Question 188

a method, tool, or procedure for enforcing a security policy is called a:

Answer 188

security mechanism

Question 189

[_____] is any sequence of one or more symbols given meaning by specific act(s) of interpretation.

Answer 189

data

Question 190

The [___________] coordinates the application, processes commands makes logical decisions and evaluations and performs calculations.

Answer 190

logic tier

Question 191

Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset are called a :

Answer 191

vulnerability

Question 192

Web session management commonly uses a session identifier stored in a [_________] sent from the client to the server.

Answer 192

cookie

Question 193

Permission validation and web session security occurs in the

Answer 193

logic tier

Question 194

Encryption can provide four properties

Answer 194

confidentiality, integrity, authentication, non-repudiation

Question 195

What is the five high-level functions described in the NIST Cybersecurity Framework core?

Answer 195

Identify
Protect
Detect
Respond
Recover

Question 196

What are types of input for assessing an NIST CSF subcategory?

Answer 196

Maturity Level
Primary Threat
Likelihood of Threat Occurrence
Impact of Threat Occurrence

Question 197

The NIST is a government agency that stands for National Information on Standards and Technology. T/F

Answer 197

FALSE: National Institute of Standards and Technology

Question 198

Core, tiers, and [_________] are the three main components for the NIST Cybersecurity Framework.

Answer 198

profile

Question 199

An IG1 enterprise’s biggest challenge to implementing security would be:

Answer 199

Limited IT department

Question 200

The CIS CSCs and the NIST CSF are incompatible frameworks. T/F

Answer 200

FALSE

Question 201

According to CIS Control 8, Implementation Group 3 should implement all security controls implemented by Group 2. T/F

Answer 201

TRUE

Question 202

[BLANK] is completely addressing the root cause of a vulnerability by applying a patch, updating a configuration or deactivating an unnecessary service.

Answer 202

Remediation

Question 203

Why is logging important? 1. Sometimes, logging records are the only evidence of a successful attack.
2. Logging plays a significant role in preventing attacks from occurring.
3. If properly instructed, logging can provide the time and place of every event that has occurred in your network or system.
4. Log records create an easy way to understand the scope of a breach without the need for reporting or filtering.

Answer 203

134

Question 204

The last step of incident response is recovery. T/F

Answer 204

FALSE

Question 205

The three main categories of logs are:

Answer 205

Networking Security, Operating System, and Application.

Question 206

The Principle of [___________] states: A user, process, or program must be able to access only the information and resources that are necessary for its legitimate purpose.

Answer 206

Least Privilage

Question 207

The first step of incident response is preparation. T/F

Answer 207

TRUE

Question 208

The name of the dictionary used to serve as a common baseline standard for weakness identification, mitigation, and prevention efforts is:

Answer 208

Common Weakness Enumeration

Question 209

The name of the 501(c)(3) organization that has a mission to make software security visible so that individuals and organizations are able to make informed decisions is:

Answer 209

Open Web Application Security Project

Question 210

The name of the security weakness that matches the definition below: The lack of verification of proper access to the requested object (AKA OWASP 2021 A01)

Answer 210

Broken Access Control

Question 211

What generic cybersecurity technique do we use to ensure the confidentiality of data in transit and at rest?

Answer 211

Encryption

Question 212

Which of the following are OWASP design principles (select all that apply): 1. Minimize attack surface area
2. Keep security simple
3. Avoid security by obscurity
4. Use default settings
5. Principle of Least Privilege
6. Trust services

Answer 212

1, 2, 3, 5

Question 213

What methodology is used in preventing attacks in SQL injection?

Answer 213

Parameterized Queries

Question 214

When a secure flag is set on a cookie, JS cannot access the cookie? T/F

Answer 214

FALSE

Question 215

What are the five core parameters of log management?

Answer 215

collection, storage, search, correlation, and output