Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
SA 1 - IT0201
Introduction to Cybersecurity
| Question | Answer |
|---|---|
| A cybercriminal sends a series of maliciously formatted packets to a database server, which causes the server to crash. What do you call this type of attack? SQL injection DoS Man-in-the-middle Packet injection | Dos |
| Employees in an organization report that the network access is slow. Further investigation reveals that one employee downloaded a third-party scanning program for the printer. What type of malware may have been introduced? | Worm |
| A penetration test carried out by an organization identified a backdoor on the network. What action should the organization take to find out if their systems have been compromised? | Look for unauthorized accounts |
| All employees in an organization receive an email stating that their account password will expire immediately and that they should reset their password within five minutes. Which of the following statements best describes this email? | It is a hoax |
| What do you call an impersonation attack that takes advantage of a trusted relationship between two systems? Man-in-the-middle Sniffing Spamming Spoofing | Spoofing |
| Which best practices can help defend against social engineering attacks? (Choose three.) | Educate employees regarding security policies Resist the urge to click on enticing web links Do not provide password resets in a chat window |
| What non-technical method could a cybercriminal use to gather sensitive information from an organization? Pharming Man-in-the-middle Social engineering Ransomware | Social engineering |
| Employees in an organization report that they can't access the customer database. The database file is now encrypted. They received a threatening email demanding payment. What type of attack has the organization experienced? | Ransomware |
| Which of the following statements describes a distributed denial of service (DDoS) attack? | A botnet of zombies, coordinated by an attacker, overwhelms a server with DoS attacks |
| What type of attack occurs when data goes beyond the memory areas allocated to an application? RAM spoofing SQL injection RAM injection Buffer overflow | Buffer Overflow |
| What name is given to any changes made to original data, such as data being modified manually? (Select two answers) | Backup Modification |
| Which of the following methods help to ensure data integrity? (Select two answers) | Hashing Data consistency checks |
| What name is given to a storage device connected to a network? RAID DAS NAS SAN | NAS |
| Which of the following methods help to ensure system availability? (Select two answers) | Updating operating systems Equipment maintenance |
| What is an advantage of using a hashing function? | It is a one-way function and not reversible |
| What is the name of the method in which letters are rearranged to create a ciphertext? Substitution Transposition One-time pad Enigma | Transposition |
| Which of these protocols use asymmetric key algorithms? (Select three answers) | Secure Sockets Layer (SSL) Secure Shell (SSH) Pretty Good Privacy (PGP) |
| @Apollo has created a new program and wants to distribute it to everyone in the organization. They want to ensure that when the program is downloaded, it is not changed while in transit. What can @Apollo do to ensure this does not happen? | Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded |
| What term is used to describe concealing data in another file such as a graphic, audio or video file? Steganography Hiding Masking Obfuscation | Steganography |
| Which of the following are examples of administrative access controls? (Select three answers) | Policies and procedures Background checks Hiring practices |
| You are setting up a wireless network. What technology should you set up on the network to prevent man-in-the-middle attacks? | Mutual authentication |
| What type of lock is recommended to secure an office door? Cipher lock Keyed entry lock Security cage Cable lock | Cipher lock |
| What can you do to ensure that network operating software remains secure? (Choose three.) | Install patches and updates regularly Conduct software testing prior to launch Develop a policy to address application software and operating system updates |
| What is a demilitarized zone (DMZ)? | A small network between a trusted private network and the Internet |
| Which type of technology can prevent malicious software from displaying unwanted popup ads on a device? | Adware protection |
| What would you set up to divide a computer network into smaller parts with the aim of improving network performance and security? | A VLAN |
| Which of the following enables secure contactless payment? USB communication Infrared (IR) Near-field communication (NFC) | Near-field communication (NFC) |
| What feature does Microsoft Windows use for full disk encryption (FDE)? Trusted Platform Module (TPM) BitLocker To Go Measured Boot BitLocker | BitLocker |
| What can be used to ensure that a piece of software you are installing is authentic? Code signing Secure cookies Validation rules A checksum | Code signing |
| You want to keep unauthorized users and devices out of a private network. What solution would you use? | Network Access Control (NAC) |
| What technique can a developer use to prevent software from being reverse engineered by a hacker? | Obfuscation |
| Remote-access VPNs allow mobile workers to access the corporate network using a VPN client installed on their device.’ Is this statement true or false? | True |
| You want to install a system on the network to monitor traffic and immediately respond to any threats identified. Which of the following should you use? | An Intrusion Prevention System (IPS) |
| Which environment should be used by developers to verify that software runs under the required security settings? | Staging environment |
| What type of side-channel attacks do cybercriminals launch by studying how long it takes an embedded system to respond to different inputs? | Timing attacks |
| What should you do to prevent attacks on SCADA systems? | Segregate internal and external networks |
| What do organizations use deception technologies for? (Choose three correct answers) | To learn an attacker’s methods To warn of potential attacks that could be launched To distract attackers from production networks |
| You want to use deception technology to push users away from malicious URLs. Which of the following should you use? | A DNS sinkhole |
| What occurs when too many virtualized, underutilized servers use up more resources and space than needed for the work they are doing? | VM sprawl |
| What key component of virtualization allows you to run multiple independent operating systems on one physical system? | A hypervisor |
| What is geofencing used for? | To trigger an action when a user enters or exits a geographic boundary |
| What protocol should be used when simple username/password authentication is needed? 802.1x TACACS+ CHAP RADIUS | RADIUS |
| What algorithm is used by governments to create digital signatures? Hint: It uses large number factorization. | DSA |
| Is the following statement true or false? ‘A digital certificate authenticates and verifies that a user sending a message is who they claim to be.’ | True |
| @Apollo is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. Which solution is best? | RAID |
| @Apollo is evaluating its data center to improve availability. The technicians notice that there's only 1 router, some equipment is out of warranty, there are no spare parts. Which deficiencies in high availability has identified? (Select three answers) | Failure to detect errors as they occur Failure to design for reliability Single points of failure |
| Apollo is purchasing a new server for the company data center. The user wants to most efficiently utilize the capacity of three disks with redundancy. Which RAID level should the user implement? | 5 |
| Which industries should be required to maintain five nines availability? (Select three answers) | Healthcare Public safety Finance |
| You have been asked to perform an analysis of the current state of an organization’s network. What would you use to scan the network only for security risks? | Vulnerability scanner |
| @Apollo is evaluating its network infrastructure. They've noted that redundant systems and devices are in place. A report emphasized the methods needed to make the network fault tolerant. What is the type of design @Apollo is advocating for? | Resilient |
| Which of the following types of power issues should a technician be concerned about? (Select three correct answers) | Blackout Brownout Spike |
| Which of the following devices represent examples of physical access controls? (Select three correct answers) | Locks Video cameras Swipe cards |
| What design principles help to ensure high availability? (Select three answers) | Eliminating single points of failure Providing for reliable crossover Detecting failures as they occur |
| An organization is looking to implement biometric access to its data center but is concerned that people may be able to circumvent the system by being falsely accepted as legitimate users. What type of error is such false acceptance? | Type II |
| Which of the following firewalls hides or masquerades the private addresses of network hosts? | Network address translation firewall |
| Carrying out a multi-phase, long-term, stealthy and advanced operation against a specific target is often referred to as what? | Advanced persistent threat |
| You are configuring access settings to require employees in your organization to authenticate first before accessing certain web pages. Which requirement of information security is addressed through this configuration? | Confidentiality |
| What are the objectives of ensuring data integrity? (Choose two correct answers) | Data is unaltered during transit Data is not changed by unauthorized entities |
| An organization is experiencing overwhelming visits to a main web server. You are developing a plan to add a couple of more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan? | Availability |
| What of the following are examples of cracking an encrypted password? (Choose four correct answers) | Brute force attack Rainbow tables Spraying Dictionary attack |
| Improper management of physical access to a resource, such as a file, can lead to what type of security vulnerability? | Access control problems |
| A medical office employee sends emails to patients about their recent visits to the facility. What information would put the privacy of the patients at risk if it was included in the email? | Patient records |
| What is the best way to avoid getting spyware on a machine? | Install software only from trusted websites |
| You are surfing the Internet using a laptop at a public Wi-Fi cafe. What should you check first before you connect to the public network? | If the laptop requires user authentication for file and media sharing |
| What is the main function of the Cisco Security Incident Response Team? | To ensure company, system and data preservation |
| Which of the following firewalls are placed in front of web services to protect, hide, offload and distribute access to web servers? | Reverse proxy server |
| Which of the following certifications meets the U.S. Department of Defense Directive 8570.01-M requirements, which is important for anyone looking to work in IT security for the federal government? | CompTIA Security+ |
| One of your colleagues has lost her ID badge. She's in a hurry to get to a meeting and doesn't have time to visit Human Resources to get temporary badge. You lend her your ID badge until she obtain a replacement. Is this behavior ethical or unethical? | Unethical |
| Which of the following certifications tests your understanding and knowledge in how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner? | EC Council Certified Ethical Hacker |
| What is the main purpose of cyberwarfare? | To gain advantage over adversaries |
| What vulnerability occurs when the output of an event depends on ordered or timed outputs? | Race conditions |
| What do you call the vulnerabilities discovered by Google security researchers that affect almost all CPUs released since 1995? (Select two correct answers) | Spectre Meltdown |
| If developers attempt to create their own security algorithms, it will likely introduce what type of vulnerabilities? | Weaknesses in security practices |
| Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website? | Open authorization |
| Which of the following security implementations use biometrics? (Choose two correct answers) | Fingerprint Voice Recognition |
| Which of the following firewalls filters traffic based on source and destination IP addresses? | Network layer firewall |
| Which of the following firewalls filters web content requests such as URLs and domain names? | Proxy server |
| A port scan returns a ‘dropped’ response. What does this mean? | There was no reply from the host |
| During a meeting with the Marketing department, a representative from IT discusses features of an upcoming product that will be released next year. Is this employee’s behavior ethical or unethical? | Ethical |
Created by:
cinnamonbr34d
Popular Standardized Tests sets