cyber security 1-3
An organization that practices purchasing products from different vendors is demonstrating which security principle?
Diversity
Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document?
Extinguish risk
Which of the following is NOT a successive layer in which information security is achieved?
Purposes
Which tool is most commonly associated with nation state threat actors?
Advanced Persistent Threat (APT)
Signe wants to improve the security of the small business where she serves as a security manager. She determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. What security principle does Signe want to use?
Obscurity
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?
Brokers
Which of the following is NOT true regarding security?
Security is a war that must be won at all costs.
Tatyana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. Which of the following configuration issues would NOT be covered?
Vulnerable business processes
lan recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users' needs. Which of these generally recognized security positions has lan been offered?
Security administrator
Which of the following is an enterprise critical asset?
Information
What are industry-standard frameworks and reference architectures that are required by external agencies known as?
Regulatory
Why do cyberterrorists target power plants, air traffic control centers, and water systems?
They can cause significant disruption by destroying only a few targets.
Which act requires banks and financial institutions to alert their customers of their policies in disclosing customer information?
Gramm-Leach-Bliley Act (GLBA)
What is an objective of state-sponsored attackers?
To spy on citizens
Alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. She has decided to focus on the issue of widespread vulnerabilities. Which of the following would Alyona NOT include in her presentation?
Misconfigurations
Which of the following ensures that only authorized parties can view protected information?
Confidentiality
Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use?
Security and convenience are inversely proportional.
What is a race condition?
When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information
through products, people, and procedures on the devices that store, manipulate, and transmit the information
Which of the choices shown are NOT true when considering virus behavior?
Can infect targets unassisted over the network.
Which of the choices shown is NOT considered a characteristic of malware?
• Circulation
• Concealment
• Infection
• Payload
All of these choices are correct.
Which of the choices identifies the actions of a rootkit?
Become undetectable
Which of the choices is NOT a trait of crypto-malware?
Collects private information
Which malware type would be used to infect cloud based storage?
Crypto-malware
Proxies are "devices" that are strictly software-only.
False
A web application firewall is exactly the same as a network firewall.
False
A Web application firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. It prevents targeted attacks that include Denial of Service (DOS), Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), forceful browsing, cookie poisoning and invalid input. In which of the following attacks does the attacker gains access to a restricted page within a Web application by supplying a URL directly?
Forceful browsing
Anetwork administrator is evaluating different firewalls. Which of the following firewalls provides protection from the following attacks: Denial of Service (DOS), Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), forceful browsing, cookie poisoning and invalid input?
Web application firewall (WAF)
Which of the following risks does the use of social netowrking and P2P platforms pose?
Social engineering attacks
Under which of the following does "shoulder surfing" fall?
Social engineering
What are the factors that contibute to the effectiveness of social engineering techniques? [Choose all that apply.]
These all apply:
Authority
Intimidation
Scarcity and Urgency
Consensus
Social proof
Familiarity and Trust
Which of these is a
general term used for describing software that gathers information without the user's consent?
spyware
Linnea's father called her to say that a message suddenly
appeared on his screen that says his software license has expired and he must immediately pay $500 to have it renewed before
control of the computer will be returned to him. What type of malware is this?
blocking ransomware
Which of these items retrieved through dumpster diving would NOT provide useful information?
books
What is the name of the threat actor's computer that gives instructions to an infected computer?
Command and control
(C&C) server
Which of the following is NOT a primary trait of malware?
diffusion
Which of the following is defined as following an authorized person through a secure door?
Tailgating
Which type of malware requires a user to transport it from one computer to another?
virus
Which variation of a phishing attack sends phishing messages only to wealthy individuals?
Whaling
How can an attacker use a hoax?
A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings
Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?
metamorphic
Which of the following is NOT correct about a rootkit?
A rootkit is always the payload of a Trojan
Astrid's computer screen suddenly says that all files are now locked until money is transferred to a specific account, at which time she will receive a means to unlock the files. What type of malware has infected her computer?
Crypto-malware
Which statement regarding a keylogger is NOT true?
Software keyloggers are generally easy to detect
Which of these is a general term used for describing software that gathers information without the user's consent?
Spyware
What is the term used for a threat actor who controls multiple bots in a botnet?
bot herder
Lykke receives a call while working at the helpdesk from someone who needs his account reset immediately.
When Lykke questions the caller, he says, "If you don't reset my account immediately, I will call your supervisor!" What psychological approach is the caller attempting to use on Lykke?
intimidation
Ebba received a message from one of her tech support employees. In violation of company policy, a user had downloaded a free program to receive weather reports, but the program had also installed malware on the computer that gave the threat actor unrestricted access to the computer. What type of malware had been downloaded?
RAT
Which of these could not be defined as a logic bomb?
a. Erase all data if John Smith's name is removed from the list of employees.
b. Reformat the hard drive three months after Susan Jones left the
company.
c. Send spam email to all users in the company on Tuesday.
d. If the company's stock price drops below $10, then credit Jeff Brown with 10 additional years of retirement credit.
Send spam email to all users in the company on Tuesday.
Hedda pretends to be the help desk manager and calls Steve to trick him into giving her his password. What social engineering attack has Hedda performed?
Impersonation
Which of the following is defined as following an authorized person through a secure door?
Tailgating
Each of these is a reason
why adware is scorned
ЕХСЕРТ ?
it displays objectionable content
it can interfere with a user's productivity
it displays the attacker's programming
skills it can cause a computer to crash or slow down
it displays the attacker's programming skills
Which type of malware requires a user to transport it from one computer to another?
Virus
Which of these items retrieved through dumpster diving would NOT provide useful information?
Books