Introduction to Cybersecurity Full Quiz Solved

by
Chapter 1 Quiz
Chapter 2 Quiz
Chapter 3 Quiz
Chapter 4 Quiz
Final Quiz

Chapter 1: The Need for Cybersecurity

Ethics Quiz

Question 1

An employee is laid off after fifteen years with the same company. The employee is then hired by another company within a week. In the new company, the employee shares documents and ideas for products that the employee proposed at the original company.

  1. ethical
  2. unethical

Explanation: Even though the employee was laid off, the employee probably signed a Non-Disclosure Agreement (NDA) with the original company. Any work or idea developed at the original company, regardless of who proposed the idea, is still the property of the original company. Depending on the level of severity of the breach, this could result in legal action.

Answer: unethical

Question 2

During a meeting with the Marketing department, a representative from IT discusses features of an upcoming product that will be released next year.

  1. ethical
  2. unethical

Explanation: Both the employee and the manager are within the same department and company so this behavior would be ethical.

Answer: ethical

Question 3

An employee is at a restaurant with friends and describes an exciting new video game that is under development at the company the employee works for. Is the behavior of the employee ethical or unethical?

  1. ethical
  2. unethical

Explanation: It is not ethical to share a confidential product idea before it is released. Describing the game to a group of friends outside the company could leak the idea and jeopardize the new product offering.

Answer: unethical

Question 4

Alicia, a company employee, has lost her corporate identification badge. She is in a hurry to get to a meeting and does not have time to visit Human Resources to obtain a temporary badge. You lend her your identification badge until she can obtain a replacement.

  1. ethical
  2. unethical

Explanation: Employees should never give their credentials to another employee, regardless of the situation or the familiarity with the other employee. Once your credentials are out of your sight, you have no idea what they are being used for.

Answer: unethical

Question 5

An employee points out a design flaw in a new product to the department manager.

  1. ethical
  2. unethical

Explanation: Both the employee and the manager are within the same department and company so this behavior would be ethical.

Answer: ethical

Chapter 1 Quiz:

Question 1

Which method is used to check the integrity of data?

  1. backup
  2. encryption
  3. authentication
  4. checksum

Explanation: A checksum value of a block of data is calculated and transmitted with the data. After the data is received, the checksum hashing is performed again. The calculated value is compared with the transmitted value to verify the integrity of the data.

Answer: checksum

Question 2

What is a reason that internal security threats might cause greater damage to an organization than external security threats?

  1. Internal users have direct access to the infrastructure devices.
  2. Internal users have better hacking skills.
  3. Internal users can access the corporate data without authentication.
  4. Internal users can access the infrastructure devices through the Internet.

Explanation: Internal threats have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. Internal users may not have better hacking skills than external attackers. Both internal users and external users can access the network devices through the Internet. A well designed security implementation should require authentication before corporate data is accessed, regardless of whether the access request is from within the corporate campus or from the outside network.

Answer: Internal users have direct access to the infrastructure devices.

Question 3

What is another name for confidentiality of information?

  1. trustworthiness
  2. privacy
  3. accuracy
  4. consistency

Explanation: Privacy is another name for confidentiality. Accuracy, consistency, and trustworthiness describe integrity of data.

Answer: privacy

Question 4

What is an example of “hacktivism”?

  1. A group of environmentalists launch a denial of service attack against an oil company that is responsible for a large oil spill.
  2. A country tries to steal defense secrets from another country by infiltrating government networks.
  3. A teenager breaks into the web server of a local newspaper and posts a picture of a favorite cartoon character.
  4. Criminals use the Internet to attempt to steal money from a banking company.

Explanation: Hacktivism is a term used to describe cyberattacks carried out by people who are considered political or ideological extremists. Hacktivists attack people or organizations that they believe are enemies to the hacktivist agenda.ee and the manager are within the same department and company so this behavior would be ethical.

Answer: A group of environmentalists launch a denial of service attack against an oil company that is responsible for a large oil spill.

Question 5

What is the motivation of a white hat attacker?

  1. discovering weaknesses of networks and systems to improve the security level of these systems
  2. taking advantage of any vulnerability for illegal personal gain
  3. fine tuning network devices to improve their performance and efficiency
  4. studying operating systems of various platforms to develop a new system

Explanation: White hat attackers break into networks or computer systems in order to discover weaknesses for the purpose of improving the security of these systems. These break-ins are done with permission from the owner or the organization. Any results are reported back to the owner or the organization.oyee and the manager are within the same department and company so this behavior would be ethical.

Answer: discovering weaknesses of networks and systems to improve the security level of these systems

Question 6

What three items are components of the CIA triad? (Choose three.)

  1. availability
  2. confidentiality
  3. integrity
  4. intervention
  5. access
  6. scalability

Explanation: The CIA triad contains three components: confidentiality, integrity, and availability. It is a guideline for information security for an organization.

Answer: integrity, availability, confidentiality

Question 7

The individual user profile on a social network site is an example of a/an _______ identity.

Answer: online

Question 8

Which statement describes cyberwarfare?

  1. Cyberwarfare is an attack carried out by a group of script kiddies.
  2. It is a series of personal protective equipment developed for soldiers involved in nuclear war.
  3. It is Internet-based conflict that involves the penetration of information systems of other nations.
  4. It is simulation software for Air Force pilots that allows them to practice under a simulated war scenario.

Explanation: Cyberwarfare is an Internet-based conflict that involves the penetration of the networks and computer systems of other nations. Organized hackers are typically involved in such an attack.

Answer: It is Internet-based conflict that involves the penetration of information systems of other nations.

Question 9

Match the type of cyber attackers to the description. (Not all options are used.)

make political statements in order to create an awareness of issues that are important to themterrorists
hacktivists
state-sponsored attackers
script kiddies 
gather intelligence or commit sabotage on specific goals on behalf of their governmentterrorists
hacktivists
state-sponsored attackers
script kiddies 
make political statements, or create fear, by causing physical or psychological damage to victimsterrorists
hacktivists
state-sponsored attackers
script kiddies 

Answer:

  1. make political statements in order to create an awareness of issues that are important to them → hacktivists,
  2. gather intelligence or commit sabotage on specific goals on behalf of their government → state-sponsored attackers,
  3. make political statements, or create fear, by causing physical or psychological damage to victims → terrorists

Question 10

What are three methods that can be used to ensure confidentiality of information? (Choose three.)

  1. backup
  2. file permission settings
  3. version control
  4. two factor authentication
  5. username ID and password
  6. data encryption

Explanation: Methods including data encryption, username ID and password, and two factor authentication can be used to help ensure confidentiality of information. File permission control, version control, and backup are methods that can be used to help ensure integrity of information.

Answer: data encryption, two factor authentication, username ID and password

Chapter 2: Attacks, Concepts and Techniques

Chapter 2 Quiz:

Question 1

Which type of attack allows an attacker to use a brute force approach?

  1. password cracking
  2. packet sniffing
  3. social engineering
  4. denial of service

Explanation: Common ways used to crack Wi-Fi passwords include social engineering, brute-force attacks, and network sniffing.

Answer: password cracking

Question 2

Which example illustrates how malware might be concealed?

  1. An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware.
  2. A botnet of zombies carry personal information back to the hacker.
  3. A hacker uses techniques to improve the ranking of a website so that users are redirected to a malicious site.
  4. An attack is launched against the public website of an online retailer with the objective of blocking its response to visitors.

Explanation: An email attachment that appears as valid software but actually contains spyware shows how malware might be concealed. An attack to block access to a website is a DoS attack. A hacker uses search engine optimization (SEO) poisoning to improve the ranking of a website so that users are directed to a malicious site that hosts malware or uses social engineering methods to obtain information. A botnet of zombie computers is used to launch a DDoS attack.

Answer: An email is sent to the employees of an organization with an attachment that looks like an antivirus update, but the attachment actually consists of spyware.

Question 3

What is the purpose of a rootkit?

  1. to gain privileged access to a device while concealing itself
  2. to replicate itself independently of any other programs
  3. to masquerade as a legitimate program
  4. to deliver advertisements without user consent
Explanation:

Malware can be classified as follows:
– Virus (self replicates by attaching to another program or file)
– Worm (replicates independently of another program)
– Trojan Horse (masquerades as a legitimate file or program)
– Rootkit (gains privileged access to a machine while concealing itself)
– Spyware (collects information from a target system)
– Adware (delivers advertisements with or without consent)
– Bot (waits for commands from the hacker)
– Ransomware (holds a computer system or data captive until payment is received)

Answer: to gain privileged access to a device while concealing itself

Question 4

Which tool is used to provide a list of open ports on network devices?

  1. Ping
  2. Nmap
  3. Tracert
  4. Whois

Explanation: The Nmap tool is a port scanner that is used to determine which ports are open on a particular network device. A port scanner is used before launching an attack.

Answer: Nmap

Question 5

In what way are zombies used in security attacks?

  1. They are maliciously formed code segments used to replace legitimate applications.
  2. They target specific individuals to gain corporate or personal information.
  3. They probe a group of machines for open ports to learn which services are running.
  4. They are infected machines that carry out a DDoS attack.

Explanation: Zombies are infected computers that make up a botnet. The zombies are used to deploy a distributed denial of service (DDoS) attack.

Answer: They are infected machines that carry out a DDoS attack.

Question 6

What is the most common goal of search engine optimization (SEO) poisoning?

  1. to overwhelm a network device with maliciously formed packets
  2. to increase web traffic to malicious sites
  3. to trick someone into installing malware or divulging personal information
  4. to build a botnet of zombies

Explanation: A malicious user could create a SEO so that a malicious website appears higher in search results. The malicious website commonly contains malware or is used to obtain information via social engineering techniques.

Answer: to increase web traffic to malicious sites

Question 7

Which two characteristics describe a worm? (Choose two.)

  1. is self-replicating
  2. executes when software is run on a computer
  3. hides in a dormant state until needed by an attacker
  4. travels to new computers without any intervention or knowledge of the user
  5. infects computers by attaching to software code

Explanation: Worms are self-replicating pieces of software that consume bandwidth on a network as they propagate from system to system. They do not require a host application, unlike a virus. Viruses, on the other hand, carry executable malicious code which harms the target machine on which they reside.

Answer: is self-replicating, travels to new computers without any intervention or knowledge of the user

Question 8

What is the primary goal of a DoS attack?

  1. to scan the data on the target server
  2. to obtain all addresses in the address book within the server
  3. to facilitate access to external networks
  4. to prevent the target server from being able to handle additional requests

Explanation: A denial of service (DoS) attack attempts to overwhelm a system or process by sending large amounts of data or requests to the target. The goal is to keep the system so overwhelmed handling false requests that it is unable to respond to legitimate ones.

Answer: to prevent the target server from being able to handle additional requests

Chapter 3: Protecting Your Data and Privacy

Chapter 3 Quiz:

Question 1

Which technology removes direct equipment and maintenance costs from the user for data backups?

  1. an external hard drive
  2. a cloud service
  3. a tape
  4. network attached storage

Explanation: The cost of cloud storage commonly depends on the amount of storage space needed. The cloud provider will maintain the equipment and the cloud user will have access to the backup data.

Answer: a cloud service

Question 2

A network administrator is conducting a training session to office staff on how to create a strong and effective password. Which password would most likely take the longest for a malicious user to guess or break?

  1. 10characters
  2. drninjaphd
  3. mk$$cittykat104#
  4. super3secret2password1
Explanation:

When choosing a good password:
– Do not use dictionary words or names in any languages.
– Do not use common misspellings of dictionary words.
– Do not use computer names or account names.
– If possible use special characters, such as ! @ # $ % ^ & * ( ).
– Use a ten character password or more.

Answer: An emk$$cittykat104#

Question 3

How can a user prevent others from eavesdropping on network traffic when operating a PC on a public Wi-Fi hot spot?

  1. Connect with a VPN service.
  2. Disable Bluetooth.
  3. Create strong and unique passwords.
  4. Use WPA2 encryption.

Explanation: When a user connects through an encrypted VPN tunnel on a public Wi-Fi network, any data being sent or received from the user will be undecipherable.

Answer: Connect with a VPN service.

Question 4

Which type of technology can prevent malicious software from monitoring user activities, collecting personal information, and producing unwanted pop-up ads on a user computer?

  1. firewall
  2. antispyware
  3. two factor authentication
  4. password manager

Explanation: Antispyware software is commonly installed on a user machine to scan and remove malicious spyware software installed on a device.

Answer: antispyware

Question 5

As data is being stored on a local hard disk, which method would secure the data from unauthorized access?

  1. deletion of sensitive files
  2. a duplicate hard drive copy
  3. data encryption
  4. two factor authentication

Explanation: Data encryption is the process of converting data into a form where only a trusted, authorized person with a secret key or password can decrypt the data and access the original form.

Answer: data encryption

Question 6

What is the best method to prevent Bluetooth from being exploited?

  1. Only use Bluetooth when connecting to a known SSID.
  2. Only use Bluetooth to connect to another smartphone or tablet.
  3. Always use a VPN when connecting with Bluetooth.
  4. Always disable Bluetooth when it is not actively used.

Explanation: Bluetooth is a wireless technology that can be exploited by hackers to eavesdrop, establish remote access controls, and distribute malware. A user should keep Bluetooth turned off when not in use.

Answer: Always disable Bluetooth when it is not actively used.

Question 7

Why do IoT devices pose a greater risk than other computing devices on a network?

  1. IoT devices require unencrypted wireless connections.
  2. Most IoT devices do not require an Internet connection and are unable to receive new updates.
  3. Most IoT devices do not receive frequent firmware updates.
  4. IoT devices cannot function on an isolated network with only an Internet connection.

Explanation: IoT devices commonly operate using their original firmware and do not receive updates as frequently as laptops, desktops, and mobile platforms.

Answer: Most IoT devices do not receive frequent firmware updates.

Question 8

Which configuration on a wireless router is not considered to be adequate security for a wireless network?

  1. enabling wireless security
  2. prevent the broadcast of an SSID
  3. implement WPA2 encryption
  4. modify the default SSID and password of a wireless router

Explanation: A wireless router can be configured to not allow the SSID to be broadcast, but that configuration is not considered to be adequate security for a wireless network

Answer: prevent the broadcast of an SSID

Question 9

How can users working on a shared computer keep their personal browsing history hidden from other workers that may use this computer?

  1. Reboot the computer after closing the web browser.
  2. Move any downloaded files to the recycle bin.
  3. Operate the web browser in private browser mode.
  4. Use only an encrypted connection to access websites.
Explanation:

When a computer user browses the web in private mode, the following occurs:
– Cookies are disabled.
– Temporary Internet files are removed after closing the window.
– Browsing history is removed after closing the window.

Answer: Operate the web browser in private browser mode.

Question 10

A user is surfing the Internet using a laptop at a public WiFi cafe. What should be checked first when the user connects to the public network?

  1. if the laptop has a master password set to secure the passwords stored in the password manager
  2. if the laptop web browser is operating in private mode
  3. if the laptop Bluetooth adapter is disabled
  4. if the laptop requires user authentication for file and media sharing

Explanation: When a user connects to a public network, it is important to know if the computer is configured with file and media sharing and that it requires user authentication with encryption.

Answer: if the laptop requires user authentication for file and media sharing

Question 11

A consumer would like to print photographs stored on a cloud storage account using a third party online printing service. After successfully logging into the cloud account, the customer is automatically given access to the third party online printing service. What allowed this automatic authentication to occur?

  1. The account information for the cloud storage service was intercepted by a malicious application.
  2. The password entered by the user for the online printing service is the same as the password used on the cloud storage service.
  3. The cloud storage service is an approved application for the online printing service.
  4. The user is on an unencrypted network and the password for the cloud storage service is viewable by the online printing service.

Explanation: Open Authorization is an open standard protocol that allows end users to access third party applications without exposing the user password.

Answer: The cloud storage service is an approved application for the online printing service.

Question 12

A user is having difficulty remembering passwords for multiple online accounts. What is the best solution for the user to try?

  1. Share the passwords with the network administrator or computer technician.
  2. Write the passwords down and place them out of sight.
  3. Save the passwords in a centralized password manager program.
  4. Create a single strong password to be used across all online accounts.

Explanation: A password manager can be used to store and encrypt multiple passwords. A master password can be implemented to protect the password manager software.

Answer: Save the passwords in a centralized password manager program.

Chapter 4: Protecting the Organization

Chapter 4 Quiz:

Question 1

Any device that controls or filters traffic going in or out of the network is known as a  ____________.

Explanation: A firewall is a network device used to filter inbound or outbound traffic or both.

Answer: firewall

Question 2

What is the last stage of the Cyber Kill Chain framework?

  1. remote control of the target device
  2. gathering target information
  3. creation of malicious payload
  4. malicious action
Explanation:

The Cyber Kill Chain describes the phases of a progressive cyberattack operation. The phases include the following:
* Reconnaissance
* Weaponization
* Delivery
* Exploitation
* Installation
* Command and control
* Actions on objectives
In general, these phases are carried out in sequence. However, during an attack, several phases can be carried out simultaneously, especially if multiple attackers or groups are involved.

Answer: malicious action

Question 3

Which tool can identify malicious traffic by comparing packet contents to known attack signatures?

  1. Netflow
  2. IDS
  3. Nmap
  4. Zenmap

Explanation: An IDS, or intrusion detection system, is a device that can scan packets and compare them to a set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection.

Answer: IDS

Question 4

A _________ is a group of compromised or hacked computers (bots) controlled by an individual with malicious intent.

Explanation: A compromised or hacked computer that is controlled by a malicious individual or group is known as a bot. A group of these hacked computers under the control of a malicious individual or group is known as a botnet.

Answer: botnet

Question 5

What type of attack disrupts services by overwhelming network devices with bogus traffic?

  1. brute force
  2. port scans
  3. zero-day
  4. DDoS

Explanation: DDoS, or distributed denial of service, attacks are used to disrupt service by overwhelming network devices with bogus traffic.

Answer: DDoS

Question 6

Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network?

  1. Telnet
  2. HTTPS
  3. NetFlow
  4. NAT

Explanation: NetFlow is used both to gather details about the traffic that is flowing through the network, and to report it to a central collector.

Answer: NetFlow

Question 7

Behavior-based analysis involves using baseline information to detect _________ that could indicate an attack

Explanation: Behavior-based security uses informational context to detect anomalies in the network.

Answer:  anomalies

Question 8

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?

  1. SIEM
  2. Netflow
  3. Nmap
  4. Snort

Explanation: Snort is an open source intrusion protection system (IPS) that is capable of performing real-time traffic and port analysis, packet logging, content searching and matching, as well as detecting probes, attacks, port scans, fingerprinting, and buffer overflow attacks.

Answer: Snort

Final Exam:

Question 1

Which statement describes cybersecurity?

  1. It is a framework for security policy development.
  2. It is a standard-based model for developing firewall technologies to fight against cybercriminals.
  3. It is a standard-based model for developing firewall technologies to fight against cybercriminals.
  4. It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm.

Explanation: Cybersecurity is the ongoing effort to protect Internet-connected network systems and all of the data associated with the systems from unauthorized use or harm.

Answer: It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm.

Question 2

What are two objectives of ensuring data integrity? (Choose two.)

  1. Data is available all the time.
  2. Data is unaltered during transit.
  3. Access to the data is authenticated.
  4. Data is not changed by unauthorized entities.
  5. Data is encrypted while in transit and when stored on disks.

Explanation: The objectives for data integrity include data not being altered during transit and not being changed by unauthorized entities. Authentication and encryption are methods to ensure confidentiality. Data being available all the time is the goal of availability.

Answer: 2. Data is unaltered during transit, 4. Data is not changed by unauthorized entities.

Question 3

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

  1. integrity
  2. scalability
  3. availability
  4. confidentiality

Explanation: Confidentiality ensures that data is accessed only by authorized individuals. Authentication will help verify the identity of the individuals.

Answer: confidentiality 

Question 4

A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

  1. integrity
  2. scalability
  3. availability
  4. confidentiality

Explanation: Availability ensures that network services are accessible and performing well under all conditions. By load balancing the traffic destined to the main web servers, in times of a huge volume of visits the systems will be well managed and serviced.

Answer: availability

Question 5

An employee does something as a company representative with the knowledge of that company and this action is deemed illegal. The company would be legally responsible for this action.

  1. true
  2. false

Explanation: This is a bit of a grey area and would also depend on local laws. In many cases, if the employee did something with the knowledge or approval of the company, then the legal responsibility would probably be with the company not the employee. In some areas or situations, both the company and employee could be held legally responsible.

Answer: true

Question 6

What is the main purpose of cyberwarfare?

  1. Telnet
  2. to protect cloud-based data centers
  3. to gain advantage over adversaries
  4. to develop advanced network devices
  5. to simulate possible war scenarios among nations

Explanation: Cyberwarfare is Internet-based conflict that involves the penetration of the networks and computer systems of other nations. The main purpose of cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors.

Answer: to gain advantage over adversaries

Question 7

When describing malware, what is a difference between a virus and a worm?

  1. A virus focuses on gaining privileged access to a device, whereas a worm does not.
  2. A virus can be used to deliver advertisements without user consent, whereas a worm cannot.
  3. A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
  4. A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks.
Explanation:

Malware can be classified as follows:
– Virus (self replicates by attaching to another program or file)
– Worm (replicates independently of another program)
– Trojan Horse (masquerades as a legitimate file or program)
– Rootkit (gains privileged access to a machine while concealing itself)
– Spyware (collects information from a target system)
– Adware (delivers advertisements with or without consent)
– Bot (waits for commands from the hacker)
– Ransomware (holds a computer system or data captive until payment is received)

Answer:  A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.

Question 8

What type of attack uses zombies?

  1. Trojan horse
  2. DDoS
  3. SEO poisoning
  4. spear phishing

Explanation: The hacker infects multiple machines (zombies), creating a botnet. Zombies launch the distributed denial of service (DDoS) attack.

Answer: DDoS

Question 9

The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?

  1. adware
  2. DDoS
  3. phishing
  4. social engineering
  5. spyware

Explanation: Phishing, spyware, and social engineering are security attacks that collect network and user information. Adware consists, typically, of annoying popup windows. Unlike a DDoS attack, none of these attacks generate large amounts of data traffic that can restrict access to network services.

Answer: DDoS

Question 10

What is the best approach to prevent a compromised IoT device from maliciously accessing data and devices on a local network?

  1. Install a software firewall on every network device.
  2. Place all IoT devices that have access to the Internet on an isolated network.
  3. Disconnect all IoT devices from the Internet.
  4. Set the security settings of workstation web browsers to a higher level

Explanation: The best approach to protect a data network from a possibly compromised IoT device is to place all IoT devices on an isolated network that only has access to the Internet.

Answer: Place all IoT devices that have access to the Internet on an isolated network.

Question 11

What is the best method to avoid getting spyware on a machine?

  1. Install the latest operating system updates.
  2. Install the latest web browser updates.
  3. Install the latest antivirus updates.
  4. Install software only from trusted websites.

Explanation: The best method to avoid getting spyware on a user machine is to download software only from trusted websites.

Answer: Install software only from trusted websites.

Question 12

What are two security implementations that use biometrics? (Choose two.)

  1. voice recognition
  2. fob
  3. phone
  4. fingerprint
  5. credit card

Explanation: Biometric authentication can be used through the use of a fingerprint, palm print, and facial or voice recognition.

Answer: voice recognition, fingerprint

Question 13

Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?

  1. password manager
  2. Open Authorization
  3. in-private browsing mode
  4. VPN service

Explanation: Open Authorization is an open standard protocol that allows end users to access third party applications without exposing their user passwords.

Answer: Open Authorization

Question 14

A medical office employee sends emails to patients about recent patient visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?

  1. patient records
  2. first and last name
  3. contact information
  4. next appointment

Explanation: An email message is transmitted in plain text and can be read by anyone who has access to the data while it is en route to a destination. Patient records include confidential or sensitive information that should be transmitted in a secure manner.

Answer: patient records

Question 15

Which two tools used for incident detection can be used to detect anomalous behavior, to detect command and control traffic, and to detect infected hosts? (Choose two.)

  1. intrusion detection system
  2. Honeypot
  3. NetFlow
  4. Nmap
  5. a reverse proxy server

Explanation: Although each of these tools is useful for securing networks and detecting vulnerabilities, only an IDS and NetFlow logging can be used to detect anomalous behavior, command and control traffic, and infected hosts.

Answer:  intrusion detection system, NetFlow

Question 16

For what purpose would a network administrator use the Nmap tool?

  1. detection and identification of open ports
  2. protection of the private IP addresses of internal hosts
  3. identification of specific network anomalies
  4. collection and analysis of security alerts and logs

Explanation: Nmap allows an administrator to perform port scanning to probe computers and the network for open ports. This helps the administrator verify that network security policies are in place.

Answer: detection and identification of open ports

Question 17

Which stage of the kill chain used by attackers focuses on the identification and selection of targets?

  1. delivery
  2. exploitation
  3. weaponization
  4. reconnaissance

Explanation: It is the first stage, reconnaissance, of the the kill chain that focuses on the identification and selection of targets.

Answer: reconnaissance

Question 18

What is an example of the a Cyber Kill Chain?

  1. a group of botnets
  2. a planned process of cyberattack
  3. a series of worms based on the same core code
  4. a combination of virus, worm, and Trojan Horse
Explanation:

The Cyber Kill Chain describes the phases of a progressive cyberattack operation. The phases include the following:
    *Reconnaissance
    *Weaponization
    *Delivery
    *Exploitation
    *Installation
    *Command and control
    *Actions on objectives

In general, these phases are carried out in sequence. However, during an attack, several phases can be carried out simultaneously, especially if multiple attackers or groups are involved.

Answer: a planned process of cyberattack

Question 19

What tool is used to lure an attacker so that an administrator can capture, log, and analyze the behavior of the attack?

  1. Netflow
  2. IDS
  3. Nmap
  4. honeypot

Explanation: A honeypot is a tool set up by an administrator to lure an attacker so that the behavior of the attacker can be analyzed. This information can help the administrator identify weaknesses and build a stronger defense.

Answer: honeypot

Question 20

What is one main function of the Cisco Security Incident Response Team?

  1. to design polymorphic malware
  2. to design next generation routers and switches that are less prone to cyberattacks
  3. to provide standards for new encryption techniques
  4. to ensure company, system, and data preservation

Explanation: The time between a cyberattack and the time it takes to discover the attack is the time when hackers can get into a network and steal data. An important goal of the CSIRT is to ensure company, system, and data preservation through timely investigations into security incidents.

Answer: to ensure company, system, and data preservation

Question 21

What action will an IDS take upon detection of malicious traffic?

  1. block or deny all traffic
  2. drop only packets identified as malicious
  3. create a network alert and log the detection
  4. reroute malicious traffic to a honeypot

Explanation: An IDS, or intrusion detection system, is a device that can scan packets and compare them to a set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection.

Answer: create a network alert and log the detection

Leave a Comment