ITN 261 final exam OOOONOOO

idk from where to study

to help protect a company from a ransomware attack which plan should be created ?

an incident response plan

what type of attack could be prevented by having a policy of not allowing users to install software on company phones ?

malware

how would you Best prevent malicious files from reaching a Linux Apache web server?

web application firewall

the following is an administrative control the would be MOST effective to reduce the success of phasing attack ?

security awareness training

what is the best security architecture concept for preventing a worm attack form spreading beyond initial area?

network segmentation

which would be used to restrict accesss for a final PC to an office’s Ethernet port?

MAc filtering

which is most associated with vulnerability scan ?

passive Reconnaissance to get IP dress and operating system info

who attacks companies because they believe a company does business in an unethical manner ?

Hacktivist

what is one danger that a company may face when it moves to completely cloud-based solutions?

possible lack of control over cybersecurity settings

servers logs shows a hacked website used the HTTP method for authenticating uses what is the most likely happened ?

the HTTP Post method is not protected by HTTPs encryption

which of the following BEST describes the type of attacks that are prevented by air gapping critical system?

attacker from another local network segment

a company needs to set up email and web servers for both internal employees and external customers what they should do?

implement a DMZ segment

during a penetration test why would a tester perform a premiminary scan for any responsive hosts ?

to identify server IP address and OS versions for subsequent hacking

which would a company use to ensure users are only logging into system from their laptops when they are on site ?

geofencing

which of the following security concepts is used to make sure employees only have access to the file the need ?

least privilege

a security consultant receives the following output from the company’s web server what is worst danger?

unencrypted credentials over HTTP

which refers to any one system or service thta will cause damage to a company’s revenue when it doesn’t work ?

sinal point of failure

which of the following is typically responsible for a SQL database injections vulnerabilities?

lack of input validations

a crypto-virus infection is found on a workstation that has access to sensitive remote resources what is done FIRST?

disable the network connection on the workstation

which port number does HTTPS use as a default ?

433

which malware works by encrypting files across a network ?

crypto-ransomware

which of the following cryptographic algorithms is irreversible

SHA-256 (hashing )

A CEO personal info was stolen in a social engeering attack .where would it most likely show up for sale ?

dark web

which defines a nation -sate performing advanced and related attacks often employing large numbers of hacker

advanced persistent threat (APT)

a penetration tester is crawling a public website what action is the penetration tester performing ?

reconnaissance

a malicious system sends many continuous TCP SYN packets to a server which BEST describes the resulting effect ?

a denail of service attack where the server will exhaust its memory

what should an analyst do to BEST assess a small company internal servers against recommended security practices ?

run a framework like metaspolit to confirm vulnerabilities

what is the best encryption standard to use on a company wireless access point ?

implement WPA3

which of the following account types should employees on the shop foor with computers thta will log their time receive ?

user accounts based on employee names