1/518
IT0005 / IT0125 || Compileation of FAs 1-4
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Franz is working on her university applications online, when the admissions website crashes. She is unable to turn in her application on time.
Choices:
Confidentiality
Integrity
Availability
None of the above
Availability
It is the third core security principle, and it is defined as a characteristic of a resource being accessible to a user, application, or computer system when required.
Choices:
Integrity
Attack
Confidentiality
Availability
Availability
What does confidentiality of data imply to
Choices:
Rules which hide data
Rules which allow access only to all parties
Rules which prevent data from being changed
Rules which restrict access only to those who need to know
Rules which restrict access only to those who need to know
Facts and statistics collected together for reference or analysis.
Choices:
Detection
Data
IT Resources
Prevention
Data
It is the state of being whole and undivided.
Choices:
Confidentiality
Availability
Integrity
Attack
Integrity
JP gets his phone bill in the mail. The bill was supposed to be for $80, but the mail person spilled water on the bill, smearing the ink. The bill now asks for $8.
Choices:
None of the above
Confidentiality
Availability
Integrity
Integrity
A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.
Choices:
Prevention
Threat
Vulnerability
Intrusion
Vulnerability
What is not goal of security?
Choices:
Threats
Risk
Intrusion
Vulnerability
Intrusion
Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?
Choices:
Increased availability of network services due to higher throughput
Longer MTBF of hardware due to lower operating temperatures
Longer UPS run time due to increased airflow
Higher data integrity due to more efficient SSD cooling
Increased availability of network services due to higher throughput
It limits when users can access specific systems based on the time of day or week.
Choices:
Security token
Time of day restrictions
Mandatory vacations
Biometrics
Time of day restrictions
Which of the following security concepts can avoid a client from logging on from home amid the ends of the week?
Choices:
Implicit deny
Multifactor authentication
Common access card
Time of day restrictions
Time of day restrictions
A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client-side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?
Choices:
2
4
1
3
3
It is a principle that prevents any single person or entity from being able to have full access or complete all the functions of a critical or sensitive process.
Choices:
Job rotation
Access control
Implicit deny
Separation of duties
Separation of duties
It is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.
Choices:
Key exchange
Cipher Suites
Digital Signature
Session Keys
Key exchange
It is the practice of converting a password to a longer and more random key for cryptographic purposes such as encryption.
Choices:
Key exchange
Key Stretching
Cipher Suites
Session Keys
Key Stretching
Which of the following security concepts can prevent a user from logging on from home during the weekends?
Choices:
Implicit deny
Common access card
Multifactor authentication
Time of day restrictions
Time of day restrictions
Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?
Choices:
Single factor authentication
Biometrics
Multifactor authentication
PKI
Multifactor authentication
It also known as public key cryptography
Choices:
Hashing
encryption key
Asymmetric encryption
Symmetric encryption
Asymmetric encryption
It is the action or process of classifying something according to shared qualities or characteristics.
Choices:
Classification
Retention Schedules
Paper documents
Official information
Classification
It could be a level of quality or fulfillment
Choices:
Guidelines
Standards
Policy statement
Security policy
24. It involves first identifying the
Standards
It involves first identifying the groups and people who will need to change as the result of the project, and in what ways they will need to change.
Choices:
Organizational change management
Individual change management
Change management
Enterprise change management
Organizational change management
It could be a set of rules connected by the proprietor, maker or director of a network, site, or service
Choices:
Remote Access
Acceptable User Policy
Information Security Auditing
Information Security Training
Acceptable User Policy
Is the act or process of throwing away or getting rid of documentation
Choices:
destruction
retention
Storage
disposal
disposal
It talks about what in the event that any Network Security Intrusion Detection or Prevention Framework is utilized and how it is executed.
Choices:
Intrusion Detection
Internet
Back-up and Recovery
Anti-Virus
Intrusion Detection
It distinguishes all the ways that the system can be remotely accessed and what is in put to guarantee that get to be from as it were authorized people
Choices:
Remote Access
Information Security Auditing
Acceptable User Policy
Information Security Training
Remote Access
It ought to report what sort of mindfulness program is in put and how is it communicated on a normal premise.
Choices:
Information Security Auditing
Information Security Training
Remote Access
Acceptable User Policy
Information Security Training
Paper and electronic records to the University Archives if they have permanent legal, fiscal, administrative, or historical value.
Choices:
Transfer
Shred
Delete
Recycle
Transfer
It may be a cyber-attack that employments camouflaged mail as a weapon.
Choices:
Vishing
Phishing
Spoofing
Hoax
Phishing
It is the process by which a URL is wrongly removed from the search engine index and replaced by another URL.
Choices:
URL hijacking
Spim
whaling
Spam
whaling
It is sort of phishing assaults that attempt to bait casualties by means of voice calls
Choices:
Vishing
Hoax
Spoofing
Phishing
Vishing
It is also known as piggybacking
Choices:
Dumpster diving
Shoulder surfing
Spam
Tailgating
Tailgating
At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe?
Choices:
Whaling
Tailgating
Shoulder surfing
Impersonation
Tailgating
It is spontaneous as a rule commercial messages sent to a huge number of beneficiaries or posted in an expansive number of places
Choices:
Spim
whaling
URL hijacking
Spam
Spam
Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?
Choices:
Spoofing
Hoaxes
Spam
Spear phishing
Spam
It is type of phishing attacks that try to lure victims via voice calls.
Choices:
Hoax
Phishing
Vishing
Spoofing
Vishing
It could be a developing issue for person computer clients as well as huge organizations and organizations.
Choices:
Malicious insiders
Data theft
Script kiddie
Hacktivists
Data theft
This technique typically relies on the trusting nature of the person being attacked.
Choices:
Computer Engineering
Social Engineering
Reverse Engineering
Cyber Engineering
Social Engineering
Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?
Choices:
Rootkit
Botnet
Logic bomb
Worm
Logic bomb
A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?
Choices:
XML injection
SQL injection
Buffer overflow
Cross-site scripting
Buffer overflow
Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of?
Choices:
Botnet
Backdoor
Rootkit
Spyware
Backdoor
It is several Internet-connected devices, each of which is running one or more bots.
Choices:
Polymorphic Malware
Botnets
Logic Bombs
Ransomware
Botnets
It may be a program that can duplicate itself and infect a computer without the user’s consent or information. Early viruses were usually a few forms of executable code that was hidden within the boot sector of a disk or as an executable file.
Choices:
Viruses
Adware
Worms
Spyware
Viruses
It is an executable program that appears as a desirable or useful program.
Choices:
Backdoor Attacks
keylogger
Trojan Horse
Rootkits
Trojan Horse
It is a software program designed to provide a user with administrator access to a computer without being detected.
Choices:
Trojan Horse
Rootkits
Backdoor Attacks
keylogger
Rootkits
It is a software that automatically displays or downloads advertising material (often unwanted) when a user is online.
Choices:
Worms
Viruses
Adware
Spyware
Adware
It does this by monitoring a user's input and keeping a log of all keys that are pressed.
Choices:
Trojan Horse
keylogger
Rootkits
Backdoor Attacks
keylogger
It can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection.
Choices:
Polymorphic Malware
Botnets
Ransomware
Logic Bombs
Botnets
It may be a sort of assault where the aggressor breaks into the communication between the endpoints of a arrange association.
Choices:
Evil twin attack
Man-in-the-Middle Attacks
Eavesdropping Attacks
Replay Attacks
Man-in-the-Middle Attacks
It is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
Choices:
Man-in-the-Middle Attacks
Replay Attacks
Evil twin attack
Eavesdropping Attacks
Man-in-the-Middle Attacks
It is the use of messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same website.
Choices:
Password stealer
Account phishing
Spamming
Clickjacking
Spamming
It is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.
Choices:
Spamming
Password stealer
Clickjacking
Account phishing
Clickjacking
Which of the following attacks allows access to contact lists on cellular phones?
Choices:
War chalking
Packet sniffing
Bluesnarfing
Blue jacking
Bluesnarfing
All the following are Environmental Threats except
Choices:
Assessment
Flood
Extreme humidity
Extreme temperature
Assessment
It is any Wi-Fi access point that is installed on a network but is not authorized for operation on that network and is not under the management of the network administrator.
Choices:
Rogue Access Points
Wireless security
Transitive access
Evil Twins
Rogue Access Points
It can be difficult to detect because the network transmissions will appear to be operating normally.
Choices:
Man-in-the-Middle Attacks
Eavesdropping Attacks
Evil twin attack
Replay Attacks
Eavesdropping Attacks
It is also called access point mapping
Choices:
War Chalking
Wireless Replay Attacks
War driving
Sinkhole Attacks
War driving
Which of the following describes how an attacker can send unwanted advertisements to a mobile device?
Choices:
Man-in-the-middle
Bluejacking
Packet sniffing
Bluesnarfing
Bluejacking
A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?
Choices:
Business continuity
Data integrity
High availability
Data confidentiality
Data integrity
A shortcoming which can be misused by a risk actor, such as an aggressor, to perform unauthorized activities inside a computer system.
Choices:
Intrusion
Vulnerability
Threat
Prevention
Vulnerability
These are attacks designed to compromise network security by either eavesdropping on or intercepting and manipulating network traffic.
Choices:
Software-Based Attacks
Social Engineering Attacks
Network-Based Attacks
Physical Security Attacks
Network-Based Attacks
It is protection of available information or information resources.
Choices:
Information Confidentiality
Information Privacy
Information Security
Information Integrity
Information Security
It is to set upon in a forceful, violent, hostile, or aggressive way, with or without a weapon
Choices:
Control
CIA Triad
Integrity
Attack
Attack
What does availability of data refer to?
Choices:
The level of assurance that data will be available to people who need it, when they need it
The level of assurance that data exists
The level of assurance that data will be accurate and trustworthy
The level of assurance that data will be restricted to people who need it, when they need it
The level of assurance that data exists
What does confidentiality of information allude to?
Choices:
Rules which restrict access only to those who need to know
Rules which allow access only to all parties
Rules which hide data
Rules which prevent data from being changed
Rules which restrict access only to those who need to know
It is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.
Choices:
Intrusion
Threat
Prevention
Vulnerability
Threat
It is a concept that has employees rotate through different jobs to learn the procedures and processes in each.
Choices:
Access control
Job rotation
Separation of duties
Implicit deny
Job rotation
It uses a single key to encrypt and decrypt data.
Choices:
Hashing
encryption key
Asymmetric encryption
Symmetric encryption
Symmetric encryption
A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?
Choices:
Enforce mandatory vacations
Enforce time of day restrictions
Implement privacy policies
Implement a security policy
Enforce mandatory vacations
It is an authentication method that identifies and recognizes individuals based on voice recognition or physical characteristics such as a fingerprint, face acknowledgment, iris recognition, and retina check
Choices:
Biometrics
Keystroke dynamics
Token
Kerberos
Biometrics
To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third-party software and hardware vendors. Which of the following should be recommended?
Choices:
Blowfish
SHA
MD5
AES
AES
It provides two-way authentication
Choices:
Mutual authentication
Biometrics
Multifactor authentication
Single factor authentication
Multifactor authentication
During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).
Choices:
SSL 1.0
AES
RC4
SSL 3.0
SSL 1.0
Records that are not confidential and do not contain personal/financial identifying information.
Choices:
Shred
Transfer
Delete
Recycle
Recycle
It ought to recognize the parts and duties of clients getting to assets on the organization’s network
Choices:
Enforcement
Security policies
User Access to Computer Resources
Procedures
User Access to Computer Resources
These are typically stored in folders, which are kept in filing cabinets.
Choices:
Paper documents
Retention Schedules
Classification
Official information
Paper documents
It portrays the approach beneath which third-party organizations connect to your systems for the reason of executing commerce related to your company
Choices:
Password policy
Extranet policy
Privacy policy
Audit policy
Extranet policy
It could be a living report that gives rules for your organization’s social media utilize.
Choices:
Wireless standards policy
Social media policy
System Architecture
Group Policy
Social media policy
It could be a set of rules outlined to upgrade computer security by empowering clients to utilize solid passwords and utilize them appropriately.
Choices:
Privacy policy
Extranet policy
Audit policy
Password policy
Password policy
It ought to incorporate data that recognizes how security profiles will be connected consistently over common gadgets
Choices:
Security Profiles
Sensitive data
Passwords
Security Profiles
It incorporates how to handle connections, through sifting, individual utilize of the mail framework, dialect confinements, and authentic necessities
Choices:
Security Profiles
Passwords
Sensitive data
It has been determined to require, in the interests of national security, protection against unauthorized disclosure and which has been so designated.
Choices:
Paper documents
Official information
Retention Schedules
Classification
Official information
It could be an individual who picks up unauthorized get to to computer records or systems in arrange to encourage social or political closes.
Choices:
Hacktivists
Malicious insiders
Data theft
Script kiddie
Hacktivists
A human resources employee receives an email from a family member stating there is a new virus going around. In order to remove the virus, a user must delete the Boot.ini file from the system immediately. This is an example of which of the following?
Choices:
Hoax
Whaling
Spam
Phishing
Hoax
It is a growing problem for individual computer users as well as large corporations and organizations.
Choices:
Script kiddie
Malicious insiders
Hacktivists
Data theft
Data theft
It can be current or previous representatives, temporary workers or trade accomplices that picks up get to an organization arrange, system or information and discharge this data without authorization by the organization.
Choices:
Script kiddie
Malicious insiders
Hacktivists
Data theft
Malicious insiders
It is unsolicited usually commercial messages sent to a large number of recipients or posted in a large number of places
Choices:
whaling
URL hijacking
Spam
Spim
Spam
It is the false hone of sending emails implying to be from legitimate companies in arrange to actuate people to uncover individual data, such as passwords and credit card numbers.
Choices:
Vishing
Phishing
Spoofing
Hoax
Phishing
It is frequently a chain message telling beneficiaries to forward the mail to all their contacts.
Choices:
Phishing
Vishing
Spoofing
Hoax
Hoax
It is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.
Choices:
Electronic vandalism
Script kiddie
Data theft
Cyberterrorism
Cyberterrorism
It copies (something) whereas overstating its characteristic highlights for comedian impact
Choices:
Phishing
Vishing
Hoax
Spoofing
Spoofing
It is the act of disguising a communication from an unknown source as being from a known, trusted source.
Choices:
Hoax
Spoofing
Vishing
Phishing
Spoofing
A security administrator is concerned about the strength of user's passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?
Choices:
Increase the password history
Shorten the password expiration period
Increase the password length requirements
Decrease the account lockout time
Shorten the password expiration period
These are considered one of the most serious types of malware since they may be used to gain unauthorized access to remote systems and perform malicious operations.
Choices:
Backdoor Attacks
Trojan Horse
Rootkits
keylogger
Rootkits
It attacks are often facilitated by social engineering attacks which lure the user to a fake site.
Choices:
Man In the Middle
Rainbow Table Attack
Brute force
Dictionary attack
Man In the Middle
A type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult
Choices:
armored virus
Polymorphic Malware
Ransomware
Botnets
armored virus
It Use a program to generate likely passwords or even random character sets.
Choices:
Rainbow Table Attack
Dictionary attack
Brute force
Man In the Middle
Brute force
It consumes bandwidth and ties up processor and memory resources, slowing the system down, and causing the system to become unusable.
Choices:
Viruses
Adware
Worms
Spyware
Worms
Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe's browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this impersonation?
Choices:
XML injection
Header manipulation
Directory traversal
Session hijacking
Session hijacking