NOCTI: Cybersecurity Fundamentals

A. phishing

The fraudulent practice of sending emails claiming to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, is also known as

A. phishing

B. white hat hacking

C. instant messaging

D. surfing

B. theft

When thieves steal your personal information to take over or open new accounts, file fake tax returns, rent or buy properties, or do other criminal things in your name, you have been a victim of identity ________

A. spamming

B. theft

C. surfing

D. encryption

C. making a one-to-one copy of all files

What is an important aspect of evidence gathering?

A. deleting log files

B. removing infected files from the system

C. making a one-to-one copy of all files

D. allowing users to resume work on a system

D. make a one-to-one copy of the disk

When performing forensic activities on a disk to see what kind of information it contains, the first step is to

A. install backup software on the disk

B. examine the hard drive content further

C. terminate the employee's employment immediately

D. make a one-to-one copy of the disk

D. low and the impact is extremely low

An organization can accept a risk and defer it if the risk is considered

A. high and the impact is extremely low

B. high and the impact is extremely high

C. low and the impact is extremely high

D. low and the impact is extremely low

C. data redundancy

Data in the cloud is backed up and stored across multiple servers in the world. This is an example of

A. decreased data capacity

B. increased data capacity

C. data redundancy

D. data degradation

B. risk mitigation

A company decides to apply updates to a software package immediately. Which type of risk management does this represent?

A. risk acceptance

B. risk mitigation

C. risk categorization

D. risk deferment

A. blacklisting

Restricting access to a website for a specific user group is known as

A. blacklisting

B. whitelisting

C. bluelisting

D. redlisting

B. Virtual Private Network (VPN)

What technology was developed to allow remote users and branch offices to access corporate applications and resources via secure encrypted connection?

A. Access Control Lists (ACL)

B. Virtual Private Network (VPN)

C. SONNET Ring

D. Integrated Digital Services Network (ISDN)

B. IP Address

A numerical label assigned to each device connected to a computer network or on the internet is known as

A. Port Address

B. IP Address

C. RARP

D. ARP

D. trojan horse

A trick or stratagem that causes a target to invite a foe into a securely protected area, typically in the form of a malicious computer program which tricks users into willingly running it is called a/an ________

A. little worm

B. anti-virus

C. whale phishing

D. trojan horse

D. substitution cipher

In a cipher, when each letter represents a different letter, the cipher is called a

A. monolithic cipher

B. polyalphabetic cipher

C. static cipher

D. substitution cipher

D. transposition cipher

When a cipher rearranges the letters in a message, it is called a

A. monolithic cipher

B. substitution cipher

C. cryptogram

D. transposition cipher

A. cryptography

When creating a secret message, the use of a transposition cipher to create that message is called

A. cryptography

B. steganography

C. cartography

D. stenography

D. symmetric encryption

When the same key is used for encryption and decryption, the process is known as

A. transposition encryption

B. asymmetric encryption

C. block encryption

D. symmetric encryption

C. use different passwords for each account

To ensure the safety of user accounts and web applications, a user should

A. change their password every 10 days

B. use upper case and lower case letters

C. use different passwords for each account

D. store passwords under their keyboard

B. anti-virus software

Which one of the following can protect a computer from the risk of unwanted emails?

A. anti-spam software

B. anti-virus software

C. anti-spyware software

D. PC diagnostic software

A. signatures

Anti-virus software looks at the beginning and end of executable files for known virus

A. signatures

B. portfolios

C. images

D. autographs

B. Confidentiality, Integrity, Availability

The CIA of information security consists of

A. Confidentiality, Initiative, Availability

B. Confidentiality, Integrity, Availability

C. Confidentiality, Integrity, Attack

D. Controls, Integrity, Availability

B. least privilege

When someone is assigned only the rights and privileges necessary to do his/her job, this is referred to as

A. controlled access

B. least privilege

C. administrator privilege

D. super user

D. Zero Day

An exploit that is found or used before it is known to exist by the software maker is known as

A. phishing

B. DDOS

C. whaling

D. Zero Day

B. man trap

A type of access control that does not require a computer is a/an

A. access control list

B. man trap

C. authorization

D. biometrics

C. as one of the first steps after installation

Applying OS updates and patches to a newly installed operating system should be done

A. when the technician has time

B. when the client has time

C. as one of the first steps after installation

D. after the system is in use by the client

D. patch

When a software company releases fixes for specific security vulnerabilities and/or bugs in their program, it is known as a

A. program update

B. firmware update

C. feature update

D. patch

C. whaling

A phishing attack that targets a high-profile employee to obtain information is an example of

A. shoulder surfing

B. tailgating

C. whaling

D. man trap

D. Access Control Lists (ACL)

Restricting a user's or group's ability to read, write, and execute files in an OS can be controlled by

A. strong passwords

B. biometics

C. firewalls

D. Access Control Lists (ACL)

B. smart card

Which of the following is an example of the authentication method, something the user will have?

A. PIN

B. smart card

C. thumbprint

D. signature

B. authentication

Which of the following allows a user to access a computer system using credentials such as a password?

A. identification

B. authentication

C. authorization

D. accounting

C. eye

Iris and retinal patterns are an example of ______ recognition.

A. voice

B. facial

C. eye

D. fingerprint

B. physical

Facial recognition is an example of _______ biometric technology.

A. cognitive

B. physical

C. behavioral

D. identification

D. biometric reader

What is the best physical security to use in a data center to secure the servers?

A. CCTV

B. safe

C. sign-in and sign-out sheet

D. biometric reader

B. tough to enforce

Laws and procedures used for cell phones, PDAs, and cybersecurity are

A. well-established

B. tough to enforce

C. on the law books

D. in the law library

D. encryption

Which procedure converts plain text into symbols?

A. de-encryption

B. hashing

C. de-hashing

D. encryption

A. first responders

To prevent the alteration of digital evidence during collection, who should first document any activity on the computer, devices, or components?

A. first responders

B. supervisor

C. security

D. CEO

C. chain of custody

The ______ must show access to, storage, and transportation of the evidence from the crime scene to the courtroom.

A. timeline

B. criminal investigator

C. chain of custody

D. computer forensic investigator