1/68
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
The action or process of identifying someone or something or the fact of being identified.
Group of answer choices
Identification
Implementation
Monitoring
Running
Identification
Are intended to limit the extent of any damage caused by the incident by recovering the organization to normal working status as efficiently as possible
Group of answer choices
Detective controls
Active controls
Preventive controls
Corrective controls
Corrective controls
What does confidentiality of data refer to?
Group of answer choices
Rules which hide data
Rules which prevent data from being changed
Rules which allow access only to all parties
Rules which restrict access only to those who need to know
Rules which restrict access only to those who need to know
It is necessary for a responsible individual or organization to secure confidential information.
Group of answer choices
Information Privacy
Information Confidentiality
Information Integrity
Information Security
Information Security
A user ID and password together provide which of the following?
Group of answer choices
Authorization
Auditing
Authentication
Identification
Authentication
Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?
Group of answer choices
Common access card
Role based access control
Discretionary access control
Mandatory access control
Role based access control
It is the action or process of classifying something according to shared qualities or characteristics.
Group of answer choices
Classification
Retention Schedules
Paper documents
Official information
Classification
It ought to clearly recognize how the arrangement will be implemented and how security breaches and/or wrongdoing will be dealt with.
Group of answer choices
Enforcement
Procedures
User Access to Computer Resources
Security policies
Enforcement
It could be a living report that gives rules for your organization's social media utilize.
Group of answer choices
Group Policy
Wireless standards policy
System Architecture
Social media policy
Social media policy
It is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder
Group of answer choices
Dumpster diving
Spam
Shoulder surfing
Tailgating
Shoulder surfing
The string: ` or 1=1-- - Represents which of the following?
Group of answer choices
Bluejacking
SQL Injection
Client-side attacks
Rogue access point
SQL Injection
A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?
Group of answer choices
War chalking
Bluesnarfing
War driving
Bluejacking
Bluejacking
It could be a program that collects chunks of information that are likely to be account names and their related passwords so that an aggressor can utilize those qualifications to posture as the individual they were stolen from.
Group of answer choices
Spamming
Clickjacking
Account phishing
Password stealer
Password stealer
What is not needed to be protected?
Group of answer choices
Intruder
Infrastructure
System
Data
Intruder
It is necessary for a responsible individual or organization to secure confidential information.
Group of answer choices
Information Confidentiality
Information Security
Information Privacy
Information Integrity
Information Security
Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption?
Group of answer choices
Blowfish
RC5
AES
3DES
Blowfish
It is a concept that has employees rotate through different jobs to learn the procedures and processes in each.
Group of answer choices
Access control
Separation of duties
Job rotation
Implicit deny
Job rotation
It is a system that uses two authentication methods such as smart cards and a password
Group of answer choices
Implicit deny
Multifactor authentication
Time of day restrictions
Common access card
Multifactor authentication
It ought to clearly recognize how the arrangement will be implemented and how security breaches and/or wrongdoing will be dealt with.
Group of answer choices
Procedures
Enforcement
Security policies
User Access to Computer Resources
Enforcement
It may be a cyber-attack that employments camouflaged mail as a weapon.
Group of answer choices
Phishing
Vishing
Spoofing
Hoax
Phishing
It is spontaneous as a rule commercial messages sent to a huge number of beneficiaries or posted in an expansive number of places
Group of answer choices
Spim
Spam
URL hijacking
whaling
Spam
It is type of phishing attacks that try to lure victims via voice calls.
Group of answer choices
Hoax
Spoofing
Vishing
Phishing
Vishing
This technique typically relies on the trusting nature of the person being attacked.
Group of answer choices
Social Engineering
Computer Engineering
Reverse Engineering
Cyber Engineering
It is a type of malware from cryptology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid
Group of answer choices
Polymorphic Malware
Botnets
Ransomware
Logic Bombs
Ransomware
It is a self-replicating program that copies itself to other computers over the network without the need for any user intervention.
Group of answer choices
Spyware
Viruses
Adware
Worms
Worms
It is also called access point mapping
Group of answer choices
War driving
Sinkhole Attacks
Wireless Replay Attacks
War Chalking
War driving
It may be a sort of assault where the aggressor breaks into the communication between the endpoints of a arrange association.
Group of answer choices
Evil twin attack
Man-in-the-Middle Attacks
Eavesdropping Attacks
Replay Attacks
Man-in-the-Middle Attacks
It is a rogue wireless access point installed near a legitimate one for purposes of eavesdropping or phishing.
Group of answer choices
Evil Twins
Transitive access
Wireless security
Rogue Access Points
Evil Twins
It is also called access point mapping
Group of answer choices
War Chalking
Sinkhole Attacks
War driving
Wireless Replay Attacks
War driving
It is an attack whereby the attacker renders a machine or network resource unavailable.
Group of answer choices
Distributed denial of service
ARP poisoning
Session hijacking
Denial-of-service attack
Denial-of-service attack
It is an established or official way of doing something.
Group of answer choices
Security Profiles
security policies
User Access to Computer Resources
Procedures
Procedures
It is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.
Group of answer choices
Extranet policy
Password policy
Social media policy
Wireless standards policy
Password policy
It discusses what if any Network Security Intrusion Detection or Prevention System is used and how it is implemented.
Group of answer choices
Information Security Auditing
Information Security Training
Remote Access
Intrusion Detection
Intrusion Detection
It should describe the requirements driving the change in sufficient detail to allow approvers and other officials to make an informed decision on the change request.
Group of answer choices
System architecture
Change documentation
Log
Group Policy
Change documentation
There are several technologies that support confidentiality in an enterprise security implementation except:
Group of answer choices
Strong encryption
Stringent access controls
Strong internet connections
Strong authentication
Strong internet connections
It is generally defined as the probability that an event will occur.
Group of answer choices
Threats
Intrusion
Vulnerability
Risk
Risk
It is about usage and what content filtering is in place.
Group of answer choices
Back-up and Recovery
Anti-Virus
Internet
Internet
What isn't objective of security?
Group of answer choices
Threats
Intrusion
Risk
Vulnerability
Intrusion
An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:
Group of answer choices
it is the beginning of a DDoS attack.
the internal DNS tables have been poisoned.
it is being caused by the presence of a rogue access point.
the IDS has been compromised.
it is the beginning of a DDoS attack.
It specifically targets senior management that hold power in companies, such as the CEO, CFO, or other executives
Group of answer choices
Spam
whaling
Spim
URL hijacking
whaling
A network analyst received several reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?
Group of answer choices
Replay
DDoS
Ping of Death
Smurf
Replay
It is the state of being whole and undivided.
Group of answer choices
Attack
Availability
Confidentiality
Integrity
Integrity
It is to set upon in a forceful, violent, hostile, or aggressive way, with or without a weapon
Group of answer choices
Attack
CIA Triad
Control
Integrity
Attack
A return to a normal state of health, mind, or strength.
Group of answer choices
Detection
IT Resources
Prevention
Recovery
Recovery
Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days' hashes. Which of the following security concept is Sara using?
Group of answer choices
Confidentiality
Compliance
Integrity
Availability
Integrity
Are the countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats or attacks.
Group of answer choices
Integrity
Attack
Control
CIA Triad
Control
These are malicious pieces of computer code and applications that can damage your computer, as well as steal your personal or financial information.
Group of answer choices
Software-Based Attacks
Social Engineering Attacks
Network-Based Attacks
Physical Security Attacks
Software-Based Attacks
It is the third core security principle, and it is defined as a characteristic of a resource being accessible to a user, application, or computer system when required.
Group of answer choices
Attack
Availability
Confidentiality
Integrity
Availability
A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.
Group of answer choices
Intrusion
Prevention
Threat
Vulnerability
Vulnerability
It is the term used for a broad range of malicious activities accomplished through human interactions.
Group of answer choices
Software-Based Attacks
Physical Security Attacks
Network-Based Attacks
Social Engineering Attacks
Social Engineering Attacks
Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?
Group of answer choices
Mandatory access control
Common access card
Role based access control
Discretionary access control
Role based access control
It limits when users can access specific systems based on the time of day or week.
Group of answer choices
Mandatory vacations
Biometrics
Security token
Time of day restrictions
Time of day restrictions
A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?
Group of answer choices
Enforce time of day restrictions
Implement a security policy
Implement privacy policies
Enforce mandatory vacations
Enforce mandatory vacations
It is a security mechanism to determine access levels or user/client privileges related to system resources including files, services, computer programs, data and application features.
Group of answer choices
Identification
Authentication
Non-repudiation
Authorization
Authorization
A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?
Group of answer choices
Deploy smart cards
Enforce Kerberos
Time of day restrictions
Access control lists
Time of day restrictions
Which of the following security concepts can prevent a user from logging on from home during the weekends?
Group of answer choices
Time of day restrictions
Common access card
Multifactor authentication
Implicit deny
Time of day restrictions
Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?
Group of answer choices
Hashing
Digital signatures
Steganography
Transport encryption
Steganography
It is the assurance that someone cannot deny the validity of something.
Group of answer choices
Authorization
Identification
Authentication
Non-repudiation
Non-repudiation
It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
Group of answer choices
Session Keys
Digital Signature
Key exchange
Cipher Suites
Session Keys
It is the conceptual show that characterizes the structure, behavior, and more sees of a system
Group of answer choices
System Architecture
Group Policy
Wireless standards policy
Social media policy
System Architecture
These are typically stored in folders, which are kept in filing cabinets.
Group of answer choices
Classification
Retention Schedules
Official information
Paper documents
Paper documents
It involves first identifying the groups and people who will need to change as the result of the project, and in what ways they will need to change.
Group of answer choices
Enterprise change management
Individual change management
Organizational change management
Change management
Organizational change management
Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?
Group of answer choices
Spear phishing
Spoofing
Spam
Hoaxes
Spam
It is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder
Group of answer choices
Shoulder surfing
Dumpster diving
Spam
Tailgating
Shoulder surfing
It is the act of disguising a commnication from an unknown source as being from a known, trusted source.
Group of answer choices
Hoax
Phishing
Spoofing
Vishing
Spoofing
It may also protect itself from antivirus programs, making it more difficult to trace.
Group of answer choices
armored virus
Botnets
Polymorphic Malware
Ransomware
armored virus
It is a device hack performed when a wireless, Bluetooth-enabled device is in discoverable mode.
Group of answer choices
Bluesnarfing
Bluejacking
Evil Twins
Jamming
Bluesnarfing
It is an attack on the protocol used to determine a device's hardware address (MAC address) on the network when the IP address is known.
Group of answer choices
Distributed denial of service
Denial-of-service attack
ARP poisoning
Session hijacking
ARP poisoning
Which of the following describes how an attacker can send unwanted advertisements to a mobile device?
Group of answer choices
Bluesnarfing
Packet sniffing
Man-in-the-middle
Bluejacking
Bluejacking