InfoSec FA1 (M1-M2)

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/68

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 6:08 AM on 7/17/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

69 Terms

1
New cards

The action or process of identifying someone or something or the fact of being identified.

Group of answer choices

Identification

Implementation

Monitoring

Running

Identification

2
New cards

Are intended to limit the extent of any damage caused by the incident by recovering the organization to normal working status as efficiently as possible

Group of answer choices

Detective controls

Active controls

Preventive controls

Corrective controls

Corrective controls

3
New cards

What does confidentiality of data refer to?

Group of answer choices

Rules which hide data

Rules which prevent data from being changed

Rules which allow access only to all parties

Rules which restrict access only to those who need to know

Rules which restrict access only to those who need to know

4
New cards

It is necessary for a responsible individual or organization to secure confidential information.

Group of answer choices

Information Privacy

Information Confidentiality

Information Integrity

Information Security

Information Security

5
New cards

A user ID and password together provide which of the following?

Group of answer choices

Authorization

Auditing

Authentication

Identification

Authentication

6
New cards

Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?

Group of answer choices

Common access card

Role based access control

Discretionary access control

Mandatory access control

Role based access control

7
New cards

It is the action or process of classifying something according to shared qualities or characteristics.

Group of answer choices

Classification

Retention Schedules

Paper documents

Official information

Classification

8
New cards

It ought to clearly recognize how the arrangement will be implemented and how security breaches and/or wrongdoing will be dealt with.

Group of answer choices

Enforcement

Procedures

User Access to Computer Resources

Security policies

Enforcement

9
New cards

It could be a living report that gives rules for your organization's social media utilize.

Group of answer choices

Group Policy

Wireless standards policy

System Architecture

Social media policy

Social media policy

10
New cards

It is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder

Group of answer choices

Dumpster diving

Spam

Shoulder surfing

Tailgating

Shoulder surfing

11
New cards

The string: ` or 1=1-- - Represents which of the following?

Group of answer choices

Bluejacking

SQL Injection

Client-side attacks

Rogue access point

SQL Injection

12
New cards

A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?

Group of answer choices

War chalking

Bluesnarfing

War driving

Bluejacking

Bluejacking

13
New cards

It could be a program that collects chunks of information that are likely to be account names and their related passwords so that an aggressor can utilize those qualifications to posture as the individual they were stolen from.

Group of answer choices

Spamming

Clickjacking

Account phishing

Password stealer

Password stealer

14
New cards

What is not needed to be protected?

Group of answer choices

Intruder

Infrastructure

System

Data

Intruder

15
New cards

It is necessary for a responsible individual or organization to secure confidential information.

Group of answer choices

Information Confidentiality

Information Security

Information Privacy

Information Integrity

Information Security

16
New cards

Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption?

Group of answer choices

Blowfish

RC5

AES

3DES

Blowfish

17
New cards

It is a concept that has employees rotate through different jobs to learn the procedures and processes in each.

Group of answer choices

Access control

Separation of duties

Job rotation

Implicit deny

Job rotation

18
New cards

It is a system that uses two authentication methods such as smart cards and a password

Group of answer choices

Implicit deny

Multifactor authentication

Time of day restrictions

Common access card

Multifactor authentication

19
New cards

It ought to clearly recognize how the arrangement will be implemented and how security breaches and/or wrongdoing will be dealt with.

Group of answer choices

Procedures

Enforcement

Security policies

User Access to Computer Resources

Enforcement

20
New cards

It may be a cyber-attack that employments camouflaged mail as a weapon.

Group of answer choices

Phishing

Vishing

Spoofing

Hoax

Phishing

21
New cards

It is spontaneous as a rule commercial messages sent to a huge number of beneficiaries or posted in an expansive number of places

Group of answer choices

Spim

Spam

URL hijacking

whaling

Spam

22
New cards

It is type of phishing attacks that try to lure victims via voice calls.

Group of answer choices

Hoax

Spoofing

Vishing

Phishing

Vishing

23
New cards

This technique typically relies on the trusting nature of the person being attacked.

Group of answer choices

Social Engineering

Computer Engineering

Reverse Engineering

Cyber Engineering

24
New cards

It is a type of malware from cryptology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid

Group of answer choices

Polymorphic Malware

Botnets

Ransomware

Logic Bombs

Ransomware

25
New cards

It is a self-replicating program that copies itself to other computers over the network without the need for any user intervention.

Group of answer choices

Spyware

Viruses

Adware

Worms

Worms

26
New cards

It is also called access point mapping

Group of answer choices

War driving

Sinkhole Attacks

Wireless Replay Attacks

War Chalking

War driving

27
New cards

It may be a sort of assault where the aggressor breaks into the communication between the endpoints of a arrange association.

Group of answer choices

Evil twin attack

Man-in-the-Middle Attacks

Eavesdropping Attacks

Replay Attacks

Man-in-the-Middle Attacks

28
New cards

It is a rogue wireless access point installed near a legitimate one for purposes of eavesdropping or phishing.

Group of answer choices

Evil Twins

Transitive access

Wireless security

Rogue Access Points

Evil Twins

29
New cards

It is also called access point mapping

Group of answer choices

War Chalking

Sinkhole Attacks

War driving

Wireless Replay Attacks

War driving

30
New cards

It is an attack whereby the attacker renders a machine or network resource unavailable.

Group of answer choices

Distributed denial of service

ARP poisoning

Session hijacking

Denial-of-service attack

Denial-of-service attack

31
New cards

It is an established or official way of doing something.

Group of answer choices

Security Profiles

security policies

User Access to Computer Resources

Procedures

Procedures

32
New cards

It is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.

Group of answer choices

Extranet policy

Password policy

Social media policy

Wireless standards policy

Password policy

33
New cards

It discusses what if any Network Security Intrusion Detection or Prevention System is used and how it is implemented.

Group of answer choices

Information Security Auditing

Information Security Training

Remote Access

Intrusion Detection

Intrusion Detection

34
New cards

It should describe the requirements driving the change in sufficient detail to allow approvers and other officials to make an informed decision on the change request.

Group of answer choices

System architecture

Change documentation

Log

Group Policy

Change documentation

35
New cards

There are several technologies that support confidentiality in an enterprise security implementation except:

Group of answer choices

Strong encryption

Stringent access controls

Strong internet connections

Strong authentication

Strong internet connections

36
New cards

It is generally defined as the probability that an event will occur.

Group of answer choices

Threats

Intrusion

Vulnerability

Risk

Risk

37
New cards

It is about usage and what content filtering is in place.

Group of answer choices

Back-up and Recovery

Anti-Virus

Internet

E-Mail

Internet

38
New cards

What isn't objective of security?

Group of answer choices

Threats

Intrusion

Risk

Vulnerability

Intrusion

39
New cards

An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:

Group of answer choices

it is the beginning of a DDoS attack.

the internal DNS tables have been poisoned.

it is being caused by the presence of a rogue access point.

the IDS has been compromised.

it is the beginning of a DDoS attack.

40
New cards

It specifically targets senior management that hold power in companies, such as the CEO, CFO, or other executives

Group of answer choices

Spam

whaling

Spim

URL hijacking

whaling

41
New cards

A network analyst received several reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?

Group of answer choices

Replay

DDoS

Ping of Death

Smurf

Replay

42
New cards

It is the state of being whole and undivided.

Group of answer choices

Attack

Availability

Confidentiality

Integrity

Integrity

43
New cards

It is to set upon in a forceful, violent, hostile, or aggressive way, with or without a weapon

Group of answer choices

Attack

CIA Triad

Control

Integrity

Attack

44
New cards

A return to a normal state of health, mind, or strength.

Group of answer choices

Detection

IT Resources

Prevention

Recovery

Recovery

45
New cards

Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days' hashes. Which of the following security concept is Sara using?

Group of answer choices

Confidentiality

Compliance

Integrity

Availability

Integrity

46
New cards

Are the countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats or attacks.

Group of answer choices

Integrity

Attack

Control

CIA Triad

Control

47
New cards

These are malicious pieces of computer code and applications that can damage your computer, as well as steal your personal or financial information.

Group of answer choices

Software-Based Attacks

Social Engineering Attacks

Network-Based Attacks

Physical Security Attacks

Software-Based Attacks

48
New cards

It is the third core security principle, and it is defined as a characteristic of a resource being accessible to a user, application, or computer system when required.

Group of answer choices

Attack

Availability

Confidentiality

Integrity

Availability

49
New cards

A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.

Group of answer choices

Intrusion

Prevention

Threat

Vulnerability

Vulnerability

50
New cards

It is the term used for a broad range of malicious activities accomplished through human interactions.

Group of answer choices

Software-Based Attacks

Physical Security Attacks

Network-Based Attacks

Social Engineering Attacks

Social Engineering Attacks

51
New cards

Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?

Group of answer choices

Mandatory access control

Common access card

Role based access control

Discretionary access control

Role based access control

52
New cards

It limits when users can access specific systems based on the time of day or week.

Group of answer choices

Mandatory vacations

Biometrics

Security token

Time of day restrictions

Time of day restrictions

53
New cards

A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?

Group of answer choices

Enforce time of day restrictions

Implement a security policy

Implement privacy policies

Enforce mandatory vacations

Enforce mandatory vacations

54
New cards

It is a security mechanism to determine access levels or user/client privileges related to system resources including files, services, computer programs, data and application features.

Group of answer choices

Identification

Authentication

Non-repudiation

Authorization

Authorization

55
New cards

A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?

Group of answer choices

Deploy smart cards

Enforce Kerberos

Time of day restrictions

Access control lists

Time of day restrictions

56
New cards

Which of the following security concepts can prevent a user from logging on from home during the weekends?

Group of answer choices

Time of day restrictions

Common access card

Multifactor authentication

Implicit deny

Time of day restrictions

57
New cards

Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

Group of answer choices

Hashing

Digital signatures

Steganography

Transport encryption

Steganography

58
New cards

It is the assurance that someone cannot deny the validity of something.

Group of answer choices

Authorization

Identification

Authentication

Non-repudiation

Non-repudiation

59
New cards

It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.

Group of answer choices

Session Keys

Digital Signature

Key exchange

Cipher Suites

Session Keys

60
New cards

It is the conceptual show that characterizes the structure, behavior, and more sees of a system

Group of answer choices

System Architecture

Group Policy

Wireless standards policy

Social media policy

System Architecture

61
New cards

These are typically stored in folders, which are kept in filing cabinets.

Group of answer choices

Classification

Retention Schedules

Official information

Paper documents

Paper documents

62
New cards

It involves first identifying the groups and people who will need to change as the result of the project, and in what ways they will need to change.

Group of answer choices

Enterprise change management

Individual change management

Organizational change management

Change management

Organizational change management

63
New cards

Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?

Group of answer choices

Spear phishing

Spoofing

Spam

Hoaxes

Spam

64
New cards

It is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder

Group of answer choices

Shoulder surfing

Dumpster diving

Spam

Tailgating

Shoulder surfing

65
New cards

It is the act of disguising a commnication from an unknown source as being from a known, trusted source.

Group of answer choices

Hoax

Phishing

Spoofing

Vishing

Spoofing

66
New cards

It may also protect itself from antivirus programs, making it more difficult to trace.

Group of answer choices

armored virus

Botnets

Polymorphic Malware

Ransomware

armored virus

67
New cards

It is a device hack performed when a wireless, Bluetooth-enabled device is in discoverable mode.

Group of answer choices

Bluesnarfing

Bluejacking

Evil Twins

Jamming

Bluesnarfing

68
New cards

It is an attack on the protocol used to determine a device's hardware address (MAC address) on the network when the IP address is known.

Group of answer choices

Distributed denial of service

Denial-of-service attack

ARP poisoning

Session hijacking

ARP poisoning

69
New cards

Which of the following describes how an attacker can send unwanted advertisements to a mobile device?

Group of answer choices

Bluesnarfing

Packet sniffing

Man-in-the-middle

Bluejacking

Bluejacking