IA&SEC1: MIDTERMS REVIEWER

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/482

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 1:09 PM on 7/13/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

483 Terms

1
New cards

What does integrity of information allude to

The level of assurance which can be given as to how strong data is

The level of assurance which can be given as to how structured data is

The level of assurance which can be given as to how accurate and trustworthy data is

The level of assurance which can be given as to how relevant the data is

The level of assurance which can be given as to how accurate and trustworthy data is

2
New cards

What is not goal of security?

Threats

Risk

Intrusion

Vulnerability

Intrusion

3
New cards

A shortcoming which can be misused by a risk actor, such as an aggressor, to perform unauthorized activities inside a computer system.

Intrusion

Vulnerability

Threat

Prevention

Vulnerability

4
New cards

Franz is working on her college applications online, when the admissions site crashes. She is incapable to turn in her application on time.

Confidentiality

Availability

Integrity

None of the above

Availability

5
New cards

Are intended to limit the extent of any damage caused by the incident by recovering the organization to normal working status as efficiently as possible

Corrective controls

Preventive controls

Active controls

Detective controls

Corrective controls

6
New cards

It is the state of being whole and undivided.

Confidentiality

Availability

Integrity

Attack

Integrity

7
New cards

It is to set upon in a powerful, rough, antagonistic, or forceful way, with or without a weapon

Attack

Integrity

Control

CIA Triad

Attack

8
New cards

PJ is buying books from an online retail location, and she finds that she can alter the cost of a book from $19.99 to $1.99. Which portion of the CIA set of three has been broken?

Availability

None of the above

Integrity

Confidentiality

Integrity

9
New cards

Are the countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats or attacks.

Control

Attack

CIA Triad

Integrity

Control

10
New cards

A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?

Business continuity

Data integrity

High availability

Data confidentiality

Data integrity

11
New cards

A security technique that regulates who or what can view or use resources in a computing environment

Separation of duties

Implicit deny

Job rotation

Access control

Access control

12
New cards

An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?

Run a last logon script to look for inactive accounts.

Implement a password expiration policy.

Implement time of day restrictions for all temporary employees.

Implement an account expiration date for permanent employees.

Run a last logon script to look for inactive accounts.

13
New cards

Which of the following concepts describes the use of a one-way transformation in order to validate the integrity of a program?

Hashing

Non-repudiation

Steganography

Key escrow

Hashing

14
New cards

Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

Single factor authentication

Biometrics

Multifactor authentication

PKI

Multifactor authentication

15
New cards

It uses a single key to encrypt and decrypt data.

Hashing

encryption key

Asymmetric encryption

Symmetric encryption

Symmetric encryption

16
New cards

It is a principle that prevents any single person or entity from being able to have full access or complete all the functions of a critical or sensitive process.

Job rotation

Access control

Implicit deny

Separation of duties

Separation of duties

17
New cards

It is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.

Key exchange

Cipher Suites

Digital Signature

Session Keys

Key exchange

18
New cards

Which of the following access controls enforces permissions based on data labeling at specific levels?

Role based access control

Mandatory access control

Separation of duties access control

Discretionary access control

Mandatory access control

19
New cards

Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image?

Steganography

Transport encryption

Hashing

Digital signature

Steganography

20
New cards

It can limit access to sensitive environments to normal business hours when. oversight and monitoring can be performed to prevent fraud, abuse, or intrusion.

Time of day restrictions

Mandatory vacations

Biometrics

Security token

Time of day restrictions

21
New cards

It is a built up or official way of doing something.

Procedures

User Access to Computer Resources

Enforcement

Security policies

Procedures

22
New cards

It could be a level of quality or fulfillment

Guidelines

Standards

Policy statement

Security policy

Standards

23
New cards

It is the continued possession, use, or control of documentation

disposal

destruction

retention

Storage

retention

24
New cards

It may be a common rule, guideline, or piece of counsel.

Policy statement

Security policy

Guidelines

Standards

Guidelines

25
New cards

It portrays the approach beneath which third-party organizations connect to your systems for the reason of executing commerce related to your company

Password policy

Extranet policy

Privacy policy

Audit policy

Extranet policy

26
New cards

Electronic records that are not archival. Click here for tips on identifying and deleting electronic records that have met retention.

Transfer

Recycle

Delete

Shred

Delete

27
New cards

It could be a set of rules outlined to upgrade computer security by empowering clients to utilize solid passwords and utilize them appropriately.

Privacy policy

Extranet policy

Audit policy

Password policy

Password policy

28
New cards

It is almost utilization and what substance sifting is in put.

Internet

Anti-Virus

Intrusion Detection

Back-up and Recovery

Internet

29
New cards

It ought to recognize the parts and duties of clients getting to assets on the organization's network

Enforcement

Security policies

User Access to Computer Resources

Procedures

User Access to Computer Resources

30
New cards

It lists the retention period and disposal method for each type of record.

Classification

Paper documents

Official information

Retention Schedules

Retention Schedules

31
New cards

It is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization

URL hijacking

Spam

Spim

whaling

URL hijacking

32
New cards

It is a growing problem for individual computer users as well as large corporations and organizations.

Script kiddie

Malicious insiders

Hacktivists

Data theft

Data theft

33
New cards

A human resources employee receives an email from a family member stating there is a new virus going around. In order to remove the virus, a user must delete the Boot.ini file from the system immediately. This is an example of which of the following?

Hoax

Whaling

Spam

Phishing

Hoax

34
New cards

It could be a developing issue for person computer clients as well as huge organizations and organizations.

Malicious insiders

Data theft

Script kiddie

Hacktivists

Data theft

35
New cards

It is the act of stealing information stored on computers, servers, or other devices from an unknowing victim with the intent to compromise privacy or obtain confidential information.

Data theft

Hacktivists

Script kiddie

Malicious insiders

Data theft

36
New cards

It could be an individual who picks up unauthorized get to to computer records or systems in arrange to encourage social or political closes.

Hacktivists

Malicious insiders

Data theft

Script kiddie

Hacktivists

37
New cards

It is the act of taking data put away on computers, servers, or other gadgets from an unconscious casualty with the expectation to compromise protection or get secret data

Data theft

Script kiddie

Malicious insiders

Hacktivists

Data theft

38
New cards

It may be a strategy utilized by cyber offenders to disguise as a senior player at an organization and straightforwardly target senior or other vital people at an organization

Spim

Spam

URL hijacking

whaling

whaling

39
New cards

It may be a strategy utilized to pick up get to to information, frameworks, or systems, basically through deception

Cyber Engineering

Reverse Engineering

Computer Engineering

Social Engineering

Social Engineering

40
New cards

It is a software or hardware device designed to gain administrator-level control over a computer system without being detected. Rootkits can target the BIOS, hypervisor, boot loader, kernel or, less commonly, libraries or applications.

Rootkits

keylogger

Backdoor Attacks

Trojan Horse

Rootkits

41
New cards

Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?

Spyware

Backdoor

Root Kit

Logic Bomb

Backdoor

42
New cards

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. Which of the following was used to perform this attack?

XML injection

Packet sniffer

Proxy

SQL injection

XML injection

43
New cards

It is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

Logic Bombs

Ransomware

Polymorphic Malware

Botnets

Logic Bombs

44
New cards

It gathers your personal information and relays it to advertisers, data firms, or external users.

Adware

Spyware

Viruses

Worms

Spyware

45
New cards

These attacks start with commonly used, weak passwords like Password123 and move on from there.

Man In the Middle

Dictionary attack

Brute force

Rainbow Table Attack

Brute force

46
New cards

It is a software that automatically displays or downloads advertising material (often unwanted) when a user is online.

Worms

Viruses

Adware

Spyware

Adware

47
New cards

Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe's browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this impersonation?

XML injection

Header manipulation

Directory traversal

Session hijacking

Session hijacking

48
New cards

It does not corrupt or modify files on a target computer.

Adware

Worms

Spyware

Viruses

Worms

49
New cards

These are considered one of the most serious types of malware since they may be used to gain unauthorized access to remote systems and perform malicious operations.

Backdoor Attacks

Trojan Horse

Rootkits

keylogger

Rootkits

50
New cards

It is the use of messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same website.

Password stealer

Account phishing

Spamming

Clickjacking

Spamming

51
New cards

It is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

Denial-of-service attack

Distributed denial of service

Session hijacking

ARP poisoning

Denial-of-service attack

52
New cards

It is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius.

Jamming

Evil Twins

Bluesnarfing

Bluejacking

Bluejacking

53
New cards

It is the utilize of informing frameworks to send a spontaneous message (spam), particularly promoting, as well as sending messages over and over on the same site

Clickjacking

Spamming

Account phishing

Password stealer

Spamming

54
New cards

It is the action of sending promotions by e-mail to individuals who don't need to get them

Spamming

Clickjacking

Password stealer

Account phishing

Spamming

55
New cards

It is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.

Man-in-the-Middle Attacks

Replay Attacks

Evil twin attack

Eavesdropping Attacks

Man-in-the-Middle Attacks

56
New cards

It is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.

Spamming

Password stealer

Clickjacking

Account phishing

Clickjacking

57
New cards

It can be troublesome to distinguish since the network transmissions will show up to be working regularly.

Man-in-the-Middle Attacks

Replay Attacks

Evil twin attack

Eavesdropping Attacks

Eavesdropping Attacks

58
New cards

It is the prevention of unauthorized users from accessing your wireless network and stealing the data using your Wi-Fi network.

Transitive access

Wireless security

Evil Twins

Rogue Access Points

Wireless security

59
New cards

What does confidentiality of data refer to?

Rules which prevent data from being changed

Rules which restrict access only to those who need to know

Rules which allow access only to all parties

Rules which hide data

Rules which restrict access only to those who need to know

60
New cards

It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?

Safety

Availability

Integrity

Confidentiality

Integrity

61
New cards

It is the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.

Information Integrity

Information Privacy

Information Confidentiality

Information Security

Information Security

62
New cards

A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.

Prevention

Threat

Vulnerability

Intrusion

Vulnerability

63
New cards

The process of putting a decision or plan into effect also known as execution.

Running

Monitoring

Identification

Implementation

Implementation

64
New cards

It is the state of being whole and unified.

Availability

Confidentiality

Integrity

Integrity

65
New cards

In cybersecurity, what does CIA stand for?

Central Intelligence Agency

Cybersecurity Investigation Agency

Confidentiality, Integrity, Availability

Cybersecurity, Internet, Accessibility

Confidentiality, Integrity, Availability

66
New cards

It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.

Cipher Suites

Session Keys

Key exchange

Digital Signature

Session Keys

67
New cards

It only denies a permission until the user or group can perform the permission

Separation of duties

Access control

Implicit deny

Job rotation

Implicit deny

68
New cards

During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).

SSL 1.0

AES

RC4

SSL 3.0

SSL 1.0

69
New cards

It is the process of verifying the identity of a person or device.

Authentication

Identification

Authorization

Non-repudiation

Authentication

70
New cards

It helps to reduce fraud and discover malicious activities by employees.

Security token

Time of day restrictions

Biometrics

Mandatory vacations

Mandatory vacations

71
New cards

It is a system that uses two authentication methods such as smart cards and a password

Multifactor authentication

Common access card

Time of day restrictions

Implicit deny

Multifactor authentication

72
New cards

To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third-party software and hardware vendors. Which of the following should be recommended?

Blowfish

SHA

MD5

AES

AES

73
New cards

A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client-side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

2

4

1

3

3

74
New cards

It gives centralized administration and setup of operating systems, applications, and users' settings in an Active Directory environment.

Wireless standards policy

Group Policy

System Architecture

Social media policy

Group Policy

75
New cards

It is the discipline that guides how we prepare, equip and support individuals to successfully adopt change in order to drive organizational success and outcomes.

Organizational change management

Enterprise change management

Change management

Individual change management

Change management

76
New cards

It is how are all the security programs looked into and how as often as possible

Information Security Training

Acceptable User Policy

Information Security Auditing

Remote Access

Information Security Auditing

77
New cards

It characterizes account limits for a set of clients of one or more assets.

Privacy policy

Audit policy

Password policy

Extranet policy

Audit policy

78
New cards

It involves first identifying the groups and people who will need to change as the result of the project, and in what ways they will need to change.

Organizational change management

Individual change management

Change management

Enterprise change management

Organizational change management

79
New cards

It distinguishes the recurrence of overhauling the record definitions as well as how detachable media, mail connections and other records are filtered.

Intrusion Detection

Internet

Anti-Virus

Back-up and Recovery

Anti-Virus

80
New cards

It ought to report what sort of mindfulness program is in put and how is it communicated on a normal premise.

Information Security Auditing

Information Security Training

Remote Access

Acceptable User Policy

Information Security Training

81
New cards

It is the teach that guides how we plan, prepare and back people to effectively embrace alter in arrange to drive organizational victory and results.

Change management

Individual change management

Enterprise change management

Organizational change management

Change management

82
New cards

It gives rules with respect to remote access points and the administration by ITS of 802.11X and related remote guidelines get to

System Architecture

Group Policy

Social media policy

Wireless standards policy

Wireless standards policy

83
New cards

It is a cyber-attack that uses disguised email as a weapon.

Vishing

Hoax

Phishing

Spoofing

Phishing

84
New cards

Which of the following might a security administrator actualize to relieve the hazard of tailgating for a huge organization?

Train employees on correct data disposal techniques and enforce policies.

Train employees on risks associated with social engineering attacks and enforce policies.

Only allow employees to enter or leave through one door at specified times of the day.

Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.

Train employees on risks associated with social engineering attacks and enforce policies.

85
New cards

It is perpetuated by bots that harvest IM screen names off of the Internet and simulate a human user by sending spam to the screen names via an instant message.

Spam

Spim

whaling

URL hijacking

Spim

86
New cards

It can lead to a tremendous drop in guests of websites.

Spam

URL hijacking

whaling

Spim

URL hijacking

87
New cards

It is the false hone of making phone calls or clearing out voice messages implying to be from legitimate companies in arrange to initiate people to uncover individual data, such as bank subtle elements and credit card numbers.

Vishing

Hoax

Spoofing

Phishing

Vishing

88
New cards

It is also sometimes considered an act of Internet terrorism where terrorist activities.

Script kiddie

Electronic vandalism

Cyberterrorism

Data theft

Cyberterrorism

89
New cards

It copies (something) whereas overstating its characteristic highlights for comedian impact

Phishing

Vishing

Hoax

Spoofing

Spoofing

90
New cards

Which of the following attacks targets high level executives to gain company information?

Spoofing

Vishing

Whaling

Phishing

Whaling

91
New cards

Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server?

SQL Injection

Cookies

Theft of the physical database server

Cross-site scripting

SQL Injection

92
New cards

An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?

Cross-site scripting

Command injection

SQL injection

LDAP injection

LDAP injection

93
New cards

A security administrator wants to deploy security controls to mitigate the threat of company employees' personal information being captured online. Which of the following would BEST serve this purpose?

Antivirus

Web content filter

Host-based firewall

Anti-spyware

Anti-spyware

94
New cards

It may also protect itself from antivirus programs, making it more difficult to trace.

Botnets

Polymorphic Malware

Ransomware

armored virus

armored virus

95
New cards

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?

XML injection

SQL injection

Buffer overflow

Cross-site scripting

Buffer overflow

96
New cards

It can happen there the hacker uses some website applications to transfer some bad malicious code.

Cross-site scripting

SQL injection

LDAP injection

XML injection

Cross-site scripting

97
New cards

It is a self-replicating program that copies itself to other computers over the network without the need for any user intervention.

Viruses

Spyware

Worms

Adware

Worms

98
New cards

A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?

Malicious add-on

Zero-day

Cross site scripting

Buffer overflow

Buffer overflow

99
New cards

These are attacks against an opening left in a functional piece of software that allows access into a system or software application without the owner's knowledge.

Trojan Horse

Backdoor Attacks

keylogger

Rootkits

Backdoor Attacks

100
New cards

It is also called access point mapping

War Chalking

Wireless Replay Attacks

War driving

Sinkhole Attacks

War driving