1/482
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
What does integrity of information allude to
The level of assurance which can be given as to how strong data is
The level of assurance which can be given as to how structured data is
The level of assurance which can be given as to how accurate and trustworthy data is
The level of assurance which can be given as to how relevant the data is
The level of assurance which can be given as to how accurate and trustworthy data is
What is not goal of security?
Threats
Risk
Intrusion
Vulnerability
Intrusion
A shortcoming which can be misused by a risk actor, such as an aggressor, to perform unauthorized activities inside a computer system.
Intrusion
Vulnerability
Threat
Prevention
Vulnerability
Franz is working on her college applications online, when the admissions site crashes. She is incapable to turn in her application on time.
Confidentiality
Availability
Integrity
None of the above
Availability
Are intended to limit the extent of any damage caused by the incident by recovering the organization to normal working status as efficiently as possible
Corrective controls
Preventive controls
Active controls
Detective controls
Corrective controls
It is the state of being whole and undivided.
Confidentiality
Availability
Integrity
Attack
Integrity
It is to set upon in a powerful, rough, antagonistic, or forceful way, with or without a weapon
Attack
Integrity
Control
CIA Triad
Attack
PJ is buying books from an online retail location, and she finds that she can alter the cost of a book from $19.99 to $1.99. Which portion of the CIA set of three has been broken?
Availability
None of the above
Integrity
Confidentiality
Integrity
Are the countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats or attacks.
Control
Attack
CIA Triad
Integrity
Control
A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?
Business continuity
Data integrity
High availability
Data confidentiality
Data integrity
A security technique that regulates who or what can view or use resources in a computing environment
Separation of duties
Implicit deny
Job rotation
Access control
Access control
An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?
Run a last logon script to look for inactive accounts.
Implement a password expiration policy.
Implement time of day restrictions for all temporary employees.
Implement an account expiration date for permanent employees.
Run a last logon script to look for inactive accounts.
Which of the following concepts describes the use of a one-way transformation in order to validate the integrity of a program?
Hashing
Non-repudiation
Steganography
Key escrow
Hashing
Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?
Single factor authentication
Biometrics
Multifactor authentication
PKI
Multifactor authentication
It uses a single key to encrypt and decrypt data.
Hashing
encryption key
Asymmetric encryption
Symmetric encryption
Symmetric encryption
It is a principle that prevents any single person or entity from being able to have full access or complete all the functions of a critical or sensitive process.
Job rotation
Access control
Implicit deny
Separation of duties
Separation of duties
It is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.
Key exchange
Cipher Suites
Digital Signature
Session Keys
Key exchange
Which of the following access controls enforces permissions based on data labeling at specific levels?
Role based access control
Mandatory access control
Separation of duties access control
Discretionary access control
Mandatory access control
Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image?
Steganography
Transport encryption
Hashing
Digital signature
Steganography
It can limit access to sensitive environments to normal business hours when. oversight and monitoring can be performed to prevent fraud, abuse, or intrusion.
Time of day restrictions
Mandatory vacations
Biometrics
Security token
Time of day restrictions
It is a built up or official way of doing something.
Procedures
User Access to Computer Resources
Enforcement
Security policies
Procedures
It could be a level of quality or fulfillment
Guidelines
Standards
Policy statement
Security policy
Standards
It is the continued possession, use, or control of documentation
disposal
destruction
retention
Storage
retention
It may be a common rule, guideline, or piece of counsel.
Policy statement
Security policy
Guidelines
Standards
Guidelines
It portrays the approach beneath which third-party organizations connect to your systems for the reason of executing commerce related to your company
Password policy
Extranet policy
Privacy policy
Audit policy
Extranet policy
Electronic records that are not archival. Click here for tips on identifying and deleting electronic records that have met retention.
Transfer
Recycle
Delete
Shred
Delete
It could be a set of rules outlined to upgrade computer security by empowering clients to utilize solid passwords and utilize them appropriately.
Privacy policy
Extranet policy
Audit policy
Password policy
Password policy
It is almost utilization and what substance sifting is in put.
Internet
Anti-Virus
Intrusion Detection
Back-up and Recovery
Internet
It ought to recognize the parts and duties of clients getting to assets on the organization's network
Enforcement
Security policies
User Access to Computer Resources
Procedures
User Access to Computer Resources
It lists the retention period and disposal method for each type of record.
Classification
Paper documents
Official information
Retention Schedules
Retention Schedules
It is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization
URL hijacking
Spam
Spim
whaling
URL hijacking
It is a growing problem for individual computer users as well as large corporations and organizations.
Script kiddie
Malicious insiders
Hacktivists
Data theft
Data theft
A human resources employee receives an email from a family member stating there is a new virus going around. In order to remove the virus, a user must delete the Boot.ini file from the system immediately. This is an example of which of the following?
Hoax
Whaling
Spam
Phishing
Hoax
It could be a developing issue for person computer clients as well as huge organizations and organizations.
Malicious insiders
Data theft
Script kiddie
Hacktivists
Data theft
It is the act of stealing information stored on computers, servers, or other devices from an unknowing victim with the intent to compromise privacy or obtain confidential information.
Data theft
Hacktivists
Script kiddie
Malicious insiders
Data theft
It could be an individual who picks up unauthorized get to to computer records or systems in arrange to encourage social or political closes.
Hacktivists
Malicious insiders
Data theft
Script kiddie
Hacktivists
It is the act of taking data put away on computers, servers, or other gadgets from an unconscious casualty with the expectation to compromise protection or get secret data
Data theft
Script kiddie
Malicious insiders
Hacktivists
Data theft
It may be a strategy utilized by cyber offenders to disguise as a senior player at an organization and straightforwardly target senior or other vital people at an organization
Spim
Spam
URL hijacking
whaling
whaling
It may be a strategy utilized to pick up get to to information, frameworks, or systems, basically through deception
Cyber Engineering
Reverse Engineering
Computer Engineering
Social Engineering
Social Engineering
It is a software or hardware device designed to gain administrator-level control over a computer system without being detected. Rootkits can target the BIOS, hypervisor, boot loader, kernel or, less commonly, libraries or applications.
Rootkits
keylogger
Backdoor Attacks
Trojan Horse
Rootkits
Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?
Spyware
Backdoor
Root Kit
Logic Bomb
Backdoor
Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. Which of the following was used to perform this attack?
XML injection
Packet sniffer
Proxy
SQL injection
XML injection
It is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic Bombs
Ransomware
Polymorphic Malware
Botnets
Logic Bombs
It gathers your personal information and relays it to advertisers, data firms, or external users.
Adware
Spyware
Viruses
Worms
Spyware
These attacks start with commonly used, weak passwords like Password123 and move on from there.
Man In the Middle
Dictionary attack
Brute force
Rainbow Table Attack
Brute force
It is a software that automatically displays or downloads advertising material (often unwanted) when a user is online.
Worms
Viruses
Adware
Spyware
Adware
Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe's browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this impersonation?
XML injection
Header manipulation
Directory traversal
Session hijacking
Session hijacking
It does not corrupt or modify files on a target computer.
Adware
Worms
Spyware
Viruses
Worms
These are considered one of the most serious types of malware since they may be used to gain unauthorized access to remote systems and perform malicious operations.
Backdoor Attacks
Trojan Horse
Rootkits
keylogger
Rootkits
It is the use of messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same website.
Password stealer
Account phishing
Spamming
Clickjacking
Spamming
It is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
Denial-of-service attack
Distributed denial of service
Session hijacking
ARP poisoning
Denial-of-service attack
It is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius.
Jamming
Evil Twins
Bluesnarfing
Bluejacking
Bluejacking
It is the utilize of informing frameworks to send a spontaneous message (spam), particularly promoting, as well as sending messages over and over on the same site
Clickjacking
Spamming
Account phishing
Password stealer
Spamming
It is the action of sending promotions by e-mail to individuals who don't need to get them
Spamming
Clickjacking
Password stealer
Account phishing
Spamming
It is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
Man-in-the-Middle Attacks
Replay Attacks
Evil twin attack
Eavesdropping Attacks
Man-in-the-Middle Attacks
It is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.
Spamming
Password stealer
Clickjacking
Account phishing
Clickjacking
It can be troublesome to distinguish since the network transmissions will show up to be working regularly.
Man-in-the-Middle Attacks
Replay Attacks
Evil twin attack
Eavesdropping Attacks
Eavesdropping Attacks
It is the prevention of unauthorized users from accessing your wireless network and stealing the data using your Wi-Fi network.
Transitive access
Wireless security
Evil Twins
Rogue Access Points
Wireless security
What does confidentiality of data refer to?
Rules which prevent data from being changed
Rules which restrict access only to those who need to know
Rules which allow access only to all parties
Rules which hide data
Rules which restrict access only to those who need to know
It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?
Safety
Availability
Integrity
Confidentiality
Integrity
It is the state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this.
Information Integrity
Information Privacy
Information Confidentiality
Information Security
Information Security
A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.
Prevention
Threat
Vulnerability
Intrusion
Vulnerability
The process of putting a decision or plan into effect also known as execution.
Running
Monitoring
Identification
Implementation
Implementation
It is the state of being whole and unified.
Availability
Confidentiality
Integrity
Integrity
In cybersecurity, what does CIA stand for?
Central Intelligence Agency
Cybersecurity Investigation Agency
Confidentiality, Integrity, Availability
Cybersecurity, Internet, Accessibility
Confidentiality, Integrity, Availability
It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
Cipher Suites
Session Keys
Key exchange
Digital Signature
Session Keys
It only denies a permission until the user or group can perform the permission
Separation of duties
Access control
Implicit deny
Job rotation
Implicit deny
During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).
SSL 1.0
AES
RC4
SSL 3.0
SSL 1.0
It is the process of verifying the identity of a person or device.
Authentication
Identification
Authorization
Non-repudiation
Authentication
It helps to reduce fraud and discover malicious activities by employees.
Security token
Time of day restrictions
Biometrics
Mandatory vacations
Mandatory vacations
It is a system that uses two authentication methods such as smart cards and a password
Multifactor authentication
Common access card
Time of day restrictions
Implicit deny
Multifactor authentication
To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third-party software and hardware vendors. Which of the following should be recommended?
Blowfish
SHA
MD5
AES
AES
A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client-side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?
2
4
1
3
3
It gives centralized administration and setup of operating systems, applications, and users' settings in an Active Directory environment.
Wireless standards policy
Group Policy
System Architecture
Social media policy
Group Policy
It is the discipline that guides how we prepare, equip and support individuals to successfully adopt change in order to drive organizational success and outcomes.
Organizational change management
Enterprise change management
Change management
Individual change management
Change management
It is how are all the security programs looked into and how as often as possible
Information Security Training
Acceptable User Policy
Information Security Auditing
Remote Access
Information Security Auditing
It characterizes account limits for a set of clients of one or more assets.
Privacy policy
Audit policy
Password policy
Extranet policy
Audit policy
It involves first identifying the groups and people who will need to change as the result of the project, and in what ways they will need to change.
Organizational change management
Individual change management
Change management
Enterprise change management
Organizational change management
It distinguishes the recurrence of overhauling the record definitions as well as how detachable media, mail connections and other records are filtered.
Intrusion Detection
Internet
Anti-Virus
Back-up and Recovery
Anti-Virus
It ought to report what sort of mindfulness program is in put and how is it communicated on a normal premise.
Information Security Auditing
Information Security Training
Remote Access
Acceptable User Policy
Information Security Training
It is the teach that guides how we plan, prepare and back people to effectively embrace alter in arrange to drive organizational victory and results.
Change management
Individual change management
Enterprise change management
Organizational change management
Change management
It gives rules with respect to remote access points and the administration by ITS of 802.11X and related remote guidelines get to
System Architecture
Group Policy
Social media policy
Wireless standards policy
Wireless standards policy
It is a cyber-attack that uses disguised email as a weapon.
Vishing
Hoax
Phishing
Spoofing
Phishing
Which of the following might a security administrator actualize to relieve the hazard of tailgating for a huge organization?
Train employees on correct data disposal techniques and enforce policies.
Train employees on risks associated with social engineering attacks and enforce policies.
Only allow employees to enter or leave through one door at specified times of the day.
Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.
Train employees on risks associated with social engineering attacks and enforce policies.
It is perpetuated by bots that harvest IM screen names off of the Internet and simulate a human user by sending spam to the screen names via an instant message.
Spam
Spim
whaling
URL hijacking
Spim
It can lead to a tremendous drop in guests of websites.
Spam
URL hijacking
whaling
Spim
URL hijacking
It is the false hone of making phone calls or clearing out voice messages implying to be from legitimate companies in arrange to initiate people to uncover individual data, such as bank subtle elements and credit card numbers.
Vishing
Hoax
Spoofing
Phishing
Vishing
It is also sometimes considered an act of Internet terrorism where terrorist activities.
Script kiddie
Electronic vandalism
Cyberterrorism
Data theft
Cyberterrorism
It copies (something) whereas overstating its characteristic highlights for comedian impact
Phishing
Vishing
Hoax
Spoofing
Spoofing
Which of the following attacks targets high level executives to gain company information?
Spoofing
Vishing
Whaling
Phishing
Whaling
Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server?
SQL Injection
Cookies
Theft of the physical database server
Cross-site scripting
SQL Injection
An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?
Cross-site scripting
Command injection
SQL injection
LDAP injection
LDAP injection
A security administrator wants to deploy security controls to mitigate the threat of company employees' personal information being captured online. Which of the following would BEST serve this purpose?
Antivirus
Web content filter
Host-based firewall
Anti-spyware
Anti-spyware
It may also protect itself from antivirus programs, making it more difficult to trace.
Botnets
Polymorphic Malware
Ransomware
armored virus
armored virus
A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?
XML injection
SQL injection
Buffer overflow
Cross-site scripting
Buffer overflow
It can happen there the hacker uses some website applications to transfer some bad malicious code.
Cross-site scripting
SQL injection
LDAP injection
XML injection
Cross-site scripting
It is a self-replicating program that copies itself to other computers over the network without the need for any user intervention.
Viruses
Spyware
Worms
Adware
Worms
A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?
Malicious add-on
Zero-day
Cross site scripting
Buffer overflow
Buffer overflow
These are attacks against an opening left in a functional piece of software that allows access into a system or software application without the owner's knowledge.
Trojan Horse
Backdoor Attacks
keylogger
Rootkits
Backdoor Attacks
It is also called access point mapping
War Chalking
Wireless Replay Attacks
War driving
Sinkhole Attacks
War driving