CPE 046

Question 1

ıs a multıtaskıng operatıng
system used on most Cısco routers
and swıtches.

Answer 1

IOS (Internetwork Operatıng
System)

Question 2

IOS

Answer 2

(Internetwork Operatıng
System)

Question 3

ıs used to
confıgure routıng, swıtchıng,
ınternetworkıng and other features
supported by a Cısco devıce.

Answer 3

IOS

Question 4

thıs type of access ıs usually used to confıgure newly
acquıred devıces. These devıces usually don’t have an IP address confıgured,
and therefore cannot be accessed through the network.

Answer 4

Console access

Question 5

thıs type of access used to be a common way to access network devıces. ________ ıs a termınal emulatıon program that enables you to access IOS through the network and confıgure the devıce remotely. Uses
TCP port 23

Answer 5

Telnet access

Question 6

– lıke Telnet, thıs access type enables you to confıgure devıces
remotely, but ıt adds an extra layer of securıty by encryptıng all
communıcatıons usıng publıc-key cryptography. SSH uses well known TCP
port 22.

Answer 6

SSH access

Question 7

IOS Command Hierarchy

Answer 7

User EXEC COMMANDS
PRIVILEGED EXEC COMMANDS
Global Configuration Commands

Question 8

Configuration Mode

Answer 8

Interface
Subinterface
Controller
Map-list
Map-class
line
router
ipx-router
route-map

Question 9

is the practice of protecting systems,
networks, and programs from digital attacks.

Answer 9

Cybersecurity

Question 10

The Pillars of Cybersecurity

Answer 10

Best Practices
Policies & Procedures
Products & Services

Question 11

You set up a new network for a growing company, but you don’t
follow all of the recommended cybersecurity best practices. While you may have invested in robust security products, they can be easily subverted by _________________

Answer 11

failure to follow best practices.

or

Best practices

Question 12

Examples: Acceptable use policies, employee training.

Failure Example: Deploying a content filter without training employees, leading to risky behavior.

Answer 12

Policies & Procedures:

Question 13

Examples: Firewalls, antivirus software, maintenance subscriptions.

Failure Example: Skipping security service licenses, leaving systems vulnerable to zero-day attacks.

Answer 13

Products & Services:

Question 14

Examples: Locking doors (analogous to securing networks), using strong passwords, updating firmware.

Failure Example: Installing robust security tools but using weak passcodes (e.g., “1234”).

Answer 14

Best practices

Question 15

CIA TRIAD

Answer 15

Confidentiality
Integrity
Availability

Question 16

Confidential information is kept secret to prevent: identity theft,
compromised accounts and systems, legal concerns, damage to
reputation, and other severe consequences.

Answer 16

Confidentiality

Question 17

MFA

Answer 17

multifactor authentication

Question 18

Data is one of the most valuable assets a company can have, but it is not static. It can be transferred to other systems, altered, and
updated multiple times.

Answer 18

Integrity

Question 19

____________ guarantees that data is accurate, complete, and consistent.

Answer 19

Integrity

Question 20

It covers data in storage, during processing, and in transit. Without data integrity, loss, corruption, or compromise can cause significant damage and financial loss for both businesses and customers.

Answer 20

Integrity

Question 21

The two main types of data integrity are:

Answer 21

Physical data integrity
Logical data integrity

Question 22

is the collection of actions and fail-safes that
protect the physical systems that store and process the data.

Answer 22

Physical data integrity

Question 23

are the checks and protocols that protect data
from human error and hackers. These confirm that data is correct and
accurate as it’s used in different ways within an organization

Answer 23

Logical data integrity

Question 24

means that authorized users have immediate and
reliable access to their data. This includes granting access to
authorized users with passwords and security questions.

Answer 24

Data availability or Availability

Question 25

Some of the most fundamental threats to availability are non- malicious, including:

Answer 25

hardware failures, unscheduled software downtime, network bandwidth issues.

Question 26

NIST(National Institute of Standards and Technology) Cybersecurity Framework

Answer 26

Identity Protect Detect Respond Recover

Question 27

what processes and assets need protection?

Answer 27

Identity

Question 28

Implement appropriate safeguards to ensure protection of the enterprise's assets

Answer 28

Protect

Question 29

Implement appropriate mechanisms to identify the occurrence of cybersecurity incidents

Answer 29

Detect

Question 30

Develop Techniques to contain the impacts of cybersecurity events

Answer 30

Respond

Question 31

Implement the appropriate processes to restore capabillities and service impaired due to cybersecurity events

Answer 31

Recover

Question 32

Weak security policies can lead to physical threats, tampering, or the theft of hardware.

Answer 32

Hardware Threats

Question 33

is the art of unlocking the lock by analyzing and manipulating the components of the lock device, without an original key.

Answer 33

Lock Picking

Question 34

Threats and Breaches

Answer 34

Hardware Threats Data Threats Data Leaks & Data Breaches Data Dumps Dumpster Diving Software Threats

Question 35

* Unpatched systems, misconfigured firewalls, weak cybersecurity, and weak physical security are just a few ways that data threats occur * Data Leaks & Data Breaches. * Data Dumps * Dumpster Diving

Answer 35

Data Threats

Question 36

are the accidental exposure of confidential or sensitive data through a security vulnerability.

Answer 36

Data leaks

Question 37

are when a data leak is caused intentionally by a cybercriminal. These occur when social engineering or phishing attacks trick employees into leaking sensitive credentials or information.

Answer 37

Data breaches

Question 38

are when cybercriminals dump (release) stolen data onto the dark web for monetary gain.

Answer 38

Data Dumps

Question 39

is the act of physically searching through a literal dumpster to find something valuable.

Answer 39

Dumpster diving

Question 40

Tech companies require ______________________ as a normal part of business because these can be stolen from the trash to harvest data that can be used for identity theft and data breaches, or the data could be sold to hackers, or a company's competitors.

Answer 40

document shredding and device destruction

Question 41

include theft, exploits, and malware.

Answer 41

Software Threats

Question 42

is the unauthorized copy or use of copyright-protected software. This includes pirating software and counterfeiting activation codes.

Answer 42

Software or license theft

Question 43

are pieces of code that use vulnerabilities in hardware or software to get into a system.

Answer 43

Exploits

Question 44

Malware-infected websites use exploits to automatically download malware to a system. This is called _______

Answer 44

drive by download.

Question 45

Malware

Answer 45

Malicious Software

Question 46

is a general term for software designed to compromise computer systems. Malware can cause system slowdowns, odd requests, browser misdirection, popup ads.

Answer 46

Malware

Question 47

It can also steal data, record everything you do with or near your device, spam your contacts with infected links, and connect your computer to a network of hijacked computers that are remotely controlled (known as a ______).

Answer 47

Malware botnet

Question 48

Malware can come from:

Answer 48

* attachments * sketchy websites * file downloads * infected USB drives * links in emails, ads, social media, torrents, and even text messages

Question 49

Malware Types

Answer 49

Program viruses Macro viruses Stealth viruses Polymorphic viruses Worms Trojans Spyware Adware Ransomware

Question 50

are bits of code that insert themselves into another program.

Answer 50

Program viruses

Question 51

affect Microsoft Office files via the macros they use to automate tasks.

Answer 51

Macro viruses

Question 52

copy themselves to different locations to avoid antivirus scans.

Answer 52

Stealth viruses

Question 53

change their characteristics to get around cybersecurity defenses. 97% of all malware uses polymorphic viruses.

Answer 53

Polymorphic viruses

Question 54

start themselves after identifying system weaknesses. They don’t rely on apps or files. Unlike other viruses, worms can be controlled remotely. A computer worm replicating itself aims to make copies that can infect other computers. While most malware is isolated to the infected device, worm viruses are designed to spread to other devices.

Answer 54

Worms

Question 55

trick you into installing legitimate-seeming software that includes harmful malware.

Answer 55

Trojans

Question 56

collects personal data, login credentials, credit card information, online activity, and can record using a device’s camera or microphone.

Answer 56

Spyware

Question 57

is software coded into online ads that records your personal data, website visits, and keystrokes to send you personalized ads. Both adware and spyware can be legitimate or malicious.

Answer 57

Adware

Question 58

locks a system, encrypts its files, and displays a ransom demand. To get the encryption key you must pay the ransom, or you can regain access by doing a full system restore from a backup.

Answer 58

Ransomware

Question 59

EICAR

Answer 59

The European Institute for Computer Antivirus Research

Question 60

The European Institute for Computer Antivirus Research (EICAR) has developed a test virus to test your antivirus solution. This script is an inert text file. The binary pattern is included in the virus pattern file from most antivirus vendors. The test virus is not a virus and does not contain any program code.

Answer 60

Sample Virus