Final Practice Exam

Question 1

Which of the following software development processes follows a linear sequence from initiation and conception to maintenance?

• v- model
• iterative and incremental
• prototyping
• waterfall
• spiral

Answer 1

waterfall

Question 2

Computer forensic experts work with two primary types of data. What are they?

• quantitative and qualitative
• digital and physical
• visible and latent
• mob

Answer 2

visible and latent

Question 3

The national institute of Standards and Technologyy (Nist) released AES in what year?

• 2003
• 2002
• 2001
• 2004

Answer 3

2001

Question 4

Information security is the umbrella term used to describe the collection of ____ and ____ employed to protect information.

• Techniques, Technologies
• Processes, Techniques
• Processes, Technologies
• Technologies, Equipment

Answer 4

Processes, Technologies

Question 5

What is one of the major challenges of information security policies?

• They can be time-consuming.
• They can be difficult to implement.
• The administrative, regulatory and technological policies can all interact.
• They can be hard to understand.

Answer 5

The administrative, regulatory and technological policies can all interact.

Question 6

A collection of standardized policies, procedures and guides, meant to direct a firm or any organization, which adopts its use, on how to protect its infrastructure from security breaches is called _____

• Information Security Framework
• Access Control Handbook
• Company Protection Handbook
• Security Guidelines

Answer 6

Information Security Framework

Question 7

Which of these is considered a decreased measurable

• Increase in battery life
• Loss of battery life
• Increase in storage space
• Rooting phone

Answer 7

Loss of battery life

Question 8

Which of the following describes a technological response to phishing attacks?

• Private Lawsuits
• FTC investigations
• User training and awareness
• Spam filters

Answer 8

Spam filters

Question 9

The internet security threat referred to as ‘pharming’ can be described as _____.

• Denial-of-service
• Identity theft
• Hacking
• Online fraud

Answer 9

Online fraud

Question 10

After a catastrophe, _____ disaster plan(s) are often needed to recover.

• Multiple
• Blanket
• New
• a single uniformed

Answer 10

multiple

Question 11

AREAS of Weakness

Answer 11

Disaster Recovery in Cysec
Basics of Cybercrime
Policies & Procedures for Cybersecurity

Question 12

Which of the following is a major function of the Facilities Team?

• Supplying needed staffing and management for standby data centers and backup libraries in order to meet user requirements
• Supervising equipment and line installations for new networks
• Arranging transportation to standby centers
• Restoring networks at standby sites and installing new voice networks for critical telephony users

Answer 12

Arranging transportation to standby centers

Question 13

Maintaining IT disaster recovery master copies, offsite copies and plans are the responsibilities of the _____.

• Disaster Management Team
• Recovery Coordinators
• Facilities Team
• Communication Team

Answer 13

Recovery Coordinators

Question 14

Processes and actions taken to implement the requirements in the policy documents is called _____

• Procedures
• Policy steps
• Directions
• Instructions

Answer 14

Procedures

Question 15

What form of analysis involves running the possibly infected file?

• Virtual Analysis
• Malware Analysis
• Dynamic Analysis
• Static Analysis

Answer 15

Dynamic Analysis

Question 16

The U.S. Government adopted AES as a standard in what year?

• 2001
• 2003
• 2004
• 2002

Answer 16

2002

Question 17

A benefit of symmetric encryption is:

• That it doesn’t increase the size of the encrypted message and impede system performance
• that it is stronger than asymmetric encryption
• that it is only used in the United States
• that one key does not need to be shared in order to decode an encrypted message

Answer 17

That it doesn’t increase the size of the encrypted message and impede system performance

Question 18

If your employer could view your medical records without your permission, what principle of information security would be violated?

• Repudiation
• Confidentiality
• Availability
• Integrity

Answer 18

Confidentiality

Question 19

Which of the following is not a responsibility of the Operations Team?

• Restoring current applications, software and database platforms
• Supplying needed staffing and management for standby data centers and backup libraries
• Maintaining needed network documentation
• Restoring computer operations

Answer 19

Maintaining needed network documentation

Question 20

If you want to prevent employees from disclosing sensitive company information, which network security type would be best to implement?

• web content filter
• DDos protection
• IPS /IDS
• DLP

Answer 20

DLP

Question 21

IoT devices create more significant security challenges for networks due to all of these concerns EXCEPT which?

• They produce an event log.
• They do not have security alerts
• They are always on
• they are always connected

Answer 21

They produce an event log.

Question 22

Which software is used to process instructions and coordinate between devices?

• Operating System
• Control Panel
• Network interface
• Web browser

Answer 22

Operating System

Question 23

Which of the following tools can be used to scan a network for network discovery and security auditing

• Nslookup
• Netstat
• Netdiscovery
• Nmap

Answer 23

Nmap

Question 24

Which method works like an antivirus program?

• Honey pots
• Misuse detectors
• Configuration checking tools
• Signature-based approach

Answer 24

Signature-based approach

Question 25

The LOphtCrack password recovery and auditing tool is capable of cracking the algorithm for which of the following? * Microsoft LM and NTLM hashes. * SSH * SSL * Kerberos authentication

Answer 25

Microsoft LM and NTLM hashes

Question 26

Three catastrophes data is susceptible to include: * Becoming corrupt, becoming outdated, being irrelevant * Corruption, sabotage and loss * Theft, becoming outdated, being lost * Failure, loss of power, deletion

Answer 26

Corruption, sabotage and loss

Question 27

Instant messaging platforms are common among cyber criminals for all of the following reasons EXCEPT which? * they are less secure * they are popular * they are always on * they occur in real time

Answer 27

They are less secure.

Question 28

Encrypt the following message using a Caesar cipher with a shift of 7: ET TU BRUTE * XM MN UKNMX * KZ ZA HXAZK * LA AB IYBAL * YN NO VLONY

Answer 28

LA AB IYBAL

Question 29

Which of the following best defines cryptanalysis? * It is the name of specialized software used to verify that data has been encrypted properly. * It refers to the act making data unreadable to everyone besides those for whom the data is intended. * It refers to the study of cracking the secret codes used in cryptography. * It is the concept of making something unreadable.

Answer 29

It refers to the study of cracking the secret codes used in cryptography.

Question 30

Encryption strength is a measure of: * How practical the encryption is to break. * The encryption's ability to resist brute force attacks. * None of these answers are correct. * How difficult the encryption is to implement.

Answer 30

The encryption's ability to resist brute force attacks.

Question 31

What is an example of an administrative information security policy? * Complying with laws regarding information. * Requiring password changes. * Installing antivirus software. * Making a policy to shred confidential documents when they're disposed of.

Answer 31

Making a policy to shred confidential documents when they're disposed of.

Question 32

Which of the following is false with respect to BCP (business continuity planning)? * Business continuity planning ensures that all business operations continue functioning during and even after a disaster. * Business continuance is an interdisciplinary domain that helps create and validate logistical solutions for an organization's restoration and recovery operations. * Disaster recovery is a major component of business continuity planning. * Business continuity planning is a major component of disaster recovery.

Answer 32

Business continuity planning is a major component of disaster recovery.

Question 33

Which of the following data recovery tools utilizes a system's command prompt in order to operate? * Disk Drill * EaseUS * Gauranteed Recovery * TestDisk

Answer 33

TestDisk

Question 34

Which of the following best describes a proactive approach to digital crime? * It involves preventing a network service from functioning normally. * It involves investigating the cause of an attack after it has occurred * It refers to actively searching for the clues that typically precede an attack in an effort to prevent the crime from taking place. * It requires that network administrators look through network logs to determine what caused a cyber attack.

Answer 34

It refers to actively searching for the clues that typcially precede an attack in an effort to prevent the crime from taking place.

Question 35

In a pharming attack, the goal of the criminal is to _____. * Steal victim's email credentials to illegally login into their computer network. * steal the victim's DNS server database entries in order clone sites to steal their information * steal the victim's network information in order to crash the network * misdirect website traffic to bogus websites where the victims information will be stolen.

Answer 35

misdirect website traffic bogus websites where the victim's information will be stolen.

Question 36

Which of the following is a characteristic of cyber crime? * Is an offense * Affects a computer (or more than one) * All of the answers are correct. * A computer is primary instrument of offense

Answer 36

All of the answers are correct

Question 37

A software is secure when _____. * It has an antivirus installed. * It complies with industry specification and standards * the database is isolated from running code * It is developed in a way in which attacks and breaches do not affect its normal operations and functions.

Answer 37

It is developed in a way in which attacks and breaches do not affect its normal operations and functions.

Question 38

Which system resource is most likely to use IRQ? * DMA * Software * ROM * Hardware

Answer 38

Hardware