GR

Question 1

What concept states that defenders must secure every vulnerability, while attackers only need to exploit one?

Answer 1

The asymmetry of defense

Question 2

What security concept relies on multiple tools / techniques simultaneously?

Answer 2

Defense in depth

Question 3

Which defense mechanism is primarily designed to monitor and analyze network traffic for suspicious activities?

Answer 3

Intrusion Detection System (IDS)

Question 4

Which defense mechanism is primarily designed to actively block and prevent malicious activities?

Answer 4

Intrusion Prevention System (IPS)

Question 5

Name the benefits of proxies?

Answer 5

Can inspect packet contents; Can trace/filter inappropriate requests; Can cache answers for faster responses

Question 6

What is a firewall?

Answer 6

A firewall is a network device that forwards some network data (i.e., packets) and filters others.

Question 7

In the context of a firewall, what is the purpose of an allow-list?

Answer 7

Permits only traffic on the list

Question 8

Which intrusion detection method relies on predefined patterns or signatures of known threats?

Answer 8

Signature-Based

Question 9

Name legitimate personal security recommendations?

Answer 9

Keep your system up to date with the latest patches; Use a VPN when you are on public networks; Only use strong passwords and do not reuse passwords; Don’t install software unless you absolutely need it; Don’t trust unfamiliar links or attachments in emails; Don’t let people log into your personal network

Question 10

Name the cyber-attack methology steps?

Answer 10

Gaining Access
Maintaining Access
Scanning
Reconnaissance
Covering Tracks

Question 11

What’s the difference between the Recon and Scanning phases?

Answer 11

Recon is passive, Scanning is active

Question 12

This type of malware is disguised as a legitimate program

Answer 12

Trojan horse

Question 13

This type of malware has elevated privileges and is designed to remain undetected

Answer 13

Rootkit

Question 14

This type of malware executes when a specified condition is triggered

Answer 14

logic bomb

Question 15

This type of malware attaches to a “host” file that spreads by user interaction

Answer 15

virus

Question 16

This type of malware spreads without user intervention

Answer 16

worm

Question 17

This type of malware bypasses normal authentication mechanisms

Answer 17

backdoor

Question 18

This type of malware records inputs to your computer

Answer 18

keystroke logger

Question 19

This type of malware gathers and reports information about a user

Answer 19

spyware

Question 20

A buffer overflow vulnerability occurs when:

Answer 20

Input exceeds the capacity of a defined storage area.

Question 21

What type of cyber attack is commonly associated with targeting humans through deceptive emails or messages?

Answer 21

Phishing

Question 22

Which cybersecurity threat is most closely related to compromising personal computers by exploiting vulns in software?

Answer 22

Malware

Question 23

If a cyber attack aims to overwhelm and disrupt the functionality of servers, what type of attack is likely occurring?

Answer 23

Denial of Service

Question 24

What is an attack on websites that involve injecting malicious code to manipulate user interactions?

Answer 24

Cross-Site Scripting

Question 25

Which security concern is primarily associated with infiltrating databases and manipulating information?

Answer 25

SQL Injection

Question 26

How can we best defend against SQL and XSS attacks?

Answer 26

Using secure coding practices and input validation

Question 27

What does the term "Internet of Things" refer to?

Answer 27

The integration of physical devices with the internet.

Question 28

In the context of IoT, which statement is true regarding the prioritization of usability and security?

Answer 28

Usability is prioritized over security.

Question 29

What is a zero-day exploit, and why is it highly prized in the realm of cybersecurity?

Answer 29

An exploit targeting an unknown vulnerability with no known patches

Question 30

What does SCADA stand for?

Answer 30

System Control and Data Acquisition

Question 31

What is the primary purpose of SCADA?

Answer 31

Real-time Monitoring and Control

Question 32

What is a common vulnerability associated with industrial control systems (ICS)?

Answer 32

Inadequate authentication measures

Question 33

Which statement best describes how cyber operations can have physical effects?

Answer 33

Manipulating digital systems can lead to physical consequences.

Question 34

What is the primary goal of a cyber-attack methodology?

Answer 34

To exploit vulnerabilities and compromise a system

Question 35

What is the most likely potential objective of a cyber-attack in the political domain?

Answer 35

Misinformation

Question 36

What is the significance of network mapping in cybersecurity?

Answer 36

To identify and visualize the structure of a network

Question 37

What are the 3 main methods to crack a password?

Answer 37

Brute force, dictionary, rainbow table

Question 38

Which type of password attack involves trying all possible combinations of characters to guess the password?

Answer 38

Brute force attack

Question 39

What is a recommended characteristic of a strong password?

Answer 39

Inclusion of uppercase and lowercase letters, numbers, and symbols

Question 40

Machine learning involves __________ that can derive rules/behaviors from datasets.

Answer 40

algorithms

Question 41

What is the first (and probably most important) step required for supervised learning?

Answer 41

Gather Data

Question 42

An artificial intelligence (AI) designed to beat humans at the video game "Civilization" is an example of general AI.

Answer 42

False

Question 43

What type of dataset would you likely use to train a ML model to analyze social networks to identify cliques

Answer 43

Unlabeled dataset

Question 44

For a supervised Machine Learning model to predict risk of heart disease, which of the following is an instance?

Answer 44

Age: 45, Weight: 155lbs, Sex: Female, Disease: None

Question 45

Human Expertise is required in ML in order to cultivate datasets and verify that the algorithms are working as intended.

Answer 45

True

Question 46

Which of the following is one of the limitations of current AI?

Answer 46

Lack of Interpretability

Question 47

Artificial Intelligence can be generally categorized based on whether it...

Answer 47

Thinks or acts like a human or rationally

Question 48

Input, Process, and Output simply describes what?

Answer 48

A Computer

Question 49

Which of the following will you find on a server?

Answer 49

Files, Email, Website

Question 50

What's the difference between a client and a server?

Answer 50

A client accesses data, a server stores data

Question 51

Can a client can act as both a client and server simultaneously?

Answer 51

True

Question 52

What is the primary role of protocols in network communications?

Answer 52

Defining the rules and standards for data exchange.

Question 53

What protocol helps computers find each other on a network?

Answer 53

Internet Protocol

Question 54

A logical location where applications listen for incoming data is what?

Answer 54

A Port

Question 55

What is HTTPS and what port does it use?

Answer 55

Hypertext Transfer Protocol Secure - 443

Question 56

What must a client include when requesting a webpage?

Answer 56

source Port destination IP A message destination Port source IP

Question 57

An algorithm is a(n) __________ of executable steps

Answer 57

ordered set

Question 58

How many keys are needed for 1-to-1 secure communication?

Answer 58

4

Question 59

What is one task in the 'Covering Tracks' phase of cyber attacks?

Answer 59

alter log files

Question 60

What is a form of exploiting human aspect of security?

Answer 60

phishing

Question 61

What are two ways to identify malware?

Answer 61

signature-based, behavior-based

Question 62

An attack in which the purpose is to overload a server by flooding it with requests is called...

Answer 62

denial of service

Question 63

An AI that defaults to identifying a person with greater success based on their hair color is what type of limitation?

Answer 63

Hidden Bias

Question 64

Ambiguous Responsibility means what with regard to AI?

Answer 64

It is not clear who/what to hold at fault

Question 65

List memory hierarchy

Answer 65

CPU, registers, CPU cache, lvl 1 cache, lvl 2 cache, main memory, RAM, secondary memory, hard drive, archival storage, tapes/dvds/discs, cds

Question 66

Define Moore's Law

Answer 66

The # of transistors that can be placed on a circuit doubles every 2 years.

Question 67

Place the components where they belong in the Von Neumann Architecture

Answer 67

Memory, input, CPU, output

Question 68

Which of the following rights is protected by the Fourth Amendment to the United States Constitution?

Answer 68

Right to Privacy

Question 69

Which act prohibits intentionally accessing a computer without authorization or in excess of authorization?

Answer 69

Computer Fraud and Abuse Act

Question 70

In the context of military cyber operations, what does LOAC stand for?

Answer 70

Laws of Armed Conflict

Question 71

What are the basic principles needed for LOAC?

Answer 71

Distinction Proportionality Chivalry Humanity Military Necessity

Question 72

Which principle aims to prevent excessive loss of life and damage to property?

Answer 72

Proportionality

Question 73

What are switches?

Answer 73

Move information traffic within a local network

Question 74

What IPvX protocol standard has more addresses?

Answer 74

IPv6

Question 75

Sometimes IP addresses are dynamic because...

Answer 75

IP addresses are limited in number Hosts (DHCPs) are dynamic in nature

Question 76

Virtual Private Networks (VPNs)

Answer 76

Reduces the possibility of man-in-the-middle attacks

Question 77

What is sniffing?

Answer 77

Is especially a problem for WiFi