Introduction to Cybersecurity: Course Final Exam

Question 1

Which of the following firewalls hides or masquerades the private addresses of network hosts?

Reverse proxy firewall

Host-based firewall

Proxy server

Network address
translation firewall

Network layer firewall

Answer 1

Network Address Translation Firewall

Question 2

Carrying out a multi-phase, long-term, stealthy and advanced operation against a specific target is often referred to as what?

Advanced persistent treat

Network sniffing

Social engineering

Script kiddies

Rainbow tables

Answer 2

Advanced persistent threat

Question 3

You are configuring access settings to require employees in your organization to authenticate first before accessing certain web pages. Which requirement of information security is addressed through this configuration?

Scalability

Avaiability

Integrity

Confidentiality

Answer 3

Confidentiality

Question 4

What are the objectives of ensuring data integrity? (Choose two correct answers)

Data is unaltered during transit

Data is not changed by unauthorized entities

Data is encrypted while in transit and when stored on disks

Access to the data is authenticated

Data is available all the time

Answer 4

Data is unaltered during transit

Data is not changed by unauthorized entities

Question 5

An organization is experiencing overwhelming visits to a main web server. You are developing a plan to add a couple of more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

Scalability

Integrity

Confidentiality

Availability

Answer 5

Availability

Question 6

What of the following are examples of cracking an encrypted password? (Choose four correct answers)

Imtimidation

Brute force attack

Network sniffing

Rainbow tables

Social engineering

Spraying

Dictionary attack

Answer 6

Brute Force Attack

Rainbow Tables

Spraying

Dictionary Attack

Question 7

Improper management of physical access to a resource, such as a file, can lead to what type of security vlnerability?

Weaknesses in security practices

Race conditions

Access Control problems

Buffer overlow

Non-validated input

Answer 7

Access Control problems

Question 8

A medical office employee sends emails to patients about their recent visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?

Contact information

Next appointment

Patient records

First and last name

Answer 8

Patient records

Question 9

What is the best way to avoid getting spyware on a machine?

Install the latest antivirus updates

Install the latest web browser updates

Install software only from trusted websites

Install the latest operating system updates

Answer 9

Install software only from trusted websites

Question 10

ou are surfing the Internet using a laptop at a public Wi-Fi cafe. What should you check first before you connect to the public network?

That the Bluetooth adapter is disabled

If the laptop requires user authentication for file and media sharing

That the laptop web browser is operating in private mode

If the laptop has a master password set to secure the passwords stored in the password manager

Answer 10

If the laptop requires user authentication for file and media sharing

Question 11

What is the main function of the Cisco Security Incident Response Team?

To design next generation routers and switches that are less prone to cyber attacks

To design polymorphic malware

To ensure company, system and data preservation

To provide standards for new encrpytion techniques.

Answer 11

To ensure company, system and data preservation

Question 12

Which of the following firewalls are placed in front of web services to protect, hide, offload and distribute access to web servers?

Appication layer firewall

proxy server

Transport layer firewall

Network layer firewall

Reverse proxy server

Answer 12

Reverse proxy server

Question 13

Which of the following certifications meets the U.S. Depratment of Defensive Directive 8570.01-M reuqirements, which is important for anyone looking to work in IT security for the federal goverment?

EC Council Certified Ethnical hacker

Microsoft Technology Associate Security Fundamentals

ISACA CSX Cybersecurity Fundamentals

CompTIA Security+

ISC2 Certified Information Systems Security Professional

Palo Alto Networks Certified Cybersecurity Associate

Answer 13

CompTIA Security+

Question 14

One of your colleagues has lost her identification badge. She is in a hurry to get to a meeting and does not have time to visit Human Resources to get a temporary badge. You lend her your identification badge until she can obtain a replacement.
Is this behavior ethical or unethical?

Ethical

Unethical

Answer 14

Unethical

Question 15

Which of the following certifications tests your understanding and knowledge in how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner?

Palo Alto Networks Certified Cybersecurity Associate

ISC2 Certified Information Systems Security Professional

Microsoft Technology Associate Security Fundamentals

CompTIA Security+

ISACA CSX Cybersecurity Fundamentals

EC Council Certified Ethical Hacker

Answer 15

EC Council Certified Ethical Hacker

Question 16

What is the main purpose of cyberwarfare?

To develop advanced network devices

To gain advanced over adversaries

To protect cloud-based data centers

To simulate possible war scenarios among nations

Answer 16

To gain advantage over adversaries

Question 17

What vulnerability occurs when the output of an event depends on ordered or timed outputs?

Weaknesses in security practices

Non-validated input

Race conditions

Buffer overflow

Access control problems

Answer 17

Race conditions

Question 18

What do you call the vulnerabilities discovered by Google security researchers that affect almost all CPUs released since 1995? (Select two correct answers)

Shell shock

WannaCry

NotPetva

Spectre

Meltdown

Answer 18

Spectre

Meltdown

Question 19

If developers attempt to create their own security algorithms, it will likely introduce what type of vulnerabilities?

Buffer overflow

Race conditions

Weaknesses in security practices

Non-validated input

Access control problems

Answer 19

Weaknesses in security practices

Question 20

Whcih technology creates a security token that allows a user to log in to a desired web appication using credentials from a social media website?

Open authorization

VPN service

Password manager

In-private browsing mode3

Answer 20

Open authorization

Question 21

Which of the following security implementations use biometrics? (Choose two correct answers)

Fingerprint

Phone

Credit card

Voice recognition

Fob

Answer 21

Fingerprint

Voice recognition

Question 22

Which of the following firewalls filters traffic based on source and destination IP addresses?

Network layer firewall

Proxy server

Application layer firewall

Transport layer firewall

Network address translation firewall

Answer 22

Network layer firewall

Question 23

Whcih of the following firewalls filters web content requests such as URLs and domain names?

Application layer firewall

Proxy server

Reverse proxy server

Network layer firewall

Network address translation firewall

Answer 23

Proxy server

Question 24

A port scan returns a ‘dropped’ response. What does this mean?

A service is listening ont he port

Connections to the port will be denied

There was no reply from the host

Answer 24

There was no reply from the host

Question 25

During a meeting with the Marketing department, a representative from IT discusses fetaures of an upcoming product that will be released next year. Is thsi employee's behavior ethnical or unethical? Ethical Unethical

Answer 25

Ethical

Question 26

Which of the following is an entry-level certifcation for newcomers who are preparing to start their career in cybersecurity? CompTIA Security+ Microsoft Technology Associate Security Fundamentals ISC2 Certificed Information Systems Security Professional ISACA CSX Cybersecurity Fundamentals EC Council Certified Ethnical Hacker Palo Alto Networks Certified Cybersecurity Associate

Answer 26

Palo Alto Networks Certified Cybersecurity Associate

Question 27

'Cybersecurity certifications are a way for you to verify your skills and knowledge and can also boost your career.' True False

Answer 27

True

Question 28

When describing malware, what is a difference between a virus and a worm? A virus focuses on gaining privileged access to a device, whereas a worm does not A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently. A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks. A virus can be used to deliver advertisements without user consent, whereas a worm cannot.

Answer 28

A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.

Question 29

An employee is laid off after fifteen years with the same organization. The employee is then hired by another organization within a week. In the new organization, the employee shared documents and ideas for products that the employee proposed at the original organiozation. Is the employee's behavior. Ethical Unethical

Answer 29

Unethical

Question 30

Which of the following firewalls filters traffic based on the user, device, role, application type and threat profile? Context aware application firewall host-based firewall network address translation firewall Networ layer firewall Application layer firewall

Answer 30

Context aware application firewall

Question 31

What names are given to a database where all cryptocurrency transactions are recorded? (Select two correct answers) Blockchain Table Ledger Spreadsheet

Answer 31

Blockhain Ledger

Question 32

Which of the following items are states of data (Choose three correct answers) Storage Text ASCII Transmission Binary Processing

Answer 32

Storage Transmission Processing

Question 33

'Internet-based cameras and gaming gear are not subject to security breaches.' True False

Answer 33

False

Question 34

What vulnerability occurs when data is written beyond the memory areas allocated to an application? Buffer overflow Access control problems Race conditions Weaknesses in security practices Non-validated input

Answer 34

Buffer overflow

Question 35

An organization's IT department reports that their web server is receiving an abnormally high number of web page requests from different locations simultaneously. What type of security attack is occuring? Phising Adware Social engeering DDoS Spyware

Answer 35

DDoS

Question 36

Which of the following are commonly used port scanning applications? (Select two correct answers) Zenmap Port number Sequence number Nmap

Answer 36

Zenmap Nmap

Question 37

What action will an IDS take upon detection of malicious traffic? Block or deny all traffic Create a network alert and log the detection Drop only packets identified as malicious Reroute malicious traffic to a honeypot

Answer 37

Create a network alert and log the detection

Question 38

Which of the following statements best describes cybersecurity? It is the name of a comprehensive security application for end users to protect workstations from being attacked It is a standard-based model for developing firewall technologies to fight against cybercrime It is a framework for security policy development It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauhtorized use or harm

Answer 38

It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauhtorized use or harm

Question 39

'After a data breach, it's important to educate employees, partners and customers on how to prevent future breaches.' True False

Answer 39

True

Question 40

An employee points out a desig flaw in a new product to the department manager. Ethical Unethical

Answer 40

Ethical

Question 41

'Data coming into a program should be sanitized, as it could have malicious content, designed to force the program to behave in an unintended way.' This statement describes what security vulnerability? Weaknesses in security practices Access control problems Buffer overflow Non-validated input Race conditions

Answer 41

Non-validated input

Question 42

Which of the following are examples of on-path attacks? (Choose two correct answers) SEO poisoning Man-in-the-Mobile Ransomware DDoS Man-in-the-Middle Worms

Answer 42

Man-in-the-Mobile Man-in-the-Middle

Question 43

Which of the following firewalls filters traffic based on application, program or service? Context aware application firewall Proxy server Application layer firewall Host-based firewall Network layer firewall

Answer 43

Application layer firewall

Question 44

A port scan returns a 'closed' response. What does this mean? There was no reply from the host A service is listening on the port Connections to the port will be denied

Answer 44

Connections to the port will be denied

Question 45

‘Cryptocurrency transactions are digital.’ True False

Answer 45

True

Question 46

What do you call a digital asset designed to work as a medium of exchange that uses strong encryption to secure a financial transaction? Apple Pay Google Pay Near Field Communications Cryptocurrency

Answer 46

Cryptocurrency

Question 47

Which of the following tools used for incident detection can be used to detect anomalous behavior, command and control traffic, and detect infected hosts? (Choose two correct answers) Intrusion detection system Reverse proxy server NetFlow Nmap Honeypot

Answer 47

Intrusion detection system NetFlow

Question 48

What name is given to a group of bots, connected through the Internet, with the ability to be controlled by a malicious individual or group? Hacker network Crime syndicate Zombie Botnet

Answer 48

Botnet

Question 49

What is the best approach for preventing a compromised IoT device from maliciously accessing data and devices on a local network? Install a software firewall on every network device Place all IoT devices that have access to the Internet on an isolated network Disconnect all IoT devices from the Internet Set the security settings of workstation web browsers to a higher level

Answer 49

Place all IoT devices that have access to the Internet on an isolated network

Question 50

What name is given to the emerging threat that hides on a computer or mobile device and uses that machine’s resources to mine cryptocurrencies? Phishing Bluejacking Cryptoransomware Cryptojacking

Answer 50

Cryptojacking

Question 51

A port scan returns an ‘open’ response. What does this mean? A service is listening on the port Connections to the port will be denied There was no reply from the host

Answer 51

A service is listening on the port

Question 52

An employee is at a restaurant with friends and tells them about an exciting new video game that is under development at the organization they work for. Is this employee’s behavior ethical or unethical? Ethical Unethical

Answer 52

Unethical

Question 53

‘An advanced persistent threat (APT) is usually well funded.’ True False

Answer 53

True

Question 54

In networking, what name is given to the identifier at both ends of a transmission to ensure that the right data is passed to the correct application? IP address Port number MAC address Sequence number

Answer 54

Port number

Question 55

‘An employee does something as an organization representative with the knowledge of that organization and this action is deemed illegal. The organization is legally responsible for this action.’ True False

Answer 55

True

Question 56

What tool is used to lure an attacker so that an administrator can capture, log and analyze the behavior of the attack? NetFlow Honeypot IDS Nmap

Answer 56

Honeypot

Question 57

‘A data breach does not impact the reputation of an organization.’ True False

Answer 57

False

Question 58

Which of the following certifications is aimed at high school and early college students, as well as anyone interested in a career change? CompTIA Security+ Microsoft Technology Associate Security Fundamentals ISACA CSX Cybersecurity Fundamentals ISC2 Certified Information Systems Security Professional EC Council Certified Ethical Hacker Palo Alto Networks Certified Cybersecurity Associate

Answer 58

Microsoft Technology Associate Security Fundamentals

Question 59

Which of the following firewalls filters traffic based on source and destination data ports and filtering based on connection states? Network address translation firewall Network layer firewall Transport layer firewall Application layer firewall Host-based firewall

Answer 59

Transport layer firewall

Question 60

Which of the following are categories of security measures or controls? (Choose three correct answers) Firewalls Guards Camera Policy and procedure Technology Awareness, training and education

Answer 60

Policy and procedure Technology Awareness, training and education

Question 61

‘A botnet can have tens of thousands of bots, or even hundreds of thousands.’ True False

Answer 61

True

Question 62

For what purpose would a network administrator use the Nmap tool? To protect the private IP addresses of internal hosts To identify specific network anomalies To detect and identify open ports To collect and analyze security alerts and logs

Answer 62

To detect and identify open ports

Question 63

Which of the following certifications does not expire or require periodic recertification and is geared towards post-secondary graduates and those interested in a career change? EC Council Certified Ethical Hacker ISACA CSX Cybersecurity Fundamentals CompTIA Security+ Palo Alto Networks Certified Cybersecurity Associate ISC2 Certified Information Systems Security Professional Microsoft Technology Associate Security Fundamentals

Answer 63

ISACA CSX Cybersecurity Fundamentals

Question 64

What type of attack uses zombies? Spear phising Trojan horse DDoS SEO poisoning

Answer 64

DDoS

Question 65

What is the purpose of a backdoor? To enable software vendors to update software For government access To gain unauthorized access to a system without normal authentication procedures To allow developers to debug software

Answer 65

To gain unauthorized access to a system without normal authentication procedures

Question 66

Which of the following firewalls filters ports and system service calls on a single computer operating system? Network address translation firewall Transport layer firewall Host-based firewall Network layer firewall Application layer firewall

Answer 66

Host-based firewall

Question 67

What type of attack disrupts services by overwhelming network devices with bogus traffic? DDoS Zero-day Brute force Port scans

Answer 67

DDoS

Question 68

‘Cryptocurrencies are handled on a centralized exchange.’ True False

Answer 68

False

Question 69

Several @Apollo employees have reported that the network access is slow. After investigation, the network administrator has learned that one employee downloaded a third-party scanning program for the printer. What type of malware might have been introduced that is causing slow performance of the network? Spam Phishing Worm Virus

Answer 69

Worm

Question 69

What is an example of cyber kill chain? a planned process of cyber attack

Answer 69

a planned process of cyber attack

Question 70

An organization’s process of identifying and assessing risk with the goal of reducing these threats to an acceptable level is known as what? Business continuity Disaster recovery Risk management Vulnerability scanning

Answer 70

Risk management

Question 71

An employee is laid off after fifteen years with the same organization. The employee is then hired by another organization within a week. In the new organization, the employee shares documents and ideas for products that the employee proposed at the original organization. Is the employee’s behavior ethical or unethical? Ethical Unethical

Answer 71

Unethical

Question 72

Which stage of the kill chain used by attackers focuses on the identification and selection of targets? delivery exploitation weaponization reconnaissance

Answer 72

reconnaissance

Question 73

An employee does something as a company representative with the knowledge of that company and this action is deemed illegal. The company would be legally responsible for this action. True False

Answer 73

False

Question 74

Which term describes the private browser mode for Google Chrome? Private tab Private browsing Incognito InPrivate

Answer 74

Incognito

Question 75

What type of infiltration method allows attackers to quietly capture two-step verification SMS messages sent to users in a Man-in-the-Mobile (MITMO) attack? Pretexting Botnet DoS On-Path attack

Answer 75

On-Path Attack

Question 76

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration? availability integrity scalability confidentiality