Midterm

Question 1

IAAA

Answer 1

Identification, Authentication, Authorization, Accountability

Question 2

Identification

Answer 2

Username

Question 3

Authentication

Question 4

Authorization

Answer 4

granting permission

Question 5

Accountability

Answer 5

tracking user activity

Question 6

Multi Factor Authentication (MFA)

Answer 6

Password + OTP

Question 7

Role-Based Access Control (RBAC)

Answer 7

Permissions based on job/user roles

Question 8

Least Privilege Principle

Answer 8

Restricting application permissions so the user can only get necessary access

Question 9

Which authentication method does a company use when employees need both a password and a one-time code sent to their mobile phones to log in?

Answer 9

Multi Factor Authentication (MFA)

Question 10

Phising

Answer 10

Fake emails trick users into revealing credentials

Question 11

Brute force attacks

Answer 11

Automated guessing of passwords

Question 12

Session hijacking

Answer 12

Stealing an active session to bypass authentication

Question 13

Privlage esculation

Answer 13

Gaining unauthorized admin access

Question 14

Zero-day exploits

Answer 14

Attacks on unknown vulnrabilities

Question 15

A hacker steals a session token from a user and gains access tot their banking website without knowing thwe password. What attack is this?

Answer 15

Session Hijacking

Question 16

Secure coding practices

Answer 16

Write, Input, encoding, use

Question 17

Write

Answer 17

Developers must write secure code to prevent cyberattacks

Question 18

Input

Answer 18

input validation - prevents malicious input (ex. SQL injections, XSS)

Question 19

Encoding

Answer 19

Output Encoding - stops cross-site scripting

Question 20

Use

Answer 20

use of prepared statements - prevents SQL Injections

Question 21

Which method is the best defense against SQL Injections

Answer 21

Using a prepared SQL Statement

Question 22

Web Application Firewall (WAF)

Answer 22

Protects against web-based attacks/ Blocks malicous HTTP traffic

Question 23

Aplication Sandboxing

Answer 23

Isolates Applications to prevent system-wide access.

Question 24

Patch Management

Answer 24

regularly updating software to fix vulnerabilities

Question 25

A company's website is under attack by automated bots trying to inject malicous SQL queries. What security tool is this?

Answer 25

Web Application Firewall (WAF)

Question 26

Network security and attack prevention

Answer 26

Denial-of-Services(DoS) and Distributed DoS (DDoS), Rate limiting and firewalls, Mobile device management(MDM), Endpoint detection and responsse(EDR), Extended detection and response(XDR)

Question 27

Denial-of-Services(DoS) and Distributed DoS (DDoS)

Answer 27

Overloads a system with traffic

Question 28

Rate limiting and firewalls

Answer 28

Prevents DoS attacks

Question 29

Mobile device management(MDM)

Answer 29

Enforcing security policies on mobile apps

Question 30

Endpoint detection and responsse(EDR)

Answer 30

Monitors and responds to endpoint threats

Question 31

Extended detection and response(XDR)

Answer 31

Combines EDR with network, cloud, and application security

Question 32

Penetration Testing

Answer 32

stimulates cyberattacks to find vulnerabilities Most popular uis SNORT

Question 33

Intrusion Detection Systems(IDS)

Answer 33

Detects suspious network activity

Question 34

Plan of Action and Milestones (POAM)

Answer 34

Documents identified risks and actions to fix them Only good for 180

Question 35

A company creates a document listing security weaknesses and assigns deadlines for fixing them. What is this called?

Answer 35

POAM

Question 36

NIST Cybersecurity Framework (NIST CSF)

Answer 36

Identifying, protecting, detecting, responding and recovering

Question 37

ISO 27001

Answer 37

An international standard for information security management

Question 38

A security team identifies all critical digital assets before implementing controls. Which NIST CSF Function is this?

Answer 38

Identity

Question 39

Risk Matrix

Answer 39

Assesses risk based on probablity(likelihood) and impact(Severity)

Question 40

Gap Anaylasis

Answer 40

Identifies diffrences between current security mesures and required standards

Question 41

A company compares its exsisting security controls against ISO 27001 requirements to find missing security mesuares. What process is this?

Answer 41

Gap Anaylasis