More Exam questions

Question 1

The CIA Triad is considered to be one of the core principles of information security; what does “A” stand for in this acronym? (Select 1 correct answer)

A. Authorization
B. Automation
C. Availability
D. Authentication

Answer 1

C

Question 2

What is the name of an extremely large table of hash values generated by an attacker to crack system passwords? (Select 1 correct answer)

A. Dictionary table
B. Rainbow table
C. Privilege elevation table
D. None of the above

Answer 2

B

Question 3

Which of the following properties does SSL/TLS protect? (Select 1 correct answer)

A. Privacy
B. Availability
C. Confidentiality, integrity, and authentication
D. Auditing

Answer 3

C

Question 4

What is a shoulder surfing attack? (Select 1 correct answer)

A. Replay attack
B. Eavesdropping attack
C. Trojan horse attack
D. Denial of service attack

Answer 4

B

Question 5

Password files can be protected by what means? (Select 2 correct answers)

A. Honeypots
B. Cryptographic protection
C. Virus scanners
D. Access control

Answer 5

B, D

Question 6

In access control, what is responsible for regulating the access of subjects to objects on the basis of security parameters? (Select 1 correct answer)

A. Availability checker
B. Reference monitor
C. Logic bomb
D. Virus analyzer

Answer 6

B

Question 7

Which of the following can be considered to be an elevation of privilege? (Select 1 correct answer)

A. Someone extracts secrets from error messages
B. Someone floods the network with requests
C. Someone modifies data to do things other than what is permitted for that user
D. Someone ignores the security policy

Answer 7

C

Question 8

Which of the following are examples of symmetric encryption algorithms? (Select 2)

A. 3DES
B. MD5 hash
C. RSA
D. AES

Answer 8

A, D

Question 9

Access control can support which of the following security goals? (Select 2 correct answers)

A. Availability
B. Integrity
C. Confidentiality
D. None of the above

Answer 9

B, C

Question 10

How many keys does an asymmetric cipher rely on for secure communication? (Select 1 correct answer)

A. 3
B. 2
C. 1
D. No key is required

Answer 10

B

Question 11

What is the process of granting a privilege or permission to a system entity to access a system resource called? (Select 1 correct answer)

A. Authentication
B. Monitoring
C. Authorization
D. Control

Answer 11

C

Question 12

Enforcing a system-generated password on a user can be considered as an example of what? (Select 1 correct answer)

A. Reactive password checking
B. Idle password checking
C. Proactive password checking
D. All of the above

Answer 12

C

Question 13

What is a web security attack that allows an attacker to interfere with transaction queries to a database? (Select 1 correct answer)

A. Social engineering attack
B. SQL injection attack
C. Brute-force attack
D. Database dictionary attack

Answer 13

B

Question 14

Hacking a system by exploiting the people that use it is referred to as what? (Select 1 correct answer)

A. Command injection attack
B. SQL injection attack
C. Social engineering attack
D. Brute-force attack

Answer 14

C

Question 15

One of the criteria that a one-way function should satisfy is what? (Select 1 correct answer)

A. Easy to reverse
B. Hard to reverse
C. Helps prevent virus
D. Easy to decode

Answer 15

B

Question 16

What is identification?

Answer 16

Identification is the process of claiming an identity. It’s the step where a user presents their identity, typically through a unique identifier.

Question 17

What is authentication?

Answer 17

Authentication is the process of verifying the identity presented during the identification step. It’s how the system checks whether the user is indeed who they claim to be.

Question 18

What is Kerberos?

Answer 18

Kerberos is a network authentication protocol that uses tickets to allow nodes to communicate over a non-secure network.

Question 19

What is OAuth?

Answer 19

OAuth is a protocol that allows third-party applications to access user data without exposing their credentials.

Question 20

What is SAML (Security Assertion Markup Language)?

Answer 20

It is a protocol that exchanges authentication and authorization data between an identity provider and a service provider.

Question 21

What is an offline dictionary attack?

Answer 21

Attackers obtain hashed passwords and use a precomputed dictionary of hash values to crack them offline.

Question 22

What is a hash function?

Answer 22

A hash function is a mathematical function that transforms input (like your
password) into a fixed-length string of characters, called a hash.

Question 23

What is a trusted path mechanism?

Answer 23

Trusted path is a mechanism that guarantees that the user communicates with the operating system and not with a spoofing program.

Question 24

What is EEPROM (Electrically Erasable Programmable ROM)?

Answer 24

EEPROM is a type of memory that can be written to and erased using electrical signals. Unlike regular ROM, which is permanent, EEPROM allows data to be changed or updated. EEPROM is slower than regular RAM but more flexible.

Question 25

What is a threat?

Answer 25

A potential event or action that can compromise the security of an asset, exploiting a vulnerability.

Question 26

Name the 6 types of threat agents

Answer 26

Hackers Thieves Hacktivists Competitors and organized crime Terrorists Nation States

Question 27

What are tangible assets?

Answer 27

Tangible assets are physical components that can be touched, measured, and quantified. Example: Servers, Networking equipment, Storage devices, Workstations and laptops.

Question 28

What are intangible assets?

Answer 28

Intangible assets are non-physical elements that hold value for an organization, they are often crucial for operations and reputation. Example: Brand reputation, data, software and applications, encryption keys and certificates, etc.

Question 29

What is a vulnerability?

Answer 29

A vulnerability is a weakness in a system that can be exploited, either accidentally or intentionally, to cause harm. This harm can affect assets such as hardware, software, data, reputation, and more.

Question 30

What is an attack surface?

Answer 30

An attack surface consists of the reachable and exploitable vulnerabilities in a system. Example: Open ports on outward-facing web and other servers, services available inside a firewall, code that processes incoming data.

Question 31

What is an attack tree?

Answer 31

An attack tree is a branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities.

Question 32

What does the root node of an attack tree represent?

Answer 32

The primary goal of the attack

Question 33

What is malware?

Answer 33

A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim.

Question 34

What is a worm?

Answer 34

A worm is a type of malware that attempts to penetrate networks and computer systems. A worm is self-replicating and can spread independently across networks.

Question 35

What is a virus?

Answer 35

It is a piece of malicious code that replicates by attaching itself to another executable file. When the infected file is executed, the virus is also triggered, allowing it to infect other files or perform malicious actions.

Question 36

What is a trojan horse?

Answer 36

A Trojan horse (or simply Trojan) is a type of software that appears to perform a useful function but secretly executes harmful actions. Unlike a virus, which spreads by attaching to other programs, a Trojan is a standalone program that must be installed by the user.

Question 37

What is a logic bomb?

Answer 37

A logic bomb is a piece of malicious code that remains inactive until specific conditions are met.

Question 38

What is a botnet (attack agents)?

Answer 38

A botnet is a network of compromised computers (bots or zombies) controlled by an attacker.

Question 39

What is a rootkit?

Answer 39

A rootkit is a set of tools that enable covert system access while hiding evidence of its presence.

Question 40

What is buffer overflow?

Answer 40

A buffer is a specific memory location used to store data during program execution. Buffer overflow occurs when data exceeds the allocated buffer size, leading to unintended memory overwrites. This can be exploited by attackers to crash a system or execute malicious code.

Question 41

What is a digital certificate?

Answer 41

A digital certificate is a message signed by a Certificate Authority (CA) that binds a subject’s name to their public key.

Question 42

What is TLS (Transport Layer Security)?

Answer 42

TLS is a cryptographic protocol that protects data transmission between users and servers. It's key features are authentication, data integrity, and message confidentiality.

Question 43

What is HTTPS (Hypertext Transfer Protocol Secure)?

Answer 43

HTTPS is an extension of HTTP that ensures secure communication over a network by encrypting data using SSL/TLS protocols. This encryption helps protect sensitive information exchanged between a web browser and a web server, preventing unauthorized access or data interception.

Question 44

What is IPSec (Internet Protocol Security)?

Answer 44

IPSec is a protocol suite designed to secure network communications at the IP layer rather than at the transport layer. It provides a robust mechanism for ensuring data confidentiality, integrity, and authenticity across network transmissions.

Question 45

What is the purpose of a VPN (Virtual Private Network)?

Answer 45

A VPN establishes a secure and encrypted digital connection between a user's device and a remote server operated by a VPN provider. By encrypting personal data and masking the user's IP address, VPNs provide privacy, security, and access to geo-restricted content.

Question 46

What is SSH (Secure Shell)?

Answer 46

SSH is a cryptographic network protocol designed for securely performing network services over an insecure network. It ensures secure remote login, command execution, and file transfers by encrypting communication, protecting confidentiality, and maintaining data integrity.

Question 47

What is SFTP (Secure File Transfer Protocol)?

Answer 47

SFTP is an enhanced version of File Transfer Protocol (FTP) that provides secure file transfer capabilities over an encrypted SSH connection. This prevents vulnerabilities such as Man-in-the-Middle (MITM) attacks and password sniffing.

Question 48

What is OAuth 2.0?

Answer 48

OAuth 2.0 is an authorization framework that allows third-party applications to securely access a user's resources without exposing login credentials. It is widely used for enabling secure authentication across web services, such as logging into third-party apps using Google, Facebook, or Microsoft accounts.

Question 49

What is access control and what is it used for?

Answer 49

Access control is the process by which a computer system regulates the interaction between users, programs, or other entities and system resources based on a security policy. It ensures that only authorized users can access certain resources.

Question 50

What are the two types of NIDS sensors?

Answer 50

Inline and passive sensors

Question 51

What are honeypots?

Answer 51

Decoy systems designed to lure attackers away from critical systems.

Question 52

What is a firewall?

Answer 52

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Question 53

What is an asset?

Answer 53

Any valuable resource that requires protection. These can be tangible, like servers or data centers, or intangible, such as intellectual property.

Question 54

What is asset valuation?

Answer 54

The value of an asset, often measured in monetary terms (like replacement costs) or by its importance to the organization. This helps prioritize protection efforts based on the asset’s significance.

Question 55

What is a risk?

Answer 55

The potential for loss that arises from the combination of a threat exploiting a vulnerability and the harm it causes.