Quiz Questions Flashcards
Which of the following standards is most applicable to a company that utilizes any payment card for its operations?
PCI-DSS
What organizational plan is developed to deal with disasters and other difficult situations such as cyber-attacks, outages, or supply chain failures?
Business Continuity
What type of information could include addresses, date of birth, or social security numbers?
PII
Which of the choices below best describes an attack resulting from an unknown vulnerability exploit or a known vulnerability without a current patch?
Zero-day attack
The Risk Management Framework is a flexible risk-based approach that integrates security, privacy, and cyber supply chain risk management into the system development life cycle. Which phase of the framework involves determining the applicable controls needed to reduce business risk to an acceptable level?
Select
Which of the following is NOT considered a factor of risk?
Convenience because Cost, Mitigation and Threat are
What type of professional is hired by organizations to legally hack into their networks and identify weak entry points?
Ethical Hacker
Which organizational security team is responsible for providing security assessments outlining an organization’s system defense efficacy and resilience?
Red Team
What risk response or treatment approach has been adopted when an organization decides to purchase insurance?
Transfer
What achievement is proof of technical knowledge backed by an industry-standard provider such as Microsoft or CompTIA?
Certification
Which of the following is a Linux kernel-mode component?
Drivers
Which of the following is an identity associated with a session for proper access control?
User Account
What is the purpose of a Demilitarized Zone (DMZ)?
To separate internal networks from untrusted external traffic
Which of the following network attacks causes a service to fail by flooding the target with traffic?
Denial of Service DOS
Which control enables the creation of rules that allow or block traffic?
iptables
Which network infrastructure type connects users and end devices located in a small area such as an office building?
Local Area Network (LAN)
Which state of data represents data that are actively being used?
Data in use
Which of the following can be accomplished using a firewall?
Monitoring and filtering network traffic
Which Linux distro is specifically packaged for information security tasks such as security research or penetration testing?
Kali
What is the first step to take when hardening a Linux system?
Determine server purpose and requirements
Which is a likely cause of the continued issues related to the EternalBlue common vulnerabilities and exposures (CVE)?
Poor patch management
Which term best describes actions taken to increase infrastructure security?
Hardening
What is a true statement about the Windows Operating System?
It has a folder-based file system
Which term refers to the idea of moving security earlier in the Secure Software Development Lifecycle (SSDLC) to avoid downstream bugs and vulnerabilities?
Shift Left