Week 02 Foundations of Cybersecurity

Question 1

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently.
A) Artificial neural network (ANN)
B) Artificial general intelligence (AGI)
C) Adversarial artificial intelligence (AI)
D) Artificial swarm intelligence (ASI)

Answer 1

Answer: C

Question 2

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage.
A) Business Email Encryption (BEE)
B) Business Email Compromise (BEC)
C) Business Email Verification (BEV)
D) Business Email Marketing (BEM)

Answer 2

Answer: B

Question 3

Malicious code written to interfere with computer operations and cause damage to data and software
A) Computer worm
B) Computer trojan
C) Computer ransomware
D) Computer virus

Answer 3

Answer: D

Question 4

An attack that affects secure forms of communication between a sender and intended recipient
A) Cryptographic attack
B) Cryptographic protocol
C) Cryptographic hash
D) Cryptographic key

Answer 4

Answer: A

Question 5

Any person who uses computers to gain access to computer systems, networks, or data
A) Cracker
B) Hacker
C) Breaker
D) Maker

Answer 5

Answer: B

Question 6

Software designed to harm devices or networks
A) Firmware
B) Shareware
C) Malware
D) Freeware

Answer 6

Answer: C

Question 7

An attempt to access password secured devices, systems, networks, or data
A) Password cracking
B) Password attack
C) Password recovery
D) Password guessing

Answer 7

Answer: B

Question 8

The use of digital communications to trick people into revealing sensitive data or deploying malicious software
A) Fishing
B) Fission
C) Fusio
D) Phishing

Answer 8

Answer: D

Question 9

A security incident that affects not only digital but also physical environments where the incident is deployed
A) Physical attack
B) Physical security
C) Physical layer
D) Physical access

Answer 9

Answer: A

Question 10

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
A) Phishing Attack
B) Man-in-the-Middle Attack
C) Physical Social Engineering
D) Brute Force Attack

Answer 10

Answer: C

Question 11

A manipulation technique that exploits human error to gain private information, access, or valuables
A) Social engineering toolkit (SET)
B) Social proof
C) Physical social engineering
D) Social network analysis (SNA)

Answer 11

Answer: A

Question 12

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
A) Social media phishing
B) Social media analytics
C) Social media marketing
D) Social media management

Answer 12

Answer: A

Question 13

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
A) Spear fishing
B) Spear throwing
C) Spear phishing
D) Spear hunting

Answer 13

Answer: C

Question 14

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
A) Supply-chain management
B) Supply-chain optimization
C) Supply-chain integration
D) Supply-chain attack

Answer 14

Answer: D

Question 15

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
A) USB charging
B) USB baiting
C) USB formatting
D) USB debugging

Answer 15

Answer: B

Question 16

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
A) Vishing
B) Fishing
C) Dishing
D) Wishing

Answer 16

Answer: A

Question 17

A type of attack when a threat actor compromises a website frequently visited by a specific group of users
A) Waterfall attack
B) Watering hole attack
C) Watergate attack
D) Watermark attack

Answer 17

Answer: B

Question 18

What is a threat actor?
A) Any person or group who presents a security risk
B) Any person or group who defends against security risks
C) Any person or group who investigates security risks
D) Any person or group who creates security risks

Answer 18

A

Question 19

What is an example of an advanced persistent threat’s intention?
A) Sabotage
B) Corruption
C) Damaging critical infrastructure
D) Social change campaigns

Answer 19

C

Question 20

What is an example of an insider threat’s motivation?
A) Espionage
B) Fame
C) Propaganda
D) Demonstrations

Answer 20

A

Question 21

What is an example of a hacktivist’s goal?
A) Gaining access to intellectual property
B) Unauthorized data access or leaks
C) Demonstration
D) All of the above

Answer 21

C

C) Demonstration is correct because hacktivism, or hacker activism, often involves using hacking techniques to promote a political agenda or social change. This can include demonstrations where hacktivists make a show of their abilities or the vulnerabilities of systems to raise awareness about certain issues.

Question 22

What is the difference between authorized and unauthorized hackers?
A) Authorized hackers follow a code of ethics and adhere to the law, while unauthorized hackers do not
B) Authorized hackers use existing malware and scripts, while unauthorized hackers create their own
C) Authorized hackers work for pay, while unauthorized hackers work for fun
D) Authorized hackers protect the world from unethical hackers, while unauthorized hackers exploit security weaknesses

Answer 22

A

The answer A, “Authorized hackers follow a code of ethics and adhere to the law, while unauthorized hackers do not”, is correct because it accurately describes the fundamental difference between authorized and unauthorized hackers¹²⁴.

Authorized hackers, also known as ethical hackers or white-hat hackers, operate within the boundaries of the law and adhere to a code of ethics². They use their skills to identify and fix security vulnerabilities in systems with the permission of the system owners².

On the other hand, unauthorized hackers, also known as black-hat hackers, do not adhere to these ethical guidelines or laws²⁴. They often use their skills maliciously to gain unauthorized access to systems, often with the intent of stealing valuable data or causing harm²⁴.

While options B, C, and D may contain elements of truth, they do not capture the core difference between authorized and unauthorized hackers as accurately as option A does. For example, both authorized and unauthorized hackers can create their own tools or use existing ones¹, both can work for pay or for fun¹, and while authorized hackers often work to protect systems from unethical hackers, not all unauthorized hackers exploit security weaknesses¹².

Source:
(1) Hacking vs unauthorised access – what’s the difference?. https://itgovernance.co.uk/blog/hacking-vs-unauthorised-access-whats-the-difference.
(2) What Is Ethical Hacking | Cybersecurity | CompTIA. https://www.comptia.org/content/articles/what-is-ethical-hacking.
(3) What is a white hat or ethical hacker? - Paubox. https://www.paubox.com/blog/what-is-a-white-hat-or-ethical-hacker.
(4) Unauthorized Access: Prevention Best Practices | Egnyte. https://www.egnyte.com/guides/governance/unauthorized-access.

Question 23

What is an example of a semi-authorized hacker’s motivation?
A) To conduct organizational risk evaluations
B) To search for vulnerabilities but not take advantage of them
C) To collect and sell confidential data for financial gain
D) To learn and enhance their hacking skills

Answer 23

B

Question 24

What is an example of a vigilante hacker’s goal?
A) To safeguard people and organizations from malicious threat actors
B) To seek revenge
C) To exploit security weaknesses by using existing malware, programming scripts, and other tactics
D) To complete the job they were contracted to do

Answer 24

A

Question 25

What is a key takeaway from the writing?
A) Threat actors and hackers are technically skilled individuals
B) Threat actors and hackers are motivated by a political agenda
C) Threat actors and hackers are always unethical and illegal
D) Threat actors and hackers are easy to identify and stop

Answer 25

A

Question 26

What is a manipulation technique that exploits human error to gain private information, access, or valuables?
A) Password attack
B) Social engineering attack
C) Physical attack
D) Cryptographic attack

Answer 26

B

Question 27

What is a security incident that affects not only digital but also physical environments where the incident is deployed?
A) Adversarial artificial intelligence
B) Supply-chain attack
C) Physical attack
D) Birthday attack

Answer 27

C

Question 28

What is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently?
A) Adversarial artificial intelligence
B) Downgrade attack
C) Collision attack
D) Watering hole attack

Answer 28

A

Question 29

What is an example of a physical attack?
A) Malicious USB cable
B) Phishing
C) Card cloning and skimming
D) Both A and C

Answer 29

D

Question 30

What is an example of a cryptographic attack?
A) Smishing
B) Vishing
C) Birthday
D) Spear phishing

Answer 30

C