IS5403 Week 1 Quizezz

5

Question

Proxies are "devices" that are strictly software-only.

True

True when the network is not Windows based.

True only when the network is Windows based.

False

Correct

 

5 of 8

6

Question

A web application firewall is exactly the same as a network firewall.

False

True in terms of software core.

True

True in terms of hardware structure.

Correct

 

6 of 8

7

Question

A Web application firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. It prevents targeted attacks that include Denial of Service (DOS), Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), forceful browsing, cookie poisoning and invalid input. In which of the following attacks does the attacker gains access to a restricted page within a Web application by supplying a URL directly?

SQL injection

Cross-Site Request Forgery (CSRF)

Cross-Site Scripting (XSS)

Forceful browsing

Correct

 

7 of 8

8

Question

Anetwork administrator is evaluating different firewalls. Which of the following firewalls provides protection from the following attacks: Denial of Service (DOS), Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), forceful browsing, cookie poisoning and invalid input?

Stateful Packet Inspection (SPI) firewall

Unified Threat Management (UTM)

Web application firewall (WAF)

Application Layer Gateway (ALG)

Correct

2

Question

Which of the following risks does the use of social netowrking and P2P platforms pose?

Social engineering attacks

Virtualization attacks

Cloud computing attacks

Virus attacks

Sniffing attacks

Correct

 

2 of 4

3

Question

Under which of the following does "shoulder surfing" fall?

Social engineering

Spoofing

Eavedropping

Smurfing

Correct

 

3 of 4

4

Question

What are the factors that contribute to the effectiveness of social engineering techniques? [Choose all that apply.]

Intimidation

Authority

Scarcity and Urgency

Consensus

Familiarity and Trust

Social proof

Correct

Which tool is most commonly associated with nation state threat actors?

• Unlimited Harvest and Secure Attack (UHSA)
• Closed-Source Resistant and Recurrent Malware (CSRRM)
• Advanced Persistent Threat (APT)
• Network Spider and Worm Threat (NSAWT)

CORRECT

See Ch. 1: Introduction to Security, Section - Nation State Actors

Which of the following is an enterprise critical asset?

• Information
• Outsourced computing services
• System software
• Servers, routers, and power supplies

CORRECT

See Ch. 1: Introduction to Security, Section - Information Security Terminology

Which of the following is NOT a successive layer in which information security is achieved?

• Products
• Procedures
• Purposes
• People

CORRECT

See Ch. 1: Introduction to Security, Section - Defining Information Security

Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users' needs. Which of these generally recognized security positions has Ian been offered?

• Security administrator
• Security technician
• Security officer
• Security manager

CORRECT

See Ch. 1: Introduction to Security, Section - Challenges of Securing Information

Which of the following is NOT true regarding security?

• Security includes the necessary steps to protect from harm.
• Security is a process.
• Security is a war that must be won at all costs.
• Security is a goal.

CORRECT

See Ch. 1: Introduction to Security, Section - Understanding Security

What is a race condition?

• When an attack finishes its operation before antivirus can complete its work.
• When a software update is distributed prior to a vulnerability being discovered.
• When a vulnerability is discovered and there is a race to see if it can be patched before it is exploited by attackers.
• When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.

CORRECT

See Ch. 1: Introduction to Security, Section - Reasons for Successful Attacks

What are industry-standard frameworks and reference architectures that are required by external agencies known as?

• Compulsory
• Required
• Mandatory
• Regulatory

CORRECT

See Ch. 1: Introduction to Security, Section - Frameworks and Reference Architectures

Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document?

• Transfer risk
• Avoid risk
• Extinguish risk
• Mitigate risk

CORRECT

See Ch. 1: Introduction to Security, Section - Information Security Terminology

An organization that practices purchasing products from different vendors is demonstrating which security principle?

• Layering
• Obscurity
• Limiting
• Diversity

CORRECT

See Ch. 1: Introduction to Security, Section - Fundamental Security Principles

Which act requires banks and financial institutions to alert their customers of their policies in disclosing customer information?

• Sarbanes-Oxley Act (Sarbox)
• Gramm-Leach-Bliley Act (GLBA)
• Financial and Personal Services Disclosure Act
• Health Insurance Portability and Accountability Act (HIPAA)

CORRECT

See Ch. 1: Introduction to Security, Section - Understanding the Importance of Information Security

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?

• Competitors
• Cyberterrorists
• Brokers
• Resource managers

CORRECT

See Ch. 1: Introduction to Security, Section - Other Threat Actors

Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use?

• Security and convenience are inversely proportional.
• Whenever security and convenience intersect, security always wins.
• Convenience always outweighs security.
• Security and convenience are not related.

CORRECT

See Ch. 1: Introduction to Security, Section - Understanding Security

Which the following is NOT a reason why it is difficult to defend against today's attackers?

• Greater sophistication of defense tools
• Delays in security updating
• Simplicity of attack tools
• Increased speed of attacks

CORRECT

See Ch. 1: Introduction to Security, Section - Difficulties in Defending Against Attacks

Why do cyberterrorists target power plants, air traffic control centers, and water systems?

• These targets are government-regulated and any successful attack would be considered a major victory.
• They can cause significant disruption by destroying only a few targets.
• These targets have notoriously weak security and are easy to penetrate.
• The targets are privately owned and cannot afford high levels of security.

CORRECT

See Ch. 1: Introduction to Security, Section - Other Threat Actors

Tatyana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. Which of the following configuration issues would NOT be covered?

• Vulnerable business processes
• Default configurations
• Weak configurations
• Misconfigurations

CORRECT

See Ch. 1: Introduction to Security, Section - Reasons for Successful Attacks

Signe wants to improve the security of the small business where she serves as a security manager. She determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. What security principle does Signe want to use?

• Limiting
• Layering
• Diversity
• Obscurity

CORRECT

See Ch. 1: Introduction to Security, Section - Fundamental Security Principles

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.

• using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources
• through a long-term process that results in ultimate security
• on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network
• through products, people, and procedures on the devices that store, manipulate, and transmit the information

CORRECT

See Ch. 1: Introduction to Security, Section - Defining Information Security

Alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. She has decided to focus on the issue of widespread vulnerabilities. Which of the following would Alyona NOT include in her presentation?

• Misconfigurations
• Large number of vulnerabilities
• End-of-life systems
• Lack of vendor support

CORRECT

See Ch. 1: Introduction to Security, Section - Reasons for Successful Attacks

Which of the following ensures that only authorized parties can view protected information?

• Availability
• Confidentiality
• Authorization
• Integrity

CORRECT

See Ch. 1: Introduction to Security, Section - Defining Information Security

What is an objective of state-sponsored attackers?

• To sell vulnerabilities to the highest bidder
• To spy on citizens
• To right a perceived wrong
• To amass fortune over of fame

CORRECT

See Ch. 1: Introduction to Security, Section - Nation State Actors

A watering hole attack is directed against which of the following?

• attackers who send spam
• all users of a large corporation
• wealthy individuals
• a smaller group of specific users

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Psychological Approaches

Which statement regarding a keylogger is NOT true?

• Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet.
• Keyloggers can be used to capture passwords, credit card numbers, or personal information.
• Software keyloggers are generally easy to detect.
• Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port.

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Payload Capabilities

Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?

• betamorphic
• polymorphic
• oligomorphic
• metamorphic

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Circulation

Which type of malware requires a user to transport it from one computer to another?

• rootkit
• adware
• virus
• worm

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - CirculationWhich type of malware requires a user to transport it from one computer to another?

• rootkit
• adware
• virus
• worm

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Circulation

What is the name of the threat actor's computer that gives instructions to an infected computer?

• Command and control (C&C) server
• Monitoring and Infecting (M&I) server
• Regulating Net Server (RNS)
• Resource server

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Infection

Each of these is a reason why adware is scorned EXCEPT _____.

• it can cause a computer to crash or slow down
• it displays objectionable content
• it displays the attacker's programming skills
• it can interfere with a user's productivity

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Payload Capabilities

Linnea's father called her to say that a message suddenly appeared on his screen that says his software license has expired and he must immediately pay $500 to have it renewed before control of the computer will be returned to him. What type of malware is this?

• lockoutware
• persistent virusware
• blocking ransomware
• Trojanware

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Infection

Which of these items retrieved through dumpster diving would NOT provide useful information?

• books
• organizational charts
• calendars
• memos

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Physical Procedures

Which of the following is NOT a primary trait of malware?

• circulation
• diffusion
• concealment
• infection

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Attacks Using Malware

Which variation of a phishing attack sends phishing messages only to wealthy individuals?

• Whaling
• Target phishing
• Spear phishing
• Microing

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Psychological Approaches

Which of these could NOT be defined as a logic bomb?

• Erase all data if Matilda's name is removed from the list of employees.
• Send spam email to Moa's inbox on Tuesday.
• Reformat the hard drive three months after Sigrid left the company.
• If the company's stock price drops below $100, then credit Juni's account with 10 additional years of retirement credit.

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Payload Capabilities

What is the term used for a threat actor who controls multiple bots in a botnet?

• cyber-robot
• zombie shepherd
• rogue IRC
• bot herder

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Payload Capabilities

Lykke receives a call while working at the helpdesk from someone who needs his account reset immediately. When Lykke questions the caller, he says, "If you don't reset my account immediately, I will call your supervisor!" What psychological approach is the caller attempting to use on Lykke?

• Intimidation
• Consensus
• Scarcity
• Familiarity

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Psychological Approaches

Which of these is a general term used for describing software that gathers information without the user's consent?

• scrapeware
• gatherware
• spyware
• adware

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Payload Capabilities

Which of the following is NOT correct about a rootkit?

• A rootkit accesses "lower layers" of the operating system.
• The risk of a rootkit is less today than previously.
• A rootkit is able to hide its presence or the presence of other malware.
• A rootkit is always the payload of a Trojan.

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Concealment

Astrid's computer screen suddenly says that all files are now locked until money is transferred to a specific account, at which time she will receive a means to unlock the files. What type of malware has infected her computer?

• Networked worm
• Crypto-malware
• Bitcoin malware
• Blocking virus

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Infection

How can an attacker use a hoax?

• Hoaxes are not used by attackers today.
• A user who receives multiple hoaxes could contact his supervisor for help.
• By sending out a hoax, an attacker can convince a user to read his email more often.
• A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings.

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Psychological Approaches

Hedda pretends to be the help desk manager and calls Steve to trick him into giving her his password. What social engineering attack has Hedda performed?

• luring
• aliasing
• duplicity
• impersonation

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Psychological Approaches

Ebba received a message from one of her tech support employees. In violation of company policy, a user had downloaded a free program to receive weather reports, but the program had also installed malware on the computer that gave the threat actor unrestricted access to the computer. What type of malware had been downloaded?

• RAT
• virus
• Trojan
• ransomware

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Infection

Which of the following is defined as following an authorized person through a secure door?

• Tagging
• Backpacking
• Caboosing
• Tailgating

CORRECT

See Ch. 2: Malware and Social Engineering Attacks, Section - Physical Procedures