IT Security: Defense against the digital dark arts
Understanding Security Threats
1.
Question 1
In the CIA triad, what does the letter ‘I’ stand for?
1 / 1 point
Information
Implementation
Integrity
Intelligence
2.
Question 2
In the terminology of information security, what is a vulnerability?
1 / 1 point
A program that entices users to download it, then installs malware on their systems
Please review the video on essential terms.
A piece of malware that records each keypress by the user and gathers confidential information
The possibility of suffering a loss in the event of an attack
A flaw in the code of an application that can be exploited
3.
Question 3
What’s the difference between a virus and a worm?
0 / 1 point
Worms replicate, but viruses do not.
Viruses do not replicate, but worms do.
Viruses replicate through files, but worms live on their own.
Worms replicate through files, but viruses live on their own.
4.
Question 4
What is it called when a hacker gets into a system through a secret entryway to gain remote access to the computer?
1 / 1 point
A backdoor
Ransomware
Adware
A Trojan
5.
Question 5
What kind of attack tricks a server by sending the server to a compromised fake site when it tries to access a legitimate site?
1 / 1 point
A DNS cache poisoning attack
A SYN flood attack
An injection attack
A DDoS attack
6.
Question 6
Which of the following can occur during a ping of death (POD) attack? Select all that apply.
0.75 / 1 point
Baiting
A buffer overflow
Phishing
Execution of malicious code
You didn’t select all the correct answers
7.
Question 7
What is it called when a hacker takes down multiple services very quickly with the help of botnets?
1 / 1 point
A SQL injection
A password attack
Distributed denial-of-service (DDoS)
Cross-site Scripting (XSS)
8.
Question 8
Which of the following measures can prevent injection attacks? Select all that apply.
1 / 1 point
Flood guards
Input validation
Data sanitization
Log analysis systems
9.
Question 9
What is a tool that protects passwords by checking whether the input is coming from a machine or a human?
1 / 1 point
A firewall
A CAPTCHA
A key logger
Antimalware software
Correct
10.
Question 10
Fill in the blank: Phishing, spoofing, and tailgating are examples of ________ attacks.
1 / 1 point
Injection
Network
Social engineering
Malware
AAA Security (Not Roadside Assistance)
1.
Question 1
Fill in the blank: _____ is the idea of describing an entity uniquely.
1 / 1 point
Authorization
Identification
Eligibility
Validity
2.
Question 2
Which of the following passwords is the strongest for authenticating to a system?
1 / 1 point
P@w04d!$$L0N6
P@ssword!
P@55w0rd!
Password!
3.
Question 3
Which of the following are types of one-time-password tokens? Select all that apply.
0.75 / 1 point
Counter-based
Time-based
Password-based
Identity-based
4.
Question 4
Which of the following might serve as a multifactor authentication mechanism when used along with a password? Select all that apply.
0.5 / 1 point
Fingerprint
Bank card
PIN
Passphrase
5.
Question 5
If an organization want to issue and sign client certificates, what will it need to set up?
1 / 1 point
A CA infrastructure
A CRL infrastructure
An LDAP infrastructure
An ID infrastructure
6.
Question 6
Consider the following scenario: A systems administrator is designing a directory architecture to support Linux servers using Lightweight Directory Access Protocol (LDAP). The directory needs to be able to make changes to directory objects securely. Which of these common operations supports these requirements?
0 / 1 point
Search, modify
Bind, modify
Bind, add
StartTLS, delete
7.
Question 7
Fill in the blank: Kerberos enforces strict _____ requirements. Otherwise, authentication will fail.
1 / 1 point
strong password
AES
time
LDAP
8.
Question 8
Consider the following scenario: Multiple client switches and routers have been set up at a small military base. The network team decided to implement Terminal Access Controller Access-Control System Plus (TACACS+), along with Kerberos, and an external Lightweight
Directory Access Protocol (LDAP) service. What is the primary reason TACACS+ was chosen for this?
1 / 1 point
NIPRNet
Single Sign-On
*A: Device administration
Network access
9.
Question 9
Consider the following scenario: A company is utilizing Google Business applications for their marketing department. These applications should be able to temporarily access a user’s email account to send links for review. Why should the company use Open Authorization (OAuth) in this situation?
1 / 1 point
Compatibility with third party apps
Gain access through a wireless access point
Administer multiple network devices
Utilize a Key Distribution Center server
10.
Question 10
Access control entries can be created for what types of file system objects? Select all that apply.
0.75 / 1 point
APIs
Folders
Files
Programs
Defense in Depth
1.
Question 1
A hacker gained access to a network through malicious email attachments. Which one of these is important when talking about methods that allow a hacker to gain this access?
1 / 1 point
An attack surface
An attack vector
An ACL
A 0-day
2.
Question 2
Which of these host-based firewall rules help to permit network access from a Virtual Private Network (VPN) subnet?
1 / 1 point
Secure Shell (SSH)
Group Policy Objects (GPOs)
Access Control Lists (ACLs)
Active Directory
3.
Question 3
A network security analyst received an alert about a potential malware threat on a user’s computer. What can the analyst review to get detailed information about this compromise? Select all that apply.
1 / 1 point
Security Information and Event Management (SIEM) system
Logs
Binary whitelisting software
Full disk encryption (FDE)
4.
Question 4
Which of these plays an important role in keeping attack traffic off your systems and helps to protect users? Select all that apply.
1 / 1 point
Antivirus software
Antimalware measures
Full disk encryption (FDE)
Multiple Attack Vectors
5.
Question 5
If a full disk encryption (FDE) password is forgotten, what can be incorporated to securely store the encryption key to unlock the disk?
1 / 1 point
Secure boot
Application policies
Key escrow
Application hardening
6.
Question 6
What is the purpose of installing updates on your computer? Select all that apply.
1 / 1 point
Updating addresses security vulnerabilities
Updating adds new features
Updating improves performance and stability
Updating helps block all unwanted traffic
7.
Question 7
When installing updates on critical infrastructure, it’s important to be what?
1 / 1 point
Fast
Patient
Calm
Careful
8.
Question 8
Why is it risky if you wanted to make an exception to the application policy to allow file sharing software?
1 / 1 point
The software can shrink attack vectors
The software could be infected with malware
The software could disable full disk encryption (FDE)
The software can normalize log data
9.
Question 9
While antivirus software operates using a ______, binary whitelisting software uses a whitelist instead.
1 / 1 point
Whitelist
Secure list
Greylist
Blacklist
10.
Question 10
Why is it important to disable unnecessary components of software and systems?
1 / 1 point
Less complexity means less expensive.
Less complexity means less time required.
Less complexity means less work..
Less complexity means less vulnerability.
Creating a Company Culture for Security
1.
Question 1
In the Payment Card Industry Data Security Standard (PCI DSS), which of these goals would benefit from encrypted data transmission?
1 / 1 point
Maintaining a vulnerability management program
Monitoring and testing networks regularly
Protecting cardholder data
Implementing strong access control measures
2.
Question 2
What tools can be used to discover vulnerabilities or dangerous misconfigurations in systems and networks?
1 / 1 point
Firewalls
Bastion hosts
Vulnerability scanners
Antimalware software
3.
Question 3
_____ is the practice of attempting to break into a system or network for the purpose of verifying the systems in place.
1 / 1 point
Network probing
Vulnerability scanning
Penetration testing
Security assessment
4.
Question 4
Which of the following devices are considered a risk when storing confidential information?
Select all that apply.
1 / 1 point
CD drives
USB sticks
Limited access file shares
Encrypted portable hard drives
5.
Question 5
Consider the following scenario:
A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company’s security policies? Select all that apply.
1 / 1 point
Upload to company secure cloud storage
Upload to a personal Google drive
Put on a company file server that you both have access to
Upload to a personal OneDrive
6.
Question 6
Which of the following are ways to prevent email phishing attacks against user passwords? Select all that apply.
1 / 1 point
Cloud email
Spam filters
User education
Virtual private network
7.
Question 7
When contracting services from a third party, what risk is the organization exposed to?
1 / 1 point
Malware attacks
DDoS attacks
Trusting the third party’s security
Zero-day vulnerabilities
8.
Question 8
Third-party services that require equipment on-site may require a company to do which of the following? Select all that apply.
1 / 1 point
Unrestricted access to the network
Provide additional monitoring via a firewall or agentless solution
Evaluate hardware in the lab first
Provide remote access to third-party service provider
9.
Question 9
What are some behaviors to be encouraged in order to build a security-conscious culture? Select all that apply.
1 / 1 point
Checking website URLs when authenticating
Locking your screen
Asking security-related questions
Shaming people who haven’t done a good job of ensuring their company’s security
10.
Question 10
How can events be reconstructed after an incident?
1 / 1 point
By reviewing and analyzing logs
By doing analysis of forensic malware
By interviewing the people involved
By replaying security video footage
