50 Questions Test For Cyber Security Part 2

50 Questions

Settings
Please wait...
50 Questions Test For Cyber Security Part 2

Cyber security is very important especially in this day and age where everything is automated. No programmer or tech wiz would appreciate if their security protocols are hacked therefore the need to be educated on how to protect their information. Take up the quiz and test your knowledge on cyber security.


Questions and Answers
  • 1. 
    Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of data making it susceptible to brute force attacks?       
    • A. 

      PAP

    • B. 

      NTLMv2

    • C. 

      LANMAN

    • D. 

      CHAP

  • 2. 
    Which of the following should be used to help prevent device theft of unused assets?
    • A. 

      HSM device

    • B. 

      Locking cabinet

    • C. 

      Device encryption

    • D. 

      GPS tracking

  • 3. 
    Which of the following security practices should occur initially in software development?       
    • A. 

      Secure code review

    • B. 

      Patch management

    • C. 

      Fuzzing

    • D. 

      Penetration tests

  • 4. 
    Which of the following uses tickets to identify users to the network?      
    • A. 

      RADIUS

    • B. 

      LDAP

    • C. 

      TACACS+

    • D. 

      Kerberos

  • 5. 
    Which of the following file transfer protocols is an extension of SSH?       
    • A. 

      FTP

    • B. 

      TFTP

    • C. 

      SFTP

    • D. 

      FTPS

  • 6. 
    Due to sensitive data concerns, a security administrator has enacted a policy preventing the use of flash drives. Additionally, which of the following can the administrator implement to reduce the risk of data leakage?       
    • A. 

      Enact a policy that all work files are to be password protected.

    • B. 

      Enact a policy banning users from bringing in personal music devices.

    • C. 

      Provide users with unencrypted storage devices that remain on-site.

    • D. 

      Disallow users from saving data to any network share.

  • 7. 
    The security administrator implemented privacy screens, password protected screen savers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate? (Select TWO).        
    • A. 

      Whaling

    • B. 

      Dumpster diving

    • C. 

      Shoulder surfing

    • D. 

      Tailgating

    • E. 

      Impersonation

  • 8. 
    Performing routine security audits is a form of which of the following controls?       
    • A. 

      Preventive

    • B. 

      Detective

    • C. 

      Protective

    • D. 

      Proactive

  • 9. 
     Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?
    • A. 

      LDAP injection

    • B. 

      SQL injection

    • C. 

      Error and exception handling

    • D. 

      Cross-site scripting

  • 10. 
    Which of the following access control technologies provides a rolling password for one-time use?       
    • A. 

      RSA tokens

    • B. 

      ACL

    • C. 

      Multifactor authentication

    • D. 

      PIV card

  • 11. 
    • A. 

      Document scan results for the change control board.

    • B. 

      Organize data based on severity and asset value.

    • C. 

      Examine the vulnerability data using a network analyzer.

    • D. 

      Update antivirus signatures and apply patches.

  • 12. 
    • A. 

      ARP poisoning

    • B. 

      MAC spoofing

    • C. 

      PWWN spoofing

    • D. 

      DNS poisoning

  • 13. 
    Which of the following devices would be installed on a single computer to prevent intrusion?       
    • A. 

      Host intrusion detection

    • B. 

      Network firewall

    • C. 

      Host-based firewall

    • D. 

      VPN concentrator

  • 14. 
    Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?       
    • A. 

      Password behaviors

    • B. 

      Clean desk policy

    • C. 

      Data handling

    • D. 

      Data disposal

  • 15. 
    A penetration test shows that almost all database servers were able to be compromised through a default database user account with the default password. Which of the following is MOST likely missing from the operational procedures?  
    • A. 

      Application hardening

    • B. 

      OS hardening

    • C. 

      Application patch management

    • D. 

      SQL injection

  • 16. 
    • A. 

      Segmentation of each wireless user from other wireless users

    • B. 

      Disallows all users from communicating directly with the AP

    • C. 

      Hides the service set identifier

    • D. 

      Makes the router invisible to other routers

  • 17. 
    Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?       
    • A. 

      SSH

    • B. 

      SCP

    • C. 

      SFTP

    • D. 

      SNMP

  • 18. 
    Which of the following is MOST likely to be the last rule contained on any firewall?       
    • A. 

      IP allow any any

    • B. 

      Implicit deny

    • C. 

      Separation of duties

    • D. 

      Time of day restrictions

  • 19. 
    During the analysis of malicious code, a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?       
    • A. 

      Buffer overflow

    • B. 

      XML injection

    • C. 

      SQL injection

    • D. 

      Distributed denial of service

  • 20. 
    Which of the following is true about hardware encryption? (Select TWO).       
    • A. 

      It must use elliptical curve encryption.

    • B. 

      It requires a HSM file system.

    • C. 

      It only works when data is not highly fragmented.

    • D. 

      It is faster than software encryption.

    • E. 

      It is available on computers using TPM.

  • 21. 
    Which of the following is an example of verifying new software changes on a test system?      
    • A. 

      User access control

    • B. 

      Patch management

    • C. 

      Intrusion prevention

    • D. 

      Application hardening

  • 22. 
    Which of the following is a technical control?     
    • A. 

      System security categorization requirement

    • B. 

      Baseline configuration development

    • C. 

      Contingency planning

    • D. 

      Least privilege implementation

  • 23. 
    Public keys are used for which of the following?       
    • A. 

      Decrypting wireless messages

    • B. 

      Decrypting the hash of an electronic signature

    • C. 

      Bulk encryption of IP based email traffic

    • D. 

      Encrypting web browser traffic

  • 24. 
    Which of the following penetration testing types is performed by security professionals with limited inside knowledge of the network?       
    • A. 

      Passive vulnerability scan

    • B. 

      Gray box

    • C. 

      White box

    • D. 

      Black box

  • 25. 
    Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?       
    • A. 

      Spam filter

    • B. 

      IDS

    • C. 

      Firewall

    • D. 

      Malware inspection

  • 26. 
    Which of the following cloud computing concepts is BEST described as providing an easy-to-configure OS and on-demand computing for customers?       
    • A. 

      Platform as a Service

    • B. 

      Software as a Service

    • C. 

      Infrastructure as a Service

    • D. 

      Trusted OS as a Service

  • 27. 
    • A. 

      Separation of duties

    • B. 

      Time of day restrictions

    • C. 

      Access control lists

    • D. 

      Mandatory access control

    • E. 

      Single sign-on

  • 28. 
    Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?     
    • A. 

      Fire suppression

    • B. 

      Video monitoring

    • C. 

      EMI shielding

    • D. 

      Hot and cold aisles

  • 29. 
    Which of the following is used when performing a quantitative risk analysis?       
    • A. 

      Focus groups

    • B. 

      Asset value

    • C. 

      Surveys

    • D. 

      Best practice

  • 30. 
    Which of the following BEST describes the function of TPM?      
    • A. 

      High speed secure removable storage device

    • B. 

      Third party certificate trust authority

    • C. 

      Hardware chip that stores encryption keys

    • D. 

      A trusted OS model

  • 31. 
    Which of the following PKI implementation element is responsible for verifying the authenticity of certificate contents?     
    • A. 

      CRL

    • B. 

      Key escrow

    • C. 

      Recovery agent

    • D. 

      CA

  • 32. 
    Which of the following describes a passive attempt to identify weaknesses?       
    • A. 

      Vulnerability scanning

    • B. 

      Zero day attack

    • C. 

      Port scanning

    • D. 

      Penetration testing

  • 33. 
    • A. 

      NIPS is blocking activities from those specific websites.

    • B. 

      NIDS is blocking activities from those specific websites.

    • C. 

      The firewall is blocking web activity.

    • D. 

      The router is denying all traffic from those sites.

  • 34. 
    • A. 

      DHCP

    • B. 

      SSID broadcast

    • C. 

      MAC filtering

    • D. 

      AP isolation

  • 35. 
    Which of the following is the BEST choice for encryption on a wireless network?       
    • A. 

      WPA2-PSK

    • B. 

      AES

    • C. 

      WPA

    • D. 

      WEP

  • 36. 
    Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information?       
    • A. 

      Password complexity requirements

    • B. 

      Phishing techniques

    • C. 

      Handling PII

    • D. 

      Tailgating techniques

  • 37. 
    If a user wishes to receive a file encrypted with PGP, the user must FIRST supply the:       
    • A. 

      Public key

    • B. 

      Recovery agent

    • C. 

      Key escrow account

    • D. 

      Private key

  • 38. 
    • A. 

      To passively test security controls within the enterprise

    • B. 

      To provide training to white hat attackers

    • C. 

      To identify all vulnerabilities and weaknesses within the enterprise

    • D. 

      To determine the impact of a threat against the

  • 39. 
    Which of the following methods BEST describes the use of hiding data within other files?       
    • A. 

      Digital signatures

    • B. 

      PKI

    • C. 

      Transport encryption

    • D. 

      Steganography

  • 40. 
    Which of the following BEST describes the proper method and reason to implement port security?       
    • A. 

      Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.

    • B. 

      Apply a security control which ties specific networks to end-device IP addresses and prevents new devices from being connected to the network.

    • C. 

      Apply a security control which ties specific ports to end-device MAC addresses and prevents all devices from being connected to the network.

    • D. 

      Apply a security control which ties specific ports to end-device IP addresses and prevents mobile devices from being connected to the network.

  • 41. 
    Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?       
    • A. 

      Exception handling

    • B. 

      Adware

    • C. 

      Cross-site request forgery

    • D. 

      Cross-site scripting

  • 42. 
    Which of the following is MOST likely to result in data loss?       
    • A. 

      Accounting transferring confidential staff details via SFTP to the payroll department.

    • B. 

      Back office staff accessing and updating details on the mainframe via SSH.

    • C. 

      Encrypted backup tapes left unattended at reception for offsite storage.

    • D. 

      Developers copying data from production to the test environments via a USB stick.

  • 43. 
    A security administrator has discovered through a password auditing software that most passwords can be discovered by cracking the first seven characters and then cracking the second part of the password. Which of the following is in use by the company?     
    • A. 

      LANMAN

    • B. 

      MD5

    • C. 

      WEP

    • D. 

      3DES

  • 44. 
    Which of the following concepts ensures that the data is only viewable to authorized users?       
    • A. 

      Availability

    • B. 

      Biometrics

    • C. 

      Integrity

    • D. 

      Confidentiality

  • 45. 
    Which of the following BEST describes an intrusion prevention system?       
    • A. 

      A system that stops an attack in progress.

    • B. 

      A system that allows an attack to be identified.

    • C. 

      A system that logs the attack for later analysis.

    • D. 

      A system that serves as a honeypot.

  • 46. 
    • A. 

      An attacker inside the company is performing a bluejacking attack on the user's laptop.

    • B. 

      Another user's Bluetooth device is causing interference with the Bluetooth on the laptop.

    • C. 

      The new access point was mis-configured and is interfering with another nearby access point.

    • D. 

      The attacker that breached the nearby company is in the parking lot implementing a war driving attack.

  • 47. 
    Risk can be managed in the following ways EXCEPT:  
    • A. 

      Mitigation

    • B. 

      Acceptance

    • C. 

      Elimination

    • D. 

      Transference

  • 48. 
    • A. 

      Change the server's SSL key and add the previous key to the CRL.

    • B. 

      Install a host-based firewall.

    • C. 

      Install missing security updates for the operating system.

    • D. 

      Add input validation to forms.

  • 49. 
    • A. 

      The PC has become part of a botnet.

    • B. 

      The PC has become infected with spyware.

    • C. 

      The PC has become a spam host.

    • D. 

      The PC has become infected with adware.

  • 50. 
    Which of the following is a best practice when securing a switch from physical access?       
    • A. 

      Disable unnecessary accounts

    • B. 

      Print baseline configuration

    • C. 

      Enable access lists

    • D. 

      Disable unused ports