50 Questions Test For Cyber Security Part 2

50 Questions | Total Attempts: 2079

SettingsSettingsSettings
Please wait...
50 Questions Test For Cyber Security Part 2

Cyber security is very important especially in this day and age where everything is automated. No programmer or tech wiz would appreciate if their security protocols are hacked therefore the need to be educated on how to protect their information. Take up the quiz and test your knowledge on cyber security.


Questions and Answers
  • 1. 
    Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of data making it susceptible to brute force attacks?       
    • A. 

      PAP

    • B. 

      NTLMv2

    • C. 

      LANMAN

    • D. 

      CHAP

  • 2. 
    Which of the following should be used to help prevent device theft of unused assets?
    • A. 

      HSM device

    • B. 

      Locking cabinet

    • C. 

      Device encryption

    • D. 

      GPS tracking

  • 3. 
    Which of the following security practices should occur initially in software development?       
    • A. 

      Secure code review

    • B. 

      Patch management

    • C. 

      Fuzzing

    • D. 

      Penetration tests

  • 4. 
    Which of the following uses tickets to identify users to the network?      
    • A. 

      RADIUS

    • B. 

      LDAP

    • C. 

      TACACS+

    • D. 

      Kerberos

  • 5. 
    Which of the following file transfer protocols is an extension of SSH?       
    • A. 

      FTP

    • B. 

      TFTP

    • C. 

      SFTP

    • D. 

      FTPS

  • 6. 
    Due to sensitive data concerns, a security administrator has enacted a policy preventing the use of flash drives. Additionally, which of the following can the administrator implement to reduce the risk of data leakage?       
    • A. 

      Enact a policy that all work files are to be password protected.

    • B. 

      Enact a policy banning users from bringing in personal music devices.

    • C. 

      Provide users with unencrypted storage devices that remain on-site.

    • D. 

      Disallow users from saving data to any network share.

  • 7. 
    The security administrator implemented privacy screens, password protected screen savers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate? (Select TWO).        
    • A. 

      Whaling

    • B. 

      Dumpster diving

    • C. 

      Shoulder surfing

    • D. 

      Tailgating

    • E. 

      Impersonation

  • 8. 
    Performing routine security audits is a form of which of the following controls?       
    • A. 

      Preventive

    • B. 

      Detective

    • C. 

      Protective

    • D. 

      Proactive

  • 9. 
     Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?
    • A. 

      LDAP injection

    • B. 

      SQL injection

    • C. 

      Error and exception handling

    • D. 

      Cross-site scripting

  • 10. 
    Which of the following access control technologies provides a rolling password for one-time use?       
    • A. 

      RSA tokens

    • B. 

      ACL

    • C. 

      Multifactor authentication

    • D. 

      PIV card

  • 11. 
    Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment? 
    • A. 

      Document scan results for the change control board.

    • B. 

      Organize data based on severity and asset value.

    • C. 

      Examine the vulnerability data using a network analyzer.

    • D. 

      Update antivirus signatures and apply patches.

  • 12. 
    Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?       
    • A. 

      ARP poisoning

    • B. 

      MAC spoofing

    • C. 

      PWWN spoofing

    • D. 

      DNS poisoning

  • 13. 
    Which of the following devices would be installed on a single computer to prevent intrusion?       
    • A. 

      Host intrusion detection

    • B. 

      Network firewall

    • C. 

      Host-based firewall

    • D. 

      VPN concentrator

  • 14. 
    Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?       
    • A. 

      Password behaviors

    • B. 

      Clean desk policy

    • C. 

      Data handling

    • D. 

      Data disposal

  • 15. 
    A penetration test shows that almost all database servers were able to be compromised through a default database user account with the default password. Which of the following is MOST likely missing from the operational procedures?  
    • A. 

      Application hardening

    • B. 

      OS hardening

    • C. 

      Application patch management

    • D. 

      SQL injection

  • 16. 
    Isolation mode on an AP provides which of the following functionality types?       
    • A. 

      Segmentation of each wireless user from other wireless users

    • B. 

      Disallows all users from communicating directly with the AP

    • C. 

      Hides the service set identifier

    • D. 

      Makes the router invisible to other routers

  • 17. 
    Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?       
    • A. 

      SSH

    • B. 

      SCP

    • C. 

      SFTP

    • D. 

      SNMP

  • 18. 
    Which of the following is MOST likely to be the last rule contained on any firewall?       
    • A. 

      IP allow any any

    • B. 

      Implicit deny

    • C. 

      Separation of duties

    • D. 

      Time of day restrictions

  • 19. 
    During the analysis of malicious code, a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?       
    • A. 

      Buffer overflow

    • B. 

      XML injection

    • C. 

      SQL injection

    • D. 

      Distributed denial of service

  • 20. 
    Which of the following is true about hardware encryption? (Select TWO).       
    • A. 

      It must use elliptical curve encryption.

    • B. 

      It requires a HSM file system.

    • C. 

      It only works when data is not highly fragmented.

    • D. 

      It is faster than software encryption.

    • E. 

      It is available on computers using TPM.

  • 21. 
    Which of the following is an example of verifying new software changes on a test system?      
    • A. 

      User access control

    • B. 

      Patch management

    • C. 

      Intrusion prevention

    • D. 

      Application hardening

  • 22. 
    Which of the following is a technical control?     
    • A. 

      System security categorization requirement

    • B. 

      Baseline configuration development

    • C. 

      Contingency planning

    • D. 

      Least privilege implementation

  • 23. 
    Public keys are used for which of the following?       
    • A. 

      Decrypting wireless messages

    • B. 

      Decrypting the hash of an electronic signature

    • C. 

      Bulk encryption of IP based email traffic

    • D. 

      Encrypting web browser traffic

  • 24. 
    Which of the following penetration testing types is performed by security professionals with limited inside knowledge of the network?       
    • A. 

      Passive vulnerability scan

    • B. 

      Gray box

    • C. 

      White box

    • D. 

      Black box

  • 25. 
    Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?       
    • A. 

      Spam filter

    • B. 

      IDS

    • C. 

      Firewall

    • D. 

      Malware inspection

Back to Top Back to top