IT Essentials - Fundamental Security - Chapter 9
This quiz is for Cisco IT Essentials Chapter 9, and will aid you in progression to the final exam.
Questions and Answers
- 1.
A ......... ........, just like a worm, does not need to be attached to other software to infect a computer. (2 words)
Explanation
A Trojan horse is a type of malware that disguises itself as legitimate software but actually contains malicious code. Unlike viruses or worms, a Trojan horse does not need to be attached to other software to infect a computer. It can be downloaded and executed independently, often tricking users into thinking it is a harmless program. Once installed, a Trojan horse can perform various malicious activities, such as stealing sensitive information, damaging files, or allowing unauthorized access to the infected system.Rate this question:
- 2.
Web tools that can be used by attackers to install a program on a computer are:- (pick 2)
- A.
Spam
- B.
Java
- C.
SYN flood
- D.
Active X
Correct Answer(s)
B. Java
D. Active XExplanation
Java and Active X are both web tools that can be used by attackers to install a program on a computer. Java is a programming language that is commonly used to create web-based applications and can be exploited by attackers to execute malicious code on a victim's computer. Active X is a framework developed by Microsoft that allows for the creation of interactive content on websites, but it can also be used by attackers to install malware or gain unauthorized access to a system.Rate this question:
-
- 3.
.................., also known as junk mail is a form of unsolicited mail.
Correct Answer(s)
SpamExplanation
The given statement describes spam as a form of unsolicited mail. Spam refers to unwanted or unsolicited messages, typically sent in bulk, often advertising products or services. It is commonly associated with email but can also occur through other communication channels such as text messages or social media. The term "spam" originated from a Monty Python sketch where the word was repeated excessively, similar to how unwanted messages can flood inboxes or mailboxes.Rate this question:
- 4.
How can you ensure data on a hard drive that has been removed from a computer is non recoverable?
- A.
Smash with a hammer
- B.
Format the drive
- C.
Re-install the file system
- D.
Delete all files
Correct Answer
A. Smash with a hammerExplanation
Smashing a hard drive with a hammer ensures that the data on it is non-recoverable because it physically damages the internal components of the drive, making it impossible to retrieve any information. Formatting the drive or re-installing the file system may still leave traces of the data that can potentially be recovered. Deleting all files also does not guarantee complete erasure as the data can still be recovered using specialized software.Rate this question:
-
- 5.
How can you physically protect computer equipment? (pick 2)
- A.
Control access to facilities
- B.
Install antivirus software
- C.
Ensure software patches are up to date
- D.
Password protect all equipment
- E.
Use security cages around equipment
Correct Answer(s)
A. Control access to facilities
E. Use security cages around equipmentExplanation
To physically protect computer equipment, controlling access to facilities is important as it restricts unauthorized individuals from entering areas where the equipment is located. This helps prevent theft or tampering. Additionally, using security cages around equipment adds an extra layer of protection by physically enclosing the equipment and preventing unauthorized access. This further reduces the risk of theft or damage to the equipment.Rate this question:
-
- 6.
A ............. is an encryption system that protects data as though it resides on a private network. (1 or 3 words)
Correct Answer(s)
VPN
virtual private networkExplanation
A VPN, or virtual private network, is an encryption system that protects data as though it resides on a private network. It allows users to securely access and transmit data over a public network, such as the internet, by creating a private and encrypted connection. This ensures that the data is protected from unauthorized access and interception, providing a secure and private communication channel for users.Rate this question:
- 7.
Passwords should contain:-
- A.
A mixture of uppercase and lowercase letters and numbers
- B.
A mixture of numbers, special characters, uppercase and lowercase letters
- C.
A mixture of numbers, special characters and letters
- D.
A mixture of special characters and upper and lower case letters
Correct Answer
B. A mixture of numbers, special characters, uppercase and lowercase lettersExplanation
The correct answer is a mixture of numbers, special characters, uppercase and lowercase letters. This is because a strong password should have a combination of different character types to make it harder for hackers to guess or crack. Including numbers, special characters, uppercase and lowercase letters increases the complexity of the password and makes it more secure.Rate this question:
-
- 8.
Is it possible to reverse the file structure NTFS back to FAT 32? (Answer 'yes' or 'no')
Correct Answer
NoExplanation
It is not possible to reverse the file structure from NTFS back to FAT32. NTFS (New Technology File System) and FAT32 (File Allocation Table) are two different file systems used by different operating systems. NTFS is the default file system for Windows, while FAT32 is an older file system used by Windows and other operating systems. Converting from NTFS to FAT32 would require reformatting the entire drive, resulting in the loss of all data. Therefore, it is not possible to reverse the file structure from NTFS back to FAT32.Rate this question:
- 9.
WEP stands for ........... (3 words)
Correct Answer
wired equivalent privacyExplanation
WEP stands for "wired equivalent privacy". This term refers to a security protocol used in wireless networks to provide a level of privacy and data protection equivalent to that of a wired network. WEP encrypts data transmitted over the network to prevent unauthorized access and ensure the confidentiality of information. However, it is important to note that WEP is now considered to be weak and vulnerable to attacks, and it has been largely replaced by more secure protocols such as WPA and WPA2.Rate this question:
- 10.
What is it advisable to create before you update a virus signature file? (2 words)
Correct Answer
a restore point
restore point
Windows restore pointExplanation
Before updating a virus signature file, it is advisable to create a restore point. This is because updating a virus signature file involves making changes to the system, and in case anything goes wrong during the update, having a restore point allows the user to revert back to a previous stable state of the system. A restore point serves as a backup and helps in restoring the system to its previous functioning state if needed.Rate this question:
- 11.
Updates do not need to be installed once they have been downloaded? ('true' or 'false')
Correct Answer
falseExplanation
Updates need to be installed after they have been downloaded. Downloading an update is only the process of acquiring the necessary files, but the installation process is required to actually apply the changes and update the software or system. Therefore, the statement that updates do not need to be installed once they have been downloaded is false.Rate this question:
- 12.
What types of WEP's are there? (pick 3)
- A.
36 bit
- B.
64 bit
- C.
104 bit
- D.
128 bit
- E.
256 bit
Correct Answer(s)
B. 64 bit
D. 128 bit
E. 256 bitExplanation
The question is asking about the types of WEP (Wired Equivalent Privacy) encryption. WEP is a security protocol used to protect wireless networks. The given answer options include different bit sizes, which refer to the length of the encryption key used in WEP. The correct answer is 64 bit, 128 bit, and 256 bit, as these are common key lengths used in WEP encryption. These bit sizes determine the strength of the encryption, with larger key lengths providing stronger security.Rate this question:
-
- 13.
What are the two types of security threat? (pick 2)
- A.
Computer
- B.
Data
- C.
Virus
- D.
Malicious
- E.
Physical
Correct Answer(s)
B. Data
E. PhysicalExplanation
The two types of security threats are data and physical. Data threats refer to any unauthorized access, alteration, or destruction of digital information, such as hacking or data breaches. Physical threats, on the other hand, involve any potential harm or damage to the physical infrastructure or assets of an organization, including theft, vandalism, or natural disasters. Both types of threats pose significant risks to the security and integrity of an organization's systems and data.Rate this question:
-
- 14.
Phishing is a form of ............... ............................... (2 words)
Correct Answer(s)
social engineeringExplanation
Phishing is a form of social engineering where attackers deceive individuals into revealing sensitive information such as passwords, credit card numbers, or personal data. They typically masquerade as trustworthy entities through emails, messages, or websites, tricking victims into clicking on malicious links or providing confidential information. This tactic exploits human psychology and trust to manipulate individuals into compromising their security.Rate this question:
- 15.
What form of attack prevents users from accessing normal services, such as e-mail or web server?
- A.
Ping of death
- B.
DoS (Denial of Service)
- C.
E-mail bomb
- D.
DDOS (Distributed Denial of Service)
Correct Answer
B. DoS (Denial of Service)Explanation
A Denial of Service (DoS) attack is a form of attack that prevents users from accessing normal services, such as e-mail or web server. In a DoS attack, the attacker overwhelms the target system with a flood of illegitimate requests or traffic, causing the system to become overloaded and unable to respond to legitimate user requests. This effectively denies access to the normal services for legitimate users. Ping of death, E-mail bomb, and DDOS are also types of attacks, but they do not specifically target and prevent access to normal services like a DoS attack does.Rate this question:
-
- 16.
Which threat to security uses traffic from zombie computers to overwhelm servers? (1 or 4 words)
Correct Answer
DDoS
distributed denial of serviceExplanation
DDoS (distributed denial of service) is the correct answer for the question. DDoS is a threat to security that involves overwhelming servers with traffic from zombie computers. Zombie computers are typically infected with malware and controlled by a hacker without the owner's knowledge. These computers are used to generate a massive amount of traffic, causing the targeted server to become overloaded and unable to respond to legitimate requests. This type of attack can disrupt the availability of a website or online service, making it inaccessible to users.Rate this question:
- 17.
This type of program displays advertising on your computer and is usually distributed with downloaded software
- A.
Malware
- B.
Grayware
- C.
Adware
- D.
Worm
Correct Answer
C. AdwareExplanation
Adware is a type of program that displays advertising on a computer and is commonly distributed with downloaded software. Unlike malware, which encompasses various types of malicious software, adware is not necessarily harmful or intended to cause damage. Instead, it is designed to generate revenue for the developers by displaying advertisements to the user. Adware can be annoying and intrusive, but it is generally considered less harmful than other types of malicious software.Rate this question:
-
- 18.
Where is the safest place to store backups?
- A.
Secure cabinet
- B.
Locked desk drawer
- C.
Central administrator in the same building as the server/s
- D.
An offsite secure facility
Correct Answer
D. An offsite secure facilityExplanation
An offsite secure facility is the safest place to store backups because it provides protection against physical threats such as fire, theft, or natural disasters. Storing backups in a different location ensures that they are not vulnerable to the same risks as the original data. Additionally, a secure facility typically has advanced security measures in place, such as surveillance cameras, access controls, and redundant power and cooling systems, to further safeguard the backups. This minimizes the risk of data loss and ensures that the backups are readily available in case of any unforeseen events.Rate this question:
-
- 19.
.............. is a wireless security protocol created by Cisco to dress the weakness in WEP and WPA (1 or 4 words)
Correct Answer
LEAP
Lightweight extensible authentication protocolExplanation
LEAP, which stands for Lightweight Extensible Authentication Protocol, is a wireless security protocol developed by Cisco. It was created to address the vulnerabilities found in the WEP and WPA protocols. LEAP provides a more secure and robust authentication mechanism for wireless networks, making it a suitable solution for ensuring the confidentiality and integrity of data transmitted over wireless connections.Rate this question:
- 20.
Many organisations establish a written ..................... ....................... stating that employees are not permitted to install any software not provided by the company. (2 words)
Correct Answer
security policyExplanation
Organizations often create a written security policy to ensure the safety and protection of their systems and data. This policy explicitly states that employees are prohibited from installing any software that is not provided by the company. This measure helps to prevent unauthorized software installations that may introduce security vulnerabilities or compromise the organization's network. By enforcing this policy, organizations can maintain control over the software environment and reduce the risk of potential threats or breaches.Rate this question:
- 21.
A fingerprint reader is an example of which security technology?
- A.
Card key
- B.
Biometric
- C.
Posted security guard
- D.
Sensors
Correct Answer
B. BiometricExplanation
A fingerprint reader is considered an example of biometric security technology because it uses unique physical characteristics, such as fingerprints, to verify and authenticate an individual's identity. Biometric technology relies on the uniqueness and permanence of these biological traits to provide a high level of security, as they are difficult to replicate or forge. By scanning and comparing an individual's fingerprint with a stored database, fingerprint readers can accurately identify and grant access only to authorized individuals.Rate this question:
-
- 22.
With ................ ..............., the user can control the type of data sent to a computer by selecting which ports will be open and which will be secure. (2 words)
Correct Answer
port protectionExplanation
Port protection refers to the ability to control the type of data sent to a computer by selecting which ports will be open and which will be secure. This feature allows the user to manage the incoming and outgoing traffic through specific ports, ensuring that only authorized data is allowed to pass through while blocking any potentially harmful or unauthorized data. Port protection is an essential aspect of network security, as it helps to prevent unauthorized access, data breaches, and other malicious activities.Rate this question:
- 23.
.............. ....................... are when an employee intends to cause damage. (2 words)
Correct Answer
malicious threats
malicious threatExplanation
The correct answer is "malicious threats" and "malicious threat". These terms refer to situations where an employee has the intention to cause harm or damage. The use of the plural form "threats" indicates that there can be multiple instances of such behavior, while the singular form "threat" suggests a single occurrence. Both forms accurately describe the concept of intentional harm caused by an employee.Rate this question:
- 24.
An employee of a company writes her password and username in her diary. At home her partner, who works for a rival company, takes this information and uses it to hack into the company network. What type of attack is this?
- A.
Spoofing
- B.
Social engineering
- C.
Man-in-the-middle
- D.
DDoS
Correct Answer
B. Social engineeringExplanation
This scenario describes a case of social engineering. Social engineering is a type of attack where an attacker manipulates or deceives individuals into revealing confidential information or performing actions that they shouldn't. In this case, the partner of the employee used their relationship to gain access to the employee's diary and obtain the password and username, which were then used to hack into the company network.Rate this question:
-
- 25.
Which TCP/IP attack randomly opens TCP ports?
- A.
SYN flood
- B.
DNS poisoning
- C.
Ping of death
- D.
Spyware
- E.
Malware
Correct Answer
A. SYN floodExplanation
A SYN flood attack is a type of TCP/IP attack where the attacker sends a large number of SYN requests to a target server, but does not complete the handshake process. This causes the server to allocate resources to each incomplete connection, eventually exhausting its resources and making it unable to handle legitimate requests. This attack randomly opens TCP ports because it floods the server with SYN requests, overwhelming its capacity to handle them.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 20, 2023Quiz Edited by
ProProfs Editorial Team -
Apr 21, 2009Quiz Created by
Mikaela647
Back to top