1.
A computer _________ is a set of self-replicating program instructions that surreptitiously attaches itself to a legitimate executable file on a host device.
Correct Answer
B. Virus
Explanation
A computer virus is a type of malicious software that can replicate itself and attach to legitimate executable files on a host device without the user's knowledge or consent. Unlike trojans and worms, viruses have the ability to self-replicate and spread to other files and devices, causing harm to the system. Therefore, the correct answer is virus.
2.
_____________ software shields certain applications against behaviors commonly exhibited by intrusions.
Correct Answer
B. Anti-exploit
Explanation
Anti-exploit software is designed to protect certain applications from common behaviors exhibited by intrusions. It specifically focuses on identifying and preventing exploits, which are techniques used by attackers to take advantage of vulnerabilities in software or systems. By proactively detecting and blocking these exploits, anti-exploit software helps to safeguard applications and prevent unauthorized access or damage caused by intrusions.
3.
Which of the following is an example of an authentication protocol?
Correct Answer
D. All of the above
Explanation
All of the above options are examples of authentication protocols. A password is a common method used to authenticate a user's identity by requiring them to enter a secret code. PINs (Personal Identification Numbers) serve a similar purpose, requiring the user to enter a unique numerical code to verify their identity. A fingerprint scanner is a biometric authentication protocol that uses the unique patterns on an individual's fingerprint to confirm their identity. Therefore, all three options mentioned (password, PINs, and fingerprint scanner) can be considered examples of authentication protocols.
4.
______________ is a deceptive practice that exploits human psychology by inducing victims to interact with a digital device in a way that is not in their best interest.
Correct Answer
C. Social engineering
Explanation
Social engineering is a deceptive practice that exploits human psychology by manipulating individuals into performing actions that may not be in their best interest. This can involve tactics such as impersonation, manipulation, or trickery to gain unauthorized access to sensitive information or systems. By exploiting human vulnerabilities, social engineering attacks can be highly effective in deceiving victims and compromising their security.
5.
Spam accounts for approximately ______ of all email.
Correct Answer
D. 70%
Explanation
Approximately 70% of all email is considered spam. This means that out of every 10 emails received, around 7 of them are likely to be spam. Spam refers to unsolicited or unwanted emails that are often sent in bulk, usually for advertising or fraudulent purposes. With such a high percentage, it highlights the significant issue of spam in the digital world and emphasizes the importance of spam filters and other measures to protect users from these unwanted messages.
6.
Which type of device is the top target for ransomware?
Correct Answer
C. SmartpHones
Explanation
Smartphones are the top target for ransomware due to their widespread usage and the sensitive information they contain. Smartphones are highly connected devices that often store personal data, such as contacts, photos, and financial information. Additionally, many users do not have proper security measures in place, making them vulnerable to ransomware attacks. The popularity and prevalence of smartphones make them an attractive target for cybercriminals seeking to exploit vulnerabilities and extort money from users.
7.
____________ is a service offered by Google that checks URLs against a list of suspicious Web site URLs.
Correct Answer
D. Safe Browsing
Explanation
Safe Browsing is a service provided by Google that verifies URLs against a database of suspicious website URLs. This service helps protect users from accessing harmful or malicious websites by warning them if a website is potentially unsafe. Safe Browsing works in the background, continuously scanning URLs and providing real-time protection to users while they browse the internet. It is an effective tool in preventing users from falling victim to phishing attacks, malware, and other online threats.
8.
There are various encryption methods, but __________ is the encryption standard currently used worldwide.
Correct Answer
C. AES
Explanation
AES (Advanced Encryption Standard) is the encryption standard currently used worldwide. AES is a symmetric encryption algorithm that is widely adopted for securing sensitive data. It offers a high level of security and is used in various applications such as secure communication protocols, secure file transfer, and data encryption in databases. AES has become the de facto encryption standard due to its effectiveness, efficiency, and widespread support across different platforms and devices.
9.
A(n) __________ is a device or software that is designed to block unauthorized access while allowing authorized communications.
Correct Answer
C. Firewall
Explanation
A firewall is a device or software that is designed to block unauthorized access while allowing authorized communications. It acts as a barrier between a trusted internal network and an untrusted external network, monitoring and controlling incoming and outgoing network traffic based on predetermined security rules. Firewalls can prevent unauthorized access to a network by analyzing the source and destination of network packets and blocking any that do not meet the specified criteria. This helps to protect sensitive data and systems from malicious attacks and unauthorized access.
10.
Which of the following can be used to block unauthorized access while allowing authorized communications on a device or network?
Correct Answer
D. All of the above
Explanation
All of the options mentioned can be used to block unauthorized access while allowing authorized communications on a device or network. A personal firewall is a software application that monitors and controls incoming and outgoing network traffic, blocking unauthorized access and protecting against malicious activities. Hardware that uses a NAT (Network Address Translation) can also provide security by hiding the internal IP addresses of devices on a network, making it difficult for unauthorized users to access them. A network router, on the other hand, can be configured to implement various security measures such as access control lists and virtual private networks (VPNs) to block unauthorized access and ensure authorized communications. Therefore, all of these options can effectively block unauthorized access while allowing authorized communications.
11.
The best defense against malware is _____________.
Correct Answer
C. Antivirus software
Explanation
Antivirus software is the best defense against malware because it is specifically designed to detect, prevent, and remove malicious software from a computer system. Encryption and entropy can provide additional security measures, but they do not directly protect against malware. Antivirus software, on the other hand, actively scans for and eliminates malware, providing a comprehensive defense against potential threats. Therefore, choosing antivirus software as the best defense against malware is the most logical and accurate answer.
12.
If you feel more secure with a totally random and unique password for each of your logins, then a(n) _______________ is an excellent option.
Correct Answer
D. Password manager
Explanation
A password manager is an excellent option if you prefer having unique and random passwords for each of your logins. It securely stores and manages all your passwords, allowing you to easily access them when needed. By using a password manager, you can ensure that your passwords are strong and not easily guessable, enhancing the security of your online accounts.
13.
When antivirus software detects malware, which of the following would not be a course of action you could take?
Correct Answer
B. Conduct a heuristic analysis.
Explanation
Conducting a heuristic analysis is not a course of action that can be taken when antivirus software detects malware. Heuristic analysis is a method used by antivirus software to identify new and unknown threats based on behavioral patterns. However, once malware is detected, the appropriate actions would be to repair the infection, put the infected file into quarantine, or delete the infected file to prevent further damage.
14.
A social engineering scam called ___________ is when a victim is promised a large sum of money in exchange for a bank account number from which a small advance fee is withdrawn.
Correct Answer
A. Advance fee fraud
Explanation
Advance fee fraud is a social engineering scam where the victim is promised a large sum of money in exchange for providing their bank account number. The scammer then withdraws a small advance fee from the victim's account. This type of scam preys on the victim's greed and desire for quick money, convincing them to provide their personal information and ultimately leading to financial loss.
15.
Which of the following is not a type of spam filter?
Correct Answer
C. Entropy
Explanation
Entropy is not a type of spam filter. Spam filters typically use various techniques such as permission-based filtering, blacklisting, and content analysis to identify and block spam emails. Entropy, on the other hand, is a statistical measure of randomness or disorder within a system. It is not directly related to spam filtering and does not play a role in identifying or blocking spam emails.
16.
Trojans depend on ________ to spread.
Correct Answer
A. social engineering
Explanation
Trojans depend on social engineering to spread. Social engineering involves manipulating and deceiving individuals into performing certain actions, such as clicking on a malicious link or downloading an infected file. Trojans often disguise themselves as legitimate or desirable programs, tricking users into unknowingly installing them. This method of spreading relies on human interaction and psychological manipulation rather than exploiting technical vulnerabilities.
17.
_______ can be used to flood a Web site with so much traffic that it can no longer provide its intended service.
Correct Answer
D. All of the above
Explanation
The correct answer is "All of the above". DDoS (Distributed Denial of Service) attacks involve flooding a website with an overwhelming amount of traffic, making it unable to function properly. Botnets, which are networks of infected computers, can be used to carry out DDoS attacks. Additionally, the botmaster, who controls the botnet, can issue commands to launch such attacks. Therefore, all the options mentioned - DDoS, botnets, and commands from a botmaster - can be used to flood a website and disrupt its intended service.
18.
MITM attacks include which of the following?
Correct Answer
D. All of the above
Explanation
MITM attacks, or Man-in-the-Middle attacks, involve an attacker intercepting and manipulating communication between two parties without their knowledge. Address spoofing refers to forging the source IP address in a network packet to mislead the recipient. IMSI catchers are devices used to intercept mobile phone signals and gather information. Evil Twins are rogue Wi-Fi networks that mimic legitimate networks to deceive users into connecting to them. All of these techniques can be employed in MITM attacks to eavesdrop, manipulate, or steal sensitive information, making "all of the above" the correct answer.
19.
To establish a(n) ________, hackers set up an unsecured Wi-Fi hotspot complete with an Internet connection.
Correct Answer
B. Evil Twin
Explanation
An Evil Twin is a type of cyber attack where hackers set up a fake Wi-Fi hotspot that appears to be legitimate. They make it unsecured and provide an Internet connection to lure unsuspecting users to connect to it. Once connected, the hackers can intercept and monitor the users' online activities, steal sensitive information, or carry out other malicious activities. This type of attack is often used to perform identity theft or gain unauthorized access to personal or corporate networks.
20.
A cryptographic __________ is a procedure for encryption or decryption.
Correct Answer
C. Algorithm
Explanation
An algorithm is a procedure that is used for encryption or decryption in cryptography. It is a set of well-defined steps or rules that determine how data is transformed from its original form to a secure, encrypted form or vice versa. Algorithms play a crucial role in ensuring the confidentiality and integrity of sensitive information by providing a systematic and reliable way to encrypt and decrypt data.
21.
A(n) ______________ attack exploits previously unknown vulnerabilities in software applications, hardware, and operating system program code.
Correct Answer
A. Zero-day
Explanation
A zero-day attack refers to an attack that takes advantage of vulnerabilities in software applications, hardware, and operating system program code that are previously unknown to the software vendor or developer. This means that the attack occurs before the developer has had a chance to develop a patch or fix for the vulnerability, giving the attacker an advantage.
22.
What is the process called when an app from a source other than an official app store is installed on a device?
Correct Answer
C. Side-loading
Explanation
Side-loading refers to the process of installing an app on a device from a source other than an official app store. This can be done by downloading the app from a website or transferring it directly from another device. It is a common practice for Android devices, where users have the flexibility to install apps from third-party sources. Side-loading can be useful when certain apps are not available on official app stores or when users want to test beta versions of apps.
23.
____________ is a term for a person who devises and carries out a scam in order to accomplish a goal.
Correct Answer
D. None of the above
Explanation
The term for a person who devises and carries out a scam in order to accomplish a goal is commonly known as a "scammer" or a "con artist". This refers to an individual who uses deception and fraudulent tactics to manipulate others and achieve their objectives. The options provided in the question, "Main-in-the-middle", "RAT", and "Internet worm" do not accurately describe this term.
24.
__________ changes an originating address or a destination address to redirect the flow of data between two parties.
Correct Answer
C. Address spoofing
Explanation
Address spoofing is the correct answer because it refers to the act of changing an originating address or a destination address to redirect the flow of data between two parties. This technique is commonly used by attackers to deceive or impersonate others, making it appear as if the data is coming from a different source or going to a different destination. By manipulating the addresses, the attacker can redirect the data to their own systems or manipulate the communication between the two parties.
25.
A virus __________ usually arrives as an email message that contains warnings about a supposedly new virus.
Correct Answer
D. Hoax
Explanation
A virus hoax usually arrives as an email message that contains warnings about a supposedly new virus. This means that the email is not actually carrying a harmful virus, but rather spreading false information and causing unnecessary panic. Hoaxes are typically created to deceive and mislead recipients, often with the intention of causing disruption or gaining attention. It is important to be cautious and verify the authenticity of such messages before taking any action.
26.
Which of the following is not a characteristic of a weak password?
Correct Answer
B. Eight characters in length and include one or more uppercase letters, numbers, and symbols
Explanation
The given answer, "Eight characters in length and include one or more uppercase letters, numbers, and symbols," is not a characteristic of a weak password because it meets the criteria of being strong. A weak password is usually easy to guess or crack, and it often includes common words, dictionary terms, or default passwords. However, a password that is eight characters long and includes a combination of uppercase letters, numbers, and symbols is considered strong and more difficult to guess or crack.
27.
A(n) ________________ takes place when an unauthorized person gains access to a digital device by using an Internet connection and exploiting vulnerabilities in hardware or software.
Correct Answer
C. Online intrusion
Explanation
An online intrusion refers to the unauthorized access of a digital device by exploiting vulnerabilities in hardware or software through an internet connection. This can occur when an individual gains access to a device without permission and uses the internet as a means to exploit weaknesses in the system. Online intrusions can lead to data breaches, theft of sensitive information, and compromise the security and privacy of the affected device or network.
28.
The current method of encrypting communication between a client and a server depends on a security protocol called _______
Correct Answer
A. TLS
Explanation
The correct answer is TLS. TLS stands for Transport Layer Security, which is a security protocol used to encrypt communication between a client and a server. It ensures that the data transmitted between the two parties is secure and protected from unauthorized access or tampering. TLS is widely used in internet communication, such as secure web browsing (HTTPS), email transmission, and virtual private networks (VPNs). It provides authentication, confidentiality, and integrity of the data being transmitted, making it an essential component of secure communication.
29.
A(n) __________ pings a packet of data to a port in order to see if that port is open or not.
Correct Answer
B. port scan
Explanation
A port scan is a technique used to check if a specific port on a computer or network is open or closed. It involves sending a packet of data to the target port and analyzing the response. If a response is received, it indicates that the port is open and accessible. This is commonly used by network administrators to identify potential vulnerabilities in a system or to ensure that certain ports are properly configured and accessible.
30.
A ______________ exploit usually begins with a virus warning and an offer to disinfect the infected device.
Correct Answer
C. rogue antivirus
Explanation
A rogue antivirus exploit typically starts with a warning about a virus and a suggestion to clean the infected device. This implies that the exploit tricks users into believing that their device is infected with a virus and offers a solution in the form of a fake antivirus program. Once the user installs the rogue antivirus, it may not only fail to protect the device but could also potentially cause harm by stealing personal information or introducing malware.
31.
A ___________ is malware that arrives in a trojan disguised as legitimate software and sets up a secret communication link to a hacker
Correct Answer
B. RAT
Explanation
A Remote Access Trojan (RAT) is a type of malware that disguises itself as legitimate software and allows hackers to gain unauthorized access to a computer system. Once installed, a RAT establishes a covert communication channel with the hacker, enabling them to remotely control the infected system and carry out various malicious activities without the user's knowledge.
32.
Which of the following type of attack uses password-cracking software to generate every possible combination of letters, numerals, and symbols
Correct Answer
B. brute force
Explanation
Brute force attack is a type of attack that uses password-cracking software to generate every possible combination of letters, numerals, and symbols. This method is time-consuming and requires a lot of computational power, but it is effective in breaking weak passwords. It systematically tries all possible combinations until the correct password is found. This attack is often used when there is no other information available about the password, and it is a common technique employed by hackers to gain unauthorized access to systems or accounts.
33.
__________ is the process of modifying an executable file or data stream by adding additional commands
Correct Answer
D. Code injection
Explanation
Code injection is the process of modifying an executable file or data stream by adding additional commands. This technique allows an attacker to insert malicious code into a legitimate program, which can then be executed by the system. Code injection can be used to exploit vulnerabilities in software and gain unauthorized access to a system or manipulate its behavior. It is a common method used in various types of attacks, such as SQL injection and cross-site scripting (XSS).
34.
If you use a password manager, what do you as the user need to remember?
Correct Answer
B. The master password
Explanation
The correct answer is the master password. When using a password manager, the user only needs to remember the master password, which grants access to all the stored passwords for individual sites and any other form data, including credit card numbers. The master password acts as the key to unlock and secure all the stored information in the password manager.
35.
Antivirus software can use techniques called__________ to detect malware by analyzing the characteristics and behavior of suspicious files.
Correct Answer
D. heuristic analysis
Explanation
Antivirus software can use heuristic analysis to detect malware by analyzing the characteristics and behavior of suspicious files. Heuristic analysis involves examining the code and behavior of a file to identify potential threats, even if they do not match a known virus signature. This technique allows antivirus software to detect new and unknown malware based on patterns and behaviors commonly associated with malicious software, providing an additional layer of protection against emerging threats.
36.
Which of the following terms would best match this definition: Transforms a message or data file in such a way that its contents are hidden from unauthorized readers
Correct Answer
C. encryption
Explanation
Encryption is the process of transforming a message or data file in such a way that its contents are hidden from unauthorized readers. It involves converting the original plaintext into ciphertext using an encryption algorithm and a key. The ciphertext can only be decrypted back into plaintext by authorized users who possess the correct decryption key. Encryption ensures the confidentiality and security of sensitive information by preventing unauthorized access and protecting it from being understood or intercepted by unauthorized individuals.
37.
What is the term used to describe unwanted software that installs along with the application software that you originally downloaded and installed?
Correct Answer
C. PUP
Explanation
PUP stands for Potentially Unwanted Program, which is the term used to describe unwanted software that installs along with the application software that you originally downloaded and installed. These programs often come bundled with legitimate software and can include adware, browser hijackers, or other types of software that may display unwanted advertisements, track user behavior, or cause other disruptions to the user's computer.
38.
A password manager can store passwords in an encrypted file located at which of the following storage locations?
Correct Answer
D. all of the above
Explanation
A password manager can store passwords in an encrypted file located at all of the above storage locations. Local storage refers to storing the passwords on the device itself, cloud storage allows for remote storage and accessibility of passwords, and USB storage provides a portable option for storing passwords. Having the option to store passwords in multiple locations provides flexibility and convenience for users.
39.
Which of the following sequence of events best describes an online intrusion?
Correct Answer
A. Malware enters the device, then opens a backdoor, leading to an open communications link on the device that a hacker can exploit.
Explanation
This answer describes the most common sequence of events in an online intrusion. First, malware enters the device, usually through a malicious download or email attachment. Once inside, the malware opens a backdoor, creating a hidden entry point for the hacker. This backdoor then establishes an open communications link on the device, which the hacker can exploit to gain unauthorized access and carry out malicious activities. This sequence accurately represents the typical steps involved in an online intrusion.
40.
Which of the following is not a characteristic of a computer worm?
Correct Answer
B. Spread through a process called side-loading
Explanation
A computer worm is a type of malicious software that can self-replicate and spread without any human intervention. It can infect other computers by exploiting vulnerabilities in the system. However, the characteristic of spreading through a process called side-loading is not associated with computer worms. Side-loading typically refers to the installation of apps from unofficial or third-party sources, which is more common in mobile devices. Computer worms usually spread through network connections or by exploiting software vulnerabilities.
41.
Which of the following would be considered spyware?
Correct Answer
A. A keylogger
Explanation
A keylogger would be considered spyware because it is a type of malicious software that records keystrokes on a computer without the user's knowledge or consent. This allows the attacker to capture sensitive information such as passwords, credit card numbers, and other personal data. Unlike firewall and antivirus software, which are designed to protect against unauthorized access and malware, a keylogger is specifically designed to secretly monitor and steal information. Therefore, it falls under the category of spyware.
42.
The current standard for object-oriented documentation is referred to as ______.
Correct Answer
B. UML
Explanation
The current standard for object-oriented documentation is UML. UML, which stands for Unified Modeling Language, is a visual modeling language used to design and document software systems. It provides a standardized way to represent the structure, behavior, and relationships of different components within a system. UML diagrams can be used to communicate complex ideas and concepts in a clear and concise manner, making it an essential tool for software developers and designers.
43.
A transaction processing system is characterized by its ability to:
Correct Answer
D. all of the above
Explanation
A transaction processing system is a system that is able to collect, display, modify, and store transactions. It is also capable of listing transactions. Therefore, the correct answer is "all of the above" as it encompasses all the mentioned characteristics of a transaction processing system.
44.
The maintenance phase of a SDLC includes all of the following except _________.
Correct Answer
D. Convert data
Explanation
The maintenance phase of a SDLC includes activities such as making backups, optimizing for speed and security, and revising as necessary to meet business needs. However, converting data is not typically a part of the maintenance phase. Data conversion usually occurs during the implementation phase of the SDLC when transitioning from an old system to a new one.
45.
The implementation phase of a SDLC includes all of the following except _________.
Correct Answer
D. Obtain approval
Explanation
The implementation phase of a SDLC involves creating and testing applications, as well as purchasing or contracting for hardware and software. However, obtaining approval is not a specific task in the implementation phase. Approval is typically obtained during the planning or initiation phase of the SDLC, where the project is evaluated and approved to proceed. Therefore, obtaining approval is not included in the implementation phase.
46.
The scope of an information system includes which of the following?
Correct Answer
D. All of the above
Explanation
The scope of an information system includes computers, communications networks, and data because these are the technical components that make up the system. It also includes people and products because they are the users and consumers of the system. Additionally, policies and procedures are part of the scope because they dictate how the system should be used and managed. Therefore, all of the options listed are included in the scope of an information system.
47.
Which of the following is not a characteristic of a management information system?
Correct Answer
D. Collect, display, and modify transactions
Explanation
Collecting, displaying, and modifying transactions is a characteristic of a management information system. It allows the system to track and record various business transactions. Therefore, this option is not correct as it is a characteristic of a management information system.
48.
A(n) _____________ is a group of people working together to accomplish a goal.
Correct Answer
D. Organization
Explanation
An organization is a group of people working together to accomplish a goal. It is a structured entity that brings individuals together, assigns roles and responsibilities, and establishes a framework for collaboration and coordination. Within an organization, individuals work towards a common objective, utilizing their skills and expertise to achieve desired outcomes. Whether it is a business, non-profit, government agency, or any other entity, organizations are formed to achieve specific goals and objectives through collective efforts.
49.
Which of the following is not a core CRM system?
Correct Answer
C. Payment gateway
Explanation
A payment gateway is not considered a core CRM system because it is a separate system that handles financial transactions and the processing of payments. CRM systems, on the other hand, are focused on managing customer relationships and interactions. They typically include features such as sales management, customer support, and marketing automation. While a payment gateway may be integrated with a CRM system to facilitate payment processing, it is not a core component of CRM functionality.
50.
The goal of the planning phase for an information system project is to create a(n) ____________.
Correct Answer
D.
project development plan
Explanation
The planning phase for an information system project aims to create a project development plan. This plan outlines the objectives, scope, deliverables, timeline, resources, and budget for the project. It serves as a roadmap for the project team, providing guidance on how the project will be executed and controlled. The project development plan helps ensure that all stakeholders are aligned and have a clear understanding of the project's goals and requirements.