Fortinet NSE 1 Information Security Awareness Exam Quiz Answer
Hello Friends in this article i am gone to share Fortinet: NSE 1 Information Security Awareness All Lesson 1 to 5 Quiz Answers with you..
Course Link: NSE 1 Information Security Awareness
Fortinet NSE 1 Information Security Awareness Exam Quiz Answer
Lesson 1 – Bad Actors Quiz Answers
What is the motivation of the bad actor known as the “Explorer”?
What is the motive of the “Cyber Criminal”?
What are the primary motivations of the “Hacktivist”?
- Food, wine, and gambling
- Political, social, or moral disagreements
- The appreciation of their country’s leaders
- The cost of commercial software and support
Attacking systems by exploiting unknown and unpatched vulnerabilities is also known as:
- Secret sauce
- Zero-day exploits
- First-day exploits
What is the goal of the “Cyber Terrorist”?
- Stable world markets
- Peace through understanding
- Intimidation through disruption and damage
- Adoption of Bitcoin as a primary national currency
What is it called when a fraudulent email masquerades as a legitimate communication in an attempt to get a user to reveal sensitive information?
What central component is necessary to form a botnet?
- DNS server
- Ethernet switch
- Command & Control (C&C) Server
What is the motivation of the “Cyber Terrorist”?
What is the name of the malware that takes over a computer system and holds hostage the disk drives or other data?
What is the primary motivation of the “Cyber Warrior”?
- The adoption of Bitcoin as a national currency
- The political interest of their country’s government
Lesson 2 – Data Security Perspectives Quiz Answers
Which definition best describes personally identifiable information (PII)?
- A means of identifying the author of information
- Any information that someone can use to identify you
- Personal preferences, such as favourite settings in applications
- A government-issued number that is used to identify a citizen, mostly for tax purposes
In the context of cybersecurity, which definition best describes social engineering?
- A group of engineers who come together to talk code
- A cooperative method used to develop and improve code
- An exploitation of a relationship or interaction to trick a person into divulging sensitive or personal information
- A movement by which engineers are coerced into writing code a specific way
Identify the best description of vishing.
- The process of introducing malware by some security loophole in an application
- A phone exploitation that often relies on caller ID to appear legitimate
- A fraudulent text-based message that attempts to trick someone into divulging information
- A fraudulent email that pretends to be from a reputable source that targets a group of people for purposes of disclosing information
Which description best identifies the term malicious code?
- Untested code that a vendor releases to the public
- Code that does not behave in the manner intended by its author
- An unwanted file or program that can cause harm to, or compromise data on, a computer
- A program that has flaws in it
Which description best explains cybersecurity?
- Securing cyber advantages over a business competitor
- Strategic Defence Initiative (SDI)
- Protecting networks, devices, and data from unauthorized access
- Home and business security, using motion sensors and monitored by a security vendor
identify three examples of personally identifiable information (PII). (Choose three.)
- Credit card
- Full name
- Your network login credentials
- Biometrics, such as a fingerprint
- A one-time passcode sent to your device
Lesson 3 – Password Perspectives Quiz Answers
Which practice should you implement for backups?
- Use multiple backup vendors for redundancy.
- Always back up your data in the cloud.
- Encrypt the backup data for an extra layer of protection.
- Keep a backup device physically connected to the host computer 100% of the time.
Which rule is best to follow for securing passwords?
- Use a predictable pattern of numbers or letters.
- Never leave your password on a sticky note stuck to your monitor. Instead, hide it under your keyboard.
- Use something that you would never forget, like the name of your family pet.
- Use a combination of seemingly random upper and lowercase letters, numbers, and special characters that is easy to remember but difficult to guess.
Which two characteristics are examples of poor passwords? (Choose two.)
- A commonly used word or unchanged default password
- A predictable sequence of numbers or words
- A memorable passphrase written as a random sequence of keyboard keys
- A combination of random letters, numbers, and special characters meaningful only to you
Identify an example of a password that best follows the password guidelines in this lesson.
Identify two good password practices. (Choose two.)
- The password should be easy to guess.
- Replace the password at least twice a year.
- The password should be difficult to remember.
- The password should be unique from your other passwords.
Which three methods are examples of online multi-factor authentication? (Choose three.)
- Full name
- Software token
- Hardware token
- Passport or other government-issued identification
Which method is recommended to manage passwords?
- Use a password manager.
- Write passwords into a Word document.
- Memorize one strong password and reuse it to secure all internet services and devices.
- Repeat your passwords every night to help you remember them.
Lesson 4 – Internet Threat Perspectives Quiz Answers
Select two good travelling habits for protecting your portable device. (Choose two.)
- Encrypt all sensitive data
- Avoid joining unknown Wi-Fi networks
- Join only Wi-Fi networks from recognizable brands, such as Starbucks
- Turn off automatic security software updates
You receive an email from your bank. It states that someone has your password and that you must take immediate action by clicking the link provided. What should you do?
- Click the link and change your password. Time is of the essence.
- Delete and report it to the bank by using the contact information found on their website.
- Reply to the email to confirm that they have the correct account by providing your bank account number.
- Scour the email for spelling mistakes. If there are none, then the email is legitimate and you can click the link.
Which precaution should you take if you receive an email that involves the movement of money, such as the payment of an invoice, even if it is from someone you know?
- Pay it immediately to avoid late fees.
- Reply to the email and ask them to provide proof of their identity.
- Use another form of trusted communication to verify that the message is legitimate.
- Look for spelling mistakes in the email. If you find any, delete the email. It’s obviously a scam.
Which three of the following activities represents data vulnerabilities on a mobile device. (Choose three.)
- Social networking
- Synchronization between computers and mobile devices
- Creating contacts
- Listening to music
Which of the following is a good habit for protecting your mobile device?
- Configure your email accounts.
- Set up a personal hotspot.
- Change the factory-set default password and username.
- Test connectivity by doing online banking.
Which is the number one infection vector for all kinds of malware?
- Web pages
- Text messages
- Juice jacking
Complete the sentence. A social engineering attack that compromises public charging stations and installs malware when a portable device plugs in, is known as
- Spear phishing
- Juice Jacking
Complete the sentence. Phishing attacks are different than spear phishing, whaling, and vishing because they.
- are directed against smaller players—small fish you might say, while the others use social media sites.
- are aimed at a wide audience, while the others are directed toward individuals or specific organizations.
- use social media and social engineering techniques to lure their victims, while the others primary use email.
- involve hackers hanging out at internet forums who then collect information about individuals to target, while the others are aimed at a wide audience.
Which three activities pose a potential security threat to users? (Choose three.)
- Using your own portable charger in a public place
- Connecting as a guest on an organization’s Wi-Fi network
- Reading an online journal from a public library computer
- Doing your banking on your laptop from a friend’s secured home network
- Connecting your device to a public, wireless hotspot to pay for a rental car
Lesson 5 – Insider Threat Perspectives Quiz Answers
Which practice strengthens the physical security of your work environment?
- Pile all confidential documents neatly to one corner of your desk.
- Ensure that your software is up-to-date and that the latest patches are applied.
- Recycle all paper, CDs, DVDs, hard drives etc. into their appropriate bins.
- Shred and destroy all documents that contain sensitive personal or organizational information rather than tossing them into the waste bin.
Why are insider threats one of the most challenging attack vectors?
- Insider attacks are common, obvious, and overwhelm IT security.
- There is little that can be done to prevent a denial of service attack.
- Network security is designed to defend against outsiders, not insiders.
- Employees are trusted users who have legitimate access to an organization’s data and resources.
If a suspicious package appears at your desk, which action is best aligned with good physical security practices?
- Get your neighbour to open the package.
- Report the package and do not open or touch it.
- Destroy the package using an industrial shredder.
- Carefully open the package and report what you find.
Identify two best practices for physical security awareness. (Choose two.)
- Keep your desk free of any proprietary or confidential information.
- Lock your computer screen and mobile devices every time you step away.
- Follow your organization’s security policies unless they hinder efficiency.
- Always be considerate, such as holding the door open for people, even if you don’t know them.
What is the root cause of almost every data breach?
- Human error
- Unpatched device
- Zero-day attack
- Poorly crafted password
Who are included as insider threats?
- Ambitious people
- Employees who sometimes do not follow security practices
- Another organization or person who see themselves as competitors
- Any person with network security skills who works outside an organization
Which method is a defense against potential insider threats?
- Identify and report any suspicious activity.
- Monitor your co-workers’ daily activities.
- Investigate and if possible resolve the threat on your own.
- Confront any person you suspect of being an insider threat.