Introduction to Cybersecurity Tools & Cyber Attacks Quiz Answers
Hello Friends in this article i am gone to share Coursera Course: Introduction to Cybersecurity Tools & Cyber Attacks All Weeks Quiz Answers with you..
Introduction to Cybersecurity Tools & Cyber Attacks
Enroll Link: Introduction to Cybersecurity Tools & Cyber Attacks
WEEK 1 QUIZ ANSWERS
Introduction to Cybersecurity Tools & Cyber Attacks
Question 1)
Jeff Crume described 5 challenges in security today. Which three (3) of these are challenges because their numbers are increasing rapidly?
- Alerts
- Needed knowledge
- Available time
- Available analysts
- Threats
Question 2)
About how many unfilled cybersecurity jobs are expected by the year 2022?
- 180,000
- 1.8 million
- 180 million
- There is expected to be a surplus of available skills by 2022.
What are We Talking about when We Talk about Cybersecurity?
Question 1)
Which is the National Institute of Standards’ (NIST) definition of cybersecurity?
- The protection of information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
- The measures taken to protect governmental and military computer and weapons systems from unauthorized use, alteration, disruption or destruction.
- The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.
Question 2)
Which three (3) are components of the CIA Triad?
- Information
- Availability
- Cyber
- Confidentiality
- Integrity
- Access
Question 3)
“A flaw, loophole, oversight, or error that can be exploited to violate system security policy.” Is the definition of which key cybersecurity term?
- Vulnerability
- Risk
- Exploit
- Threat
Question 4)
“An event, natural or man-made, able to cause a negative impact to an organization.” Is the definition of which key cybersecurity term?
- Threat
- Vulnerability
- Exploit
- Risk
Question 5)
Most cyber attacks come from which one (1) of the following sources?
- Internal factors, such as current and former employees.
- Malicious events, such as an attack orchestrated by a foreign government.
- Natural factors, such as hurricanes, lightning and tornados.
- External threats, such as hackers, malware and viruses.
Question 6)
Vulnerabilities are weaknesses in a system that can be exploited. Which are the two (2) most common ways in which vulnerabilities are introduced to a system?
- Many vulnerabilities are introduced to a system by malware such as Trojan horses.
- Many vulnerabilities occur as a result of misconfiguration by the system administrator.
- Many vulnerabilities are inherent in a systems operating system and cannot be patched, only monitored.
- Many systems are shipped with known and unknown security holes, such as insecure default settings.
Question 7)
Which security role would be responsible for conducting information security assessments for organizations, including analyzing events, alerts and alarms?
- Information Security Analyst
- Chief Information Security Officer
- Information Security Auditor
- Information Security Architect
From Ronald Reagan to Where we are Today
Question 1)
Which American president first recognized the need for a national policy on cybersecurity?
- Ronald Reagan
- George W Bush
- Gerald Ford
- Barack Obama
Question 2)
In addition to specific events, what other factor has led to an enhanced need for strong cybersecurity?
- Computing devices like PCs and smartphones are now used by a large majority of people.
- To save money, common operating systems have paid little attention to security and are easily hacked.
- Weapons systems are now fully automated and can be controlled remotely.
- There is nothing illegal about accessing any computer you wish, as long as you do not do harm.
Question 3)
Between 2010 and 2016 the number of new software vulnerabilities discovered during this 7-year period was in what range?
- 35,000 to 40,000
- 1000 to 2000
- 7000 to 10,000
- 50 to 100
Question 4)
An example of weaponizing a cybervulnerability is the use of the Stuxnet virus. Which attack by a government actor successfully used this virus?
- Stuxnet was used to steal an estimated $100M from various banks in the United States and the UK.
- Stuxnet was used to disable uranium processing equipment in an Iranian nuclear facility.
- Stuxnet was used by Edward Snowden to hack US intelligence agency servers and download classified information about secret surveillance programs.
- Stuxnet was used by agents acting on behalf of the Russian government to hack Hillary Clinton’s email server.
Cybersecurity Programs
Question 1)
Which three (3) factors make cybersecurity far more difficult now that it was in the past when you only needed to protect the computer?
- Mobile technology – everyone has a smartphone
- Data protection – your data is everywhere
- Multiple different vendors, each supporting different technology and protocols
- Local nature of business
Question 2)
Which aspect of a comprehensive approach to cybersecurity includes these items: classification, implementation steps, asset control and documentation?
- Security program
- Asset management
- Administrative controls
- Technical controls
Question 3)
Which aspect of a comprehensive approach to cybersecurity includes these items: policies, procedures, standards, user education, incident response, disaster recovery, compliance and physical security?
- Security program
- Asset management
- Administrative controls
- Technical controls
Question 4)
Which aspect of a comprehensive approach to cybersecurity includes these items: network infrastructure, endpoints, servers, identity management, vulnerability management, monitoring and logging?
- Security program
- Asset management
- Administrative controls
- Technical controls
Cybersecurity – A Security Architect’s Perspective
Question 1)
Which three (3) security challenges face today’s organizations?
- Solutions can be attacked themselves
- Protectors have to be right just once
- Protection of enforcement structure can complicate solutions
- Security is not as simple as it seems
Question 2)
In John’s example of friends and enemies, what is the name used to refer to the intruder?
- Trudy
Question 3)
Describe why comprehensive cybersecurity can be very complex to implement in reality.
- maybe
Question 4)
Only the sender and intended receiver of a message can “understand” the message contents is an example of which basic security concept?
- Authentication
- Availability
- Confidentiality
- Integrity
Question 5)
The sender and receiver of a message can positively identity each other’s identity is an example of which basic security concept?
- Authentication
- Confidentiality
- Availability
- Integrity
What is Critical Thinking?
Question 1)
Which is the presenter, Kristin Dahl’s definition of Critical Thinking?
- Critical thinking involves always looking for the flaw or weakness in any given situation.
- Critical thinking is the controlled, purposeful thinking directed toward a goal.
- Critical thinking is a mode the brain goes into during critical or emergency situations.
- Critical thinking is taking on the mindset of your opponent (the hacker for example) and trying to think like him/her.
Question 2)
The Critical Thinking Model presented places critical thinking at the overlap of which four (4) competencies?
- Technical skills and competencies.
- The strength necessary to be critical of others who are advocating unsafe practices.
- Technical and experimental knowledge, intellectual skills and competencies.
- The ability to place yourself in the mindset of an adversary or attacker.
- Critical thinking characteristics (attitudes & behaviors).
- Interpersonal skills and competencies.
Question 3)
Put yourself in others’ shoes – reframe the problem is an example of which of the 5 Key Skills of Critical Thinking?
- Understand Context
- Identify Key Drivers
- Challenge Assumptions
- Consider Alternatives
History of Cybersecurity
Question 1)
What was shown in the movie War Games that concerned President Reagan?
- The movie gave an accurate portayal of the Iran-Contra scandle that could have only come from inside sources.
- US Army generals did not know how to use the advanced weapons systems they were responsible for.
- KGB agents from the USSR were able to hack into Pentagon computer systems and steal plans for advanced US weapons.
- A teenager hacked into a Pentagon computer that was capable of launching nuclear weapons.
Question 2)
In addition to the movie War Games, what other event made the need for advanced cybersecurity apparent?
- The attack against the USS Cole while it was in port in Yeman.
- Confirmed reports of Al Qaeda operatives hacking the E-mail servers of US Government agencies.
- The failed Bay of Pigs invasion.
- 9/11
Question 3)
What were the three (3) main cybersecurity concerns arising from the 9/11 attacks?
- How did this happen?
- Who wrote the malware that took control of the 4 airplanes navigation systems?
- Could an attack like this happen in the virtual world too?
- Could this happen again?
Question 4)
According to a Forbes Magazine study, the annual cost of cybercrime in the United States alone has reached how much?
- $100M
- $1B
- $10B
- $100B
Question 5)
Who are Alice, Bob and Trudy?
- They are fictional characters used to illustrate how cryptography works.
- They are the founders of modern cryptography.
- They were members of British Navel Intelligence who did pioneering work in secure communications that later became known as cryptography.
- They are the pseudonyms (false names) used by members of the hacktivist group Anonymous.
Question 6)
Which of the following is considered a legitimate challenge to implementing a comprehensive cybersecurity solution?
- Security practices are viewed as being “in the way”.
- Security architectures require constant effort.
- Security is often an after-thought; something that is added at the end of a project rather than baked into the project from the start.
- All of the above
Question 7)
Jeff Crume described five challenges in security today. Which two (2) of these are challenges because their numbers are decreasing?
- Threats
- Needed knowledge
- Available analysts
- Alerts
- Available time
Question 8)
“A defined way to breach the security of an IT system through a vulnerability” is the definition of which key cybersecurity term?
- Vulnerability
- Exploit
- Risk
- Threat
Question 9)
“A situation involving exposure to a danger.” Is the definition of which key cybersecurity term?
- Exploit
- Risk
- Vulnerability
- Threat
Question 10)
Which aspect of a comprehensive approach to cybersecurity includes these items: evaluate, create teams, establish baselines, identify and model threats, identify use cases, identify risks, establish monitoring and control requirements?
- Technical controls
- Asset management
- Security program
- Administrative controls
Question 11)
According to a 2018 report by Domo, over what period of time do the following things occur: 49,380 videos are uploaded to Instagram, 25,000 gifs are sent on Facebook Messenger, 4.2 million videos are viewed on Snapchat and 473,400 tweets are sent on Twitter?
- Every 1 second
- Every 1 minute
- Every 1 hour
- Every 1 day
- Every 1 month
- Every 1 year
Question 12)
In the examples using Bob, Alice and Trudy, what aspect of cybersecurity is being illustrated?
- The positioning of firewalls that assure the integrity of communication between the 3 friends.
- The availability of communication that needs to be shared between the 3 friends.
- The complexity of communication between people who use different protocols.
- The security of communication between Alice and Bob that risks interception by Trudy.
Question 13)
Alice sends an unencrypted message to Bob but it is intercepted by Trudy. Trudy reads the message but does not in any way interfere with its content or delivery. Which precept of the CIA Triad would have been violated?
- Confidentiality
- Integrity
- Availability
- All of the above.
Question 14)
Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it so, in anger, she deletes it without allowing its delivery to Bob. Which precept of the CIA Triad would have been violated?
- Confidentiality
- Integrity
- Availability
- All of the above
Question 15)
Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it but forwards it on to Bob from an anonymous address she controls. Which precept of the CIA Triad would have been violated?
- Confidentiality
- Integrity
- Availability
- All of the above
Question 16)
A major metropolitan police department gets a warrant from a judge to hack into the computer of a suspected crime boss. A skilled penetration tester working for the department conducts the hack and retrieves incriminating evidence. What color hat does this officer wear?
- A Black Hat
- A Gray Hat
- A White Hat
Question 17)
Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?
- Open Source Security Testing Methodology Manual (OSSTMM).
- Health Information Portability and Accountability Act (HIPAA)
- NIST SP 800-42 Guidelines on Network Security Testing.
- Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination.
Question 18)
According to the Vulnerability Assessment Methodology, Vulnerabilities are determined by which 2 factors?
- Exposure and Sensitivity
- Identify Indicators and Exposure
- Sensitivity and Adaptive Capacity
- Potential Impacts and Adaptive Capacity
WEEK 2 QUIZ ANSWERS
Types of Actors and their Motives
Question 1)
What are the four (4) types of actors identified in the video A brief overview of types of actors and their motives?
- Security Analysts
- Governments
- Black Hats
- Hackers
- Internal
- White Hats
- Hactivists
Question 2)
Which of these common motivations is often attributed to a hactivist?
- Hire me!
- Political action and movements
- Just playing around
- Money
Question 3)
In the video Hacking organizations, which three (3) governments were called out as being active hackers?
- Venezuela
- Canada
- Israel
- China
- United States
Question 4)
Which four (4) of the following are known hacking organizations?
- Guardians of Peace
- Fancy Bears
- Syrian Electronic Army
- Anonymous
- The Ponemon Institute
Question 5)
Which of these hacks resulted in over 100 million credit card numbers being stolen?
- 2011 Sony Playstation hack
- 2013 Singapore Cyberattacks
- 2014 Ebay hack
- 2015 Target Stores hack
- 2016 US Election hack
An Architect’s perspective on attack classifications
Question 1)
Which of the following statements is True?
- Passive attacks are hard to detect because the original message is never delivered so the receiving does not know they missed anything.
- Passive attacks are hard to detect because the original message is delivered unchanged and can pass an integrity check.
- Passive attacks are easy to detect because of the latency created by the interception and second forwarding.
- Passive attacks are easy to detect because the original message wrapper must be modified by the attacker before it is forwarded on to the intended recipient.
Question 2)
The purpose of security services includes which three (3) of the following?
- Are intended to counter security attacks.
- Includes any component of your security infrastructure that has been outsourced to a third-party
- Enhance security of data processing systems and information transfer.
- Often replicate functions found in physical documents
Question 3)
Which statement best describes access control?
- Protection against denial by one of the parties in communication
- Prevention of unauthorized use of a resource
- Protection against the unauthorized disclosure of data
- Assurance that the communicating entity is the one claimed
Question 4)
The International Telecommunication Union (ITU) X.800 standard addresses which three (3) of the following topics?
- Data transmission speeds
- Access Control
- Transmission cost sharing between member countries
- Authentication
- Data Confidentiality
Question 5)
Protocol suppression, ID and authentication are examples of which?
- Business Policy
- Security Mechanism
- Security Architecture
- Security Policy
Question 6)
The motivation for more security in open systems is driven by which three (3) of the following factors?
- New requirements from the WTO, World Trade Organization
- Society’s increasing dependance on computers.
- The desire by a number of organizations to use OSI recommendations.
- The appearence of data protection legislation in several countries.
Question 7)
True or False: The accidental disclosure of confidential data by an employee is considered a legitimate organizational threat.
- True
- False
Question 8)
True or False: The accidental disclosure of confidential information by an employee is considered an attack.
- True
- False
Question 9)
A replay attack and a denial of service attack are examples of which?
- Origin attack
- Security architecture attack
- Masquerade attack
- Passive attack
Malware and an introduction to threat protection
Question 1)
True or False: An application that runs on your computer without your authorization but does no damage to the system is not considered malware.
- True
- False
Question 2)
How would you classify a piece of malicious code designed to cause damage and spreads from one computer to another by attaching itself to files but requires human actions in order to replicate?
- Virus
- Worms
- Trojan Horses
- Spyware
- Adware
- Ransomware
Question 3)
How would you classify a piece of malicious code designed collect data about a computer and its users and then report that back to a malicious actor?
- Virus
- Worms
- Spyware
- Adware
Question 4)
A large scale Denial of Service attack usually relies upon which of the following?
- A botnet
- A keylogger
- Logic Bombs
- Trojan Horses
Question 5)
Antivirus software can be classified as which form of threat control?
- Technical controls
- Administrative controls
- Active controls
- Passive controls
Additional Attack examples today
Question 1)
Which of the following measures can be used to counter a mapping attack?
- Record traffic entering the network
- Look for suspicious activity like IP addresses or ports being scanned sequentially.
- Use a host scanner and keep an inventory of hosts on your network.
- All of the above.
Question 2)
In order for a network card (NIC) to engage in packet sniffing, it must be running in which mode?
- Promiscuous
- Sniffer
- Inspection
- Open
Question 3)
Which countermeasure can be helpful in combating an IP Spoofing attack?
- Ingress filtering
- Enable IP Packet Authentication filtering
- Keep your certificates up-to-date
- Enable the IP Spoofing feature available in most commercial antivirus software.
- All of the above.
Question 4)
Which two (2) measures can be used to counter a Denial of Service (DOS) attack?
- Implement a filter to remove flooded packets before they reach the host.
- Enable packet filtering on your firewall.
- Enable the DOS Filtering option now available on most routers and switches.
- Use traceback to identify the source of the flooded packets.
Question 5)
Which countermeasure should be used agains a host insertion attack?
- Maintain an accurate inventory of of computer hosts by MAC address.
- Use a host scanning tool to match a list of discovered hosts against known hosts.
- Investigate newly discovered hosts.
- All of the above.
Attacks and Cyber resources
Question 1)
Which is not one of the phases of the intrusion kill chain?
- Delivery
- Command and Control
- Activation
- Installation
Question 2)
Which social engineering attack involves a person instead of a system such as an email server?
- Vishing
- Cyberwarfare
- Spectra
- Phishing
Question 3)
Which of the following is an example of a social engineering attack?
- Sending someone an email with a Trojan Horse attachment.
- Setting up a web site offering free games, but infecting the downloads with malware.
- Calling an employee and telling him you are from IT support and must observe him logging into his corporate account.
- Logging in to the Army’s missle command computer and launching a nuclear weapon.
Question 4)
True or False: While many countries are preparing their military for a future cyberwar, there have been no “cyber battles” to-date.
- True
- False
A day in the life of a SOC analyst
Question 1)
Which tool did Javier say was crucial to his work as a SOC analyst?
- SIEM (Security Information and Event Management)
- Packet Sniffers
- Firewalls
- Intrusion detection software
A brief overview of types of actors and their motives
Question 1)
Which hacker organization hacked into the Democratic National Convention and released Hillary Clinton’s emails?
- Fancy Bears
- Anonymous
- Syrian Electronic Army
- Guardians of the Peace
- All of the above
Question 2)
What challenges are expected in the future?
- Enhanced espionage from more countries
- Far more advanced malware
- New consumer technology to exploit
- All of the above
Question 3)
Why are cyber attacks using SWIFT so dangerous?
- SWIFT is the protocol used by all US healthcare providers to encrypt medical records
- SWIFT is the protocol used by all banks to transfer money
- SWIFT is the flight plan and routing system used by all cooperating nations for international commercial flights
- SWIFT is the protocol used to transmit all diplomatic telegrams between governments around the world
Question 4)
Which statement best describes Authentication?
- Assurance that a resource can be accessed and used
- Prevention of unauthorized use of a resource
- Protection against denial by one of the parties in communication
- Assurance that the communicating entity is the one claimed
Question 5)
Trusted functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism?
- Passive security mechanism
- Contingent security mechanism
- Active security mechanism
- External security mechanism
Question 6)
If an organization responds to an intentional threat, that threat is now classified as what?
- A malicious threat
- An active threat
- An attack
- An open case
Question 7)
An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack?
- Water Hole
- Spectra
- Denial of Service (DOS)
- Advanced Persistent Threat
Question 8)
Which of three (3) these approaches could be used by hackers as part of a Business Email Compromise attack?
- CEO Fraud, where CEO sends email to an employee
- Attorney impersonation
- Request to make a payment
- Account compromise
Question 9)
Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives?
- Hackers
- Governments
- Black Hats
- Hactivists
- Internal
Question 10)
A political motivation is often attributed to which type of actor?
- Security Analysts
- Internal
- Hackers
- Hactivist
Question 11)
The video Hacking organizations called out several countries with active government sponsored hacking operations in effect. Which one of these was among those named?
- Canada
- South Africa
- Israel
- Egypt
Question 12)
Which of these is not a known hacking organization?
- The Ponemon Institute
- Fancy Bears
- Syrian Electronic Army
- Anonymous
- Guardians of the Peace
Question 13)
Which type of actor hacked the 2016 US Presidential Elections?
- Government
- Hactivists
- Hackers
- Internal
Question 14)
True or False: Passive attacks are easy to detect because the original messages are usually altered or undelivered.
- False
- True
Question 15)
Trusted functionality, security labels, event detection and security audit trails are all considered which?
- Business Policy
- Specific security mechanisms
- Pervasive security mechanisms
- Security Policy
Question 16)
Cryptography, digital signatures, access controls and routing controls considered which?
- Business Policy
- Security Policy
- Pervasive security mechanisms
- Specific security mechanisms
Question 17)
True or False: Only acts performed with intention to do harm can be classified as Organizational Threats
- False
- True
Question 18)
Traffic flow analysis is classified as which?
- An origin attack
- A masquerade attack
- A passive attack
- An active attack
Question 19)
How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files?
- Spyware
- Virus
- Adware
- Trojan Horse
- Ransomware
- Worm
Question 20)
Botnets can be used to orchestrate which form of attack?
- Distribution of Spam
- DDoS attacks
- Phishing attacks
- Distribution of Spyware
- As a Malware launchpad
- All of the above
Question 21)
Policies and training can be classified as which form of threat control?
- Administrative controls
- Passive controls
- Active controls
- Technical controls
Question 22)
Which type of attack can be addressed using a switched Ethernet gateway and software on every host on your network that makes sure their NICs is not running in promiscuous mode.
- Packet Sniffing
- Host Insertion
- Trojan Horse
- Ransomware
- All of the above
Question 23)
A flood of maliciously generated packets swamp a receiver’s network interface preventing it from responding to legitimate traffic. This is characteristic of which form of attack?
- A Denial of Service (DOS) attack
- A Trojan Horse
- A Masquerade attack
- A Ransomware attack
Question 24)
A person calls you at work and tells you he is a lawyer for your company and that you need to send him specific confidential company documents right away, or else! Assuming the caller is not really a lawyer for your company but a bad actor, what kind of attack is this?
- A Social Engineering attack
- A Trojan Horse
- A Denial of Service attack
- A Worm attack
Question 25)
True or False: An individual hacks into a military computer and uses it to launch an attack on a target he personally dislikes. This is considered an act of cyberwarfare.
- False
- True
WEEK 3 QUIZ ANSWERS
CIA Triad
Question 1)
Encrypting your email is an example of addressing which aspect of the CIA Triad?
- Confidentiality
- Integrity
- Availability
Question 2)
Trudy changes the meeting time in a message she intercepts from Alice before she forwards it on to Bob. This is a violation of which aspect of the CIA Triad?
- Confidentiality
- Integrity
- Availability
Question 3)
You fail to backup your files and then drop your laptop breaking it into many small pieces. You have just failed to address which aspect of the CIA Triad?
- Confidentiality
- Integrity
- Availability
Question 4)
The use of digital signatures is an example of which concept?
- Non-repudiation
- Confidentiality
- Integrity
- Availability
Access Management
Question 1)
Managers in the Singapore office at your company can access documents that managers in other offices cannot access, nor can nonmanager employees in the Singapore office. Which 2 access criterial types were likely involved in setting this up?
- Groups
- Physical location
- Timeframe
- Transaction type
Incident Response
Question 1)
In incident management, an event that has a negative impact on some aspect of the network or data is called what?
- Threat
- Attack
- Incident
- Event
Question 2)
In incident management, a data inventory, data classification and data management process are part of which key concept?
- Business Continuity Plan & Disaster Recovery
- E-Discovery
- Post-Incident Activities
- Automated system
Question 3)
Which of the phase of the Incident Response Process do steps like Identify cyber security incident, Define objectives and investigate situation and Take appropriate action fall into?
- Phase 1: Prepare
- Phase 2: Respond
- Phase 3: Follow Up
Frameworks and their purpose
Question 1)
In the context of security standards and compliance, which two (2) of these items are goals of frameworks and best practices?
- They serve as an enforcement mechanism for government, industry or clients.
- They help translate the business needs into technical or operational needs.
- They seek to improve performance, controls and metrics.
- They are rules to follow for a specific industry.
Question 2)
A company document that says employees may not do online shopping while at work would be which of the following?
- Tactical Plan
- Procedure
- Policy
- Strategic Plan
Question 3)
Which three (3) of these are compliance standards that must be adhered to by companies is some industries / countries?
- PCI/DSS
- HIPPA
- OCTAVE
- SOX
Question 4)
A method of evaluating computer and network security by simulating an attack on a computer system or network from external or internal threats is know as which of the following?
- A hack
- A threat
- A pentest
- A white hat
Question 5)
The OWASP “Top 10” provides guidance on what?
- The top 10 cybercrimes reported each year.
- The top 10 application vulnerabilities reported each year.
- The top 10 malware exploits reported each year.
- The top 10 network vulnerabilities reported each year.
Quiz: Key concepts
Question 1)
Which two (2) key components are part of incident response? (Select 2)
- Response team
- Threat
- Attack
- Investigation
Question 2)
Which is not part of the Sans Institutes Audit process?
- Help to translate the business needs into technical or operational needs.
- Deliver a report.
- Define the audit scope and limitations.
- Feedback based on the findings.
Question 3)
Which key concept to understand incident response is defined as “data inventory, helps to understand the current tech status, data classification, data management, we could use automated systems. Understand how you control data retention and backup.”
- E-Discovery
- Automated Systems
- Post-Incident
- BCP & Disaster Recovery
Question 4)
Which is not included as part of the IT Governance process?
- Policies
- Audits
- Tactical Plans
- Procedures
Question 5)
Trudy reading Alice’s message to Bob is a violation of which aspect of the CIA Triad?
- Confidentiality
- Integrity
- Availability
Question 6)
A hash is a mathematical algorithm that helps assure which aspect of the CIA Triad?
- Confidentiality
- Integrity
- Availability
Question 7)
A successful DOS attack against your company’s servers is a violation of which aspect of the CIA Triad?
- Confidentiality
- Integrity
- Availability
Question 8)
Which of these is an example of the concept of non-repudiation?
- Alice sends a message to Bob with certainty that it will be delivered.
- Alice sends a message to Bob and Alice is certain that it was not read by Trudy.
- Alice sends a message to Bob with certainty that it was not altered while in route by Trudy.
- Alice sends a message to Bob and Bob knows for a certainty that it came from Alice and no one else.
Question 9)
You have been asked to establish access to corporate documents in such a way that they can be read from anywhere, but only modified while the employees are in the office. Which 2 access criteria types were likely involved in setting this up?
- Timeframe
- Transaction type
- Physical location
- Groups
Question 10)
In incident management, an observed change to the normal behavior of a system, environment or process is called what?
- Attack
- Incident
- Threat
- Event
Question 11)
In incident management, tools like SIEM, SOA and UBA are part of which key concept?
- BCP & Disaster Recovery
- Post-Incident Activities
- E-Discovery
- Automated system
Question 12)
Which phase of the Incident Response Process do steps like Carry out a post incident review and Communicate and build on lessons learned fall into?
- Respond
- Follow Up
- Prepare
Question 13)
In the context of security standards and compliance, which two (2) of these are considered normative and compliance items?
- They seek to improve performance, controls and metrics.
- They serve as an enforcement mechanism for government, industry or clients.
- They help translate the business needs into technical or operational needs.
- They are rules to follow for a specific industry.
Question 14)
A company document that details how an employee should request Internet access for her computer would be which of the following?
- Tactical Plan
- Strategic Plan
- Procedure
- Policy
Question 15)
Which of these is a methodology by which to conduct audits?
- SOX
- HIPPA
- PCI/DSS
- OCTAVE
Question 16)
Mile 2 CPTE Training teaches you how to do what?
- Construct a botnet
- Conduct a pentest.
- Conduct a Ransomware attack
- Advanced network management tasks
Question 17)
Which three (3) statements about OWASP are True?
- OWASP provides tools and guidance for mobile applications.
- OWASP Top 10 only lists the top 10 web application vulnerabilities but you must engage an OWASP certified partner to learn how to fix them.
- OWASP stands for Open Web Application Security Project
- OWASP provides guidance and tools to help you address web application vulnerabilities on their Top 10 list.
WEEK 4 QUIZ ANSWERS
Firewalls
Question 1)
Firewalls contribute to the security of your network in which three (3) ways?
- Prevent an internal user from downloading data she is not authorized to access.
- Prevent unauthorized modifications to internal data from an outside actor.
- Allow only authorized access to inside the network.
- Prevent Denial of Service (DOS) attacks.
Question 2)
Which packets are selected for inspection by a packet filtering firewall?
- Every packet entering the network but no packets leaving the network.
- Every packet entering or leaving a network.
- The first packet in any transmission, whether entering or leaving.
- The first packet of every transmission but only subsequent packets when “high risk” protocols are used.
Question 3)
True or False: Application Gateways are an effective way to control which individuals can establish telnet connections through the gateway.
- True
- False
Question 4)
Why are XML gateways used?
- XML traffic cannot pass through a conventional firewall.
- XML traffic passes through conventional firewalls without inspection.
- Conventional firewalls attempt to execute XML code as instructions to the firewall.
- XML packet headers are different from that of other protocols and often “confuse” conventional firewalls.
Question 5)
Which three (3) things are True about Stateless firewalls?
- They are also known as packet-filtering firewalls.
- They are faster than Stateful firewalls.
- They filter packets based upon Layer 3 and 4 information only (IP address and Port number)
- They maintain tables that allow them to compare current packets with previous packets.
Antivirus/Antimalware
Question 1)
True or False: Most Antivirus/Antimalware software works by comparing each file encountered on your system against a compressed (zipped) version of known malware maintained by the vendor on the local host.
- True
- False
Introduction to Cryptography
Question 1)
How many unique encryption keys are required for 2 people to exchange a series of messages using asymmetric public key cryptogrophy?
- 2
- no keys are required
- 1
- 4
Question 2)
What is Cryptographic Strength?
- Relies on math, not secrecy
- Ciphers that have stood the test of time are public algorithms.
- Exclusive Or (XOR) is the “secret sauce” behind modern encryption.
- All of the above.
Question 3)
What is the primary difference between Symmetric and Asymmetric encryption?
- The same key is used to both encrypt and decrypt the message.
- Symmetric encryption is inherently more secure than Asymmetric encryption.
- Asymmetric uses only single-use keys so a subscription to a key vendor is required to obtain new keys.
- Symmetric encryption is inherently less secure than Asymmetric encryption.
Question 4)
Which type of cryptographic attack is characterized by an attack based upon trial an error where many millions of keys may be attempted in order to break the encrypted message?
- Brute force
- Rainbow tables
- Social Engineering
- Known Plaintext
- Known Ciphertext
- All of the above.
Question 5)
What is the correct sequence of steps required for Alice to send a message to Bob using asymmetric encryption?
- Alice uses her private key to encrypt her message and then sends it to Bob. Bob requests Alice’s public key and uses it to decrypt the message.
- Alice and Bob exchange their public keys to confirm each other’s identity and then Alice uses her private key to encrypt the message that Bob can decrypt using his private key.
- Alice and Bob exchange their private keys to confirm each other’s identity and then Alice uses her public key to encrypt the message that Bob can decrypt using his public key.
- Alice requests Bob’s public key and uses it to encrypt her message. Alice then sends the encrypted message to Bob who decrypts it using his private key.
First look at Penetration Testing and Digital Forensics
Question 1)
A skilled penetration tester wants to show her employer how smart she is in hopes of getting a promotion. Without obtaining permission, she hacks into the company’s new online store to see if there are any weaknesses that can be hardened before the system goes live. She does not do any damage and writes a useful report which she sends over her boss’s head to the CISO. What color hat was she wearing?
- A White Hat
- A Gray Hat
- A Black Hat
- A Pink Hat
- A Rainbow Hat
Question 2)
Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?
- Information Systems Security Assessment Framework (ISSAF)
- General Data Protection Regulation (GDPR)
- NIST SP 800-42 Guidelines on Network Security Testing.
- Open Source Security Testing Methodology Manual (OSSTMM).
Question 3)
According to the Vulnerability Assessment Methodology, Potential Impacts are determined by which 2 factors?
- Exposure and Sensitivity
- Identify Indicators and Exposure
- Potential Impacts and Adaptive Capacity
- Sensitivity and Adaptive Capacity
Question 4)
In digital forensics, the term Chain of Custody refers to what?
- This is a digital “chain” that isolated digital evidence from being disturbed until it can be analyzed by the police or other authorities.
- The record that documents the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence.
- This chain of custody is simply a written record of who possessed the evidence as it moves from collection to analysis to presentation in a court of law.
- This is a physical chain that is place around a crime scene to protect the evidence from being disturbed.
Key security tools
Question 1)
What is the primary function of a firewall?
- Scans the system and search for matches against the malware definitions.
- Uses malware definitions.
- Filter traffic between networks.
- Secures communication that may be understood by the intended recipient only.
Question 2)
How many unique encryption keys are required for 2 people to exchange a series of messages using symmetric key cryptography?
- 1
- 2
- 4
- no keys are required
Question 3)
What are the three (3) types of modern encryption?
- Symmetric
- Hash
- Asymmetric
- Ciphertext
Question 4)
What is Locard’s exchange principle?
- Refers to the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence.
- An entity that is partially or wholly responsible for an incident that affects or potentially affects an organization’s security.
- The perpetrator of a crime will bring something into the crime scene and leave with something from it, and that both can be used as forensic evidence.
- Includes the identification, recovery, investigation, validation, and presentation of facts regarding digital evidence found on computers or similar digital storage media devices.
Question 5)
Which two (2) are types of firewall?
- Statutory
- Packet-filtering
- Application-level
- Protocol-filtering
Question 6)
Which type of data does a packet-filtering firewall inspect when it decides whether to forward or drop a packet?
- Source and destination IP addresses.
- TCP/UDP source and destination port numbers.
- ICMP message type.
- TCP SYN and ACK bits.
- All of the above.
Question 7)
Which three (3) of the following are limitations of Application gateways?
- Application gateways are not good at understanding protocols such as telnet.
- Each application to be managed needs its own gateway.
- Client software must be “smart” and know to contact the gateway.
- Application gateways are susceptible to IP spoofing.
Question 8)
Which type of firewall inspects XML packet payloads for things like executable code, a target IP address that make sense, and a known source IP address?
- An XML Gateway.
- An application-level firewall.
- A packet-filtering firewall.
- All of the above.
Question 9)
Which statement about Stateful firewalls is True?
- They have state tables that allow them to compare current packets with previous packets.
- They are less secure in general than Stateless firewalls.
- They are faster than Stateless firewalls.
- All of the above.
Question 10)
True or False: Most Antivirus/Antimalware software works by comparing a hash of every file encountered on your system against a table of hashs of known virus and malware previously made by the antivirus/antimalware vendor.
- True
- False
Question 11)
Which type of cryptographic attack is characterized by comparing a captured hashed password against a table of many millions of previously hashed words or strings?
- Brute force
- Rainbow tables
- Known Ciphertext
- Known Plaintext
- Social Engineering
Question 12)
What are two (2) drawbacks to using symmetric key encryption?
- You need to use a different encryption key with everyone you communicate with, otherwise anyone who has ever received an encrypted message from you could open any message you sent to anyone else using that key.
- The sender and recipient must find a secure way to share the key itself.
- A modern supercomputer can break even the most advanced symmetric key in a matter of minutes.
- Symmetric key encryption is slower than asymmetric key encryption.