Introduction to Cybersecurity Modules Quiz Answers


Introduction to Cybersecurity: My Knowledge Check Answers


                   

1 - What action will an IDS take upon detection of malicious traffic?
a) Block or deny all traffic
b) Drop only packets identified as malicious
c) Create a network alert and log the detection
d) Reroute malicious traffic to a honeypot

Solution: Create a network alert and log the detection

2 - Which of the following is an example of two factor authentication?
a) Your account number and your name
b) Your answer to a general knowledge question and your password
c) Your fingerprint and your password
d) Your password and your username

Solution: Your fingerprint and your password

3 - Which of the statements correctly describes cybersecurity?
a) Cybersecurity is the ongoing effort to protect individuals, organizations and governments from digital attacks
b) Cybersecurity is the ongoing effort to protect individuals, organizations and governments from crimes that happen only in cyberspace
c) Cybersecurity is the ongoing effort to protect computers, networks and data from malicious attacks

Solution: Cybersecurity is the ongoing effort to protect individuals, organizations and governments from digital attacks by protecting networked systems and data from unauthorized use or harm.

4 - Which of the following certifications tests your understanding and knowledge in how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner?
a) Microsoft Technology Associate Security Fundamentals
b) Palo Alto Networks Certified Cybersecurity Associate
c) ISACA CSX Cybersecurity Fundamentals
d) CompTIA Security+
e) EC Council Certified Ethical Hacker
f) ISC2 Certified Information Systems Security Professional

Solution: EC Council Certified Ethical Hacker

5 - Carrying out a multi-phase, long-term, stealthy and advanced operation against a specific target is often referred to as what?
a) Network sniffing
b) Advanced persistent threat
c) Social engineering
d) Script kiddies
e) Rainbow tables

Solution: Advanced persistent threat

6 - Can you identify the cyber attacker type from the following descriptions?
a) Make political statements in order to raise awareness about issues that are important to them – Hacktivists
b) Gather intelligence or commit sabotage on specific goals on behalf of their government – State-sponsored attackers
c) Use existing tools on the Internet to launch a cyber attack – Script kiddies

Solution: a) Hacktivists, b) State-sponsored attackers, c) Script kiddies

7 - What is a security playbook?
a) A collection of repeatable queries or reports that outline a standardized process for incident detection and response
b) A collection of security alerts, logs and historical data from the network
c) A step-by-step guide on how to carry out IT-related procedures

Solution: A collection of repeatable queries or reports that outline a standardized process for incident detection and response

8 - Which of the following characteristics describe a worm? (Choose two.)
a) Executes when software is run on a computer
b) Is self-replicating
c) Hides in a dormant state until needed by an attacker
d) Infects computers by attaching to software code
e) Travels to new computers without any intervention or knowledge of the user

Solution: b) Is self-replicating, e) Travels to new computers without any intervention or knowledge of the user

9 - What is the main purpose of cyberwarfare?
a) To protect cloud-based data centers
b) To gain advantage over adversaries
c) To develop advanced network devices
d) To simulate possible war scenarios among nations

Solution: To gain advantage over adversaries

10 - During a meeting with the Marketing department, a representative from IT discusses features of an upcoming product that will be released next year. Is this employee’s behavior ethical or unethical?
a) Ethical
b) Unethical

Solution: Unethical

11 - What is the only way of ensuring that deleted files on your computer are irrecoverable?
a) Using a software program such as SDelete or Secure Empty Trash
b) Emptying your computer’s recycle bin
c) Physically destroying your computer’s hard drive

Solution: Physically destroying your computer’s hard drive

12 - Which of the following items are states of data? (Choose three.)
a) Storage
b) Text
c) ASCII
d) Transmission
e) Binary
f) Processing

Solution: a) Storage, d) Transmission, f) Processing

13 - Which of the following actions should an organization take in the event of a security breach? (Choose two.)
a) Contain the information so that it does not go public
b) Communicate a call to action to all employees
c) Carry out research to uncover what caused the breach
d) Assume this type of breach won’t happen again
e) Advise employees to be more careful

Solution: a) Contain the information so that it does not go public, c) Carry out research to uncover what caused the breach

14 - In networking, what name is given to the identifier at both ends of a transmission to ensure that the right data is passed to the correct application?
a) IP address
b) Sequence number
c) MAC address
d) Port number

Solution: Port number

15 - ‘Cryptocurrencies are handled on a centralized exchange.’ Is this statement true or false?
a) True
b) False

Solution: False

16 - Which of the following are examples of on-path attacks? (Choose two.)
a) SEO poisoning
b) Man-in-the-Mobile
c) Ransomware
d) DDoS
e) Man-in-the-Middle
f) Worms

Solution: b) Man-in-the-Mobile, e) Man-in-the-Middle

17 - Which of the following firewalls filters traffic based on the user, device, role, application type and threat profile?
a) Network layer firewall
b) Application layer firewall
c) Network address translation firewall
d) Host-based firewall
e) Context aware application firewall

Solution: Context aware application firewall

18 - Which of the following security vulnerabilities could result in the receipt of malicious information that could force a program to behave in an unintended way?
a) Non-validated input
b) Buffer overflow
c) Race condition
d) Access control problem

Solution: Non-validated input
Explanation: Programs often require data input, but this incoming data could have malicious content, designed to force the program to behave in an unintended way.

19 - Which of the following is an entry-level certification for newcomers who are preparing to start their career in cybersecurity?
a) Microsoft Technology Associate Security Fundamentals
b) Palo Alto Networks Certified Cybersecurity Associate
c) ISACA CSX Cybersecurity Fundamentals
d) CompTIA Security+
e) EC Council Certified Ethical Hacker
f) ISC2 Certified Information Systems Security Professional

Solution: Microsoft Technology Associate Security Fundamentals
Explanation: This is an entry-level certification for newcomers who are preparing to start their career in the cybersecurity field.

20 - Can you identify why each of the following organizations might be interested in your online identity?
Internet service providers:
– They may be legally required to share your online information with government surveillance agencies or authorities

Advertisers:
– To monitor your online activities and send targeted ads your way

Social media platforms:
– To gather information based on your online activity, which is then shared with or sold to advertisers for a profit

Websites:
– To track your activities using cookies in order to provide a more personalized experience

21 - What can the skills developed by cybersecurity professionals be used for?
a) Cybersecurity professionals develop many skills that can be only be used for good
b) Cybersecurity professionals develop many skills that can only be used for evil
c) Cybersecurity professionals develop many skills that cannot be used for evil
d) Cybersecurity professionals develop many skills that can be used for good or evil

Solution: Cybersecurity professionals develop many skills that can be used for good or evil

22 - One of your colleagues has lost her identification badge. She is in a hurry to get to a meeting and does not have time to visit Human Resources to get a temporary badge. You lend her your identification badge until she can obtain a replacement. Is this behavior ethical or unethical?
a) Ethical
b) Unethical

Solution: Unethical

23 - Which of the following statements best describes cybersecurity?
a) It is a framework for security policy development
b) It is a standard-based model for developing firewall technologies to fight against cybercrime
c) It is the name of a comprehensive security application for end users to protect workstations from being attacked
d) It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm

Solution: It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm

24 - Why might internal security threats cause greater damage to an organization than external security threats?
a) Internal users have better hacking skills
b) Internal users have direct access to the infrastructure devices
c) Internal users can access the organizational data without authentication
d) Internal users can access the infrastructure devices through the Internet

Solution: Internal users have direct access to the infrastructure devices
Explanation: Internal threats have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. Internal users may not have better hacking skills than external attackers. Both internal users and external users can access the network devices through the Internet. A well-designed security implementation should require authentication before corporate data is accessed, regardless of whether the access request is from within the corporate campus or from the outside network.

25 - What is the most common goal of search engine optimization (SEO) poisoning?
a) To trick someone into installing malware or divulging personal information
b) To overwhelm a network device with maliciously formed packets
c) To build a botnet of zombies
d) To increase web traffic to malicious sites

Solution: To trick someone into installing malware or divulging personal information
Explanation: A malicious user could create a SEO so that a malicious website appears higher in search results. The malicious website commonly contains malware or is used to obtain information via social engineering techniques.

26 - What should you do in order to make sure that people you live with do not have access to your secure data?
a) Turn on a firewall
b) Increase the privacy settings on your browser
c) Install antivirus software
d) Set up password protection

Solution: Set up password protection

27 - Which of these is the most recognizable and popular security certification, requiring at least five years’ relevant industry experience before you can take the exam?
a) Microsoft Technology Associate Security Fundamentals
b) Palo Alto Networks Certified Cybersecurity Associate
c) ISACA CSX Cybersecurity Fundamentals
d) CompTIA Security+
e) EC Council Certified Ethical Hacker
f) ISC2 Certified Information Systems Security Professional

Solution: ISC2 Certified Information Systems Security Professional

28 - ____ is the use of technology to penetrate and attack another nation’s computer systems and networks in an effort to cause damage or disrupt services, such as shutting down a power grid.
a) Cyberwarfare
b) Cyberterrorism
c) A cyber attack
d) A cyber campaign

Solution: Cyberwarfare

29 - Who is responsible for overseeing a blockchain electronic ledger?
a) Anyone belonging to the blockchain network
b) A central blockchain authority
c) A central bank
d) A government regulatory body

Solution: Anyone belonging to the blockchain network

30 - A medical office employee sends emails to patients about their recent visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?
a) Contact information
b) Next appointment
c) Patient records
d) First and last name

Solution: Patient records
Explanation: An email message is transmitted in plain text and can be read by anyone who has access to the data while it is en route to a destination. Patient records include confidential or sensitive information that should be transmitted in a secure manner.

31 - What action should you take to secure your mobile device when using it on an open public network?
a) Turn off the device
b) Connect to a VPN
c) Enable airplane mode
d) Use a public charging station

Solution: Connect to a VPN
Explanation: A VPN (Virtual Private Network) encrypts your internet connection, providing a secure channel for your data even on open public networks.

32 - Which of the following is the primary purpose of encryption?
a) To back up data
b) To hide data from unauthorized users
c) To speed up data transmission
d) To organize data efficiently

Solution: To hide data from unauthorized users
Explanation: Encryption transforms data into a format that is unreadable to anyone who does not have the decryption key, thus protecting it from unauthorized access.

33 - Which type of malware is designed to replicate itself and spread to other devices without user interaction?
a) Virus
b) Worm
c) Trojan horse
d) Spyware

Solution: Worm
Explanation: A worm is a type of malware that can replicate itself and spread to other devices on a network without any user action.

34 - Which of the following practices can help protect against phishing attacks?
a) Updating software regularly
b) Using complex passwords
c) Avoiding opening email attachments from unknown senders
d) Installing antivirus software

Solution: Avoiding opening email attachments from unknown senders
Explanation: Phishing attacks often use email attachments or links from unknown senders to deliver malicious payloads or capture sensitive information.

35 - Which of the following can be considered a strong password?
a) Password123
b) JohnDoe1990
c) 123456
d) P@ssw0rd!2024

Solution: P@ssw0rd!2024
Explanation: A strong password includes a mix of upper and lower case letters, numbers, and special characters, making it more resistant to brute force attacks.

36 - What is the main purpose of a firewall in a network?
a) To detect and remove viruses
b) To filter incoming and outgoing traffic
c) To store backup data
d) To provide VPN services

Solution: To filter incoming and outgoing traffic
Explanation: Firewalls are used to monitor and control network traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.

37 - What is the key benefit of two-factor authentication (2FA)?
a) It speeds up the login process
b) It simplifies password management
c) It provides an additional layer of security
d) It eliminates the need for passwords

Solution: It provides an additional layer of security
Explanation: Two-factor authentication enhances security by requiring two forms of verification, making it more difficult for unauthorized users to gain access.

38 - Which of the following best describes ransomware?
a) Malware that records keystrokes
b) Malware that encrypts files and demands payment for their release
c) Malware that displays unwanted advertisements
d) Malware that steals personal information

Solution: Malware that encrypts files and demands payment for their release
Explanation: Ransomware is a type of malware that locks or encrypts the victim's data, demanding a ransom payment to restore access.

39 - What is social engineering in the context of cybersecurity?
a) The use of social networks for spreading malware
b) The manipulation of individuals to divulge confidential information
c) The use of software to protect social media accounts
d) The development of secure social media platforms

Solution: The manipulation of individuals to divulge confidential information
Explanation: Social engineering involves manipulating people into performing actions or divulging confidential information, often through deception.

40 - What should be your primary consideration when creating a backup strategy?
a) Cost of the storage devices
b) Frequency of backups
c) Physical location of backups
d) Type of data being backed up

Solution: Type of data being backed up
Explanation: The type of data being backed up determines the backup strategy, including the frequency, method, and location of backups to ensure data integrity and availability.

31. What tool can identify malicious traffic by comparing packet contents to known attack signatures?
a) IDS
b) Zenmap
c) Nmap
d) NetFlow

Solution: IDS

32. Which of the following firewalls hides or masquerades the private addresses of network hosts?
a) Network layer firewall
b) Host-based firewall
c) Reverse proxy firewall
d) Proxy server
e) Network address translation firewall

Solution: Network address translation firewall

33. Improper management of physical access to a resource, such as a file, can lead to what type of security vulnerability?
a) Buffer overflow
b) Non-validated input
c) Race conditions
d) Weaknesses in security practices
e) Access control problems

Solution: Access control problems

34. Which of the following methods is used to check the integrity of data?
a) Backup
b) Hashes or checksums
c) Encryption
d) Authentication

Solution: Hashes or checksums

35. ‘Data coming into a program should be sanitized, as it could have malicious content, designed to force the program to behave in an unintended way.’ This statement describes what security vulnerability?
a) Weaknesses in security practices
b) Access control problems
c) Buffer overflow
d) Non-validated input
e) Race conditions

Solution: Non-validated input

36. What is the best approach for preventing a compromised IoT device from maliciously accessing data and devices on a local network?
a) Install a software firewall on every network device
b) Place all IoT devices that have access to the Internet on an isolated network
c) Disconnect all IoT devices from the Internet
d) Set the security settings of workstation web browsers to a higher level

Solution: Place all IoT devices that have access to the Internet on an isolated network

37. How do Cisco ISE and TrustSec work?
a) They enforce access to network resources by creating role-based access control policies
b) They stop sensitive data from being stolen or escaping a network
c) They block network traffic based on a positive rule or signature match

Solution: They enforce access to network resources by creating role-based access control policies

38. Which of the following certifications does not expire or require periodic recertification and is geared towards post-secondary graduates and those interested in a career change?
a) Microsoft Technology Associate Security Fundamentals
b) Palo Alto Networks Certified Cybersecurity Associate
c) ISACA CSX Cybersecurity Fundamentals
d) CompTIA Security+
e) EC Council Certified Ethical Hacker
f) ISC2 Certified Information Systems Security Professional

Solution: Microsoft Technology Associate Security Fundamentals

39. ‘Securing physical access to target equipment is an organization’s best defense against a cyber attack.’ Is this true or false?
a) True
b) False

Solution: True

40. Which of the following firewalls filters ports and system service calls on a single computer operating system?
a) Network layer firewall
b) Application layer firewall
c) Transport layer firewall
d) Network address translation firewall
e) Host-based firewall

Solution: Host-based firewall

41. What is the correct definition of risk management?
a) The process of transferring risks that cannot be eliminated or mitigated
b) The process of identifying and assessing risk to determine the severity of threats
c) The process of accepting risks that cannot be eliminated, mitigated or transferred
d) The process of identifying and assessing risk to reduce the impact of threats and vulnerabilities

Solution: The process of identifying and assessing risk to reduce the impact of threats and vulnerabilities

42. Which of the following security implementations use biometrics? (Choose two.)
a) Fingerprint
b) Phone
c) Credit card
d) Voice recognition
e) Fob

Solution: Fingerprint, Voice recognition

43. Which of the following certifications meets the U.S. Department of Defense Directive 8570.01-M requirements, which is important for anyone looking to work in IT security for the federal government?
a) EC Council Certified Ethical Hacker
b) Microsoft Technology Associate Security Fundamentals
c) ISACA CSX Cybersecurity Fundamentals
d) CompTIA Security+
e) ISC2 Certified Information Systems Security Professional
f) Palo Alto

44. ‘Cryptocurrencies are handled on a centralized exchange.’ Is this statement true or false?
a) True
b) False

Solution: False

45. Stuxnet malware was designed for which primary purpose?
a) To hijack and take control of targeted computers
b) To cause physical damage to equipment controlled by computers
c) To cause serious harm to workers in a nuclear enrichment plant

Solution: To cause physical damage to equipment controlled by computers

46. The risk management process consists of four steps. Can you put these in the right order?
a) Frame the risk
b) Assess the risk
c) Respond to the risk
d) Monitor the risk

Solution: b) Assess the risk, a) Frame the risk, c) Respond to the risk, d) Monitor the risk

47. What is the main aim of a Cyber Security Incident Response Team (CSIRT)?
a) To help ensure organization, system and data preservation by performing investigations into computer security incidents
b) To enforce access to network resources by creating role-based control policies
c) To provide guidance on the implementation of safeguards and personnel training
d) To help client organizations improve their incident management capabilities

Solution: a) To help ensure organization, system and data preservation by performing investigations into computer security incidents

48. What names are given to a database where all cryptocurrency transactions are recorded? (Choose two.)
a) Blockchain
b) Table
c) Ledger
d) Spreadsheet

Solution: a) Blockchain, c) Ledger

49. What of the following are examples of cracking an encrypted password? (Choose four.)
a) Intimidation
b) Brute force attack
c) Network sniffing
d) Rainbow tables
e) Social engineering
f) Spraying
g) Dictionary attack

Solution: b) Brute force attack, c) Network sniffing, d) Rainbow tables, g) Dictionary attack

50. ‘An employee does something as an organization representative with the knowledge of that organization and this action is deemed illegal. The organization is legally responsible for this action.’ Is this statement true or false?
a) True
b) False

Solution: True

51. What is the purpose of a rootkit?
a) To masquerade as a legitimate program
b) To deliver advertisements without user consent
c) To replicate itself independently of any other programs
d) To gain privileged access to a device while concealing itself

Solution: d) To gain privileged access to a device while concealing itself

52. You are configuring access settings to require employees in your organization to authenticate first before accessing certain web pages. Which requirement of information security is addressed through this configuration?
a) Integrity
b) Scalability
c) Availability
d) Confidentiality

Solution: d) Confidentiality

53. How can you prevent others from eavesdropping on network traffic when operating a PC on a public Wi-Fi hotspot?
a) Connect with a VPN service
b) Use WPA2 encryption
c) Disable Bluetooth
d) Create unique and strong passwords

Solution: a) Connect with a VPN service

54. Which of the following certifications is aimed at high school and early college students, as well as anyone interested in a career change?
a) Microsoft Technology Associate Security Fundamentals
b) Palo Alto Networks Certified Cybersecurity Associate
c) ISACA CSX Cybersecurity Fundamentals
d) CompTIA Security+
e) EC Council Certified Ethical Hacker
f) ISC2 Certified Information Systems Security Professional

Solution: a) Microsoft Technology Associate Security Fundamentals

55. Can you identify the software vulnerability from the following descriptions?
a) Occurs when data is written beyond the limits of memory areas that are allocated to an application: Buffer overflow
b) Occurs when an ordered or timed set of processes is disrupted or altered by an exploit: Race condition
c) Occurs through the improper use of practices that manage equipment, data or applications: Access control

Solution: a) Buffer overflow, b) Race condition

56. Which of the following is a key motivation of a white hat attacker?
a) Taking advantage of any vulnerability for illegal personal gain
b) Fine tuning network devices to improve their performance and efficiency
c) Studying operating systems of various platforms to develop a new system
d) Discovering weaknesses of networks and systems to improve the security level of these systems

Solution: d) Discovering weaknesses of networks and systems to improve the security level of these systems

57. Which of the following statements describes cyberwarfare?
a) Cyberwarfare is an attack carried out by a group of script kiddies
b) Cyberwarfare is simulation software for Air Force pilots that allows them to practice under a simulated war scenario
c) Cyberwarfare is a series of personal protective equipment developed for soldiers involved in nuclear war
d) Cyberwarfare is an Internet-based conflict that involves the penetration of information systems of other nations

Solution: d

58. ‘A data breach does not impact the reputation of an organization.’ Is this statement true or false?
a) True
b) False

Solution: False

59. You have stored your data on a local hard disk. Which method would secure this data from unauthorized access?
a) Data encryption
b) Duplication of the hard drive
c) Deletion of sensitive files
d) Two factor authentication

Solution: a) Data encryption

60. An individual user profile on a social network site is an example of an ….. identity.
a) Online
b) Offline

Solution: a) Online

61. You are having difficulty remembering passwords for all of your online accounts. What should you do?
a) Write the passwords down and keep them out of sight
b) Save the passwords in a centralized password manager program
c) Create a single strong password to be used across all online accounts
d) Share the passwords with a network administrator or computer technician

Solution: b) Save the passwords in a centralized password manager program