Which of the following are examples of on-path attacks? choose two correct answers
Introduction to Cybersecurity: Course Final Exam AnswersCourse Completion Assessment & Survey – Introduction to Cybersecurity final course examHow to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer. If the question is not here, find it in Questions Bank. Show NOTE: If you have the new question on this test, please comment Question and Multiple-Choice list in form below this article. We will update answers for you in the shortest time. Thank you! We truly value your contribution to the website. 1. Which of the following firewalls hides or masquerades the private addresses of network hosts?
2. Carrying out a multi-phase, long-term, stealthy and advanced operation against a specific target is often referred to as what?
3. You are configuring access settings to require employees in your organization to authenticate first before accessing certain web pages. Which requirement of information security is addressed through this configuration?
Explanation: Confidentiality is a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources and processes. Methods to ensure confidentiality include data encryption, identity proofing and two factor authentication. 4. What are the objectives of ensuring data integrity? (Choose two correct answers)
Explanation: The objectives for data integrity include data not being altered during transit and not being changed by unauthorized entities. Authentication and encryption are methods to ensure confidentiality. Data being available all the time is the goal of availability. 5. An organization is experiencing overwhelming visits to a main web server. You are developing a plan to add a couple of more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
6. What of the following are examples of cracking an encrypted password? (Choose four correct answers)
7. Improper management of physical access to a resource, such as a file, can lead to what type of security vulnerability?
8. A medical office employee sends emails to patients about their recent visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?
9. What is the best way to avoid getting spyware on a machine?
10. You are surfing the Internet using a laptop at a public Wi-Fi cafe. What should you check first before you connect to the public network?
Explanation: You should always verify that your device isn’t configured with file and media sharing and that it requires user authentication with encryption. 11. What is the main function of the Cisco Security Incident Response Team?
12. Which of the following firewalls are placed in front of web services to protect, hide, offload and distribute access to web servers?
Explanation: Placed in front of web servers, reverse proxy servers protect, hide, offload and distribute access to web servers. 13. Which of the following certifications meets the U.S. Department of Defense Directive 8570.01-M requirements, which is important for anyone looking to work in IT security for the federal government?
Explanation: This is an entry-level security certification that meets the U.S. Department of Defense Directive 8570.01-M requirements, which is an important item for anyone looking to work in IT security for the federal government. 14. One of your
colleagues has lost her identification badge. She is in a hurry to get to a meeting and does not have time to visit Human Resources to get a temporary badge. You lend her your identification badge until she can obtain a replacement.
15. Which of the following certifications tests your understanding and knowledge in how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner?
Explanation: This certification tests your understanding and knowledge of how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker but in a lawful and legitimate manner. 16. What is the main purpose of cyberwarfare?
Explanation: The main reason for resorting to cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors. 17. What vulnerability occurs when the output of an event depends on ordered or timed outputs?
18. What do you call the vulnerabilities discovered by Google security researchers that affect almost all CPUs released since 1995? (Select two correct answers)
19. If developers attempt to create their own security algorithms, it will likely introduce what type of vulnerabilities?
Explanation: Systems and sensitive data can be protected through techniques such as authentication, authorization and encryption. Developers should stick to using security techniques and libraries that have already been created, tested and verified and should not attempt to create their own security algorithms. These will only likely introduce new vulnerabilities. 20. Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?
Explanation: Open Authorization is an open standard protocol that allows end users to access third party applications without exposing their user passwords. 21. Which of the following security implementations use biometrics? (Choose two correct answers)
22. Which of the following firewalls filters traffic based on source and destination IP addresses?
23. Which of the following firewalls filters web content requests such as URLs and domain names?
24. A port scan returns a ‘dropped’ response. What does this mean?
25. During a meeting with the Marketing department, a representative from IT discusses features of an upcoming product that will be released next year. Is this employee’s behavior ethical or unethical?
26. Which of the following is an entry-level certification for newcomers who are preparing to start their career in cybersecurity?
Explanation: This is an entry-level certification for newcomers who are preparing to start their career in the cybersecurity field. 27. ‘Cybersecurity certifications are a way for you to verify your skills and knowledge and can also boost your career.’ Is this statement true or false?
28. When describing
malware, what is a difference between a virus and a
worm?
Explanation: Malware can be classified as follows: 29. An employee is laid off after fifteen years with the same organization. The employee is then hired by another organization within a week. In the new organization, the employee shares documents and ideas for products that the employee proposed at the original organization. Is the employee’s behavior ethical or unethical?
30. Which of the following firewalls filters traffic based on the user, device, role, application type and threat profile?
31. What names are given to a database where all cryptocurrency transactions are recorded? (Select two correct answers)
Explanation: Cryptocurrency owners keep their money in encrypted, virtual ‘wallets.’ When a transaction takes place between the owners of two digital wallets, the details are recorded in a decentralized, electronic ledger or blockchain system. This means it is carried out with a degree of anonymity and is self-managed, with no interference from third parties such as central banks or government entities. 32. Which of the following items are states of data? (Choose three correct answers)
Explanation: Processing refers to data that is being used
to perform an operation such as updating a database record (data in process). 33. ‘Internet-based cameras and gaming gear are not subject to security breaches.’
34. What vulnerability occurs when data is written beyond the memory areas allocated to an application?
35. An organization’s IT department reports that their web server is receiving an abnormally high number of web page requests from different locations simultaneously. What type of security attack is occurring?
36. Which of the following are commonly used port scanning applications? (Select two correct answers)
37. What action will an IDS take upon detection of malicious traffic?
Explanation: An IDS, or intrusion detection system, is a device that can scan packets and compare them to a set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection. 38. Which of the following statements best describes cybersecurity?
39. ‘After a data breach, it’s important to educate employees, partners and customers on how to prevent future breaches.’ Is this statement true or false?
40. An employee points out a design flaw in a new product to the department manager. Is this employee’s behavior ethical or unethical?
41. ‘Data coming into a program should be sanitized, as it could have malicious content, designed to force the program to behave in an unintended way.’ This statement describes what security vulnerability?
42. Which of the following are examples of on-path attacks? (Choose two correct answers)
43. Which of the following firewalls filters traffic based on application, program or service?
44. A port scan returns a ‘closed’ response. What does this mean?
45. ‘Cryptocurrency transactions are digital.’ Is this statement true or false?
46. What do you call a digital asset designed to work as a medium of exchange that uses strong encryption to secure a financial transaction?
47. Which of the following tools used for incident detection can be used to detect anomalous behavior, command and control traffic, and detect infected hosts? (Choose two correct answers)
48. What name is given to a group of bots, connected through the Internet, with the ability to be controlled by a malicious individual or group?
49. What is the best approach for preventing a compromised IoT device from maliciously accessing data and devices on a local network?
50. What name is given to the emerging threat that hides on a computer or mobile device and uses that machine’s resources to mine cryptocurrencies?
51. A port scan returns an ‘open’ response. What does this mean?
52. An employee is at a restaurant with friends and tells them about an exciting new video game that is under development at the organization they work for. Is this employee’s behavior ethical or unethical?
53. ‘An advanced persistent threat (APT) is usually well funded.’ Is this statement true or false?
54. In networking, what name is given to the identifier at both ends of a transmission to ensure that the right data is passed to the correct application?
55. ‘An employee does something as an organization representative with the knowledge of that organization and this action is deemed illegal. The organization is legally responsible for this action.’ Is this statement true or false?
56. What tool is used to lure an attacker so that an administrator can capture, log and analyze the behavior of the attack?
57. ‘A data breach does not impact the reputation of an organization.’ Is this statement true or false?
58. Which of the following certifications is aimed at high school and early college students, as well as anyone interested in a career change?
59. Which of the following firewalls filters traffic based on source and destination data ports and filtering based on connection states?
60. Which of the following are categories of security measures or controls? (Choose three correct answers)
61. ‘A botnet can have tens of thousands of bots, or even hundreds of thousands.’ Is this statement true or false?
62. For what purpose would a network administrator use the Nmap tool?
63. Which of the following certifications does not expire or require periodic recertification and is geared towards post-secondary graduates and those interested in a career change?
64. What type of attack uses zombies?
Explanation: A Distributed DoS (DDoS) attack is similar to a DoS attack but originates from multiple, coordinated sources. For example:
65. What is the purpose of a backdoor?
66. Which of the following firewalls filters ports and system service calls on a single computer operating system?
67. What type of attack disrupts services by overwhelming network devices with bogus traffic?
Explanation: DDoS, or distributed denial of service, attacks are used to disrupt service by overwhelming network devices with bogus traffic. 68. ‘Cryptocurrencies are handled on a centralized exchange.’ Is this statement true or false?
Which of the following are examples of onIn DNS on-path attacks such as DNS spoofing and DNS hijacking, an attacker can compromise the DNS lookup process and send users to the wrong sites, often sites that distribute malware and/or collect sensitive information.
What are 3 types of attacks?The different types of cyber-attacks are malware attack, password attack, phishing attack, and SQL injection attack.
What is the more common name for an onIn fact, you might hear this referred to often as a man-in-the-middle attack. The key to the on-path attack is that the original data stream will be intercepted by the person in the middle of the conversation, and that information will then be passed on to the destination.
What are onAn on-path assault is an aggressor that sits in the center between two stations and can catch, and sometimes, change that data that is being sent intelligently across the organization. This is a kind of assault that can happen secretly that anybody is sitting in the discussion.
|