Question 1

A variant of BYOD, what does CYOD allow employees or students to do?

Accepted Answer

A)  They can supply their own software on a computer or mobile device. 
B)  They can supply their choice of cloud application or storage. 
C)  They can choose a device from a limited number of options. 
D)  They can use whatever devices they wish to bring. 
A)  They can supply their own software on a computer or mobile device. 
B)  They can supply their choice of cloud application or storage. 
C)  They can choose a device from a limited number of options. 
D)  They can use whatever devices they wish to bring.

Question 2

Over a long-distance connection, using SSH keys is more secure than using passwords.

Accepted Answer

A) True 
 B)False

Question 3

How is an acceptable use policy typically used?

Accepted Answer

An AUP (acceptable use policy) explains

Question 4

Different types of organizations have similar levels of network security risks.

Accepted Answer

A) True 
 B)False

Question 5

It is ideal to use the same password for multiple different applications, provided the password is complex enough.

Accepted Answer

A) True 
 B)False

Question 6

Which of the following scenarios represents a phishing attempt?

Accepted Answer

A)  An employee at your company has received a malware-infected file in their e-mail. 
B)  A person posing as an employee tried to access a secured area at your organization. 
C)  A gift was offered to an employee with access to secured information in exchange for details. 
D)  An e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access. 
A)  An employee at your company has received a malware-infected file in their e-mail. 
B)  A person posing as an employee tried to access a secured area at your organization. 
C)  A gift was offered to an employee with access to secured information in exchange for details. 
D)  An e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access.

Question 7

What statement regarding denial-of-service (DoS) attacks is accurate?

Accepted Answer

A)  A denial-of-service attack occurs when a MAC address is impersonated on the network. 
B)  A denial-of-service attack prevents legitimate users from accessing normal network resources. 
C)  A denial-of-service attack is generally a result of a disgruntled employee. 
D)  A denial-of-service attack is no longer a major concern due to the increased throughput available on most networks. 
A)  A denial-of-service attack occurs when a MAC address is impersonated on the network. 
B)  A denial-of-service attack prevents legitimate users from accessing normal network resources. 
C)  A denial-of-service attack is generally a result of a disgruntled employee. 
D)  A denial-of-service attack is no longer a major concern due to the increased throughput available on most networks.

Question 8

How often should you require users to change their passwords?

Accepted Answer

A)  every 30 days 
B)  every 60 days 
C)  every 90 days 
D)  every 120 days 
A)  every 30 days 
B)  every 60 days 
C)  every 90 days 
D)  every 120 days

Question 9

How is a posture assessment performed on an organization?

Accepted Answer

A)  A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised. 
B)  A third party organization is tasked with attempting to break into the organization and compromise security in order to determine threat vectors. 
C)  A report of data that is subject to special regulation is created, such that the organization is aware of what data needs protection. 
D)  An assessment of how a network will perform under stress is performed to determine if the network throughput is adequate. 
A)  A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised. 
B)  A third party organization is tasked with attempting to break into the organization and compromise security in order to determine threat vectors. 
C)  A report of data that is subject to special regulation is created, such that the organization is aware of what data needs protection. 
D)  An assessment of how a network will perform under stress is performed to determine if the network throughput is adequate.

Question 10

Current research indicates that a long, random string of words, such as correct horse battery staple is more secure than a random series of letters, numbers, and symbols that is short enough to be remembered.

Accepted Answer

A) True 
 B)False

Question 11

What is vulnerability scanning, and what are the two different types of vulnerability scans?

Accepted Answer

* authenticated-In this case, the attack

Question 12

A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this?

Accepted Answer

A)  phishing 
B)  baiting 
C)  quid pro quo 
D)  tailgating 
A)  phishing 
B)  baiting 
C)  quid pro quo 
D)  tailgating

Question 13

What is hashing, and how does it differ from encryption?

Accepted Answer

Hashing means to transform data through

Question 14

Which of the following statements correctly describes the malware characteristic of polymorphism?

Accepted Answer

A)  Polymorphic malware can change its characteristics every time it is transferred to a new system. 
B)  Polymorphic malware is designed to activate on a particular date, remaining harmless until that time. 
C)  Polymorphic malware is software that disguises itself as a legitimate program, or replaces a legitimate program's code with destructive code. 
D)  Polymorphic malware utilizes encryption to prevent detection. 
A)  Polymorphic malware can change its characteristics every time it is transferred to a new system. 
B)  Polymorphic malware is designed to activate on a particular date, remaining harmless until that time. 
C)  Polymorphic malware is software that disguises itself as a legitimate program, or replaces a legitimate program's code with destructive code. 
D)  Polymorphic malware utilizes encryption to prevent detection.

Question 15

The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?

Accepted Answer

A)  least-risk privilege profile 
B)  principle of least privilege 
C)  minimal access/minimal exposure 
D)  limited liability access 
A)  least-risk privilege profile 
B)  principle of least privilege 
C)  minimal access/minimal exposure 
D)  limited liability access

Question 16

A hacker, in the original sense of the word, is someone with technical skill and malicious intent.

Accepted Answer

A) True 
 B)False

Question 17

The term malware is derived from a combination of the words malicious and software.

Accepted Answer

A) True 
 B)False

Question 18

A virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what type of malware?

Accepted Answer

A)  encrypted virus 
B)  logic bomb 
C)  boot sector virus 
D)  worm 
A)  encrypted virus 
B)  logic bomb 
C)  boot sector virus 
D)  worm

Question 19

In the typical social engineering attack cycle, what occurs at Phase 3?

Accepted Answer

A)  The attacker researches the desired target for clues as to vulnerabilities. 
B)  The attacker builds trust with the target and attempts to gain more information. 
C)  The attacker exploits an action undertaken by the victim in order to gain access. 
D)  The attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion. 
A)  The attacker researches the desired target for clues as to vulnerabilities. 
B)  The attacker builds trust with the target and attempts to gain more information. 
C)  The attacker exploits an action undertaken by the victim in order to gain access. 
D)  The attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.

Question 20

In a red team-blue team exercise, what is the purpose of the blue team?

Accepted Answer

A)  The blue team is tasked with attacking the network. 
B)  The blue team must observe the actions of the red team. 
C)  The blue team is charged with the defense of the network. 
D)  The blue team consists of regulators that ensure no illegal activity is undertaken. 
A)  The blue team is tasked with attacking the network. 
B)  The blue team must observe the actions of the red team. 
C)  The blue team is charged with the defense of the network. 
D)  The blue team consists of regulators that ensure no illegal activity is undertaken.

A variant of BYOD, what does CYOD allow employees or students to do?

Over a long-distance connection, using SSH keys is more secure than using passwords.

How is an acceptable use policy typically used?

Different types of organizations have similar levels of network security risks.

It is ideal to use the same password for multiple different applications, provided the password is complex enough.

Which of the following scenarios represents a phishing attempt?

What statement regarding denial-of-service (DoS) attacks is accurate?

How often should you require users to change their passwords?

How is a posture assessment performed on an organization?

Current research indicates that a long, random string of words, such as correct horse battery staple is more secure than a random series of letters, numbers, and symbols that is short enough to be remembered.

What is vulnerability scanning, and what are the two different types of vulnerability scans?

A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this?

What is hashing, and how does it differ from encryption?

Which of the following statements correctly describes the malware characteristic of polymorphism?

The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?

A hacker, in the original sense of the word, is someone with technical skill and malicious intent.

The term malware is derived from a combination of the words malicious and software.

A virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what type of malware?

In the typical social engineering attack cycle, what occurs at Phase 3?

In a red team-blue team exercise, what is the purpose of the blue team?

Introduction to Networking

Network Infrastructure and Documentation

Addressing on Networks

Network Protocols and Routing

Network Cabling

Wireless Networking

Virtualization and Cloud Computing

Subnets and VLANs

Security in Network Design

Network Performance and Recovery

Wide Area Networks

Filters

Exam 9: Network Risk Management

A variant of BYOD, what does CYOD allow employees or students to do?

Over a long-distance connection, using SSH keys is more secure than using passwords.

How is an acceptable use policy typically used?

Different types of organizations have similar levels of network security risks.

It is ideal to use the same password for multiple different applications, provided the password is complex enough.

Which of the following scenarios represents a phishing attempt?

What statement regarding denial-of-service (DoS) attacks is accurate?

How often should you require users to change their passwords?

How is a posture assessment performed on an organization?

Current research indicates that a long, random string of words, such as correct horse battery staple is more secure than a random series of letters, numbers, and symbols that is short enough to be remembered.

What is vulnerability scanning, and what are the two different types of vulnerability scans?

A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this?

What is hashing, and how does it differ from encryption?

Which of the following statements correctly describes the malware characteristic of polymorphism?

The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?

A hacker, in the original sense of the word, is someone with technical skill and malicious intent.

The term malware is derived from a combination of the words malicious and software.

A virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what type of malware?

In the typical social engineering attack cycle, what occurs at Phase 3?

In a red team-blue team exercise, what is the purpose of the blue team?

Introduction to Networking

Network Infrastructure and Documentation

Addressing on Networks

Network Protocols and Routing

Network Cabling

Wireless Networking

Virtualization and Cloud Computing

Subnets and VLANs

Security in Network Design

Network Performance and Recovery

Wide Area Networks

Filters