Question 1

What is a Distributed Denial-of-Service attack?

Accepted Answer

A)  An attack that creates a virus that cause a variety of problems 
B)  An attack that is disguised as benign software but carries malicious code that may be activated via a logic bomb 
C)  An attack that uses computers infected with malware that function like robots 
D)  An attack that uses multiple machines or IP addresses to force the target to shut down 
A)  An attack that creates a virus that cause a variety of problems 
B)  An attack that is disguised as benign software but carries malicious code that may be activated via a logic bomb 
C)  An attack that uses computers infected with malware that function like robots 
D)  An attack that uses multiple machines or IP addresses to force the target to shut down

Question 2

Attackers us these three types of attacks to plan, enter, and damage a victim's network:
  What type of attack is C?

Accepted Answer

A)  Reconnaissance attack 
B)  Access attack 
C)  Disruptive attack 
D)  Translucent attack 
A)  Reconnaissance attack 
B)  Access attack 
C)  Disruptive attack 
D)  Translucent attack

Question 3

The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is Physical and Environmental Protection. What ID does Physical and Environmental Protection family use?

Accepted Answer

A)  PE 
B)  PP 
C)  PH 
D)  PY 
A)  PE 
B)  PP 
C)  PH 
D)  PY

Question 4

________ are the biggest weakness in a company's internal control environment.

Accepted Answer

A)  Networks 
B)  Humans 
C)  Systems 
D)  Routers 
A)  Networks 
B)  Humans 
C)  Systems 
D)  Routers

Question 5

Attackers us these three types of attacks to plan, enter, and damage a victim's network:
  What type of attack is A?

Accepted Answer

A)  Reconnaissance attack 
B)  Access attack 
C)  Disruptive attack 
D)  Translucent attack 
A)  Reconnaissance attack 
B)  Access attack 
C)  Disruptive attack 
D)  Translucent attack

Question 6

At larger companies, the cybersecurity program is usually the responsibility of a dedicated executive leader. This could include the

Accepted Answer

A)  Chief Executive Officer. 
B)  Chief Marketing Officer. 
C)  Chief Technology Officer. 
D)  Chief Operating Officer. 
A)  Chief Executive Officer. 
B)  Chief Marketing Officer. 
C)  Chief Technology Officer. 
D)  Chief Operating Officer.

Question 7

What is code used by hackers that is disguised as benign software but carries malicious code that may be activated via a logic bomb?

Accepted Answer

A)  Virus 
B)  Worms 
C)  Logic bombs 
D)  Trojan horses 
A)  Virus 
B)  Worms 
C)  Logic bombs 
D)  Trojan horses

Question 8

Logical access attacks

Accepted Answer

A)  result in access to either hardware or people. 
B)  seek unauthorized access to a system by either exploiting a network vulnerability or attempting to use force to get through network security. 
C)  result in access to customers or vendors. 
D)  seek unauthorized access to employee records on the network. 
A)  result in access to either hardware or people. 
B)  seek unauthorized access to a system by either exploiting a network vulnerability or attempting to use force to get through network security. 
C)  result in access to customers or vendors. 
D)  seek unauthorized access to employee records on the network.

Question 9

Colonial Pipeline, which provides almost 50% of the fuel for the East Coast, is an example of an attack of

Accepted Answer

A)  chaos and destruction. 
B)  financial data breach. 
C)  ransomware. 
D)  reconnaissance. 
A)  chaos and destruction. 
B)  financial data breach. 
C)  ransomware. 
D)  reconnaissance.

Question 10

Which of the following logical access attacks describes IP spoofing?

Accepted Answer

A)  IP spoofing is when the attacker forces access to the network by attempting many passwords or phrases until finding the correct one. 
B)  IP spoofing is when the attacker attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties. 
C)  IP spoofing is when the attacker disguises their identity and impersonates a legitimate computer on the network. 
D)  IP spoofing is when the attacker follows an authorized user into the system. 
A)  IP spoofing is when the attacker forces access to the network by attempting many passwords or phrases until finding the correct one. 
B)  IP spoofing is when the attacker attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties. 
C)  IP spoofing is when the attacker disguises their identity and impersonates a legitimate computer on the network. 
D)  IP spoofing is when the attacker follows an authorized user into the system.

Question 11

Match the cybersecurity threat to the following control activity:
-Review and update the baseline configuration of the information system as an integral part of information system component installations and upgrades.

Accepted Answer

A)  Brute-force attack 
B)  On-path attack 
C)  IP spoofing 
D)  Tailgating 
A)  Brute-force attack 
B)  On-path attack 
C)  IP spoofing 
D)  Tailgating

Question 12

What is a type of malware used by hackers that replicates without the assistance of human interaction?

Accepted Answer

A)  Virus 
B)  Worms 
C)  Logic bombs 
D)  Trojan horses 
A)  Virus 
B)  Worms 
C)  Logic bombs 
D)  Trojan horses

Question 13

Cybercriminals look for vulnerabilities in the network, through either a ________, who exposes valuable information or a ________ in the network.

Accepted Answer

A)  person, company 
B)  company, person 
C)  person, technical weak point 
D)  company, technical weak point 
A)  person, company 
B)  company, person 
C)  person, technical weak point 
D)  company, technical weak point

Question 14

What is encryption?

Accepted Answer

A)  Sending from obscure domains that are designed to look similar to legitimate domains 
B)  A standard network protocol that allows users to transfer files between the company network and outside parties 
C)  The process of using an algorithm to encode a plaintext message and converting it to something that is seemingly meaningless 
D)  Asking for personal information in a survey instead of taking you to a company portal to input information directly in the corporate system 
A)  Sending from obscure domains that are designed to look similar to legitimate domains 
B)  A standard network protocol that allows users to transfer files between the company network and outside parties 
C)  The process of using an algorithm to encode a plaintext message and converting it to something that is seemingly meaningless 
D)  Asking for personal information in a survey instead of taking you to a company portal to input information directly in the corporate system

Question 15

What type of logical access attack disguises the source identity and impersonates a legitimate computer on the network?

Accepted Answer

A)  Brute-force attack 
B)  On-path attack 
C)  IP spoofing 
D)  Tailgating 
A)  Brute-force attack 
B)  On-path attack 
C)  IP spoofing 
D)  Tailgating

Question 16

RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve is an IT auditor at RAM Manufacturing, working on a project for the Cybersecurity department. Maeve has prioritized the following cyberattack categories:
• Denial-of-service attacks
• Viruses
• Worms
• Logic bombs
• Trojan horses
Match the following attack description to one of these cyberattack categories.
-On Saturday, June 2nd, at exactly 12:00 noon, a program stopped allowing users to log in.

Accepted Answer

A)  Denial-of-service attacks 
B)  Viruses 
C)  Worms 
D)  Logic bombs 
E)  Trojan horses 
A)  Denial-of-service attacks 
B)  Viruses 
C)  Worms 
D)  Logic bombs 
E)  Trojan horses

Question 17

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below.
  What is function A?

Accepted Answer

A)  Recover 
B)  Identify 
C)  Protect 
D)  Detect 
A)  Recover 
B)  Identify 
C)  Protect 
D)  Detect

Question 18

Equifax, a credit reporting agency, was victim to

Accepted Answer

A)  a financial data breach. 
B)  ransomware. 
C)  reconnaissance. 
D)  chaos and destruction. 
A)  a financial data breach. 
B)  ransomware. 
C)  reconnaissance. 
D)  chaos and destruction.

Question 19

On-path attacks, which were once known as man-in-the-middle attacks, attempt to gain access to an ongoing communication between two endpoints. Which of the following is the definition of eavesdropping?

Accepted Answer

A)  The hacker is actively communicating with the server. 
B)  The hacker is passively injected into the connection. 
C)  The hacker is actively injected into the connection. 
D)  The hacker is only listening to or intercepting the communication. 
A)  The hacker is actively communicating with the server. 
B)  The hacker is passively injected into the connection. 
C)  The hacker is actively injected into the connection. 
D)  The hacker is only listening to or intercepting the communication.

Question 20

What is a vague salutation red flag?

Accepted Answer

A)  Sending from obscure domains that are designed to look similar to legitimate domains 
B)  Addressing the email to a generic recipient 
C)  Including grammar or spelling mistakes 
D)  Using words like "suspended", "security concerns," and "immediately" 
A)  Sending from obscure domains that are designed to look similar to legitimate domains 
B)  Addressing the email to a generic recipient 
C)  Including grammar or spelling mistakes 
D)  Using words like "suspended", "security concerns," and "immediately"

What is a Distributed Denial-of-Service attack?

Attackers us these three types of attacks to plan, enter, and damage a victim's network: What type of attack is C?

________ are the biggest weakness in a company's internal control environment.

Attackers us these three types of attacks to plan, enter, and damage a victim's network: What type of attack is A?

At larger companies, the cybersecurity program is usually the responsibility of a dedicated executive leader. This could include the

What is code used by hackers that is disguised as benign software but carries malicious code that may be activated via a logic bomb?

Logical access attacks

Colonial Pipeline, which provides almost 50% of the fuel for the East Coast, is an example of an attack of

Which of the following logical access attacks describes IP spoofing?

Match the cybersecurity threat to the following control activity: -Review and update the baseline configuration of the information system as an integral part of information system component installations and upgrades.

What is a type of malware used by hackers that replicates without the assistance of human interaction?

Cybercriminals look for vulnerabilities in the network, through either a , who exposes valuable information or a in the network.

What is encryption?

What type of logical access attack disguises the source identity and impersonates a legitimate computer on the network?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below. What is function A?

Equifax, a credit reporting agency, was victim to

On-path attacks, which were once known as man-in-the-middle attacks, attempt to gain access to an ongoing communication between two endpoints. Which of the following is the definition of eavesdropping?

What is a vague salutation red flag?

Accounting As Information

Risks and Risk Assessments

Risk Management and Internal Controls

Software and Systems

Data Storage and Analysis

Systems and Database Design

Emerging and Disruptive Technologies

Documenting Systems and Processes

Human Resources and Payroll Processes

Purchasing and Payments Process

Conversion Processes

Marketing, Sales, and Collection Processes

Financial Reporting Processes

Information Systems and Controls

Fraud

Data Analytics

Data Visualization

Audit Assurance

Filters

Exam 16: Cybersecurity

What is a Distributed Denial-of-Service attack?

Attackers us these three types of attacks to plan, enter, and damage a victim's network: What type of attack is C?

________ are the biggest weakness in a company's internal control environment.

Attackers us these three types of attacks to plan, enter, and damage a victim's network: What type of attack is A?

At larger companies, the cybersecurity program is usually the responsibility of a dedicated executive leader. This could include the

What is code used by hackers that is disguised as benign software but carries malicious code that may be activated via a logic bomb?

Logical access attacks

Colonial Pipeline, which provides almost 50% of the fuel for the East Coast, is an example of an attack of

Which of the following logical access attacks describes IP spoofing?

Match the cybersecurity threat to the following control activity: -Review and update the baseline configuration of the information system as an integral part of information system component installations and upgrades.

What is a type of malware used by hackers that replicates without the assistance of human interaction?

Cybercriminals look for vulnerabilities in the network, through either a ________, who exposes valuable information or a ________ in the network.

What is encryption?

What type of logical access attack disguises the source identity and impersonates a legitimate computer on the network?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below. What is function A?

Equifax, a credit reporting agency, was victim to

On-path attacks, which were once known as man-in-the-middle attacks, attempt to gain access to an ongoing communication between two endpoints. Which of the following is the definition of eavesdropping?

What is a vague salutation red flag?

Accounting As Information

Risks and Risk Assessments

Risk Management and Internal Controls

Software and Systems

Data Storage and Analysis

Systems and Database Design

Emerging and Disruptive Technologies

Documenting Systems and Processes

Human Resources and Payroll Processes

Purchasing and Payments Process

Conversion Processes

Marketing, Sales, and Collection Processes

Financial Reporting Processes

Information Systems and Controls

Fraud

Data Analytics

Data Visualization

Audit Assurance

Filters

Cybercriminals look for vulnerabilities in the network, through either a , who exposes valuable information or a in the network.