Question 1

Which of the physical reconnaissance attacks is the unauthorized interception of communication?

Accepted Answer

A)  Phishing 
B)  Dumpster diving 
C)  Eavesdropping 
D)  Malware 
A)  Phishing 
B)  Dumpster diving 
C)  Eavesdropping 
D)  Malware

Question 2

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below.
  What is function D?

Accepted Answer

A)  Recover 
B)  Identify 
C)  Protect 
D)  Detect 
A)  Recover 
B)  Identify 
C)  Protect 
D)  Detect

Question 3

What type of logical access attack attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties?

Accepted Answer

A)  Brute-force attack 
B)  On-path attack 
C)  IP spoofing 
D)  Tailgating 
A)  Brute-force attack 
B)  On-path attack 
C)  IP spoofing 
D)  Tailgating

Question 4

What is it called when a company attempts to hack their own systems?

Accepted Answer

A)  Vulnerability scans 
B)  Penetration tests 
C)  Patches 
D)  Upgrades 
A)  Vulnerability scans 
B)  Penetration tests 
C)  Patches 
D)  Upgrades

Question 5

What does a company apply to ensure that systems are running up-to-date security when they are available?

Accepted Answer

A)  Vulnerability scans 
B)  Penetration tests 
C)  Patches 
D)  Upgrades 
A)  Vulnerability scans 
B)  Penetration tests 
C)  Patches 
D)  Upgrades

Question 6

Cybersecurity encompasses

Accepted Answer

A)  actions by programmers with malicious intentions that pose a risk to a company. 
B)  the measures a company takes to protect a computer or system against unauthorized access or attacks. 
C)  actions taken by managers which pose a risk to the company. 
D)  actions by executives who treat the company's assets as their own. 
A)  actions by programmers with malicious intentions that pose a risk to a company. 
B)  the measures a company takes to protect a computer or system against unauthorized access or attacks. 
C)  actions taken by managers which pose a risk to the company. 
D)  actions by executives who treat the company's assets as their own.

Question 7

Which of the physical reconnaissance attacks is looking through someone else's physical trash?

Accepted Answer

A)  Phishing 
B)  Dumpster diving 
C)  Eavesdropping 
D)  Malware 
A)  Phishing 
B)  Dumpster diving 
C)  Eavesdropping 
D)  Malware

Question 8

RAM Manufacturing LLC is a rapidly growing manufacturer of parts for the automotive industry. Maeve is an IT auditor at RAM Manufacturing, working on a project for the Cybersecurity department. Maeve has prioritized the following cyberattack categories:
• Denial-of-service attacks
• Viruses
• Worms
• Logic bombs
• Trojan horses
Match the following attack description to one of these cyberattack categories.
-Employees received an email with a funny meme that was forwarded throughout the company. The email contained a link that employees clicked on to view the meme. Users who clicked on the link in the email experienced unexpected pop-ups on their computers.

Accepted Answer

A)  Denial-of-service attacks 
B)  Viruses 
C)  Worms 
D)  Logic bombs 
E)  Trojan horses 
A)  Denial-of-service attacks 
B)  Viruses 
C)  Worms 
D)  Logic bombs 
E)  Trojan horses

Question 9

What is an attack that prohibits users from using resources such as computers, websites, servers, or an entire network called?

Accepted Answer

A)  Denial-of-service attack 
B)  Malware attack 
C)  Virus attack 
D)  Logic bomb attack 
A)  Denial-of-service attack 
B)  Malware attack 
C)  Virus attack 
D)  Logic bomb attack

Question 10

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below.
  What is function B?

Accepted Answer

A)  Recover 
B)  Identify 
C)  Protect 
D)  Detect 
A)  Recover 
B)  Identify 
C)  Protect 
D)  Detect

Question 11

Which of the following is an example of a Denial-of-Service internal control?

Accepted Answer

A)  Employ malicious code protection mechanisms at information system entry and exit points. 
B)  Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator. 
C)  Monitor system resources to determine if sufficient resources exist to prevent effective attacks. 
D)  Monitor the information systems to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections. 
A)  Employ malicious code protection mechanisms at information system entry and exit points. 
B)  Configure malicious code detection to perform periodic scans of the information system, block malicious code, quarantine malicious code, and notify the administrator. 
C)  Monitor system resources to determine if sufficient resources exist to prevent effective attacks. 
D)  Monitor the information systems to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections.

Question 12

What is a company's best defense against phishing attacks?

Accepted Answer

A)  Only allow email from certified businesses 
B)  Shut down email 
C)  Monitor employee's email 
D)  Train employees to recognize and report red flags 
A)  Only allow email from certified businesses 
B)  Shut down email 
C)  Monitor employee's email 
D)  Train employees to recognize and report red flags

Question 13

Match the cybersecurity threat to the following control activity:
-Enforce a specified number of changed characters when new passwords are created.

Accepted Answer

A)  Brute-force attack 
B)  On-path attack 
C)  IP spoofing 
D)  Tailgating 
A)  Brute-force attack 
B)  On-path attack 
C)  IP spoofing 
D)  Tailgating

Question 14

The National Institute of Standards and Technology (NIST) has published Security and Privacy Controls for Federal Information Systems and Organizations (NIST-800-53). The NIST-800-53 document is divided into 18 control families. One of the control families is Maintenance. What ID does Maintenance family use?

Accepted Answer

A)  MT 
B)  AM 
C)  MN 
D)  MA 
A)  MT 
B)  AM 
C)  MN 
D)  MA

Question 15

NIST provides explicit guidelines that companies can require for password strength. What does NIST recommend for password construction?

Accepted Answer

A)  Combine multiple common words in a password. 
B)  Reuse previous passwords so you remember them. 
C)  Avoid dictionary words. 
D)  Use your name as the password. 
A)  Combine multiple common words in a password. 
B)  Reuse previous passwords so you remember them. 
C)  Avoid dictionary words. 
D)  Use your name as the password.

Question 16

Which of the following is an example of Malware internal controls?

Accepted Answer

A)  Employ monitoring to detect indicators of attacks against, or launched from, the system. 
B)  Manage capacity, bandwidth, or other redundancy to limit the effects of an attack. 
C)  Monitor the information system to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections. 
D)  Monitor system resources to determine if sufficient resources exist to prevent effective attacks. 
A)  Employ monitoring to detect indicators of attacks against, or launched from, the system. 
B)  Manage capacity, bandwidth, or other redundancy to limit the effects of an attack. 
C)  Monitor the information system to detect attacks and indicators of potential attacks, including unauthorized local, network, and remote connections. 
D)  Monitor system resources to determine if sufficient resources exist to prevent effective attacks.

Question 17

A business can protect itself from DoS and DDoS attacks by ensuring that firewalls, routers, and ________ are up-to-date, are properly configured, and will automatically block the ports where fake requests enter the system.

Accepted Answer

A)  servers 
B)  websites 
C)  intrusion detection systems 
D)  ecommerce sites 
A)  servers 
B)  websites 
C)  intrusion detection systems 
D)  ecommerce sites

Question 18

What is an attack that uses destructive programs to take down a system called?

Accepted Answer

A)  Denial-of-service attack 
B)  Malware attack 
C)  Virus attack 
D)  Logic bomb attack 
A)  Denial-of-service attack 
B)  Malware attack 
C)  Virus attack 
D)  Logic bomb attack

Question 19

What is a type of malware used by hackers that replicates itself in a system and spreads quickly, causing damage to core system functions?

Accepted Answer

A)  Virus 
B)  Worms 
C)  Logic bombs 
D)  Trojan horse 
A)  Virus 
B)  Worms 
C)  Logic bombs 
D)  Trojan horse

Which of the physical reconnaissance attacks is the unauthorized interception of communication?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below. What is function D?

What type of logical access attack attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties?

What is it called when a company attempts to hack their own systems?

What does a company apply to ensure that systems are running up-to-date security when they are available?

Cybersecurity encompasses

Which of the physical reconnaissance attacks is looking through someone else's physical trash?

What is an attack that prohibits users from using resources such as computers, websites, servers, or an entire network called?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below. What is function B?

Which of the following is an example of a Denial-of-Service internal control?

What is a company's best defense against phishing attacks?

Match the cybersecurity threat to the following control activity: -Enforce a specified number of changed characters when new passwords are created.

NIST provides explicit guidelines that companies can require for password strength. What does NIST recommend for password construction?

Which of the following is an example of Malware internal controls?

A business can protect itself from DoS and DDoS attacks by ensuring that firewalls, routers, and ________ are up-to-date, are properly configured, and will automatically block the ports where fake requests enter the system.

What is an attack that uses destructive programs to take down a system called?

What is a type of malware used by hackers that replicates itself in a system and spreads quickly, causing damage to core system functions?

Accounting As Information

Risks and Risk Assessments

Risk Management and Internal Controls

Software and Systems

Data Storage and Analysis

Systems and Database Design

Emerging and Disruptive Technologies

Documenting Systems and Processes

Human Resources and Payroll Processes

Purchasing and Payments Process

Conversion Processes

Marketing, Sales, and Collection Processes

Financial Reporting Processes

Information Systems and Controls

Fraud

Data Analytics

Data Visualization

Audit Assurance

Filters

Exam 16: Cybersecurity

Which of the physical reconnaissance attacks is the unauthorized interception of communication?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below. What is function D?

What type of logical access attack attempts to gain access to an on-going communication between two endpoints by pretending to be each of the parties?

What is it called when a company attempts to hack their own systems?

What does a company apply to ensure that systems are running up-to-date security when they are available?

Cybersecurity encompasses

Which of the physical reconnaissance attacks is looking through someone else's physical trash?

What is an attack that prohibits users from using resources such as computers, websites, servers, or an entire network called?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is displayed below. What is function B?

Which of the following is an example of a Denial-of-Service internal control?

What is a company's best defense against phishing attacks?

Match the cybersecurity threat to the following control activity: -Enforce a specified number of changed characters when new passwords are created.

NIST provides explicit guidelines that companies can require for password strength. What does NIST recommend for password construction?

Which of the following is an example of Malware internal controls?

A business can protect itself from DoS and DDoS attacks by ensuring that firewalls, routers, and ________ are up-to-date, are properly configured, and will automatically block the ports where fake requests enter the system.

What is an attack that uses destructive programs to take down a system called?

What is a type of malware used by hackers that replicates itself in a system and spreads quickly, causing damage to core system functions?

Accounting As Information

Risks and Risk Assessments

Risk Management and Internal Controls

Software and Systems

Data Storage and Analysis

Systems and Database Design

Emerging and Disruptive Technologies

Documenting Systems and Processes

Human Resources and Payroll Processes

Purchasing and Payments Process

Conversion Processes

Marketing, Sales, and Collection Processes

Financial Reporting Processes

Information Systems and Controls

Fraud

Data Analytics

Data Visualization

Audit Assurance

Filters