Download Fundamentals of Information Security Questions with Accurate Answers and more Exams Information Technology Management in PDF only on Docsity!
Fundamentals of Information Security
Questions with Accurate Answers
A company developing and distributing open source applications realizes that attackers are copying the publicly available, open source code and inserting malware into the code. Which type of cryptographic tool should the company use to protect the integrity of its open source applications? correct answer Hash functions A malicious actor has breached the firewall with a reverse shell. Which side of the CIA triad is most affected? A. Availability B. Confidentially C. Authentication D. Integrity correct answer B. Confidentiality A tornado destroyed a data center. Eh I hidden of the CIA triad is most affected? A. Authenticity B. Availability C. Utility D. Integrity correct answer B. Availability
A user changes a number in a dataset with a typo. Which side of the CIA Triad is most affected? A. Availability B. Confidentiality C. Authentication D. Integrity correct answer D. Integrity AES correct answer advanced encryption standard, a symmetric 128-bit block data encryption technique After considerable research, attackers directed a spear phishing attack at employees at a single bank. One employee opened a message, resulting in a breach that delivered ransomware. Which type of control should be implemented to prevent future spear phishing attacks? correct answer employee training An Example of Symmetric correct answer AES An organization employs a VPN to safeguard its information. Which security principle is protected by a VPN? correct answer Data in motion. Apply the principle of least privilege correct answer Only HR staff can access employee personal information
Certificates correct answer Digitally signed electronic documents that bind a public key with a user identity. CIA Triad correct answer Confidentiality, Integrity, Availability Clickjacking correct answer An attack that tricks users into clicking something other than what they think they're clicking. confused deputy problem correct answer A type of attack that is common in systems that use ACLs rather than capabilities. The crux of the confused deputy problem is seen when the software with access to a resource has a greater level of permission to access the resource than the user who is controlling the software. If we, as the user, can trick the software into misusing its greater level of authority, we can potentially carry out an attack COPPA correct answer Children's Online Privacy Protection Act: a law that intends to keep children under the age of 13 protected from the collection of private information and safety risks online. Detterence correct answer punishment used to discouraged crime digital signature correct answer a means of electronically signing a document with data that cannot be forged
Fabrication correct answer Attacks involve generating data, processes, communications, or other similar activities with a system. Fabrication attacks primarily affect integrity but could be considered an availability attack as well. FERPA correct answer 1974 Family Educational Rights and Privacy Act (Buckley Amendment). Assures confidentiality of student records. Parents are afforded rights to examine, review, request changes if inaccurate, and stipulate person who has access. Firewall correct answer Prevent unauthorized external access to its internal network. Firewalls correct answer A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use. First law correct answer If you don't know the threat, how do you know what to protect? FISMA correct answer federal info security management act - US law requires federal agencies to create, document and implement security program FISMA correct answer federal info security management act - US law requires federal agencies to create, document and implement security program Flash Drives (portable storage) correct answer Can survive in harsh environments that are subjected to heat, humidity, and magnetic fields.
HIPAA correct answer The Health Insurance Portability and Accountability Act, a federal law protecting the privacy of patient-specific health care information and providing the patient with control over how this information is used and distributed. Honeypots correct answer A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a honeypot, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement. Honeypots correct answer A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a honeypot, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement. integrity correct answer An organization plans to encrypt data in transit on a network. Which aspect of data is the organization attempting to protect? integrity correct answer At a small company, an employee makes an unauthorized data alteration. Which component of the CIA triad has been compromised? Interception correct answer Attacks allow unauthorized users to access our data, applications, or environments, and are primarily an attack against confidentiality
Interruption correct answer Attacks cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis. Interruption attacks often affect availability but can be an attack on integrity as well. Intrusion Detection System (IDS) correct answer a computer program that senses when another computer is attempting to scan or access a computer or network (just notify) Intrusion Prevention System (IPS) correct answer A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity. (Take action) Limit user account privileges. correct answer A user runs an application that has been infected with malware that is less than 24 hours old. The malware then infects the operating system. Which safeguard should be implemented to prevent this type of attack? MD5 correct answer Message Digest 5. A hashing function used to provide integrity. MD5 uses 128 bits. A hash is simply a number created by applying the algorithm to a file or message at different times. The hashes are compared to each other to verify that integrity has been maintained. modifcation correct answer Attacks involve tampering with our asset. Such attacks might primarily be considered an integrity attack but could also represent an availability attack. Network Segmentation correct answer The act of dividing a network into multiple smaller networks, each acting as its own small network (subnet)
Parkerian Hexad- Utility correct answer refers to how useful the data is to us PCI DSS correct answer payment card industry data security standard - credit card, prevent identity theft (NOT A LAW!!!!!! INDUSTRY REGULATED!!!) PCI DSS correct answer Payment Card Industry Data Security Standard, a security standard created by the Payment Card Industry Security Standards Council (PCI SSC) Physical correct answer Hasn't been connected to the interned or other corporate network. This type will secure any software on the computer. port scanner correct answer Software that searches a server, switch, router, or other device for open ports, which can be vulnerable to attack. Pretexting correct answer a form of social engineering in which one individual lies to obtain confidential data about another individual Pretexting example correct answer Acting like a police to get info from someone when you aren't a policeman Protecting Data at Rest correct answer Data is at rest when it is on a storage device of some kind and is not moving over a network, or a protocol. ENCRYPT IT!!! Protecting Data in Motion correct answer The primary method of securing data from exposure on network media is encryption, and we may choose to apply it in
one of two main ways: by encrypting the data itself to protect it or by protecting the entire connection. (SSL & TLS) & (VPNs) Protecting Data in Use correct answer Although we can use encryption to protect data while it is stored or moving across a network, we are somewhat limited in our ability to protect data while it is being used by those who legitimately have access to it. Authorized users can print files, move them to other machines or storage devices, e-mail them, share them on peer-to-peer (P2P) file-sharing networks, and generally make a mockery of our carefully laid security measures. Risk correct answer The likelihood that a threat will occur. ROT13 correct answer A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces. Second law correct answer If you don't know what to protect, how do you know you are protecting it? sniffer correct answer a type of eavesdropping program that monitors information traveling over a network Something you are correct answer fingerprint, iris, retina scan Something you do correct answer handwriting/typing/walking Something you have correct answer ID badge/swipe card/OTP
Symmetric Key Encryption correct answer used a single key to both encrypt the plaintext and decrypt the cipher text. Symmetric Type correct answer AES Technical Obsolescence correct answer A product becomes technically obsolete when it is replaced by a better product with more advanced technology. Third law correct answer If you are not protecting it (the information), .... THE DRAGON WINS! Threats correct answer Any potential occurrence that may cause an undesirable or unwanted outcome for an organization or for a specific asset. Vulnerabilities correct answer A weakness that a threat event or the threat agent can take advantage of: What act deals with the online privacy of minors under 13? A. COPPA B. FERPA C. GLBA D. FISMA correct answer A. COPPA What are 3 forms of authentication?
A. Four-digit PIN number B. Text of 6-digit number to phone C. Phone number D. Fingerprint E. Account Number F. Username correct answer A. Four-digit PIN number B. Text of 6-digit number to phone D. Fingerprint What are hash functions used for? A. Decrypting messages B. Sexuring messages in transport C. Discovering original content D. Determining whether the message has changed correct answer D. Determine whether the message has changed What are two common types of access control list (ACLs)? Choose two answers. A. Filesystem. B. Allow. C. Net work. D. Deny. E. Database system. correct answer A. File system. C. Net work.
What element of the parkerian hexad concerned with usefulness? A. Integrity B. Confidentiality C. Utility D. Availability correct answer C. Utility What is a sandbox? A. A tool only used in Java B. An isolated environment that protects a set of resources. C. Part of VPN connection D. A virtual location to share digital information correct answer B. An isolated environment that protects a set of resources. What is an example of authentication? A. Username B. Write Access C. Email Address D. Mother's Maiden Name correct answer D. Mother's Maiden Name What is an example of authentication? A. Username.
B. First car. C. Read only. D. Pin correct answer D. Pin What is an example of identification? A. Fingerprint B. Mothers Maiden Name C. Captcha Tests D. Username correct answer D. Username What is an example of identification? A. Text to Cell Phone. B. Employee number C. Update access. D. Fingerprint. correct answer B. Employee number What is an example of identification? A. Voice Pattern B. Write access C. Email Address D. Mother's Maiden Name correct answer C. Email Address
Which 2 attributes are included in the concept of risk? Choose 2 answers A. Threats B. Frequency C. Vulnerabilities D. Impacts correct answer A. Threats C. Vulnerabilities Which access control model allows access to be determined by the owner of the resource? A. Mandatory access control. B. Attribute based access control. C. Role based access control. D. Discretionary access control. correct answer D. Discretionary access control. Which aspect of the CIA triad is violated by an unauthorized database roll back or undo? correct answer integrity Which asymmetric cryptographic algorithm can provide confidentiality for data in motion? correct answer RSA Which attribute of the parkerian hexad allows for proper attribution of the owner of a dataset?
A. Possession B. Availability C. Authenticity D. Integrity correct answer C. Authenticity Which combination of factors demonstrates multifactor authentication? A. Fingerprint and voice print B. Password and Pin. C. Password and fingerprint. D. Voice print and weight. correct answer C. Password and fingerprint. Which concept of the CIA Triad is associated with reliability? A. Availability B. Confidentiality C. Authentication D. Integrity correct answer D. Integrity (it ensures data has not been tampered with & its correct, authentic, & reliable. Which concept refers to adding layers of security to our networks? A. Administrative control depth B. Defense in depth. C. Physical control depth.
