Cybersecurity Fundamentals
Midterm Exam
Course Introduction
Cybersecurity Fundamentals provides students with an essential understanding of the principles and practices used to protect information and systems from digital threats. The course covers core concepts such as network security, cryptography, threat identification, risk management, ethical and legal considerations, and security policies. Students will learn about common cyberattacks, vulnerabilities, and defense mechanisms used to safeguard data in both personal and professional environments. Through practical examples and hands-on activities, learners gain the foundational skills required to evaluate, implement, and maintain basic cybersecurity measures.
Recommended Textbook
Corporate Computer Security 4th Edition by Randy J. Boyle
Available Study Resources on Quizplus
11 Chapters
1198 Verified Questions
1198 Flashcards
Source URL: https://quizplus.com/study-set/1400
Page 2
Chapter 1: The Threat Environment
Available Study Resources on Quizplus for this Chatper
103 Verified Questions
103 Flashcards
Source URL: https://quizplus.com/quiz/27878
Sample Questions
Q1) A(n) ________ attack requires a victim host to prepare for many connections, using up resources until the computer can no longer serve legitimate users. (Choose the most specific choice.)
A) DoS
B) directly-propagating worm
C) distributed malware
D) SYN Flooding
Answer: D
Q2) Carding is more serious than identity theft.
A)True
B)False
Answer: False
Q3) Another name for safeguard is ________.
A) countermeasure
B) compromise
C) Both A and B
D) Neither A nor B
Answer: A
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Planning and Policy
Available Study Resources on Quizplus for this Chatper
124 Verified Questions
124 Flashcards
Source URL: https://quizplus.com/quiz/27880
Sample Questions
Q1) The worst problem with classic risk analysis is that ________.
A) protections often protect multiple resources
B) resources often are protected by multiple resources
C) we cannot estimate the annualized rate of occurrence
D) costs and benefits are not the same each year
Answer: C
Q2) What security functions typically are outsourced?
A) Policy
B) Vulnerability testing
C) Both A and B
D) Neither A nor B
Answer: B
Q3) Which of the following specifies how to do certification by external parties?
A) COSO
B) CobiT
C) ISO/IEC 27000
D) All of the above have certification by external parties.
Answer: C
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Cryptography
Available Study Resources on Quizplus for this Chatper
122 Verified Questions
122 Flashcards
Source URL: https://quizplus.com/quiz/27881
Sample Questions
Q1) Companies transmit over the wireless LANs because WLANs ________.
A) are inexpensive
B) are secure
C) Both A and B
D) Neither A nor B
Answer: B
Q2) It is OK for a verifier to receive digital certificates from the sender.
A)True
B)False
Answer: True
Q3) The hash size in SHA-1 is 160 bits.
A)True
B)False
Answer: True
Q4) ________ ciphers leave letters in their original positions.
A) Transposition
B) Substitution
C) Both A and B
D) Neither A nor B
Answer: B
Page 5
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: Secure Networks
Available Study Resources on Quizplus for this Chatper
119 Verified Questions
119 Flashcards
Source URL: https://quizplus.com/quiz/27882
Sample Questions
Q1) Some writers prefer to turn off SSID broadcasting.
A)True
B)False
Q2) An EAP message begins with an ________ message.
A) EAP request
B) EAP accept
C) EAP start
D) EAP response
Q3) Eavesdropping usually is more of a concern for ________ LANs than for ________ LANs.
A) wired, wireless
B) wireless, wired
C) about an equal concern for wired and wireless LANs
D) None of the above
Q4) WEP stands for ________.
A) wireless equivalent privacy
B) wireless equivalent policy
C) wired equivalent privacy
D) wired equivalent policy
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Access Control
Available Study Resources on Quizplus for this Chatper
124 Verified Questions
124 Flashcards
Source URL: https://quizplus.com/quiz/27883
Sample Questions
Q1) In Kerberos, the ________ is sent from the Kerberos server to the verifier.
A) ticket granting ticket
B) service ticket
C) Both A and B
D) Neither A nor B
Q2) Buildings should be set back from streets and protected with rolling hill landscaping to reduce threats from ________.
A) wireless eavesdropping
B) industrial espionage
C) casual observation
D) terrorism
Q3) Which of the following are benefits of using identity management?
A) Reduced costs
B) Centralized auditing of all an employee's access permission across a firm
C) Both A and B
D) Neither A nor B
Q4) As far as possible, identities should be managed by people closest to the situation.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Firewalls
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/27884
Sample Questions
Q1) A socket designates a specific program designated by a port number on a specific computer's IP address.
A)True
B)False
Q2) The ________ is a subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world.
A) Internet subnet
B) server subnet
C) external subnet
D) None of the above
Q3) Most firewall database policies include less than 5 rules.
A)True
B)False
Q4) SPI filtering for packets that are part of ongoing communications is usually simple.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above.
Page 8
Chapter 7: Host Hardening
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/27885
Sample Questions
Q1) A company should decide upon a single security baseline for use with its client PCs.
A)True
B)False
Q2) Software vendors typically release ________ patches per product in a typical year.
A) many
B) a few
C) no
Q3) Microsoft's server operating system is called ________.
A) UNIX
B) Windows Server
C) Both A and B
D) Neither A nor B
Q4) Which of the following is not a type of fix for vulnerabilities?
A) Work-arounds
B) Patches
C) Version upgrades
D) All of the above are types of fixes for vulnerabilities
To view all questions and flashcards with answers, click on the resource link above.
9
Chapter 8: Application Security
Available Study Resources on Quizplus for this Chatper
100 Verified Questions
100 Flashcards
Source URL: https://quizplus.com/quiz/27886
Sample Questions
Q1) In a stack overflow attack, to where does the return address point?
A) To the beginning of the stack entry's data area
B) To the end of the stack entry's data area
C) To the next command in the program being hacked
D) To the return address entry in the stack entry
Q2) Testers have permissions on the ________.
A) development server
B) testing server
C) production server
D) Both A and B
Q3) An attacker types more data in a field than the programmer expected. This is a(n) ________ attack.
A) denial-of-service
B) directory traversal
C) buffer overflow
D) XSS
Q4) If a hacker takes over an application program, he or she receives the permissions with which the program runs.
A)True
B)False
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Data Protection
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/27887
Sample Questions
Q1) Properly backed up data includes ________.
A) ensuring that copies of data files are stored safely and secured
B) ensuring that copies of data files will survive even if the data on the host are lost and damaged
C) Both A and B
D) Neither A nor B
Q2) Trusting users to do key escrow is risky because ________.
A) the user may not do it
B) the user may not be able to find the key later
C) the user may refuse to give it up if fired
D) All of the above
Q3) CDP requires expensive high-speed transmission link between the sites.
A)True
B)False
Q4) A system using an array of drives increases reliability.
A)True
B)False
Q5) DRM restricts what people can do with sensitive material.
A)True
B)False
11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Incident and Disaster Response
Available Study Resources on Quizplus for this Chatper
107 Verified Questions
107 Flashcards
Source URL: https://quizplus.com/quiz/27879
Sample Questions
Q1) A ________ is a fake network segment with multiple clients and servers.
A) trap
B) honeypot
C) IDS
D) virtual network
Q2) Dropping all future packets from a particular IP address is called ________.
A) black holing
B) disconnection
C) IP address spoofing
D) damaging
Q3) ________ is the act of passing an incident to the CSIRT or business continuity team.
A) Transference
B) Escalation
C) Delegation
D) Acceleration
Q4) Once an attack has begun, a company should never allow the attacker to continue.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Module A: Networking Concepts
Available Study Resources on Quizplus for this Chatper
91 Verified Questions
91 Flashcards
Source URL: https://quizplus.com/quiz/27888
Sample Questions
Q1) A flag field has the value 1.
A) The TCP segment is an acknowledgement.
B) The field is set.
C) The field is locked.
D) The router will reduce the value to 0 and drop the packet.
Q2) In this book, when internet is spelled with a capital I, it means the global Internet.
A)True
B)False
Q3) TCP segment carries octets 4321 through 4371. What is its sequence number?
A) 4321
B) 4371
C) 4372
D) None of the above.
Q4) In an IPv4 packet, the ________ field describes the contents of the packet's data field.
A) TTL
B) header checksum
C) protocol
D) next-higher-layer
To view all questions and flashcards with answers, click on the resource link above. Page 13