Introduction to Cybersecurity Final
Test Solutions
Course Introduction
Introduction to Cybersecurity explores the fundamental concepts, principles, and practices that protect information systems and networks from cyber threats. This course covers topics such as cyber risk management, threat identification, cyber attack techniques, network security, cryptography basics, and best practices for safeguarding digital assets. Students will learn about common vulnerabilities, social engineering, security policies, and legal and ethical considerations in cybersecurity, preparing them to recognize and respond to security incidents in both personal and professional contexts.
Recommended Textbook
CompTIA Security+ Guide to Network Security Fundamentals 5th Edition by Mark Ciampa
Available Study Resources on Quizplus
15 Chapters
750 Verified Questions
750 Flashcards
Source URL: https://quizplus.com/study-set/3831
Page 2
Chapter 1: Introduction to Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76425
Sample Questions
Q1) According to the U.S. Bureau of Labor Statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade?
A)10
B)15
C)22
D)27
Answer: C
Q2) What information security position reports to the CISO and supervises technicians, administrators, and security staff?
A)manager
B)engineer
C)auditor
D)inspector
Answer: A
Q3) A security administrator has both technical knowledge and managerial skills.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Malware and Social Engineering Attacks
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76418
Sample Questions
Q1) One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique?
A)stealth
B)appender
C)Swiss cheese
D)split
Answer: C
Q2) Describe a macro virus.
Answer: A macro virus is written in a script known as a macro. A macro is a series of commands and instructions that can be grouped together as a single command. Macros often are used to automate a complex set of tasks or a repeated series of tasks. Macros can be written by using a macro language, such as Visual Basic for Applications (VBA), and are stored within the user document (such as in an Excel .XLSX worksheet). A macro virus takes advantage of the "trust" relationship between the application (Excel) and the operating system (Microsoft Windows). Once the user document is opened, the macro virus instructions execute and infect the computer.
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: Application and Networking-Based Attacks
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76417
Sample Questions
Q1) Which SQL injection statement can be used to erase an entire database table? A)whatever'; DROP TABLE members; -B)whatever'; DELETE TABLE members; -C)whatever'; UPDATE TABLE members; -D)whatever'; RENAME TABLE members; --
Answer: A
Q2) How does a SYN flood attack work?
Answer: A SYN flood attack involves an attacker sending SYN segments in IP packets to a server, with modified source IP addresses in the packets. This causes additional traffic to pass between the server and the spoofed IP address.
Q3) Select below the string of characters that can be used to traverse up one directory level from the root directory: A);/ B)./ C)%20/ D)../
Answer: D
Q4) The predecessor to today's Internet was a network known as
Answer: ARPAnet
5
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: Host, Application, and Data Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76416
Sample Questions
Q1) Subtypes of security controls, classified as deterrent, preventive, detective, compensation, or corrective.
A)Access list
B)Activity phase controls
C)Android
D)Barricade
E)Bayesian filtering
F)Cross-site request forgery (XSRF)
G)Fuzz testing
H)iOS
I)NoSQL
J)Supervisory control and data acquisition (SCADA)
Q2) A _____________ is a document or series of documents that clearly defines the defense mechanisms an organization will employ in order to keep information secure.
Q3) DLP agent sensors are unable to read inside compressed files and binary files.
A)True
B)False
Q4) How does DLP index matching work?
Q5) How does an RFID tag embedded into an ID badge function without a power supply?
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Basic Cryptography
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76415
Sample Questions
Q1) Which of the following is not one of the functions of a digital signature?
A)Verification of the sender
B)Prevention of the sender from disowning the message
C)Prove the integrity of the message
D)Protect the public key
Q2) A Hardware Security Module (HSM) is essentially a chip on the motherboard of the computer that provides cryptographic services.
A)True
B)False
Q3) What cryptographic method, first proposed in the mid-1980s, makes use of sloping curves instead of large prime numbers?
A)FCC
B)RSA
C)ECC
D)IKE
Q4) In information technology, ____________________ is the process of proving that a user performed an action, such as sending an e-mail message or a specific document.
Match the following terms to the appropriate definitions.
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Advanced Cryptography
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76414
Sample Questions
Q1) Why is IPsec considered to be a transparent security protocol?
A)IPsec packets can be viewed by anyone
B)IPsec is designed to not require modifications of programs, or additional training, or additional client setup
C)IPsec's design and packet header contents are open sourced technologies
D)IPsec uses the Transparent Encryption (TE) algorithm
Q2) What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?
A)SSL
B)TLS
C)PEAP
D)EAP
Q3) The vulnerability discovered in IPsec in early 2014 was nicknamed Heartbleed, due to an issue with a heartbeat extension in the protocol.
A)True
B)False
Q4) Explain how digital certificates are managed.
Q5) Explain the difference between key revocation versus key suspension.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Network Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76413
Sample Questions
Q1) The standard TCP/IP protocol uses IP addresses which are how many bytes in length?
A)4
B)8
C)16
D)32
Q2) Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.
A)True
B)False
Q3) What is the difference between anomaly based monitoring and signature based monitoring?
Q4) A ______________ is a worker who work occasionally or regularly from a home office.
Q5) Describe how NAC works.
Q6) Internet ____________________ filters monitor Internet traffic and block access to preselected Web sites and files. Match the following terms to the appropriate definitions.
Q7) Describe how VLAN communication takes place.
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Administering a Secure Network
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76412
Sample Questions
Q1) IP telephony and Voice over IP (VoIP) are identical.
A)True
B)False
Q2) List and describe the three service models of cloud computing.
Q3) What device operates at the Network Layer (layer 3) of the OSI model and forwards packets across computer networks?
A)bridge
B)router
C)switch
D)hub
Q4) List and describe three benefits offered by IP telephony.
Q5) Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices?
A)Application Layer
B)Presentation Layer
C)Network Layer
D)Transport Layer
Q6) What are the two types of community strings?
Q7) Why is the Physical Layer omitted in the TCP/IP model?
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76411
Sample
Questions
Q1) How can an administrator force wireless clients to use a standard web browser to provide information, and require a user to agree to a use policy or present valid login credentials?
A)Gateway access point
B)Captive portal access point
C)Wireless device probe
D)AUP Enforcement access point
Q2) Because of the weaknesses of WEP, it is possible for an attacker to identify two packets derived from the same IV.
A)True
B)False
Q3) What is the Message Integrity Check (MIC) within WPA used for?
Q4) What is the maximum range of most Bluetooth devices?
A)10 ft
B)18 meters
C)15 meters
D)33 ft
Q5) Explain why it is important to be able to control the power level at which the WLAN transmits.
Q6) What are the four types of packets used by EAP?
Page 11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Mobile Device Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76424
Sample Questions
Q1) What is the difference between a feature phone and a smartphone?
Q2) _________________ uses a device's GPS to define geographical boundaries where an app can be used.
Q3) _____________ are portable computing devices that are generally larger than smartphones and smaller than notebooks, and are focused on ease of use.
Q4) What type of management system below can help facilitate asset tracking?
A)Wireless Device Management (WDM)
B)Mobile Device Management (MDM)
C)Extended Device Management (EDM)
D)Total Device Management (TDM)
Q5) Describe a subnotebook computer.
Q6) The Google Android mobile operating system is a proprietary system, for use on only approved devices.
A)True
B)False
Q7) How can encryption be used on Apple iOS and Google Android mobile operating systems?
Q8) Describe some of the risks associated with BYOD.
Q9) How does BYOD increase employee performance?
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Access Control Fundamentals
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76423
Sample Questions
Q1) To prevent one individual from having too much control, employees can ____________ job responsibilities within their home department or across positions in other departments.
Q2) Limitation imposed as to when a user can log in to a system or access resources.
A)Account expiration
B)Discretionary access control (DAC)
C)Extended TACACS (XTACACS)
D)Job rotation
E)LDAP injection attack
F)Least privilege
G)Mandatory access control (MAC)
H)Separation of duties
I)TACACS+
J)Time-of-day restriction
Q3) Describe the Bell-LaPadula model.
Q4) Authorization and access are viewed as synonymous and in access control, they are the same step.
A)True
B)False
Q5) Describe the two key elements of the MAC model.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Authentication and Account Management
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76422
Sample Questions
Q1) What are the three broad categories on which authentication can be based?
Q2) Which term below describes the time it takes for a key to be pressed and then released?
A)Dwell time
B)Lead time
C)Sync time
D)Show time
Q3) In most systems, a user logging in would be asked to ____________________ herself.
Q4) A popular key stretching password hash algorithm
A)Authentication factors
B)Bcrypt
C)Brute force attack
D)Dictionary attack
E)Hybrid attack
F)Key stretching
G)NTLM (New Technology LAN Manager) hash
H)Salt
I)Single sign-on
J)Token
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Business Continuity
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76421
Sample Questions
Q1) ____________________ is data about data.
Q2) Discuss the purpose and importance of the chain of custody.
Q3) Select below the type of cluster that is used to provide high-availability applications that require a high level of read and write actions, such as databases, messaging systems, and file and print services:
A)symmetric network
B)symmetric server
C)asymmetric network
D)asymmetric server
Q4) A snapshot of the current state of a computer that contains all current settings and data is known as what option below:
A)system standard
B)system view
C)system image
D)system baseline
Q5) Windows stores files on a hard drive in 512-byte blocks called
Q6) Describe the purpose of a disaster recovery plan.
Q7) Identify two scenarios that could be used in a BIA.
Page 15
To view all questions and flashcards with answers, click on the resource link above.
Chapter 14: Risk Mitigation
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76420
Sample Questions
Q1) Most organizations follow a three-phase cycle in the development and maintenance of a security policy.
A)True
B)False
Q2) What kind of policy outlines how organizations use personal information it collects?
A)VPN
B)network
C)encryption
D)privacy
Q3) When designing a security policy, many organizations follow a standard set of ____________________.
Q4) Most people are taught using a(n) ____________________ approach.
Matching
Q5) What concept below is at the very heart of information security?
A)threat
B)mitigation
C)risk
D)management
Q6) What are the duties of the CMT?
Page 16
To view all questions and flashcards with answers, click on the resource link above.
Chapter 15: Vulnerability Assessment and Third Party Integration
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76419
Sample Questions
Q1) An agreement through which parties in a relationship can reach an understanding of their relationships and responsibilities.
A)asset
B)cyberterrorism
C)hactivist
D)exploit kit
E)computer spy
F)risk
G)threat
H)threat agent
I)vulnerability
J)threat vector
Q2) Discuss one type of asset that an organization might have.
Q3) List four things that a vulnerability scanner can do.
Q4) What term below describes a prearranged purchase or sale agreement between a government agency and a business?
A)Service Level Agreement (SLA)
B)Memorandum of Understanding (MOU)
C)Blanket Purchase Agreement (BPA)
D)Interconnection Security Agreement (ISA)
To view all questions and flashcards with answers, click on the resource link above. Page 17