Authentication Factors Quiz

Questions and Answers

What type of authentication factor relies on the user's biometric characteristics, such as a fingerprint, a face, or an iris?

Something you know

Something you do

Something you have

Something you are (correct)

What is a common example of something you have that can be used to generate a one-time password (OTP) or a code to access a VPN?

Fingerprint

Password

Facial recognition

Authentication token (correct)

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Automation (correct)

Compliance checklist

Manual audit

Attestation

What is a common example of something you are that can be used to scan and verify the user's identity to access a VPN?

Thumbprint

What is the process of using software, hardware, or other tools to perform tasks that would otherwise require human intervention or manual effort?

Automation

Which of the following can automation be used for in relation to security settings on servers?

All of the above

What type of security technique involves checking user input for malicious or unexpected data before processing by an application?

Input validation

Which of the following is not a special character that the organization's security policy aims to remove from user input?

What technique is used to hide information within another medium, such as an image or audio file?

Steganography

If an organization wants to prevent embedded keys from being included in their source code, which security technique should they adopt?

Static code analysis

What is the process of converting data into a fixed-size string of characters, which cannot be reversed?

Hashing

Which of the following security techniques involves replacing sensitive data with fictitious data?

Data masking

What is the primary purpose of audits in a banking environment?

To ensure compliance with laws, standards, and policies

In a penetration testing engagement, what type of reconnaissance involves sending packets or requests to a target and analyzing the responses?

Active

What is the most common data loss path for an air-gapped network?

Removable devices

Which of the following is NOT a purpose of audits in a banking environment?

Conducting penetration testing

What type of reconnaissance involves observing network activity without directly interacting with the target?

Passive

How can an air-gapped network be compromised despite being physically isolated?

Via the use of removable devices

What is the primary technique used by attackers in a Business Email Compromise (BEC) attack?

Social engineering

In the given scenario, what is the attacker's goal in requesting gift cards?

To steal money from the victim

How does the attacker make the email appear to be from an executive in the given scenario?

By spoofing or compromising the executive's email address

What is the purpose of capacity planning in the context of business continuity strategy?

To determine the resources needed to meet current and future demands

Which of the following is NOT a common tactic used by BEC attackers?

Using malware to gain access to email accounts

In the context of business continuity planning, what does the term 'geographic dispersion' refer to?

Distributing operations across multiple locations

What is the primary goal of social engineering?

To gain unauthorized access to confidential information

In the given scenario, what technique was the suspicious caller employing?

Pretexting

Which of the following is the most appropriate mitigation strategy for suspicious connections between internal endpoints?

Configuring host-based firewalls on endpoints

Which practice is most effective in preventing insider threats related to malicious code introduction?

Implementing peer review and approval processes

What is the primary purpose of a host-based firewall?

To filter and monitor network traffic at the endpoint level

Which of the following is not a common social engineering technique?

Vulnerability scanning