Cybersecurity Quiz
48 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What cybersecurity term best describes an employee unknowingly clicking on a phishing email link, leading to a data breach?

  • Risk
  • Threat actor
  • Vulnerability (correct)
  • Threat
  • What concept is crucial in assessing the potential impact of a critical vulnerability in a payment processing system?

  • Threat vector
  • Risk (correct)
  • Vulnerability
  • Threat
  • What is the primary motivation for a threat actor demanding payment to prevent the release of sensitive customer data?

  • Fraud
  • Blackmail
  • Extortion (correct)
  • Political motivation
  • What cryptographic concept does Alice utilize when she encrypts a message to securely send to Bob?

    <p>Ciphertext</p> Signup and view all the answers

    Which type of cipher involves replacing individual characters or blocks in the plaintext with different ciphertext?

    <p>Substitution cipher</p> Signup and view all the answers

    Which term describes the potential for loss or damage when a system is exposed to a threat?

    <p>Risk</p> Signup and view all the answers

    What method can be employed to assess the effectiveness of current security measures?

    <p>Penetration testing</p> Signup and view all the answers

    What does the term 'threat actor' primarily refer to?

    <p>A party capable of causing harm</p> Signup and view all the answers

    Why is controlling data flow between network segments important in secure architecture design?

    <p>To prevent unauthorized access and data breaches</p> Signup and view all the answers

    What is the purpose of VLAN segmentation in a network infrastructure?

    <p>To improve network performance by reducing broadcast domains</p> Signup and view all the answers

    Which networking device is required for a VoIP handset to communicate with a workstation located in a different VLAN?

    <p>Router</p> Signup and view all the answers

    How do VLANs influence the overall security of a network?

    <p>By isolating sensitive data traffic from regular traffic</p> Signup and view all the answers

    What could be a potential disadvantage of VLAN segmentation?

    <p>Increased network latency due to routing overhead</p> Signup and view all the answers

    Which of the following is NOT a benefit of implementing VLANs?

    <p>Guaranteed quality of service for all traffic types</p> Signup and view all the answers

    What is a primary function of a router in a VLAN environment?

    <p>To connect multiple VLANs for communication</p> Signup and view all the answers

    Which scenario best illustrates a drawback of not using VLANs?

    <p>All workstations can access sensitive information regardless of necessity</p> Signup and view all the answers

    Why is it important for Alice and Bob to meet in person to agree on a cipher and secret key value?

    <p>To agree on a secret key without interception</p> Signup and view all the answers

    Which authentication design principle emphasizes that the method should not hinder user workflows?

    <p>Availability</p> Signup and view all the answers

    What is the first step in setting up biometric authentication?

    <p>Acquiring the biometric sample from the target</p> Signup and view all the answers

    Which advantage of fingerprint recognition is commonly recognized in security discussions?

    <p>It is non-intrusive and relatively simple to use</p> Signup and view all the answers

    In the context of cryptographic algorithms, what is a primary concern when using asymmetric encryption?

    <p>Key management complexity</p> Signup and view all the answers

    What factor is most significant when evaluating the usability of an authentication system?

    <p>User satisfaction and experience</p> Signup and view all the answers

    Which of the following is a major disadvantage of using biometric authentication?

    <p>It cannot be easily revoked</p> Signup and view all the answers

    Which of the following is NOT a type of hybrid cipher?

    <p>Vigenère cipher</p> Signup and view all the answers

    What feature of WPA3 enhances the security of Wi-Fi networks in open environments?

    <p>Simultaneous Authentication of Equals (SAE)</p> Signup and view all the answers

    Which configuration mode should a company choose for their access points to support both WPA2 and WPA3 devices?

    <p>WPA3-Personal Transition mode</p> Signup and view all the answers

    Why is 2nd Wave Corp implementing baseline configurations for its devices?

    <p>To establish a standard set of guidelines for configuring devices securely</p> Signup and view all the answers

    What is the reason for Manhize Corp to regularly update its baseline configurations?

    <p>To maintain the security and mitigate emerging threats</p> Signup and view all the answers

    Which of the following is a primary security feature offered by WPA3?

    <p>Improved password security with SAE</p> Signup and view all the answers

    What does the Enhanced Open feature in WPA3 specifically address?

    <p>Protection against eavesdropping on open networks</p> Signup and view all the answers

    Why is using default credentials for devices considered a security risk?

    <p>They are universally recognized by attackers</p> Signup and view all the answers

    What is a common reason for businesses to migrate from WPA2 to WPA3?

    <p>To implement better security measures</p> Signup and view all the answers

    Why is it important for Manhize Corp to test patches before deployment?

    <p>To identify potential issues or conflicts arising from the patch</p> Signup and view all the answers

    What protocol should be used to securely transmit sensitive user information over the network?

    <p>HTTPS</p> Signup and view all the answers

    What is a significant consideration when using secure communication protocols?

    <p>Effective management of cryptographic keys is crucial for secure protocol</p> Signup and view all the answers

    What is a potential drawback of endpoint hardening?

    <p>It could inadvertently restrict user access</p> Signup and view all the answers

    What is the main goal of testing patches before deployment?

    <p>To validate the stability and security of the patch</p> Signup and view all the answers

    Which of the following statements about secure protocols is correct?

    <p>They often rely on complex security measures</p> Signup and view all the answers

    Which option best describes a consequence of not testing patches before deployment?

    <p>Potential services disruption or system instability</p> Signup and view all the answers

    What is a critical advantage of using HTTPS over HTTP?

    <p>It encrypts data during transmission</p> Signup and view all the answers

    What action is most effective in addressing the vulnerabilities of the BIND server software?

    <p>Perform regular updates and apply the latest security patches.</p> Signup and view all the answers

    What is a critical reason for archiving historical log and network traffic data in a SIEM?

    <p>To meet compliance requirements and enable retrospective incident investigation.</p> Signup and view all the answers

    In what way does XCCDF enhance vulnerability scanning processes?

    <p>By developing and auditing best practice configuration checklists.</p> Signup and view all the answers

    How could enabling DNS Security Extensions (DNSSEC) benefit a DNS server?

    <p>By providing cryptographic authentication to prevent spoofing.</p> Signup and view all the answers

    Which of the following is NOT a benefit of performing regular patching on the BIND server?

    <p>It eliminates all potential vulnerabilities.</p> Signup and view all the answers

    Which measure helps strengthen DNS server security against unauthorized modifications?

    <p>Enforcing strong authentication mechanisms for DNS record changes.</p> Signup and view all the answers

    What is a potential impact of not archiving historical log data in a SIEM system?

    <p>Reduced incident response capabilities.</p> Signup and view all the answers

    What is a primary goal of implementing strict access controls on a DNS server?

    <p>To prevent unauthorized DNS footprinting and manipulation.</p> Signup and view all the answers

    Study Notes

    Module: Systems Development 2B

    • Exam revision for Summative Assessment 1 (SA1)
    • Multiple choice questions (50 examples) are provided

    Question 1

    • Sarah needs to implement an access control system for sensitive company data.
    • Only authorized employees should access the data.
    • The correct security control is authentication.

    Question 2

    • John, the CISO, needs to conduct a gap analysis to identify differences between the implemented cybersecurity framework and the company's security systems.
    • The purpose of the gap analysis is to evaluate the effectiveness of the company's existing security controls.

    Question 3

    • Emily, the compliance officer, needs to prioritize investments based on the gap analysis to achieve the target cybersecurity capabilities.
    • Prioritizing investments allows the organization to achieve regulatory compliance and improve cybersecurity capabilities.

    Question 4

    • An employee clicking on a phishing link leading to a data breach is considered a vulnerability.
    • The term that best describes this employee's action is vulnerability.

    Question 5

    • A critical vulnerability in a company's payment processing system could lead to financial loss.
    • Risk is crucial in assessing the potential impact of this vulnerability.

    Question 6

    • A threat actor demands payment to prevent the release of sensitive customer data.
    • The primary motivation is extortion.

    Question 7

    • Alice wants to securely send a message to Bob over an insecure channel.
    • The cryptographic concept Alice utilizes is encryption using ciphertext.

    Question 8

    • A cipher that involves replacing characters or blocks in plaintext with different ciphertext is a substitution cipher.

    Question 9

    • Alice and Bob meet in person to agree on a cipher and a secret key.
    • Meeting in person is important for ensuring authentication and agreeing on a secret key without interception.

    Question 10

    • The security team is evaluating authentication methods for usability.
    • The authentication design principle is availability.

    Question 11

    • Biometric authentication is being considered for access control.
    • The first step is acquiring the biometric sample from the target.

    Question 12

    • The security team is discussing fingerprint recognition.
    • An advantage of fingerprint recognition is it is non-intrusive and relatively simple to use.

    Question 13

    • Controlling data flow between network segments is important for secure architecture.
    • This is important for preventing unauthorized access and data breaches.

    Question 14

    • Cheerleaders Pvt. Ltd. segmented workstations and VoIP handsets using VLANs.
    • VLAN segmentation improves network performance by reducing broadcast domains.

    Question 15

    • In Cheerleaders Pvt. Ltd's network, a VoIP handset needs to communicate with a workstation computer.
    • A router is the required device for communication between these devices.

    Question 16

    • Security implications of single-tenant and multi-tenant cloud architectures are discussed.
    • Single-tenant architectures offer better performance and control, but are more expensive. Multi-tenant architectures are cost-effective but can have unauthorized access risks.

    Question 17

    • 2nd Wave Pvt. Ltd. plans to implement a hybrid cloud environment.
    • The primary security concern is integration issues related to managing multiple cloud environments.

    Question 18

    • A startup company needs to improve performance and reliability of its online platform by distributing content across servers.
    • The best technology for this is Content Delivery Networks (CDNs).

    Question 19

    • A large organization is updating its asset management process.
    • Asset ownership assignment involves designating individuals or teams responsible for specific assets.

    Question 20

    • An organization is concerned about ransomware attacks compromising their backup infrastructure.
    • Implementing air-gapped backups physically disconnected from the network is a key strategy in this scenario.

    Question 21

    • An organization needs to maintain data availability and integrity across multiple locations and systems.
    • Replication creates and maintains exact copies of data on different storage systems.

    Question 22

    • What is the main characteristic of an end-of-life (EOL) system?
    • It is outdated and no longer supported by the manufacturer or vendor.

    Question 23

    • What is a common characteristic of legacy systems?
    • They often remain in use despite being outdated.

    Question 24

    • Sarah, an employee, wants to install a productivity app on her company-issued Android device. She decided to sideload the app from a third-party website.
    • This action exposes her and the organization to increased risk of data breaches and non-compliance.

    Question 25

    • A server administrator is tasked with securing the organization's servers to improve server security.
    • Prioritize applying software security patches and updates regularly.

    Question 26

    • A small business wants to enhance Wi-Fi security with WPA3.
    • Simultaneous Authentication of Equals (SAE) provides improved security, especially in open environments.

    Question 27

    • A company deploying a new Wi-Fi network wants compatibility with WPA2 and WPA3 devices.
    • The configuration mode is WPA3-Personal Transition mode.

    Question 28

    • 2nd Wave Corp is planning to implement baseline configurations for security on devices.
    • The main reason for this is to establish standard guidelines for securely configuring devices.

    Question 29

    • Manhize Corp needs to regularly update baseline configurations for security.
    • The crucial reason is to minimize the impact of security threats and vulnerabilities.

    Question 30

    • Manhize Corp tests patches before deployment.
    • This is crucial for identifying potential issues or conflicts arising from the patch.

    Question 31

    • Tom, a network administrator, needs to transmit sensitive user information securely.
    • The prioritized protocol is HTTPS.

    Question 32

    • Olivia, a security consultant, is advising on secure communication protocols.
    • A key consideration is that effective management of cryptographic keys is crucial for secure protocols.

    Question 33

    • Manhize Corporation uses an internal DNS server.
    • Performing regular patching and updates to the BIND server software (ISC) is vital for mitigating potential risks.

    Question 34

    • Archiving historical log and network traffic data is important for a SIEM.
    • This enables retrospective incident investigation and meeting compliance requirements.

    Question 35

    • Extensible Configuration Checklist Description Format (XCCDF) contributes to vulnerability scanning.
    • This is through developing and auditing best practice configuration checklists.

    Question 36

    • The purpose of Open Vulnerability and Assessment Language (OVAL) in Security Content Automation Protocol (SCAP) is:
    • To describe system security state and query vulnerability reports.

    Question 37

    • A user downloads a free software application with malicious code hidden.
    • This describes a Trojan.

    Question 38

    • A user experiences unusual web browser behavior, including pop-up ads and changed bookmarks.
    • The likely malware is Adware.

    Question 39

    • An individual installs a seemingly harmless software app from an untrusted source.
    • The app is most likely classified as Spyware.

    Question 40

    • A company experiences increased malware infections due to unauthorized software downloads.
    • Implementing an Acceptable Use Policy (AUP) is the most effective policy.

    Question 41

    • A corporation has experienced a data breach.
    • Implementing Information Security Policies is the most relevant policy.

    Question 42

    • An organization's help desk receives many support requests via email.
    • Guidelines should include recommending specific language and tone in email responses.

    Question 43

    • A company implements security controls to mitigate risks.
    • They should primarily focus on residual risk before implementing mitigation measures.

    Question 44

    • An organization aims to reduce risk factors to a manageable level.
    • The overall status of risk management is called risk posture.

    Question 45

    • An organization purchases cybersecurity insurance.
    • This utilizes the risk transference strategy.

    Question 46

    • A company has a unique manufacturing process giving it a competitive edge.
    • This represents trade secret data.

    Question 47

    • An organization develops a new military-grade encryption technology.
    • The appropriate data classification is Critical (top secret).

    Question 48

    • A company uses cloud services globally.
    • They should store and process data in data centers within the defined legal boundaries to comply with data sovereignty requirements.

    Question 49

    • An organization fails to meet its contractual cybersecurity measures.
    • A potential consequence is termination of the contract.

    Question 50

    • An IT manager has extensive privileges.
    • Implementing a Privilege/Credential Management Policy addresses the potential misuse of these privileges.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Test your knowledge on key cybersecurity concepts and terminology. This quiz covers topics such as phishing, cryptography, and threat assessment. Perfect for students or professionals seeking to reinforce their understanding of cybersecurity fundamentals.

    Use Quizgecko on...
    Browser
    Browser