Untitled Quiz

Questions and Answers

What does increasing sensitivity in biometric systems potentially lead to?

• A decrease in the False Acceptance Rate (FAR)
• A lower Crossover Error Rate (CER)
• Improved user experience in authentication
• An increase in the False Rejection Rate (FRR) (correct)

What is the primary purpose of using multiple factors in electronic door locks?

• To enhance security (correct)
• To reduce user errors during access
• To simplify the authentication process
• To increase the time for user access

What is the defining characteristic of cipher locks?

• They require a correct combination of numbered push buttons (correct)
• They use biometric authentication methods
• They utilize RFID technology for access control
• They operate solely without any moving parts

What is Access Badge Cloning primarily associated with?

Copying data from RFID or NFC cards (A)

Which of the following technologies is commonly used for contactless authentication?

Near Field Communication (NFC) (A)

What is a key action you should take if infected by ransomware?

Disconnect the infected machine from the network (B)

Which of the following best defines a botnet?

A network of compromised devices controlled by an attacker (C)

What is the role of a 'Zombie' in cybersecurity terminology?

A compromised device used for remote commands (D)

Why is it advised not to pay a ransom in a ransomware attack?

Paying does not ensure data recovery (A)

Which security measure is NOT typically recommended against ransomware attacks?

Stockpiling physical backups (D)

What is the primary motivation for some insider threats concerning data theft?

Financial gain from selling sensitive data (A)

Which of the following actions should organizations implement to mitigate insider threats?

Implement a zero-trust architecture (D)

Which of the following best describes Shadow IT?

Use of IT resources without organizational approval (B)

What form of insider threat involves an employee misusing their access privileges?

Data Theft (A)

Which of the following is NOT a common motivation for insider threats?

Desire for organizational improvement (D)

Regular audits in an organization help to address which type of risk?

Insider threats (C)

Which characteristic of insider threats might stem from an employee's behavior rather than malicious intent?

Lack of awareness of cybersecurity best practices (D)

What is a recommended strategy to manage Shadow IT within an organization?

Implement clear policies on technology usage (A)

What is the primary goal of social engineering techniques?

To exploit human psychology for unauthorized access (A)

Which motivational trigger is NOT commonly used by social engineers?

Technical Knowledge (A)

Which of the following best describes pretexting in social engineering?

Creating a fabricated scenario to manipulate targets (B)

What type of attack does 'vishing' refer to?

Voice phishing conducted over phone calls (B)

Which option is NOT a practice to enhance security against social engineering?

Relying solely on user self-education (C)

What is the purpose of implementing shielded wallets or sleeves for RFID access badges?

To prevent unauthorized RFID scanning (C)

In the context of phishing attacks, 'whaling' specifically targets which group?

High-profile individuals or executives (B)

Which of the following is a common technique used in phishing attacks?

Spear Phishing (A)

What is the main characteristic of a worm compared to a virus?

Worms are standalone and self-replicating. (A)

Which type of malware is designed to encrypt user data until a ransom is paid?

Ransomware (C)

What distinguishes a Trojan from other types of malware?

It disguises itself as harmless software to gain unauthorized access. (B)

Which of the following describes a keylogger?

Software that captures keystrokes and sensitive information. (D)

What is a polymorphic virus?

A virus that rewrites itself to avoid detection. (C)

What method do Trojans commonly exploit to achieve their goals?

Operating system vulnerabilities. (A)

What is an indication of a potential malware attack?

Account lockouts. (D)

Which type of virus operates by attaching itself to executable files?

Program Virus (A)

What is the primary function of ransomware?

To encrypt data and demand payment for decryption. (A)

Which characteristic best describes a rootkit?

Malware designed to hide its presence and activities. (B)

What does a logic bomb do?

Executes malicious actions based on a triggering event. (B)

What differentiates a virus from a worm?

A virus needs a host file to spread, while worms spread independently. (A)

Which of the following represents a common characteristic of bloatware?

Consumes system resources without providing value. (B)

What is a primary purpose of using deception and disruption technologies in cybersecurity?

To mislead and distract attackers (B)

Which of the following methods best describes vishing?

Voice calls that trick victims into sharing information (C)

What is the main characteristic of an attack surface?

Points of unauthorized access into a system (C)

How do bollards function in physical security?

To deter unauthorized access by creating physical barriers (B)

What type of attack involves trying all possible combinations until gaining access?

Brute force (C)

Which technology is used to create a decoy system to attract potential hackers?

Honeypot (B)

Which option describes a scenario that aims to exploit external vulnerabilities in wireless communications?

BlueBorne vulnerabilities (A)

What strategy is often used to counteract unauthorized access in physical security?

Utilizing access control vestibules (C)

Which method can attackers use to bypass a security camera?

Blocking the camera's line of sight (C)

What is the primary function of physical security measures?

To protect tangible assets from unauthorized access (D)

Which of the listed sensors detects movement based on changes in microwave pulses?

Microwave Sensors (A)

How can organizations minimize their attack surface?

Restricting access and removing unnecessary software (C)

What is the main advantage of surveillance systems in security?

To observe and report suspicious activities (B)

Which method helps prevent attacks by ensuring only one door is open at a time?

Access control vestibule (C)

Flashcards

Insider Threats

Cybersecurity threats originating from within an organization, with varying capabilities.

Motivation of Insider Threats

Different motivations drive insider threats, including financial gain, revenge, or carelessness.

Data Theft (Insider Threat)

A type of insider threat where sensitive data is stolen.

Sabotage (Insider Threat)

A type of insider threat where the system is damaged.

Shadow IT

Using IT systems and applications without explicit company approval.

Zero-trust architecture

A security strategy that assumes no one is trustworthy unless verified.

Access Controls

Security measures to limit who can access sensitive company resources.

Employee Security Awareness

Training and educational programs to promote good cybersecurity practices.

Crossover Error Rate (CER)

The point where the False Acceptance Rate (FAR) and False Rejection Rate (FRR) are equal, representing a balance for optimal authentication.

Authentication Effectiveness

The measure of how well a security system can accurately identify authorized users and prevent unauthorized access.

Multi-factor Authentication

Using multiple authentication methods to increase security, like a password and fingerprint scan.

Cipher Locks

Mechanical locks with numbered buttons requiring a specific combination to unlock, often used in high-security areas.

Access Badge Cloning

Copying the data from an RFID or NFC card onto another device, allowing unauthorized access.

BYOD

Using personal devices for work purposes.

Threat Vector

The way an attacker gains unauthorized access to a system or network.

Attack Surface

All points where an attacker can try to access a system or network.

Message-based threat vectors

Threats delivered via email, SMS, or instant messaging.

Phishing

Impersonating a trusted entity to trick victims into revealing sensitive information.

Image-based threat vectors

Malicious code hidden within image files.

File-based threat vectors

Malicious code disguised as legitimate documents or software.

Vishing

Using voice calls to trick victims into revealing sensitive information.

Baiting (with removable devices)

Leaving malware-infected USB drives in public places to lure victims.

Unsecure Networks

Networks lacking security measures to protect data.

MAC Address Cloning

An attack where an attacker pretends to be a legitimate device on the network.

VLAN Hopping

An attack where an attacker gains access to other virtual networks on a network.

BlueBorne

A set of vulnerabilities in Bluetooth technology allowing attackers to take over devices, spread malware, or intercept communications.

BlueSmack

A Denial of Service attack targeting Bluetooth devices.

Deception and Disruption Technologies

Technologies used to mislead, confuse, and divert attackers.

Social Engineering

Manipulating people's psychology to gain unauthorized access to systems, data, or physical spaces.

Motivational Triggers

The tactics social engineers use to exploit human psychology, including familiarity, consensus, authority, and urgency.

Impersonation

Pretending to be someone else, including impersonating brands, using fake websites, or targeting specific groups.

Pretexting

Creating a made-up scenario to manipulate targets into giving information or granting access.

Spear Phishing

A targeted phishing attack focusing on specific individuals or groups using personalized information to increase legitimacy.

Whaling

A targeted phishing attack specifically aimed at high-profile individuals, often executives or CEOs.

Influence Campaigns

Spreading misinformation and disinformation, impacting politics, economics, or public opinion.

Ransomware Attack

A type of malware that encrypts your files and demands payment to decrypt them.

Botnet

A network of compromised computers controlled remotely by attackers, often used for malicious purposes.

Zombie (Computer)

A computer infected with malware, controlled by an attacker without the owner's knowledge.

Command and Control Node

The central computer in a botnet that receives instructions and sends commands to the infected machines.

What to do if you're hit by ransomware?

Don't pay the ransom, disconnect the infected device, notify authorities, and restore from backups.

Attack Vector

The method an attacker uses to infiltrate a victim's system. Examples: unpatched software, phishing campaigns, USB drive installation.

Virus

Malicious code that attaches to clean files, spreads, and corrupts host files.

Worm

Standalone program that replicates and spreads to other computers without user interaction.

Trojan

Malicious software disguised as legitimate software, allowing unauthorized access.

Ransomware

Encrypts user data and demands ransom for decryption.

Rootkit

Hides its presence and activities on a computer, operating at the OS level.

Backdoor

Allows unauthorized access to a system, bypassing normal security.

Keylogger

Records keystrokes, capturing passwords or sensitive information.

Spyware

Monitors and gathers user/system information, sending it to attackers.

Boot Sector Virus

Infects the first sector of a hard drive, loading into memory during bootup.

Macro Virus

Embedded inside documents, executing when the document is opened.

Program Virus

Infect executable files, affecting applications.

Multipartite Virus

Infects both boot sectors and program files, attacking multiple parts of the system.

Encrypted Virus

Uses encryption to avoid detection, hiding its malicious code.

Study Notes

CompTIA Security+ (SY0-701) Study Notes

• The CompTIA Security+ (SY0-701) certification is an intermediate-level information technology certification.
• It focuses on an individual's ability to assess the security posture of an enterprise environment.
• This certification is for IT professionals or aspiring cybersecurity professionals who have already earned their CompTIA A+ and Network+ certifications.
• The recommendation is that candidates have 1-2 years of experience with hardware, software, and networks.
• The exam consists of five domains:
  • General Security Concepts (12%)
  • Threats, Vulnerabilities, and Mitigations (22%)
  • Security Architecture (18%)
  • Security Operations (28%)
• The exam is 90 minutes long and contains 90 questions (multiple-choice and some multiple-select).
• Candidates need a score of 750 points out of 900 to pass.
• Exam vouchers can be purchased from the CompTIA store or Dion Training.
• The price may vary by country due to regional pricing by CompTIA.
• Dion Training offers a 10% discount on vouchers.
• For success in the course, turn on closed captions, control the playback speed, and join the provided FB or Discord group. Avoid trick questions or red herrings. Focus on keywords, bolded words, and upper-case letters. Choose the answer that applies to the most number of situations.