Last Updated on October 29, 2019 by Admin
Cybersecurity Essentials 1.1 Chapter 8 Quiz Online
CE -- Chapter 8 Quiz
Quiz-summary
0 of 19 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
Information
CE — Chapter 8 Quiz
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 19 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
| Average score |
|
| Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- Answered
- Review
-
Question 1 of 19
1. Question
3 pointsAn auditor is asked to assess the LAN of a company for potential threats. What are three potential threats the auditor may point out? (Choose three.)Correct
Incorrect
The LAN can have many endpoint devices connected. Analyzing both the network devices and the endpoints connected is important in determining threats.
Hint
The LAN can have many endpoint devices connected. Analyzing both the network devices and the endpoints connected is important in determining threats.
-
Question 2 of 19
2. Question
1 pointsAs part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?Correct
Incorrect
The Gramm-Leach-Bliley Act (GLBA) includes privacy provisions for individuals and provides opt-out methods to restrict information sharing with third-party firms.
Hint
The Gramm-Leach-Bliley Act (GLBA) includes privacy provisions for individuals and provides opt-out methods to restrict information sharing with third-party firms.
-
Question 3 of 19
3. Question
1 pointsAs a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?Correct
Incorrect
Ethics in the security profession are extremely important because of the sensitivity of the data and assets. Compliance to government and state requirements is needed in order to make good judgments.
Hint
Ethics in the security profession are extremely important because of the sensitivity of the data and assets. Compliance to government and state requirements is needed in order to make good judgments.
-
Question 4 of 19
4. Question
1 pointsA security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks?Correct
Incorrect
Vulnerability scanners are commonly used to scan for the following vulnerabilities:
- Use of default passwords or common passwords
- Missing patches
- Open ports
- Misconfiguration of operating systems and software
- Active IP addresses
Hint
Vulnerability scanners are commonly used to scan for the following vulnerabilities:
- Use of default passwords or common passwords
- Missing patches
- Open ports
- Misconfiguration of operating systems and software
- Active IP addresses
-
Question 5 of 19
5. Question
3 pointsA consultant is hired to make recommendations on managing device threats in a company. What are three general recommendations that can be made? (Choose three.)Correct
Incorrect
Workstations can be hardened by removing unnecessary permissions, automating processes, and turning on security features.
Hint
Workstations can be hardened by removing unnecessary permissions, automating processes, and turning on security features.
-
Question 6 of 19
6. Question
3 pointsWhat three services does CERT provide? (Choose three.)Correct
Incorrect
- helps to resolve software vulnerabilities
- develops tools, products, and methods to conduct forensic examinations
- develops tools, products, and methods to analyze vulnerabilities
- develops tools, products, and methods to monitor large networks
- helps organizations determine how effective their security-related practices are
Hint
- helps to resolve software vulnerabilities
- develops tools, products, and methods to conduct forensic examinations
- develops tools, products, and methods to analyze vulnerabilities
- develops tools, products, and methods to monitor large networks
- helps organizations determine how effective their security-related practices are
-
Question 7 of 19
7. Question
2 pointsWhat are two items that can be found on the Internet Storm Center website? (Choose two.)Correct
Incorrect
The Internet Storm Center website has a daily InfoSec blog, InfoSec tools, and news among other InfoSec information.
Hint
The Internet Storm Center website has a daily InfoSec blog, InfoSec tools, and news among other InfoSec information.
-
Question 8 of 19
8. Question
1 pointsWhat can be used to rate threats by an impact score to emphasize important vulnerabilities?Correct
Incorrect
The National Vulnerability Database (NVD) is used to assess the impact of vulnerabilities and can assist an organization in ranking the severity of vulnerabilities found within a network.
Hint
The National Vulnerability Database (NVD) is used to assess the impact of vulnerabilities and can assist an organization in ranking the severity of vulnerabilities found within a network.
-
Question 9 of 19
9. Question
1 pointsA breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection?Correct
Incorrect
The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data as merchants and banks exchange transactions.Hint
The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data as merchants and banks exchange transactions.
-
Question 10 of 19
10. Question
1 pointsWhy is Kali Linux a popular choice in testing the network security of an organization?Correct
Incorrect
Kali is an open source Linux security distribution that is commonly used by IT professionals to test the security of networks.
Hint
Kali is an open source Linux security distribution that is commonly used by IT professionals to test the security of networks.
-
Question 11 of 19
11. Question
1 pointsA company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software?Correct
Incorrect
Software as a service (SaaS) provides access to software that is centrally hosted and accessed by users via a web browser on the cloud.
Hint
Software as a service (SaaS) provides access to software that is centrally hosted and accessed by users via a web browser on the cloud.
-
Question 12 of 19
12. Question
3 pointsAn organization has implemented a private cloud infrastructure. The security administrator is asked to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.)Correct
Incorrect
Organizations can manage threats to the private cloud using the following methods:
- Disable ping, probing, and port scanning.
- Implement intrusion detection and prevention systems.
- Monitor inbound IP traffic anomalies.
- Update devices with security fixes and patches.
- Conduct penetration tests post configuration.
- Test inbound and outbound traffic.
- Implement a data classification standard.
- Implement file transfer monitoring and scanning for unknown file type.
Hint
Organizations can manage threats to the private cloud using the following methods:
- Disable ping, probing, and port scanning.
- Implement intrusion detection and prevention systems.
- Monitor inbound IP traffic anomalies.
- Update devices with security fixes and patches.
- Conduct penetration tests post configuration.
- Test inbound and outbound traffic.
- Implement a data classification standard.
- Implement file transfer monitoring and scanning for unknown file type.
-
Question 13 of 19
13. Question
1 pointsA school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?Correct
Incorrect
The Family Education Records and Privacy Act (FERPA) prohibits the improper disclosure of personal education records.
Hint
The Family Education Records and Privacy Act (FERPA) prohibits the improper disclosure of personal education records.
-
Question 14 of 19
14. Question
3 pointsWhat are the three broad categories for information security positions? (Choose three.)Correct
Incorrect
Information security positions can be categorized as::
- definers
- builders
- monitors
Hint
Information security positions can be categorized as::
- definers
- builders
- monitors
-
Question 15 of 19
15. Question
2 pointsWhat are two potential threats to applications? (Choose two.)Correct
Incorrect
Threats to applications can include the following:
- Unauthorized access to data centers, computer rooms, and wiring closets
- Server downtime for maintenance purposes
- Network operating system software vulnerability
- Unauthorized access to systems
- Data loss
- Downtime of IT systems for an extended period
- Client/server or web application development vulnerabilities
Hint
Threats to applications can include the following:
- Unauthorized access to data centers, computer rooms, and wiring closets
- Server downtime for maintenance purposes
- Network operating system software vulnerability
- Unauthorized access to systems
- Data loss
- Downtime of IT systems for an extended period
- Client/server or web application development vulnerabilities
-
Question 16 of 19
16. Question
1 pointsIf a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?Correct
Incorrect
The Computer Fraud and Abuse Act (CFAA) provides the foundation for US laws criminalizing unauthorized access to computer systems.
Hint
The Computer Fraud and Abuse Act (CFAA) provides the foundation for US laws criminalizing unauthorized access to computer systems.
-
Question 17 of 19
17. Question
2 pointsA company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage the user threats. What three things might be put in place to manage the threats? (Choose three.)Correct
Incorrect
Users may be unaware of their actions if not educated in the reasons why their actions can cause a problem with the computer. By implementing several technical and nontechnical practices, the threat can be reduced.
Hint
Users may be unaware of their actions if not educated in the reasons why their actions can cause a problem with the computer. By implementing several technical and nontechnical practices, the threat can be reduced.
-
Question 18 of 19
18. Question
3 pointsWhat are three disclosure exemptions that pertain to the FOIA? (Choose three.)Correct
Incorrect
The nine Freedom of Information Act (FOIA) exemptions include the following:
- National security and foreign policy information
- Internal personnel rules and practices of an agency
- Information specifically exempted by statute
- Confidential business information
- Inter- or intra-agency communication subject to deliberative process, litigation, and other privileges
- Information that, if disclosed, would constitute a clearly unwarranted invasion of personal privacy
- Law enforcement records that implicate one of a set of enumerated concerns
- Agency information from financial institutions
- Geological and geophysical information concerning wells
Hint
The nine Freedom of Information Act (FOIA) exemptions include the following:
- National security and foreign policy information
- Internal personnel rules and practices of an agency
- Information specifically exempted by statute
- Confidential business information
- Inter- or intra-agency communication subject to deliberative process, litigation, and other privileges
- Information that, if disclosed, would constitute a clearly unwarranted invasion of personal privacy
- Law enforcement records that implicate one of a set of enumerated concerns
- Agency information from financial institutions
- Geological and geophysical information concerning wells
-
Question 19 of 19
19. Question
2 pointsUnauthorized visitors have entered a company office and are walking around the building. What two measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.)Correct
Incorrect
Any unauthorized individual that accesses a facility may pose a potential threat. Common measures to increase physical security include the following:
- Implement access control and closed-circuit TV (CCTV) coverage at all entrances.
- Establish policies and procedures for guests visiting the facility.
- Test building security using physical means to covertly gain access.
- Implement badge encryption for entry access.
- Conduct security awareness training regularly.
- Implement an asset tagging system.
Hint
Any unauthorized individual that accesses a facility may pose a potential threat. Common measures to increase physical security include the following:
- Implement access control and closed-circuit TV (CCTV) coverage at all entrances.
- Establish policies and procedures for guests visiting the facility.
- Test building security using physical means to covertly gain access.
- Implement badge encryption for entry access.
- Conduct security awareness training regularly.
- Implement an asset tagging system.