Introduction to Cybersecurity Tools & Cyber Attacks

byA
0

 

Click Grades and complete the modules, no need to watch videos

Quiz: History of Cybersecurity Quiz Answers 


Question 1: What was shown in the movie War Games that concerned President Reagan?

  • The movie gave an accurate portayal of the Iran-Contra scandle that could have only come from inside sources.
  • US Army gererals did not know how to use the advanced weapons systems they were responsable for.
  • KGB agents from the USSR were able to hack into Pentagon computer systems and steal plans for advanced US weapons.
  • A teenager hacked into a Pentagon computer that was capable of launching nuclear weapons.

Question 2: In addition to the movie War Games, what other event made the need for advanced cybersecurity apparent?

  • Confirmed reports of Al Qaeda operatives hacking the E-mail servers of US Government agencies.
  • The failed Bay of Pigs invasion.
  • 9/11
  • The attack against the USS Cole while it was in port in Yeman.

Question 3: What were the three (3) main cybersecurity concerns arising from the 9/11 attacks?

  • Could this happen again?
  • How did this happen?
  • Could an attack like this happen in the virtual world too?
  • Who wrote the malware that took control of the 4 airplanes navigation systems?

Question 4: According to a Forbes Magazine study, the annual cost of cybercrime in the United States alone has reached how much?

  • $100M
  • $1B
  • $10B
  • $100B

Question 5: Who are Alice, Bob and Trudy?

  • They are fictional characters used to illustrate how cryptography works.
  • They are the founders of modern cryptography.
  • They are the pseudonyms (false names) used by members of the hacktivist group Anonymous.
  • They were members of British Navel Intelligence who did pioneering work in secure communications that later became known as cryptography.

Question 6: Which of the following is considered a legitimate challenge to implementing a comprehensive cybersecurity solution?

  • Security practices are viewed as being “in the way”.
  • Security architectures require constant effort.
  • Security is often an after-thought; something that is added at the end of a project rather than baked into the project from the start.
  • All of the above

Question 7: Jeff Crume described five challenges in security today. Which two (2) of these are challenges because their numbers are decreasing?

  • Available analysts
  • Needed knowledge
  • Available time
  • Threats
  • Alerts

Question 8: “A defined way to breach the security of an IT system through a vulnerability” is the definition of which key cybersecurity term?

  • Vulnerability
  • Risk
  • Threat
  • Exploit

Question 9:  “A situation involving exposure to a danger.” Is the definition of which key cybersecurity term?

  • Exploit
  • Threat
  • Vulnerability
  • Risk

Question 10: Which aspect of a comprehensive approach to cybersecurity includes these items: evaluate, create teams, establish baselines, identify and model threats, identify use cases, identify risks, establish monitoring and control requirements?

  • Asset management
  • Administrative controls
  • Security program
  • Technical controls

Question 11: According to a 2018 report by Domo, over what period of time do the following things occur: 49,380 videos are uploaded to Instagram, 25,000 gifs are sent on Facebook Messenger, 4.2 million videos are viewed on Snapchat and 473,400 tweets are sent on Twitter?

  • Every 1 second
  • Every 1 minute
  • Every 1 hour
  • Every 1 day
  • Every 1 month
  • Every 1 year

Question 12: In the examples using Bob, Alice and Trudy, what aspect of cybersecurity is being illustrated?

  • The availability of communication that needs to be shared between the 3 friends.
  • The complexity of communication between people who use different protocols.
  • The positioning of firewalls that assure the integrity of communication between the 3 friends.
  • The security of communication between Alice and Bob that risks interception by Trudy.

Question 13: Alice sends an unencrypted message to Bob but it is intercepted by Trudy. Trudy reads the message but does not in any way interfere with its content or delivery. Which precept of the CIA Triad would have been violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above.

Question 14: Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it so, in anger, she deletes it without allowing its delivery to Bob. Which precept of the CIA Triad would have been violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above

Question 15: Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it but forwards it on to Bob from an anonymous address she controls. Which precept of the CIA Triad would have been violated?

  • Confidentiality
  • Integrity
  • Availability
  • All of the above

Question 16: Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?

  • NIST SP 800-42 Guidelines on Network Security Testing.
  • Health Information Portability and Accountability Act (HIPAA)
  • Federal Financial Institutions Examination Council (EFIEC) Information Technology Examination.
  • Open Source Security Testing Methodology Manual (OSSTMM).

Question 17: According to the Vulnerability Assessment Methodology, Vulnerabilities are determined by which 2 factors?

  • Exposure and Sensitivity
  • Identify Indicators and Exposure
  • Sensitivity and Adaptive Capacity
  • Potential Impacts and Adaptive Capacity

A brief overview of types of actors and their motives Quiz Answers Coursera

Question 1: Which hacker organization hacked into the Democratic National Convension and released Hillery Clinton’s emails?

  • Fancy Bears
  • Anonymous
  • Syrian Electronic Army
  • Guardians of the Peace
  • All of the above

Question 2: What challenges are expected in the future?

  • Enhanced espionage from more countries
  • Far more advanced malware
  • New consumer technology to exploit
  • All of the above

Question 3: Why are cyber attacks using SWIFT so dangerous?

  • SWIFT is the protocol used by all banks to transfer money
  • SWIFT is the protocol used by all US healthcare providers to encrypt medical records
  • SWIFT is the protocol used to transmit all diplomatic telegrams between governments around the world
  • SWIFT is the flight plan and routing system used by all cooperating nations for international commercial flights

Question 4: Which statement best describes Authentication?

  • Assurance that the communicating entity is the one claimed
  • Protection against denial by one of the parties in communication
  • Assurance that a resource can be accessed and used
  • Prevention of unauthorized use of a resource

Question 5: Trusted functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism?

  • Contingent security mechanism
  • External security mechanism
  • Active security mechanism
  • Passive security mechanism

Question 6: If an organization responds to an intentional threat, that threat is now classified as what?

  • A malicious threat
  • An attack
  • An active threat
  • An open case

Question 7: An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack?

  • Advanced Persistent Threat
  • Water Hole
  • Spectra
  • Denial of Service (DOS)

Question 8: Which of three (3) these approaches could be used by hackers as part of a Business Email Compromise attack?

  • Request to make a payment
  • Attorney impersonation
  • CEO Fraud, where CEO sends email to an employee
  • Account compromise

Question 9: Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives?

  • Hactivists
  • Governments
  • Hackers
  • Internal
  • Black Hats

Question 10: A political motivation is often attributed to which type of actor?

  • Internal
  • Hackers
  • Hactivist
  • Security Analysts

Question 11: The video Hacking organizations called out several countries with active government sponsored hacking operations in effect. Which one of these was among those named?

  • Canada
  • Israel
  • South Africa
  • Egypt

Question 12: Which of these is not a known hacking organization?

  • The Ponemon Institute
  • Fancy Bears
  • Syrian Electronic Army
  • Anonymous
  • Guardians of the Peace

Question 13: Which type of actor hacked the 2016 US Presidential Elections?

  • Hackers
  • Government
  • Hactivists
  • Internal

Question 14: True or False: Passive attacks are easy to detect because the original messages are usually alterned or undelivered.

  • False
  • True

Question 15: Trusted functionality, security labels, event detection and security audit trails are all considered which?

  • Business Policy
  • Specific security mechanisms
  • Pervasive security mechanisms
  • Security Policy

Question 16: Cryptography, digital signatures, access controls and routing controls considered which?

  • Security Policy
  • Specific security mechanisms
  • Business Policy
  • Pervasive security mechanisms

Question 17: True or False: A tornado threatening a data center can be classified as an attack.

  • False
  • True

Question 18: Traffic flow analysis is classified as which?

  • An origin attack
  • A passive attack
  • A masquerade attack
  • An active attack

Question 19: How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files?

  • Spyware
  • Adware
  • Worm
  • Virus
  • Trojan Horse
  • Ransomware

Question 20: Botnets can be used to orchestrate which form of attack?

  • Distribution of Spam
  • DDoS attacks
  • Phishing attacks
  • Distribution of Spyware
  • As a Malware launchpad
  • All of the above

Question 21:Policies and training can be classified as which form of threat control?

  • Active controls
  • Technical controls
  • Administrative controls
  • Passive controls

Question 22: Which type of attack can be addressed using a switched Ethernet gateway and software on every host on your network that makes sure their NICs is not running in promiscuous mode.

  • Packet Sniffing
  • Host Insertion
  • Trojan Horse
  • Ransomware
  • All of the above

Question 23:  A flood of maliciously generated packets swamp a receiver’s network interface preventing it from responding to legitimate traffic. This is characteristic of which form of attack?

  • A Denial of Service (DOS) attack
  • A Trojan Horse
  • A Masquerade attack
  • A Ransomware attack

Question 24: A person calls you at work and tells you he is a lawyer for your company and that you need to send him specific confidential company documents right away, or else! Assuming the caller is not really a lawyer for your company but a bad actor, what kind of attack is this?

  • A Social Engineering attack
  • A Trojan Horse
  • A Denial of Service attack
  • A Worm attack

Question 25: True or False: An individual hacks into a military computer and uses it to launch an attack on a target he personally dislikes. This is considered an act of cyberwarfare.

  • False
  • True

Quiz: Key concepts Quiz Answers Coursera

Question 1: Which two (2) key components are part of incident response? (Select 2)

  • Threat
  • Response team
  • Attack
  • Investigation

Question 2: Which is not part of the Sans Institutes Audit process?

  • Deliver a report.
  • Define the audit scope and limitations.
  • Feedback based on the findings.
  • Help to translate the business needs into technical or operational needs.

Question 3: Which key concept to understand incident response is defined as “data inventory, helps to understand the current tech status, data classification, data management, we could use automated systems. Understand how you control data retention and backup.”

  • BCP & Disaster Recovery
  • E-Discovery
  • Post-Incident
  • Automated Systems

Question 4: Which is not included as part of the IT Governance process?

  • Tactical Plans
  • Policies
  • Audits
  • Procedures

Question 5: Trudy reading Alice’s message to Bob is a violation of which aspect of the CIA Triad?

  • Confidentiality
  • Integrity
  • Availability

Question 6: A hash is a mathematical algorithm that helps assure which aspect of the CIA Triad?

  • Confidentiality
  • Integrity
  • Availability

Question 7: A successful DOS attack against your company’s servers is a violation of which aspect of the CIA Triad?

  • Confidentiality
  • Integrity
  • Availability

Question 8: Which of these is an example of the concept of non-repudiation?

  • Alice sends a message to Bob with certainty that it was not altered while in route by Trudy.
  • Alice sends a message to Bob with certainty that it will be delivered.
  • Alice sends a message to Bob and Bob knows for a certainty that it came from Alice and no one else.
  • Alice sends a message to Bob and Alice is certain that it was not read by Trudy.

Question 9: You have been asked to establish access to corporate documents in such a way that they can be read from anywhere, but only modified while the employees are in the office. Which 2 access criteria types were likely involved in setting this up?

  • Groups
  • Physical location
  • Transaction type
  • Timeframe

Question 10: In incident management, an observed change to the normal behavior of a system, environment or process is called what?

  • Incident
  • Attack
  • Threat
  • Event

Question 11: In incident management, tools like SIEM, SOA and UBA are part of which key concept?

  • E-Discovery
  • Automated system
  • BCP & Disaster Recovery
  • Post-Incident Activities

Question 12: Which phase of the Incident Response Process do steps like Carry out a post incident review and Communicate and build on lessons learned fall into?

  • Follow Up
  • Prepare
  • Respond

Question 13: In the context of security standards and compliance, which two (2) of these are considered normative and compliance items?

  • They help translate the business needs into technical or operational needs.
  • They serve as an enforcement mechanism for government, industry or clients.
  • They seek to improve performance, controls and metrics.
  • They are rules to follow for a specific industry.

Question 14: A company document that details how an employee should request Internet access for her computer would be which of the following?

  • Procedure
  • Policy
  • Strategic Plan
  • Tactical Plan

Question 15: Which of these is a methodology by which to conduct audits?

  • SOX
  • HIPPA
  • PCI/DSS
  • OCTAVE

Question 16: Mile 2 CPTE Training teaches you how to do what?

  • Advanced network management tasks
  • Conduct a pentest.
  • Construct a botnet
  • Conduct a Ransomware attack

Question 17: Which three (3) statements about OWASP are True?

  • OWASP provides tools and guidance for mobile applications.
  • OWASP stands for Open Web Application Security Project
  • OWASP provides guidance and tools to help you address web application vulnerabilities on their Top 10 list.
  • OWASP Top 10 only lists the top 10 web application vulnerabilities but you must engage an OWASP certified partner to learn how to fix them.

Key security tools Quiz Answers Coursera

Question 1: What is the primary function of a firewall?

  • Scans the system and search for matches against the malware definitions.
  • Secures communication that may be understood by the intended recipient only.
  • Uses malware definitions.
  • Filter traffic between networks.

Question 2: How many unique encryption keys are required for 2 people to exchange a series of messages using symmetric key cryptography?

  • 1
  • 2
  • 4
  • no keys are required

Question 3: What are the three (3) types of modern encryption?

  • Ciphertext
  • Asymmetric
  • Hash
  • Symmetric

Question 4: What is Locard’s exchange principle?

  • An entity that is partially or wholly responsible for an incident that affects or potentially affects an organization’s security.
  • Refers to the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence.
  • Includes the identification, recovery, investigation, validation, and presentation of facts regarding digital evidence found on computers or similar digital storage media devices.
  • The perpetrator of a crime will bring something into the crime scene and leave with something from it, and that both can be used as forensic evidence.

Question 5: Which two (2) are types of firewall?

  • Statutory
  • Packet-filtering
  • Protocol-filtering
  • Application-level

Question 6: Which type of data does a packet-filtering firewall inspect when it decides whether to forward or drop a packet?

  • Source and destination IP addresses.
  • TCP/UDP source and destination port numbers.
  • ICMP message type.
  • TCP SYN and ACK bits.
  • All of the above.

Question 7: Which three (3) of the following are limitations of Application gateways?

  • Application gateways are susceptible to IP spoofing.
  • Client software must be “smart” and know to contact the gateway.
  • Application gateways are not good and understanding protocols such as telnet.
  • Each application to be managed needs its own gateway.

Question 8: Which type of firewall inspects XML packet payloads for things like executable code, a target IP address that make sense, and a known source IP address?

  • An XML Gateway.
  • An application-level firewall.
  • A packet-filtering firewall.
  • All of the above.

Question 9: Which statement about Stateful firewalls is True?

  • They have state tables that allow them to compare current packets with previous packets.
  • They are less secure in general than Stateless firewalls.
  • They are faster than Stateless firewalls.
  • All of the above.

Question 10: True or False: Most Antivirus/Antimalware software works by comparing a hash of every file encountered on your system against a table of hashs of known virus and malware previously made by the antivirus/antimalware vendor.

  • True
  • False

Question 11: Which type of cryptographic attack is characterized by comparing a captured hashed password against a table of many millions of previously hashed words or strings?

  • Known Plaintext
  • Known Ciphertext
  • Brute force
  • Social Engineering
  • Rainbow tables

Question 12: What are two (2) drawbacks to using symmetric key encryption?

  • The sender and recipient must find a secure way to share the key itself.
  • You need to use a different encryption key with everyone you communicate with, otherwise anyone who has ever received an encrypted message from you could open any message you sent to anyone else using that key.
  • Symmetric key encryption is slower than asymmetric key encryption.
  • A modern supercomputer can break even the most advanced symmetric key in a matter of minutes.
Tags:

Post a Comment

Previous Post Next Post