InfoSec1

Alla Inga Spara

• ! Within information security what are main terms within the information security model? Confidentiality & Integrity & Availability, Corporate Integrity Agreement, Contingency & Integrity & Availability, Certified Internal Auditor, Central Intelligence Agency
• ! Select all threats that are not considered to be malware DDoS & SQL Injection & Phishing, Trojan & DDoS, SQL Injection & Spyware
• ! Protocols are often designed for a single purpose true, false
• ! Something the user has as a means for identification is usually called Tokens, Features, Applications, Items, Fidgets
• ! When network communication is done across LAN and WAN only MAC facilitates the End-to-End communication False, True
• ! Ethernet has evolved from a high bandwidth single media full-duplex technology False, True
• ! Select all alternatives which are not a fundamental principles of GDPR Replication & Transfer-ability & Access, Confidentiality & Integrity, Access & Replication, Accountability & Confidentiality
• ! Ethics can change over time True, False
• ! When attackers use the term “../” to access files that are on the target web server but not meant to be accessed from outside it is called a? Dot-dot-slash attack, Dot-slash attack, Directory-slash attack, Dot-slash-server attack
• ! Page-in-the-Middle is the technique of distributing malicious code in browser add-ons which enables for reading & copying and redistributing anything typed without the user being aware of this: False, True
• ! A logic bomb is: Code that triggers action when a predetermined condition occurs, Code that physically explodes a computer when a predetermined condition occurs, Code that triggers action when a preset date/time is reached, Code that threathens the system until a predetermined condition is fulfilled, Code that replicates itself until a specific condition is reached
• ! A program that spreads copies of itself through a network is called a Worm, RAT, Virus, Trojan, Rabbit, Bot
• ! Select all security relevant OS features - 1: User authentication & Critical data protection & Enforced sharing, Critical data protection & User authentication & External connection, User authentication & External connection & Network access, Network access & User authentication & Critical data protection
• ! Buffer overflow is a technique used for Overwriting Operating System instructions, Overwriting Basic Input/Output System instructions, Initiating a Denial of Service attack, Flooding the Random-access memory
• ! Select the alternatives in which separation in an OS can not occur: Systematical & Theoretical & Organisational, Systematical & Cryptographic & logical, Theoretical & Organisational & Logical
• ? Which of the following alternatives are considered network security countermeasures? Encryption & Segmentation & Redundancy, Insertion & Substitution, Sequencing & Redundancy
• ! Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) should never complement other controls used for detecting malicious traffic: False, True
• ! Select all espionage methods that would not be considered easy low-tech ways Spyware & Any monitoring software & Cookies, Any monitoring software & Employees sharing sensitive data, Cookies & Social engineering & Spyware
• ! The technique were blocks of data in transport gets a short extra check sum value attached is called? Cyclic redundancy, Diffie-Hellman streaming, Hash function, Parity check, AES substitution
• ! A good hash function should have a two-way property to easily compute any given message. Select one alternative: False, True
• Which alternatives are not well-known algorithms for cryptographic checksum's? CRC-1 & AES, MD5 & CRC-1, AES & SHA-3
• ! Select all alternatives that can be considered assets within risk analysis - 1: Documentation & People & Reputation, Reputation & Maintenance & Governance
• ! Not realizing the core importance of information security awareness amongst users is one of the deadly sins of information security: True, False
• ! An Evil Twin Attack is: Setting up a WAP with the same SSID as a legitimate access point, Setting up a WAN with the same SSID as a legitimate access point, Setting up a PAN with the same SSID as a legitimate access point, Setting up a LAN with the same SSID as a legitimate access point
• ! The technique of methodical probing of a target network to identify weaknesses should according to NIST 800-115 include the following steps Planning & Discovery & Attack, Planning & Discovery, Mitigating & Analyzing & Documenting
• ! Using virtual keyboards for entering user IDs and passwords is not a great countermeasure against physical keyloggers False, True
• ! Sending EIGRP echo request from a source to a destination device is also called a Ping False, True
• ! RTU & PLC and HMI are abbreviations commonly encountered within: SCADA & ICS & OT, UPS & ICS, OT & SCADA, IDS & IPS
• ! The act of attempting to manipulate information & pursuing military or political goals is considered to be: Information warfare, A supply chain attack, Information control, A cyber attack, Economic attack
• ! Laws can be described as something: that is interpreted by courts & that applies to everyone, that is unwritten principles & that applies to everyone
• ! Select all alternatives that can be considered assets within risk analysis - 2: Hardware & Software & Data, Governance & Maintenance & Threats, Hardware & Governance & Maintenance
• ! Select the alternatives in which separation in an OS can occur: Temporal & Logical & Cryptographic, Systematical & Theoretical & Organisational, Systematical & Logical & Theoretical
• ! Select all security relevant OS features - 2: Protection of critical data & Memory protection & User authentication, External connection & Network access & User Authentication, Protection of critical data & Network access & Memory protection
• ! Select all threats that are considered malware Spyware & Virus & Trojan, DDoS & SQL Injection & Phishing, SQL Injection & Spyware & Trojan
• ! The fundamentals of GDPR are: Accountability & Confidentiality & Integrity, Accountability & Confidentiality & Integrity & Transfer-ability & Access
• ! Ethics can be described as something: that is individually chosen & that is unwritten principles, that is interpreted by courts & that applies to everyone, that is individually chosen & that applies to everyone
• When network communication is done across LAN and WAN both MAC and IP facilitates the End-to-End communication True, False
• ! Ethernet is not the most widely used LAN technology today False, True
• ! Ethernet is the most widely used LAN technology today True, False
• ! Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) can complement other controls used for detecting malicious traffic True, False
• ! Code that in addition to its stated effect has a second non-obvious & malicious effect is called a: Trojan, RAT, Worm, Virus, Rabbit, Bot
• ! A good hash function should easily compute any given message with a one-way encryption True, False
• ! Which alternatives are well-known algorithms for cryptographic checksum's? SHA-3 & MD5, MID5 & SHAN-30 & AES
• ! Setting up a WAP with the same SSID as a legitimate access point is refered to as Evil twin attack, Evil brother attack, Dublo attack, Second point attack
• ! Using virtual keyboards for entering user IDs and passwords is a great countermeasure against physical key loggers True, False
• ! Sending ICMP echo request from a source to a destination device is also called a Ping True, False
• ! Supervisory Control and Data Acquisitions (SCADA) system consists of the following components Select one or more alternatives: HMI & PLC & RTU, UPS & PLC & IPS, RTU & IDS & HMI
• ! Select all espionage methods that would be considered easy low-tech ways Employees simply take the data & Social engineering & Employees sharing sensitive data, Spyware & Any monitoring software & Cookies
• ! A program that can replicate itself and pass on malicious code to other non-malicious programs by modifying them is called a Virus, Rabbit, Worm, RAT, Trojan
• ! Select the alternatives in which separation in an OS can occur: Logical & Cryptographic & Physical, Organisational & Theoretical & Systematical
• ! Select the alternatives in which separation in an OS can not occur: Theoretical • Systematical • Organisational, Physical • Cryptographic • Logical
• ! Which of the following alternatives are advisable ways of mitigating network attacks? Firewalls & Physical Security & Authentication, Hubs & Physical Security & Authentication, Hubs & Firewalls & Physical Security
• ! Man-in-the-browser is the technique of distributing malicious code in browser add-ons which enables for reading copying and redistributing anything typed without the user being aware of this: True, False
• ! A message that tries to trick a victim into providing private information or taking some other unsafe action is called: Phishing, Lifting, Modeling, Pulsing, Whaling
• ! Code that triggers action when a predetermined condition occurs is called a Logic bomb, Worm bomb, Dropper bomb, Time bomb, Hostile bomb
• ! Using virtual keyboards for entering user IDs and passwords is a great countermeasure against physical keyloggers: True, False
• ! Not realizing that a corporate information security policy is absolutely essential is one of the deadly sins of information security: True, False
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) can use signatures to detect malicious traffic: True, False
• The technique of adding an extra bit to a group of bits is called: Parity check, Hash function, Diffie-Hellman streaming, Cyclic redundancy, AES substitution
• Sending PCIM echo request from a source to a destination device is also called a Ping False, True
• Encryption methods which use the same key for encryption and decryption is called: Symmetric encryption, Asymmetric encryption
• Encryption methods that use different keys for encryption and decryption is called: Asymmetric encryption, Symmetric encryption

Alla Inga Spara