Information Security: Identifying Elements and Threats, Exams of Nursing

Download Information Security: Identifying Elements and Threats and more Exams Nursing in PDF only on Docsity! 1 ECIHV2 PRACTICE FINAL EXAM Questions and Answers Latest Updates 2024 GRADED A+ Which element of information security includes the trustworthiness of data or resources in terms of preventing improper or unauthorized changes? a.) Confidentiality b.) Authenticity c.) Availability d.) Integrity -Answer- B is a security strategy in which several protection layers are placed throughout an information system. a.) Defense-in-depth b.) Non-repudiation c.) Information security d.) Offense-in-depth -Answer- A Security policies are the foundation of the security infrastructure that defines the basic security requirements and rules to be implemented in order to protect and secure an organization's information systems. Which of the following is NOT something security policies can accomplish? a.) They reduce or eliminate legal liability of employees and third parties b.) They protect confidential and proprietary information from theft, misuses, unauthorized disclosure, or modification c.) They prevent wastage of the company's computing resources d.) They can still be effective when added as an afterthought -Answer- D Anna created her company's security policy to accept the majority of internet traffic, excluding several known dangerous services and attacks. Which type of security policy did Anna put into place? a.) Permissive Policy b.) Promiscuous Policy c.) Prudent Policy d.) Paranoid Policy -Answer- A A(n) policy defines a standard to handle application traffic, such as web or email. a.) Remote access b.) Network connection c.) Firewall management d.) Access control -Answer- C 2 What kind of policy contains a set of rules that defines authorized connections? a.) User account b.) Special access c.) Remote access d.) Password -Answer- C Motive (Goal) + Method + Vulnerability = SH APE \* M ERGEFORM AT a.) Security policy b.) Attacks c.) Defense-in-depth d.) Access control -Answer- B Dwayne wants to acquire account information from a competitor company, so he sends an illegitimate email to the Payroll Specialist claiming to be the CEO. What type of security attack would this be? a.) IoT threats b.) Web application threats c.) Phishing d.) Ransomware -Answer- C Spoofing, Session Hijacking, DoS Attacks, Firewall and IDS Attacks are all considered what type of information security threat? a.) Network threat b.) Application threat c.) Host threat d.) System threat -Answer- A Which of the following is NOT a common cause for system vulnerabilities? a.) Software bugs b.) Strong passwords c.) Use of broken algorithms d.) Complexity of the system -Answer- B Which phase of the risk management process includes a strategical approach to prepare for handling risks and reduce its impact on organizations? This phase addresses and treats the risk according to their severity level. a.) Risk assessment b.) Risk mitigation c.) Risk management plan evaluation d.) Risk determination -Answer- B 5 b.) MagicTree c.) Microsoft Onenote d.) Tomboy -Answer- B In this structure, a single team handles all the incident response functions of a small organization. It is most effective for quickly responding to incidents. This structure is best suited for organizations operating from a single location. a.) Centralized Incident Response Team b.) Distributed Incident Response Team c.) Coordination teams d.) Operational teams -Answer- A Julie is a compouter forensic investigator and she is currently setting up a computer forensics lab, building a forensics workstation, investigation toolkit, the investigation team, and getting approval from the relevant authority. Which phase in the investigation process is Julie working through? a.) Pre-Investigation b.) Investigation c.) Post-investigation d.) None of the above -Answer- A is a designated location for conducting computer-based investigations of the collected evidence in order to solve the case and find the culprit. a.) Cloud Computing Lab b.) Crime Scene Investigation Lab c.) Computer Forensics Lab (CFL) d.) There is not actually a designated place as long as you have a secure network - Answer- C What is NOT considered a part of the investigation stage? a.) Search and Seizure b.) Data Acquisition c.) Documenting and Reporting d.) Collect the Evidence -Answer- C Which term refers to an organization's ability to make optimal use of digital evidence in a limited period of time and with minimal investigation costs? a.) Forensic Readiness b.) Forensic Readiness Planning c.) Forensic Policy d.) Forensic Analysis -Answer- A 6 Lucas is an incident responder who wants to monitor the integrity of critical files. What steps could he take? a.) Create a database of cryptographic checksums of critical files b.) Use an isolated test network to host your test bed c.) Use checksum calculators such as HashCalc or automated integrity monitoring tools such as Tripwire d.) Answers A & C -Answer- D The first response to an incident may involve one of three different groups of people, each having different tasks based on the circumstance of the incident. Which of the following is NOT one of those people? a.) System Administrator b.) Non-forensic Staff c.) Laboratory Forensics Staff d.) Special Jurisdiction Police -Answer- D What is one of the most common mistakes a first responder makes when dealing with a computer crime incident? a.) Leaving the computer turned on b.) Shutting down the computer c.) Collecting data while the computer is running d.) None of the above -Answer- B First Responders must label all the available evidence and create a list with details, including location of the crime, status of the system, and connected network devices. What are some other things first responders should label? a.) PDA's b.) Storage media c.) Network access d.) All of the above -Answer- D Digital evidence is defined as "any information of value that is either stored or transmitted in digital form". a.) Probative b.) Monetary c.) Psychological d.) Marketing -Answer- A Non-volatile evidence refers to the data stored on secondary storage devices, such as hard disks and memory cards. 7 a.) Open b.) Temporary c.) Permanent d.) Dark -Answer- C Jamie is an incident responder who wants to see a list of recently xecuted commands performed by a remote or local user within an established command shell or terminal. What command should Jamie use? a.) continents.txt b.) doskey /history c.) ~/.bash_profile d.) $ cd Desktop/ -Answer- B System time refers to the exact date and time of the day when the incident happened, as per the . This will assist in developing an accurate timeline of events that have occurred on the system. a.) Local Sideral Time (LST) b.) Coordinated Universal Time (UTC) c.) Julian Date d.) Ordinary Civil Time (OCT) -Answer- B Nicho is new at incident handling so he is worried about making a mistake when handling malware because he knows it can cause major damage to the host computer he's working on. What are some steps he could take to handle the malware safely? a.) Use secure channels & secure USB drives for transferring malware files b.) Exclude the malware file with invalid file extension from the antivirus scan & also exclude the directory where the malware files are stored from the antivirus scans c.) Zip and password protect the malware files & store the malware files in an isolated storage facility d.) All of the above -Answer- D VirtualBox, VMware vSphere Hypervisor, and Microsoft Virtual Server are all examples of? a.) PE Analysis Tools b.) Virtualization Software c.) Network Simulation Software d.) Debugging tools -Answer- B Which type of analysis involves analyzing the logs and alerts of intrusion detection systems, SIEMs, and firewalls for the detection of malware? 10 Which of the following is NOT considered a type of phishing? a.) Spear b.) Whaling c.) Pharming d.) Swimming -Answer- D What is a common type of Identity Theft? a.) Child b.) Synthetic c.) Cloning d.) All of the above -Answer- D is an email validation protocol used by domain owners for preventing spoofing of emails a.) Sender Policy Framework b.) NetCraft c.) MxToolbox d.) Email Dossier -Answer- A What is the primary use of an email dossier? a.) To prevent email spoofing b.) To check the validity of an email address c.) To make email headers human readable by parsing them according to RFC 822 d.) To add a digital signature to the outgoing emails for better authentication -Answer- B Jocelyn would like to find out more information about the emails she receives at work such as the IP address, the sender's identity, and the mail server. What website could Jocelyn use to help her find this information? a.) Yesware b.) eMailTrackerPro c.) PoliteMail d.) All of the above -Answer- D What is one way you can check to see if an attacker has tampered with the email header after the incident? a.) Examine the logs b.) Examine the files c.) Examine the notes d.) Examine the email -Answer- A 11 is an email servicec platform by the Novell NetWare. It stores the user's messages in almost 25 proprietary databases. a.) NovelWise b.) GroupSmart c.) GroupWise d.) YesWare -Answer- C While investigating Microsoft Exchange servers for email crimes, an incident handler should primarily focus on which of the following files? a.) .edb database files, .stm database files, checkpoint files, and temporary files b.) .jpeg files, checkpoint files, pdf files, and .svg files c.) Temporary files, .doc files, and pdf files d.) .stm database files, .html files, and .lzh files -Answer- A When a user deletes mails form folders such as Inbox, Drafts, Sent Items, and Contacts, Outlook moves them into Deleted Items folder. What category of data deletion is this? a.) Medium Deletion b.) Hard Deletion c.) Easy Deletion d.) Soft Deletion -Answer- D Steve is an incident responder who wants to use an open-sourced phishing toolkit to help him conduct real-world phishing simulations. What could he use to do this? a.) SPAMfighter b.) Gophish c.) Gpg4win d.) Getmail -Answer- B What is a spam filter tool that can be used to automatically remove spam and phishing emails from an inbox? a.) ObserveIT b.) Ekran System c.) SPAMfighter d.) Gpg4win -Answer- C Applications such as TCPdump and Cain & Abel are used to intercept and log traffic passing through a network. What type of applications are they? a.) Packet sniffer 12 is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM), and offline pcap processing. b.) Log analysis c.) Host analysis d.) Network traffic -Answer- A File fingerprinting, local and online malware scanning, performing strings search, identifying packing/obfuscation methods, finding the portable executable's (PE) information, and identifying file dependencies are all considered what type of malware analysis technique? a.) Code b.) Static c.) Dynamic d.) Memory -Answer- B Port monitoring, process monitoring, registry monitoring, Windows services monitoring, startup programs monitoring, event logs monitoring/analysis, installation monitoring, and files & folder monitoring are all considered what type of malware analysis technique? a.) Code b.) Static c.) Dynamic d.) Memory -Answer- C a.) Suricata Engine b.) Ntopng c.) Snort d.) Gophish -Answer- A High resource utilization happens when attackers perform malicious attempts like DoS and DDoS attacks on the networks in order to overwhelm the network resources. Which indication may include the following sign? a.) Database logs showing attempts to access sensitive data b.) Unauthorized access attempts to the important files c.) Sudden increase in log messages of the operating system and application d.) Creation of new files or directories with unusual names -Answer- C Ping Method, DNS Method, and Promiscuous Mode are all considered what type of detection technique? a.) Firewall b.) Snort c.) IDS 15 The is a semi-trusted network zone that separates the untrusted a.) Database information b.) System Call Failure c.) Network Timeout d.) All of the above -Answer- D attacks exploit vulnerabilities in dynamically generated web pages, which enables malicious attackers to inject client-side script into web pages viewed by other users. a.) Denial of Service b.) Cross-site scripting ('XSS' or 'CSS') c.) SQL Injection d.) Man-in-the-Middle -Answer- B What is the name of the process that converts object data such as "name, age, city, and EmpID" into a linear format such as "<Employee><Name>Rinni</Name><Age>26</Age><City>Nevada</City>"? a.) Serialization b.) Insecure Deserialization c.) Deserialization d.) Insecure Serialization -Answer- A Heidi is a hacker who is trying to avoid detection by using Unicode, UTF-8, Base64, and URL encoding. What type of web application threat is she using? a.) Directory Traversal b.) Cookie Snooping c.) Obfuscation Application d.) DMZ Protocol Attacks -Answer- C internet from the company's trusted internal network. a.) DMZ b.) Buffer Zone c.) CAPTCHA Zone d.) Hidden Field Zone -Answer- A Bethany is an attacker who sends emails containing a rewrite link to trick victims into disclosing passwords and other sensitive information. What is the name of this method? a.) Unvalidated Redirect b.) Unvalidated Forward c.) Validated Redirect 16 d.) Validated Forward -Answer- A A particular mobile phone might be offered for $1000 on an e-commerse website, but the hacker, by altering some of the hidden text in its price field, purchases it for only $10. What type of attack would this be? a.) Hidden Field Manipulation b.) Footprinting Attack c.) Cookie Poisoning d.) XML Poisoning -Answer- A What is a disadvantage of using a Platform-as-a-Service (PaaS)? a.) Scalability b.) Data Privacy c.) Prebuilt Business Functionality d.) All of the above -Answer- B What is a main difference between a hybrid cloud and a community cloud? a.) Community clouds are more secure than hybrid clouds b.) A community cloud is comprised of two or more clouds that remain unique entities and a hybrid cloud is only one cloud c.) With a community cloud it is more difficult to achieve data compliance d.) A community cloud is a multi-tenant infrastructure shared among organizations verses a hybrid cloud which is comprised of two or more clouds -Answer- D Which type of cloud has an infrastructure that operates solely for a single organization? a.) Public b.) Community c.) Private d.) Hybrid -Answer- C A cloud broker is an entity that manages cloud services in terms of use, performance, and delivery, and also maintains the relationship between CSP's and cloud consumers. What service is provided by a cloud broker? a.) Service Intermediation b.) Service Aggregation c.) Service Arbitrage d.) All of the above -Answer- D When discussing cloud brokers and services, what is the primary use of service intermediation? 17 a.) Improves a given function by a specific capability and provides value-added services to cloud customers b.) Combines and integrates multiple services into one or more new services c.) To verify adherence to standards through review of object evidence d.) To act as an intermediary that provides connectivity and transport services between CSPs and cloud consumers -Answer- A What type of cloud computing threat affects the working of automated tasks? For example, if the cloud computing devices do not have synchronized or matched times, then due to the inaccuracy of the time stamps the network administrator would be unable to analyze the log files for any malicious activity accurately. a.) Unknown Risk Profile b.) Unsynchronized System Clocks c.) Insufficient Due Diligence d.) Shared Technology Issues -Answer- B In a cloud, refers to databases holding the data, virtual machines, operating systems, and so on. a.) File b.) Network c.) Server d.) Storage -Answer- D What is the purpose of the CloudPassage Quarantine application? a.) To recover data marked as deleted, as it may get overwritten by another user sharing the same cloud b.) To monitor /v1/events endpoint in the Halo API, to look for specific events c.) To detect a malicious act by identifying a series of small changes made across many systems and applications d.) All of the above -Answer- B PKI (Public Key Infrastructure), SDL (Security Development Lifecycle), WAF (Web Application Firewall), RTG (Real Traffic Grabber), IAM (Identity and Access Management), and ENC (Encryption) are all considered what? a.) Cloud Security Controls b.) Identification Controls c.) Server Controls d.) Windows Controls -Answer- A Yolanda is currently in the process of getting rid of the compromised cloud networks and applications that can represent attacks or malfunctioning in the networks, servers, systems, and applications related to the cloud. What is the name of this process?