ITS CYBERSECURITY PRACTICE EXAM WITH ANSWERS #9
A self-propagating malicious code that can propagate to other systems on the network and
consume resources that could lead to a denial-of-service attack is called a _____. - correct
answer worm
A computer malware code that replicates itself on the target computer and spreads through
the network causing damage and distributing additional harmful payloads is called a _____. -
correct answer virus
A program that appears to be useful or harmless but contains hidden code that can
compromise the target system on which it runs is called a _____. - correct answer trojan horse
What are the two classes of encryption algorithms? (choose 2.) - correct answer asymmetric
Symmetric
Which algorithm is a one-way mathematical function that is used to provide data integrity? -
correct answer sha-2
Why is it important to block incoming ip broadcast addresses and reserved private ip addresses
from entering your network? - correct answer these types of addresses are easier to use for ip
spoofing attacks.
You are a junior cybersecurity analyst. An employee reports to you that her laptop was stolen.
For which three reasons should you escalate this event to the computer security incident
response team (csirt)? (choose 3.) - correct answer potential network disruption or denial of
service
Exposure of sensitive or confidential information
Unauthorized use of resources
,Which classification of alert should be escalated to security investigators? - correct answer true
positive
Which term refers to the combined sum of all potential threat vectors in defense-in-depth
security? - correct answer attack surface
You receive an email from your teacher that has a link to a class poll for a pizza party. You click
the link which takes you to the school portal to log in. Later, you discover this was a phishing
email and your credentials were stolen. Which part of the cia triad was compromised in this
attack? - correct answer confidentiality
A major power surge occurs in the middle of making authorized changes to the company
payroll server which results in equipment failure. The equipment is replaced and the data is
restored from a previous, good backup. Which part of the cia triad was preserved? - correct
answer availability
Which two states of data domains would require encryption and hashing to secure the data?
(choose 2.) - correct answer data at rest
Data in transit
In which order should you collect digital evidence from a computer system? - correct answer
contents of ram, contents of fixed disk, archived backup
Which type of attack substitutes a source ip address to impersonate a legitimate computer
system? - correct answer ip spoofing
In a dhcp __ attack, threat actors configure a fake dhcp server on the network to issue dhcp
addresses to clients. - correct answer spoofing
In a dhcp __ attack, threat actors flood the dhcp server with dhcp requests to use up all the
available ip addresses that the legitimate dhcp server can issue. - correct answer starvation
, In a dns __ attack, threat actors use publicly accessible open dns servers to flood a target with
dns response traffic. - correct answer amplification
In a dns __ attack, threat actors change the a record for your domain's ip address to point to a
predetermined address of their choice. - correct answer hijacking
An attacker on the local network is forwarding packets that associate the mac address of the
attacker's computer with the ip address of a legitimate server. Which type of attack is taking
place? - correct answer arp spoofing
An attacker has connected a laptop to a wireless network and attempts to lease all available ip
addresses from the dhcp server. Which type of attack is occurring? - correct answer dhcp
starvation
An attacker has overwhelmed a server by sending more get requests than the server can
process. This results in a successful dos attack. Which type of attack has occurred? - correct
answer http flooding
_____ is used to find vulnerabilities within a computer system. - correct answer penetration
testing
Establish the incident response team.
Determine if an incident has occurred.
Validate the ip address of the attacking host.
Hold a lessons learned meeting. - correct answer preparation phase
Detection & analysis phase
Containment, eradication, and recovery phase
Post-incident activity phase
A self-propagating malicious code that can propagate to other systems on the network and
consume resources that could lead to a denial-of-service attack is called a _____. - correct
answer worm
A computer malware code that replicates itself on the target computer and spreads through
the network causing damage and distributing additional harmful payloads is called a _____. -
correct answer virus
A program that appears to be useful or harmless but contains hidden code that can
compromise the target system on which it runs is called a _____. - correct answer trojan horse
What are the two classes of encryption algorithms? (choose 2.) - correct answer asymmetric
Symmetric
Which algorithm is a one-way mathematical function that is used to provide data integrity? -
correct answer sha-2
Why is it important to block incoming ip broadcast addresses and reserved private ip addresses
from entering your network? - correct answer these types of addresses are easier to use for ip
spoofing attacks.
You are a junior cybersecurity analyst. An employee reports to you that her laptop was stolen.
For which three reasons should you escalate this event to the computer security incident
response team (csirt)? (choose 3.) - correct answer potential network disruption or denial of
service
Exposure of sensitive or confidential information
Unauthorized use of resources
,Which classification of alert should be escalated to security investigators? - correct answer true
positive
Which term refers to the combined sum of all potential threat vectors in defense-in-depth
security? - correct answer attack surface
You receive an email from your teacher that has a link to a class poll for a pizza party. You click
the link which takes you to the school portal to log in. Later, you discover this was a phishing
email and your credentials were stolen. Which part of the cia triad was compromised in this
attack? - correct answer confidentiality
A major power surge occurs in the middle of making authorized changes to the company
payroll server which results in equipment failure. The equipment is replaced and the data is
restored from a previous, good backup. Which part of the cia triad was preserved? - correct
answer availability
Which two states of data domains would require encryption and hashing to secure the data?
(choose 2.) - correct answer data at rest
Data in transit
In which order should you collect digital evidence from a computer system? - correct answer
contents of ram, contents of fixed disk, archived backup
Which type of attack substitutes a source ip address to impersonate a legitimate computer
system? - correct answer ip spoofing
In a dhcp __ attack, threat actors configure a fake dhcp server on the network to issue dhcp
addresses to clients. - correct answer spoofing
In a dhcp __ attack, threat actors flood the dhcp server with dhcp requests to use up all the
available ip addresses that the legitimate dhcp server can issue. - correct answer starvation
, In a dns __ attack, threat actors use publicly accessible open dns servers to flood a target with
dns response traffic. - correct answer amplification
In a dns __ attack, threat actors change the a record for your domain's ip address to point to a
predetermined address of their choice. - correct answer hijacking
An attacker on the local network is forwarding packets that associate the mac address of the
attacker's computer with the ip address of a legitimate server. Which type of attack is taking
place? - correct answer arp spoofing
An attacker has connected a laptop to a wireless network and attempts to lease all available ip
addresses from the dhcp server. Which type of attack is occurring? - correct answer dhcp
starvation
An attacker has overwhelmed a server by sending more get requests than the server can
process. This results in a successful dos attack. Which type of attack has occurred? - correct
answer http flooding
_____ is used to find vulnerabilities within a computer system. - correct answer penetration
testing
Establish the incident response team.
Determine if an incident has occurred.
Validate the ip address of the attacking host.
Hold a lessons learned meeting. - correct answer preparation phase
Detection & analysis phase
Containment, eradication, and recovery phase
Post-incident activity phase
