TESTOUT SECURITY PRO CHAPTER 1 -5
Section 1.1.4
A user copies files from her desktop computer to a USB flash device and puts the
device into her pocket. Which of the following security risks is most pressing?
Confidentiality
Which of the following BEST describes a cyber terrorist?
Disrupts network-dependent institutions
Your computer system is a participant in an asymmetric cryptography system. You've
created a message to send to another user. Before transmission, you hash the
message and encrypt the hash using your private key. You then attach this encrypted
hash to your message as a digital signature before sending it to the other user.
In this example, which protection does the hashing activity provide?
Integrity
Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs.
Which of the following could an employee also be known as?
Internal threat
By definition, which security concept uses the ability to prove that a sender undeniably
sent an encrypted message?
Non-repudiation
Which of the following includes all hardware and software necessary to secure data,
such as firewalls and antivirus software?
Physical security
Which of the following are often identified as the three main goals of security? (Select
three.)
Availability
Confidentiality
,Integrity
Which of the following is the correct definition of a threat?
Any potential danger to the confidentiality, integrity, or availability of information or
systems
Which of the following is an example of a vulnerability?
Misconfigured server
1.2.4
1.2.4
The Application layer of the security model includes which of the following? (Select two.)
Web application security
User management
When training your employees on how to identify various attacks, which of the following
policies should you be sure to have and enforce? (Select two.)
Clean desk policies
Password policies
Which of the following reduces the risk of a threat agent being able to exploit a
vulnerability?
Countermeasures
Which of the following items would be implemented at the Data layer of the security
model?
Cryptography
Which of the following items would you secure in the Perimeter layer of the security
model?
Firewalls
Which of the following is the single greatest threat to network security?
Employees
Which of the following is a security approach that combines multiple security controls
and defenses?
Layered security
,Which of the following items would be implemented at the Network layer of the security
model?
Penetration testing
Which of the following is one of the MOST common attacks on employees?
Phishing attack
The Policies, Procedures, and Awareness layer of the security model includes which of
the following? (Select two.)
Employee onboarding
User Education
2.1.6
2.1.6
An employee stealing company data could be an example of which kind of threat actor?
Internal threat
Which of the following is the BEST definition of the term hacker?
A general term used to describe any individual who uses their technical knowledge to
gain unauthorized access to an organization.
Which of the following threat actors seeks to defame, shed light on, or cripple an
organization or government?
Hacktivist
The IT manager in your organization proposes taking steps to deflect a potential threat
actor. The proposal includes the following:
Create and follow onboarding and off-boarding procedures.
Employ the principal of least privilege.
Have appropriate physical security controls in place.
Which type of threat actor do these steps guard against?
Insider
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie
attacks often seek to exploit well-known vulnerabilities in systems.
What is the BEST defense against script kiddie attacks?
Keep systems up to date and use standard security practices.
, A hacker scans hundreds of IP addresses randomly on the internet until they find an
exploitable target. What kind of attack is this?
Opportunistic attack
Match the general attack strategy on the left with the appropriate description on the
right. (Each attack strategy may be used once, more than once, or not all.)
Stealing information.
Exploitation
Preparing a computer to perform additional tasks in the attack.
Staging
Crashing systems.
Exploitation
Gathering system hardware information.
Reconnaissance
Penetrating system defenses to gain unauthorized access.
Breaching
Configuring additional rights to do more than breach the system.
Escalating privileges
Match the general defense methodology on the left with the appropriate description on
the right. (Each methodology may be used once, more than once, or not all.)
The constant change in personal habits and passwords to prevent anticipated events
and exploitation.
Randomness
Diversifying layers of defense.
Variety
Giving users only the access they need to do their job and nothing more.
Principle of least privilege
Implementing multiple security measures to protect the same asset.
Layering
Eliminating single points of failure.
Layering
Section 1.1.4
A user copies files from her desktop computer to a USB flash device and puts the
device into her pocket. Which of the following security risks is most pressing?
Confidentiality
Which of the following BEST describes a cyber terrorist?
Disrupts network-dependent institutions
Your computer system is a participant in an asymmetric cryptography system. You've
created a message to send to another user. Before transmission, you hash the
message and encrypt the hash using your private key. You then attach this encrypted
hash to your message as a digital signature before sending it to the other user.
In this example, which protection does the hashing activity provide?
Integrity
Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs.
Which of the following could an employee also be known as?
Internal threat
By definition, which security concept uses the ability to prove that a sender undeniably
sent an encrypted message?
Non-repudiation
Which of the following includes all hardware and software necessary to secure data,
such as firewalls and antivirus software?
Physical security
Which of the following are often identified as the three main goals of security? (Select
three.)
Availability
Confidentiality
,Integrity
Which of the following is the correct definition of a threat?
Any potential danger to the confidentiality, integrity, or availability of information or
systems
Which of the following is an example of a vulnerability?
Misconfigured server
1.2.4
1.2.4
The Application layer of the security model includes which of the following? (Select two.)
Web application security
User management
When training your employees on how to identify various attacks, which of the following
policies should you be sure to have and enforce? (Select two.)
Clean desk policies
Password policies
Which of the following reduces the risk of a threat agent being able to exploit a
vulnerability?
Countermeasures
Which of the following items would be implemented at the Data layer of the security
model?
Cryptography
Which of the following items would you secure in the Perimeter layer of the security
model?
Firewalls
Which of the following is the single greatest threat to network security?
Employees
Which of the following is a security approach that combines multiple security controls
and defenses?
Layered security
,Which of the following items would be implemented at the Network layer of the security
model?
Penetration testing
Which of the following is one of the MOST common attacks on employees?
Phishing attack
The Policies, Procedures, and Awareness layer of the security model includes which of
the following? (Select two.)
Employee onboarding
User Education
2.1.6
2.1.6
An employee stealing company data could be an example of which kind of threat actor?
Internal threat
Which of the following is the BEST definition of the term hacker?
A general term used to describe any individual who uses their technical knowledge to
gain unauthorized access to an organization.
Which of the following threat actors seeks to defame, shed light on, or cripple an
organization or government?
Hacktivist
The IT manager in your organization proposes taking steps to deflect a potential threat
actor. The proposal includes the following:
Create and follow onboarding and off-boarding procedures.
Employ the principal of least privilege.
Have appropriate physical security controls in place.
Which type of threat actor do these steps guard against?
Insider
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie
attacks often seek to exploit well-known vulnerabilities in systems.
What is the BEST defense against script kiddie attacks?
Keep systems up to date and use standard security practices.
, A hacker scans hundreds of IP addresses randomly on the internet until they find an
exploitable target. What kind of attack is this?
Opportunistic attack
Match the general attack strategy on the left with the appropriate description on the
right. (Each attack strategy may be used once, more than once, or not all.)
Stealing information.
Exploitation
Preparing a computer to perform additional tasks in the attack.
Staging
Crashing systems.
Exploitation
Gathering system hardware information.
Reconnaissance
Penetrating system defenses to gain unauthorized access.
Breaching
Configuring additional rights to do more than breach the system.
Escalating privileges
Match the general defense methodology on the left with the appropriate description on
the right. (Each methodology may be used once, more than once, or not all.)
The constant change in personal habits and passwords to prevent anticipated events
and exploitation.
Randomness
Diversifying layers of defense.
Variety
Giving users only the access they need to do their job and nothing more.
Principle of least privilege
Implementing multiple security measures to protect the same asset.
Layering
Eliminating single points of failure.
Layering
