2023 Privacy And Information Security Quiz Albertsons

Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve multifactor authentication?

Jared is investigating a security incident and discovers that an attacker began with a normal user account but manager to exploit a system vulnerability to provide that account with administrative rights. What type of attack took place under the STRIDE threat model?

Normally used an authorization tool?

Jame's network begins to experience symptoms of slowness. After investigating he realizes that the network is being bombarded with TCP SYN packets and believes that his organization is the victim of a denial of service attack. What principle of information security is being violated?

Which one of the following individuals is normally responsible for fulfilling the operational data protection responsibilities delegated by senior management, such as validating data integrity, testing backups, and managing security policies?

Anne is the security administrator for a public school district. She is implementing a new student information system and is testing the code to ensure students are not able to alter their own grades. What principle of information security is Anne enforcing?

Dominic discovers a keylogger hidden on the laptop of her company's chief executive officer. What information security principle is the keylogger designed to disrupt?

What is the formula for used to determine risk?

Catherine is working with the management team to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Catherine attempting to enforce?

Charlotte is designing a messaging system for a bank and would like to include a feature that allows the recipient of a message to prove to a third part that the message did indeed come from the purported originator. What goal is Charlotte trying to achieve?

What principle of information security states that an organization should implement overlapping security controls whenever possible?

What tool is most often used for identification purposes and is not suitable for use as an authenticator?

Which one of the following is an administrative control that can protect the confidentiality of information?

Which IP address class contains exactly 256 addresses?

Which network tool can be used to protect the identity of clients while providing internet access by accept client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out of their destination?

During troubleshooting, Taylor uses the 'nslookup' command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted?

SMTP, HTTP, and SNMP all occur at which layer of the OSI Model?

Emily uses the ping utility to check whether a remote system is up as a part of a penetration testing exercise. If she wants to filter ping out by protocol, what should she filter out from her packet sniffer's logs?

The DoD (TCP/IP) model's Application layer matches up to which three OSI model layers?

Which OSI layer includes electrical specifications, protocols, and interface standards?

The Windows ipconfig command displays the following information: BC-5F-F4-7B-4B-7D. What term describes this and what information can be gathered from it?

What is the subnet mask for a Class B network?

How many bits are in an IPv4 address?

What is a secure way to remotely administer Linux systems?

Jose is installing a new Domain Name System. Which port should he open to allow traffic to his new service?

Beck wants to ensure that all external traffic is able to access her organization's front end servers but he also wants to protect access to her internal resources. Which network design element would you recommend Becky to use?

Which of these hides an entire network of IP addresses?

How many IP addresses are in the CIDR range 192.168.1.0/24

What is the last rule contained within the ACLs of a firewall?

What device would most likely have a DMZ interface?

For a remote tech to log in to a user's Windows computer in another state, what inbound post must be open on the user's computer?

A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer?

Lists the packets of the TCP handshake in the correct order

Which of the following is an example of a physical asset that should be secured?

Risa is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. She plans to implement motion detectors in the facility but would also like to include secondary verification control for physical presence. Which one of the following would best meet her needs?

What type of access controls allow the owner of a file to grant other users access to it using an access control list?

Mandatory access control is based on what type of model?

"Read down, write up" is typically associated with which type of access control?

Thomas has been asked to recommend whether her organization should use a mandatory access control scheme or a discretionary access control scheme. If flexibility and scalability is important requirement for implementing access controls, which scheme should she recommend and why?

Maggie starts her new job and finds that she has access to variety of systems that she does not need access to to accomplish her job. Which concept would best address the security issue concerning her access?

What type of access control is typically use by firewalls?

Anne has Secret clearance and is accessing files that use a mandatory access control scheme to apply the Top Secret, Secret, Confidential, and Unclassified label scheme. If her rights include the ability to access all data of her clearance level or lower, what classification levels of data can she access?

Which type of access control uses groups of users that have similar job functions to assign permissions?

File permissions in a Linux system (eg. rwxrwxr--) are an example of what type of access control?

Which of the following is not a best practice for service accounts?

Which of the following is not a strategy in risk management?

Which type of risk assessment uses probability and impact to determine the significance of a risk?

What is the formula for calculating single loss expectancy (SLE)?

Which of the following is not a type of security control?

What do you call the method of penetration testing where the attackers have no previous knowledge of the target systems?

What should be at the beginning of the report detailing the results of a penetration test?

A group of compromised computers that have a software installed by a worm or Trojan allowing them to coordinate together is known as which of the following?

Which of the following is a common symptom of adware?

Taylor is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason?

Which type of attack uses more than one computer?

Matthew believes that his computer has a worm. What is the best tool to use to remove that worm?

Which type of malware does not require a user to execute a program to distribute the software?

Which of the following defines the difference between a Trojan horse and a worm?

Emily complains of very slow system performance and says that a lot of antivirus messages are being displayed. She admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has probably affected the Emily's computer?

Becky complains that she was browsing the Internet when her computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened?

Risa is the security administrator for her organization and has just completed a routine server audit. She did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst finds hidden processes that are running on the server. Which of the following has most likely been installed on the server?

Which of the following concepts can ease administration but can be the victim of a malicious attack?

Sarah checks the application log of her web server and sees that someone attempted unsuccessfully to enter the text test; etc/password into an HTML form field. Which attack was attempted?

What's the best way to prevent SQL injection attacks on web applications?

Which of the following attacks uses a JavaScript image tag in an e-mail?

An attacker takes advantage of a vulnerability in programming that allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated?

Which of the following is NOT a good reason to implement monitoring and auditing?

Which of the following is not a privileged administrative activity that should be automatically sent to a log of superuser actions?

Which of the following is NOT a tool that helps you collect and aggregate logs?

Which type of data backup requires to the least amount of disk space but is more prone to data loss if a backup is corrupted?

Which of the following processes is used to determine which services impact an organization the most?

Which one of the following types of agreements is the most formal document that contains expectations about availability and other performance parameters between a service provider and a customer?

Which one of the following controls protects an organization in the event of a sustained period of power loss?

Jared is selecting a disaster recovery facility for his organization. He would like to choose a facility that has appropriate environmental controls and power for his operations but wants to minimize costs. He is willing to accept a lengthy recovery time. What type of facility should he choose?

In the previous scenario, Jared also wants to make sure his organization remains available through fires, floods, tornadoes, and mass power outages. However he is under regulations requiring that none of his organization's data leave the United States. If his main data center is located in the University of Notre Dame's campus, which of the following is a suitable location for the backup data center?

In asymmetric cryptography, how many different keys are needed for 4 users to exchange encrypted information between each pair while maintaining confidentiality from the other users?

Which of the following is a type of asymmetric algorithm?

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. If Alice wants to send Bob an encrypted message that only Bob can decrypt, which key should she use to encrypt her message?

When Bob receives the message from Question 3, which key does he need to use to decrypt it?

In the scenario from Question 3, which key is the only key that Alice should not have in her possession?

If Alice also wants to digitally sign the message that she sends to Bob in Question 3, which key should she use to create the digital signature?

What are the steps in creating a digital signature?

Which of the following is NOT included in a digital certificate?

Which of the following is not a part of public key infrastructure?

James is examining a digital certificate presented to him by his bank's website. Which one of the following requirements is not necessary for him to trust the digital certificate?

Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use, assuming the developer provided the relevant checksum, if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor?

Which of the following is the ciphertext resulting from a Caesar cipher encryption of the word 'IRISH' with a rotation of 1?

Alice sent a message to Bob. Bob would like to demonstrate to Charlie that the message he received definitely came from Alice. What goal of cryptography is Bob attempting to achieve?

In symmetric cryptography, how many different keys are needed for 2 users to exchange encrypted information?

In symmetric cryptography, how many different keys are needed for 4 users to exchange encrypted information between each pair while maintaining confidentiality from the other users?

Jared intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs frequency analysis and notes that the frequency of the letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?

When does it make sense to use a shorter key when encrypting with AES?

CVE databases provide what type of information

Which of the following is NOT a typical part of a penetration testing/vulnerability report?

James has been hired to perform a penetration test of Notre Dame Federal Credit Union's primary branch. In order to make the test as real as possible, he has not been given any information about Notre Dame Federal Credit Union other than its name and IP address space. What type of penetration test has James agreed to perform?