Introduction to Cybersecurity: Course Final Exam Answers

Course Completion Assessment & Survey

Introduction to Cybersecurity: Course Final Exam Answers

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer. If the question is not here, find it in Questions Bank.

NOTE: If you have the new question on this test, please comment Question and Multiple-Choice list in form below this article. We will update answers for you in the shortest time. Thank you! We truly value your contribution to the website.


1. Which of the following firewalls hides or masquerades the private addresses of network hosts?

  • Reverse proxy firewall
  • Host-based firewall
  • Proxy server
  • Network address translation firewall
  • Network layer firewall

2. Carrying out a multi-phase, long-term, stealthy and advanced operation against a specific target is often referred to as what?

  • Advanced persistent threat
  • Network sniffing
  • Social engineering
  • Script kiddies
  • Rainbow tables

3. You are configuring access settings to require employees in your organization to authenticate first before accessing certain web pages. Which requirement of information security is addressed through this configuration?

  • Scalability
  • Availability
  • Integrity
  • Confidentiality

Explanation: Confidentiality is a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources and processes. Methods to ensure confidentiality include data encryption, identity proofing and two factor authentication.

4. What are the objectives of ensuring data integrity? (Choose two correct answers)

  • Data is unaltered during transit
  • Data is not changed by unauthorized entities
  • Data is encrypted while in transit and when stored on disks
  • Access to the data is authenticated
  • Data is available all the time

Explanation: The objectives for data integrity include data not being altered during transit and not being changed by unauthorized entities. Authentication and encryption are methods to ensure confidentiality. Data being available all the time is the goal of availability.

5. An organization is experiencing overwhelming visits to a main web server. You are developing a plan to add a couple of more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

  • Scalability
  • Integrity
  • Confidentiality
  • Availability

6. What of the following are examples of cracking an encrypted password? (Choose four correct answers)

  • Intimidation
  • Brute force attack
  • Network sniffing
  • Rainbow tables
  • Social engineering
  • Spraying
  • Dictionary attack

7. Improper management of physical access to a resource, such as a file, can lead to what type of security vulnerability?

  • Weaknesses in security practices
  • Race conditions
  • Access control problems
  • Buffer overflow
  • Non-validated input

8. A medical office employee sends emails to patients about their recent visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?

  • Contact information
  • Next appointment
  • Patient records
  • First and last name

9. What is the best way to avoid getting spyware on a machine?

  • Install the latest antivirus updates
  • Install the latest web browser updates
  • Install software only from trusted websites
  • Install the latest operating system updates

10. You are surfing the Internet using a laptop at a public Wi-Fi cafe. What should you check first before you connect to the public network?

  • That the Bluetooth adapter is disabled
  • If the laptop requires user authentication for file and media sharing
  • That the laptop web browser is operating in private mode
  • If the laptop has a master password set to secure the passwords stored in the password manager

Explanation: You should always verify that your device isn’t configured with file and media sharing and that it requires user authentication with encryption.

11. What is the main function of the Cisco Security Incident Response Team?

  • To design next generation routers and switches that are less prone to cyber attacks
  • To design polymorphic malware
  • To ensure company, system and data preservation
  • To provide standards for new encryption techniques

12. Which of the following firewalls are placed in front of web services to protect, hide, offload and distribute access to web servers?

  • Application layer firewall
  • Proxy server
  • Transport layer firewall
  • Network layer firewall
  • Reverse proxy server

Explanation: Placed in front of web servers, reverse proxy servers protect, hide, offload and distribute access to web servers.

13. Which of the following certifications meets the U.S. Department of Defense Directive 8570.01-M requirements, which is important for anyone looking to work in IT security for the federal government?

  • EC Council Certified Ethical Hacker
  • Microsoft Technology Associate Security Fundamentals
  • ISACA CSX Cybersecurity Fundamentals
  • CompTIA Security+
  • ISC2 Certified Information Systems Security Professional
  • Palo Alto Networks Certified Cybersecurity Associate

Explanation: This is an entry-level security certification that meets the U.S. Department of Defense Directive 8570.01-M requirements, which is an important item for anyone looking to work in IT security for the federal government.

14. One of your colleagues has lost her identification badge. She is in a hurry to get to a meeting and does not have time to visit Human Resources to get a temporary badge. You lend her your identification badge until she can obtain a replacement.
Is this behavior ethical or unethical?

  • Ethical
  • Unethical

15. Which of the following certifications tests your understanding and knowledge in how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner?

  • Palo Alto Networks Certified Cybersecurity Associate
  • ISC2 Certified Information Systems Security Professional
  • Microsoft Technology Associate Security Fundamentals
  • CompTIA Security+
  • ISACA CSX Cybersecurity Fundamentals
  • EC Council Certified Ethical Hacker

Explanation: This certification tests your understanding and knowledge of how to look for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker but in a lawful and legitimate manner.

16. What is the main purpose of cyberwarfare?

  • To develop advanced network devices
  • To gain advantage over adversaries
  • To protect cloud-based data centers
  • To simulate possible war scenarios among nations

Explanation: The main reason for resorting to cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors.

17. What vulnerability occurs when the output of an event depends on ordered or timed outputs?

  • Weaknesses in security practices
  • Non-validated input
  • Race conditions
  • Buffer overflow
  • Access control problems

18. What do you call the vulnerabilities discovered by Google security researchers that affect almost all CPUs released since 1995? (Select two correct answers)

  • Shell shock
  • WannaCry
  • NotPetva
  • Spectre
  • Meltdown

19. If developers attempt to create their own security algorithms, it will likely introduce what type of vulnerabilities?

  • Buffer overflow
  • Race conditions
  • Weaknesses in security practices
  • Non-validated input
  • Access control problems

Explanation: Systems and sensitive data can be protected through techniques such as authentication, authorization and encryption. Developers should stick to using security techniques and libraries that have already been created, tested and verified and should not attempt to create their own security algorithms. These will only likely introduce new vulnerabilities.

20. Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?

  • Open authorization
  • VPN service
  • Password manager
  • In-private browsing mode3

Explanation: Open Authorization is an open standard protocol that allows end users to access third party applications without exposing their user passwords.

21. Which of the following security implementations use biometrics? (Choose two correct answers)

  • Fingerprint
  • Phone
  • Credit card
  • Voice recognition
  • Fob

22. Which of the following firewalls filters traffic based on source and destination IP addresses?

  • Network layer firewall
  • Proxy server
  • Application layer firewall
  • Transport layer firewall
  • Network address translation firewall

23. Which of the following firewalls filters web content requests such as URLs and domain names?

  • Application layer firewall
  • Proxy server
  • Reverse proxy server
  • Network layer firewall
  • Network address translation firewall

24. A port scan returns a ‘dropped’ response. What does this mean?

  • A service is listening on the port
  • Connections to the port will be denied
  • There was no reply from the host

25. During a meeting with the Marketing department, a representative from IT discusses features of an upcoming product that will be released next year. Is this employee’s behavior ethical or unethical?

  • Ethical
  • Unethical

26. Which of the following is an entry-level certification for newcomers who are preparing to start their career in cybersecurity?

  • CompTIA Security+
  • Microsoft Technology Associate Security Fundamentals
  • ISC2 Certified Information Systems Security Professional
  • ISACA CSX Cybersecurity Fundamentals
  • EC Council Certified Ethical Hacker
  • Palo Alto Networks Certified Cybersecurity Associate

Explanation: This is an entry-level certification for newcomers who are preparing to start their career in the cybersecurity field.

27. ‘Cybersecurity certifications are a way for you to verify your skills and knowledge and can also boost your career.’ Is this statement true or false?

  • True
  • False

28. When describing malware, what is a difference between a virus and a worm?
Network Security (Version 1) - Network Security 1.0 Final Exam

  • A virus focuses on gaining privileged access to a device, whereas a worm does not.
  • A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
  • A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks.
  • A virus can be used to deliver advertisements without user consent, whereas a worm cannot.

Explanation: Malware can be classified as follows:
Virus (self-replicates by attaching to another program or file)
Worm (replicates independently of another program)
Trojan horse (masquerades as a legitimate file or program)
Rootkit (gains privileged access to a machine while concealing itself)
Spyware (collects information from a target system)
Adware (delivers advertisements with or without consent)
Bot (waits for commands from the hacker)
Ransomware (holds a computer system or data captive until payment isreceived)


guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x