Cisco !#&? be a network ninja


To the top Chapter 6.1.1 Chapter 6.1.2

Introduction to Cybersecurity

One course of Cisco's "Skills for all"

On completing this course, you will be able to:

Module 6 - Course Final Exam

Chapter 6.1 - Course Final Exam

6.1.1 Module 6 quiz

Question

'Internet-based cameras and gaming gear are not subject to security breaches.'

Is this statement true or false?

Question

What type of attack uses zombies?

Question

What vulnerability occurs when the output of an event depends on ordered or timed outputs?

Question

Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?

Question

A medical office employee sends emails to patients about their recent visits to the facility.

What information would put the privacy of the patients at risk if it was included in the email?

Question

'A data breach does not impact the reputation of an organization.'

Is this statement true or false?

Question

Which of the following firewalls hides or masquerades the private addresses of network hosts?

Question

Which of the following certifications is aimed at high school and early college students, as well as anyone interested in a career change?

Question

An employee is at a restaurant with friends and tells them about an exciting new video game that is under development at the organization they work for.

Is this employee’s behavior ethical or unethical?

Question

An employee is laid off after fifteen years with the same organization. The employee is then hired by another organization within a week. In the new organization, the employee shares documents and ideas for products that the employee proposed at the original organization.

Is this employee’s behavior ethical or unethical?

Question

Which of the following are commonly used port scanning applications?


Select two correct answers

Question

Which of the following security implementations use biometrics?


Select two correct answers

Question

What of the following are examples of cracking an encrypted password?


Select four correct answers

Question

What are the objectives of ensuring data integrity?


Select two correct answers

Question

Which of the following items are states of data?


Select three correct answers

6.1.2 Module 6 quiz explanations

Question

Which statement describes cybersecurity?

  1. It is a framework for security policy development.
  2. It is a standard-based model for developing firewall technologies to fight against cybercriminals.
  3. It is a standard-based model for developing firewall technologies to fight against cybercriminals.
  4. It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm.
Explanations

Cybersecurity is the ongoing effort to protect Internet-connected network systems and all of the data associated with the systems from unauthorized use or harm.

Answer: It is an ongoing effort to protect Internet-connected systems and the data associated with those systems from unauthorized use or harm.

Question

What are two objectives of ensuring data integrity? (Choose two.)

  1. Data is available all the time.
  2. Data is unaltered during transit.
  3. Access to the data is authenticated.
  4. Data is not changed by unauthorized entities.
  5. Data is encrypted while in transit and when stored on disks.
Explanations

The objectives for data integrity include data not being altered during transit and not being changed by unauthorized entities. Authentication and encryption are methods to ensure confidentiality. Data being available all the time is the goal of availability.

Answer: 2. Data is unaltered during transit,
4. Data is not changed by unauthorized entities.

Question

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

  1. integrity
  2. scalability
  3. availability
  4. confidentiality
Explanations

Confidentiality ensures that data is accessed only by authorized individuals. Authentication will help verify the identity of the individuals.

Answer: confidentiality

Question

A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

  1. integrity
  2. scalability
  3. availability
  4. confidentiality
Explanations

Availability ensures that network services are accessible and performing well under all conditions. By load balancing the traffic destined to the main web servers, in times of a huge volume of visits the systems will be well managed and serviced.

Answer: availability

Question

An employee does something as a company representative with the knowledge of that company and this action is deemed illegal. The company would be legally responsible for this action.

  1. true
  2. false
Explanations

This is a bit of a grey area and would also depend on local laws. In many cases, if the employee did something with the knowledge or approval of the company, then the legal responsibility would probably be with the company not the employee. In some areas or situations, both the company and employee could be held legally responsible.

Answer: true

Question

What is the main purpose of cyberwarfare?

  1. Telnet
  2. to protect cloud-based data centers
  3. to gain advantage over adversaries
  4. to develop advanced network devices
  5. to simulate possible war scenarios among nations
Explanations

Cyberwarfare is Internet-based conflict that involves the penetration of the networks and computer systems of other nations. The main purpose of cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors.

Answer: to gain advantage over adversaries

Question

When describing malware, what is a difference between a virus and a worm?

  1. A virus focuses on gaining privileged access to a device, whereas a worm does not. A virus can be used to deliver advertisements without user consent, whereas a worm cannot.
  2. A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.
  3. A virus can be used to launch a DoS attack (but not a DDoS), but a worm can be used to launch both DoS and DDoS attacks.
Explanations

Malware can be classified as follows:

  • Virus (self replicates by attaching to another program or file)
  • Worm (replicates independently of another program)
  • Trojan Horse (masquerades as a legitimate file or program)
  • Rootkit (gains privileged access to a machine while concealing itself)
  • Spyware (collects information from a target system)
  • Adware (delivers advertisements with or without consent)
  • Bot (waits for commands from the hacker)
  • Ransomware (holds a computer system or data captive until payment is received)

Answer: A virus replicates itself by attaching to another file, whereas a worm can replicate itself independently.

Question

What type of attack uses zombies?

  1. Trojan horse
  2. DDoS
  3. SEO poisoning
  4. spear phishing
Explanations

The hacker infects multiple machines (zombies), creating a botnet. Zombies launch the distributed denial of service (DDoS) attack.

Answer: DDoS

Question

The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?

  1. adware
  2. DDoS
  3. phishing
  4. social engineering
  5. spyware
Explanations

Phishing, spyware, and social engineering are security attacks that collect network and user information. Adware consists, typically, of annoying popup windows. Unlike a DDoS attack, none of these attacks generate large amounts of data traffic that can restrict access to network services.

Answer: DDoS

Question

What is the best approach to prevent a compromised IoT device from maliciously accessing data and devices on a local network?

  1. Install a software firewall on every network device.
  2. Place all IoT devices that have access to the Internet on an isolated network.
  3. Disconnect all IoT devices from the Internet.
  4. Set the security settings of workstation web browsers to a higher level
Explanations

The best approach to protect a data network from a possibly compromised IoT device is to place all IoT devices on an isolated network that only has access to the Internet.

Answer: Place all IoT devices that have access to the Internet on an isolated network.

Question

What is the best method to avoid getting spyware on a machine?

  1. Install the latest operating system updates.
  2. Install the latest web browser updates.
  3. Install the latest antivirus updates.
  4. Install software only from trusted websites.
Explanations

The best method to avoid getting spyware on a user machine is to download software only from trusted websites.

Answer: Install software only from trusted websites.

Question

What are two security implementations that use biometrics? (Choose two.)

  1. voice recognition
  2. fob
  3. phone
  4. fingerprint
  5. credit card
Explanations

Biometric authentication can be used through the use of a fingerprint, palm print, and facial or voice recognition.

Answer: voice recognition, fingerprint

Question

Which technology creates a security token that allows a user to log in to a desired web application using credentials from a social media website?

  1. password manager
  2. Open Authorization
  3. in-private browsing mode
  4. VPN service
Explanations

Open Authorization is an open standard protocol that allows end users to access third party applications without exposing their user passwords.

Answer: Open Authorization

Question

A medical office employee sends emails to patients about recent patient visits to the facility. What information would put the privacy of the patients at risk if it was included in the email?

  1. patient records
  2. first and last name
  3. contact information
  4. next appointment
Explanations

An email message is transmitted in plain text and can be read by anyone who has access to the data while it is en route to a destination. Patient records include confidential or sensitive information that should be transmitted in a secure manner.

Answer: patient records

Question

Which two tools used for incident detection can be used to detect anomalous behavior, to detect command and control traffic, and to detect infected hosts? (Choose two.)

  1. intrusion detection system
  2. Honeypot
  3. NetFlow
  4. Nmap
  5. a reverse proxy server
Explanations

Although each of these tools is useful for securing networks and detecting vulnerabilities, only an IDS and NetFlow logging can be used to detect anomalous behavior, command and control traffic, and infected hosts.

Answer: intrusion detection system, NetFlow

Question

For what purpose would a network administrator use the Nmap tool?

  1. detection and identification of open ports
  2. protection of the private IP addresses of internal hosts
  3. identification of specific network anomalies
  4. collection and analysis of security alerts and logs
Explanations

Nmap allows an administrator to perform port scanning to probe computers and the network for open ports. This helps the administrator verify that network security policies are in place.

Answer: detection and identification of open ports

Question

Which stage of the kill chain used by attackers focuses on the identification and selection of targets?

  1. delivery
  2. exploitation
  3. weaponization
  4. reconnaissance
Explanations

It is the first stage, reconnaissance, of the the kill chain that focuses on the identification and selection of targets.

Answer: reconnaissance

Question

What is an example of the a Cyber Kill Chain?

  1. a group of botnets
  2. a planned process of cyberattack
  3. a series of worms based on the same core code
  4. a combination of virus, worm, and Trojan Horse
Explanations

The Cyber Kill Chain describes the phases of a progressive cyberattack operation. The phases include the following:

  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and control
  • Actions on objectives

In general, these phases are carried out in sequence. However, during an attack, several phases can be carried out simultaneously, especially if multiple attackers or groups are involved.

Answer: a planned process of cyberattack

Question

What tool is used to lure an attacker so that an administrator can capture, log, and analyze the behavior of the attack?

  1. Netflow
  2. IDS
  3. Nmap
  4. honeypot
Explanations

A honeypot is a tool set up by an administrator to lure an attacker so that the behavior of the attacker can be analyzed. This information can help the administrator identify weaknesses and build a stronger defense.

Answer: honeypot

Question

What is one main function of the Cisco Security Incident Response Team?

  1. to design polymorphic malware
  2. to design next generation routers and switches that are less prone to cyberattacks
  3. to provide standards for new encryption techniques
  4. to ensure company, system, and data preservation
Explanations

The time between a cyberattack and the time it takes to discover the attack is the time when hackers can get into a network and steal data. An important goal of the CSIRT is to ensure company, system, and data preservation through timely investigations into security incidents.

Answer: to ensure company, system, and data preservation

Question

What action will an IDS take upon detection of malicious traffic?

  1. block or deny all traffic
  2. drop only packets identified as malicious
  3. create a network alert and log the detection
  4. reroute malicious traffic to a honeypot
Explanations

An IDS, or intrusion detection system, is a device that can scan packets and compare them to a set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection.

Answer: create a network alert and log the detection

Solved quizzes

Skills for all