Scribd Logo
Upload

Welcome to Scribd!

  • 116 views

    Information Assurance and Security 1 MIdterm

    Uploaded by

    jusipragas
    This document appears to be a series of questions and answers related to cybersecurity topics. It includes questions about risk management strategies like risk avoidance, risk transfer, and risk mitigation. It also includes questions about the stages of cyber attacks like reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Some questions relate to basic steps for securely storing personal data.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Information Assurance and Security 1 MIdterm

    Uploaded by

    jusipragas
    116 views23 pages
    This document appears to be a series of questions and answers related to cybersecurity topics. It includes questions about risk management strategies like risk avoidance, risk transfer, and risk mitigation. It also includes questions about the stages of cyber attacks like reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Some questions relate to basic steps for securely storing personal data.

    Original Description:

    Information Assurance and Security 1 MIdterm

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document appears to be a series of questions and answers related to cybersecurity topics. It includes questions about risk management strategies like risk avoidance, risk transfer, and risk mitigation. It also includes questions about the stages of cyber attacks like reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Some questions relate to basic steps for securely storing personal data.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    116 views23 pages

    Information Assurance and Security 1 MIdterm

    Uploaded by

    jusipragas
    This document appears to be a series of questions and answers related to cybersecurity topics. It includes questions about risk management strategies like risk avoidance, risk transfer, and risk mitigation. It also includes questions about the stages of cyber attacks like reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Some questions relate to basic steps for securely storing personal data.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 23

    Question 1

    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Acronym for TCB?

    Select one:

    a.
    Trusting Computing Based

    b.
    Trusted Computer Based

    c.
    Trusted Computing Base

    d.
    Trusting Computer Based
    Feedback
    Your answer is correct.

    Question 2
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Risks not avoided or transferred are retained by the organization.

    Select one:
    a.
    Risk Acceptance

    b.
    Risk Transfer

    c.
    Risk mitigation

    d.
    Risk Avoidance
    Feedback
    Your answer is correct.

    Question 3
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Is a measure of confidence that the security features, practices, procedures, and
    architecture of a system accurately mediates and enforces the security policy.

    Select one:

    a.
    Lifecyle

    b.
    Assurance

    c.
    System
    d.
    TCB
    Feedback
    Your answer is correct.

    Question 4
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Is it true or false. The use of complex, unique, hard to guess or break passwords, consisting
    of numbers, upper/lower case letters and special characters is some basic steps in storing
    personal data.

    Select one:
    True
    False

    Question 5
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Are the security features of a system that provide enforcement of a security policy.

    Select one:

    a.
    Trust mechanism

    b.
    Trust

    c.
    Coding

    d.
    Design
    Feedback
    Your answer is correct.

    Question 6
    Correct
    Mark 7.00 out of 7.00

    Flag question

    Question text
    What are the steps in intrusion model?

    Select one:

    a.
    Recon, Weaponise, Deliver, System, Install, C2 and Action

    b.
    Recon, Weaponise, Deliver, Exploit, Install, System and Action

    c.
    System, Weaponise, Deliver, Exploit, Install, C2 and Action

    d.
    Recon, Weaponise, Deliver, Exploit, Install, C2 and Action
    Feedback
    Your answer is correct.

    Question 7
    Correct
    Mark 7.00 out of 7.00

    Flag question

    Question text
    Seven Stages of lifecycle model

    Select one:

    a.
    Requirements, Trust, Coding, Testing, Deployment, Production and Decommission

    b.
    Requirements, Design, Coding, Testing, Deployment, Production and Decommission

    c.
    Risk Transfer, Design, Coding, Testing, Deployment, Production and Decommission

    d.
    Requirements, Design, Trust Mechanism, Testing, Deployment, Production and
    Decommission
    Feedback
    Your answer is correct.

    Question 8
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    The infected file can be used by the self-execution facility to launch the malware code, or it
    can be executed by the user himself;
    Select one:

    a.
    Installation

    b.
    Weaponization

    c.
    Exploitation

    d.
    Reconnaissance
    Feedback
    Your answer is correct.

    Question 9
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Making a malware application (for example, a computer trojan) that, combined with an
    exploitable security breach, allows remote access. Moreover, PDF (Portable Document
    Format) files or Microsoft Office suite-specific files can be regarded as weapons available to
    the attacker;

    Select one:

    a.
    Exploitation

    b.
    Weaponization
    c.
    Delivery

    d.
    Reconnaissance
    Feedback
    Your answer is correct.

    Question 10
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Once this bidirectional communication has been made, an attacker has access inside the
    target environment and can usually control the activity by manually launching commands;

    Command and Control


    Answer:

    Question 11
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Infecting a victim system with a computer trojan, backdoor or other malware application of
    this type that ensures the attacker’s presence in the target environment;

    Installation
    Answer:
    Question 12
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    These actions typically consist of collecting information, modifying data integrity, or
    attacking the availability of services and devices, but the victim system can also be used as a
    starting point for infecting other systems or for expanding access to the local network.

    Select one:

    a.
    Action on objective

    b.
    Exploitation

    c.
    Installation

    d.
    Command and Control
    Feedback
    Your answer is correct.

    Question 13
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Is the process by which an asset is managed from its arrival or creation to its termination or
    destruction.
    Select one:

    a.
    Assurance

    b.
    TCB

    c.
    Lifecycle

    d.
    System
    Feedback
    Your answer is correct.

    Question 14
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Logical security consists in software that are necessary to control the access to information
    and services of a system. The logical level is divided into two categories: access security level
    and service security level.

    Select one:

    a.
    System

    b.
    Recon

    c.
    Prevent Cyber-Attacks

    d.
    Install
    Feedback
    Your answer is correct.

    Question 15
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Research, target identification and selection: it may be looking for e-mail addresses, social
    relationships, or data about a particular technology, information displayed on various
    websites;

    Select one:

    a.
    Weaponization

    b.
    Reconnaissance

    c.
    Delivery

    d.
    Exploitation
    Feedback
    Your answer is correct.

    Question 16
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    The main ways of transport are e-mails (attachment of infected files), web platforms
    (running malware scripts), or removable USB memories;

    Select one:

    a.
    Install

    b.
    C2

    c.
    Recon

    d.
    Delivery
    Feedback
    Your answer is correct.

    Question 17
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    After the weapon is delivered to the victim, follows the targeting of an application or
    vulnerability of the operating system. The infected file can be used by the self-execution
    facility to launch the malware code, or it can be executed by the user himself;

    Select one:

    a.
    Weaponization

    b.
    Delivery

    c.
    Exploitation

    d.
    Reconnaissance
    Feedback
    Your answer is correct.

    Question 18
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Is it true or false. Storage the minimum required data online and maximum discretion in
    providing them to a third party (users, companies) is some basic steps in storing personal
    data.

    Select one:
    True
    False

    Question 19
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Shift the risk to someone else.

    Select one:

    a.
    Risk mitigation

    b.
    Risk avoidance

    c.
    Risk Transfer

    d.
    Risk Acceptance
    Feedback
    Your answer is correct.

    Question 20
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Not performing an activity that would incur risk.

    Select one:

    a.
    Risk mitigation
    b.
    Risk transfer

    c.
    Risk Acceptance

    d.
    Risk Avoidance
    Feedback
    Your answer is correct.

    Question 21
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Transmitting the weapon to the target environment.

    Select one:

    a.
    Weaponization

    b.
    Exploitation

    c.
    Delivery

    d.
    Reconnaissance
    Feedback
    Your answer is correct.

    Question 22
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Taking actions to reduce the losses due to a risk; many technical countermeasures fall into
    this category.

    Select one:

    a.
    Risk Avoidance

    b.
    Risk Acceptance

    c.
    Risk transfer

    d.
    Risk mitigation
    Feedback
    Your answer is correct.

    Question 23
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    After the first six phases, an attacker can act to achieve the goals. These actions typically
    consist of collecting information, modifying data integrity, or attacking the availability of
    services and devices, but the victim system can also be used as a starting point for infecting
    other systems or for expanding access to the local network.

    Select one:

    a.
    System

    b.
    Program

    c.
    Trusted

    d.
    Action on Objective
    Feedback
    Your answer is correct.

    Question 24
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Is it true or false. Encrypting all personal information when saved on different storage
    media is some basic steps in storing personal data.

    Select one:
    True
    False

    Question 25
    Correct
    Mark 1.00 out of 1.00
    Flag question

    Question text
    Is it true or false. An additional risk occurs when personal information is stored in client
    accounts on commercial websites, which may become the target of cyber-attacks anytime,
    so stored data becomes vulnerable is some basic steps in storing personal data.

    Select one:
    True
    False

    Question 26
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Physical security consist in the closure of IT equipment in a dedicated space and the
    provision of access control.

    Select one:

    a.
    Prevent Cyber-Attacks

    b.
    Recon

    c.
    System

    d.
    Install
    Feedback
    Your answer is correct.

    Question 27
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Usually an infected host must be accessible outside of the local network to establish a
    command and control channel between the victim and the attacker. Once this bidirectional
    communication has been made, an attacker has access inside the target environment and
    can usually control the activity by manually launching commands;

    Select one:

    a.
    Program Code

    b.
    Command

    c.
    System Code

    d.
    Command and Control
    Feedback
    Your answer is correct.

    Question 28
    Correct
    Mark 1.00 out of 1.00
    Flag question

    Question text
    Is it true or false. Using encrypted versions of protocols when sensitive information is
    exchanged so as to ensure data confidentiality and prevent identity theft is some basic steps
    in storing personal data.

    Select one:
    True
    False

    Question 29
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Failure of the mechanism may destroy the basis for trust.

    Select one:

    a.
    Trust

    b.
    System

    c.
    TCB

    d.
    Assurance
    Feedback
    Your answer is correct.

    Question 30
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Is a collection of all the trust mechanisms of a computer system which collectively enforce
    the policy.

    Select one:

    a.
    Assurance

    b.
    Lifecycle

    c.
    TCB

    d.
    Trust
    Feedback
    Your answer is correct.

    Question 31
    Correct
    Mark 1.00 out of 1.00

    Flag question
    Question text
    Is a generic term that implies a mechanism in place to provide a basis for confidence in the
    reliability/security of the system.

    Select one:

    a.
    Trust mechanism

    b.
    Risk transfer

    c.
    The risk treatment

    d.
    Trust
    Feedback
    Your answer is correct.

    Question 32
    Correct
    Mark 1.00 out of 1.00

    Flag question

    Question text
    Acceptance, avoidance, mitigation, transfer—are with respect to a specific risk for a specific
    pary.

    Select one:

    a.
    Trust mechanism

    b.
    The risk treatment
    c.
    Trust

    d.
    Risk transfer
    Feedback
    Your answer is correct.

    Question 33
    Correct
    Mark 6.00 out of 6.00

    Flag question

    Question text
    Risk Management Procedure consists of six steps.

    Select one:

    a.
    Assess assets, Assess vulnerabilities, Assess risks, Prioritize countermeasure options and
    Make risk management decisions

    b.
    Assess assets, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure
    options and Make risk management decisions

    c.
    System, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure options
    and Make risk management decisions

    d.
    Assess assets, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure
    options and System Unit
    Feedback
    Your answer is correct.

    You might also like