Thursday , February 29 2024

FCF – Introduction to the Threat Landscape 2.0 Self-Paced Quiz Exam Answers

Module 1: Introduction to Cybersecurity Quiz Answers

Which definition accurately describes information security (InfoSec)?

  • The practice of protecting computer networks, devices, and digital information, whether on-premises or in the cloud.
  • The management of critical infrastructure, such as pipelines, electrical power grids, and data centers in the cloud.
  • The processes for preventing, detecting, and remediating attacks on sensitive information, both digital and physical.
  • The control of physical access to a building or room where sensitive data is stored, either digitally or physically.

Which definition accurately describes cybersecurity?

  • The protection of information systems against unauthorized access, modification, and so on
  • The management of critical infrastructure, such as pipelines and electrical power grids
  • The practice of protecting computer networks, devices, and digital information
  • The protection of all information that has been deemed sensitive

Which cybersecurity term does one of the letters in AAA stand for?

  • Anonymity
  • Alerts
  • Accounting
  • Acceptability

What is one of the first things that you need to do before implementing safeguards to information?

  • Verify with government regulations if information requires protection.
  • Determine what information needs to be protected.
  • Conduct criminal record checks on all employees.
  • Carry out a data integrity check on all sensitive data.

Which is the most accurate definition of authentication in cybersecurity?

  • The practice of verifying activities on computer devices
  • The act of certifying that someone can perform an action
  • The act of identifying and verifying a person or thing
  • The process of controlling access to resource

In addition to the five categories of cybersecurity, what else do you need to consider when defending the cyber space?

  • Executive strategic planning
  • Computer code
  • ISO standards
  • People and processes

Which is the most accurate definition of authorization in cybersecurity?

  • The act of identifying and verifying a person or thing
  • The act of certifying that someone can perform an action
  • The practice of verifying activities on computer devices
  • The process of controlling access to resources

What are the three principles of information security (InfoSec), also known as the CIA triad? (Choose three.)

  • Accountability
  • Availability
  • Integrity
  • Incorruptibility
  • Confidentiality

Which two elements of cybersecurity must be addressed when defending computer networks? (Choose two.)

  • Physical access points
  • Computer technology vulnerabilities
  • Human behavior
  • Information left on desks or in public places

What are two categories of cybersecurity? (Choose two.)

  • Critical infrastructure
  • Security accreditation for employees
  • Network security
  • Building access security

Which three principals make up the DAD triad? (Choose three.)

  • Disclosure
  • Denial
  • Alteration
  • Anonymized data
  • Domain spoofing

Which definition accurately describes information systems security?

  • The practice of protecting computer networks, devices, and digital information
  • The management of information systems, including disaster recovery (DR) and high availability (HA)
  • The control of physical access to a building or room where sensitive data is stored
  • The protection of information systems against unauthorized access, modification, and so on

Module 2: The Threat Landscape Quiz Answers

Which definition best represents the Cyber Kill Chain?

  • Chronicles the chain reaction of a cyber attack
  • Details how to respond at each stage of a cyber attack
  • Describes the stages of a cyber attack
  • Illustrates how a cyber attack is killed

Which bad actor type is motivated by notoriety?

  • Explorer
  • Cyber terrorist
  • Cybercriminal
  • Adventurer

Which bad actor type is motivated by ideology?

  • Hacktivist
  • Cyber ideologue
  • Cyber warrior
  • Explorer

Which system or organization assigns a severity score to help you identify the most dangerous cyberthreats to your organization?

  • Federal Bureau of Investigation (FBI)
  • Cyberthreat rating system unanimous (CRSU)
  • National Institute of Standards and Technology (NIST)
  • Common vulnerability scoring system (CVSS)

Which standard develops a common language for cyberthreat information?

  • Structured threat information expression (STIX)
  • MITRE ATT&CK
  • Common vulnerability scoring system (CVSS)
  • Cyberthreats vernacular (CTV)

Which two attack vector categories characterize a ransomware attack? (Choose two.)

  • Computer technology
  • Pre-exploit
  • Post-exploit
  • Human

What are the two ingredients of a successful social engineering attack? (Choose two.)

  • Gaining the trust of the victim
  • Denying the victim access to a server or service
  • Compelling the victim to act, such as instilling a sense of urgency
  • Stealing the victim’s credentials by watching them as they log in
  • Breaching the victim’s computer by exploiting a weakness in an application

Which step is the final action in the threat intelligence process?

  • Identifying which threats must be mitigated
  • Providing feedback and a review of lessons learned
  • Eliminating threats
  • Disseminating threat information

Which expression would best qualify as threat intelligence?

  • A list of malicious IP addresses and domain names
  • Security implications and actionable advice
  • News of a cyberattack on another organization’s network
  • Data feeds from a Security Information and Event Manager (SIEM)

Which bad actor type prefers ransomware as an attack method?

  • Cyber extortionist
  • Cyber terrorist
  • Cybercriminal
  • Cyber warrior

What is a benefit of using MITRE ATT@CK?

  • Provides a common taxonomy for understanding and mitigating cyberattacks
  • Supplies superior services at a lower cost than its competitors
  • Presents more cyber attack details than other methods, such as Cyber Kill Chain
  • Offers off-the-shelf security software solutions

Which sequence of a Cyber Kill Chain show the events occurring in the correct order?

  • Reconnaissance, delivery, weaponization, exploitation, installation, command and control, exfiltration
  • Weaponization, reconnaissance, delivery, exploitation, installation, command and control, exfiltration
  • Weaponization, reconnaissance, delivery, installation, exploitation, command and control, exfiltration
  • Reconnaissance, weaponization, delivery, exploitation, installation, command and control, exfiltration

Manipulating people to do something contrary to their interests is an example of which cybersecurity threat category?

  • Malware
  • System design failure
  • Social engineering
  • Unauthorized access

Which three requisite qualities must information have for it to be threat intelligence? (Choose three.)

  • Detailed
  • Contextual
  • Actionable
  • Timely
  • Relevant

Which cybersecurity threat category would a trojan horse be an example of?

  • Malware
  • Unauthorized access
  • Social engineering
  • System design failure

Which hacker type is someone employed by a computer security consulting firm who could be hired to do penetration testing?

  • Green hat
  • Black hat
  • Grey hat
  • Blue hat

Module 3: Social Engineering Quiz Answers

Which attack vector does an influence campaign rely upon?

  • Zero-trust software exploit
  • Social media
  • Messaging service
  • Email

Which description best explains pharming?

  • Recruiting employees through various means to carry out an insider attack
  • Exploiting an unknown vulnerability in computer software
  • Cultivating trust between a bad actor and the target through chance encounters
  • Computer traffic redirected from a legitimate website to a malicious one

What type of insider threat is an individual who believes they are exempt from their organization’s security policies and bypasses them?

  • Lone wolf
  • Collaborator
  • Pawn
  • Goof

Which threat indicator could be an indication of an active insider threat?

  • An employee shows contempt for an organization’s policies
  • An open pot of honey is suspiciously left on a kitchen countertop
  • A USB drive is found abandoned in an organization’s parking lot
  • Two employees disagree on the interpretation of a security policy

Which two insider types are considered malicious insider threats? (Choose two.)

  • Rats
  • Pawns
  • Lone wolves
  • Moles

Which definition best describes insider threat?

  • An unknown vulnerability on a computer network
  • A person posing a threat to an organization from within
  • IT security fails to protect its network
  • Employees who are angry at their employer

Which two reasons explain why influence campaigns are often effective?

  • Social media offers an inexpensive means to influence a large number of people
  • The bad actor can remain anonymous using fake accounts
  • Blackmail and bribery are effective in influencing people’s behavior
  • People are known to respond favorably to a well-reasoned argument

Which three attack methods are examples of social engineering? (Choose three.)

  • Whaling
  • Copycat
  • Honeypot
  • Zero day
  • Tailgating

What objective is accomplished by the last two stages of an influence campaign?

  • Clarification of the narrative
  • Access to the target’s network
  • Theft of information or money
  • Amplification of the message

What type of attack method is used by a blue hat to study the tactics of bad actors?

  • Sandboxing
  • Deception
  • Honeypot
  • Waterholing

Which attack method relies on a telephone or voice-over-IP to target individuals or small groups, such as members of a finance department?

  • Vishing
  • Honeypot
  • Smishing
  • Whaling

Which technique most accurately describes social engineering?

  • Exploiting computer weaknesses
  • Psychological manipulation
  • Quid pro quo
  • Zero-day attack

What social engineering attack uses an online site frequented by the target or targets to attack them?

  • Waterholing
  • Quid pro quo
  • Phishing
  • Pretexting

Module 4: Malware Quiz Answers

What is the mechanism part of an attack vector in a DDoS attack?

  • Bots
  • Public IP address
  • Web service
  • Routers

Which type of malware does not need a host system and spreads to other computers without user action?

  • Virus
  • Worm
  • Ransomware
  • Potentially Unwanted Program (PUP)

Which three components comprise a threat vector? (Choose three.)

  • Mechanism
  • Payload
  • Threat landscape
  • Pathway
  • Vulnerability

Which statement best describes an Easter egg mechanism?

  • A hidden feature in code that may be activated for malicious purposes.
  • A program that “lays an egg”, in effect producing a malicious app.
  • The process of decorating an egg in celebration of Easter.
  • A set of instructions that executes a command to take control of a computer.

What type of malware do these characteristics describe?

  1. User activated
  2. Malware inserts or attaches itself to legitimate programs
  3. Spreads to other computers

  4. Virus
  5. Worm
  6. Keylogger
  7. Rootkit

Which type of malware secretly steals information about computer activity?

  • Rootkit
  • Spyware
  • Worm
  • Browser hijacker

Which two symptoms might indicate that your computer is infected with malware? (Choose two.)

  • Failing hard drive
  • OS updates automatically
  • Self-executing programs
  • Sudden degraded performance

Which statement best describes an attack surface?

  • The number of pathways to a vulnerability
  • The sum of vulnerabilities
  • The method to exploit a vulnerability
  • The total number of bad actors

About Machine Learning

Check Also

amazon web services certification

Amazon Web Services Certification

Amazon Web Services FREE Certification Amazon Web Services (AWS) is a cloud computing platform provided …

Leave a Reply

Your email address will not be published. Required fields are marked *