MIDTERM EXAM

Information Assurance and Security 2

PART I - Multiple Choice

Choose the letter of the correct answer.
1. It is the practice of preventing illicit access to private information
a. Information Assurance b. Information Security c. Information Confidentiality
2. It is termed as guarding against unauthorized alteration or destruction of data
a. Protecting the identity
b. Protecting the confidentiality
c. Protecting the integrity
3. This is the assurance that information is not disclosed to unauthorized individuals,
groups, processes, or devices
a. Authenticity b. Availability c. Confidentiality d. Non-repudiation
4. This means that authorized users have timely and easy access to information
services.
a. Accessibility b. Availability c. Timeliness d. Authority
5. This security measure is designed to establish the validity of a transmission, message,
or originator, or a means of verifying an individual’s authorization to receive specific
information
a. Authenticity b. Truthfulness c. Validity d. Authority
6. Security principles should be used to prove identities and to validate the
communication process.
a. Identity b. Validity c. Security d. Non-repudiation
7. Which of the the following does not describe advance persistent threats
a. hacking the network c. gathering sensitive company data
b. constructing a plan of attack d. infiltrating data
8. Which of the the following is true about advance persistent threats
a. This attack is same with traditional attacking patterns
b. This attack take general, broad approach
c. Trusted connections are not use to gain initial access
d. It is not their goal to remain undetected
9. Which of the following is not the function of malware in APT attack
a. hide from certain detection systems,
b. navigate the network from system to system
c. damage the data
d. and monitor network activity
10. In APT, this includes surveying and gathering information about the target
a. Renaissance b. Reconnaisance c. Case Study d. Observation
11. In APT, it is known as sensitive messages or communications which can be
exploited
a. Discriminating Communication c. Infiltrating Communication
b. Incriminating Communication d. Damaging Communication
12. In APT, Example groups include Deep Panda, OilRig, and APT28. They are known
as
a. Hackers b. Actors c. Groups d. Attackers
13. Frequently, attackers return to an infiltrated system multiple times over the length
of the attack. In APT what unique characteristics is referring to?
a. Timeliness b. Objectives c. Methods d. Frequency
14. One of the unique characteristics of APT is known as which includes
time, security and development expertise, and hosting.
a. Methods b. Resources c. Origin d. Timeliness
15. In APT, methods or techniques are being use/employ. One of the methods is called
as using a software to gain control over a target computer or network. What method is
it?
a. DNS tunneling b. rootkit c. social engineering d. rogue wifi
16. Attackers often take the time to comprehensively map a system’s weaknesses before
choosing an entry point. What characteristics of APT is this?
a. Attack mapping b. Attack origin c. Attack Mode d. Attack Entry
17. Which of the following is true about the attack value in APT Attack
a. Attack value can refer to the size of the target or to the size of the damage.
b. Small organizations tend to be the target of APTs more frequently than large
organizations.
c. Large numbers of data transfers typically indicate the greater organization required for
APT attacks.
d. Attackers is not focused on the size of the organization
18. APT attacks generally bypass traditional detection tools which rely on .
a. signature-based detection c. non-authenticating detection
b. Fileless malware d. simple detection
19. Most APT attacks leverage phishing to gain initial access. What can we do to
prevent this attack
a. Email Filtering c. Letter a only
b. Blocking Links d. both a and b
20. The following are considered to be endpoint devices which attackers want to
takeover except
a. Servers b. laptops c. workstations d. printer
21. Strong authentication measures and close management of user accounts, with a
special focus on privileged accounts, can reduce the risks of APT. This protection
emphasizes
a. Authentication control c. User control
b. Access control d. Account control
22. Occurs when hackers deluge a website with traffic, making it impossible for users
to access its content.
a. Denial of service (DOS) attack c. Trafficking
b. Phishing d. SQL injections.
23. Tracks your browsing habits and causes particular advertisements to pop up
a. Sypware b. Adware c. Trojan d. Malware
24. The following describes the term Computing Environment except
a. Collection of computer machinery,
b. Collection of data storage devices
c. Collection of software applications and networks
d. Collection of internet
25. It is the is the practice of protecting systems, networks, and programs from digital
attacks.
a. Cybersecurity b. Data Security c. Information Security
d, Information Assurance
26. This term refers to the process of taking preventative measures to protect the
underlying networking infrastructure from unauthorized access, misuse, malfunction,
modification, destruction or improper disclosure. Implementing these measures allows
computers, users and programs to perform their permitted critical functions within a
secure environment.
a. Computer Security c. Application Security
b. Network Security d. Operating System Security
27. It refers to the combination of hardware, software, and best practices you use to
monitor issues and close gaps in your security coverage.
a. Application Security c. Network Security
b. Computer Security d. Operating System Security
28. In order to identify abnormal behavior, security support personnel need to
establish a baseline of what constitutes normal behavior for a given customer’s users,
applications, and network. This refers to.
a. Behavioral Analysis c. Behavioral Statistics
b. Behavioral Analytics d. Behavioral Establishment
29. Network security type that prevent the potential expose of data to bad actors
outside the networking environment, such as uploading and downloading files,
forwarding messages, or printing. It is know as.
a. Security information and event management c. Mobile Device Security
b. Web Security d. Data Loss Prevention
30. Dividing and sorting network traffic based on certain classifications streamlines the
job for security support personnel when it comes to applying policies.
a. Network Division c. Network Distribution
b. Network Segmentation d. Network Partition
31. It limits internet access for employees, with the intention of preventing them from
accessing sites that could contain malware.
a. Internet Security c. Malware Security
b. Web Security d. Access Security
32. Operating system security (OS security) is the process of ensuring OS except
a. Integrity b. confidentiality c. availability d. accessibility
33. Which of the following is not true about Application Security
a. Security measures at the application level that aim to prevent data or code within the app
from being stolen or hijacked.
b. It encompasses the security considerations that happen during application development
and design.
c. It involves systems and approaches to protect apps after get deployed
d. None of the above
34. In application security, after being authenticated and given authority to use what
comes next which may strengthen the security the sensitive data from being expose?
a. Logging c. Encryption
b. Availability d. Security Testing
35. SQL stands for?
a. Syntax Query Language c. Sequencial Query Language
b. Structured Query Language d. Secured Query Language

Part II - Enumeration

1-5 What are the five APT ATTACK STAGES

6-11 - What are the six types of COMPUTING Environment

12-17 What are the six elements of Information Security in Parkerian Hexad

“Dont Let What You Cannot Do Interfere With What You Can
Do”