IT Computer Security Quiz Questions

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Sickfredo
S
Sickfredo
Community Contributor
Quizzes Created: 3 | Total Attempts: 281
Questions: 68 | Attempts: 152

SettingsSettingsSettings
IT Computer SecurITy Quiz Questions - Quiz

(These quizzes were derived from the ITS curriculum at algonquin college in order to help with study of material. These quizzes, in no way represent the curriculum as a whole. Is just a gathering of information to help you study)


Questions and Answers
  • 1. 

    Based on the highlighted portion of the captured packet code below, what protocol isidentified as being used in the payload portion of this IP packet?4500 0064 0000 4000 4006 b755 c0a8 0101

    • A.

      IP

    • B.

      UDP

    • C.

      TCP

    • D.

      ICMP

    • E.

      None of the above

    Correct Answer
    C. TCP
    Explanation
    The correct answer is TCP because the hexadecimal code "06" in the captured packet represents the protocol field in the IP header, and "06" corresponds to TCP in the protocol number assignment.

    Rate this question:

  • 2. 

    Which one of the following is NOT a fundamental principle of the Computer Security Triad?

    • A.

      Confidentiality

    • B.

      Ease of Use

    • C.

      Availability

    • D.

      Integrity

    • E.

      Accountability

    Correct Answer
    B. Ease of Use
    Explanation
    The Computer Security Triad consists of three fundamental principles: confidentiality, integrity, and availability. These principles are essential for ensuring the security of computer systems and data. Ease of use, on the other hand, is not a fundamental principle of the triad. While it is important to consider usability in the design and implementation of security measures, it is not one of the core principles that the triad focuses on.

    Rate this question:

  • 3. 

    Based on the highlighted portion of the captured packet code below, what protocol isidentified as being used in the payload portion of this IP packet?4500 0064 0000 4000 4001 b755 c0a8 0101

    • A.

      IP

    • B.

      UDP

    • C.

      TCP

    • D.

      ICMP

    • E.

      None of the above

    Correct Answer
    D. ICMP
    Explanation
    The highlighted portion of the captured packet code "4001" corresponds to the protocol field in the IP header. In this case, the value "4001" indicates that the protocol being used in the payload portion of this IP packet is ICMP (Internet Control Message Protocol).

    Rate this question:

  • 4. 

    In security environments, Authentication refers to:

    • A.

      Supplying your identity

    • B.

      Confirming your identify with an element unique to the individual

    • C.

      Using your identity to assign access rights

    • D.

      Tracking what users are doing while accessing the systems

    • E.

      None of the above

    Correct Answer
    B. Confirming your identify with an element unique to the individual
    Explanation
    Authentication in security environments refers to the process of confirming an individual's identity with a unique element. This unique element could be a password, a fingerprint, a smart card, or any other factor that is specific to the individual. By confirming the identity, the system ensures that the user is who they claim to be before granting access to resources or assigning access rights.

    Rate this question:

  • 5. 

    Security goals are a balancing act between 3 key elements. What are these elements?

    • A.

      Security, Integrity, Functionality

    • B.

      Security, Ease of Use, Functionality

    • C.

      Availability, Ease of Use, Functionality

    • D.

      Confidentiality, Security, Ease of Use

    • E.

      Confidentiality, Integrity, Availability

    Correct Answer
    B. Security, Ease of Use, Functionality
    Explanation
    The three key elements in balancing security goals are security, ease of use, and functionality. Security ensures the protection of data and systems from unauthorized access or attacks. Ease of use focuses on making security measures user-friendly and convenient for individuals to use. Functionality ensures that security measures do not hinder the proper functioning and performance of systems and processes. Balancing these three elements is crucial in designing effective and efficient security measures that meet the needs of users while maintaining the integrity and availability of data and systems.

    Rate this question:

  • 6. 

    The TCP three-way handshake used to open a TCP connection uses 3 packets.What 2 flags are required to be set across these 3 packets? (Select all that apply)

    • A.

      SYN Flag

    • B.

      Payload Flag

    • C.

      FIN Flag

    • D.

      ACK Flag

    • E.

      RST Flag

    Correct Answer(s)
    A. SYN Flag
    D. ACK Flag
    Explanation
    The TCP three-way handshake is a process used to establish a TCP connection between two devices. It involves the exchange of three packets. The SYN (synchronize) flag is set in the first packet sent by the client to the server to initiate the connection. The server responds with a packet that has both the SYN and ACK (acknowledge) flags set, indicating that it received the client's request and is willing to establish a connection. Finally, the client sends a packet with only the ACK flag set to acknowledge the server's response. Therefore, the two flags required to be set across these three packets are the SYN Flag and the ACK Flag.

    Rate this question:

  • 7. 

    Based on the highlighted portion of the captured packet code below, what protocol isidentified as being used in the payload portion of this IP packet?4500 0064 0000 4000 4017 b755 c0a8 0101

    • A.

      IP

    • B.

      UDP

    • C.

      TCP

    • D.

      ICMP

    • E.

      None of the above

    Correct Answer
    B. UDP
    Explanation
    The highlighted portion of the captured packet code "4017" indicates the protocol field in the IP header. In this case, the value "17" corresponds to the UDP (User Datagram Protocol) protocol. Therefore, the protocol identified as being used in the payload portion of this IP packet is UDP.

    Rate this question:

  • 8. 

    Of all the vulnerabilities listed below, which one is considered the hardest to properlyprotect against?

    • A.

      Low physical security

    • B.

      Active services

    • C.

      Open ports

    • D.

      The human element

    • E.

      Bad passwords

    Correct Answer
    D. The human element
    Explanation
    The human element is considered the hardest vulnerability to properly protect against because humans are susceptible to making mistakes, being manipulated, or intentionally causing security breaches. Unlike technical vulnerabilities like open ports or bad passwords, which can be addressed through technological solutions, the human element involves unpredictable behavior and requires a combination of training, awareness, and ongoing monitoring to mitigate the risks.

    Rate this question:

  • 9. 

    Which of the tools below is designed as a vulnerability scanner?

    • A.

      Nmap

    • B.

      Snort

    • C.

      Nessus

    • D.

      Nmap

    • E.

      Tcpdump

    Correct Answer
    C. Nessus
    Explanation
    Nessus is designed as a vulnerability scanner. It is a widely used tool for identifying vulnerabilities in computer systems and networks. Nessus scans for known vulnerabilities and provides detailed reports on the findings. It helps organizations identify and address security weaknesses before they can be exploited by attackers.

    Rate this question:

  • 10. 

    What security term, coined by the SANS institute, is used to represent the optimalinformation security strategy?

    • A.

      Separation of Privileges

    • B.

      Principle of Least Privileges

    • C.

      Defense in Depth

    • D.

      Security through obscurity

    • E.

      All of the above

    Correct Answer
    C. Defense in Depth
    Explanation
    Defense in Depth is a security term used to represent the optimal information security strategy. It involves implementing multiple layers of security measures to protect against potential threats. This approach ensures that even if one layer is breached, there are additional layers in place to prevent unauthorized access and protect sensitive information. By implementing a combination of physical, technical, and administrative controls, organizations can create a strong defense system that reduces the risk of successful attacks. Separation of Privileges, Principle of Least Privileges, and Security through obscurity are also important security concepts but are not specifically synonymous with the optimal security strategy represented by Defense in Depth.

    Rate this question:

  • 11. 

    Which of the CIA Triad elements is responsible for ensuring that personal information is notdisclosed to unauthorized users?

    • A.

      Availability

    • B.

      Confidentiality

    • C.

      Integrity

    • D.

      Accountability

    • E.

      Ease of Use

    Correct Answer
    B. Confidentiality
    Explanation
    Confidentiality is responsible for ensuring that personal information is not disclosed to unauthorized users. It involves protecting sensitive data from being accessed, viewed, or disclosed by unauthorized individuals. Confidentiality measures, such as encryption, access controls, and secure transmission protocols, are implemented to safeguard personal information and maintain privacy.

    Rate this question:

  • 12. 

    ___ reconnaissance is used by hackers for observing and learning about the target fromafar, while _____ reconnaissance is used to gain more active and direct knowledge of thetarget.

    • A.

      Active, Passive

    • B.

      Passive, Active

    • C.

      Active, Submissive

    • D.

      Positive, Active

    • E.

      None of the above

    Correct Answer
    B. Passive, Active
    Explanation
    Passive reconnaissance is used by hackers to observe and gather information about the target without directly interacting with it. This can include activities such as scanning networks, collecting publicly available information, or monitoring communication channels. On the other hand, active reconnaissance involves more direct and aggressive techniques to gain knowledge about the target. This can include activities such as port scanning, vulnerability scanning, or attempting to exploit weaknesses in the target's security.

    Rate this question:

  • 13. 

    Which of the software tools below is considered an Intrusion Detection System?

    • A.

      Ping

    • B.

      Snort

    • C.

      Nessus

    • D.

      Ethereal

    • E.

      Tcpdump

    Correct Answer
    B. Snort
    Explanation
    Snort is considered an Intrusion Detection System (IDS) because it is an open-source network intrusion prevention and detection system. It analyzes network traffic in real-time, looking for patterns and signatures of known attacks. It can also be configured to generate alerts or take action when suspicious activity is detected. Snort is widely used in the cybersecurity industry as an effective tool for monitoring and protecting network systems against various types of intrusions and attacks.

    Rate this question:

  • 14. 

    When using a packet sniffer, what part(s) of the packet can you observe?(Select all that apply)

    • A.

      IP header content

    • B.

      Protocol header (TCP, UDP, ICMP, etc) content

    • C.

      Payload

    • D.

      MAC Address

    • E.

      All of the above

    Correct Answer
    E. All of the above
    Explanation
    When using a packet sniffer, you can observe all of the above parts of the packet. A packet sniffer allows you to capture and analyze network traffic, and it provides visibility into various aspects of the packets. By using a packet sniffer, you can observe the IP header content, protocol header content (such as TCP, UDP, ICMP), payload, and MAC address. This allows you to analyze and understand the different layers and components of the network packets being transmitted.

    Rate this question:

  • 15. 

    The TCP three-way handshake used to close a TCP connection uses 3 packets.What 2 flags are required to be set across these 3 packets? (Select all that apply)

    • A.

      SYN Flag

    • B.

      Payload Flag

    • C.

      FIN Flag

    • D.

      ACK Flag

    • E.

      RST Flag

    Correct Answer(s)
    C. FIN Flag
    D. ACK Flag
    Explanation
    The TCP three-way handshake is used to establish and terminate a TCP connection. In the case of closing a TCP connection, the FIN (Finish) flag is set across the three packets. This flag is used to indicate that the sender has finished sending data. Additionally, the ACK (Acknowledgment) flag is also required to be set across these three packets. The ACK flag is used to acknowledge the receipt of the FIN flag and confirm the termination of the connection. Therefore, the correct answer is FIN Flag, ACK Flag.

    Rate this question:

  • 16. 

    Based on the highlighted portion of the captured packet code below, what network protocolis being used?4500 0064 0000 4000 4001 b755 c0a8 0101

    • A.

      TCP

    • B.

      ICMP

    • C.

      UDP

    • D.

      IP

    • E.

      ARP

    Correct Answer
    D. IP
    Explanation
    IPv4

    Rate this question:

  • 17. 

    Which of the following security goals provides a means for objective verification of a user’sidentity?

    • A.

      Authorization

    • B.

      Authentication

    • C.

      Verification

    • D.

      Identification

    • E.

      Clarification

    Correct Answer
    B. Authentication
    Explanation
    Authentication is the correct answer because it refers to the process of verifying the identity of a user. It provides a means for objective verification by confirming that the user is who they claim to be, typically through the use of passwords, biometrics, or other security measures. Authentication is essential for ensuring that only authorized individuals can access sensitive information or perform certain actions, thereby enhancing the overall security of a system or network.

    Rate this question:

  • 18. 

    The ICMP protocol is specifically designed to:

    • A.

      Check & report on network error conditions

    • B.

      Generate networking stats

    • C.

      Control traffic flow across networks

    • D.

      Track end-to-end connectivity

    • E.

      None of the above

    Correct Answer
    A. Check & report on network error conditions
    Explanation
    The ICMP protocol, or Internet Control Message Protocol, is specifically designed to check and report on network error conditions. It is used by network devices to send error messages and operational information, allowing for the detection and reporting of issues such as unreachable hosts, network congestion, or routing problems. ICMP helps in troubleshooting and diagnosing network problems by providing feedback about the status and errors occurring within a network.

    Rate this question:

  • 19. 

    A friend lends you the latest music CD he just purchased. You take it home and make acopy for your own use. Have you broken any laws?

    • A.

      Yes

    • B.

      No

    Correct Answer
    A. Yes
    Explanation
    Yes, making a copy of a music CD without the permission of the copyright holder is considered copyright infringement and is against the law.

    Rate this question:

  • 20. 

    If you run password crackers or packet sniffers at work, which of the following is true?

    • A.

      Encrypt or Destroy cracked passwords

    • B.

      E-mail users using inappropriate software on the network to inform them you know

    • C.

      Don't crack passwords that meet the company's password policy

    • D.

      Get permission from management first

    • E.

      All of the above

    Correct Answer
    D. Get permission from management first
    Explanation
    It is important to obtain permission from management before running password crackers or packet sniffers at work. This is because these activities may be considered unauthorized and can potentially violate company policies or legal regulations. By obtaining permission, the employee ensures that they are acting within the boundaries set by the organization and can avoid any potential negative consequences.

    Rate this question:

  • 21. 

    Computer A wishes to open a TCP session with Computer B. If Computer A's initialsequence number is 145678913, then Computer B will respond with:

    • A.

      An initial sequence number of its own and an acknowledgement number of 145678914

    • B.

      An initial sequence number of its own and no acknowledgement number since no data was received

    • C.

      An acknowledgment number of 145678914

    • D.

      An acknowledgement number of 145678913

    • E.

      An initial

    Correct Answer
    A. An initial sequence number of its own and an acknowledgement number of 145678914
    Explanation
    Computer B will respond with an initial sequence number of its own and an acknowledgement number of 145678914. This is because in a TCP session, both computers need to establish synchronization by exchanging initial sequence numbers. Computer B generates its own initial sequence number and acknowledges the receipt of Computer A's initial sequence number by sending an acknowledgement number.

    Rate this question:

  • 22. 

    Your system receives a few packets, but no connection seems to be established. Whenyou look at the logs, you notice you received a few SYN packets, immediately followed byRST packets, but no ACK packets. What could be happening?

    • A.

      SYN Stealth Open Port scan from Nmap

    • B.

      XMAS Open Port scan from Nmap

    • C.

      Hacker trying to identify the service running on a port

    • D.

      TCP/IP stack has failed

    • E.

      None of the above

    Correct Answer
    A. SYN Stealth Open Port scan from Nmap
    Explanation
    The given correct answer suggests that the system is experiencing a SYN Stealth Open Port scan from Nmap. This type of scan involves sending a SYN packet to initiate a connection with the target system, but instead of completing the connection with an ACK packet, the attacker sends a RST packet to terminate the connection. This technique is used by hackers to identify open ports on a system without being detected.

    Rate this question:

  • 23. 

    Which of the following command lines would you use to conduct a Christmas scan usingnmap?

    • A.

      Nmap -sP 192.168.1.1

    • B.

      Nmap -sX 192.168.1.1

    • C.

      Nmap -sU 192.168.1.1

    • D.

      Nmap -sN 192.168.1.1

    • E.

      Nmap -sC 192.168.1.1

    Correct Answer
    B. Nmap -sX 192.168.1.1
  • 24. 

    Captain Zap described the method he used to obtain user manuals to hack the AT&Tsystem. What method did he use?

    • A.

      Theft – he broke in and stole them

    • B.

      He bought them at a sale at his local electronics store

    • C.

      Dumpster Diving

    • D.

      Social Engineering

    • E.

      Sniffing the network

    Correct Answer
    C. Dumpster Diving
    Explanation
    Captain Zap used the method of Dumpster Diving to obtain user manuals to hack the AT&T system. Dumpster Diving refers to the act of searching through trash or discarded items to find information or valuable items. In this case, Captain Zap likely searched through dumpsters or garbage bins to find discarded user manuals that contained the necessary information to carry out the hack.

    Rate this question:

  • 25. 

    A weakness in a computer system, or a point where the system is susceptible to attack.The weakness could be exploited to violate system security. This is the definition of a(n)

    • A.

      Exploit

    • B.

      Vulnerability

    • C.

      Threat

    • D.

      Risk

    • E.

      Hole

    Correct Answer
    B. Vulnerability
    Explanation
    A vulnerability refers to a weakness in a computer system that can be exploited by attackers to compromise its security. It represents a point of susceptibility where an attacker can gain unauthorized access, steal data, or disrupt system operations. Identifying and addressing vulnerabilities is crucial to maintaining the security and integrity of computer systems.

    Rate this question:

  • 26. 

    In order for a packet sniffer to work properly, it needs to put the NIC card into _____ mode.

    • A.

      Listening

    • B.

      Active

    • C.

      Promiscuous

    • D.

      Normal

    • E.

      None of the above

    Correct Answer
    C. Promiscuous
    Explanation
    A packet sniffer needs to put the NIC card into promiscuous mode in order to work properly. This mode allows the network interface card to capture all network traffic, including packets that are not intended for the device. By enabling promiscuous mode, the packet sniffer can analyze and capture all network packets passing through the network, regardless of their destination. This is essential for monitoring and analyzing network traffic for security or troubleshooting purposes.

    Rate this question:

  • 27. 

    A fragmented IP datagram is reassembled by

    • A.

      The router closest to the destination

    • B.

      Any router along the path when the MTU changes to permit a larger datagram

    • C.

      By the destination host

    • D.

      By the application processing the information datagram

    • E.

      None of the above

    Correct Answer
    C. By the destination host
    Explanation
    A fragmented IP datagram is reassembled by the destination host. When a large IP datagram is fragmented into smaller pieces for transmission over a network, it is the responsibility of the destination host to receive and reassemble these fragments into the original datagram. This process is done using the identification field and fragment offset field in the IP header, which allow the destination host to correctly order and combine the fragments. The routers along the path only handle the forwarding of the individual fragments, while the application processing the information datagram is not involved in the reassembly process.

    Rate this question:

  • 28. 

    Which of the following is one method of gathering information about the operating system acompany is using?

    • A.

      Search the Web for e-mail addresses of IT employees

    • B.

      Connect via telnet to the company’s Web server

    • C.

      Ping the URL and analyze the ICMP messages

    • D.

      Use the ipconfig /os command

    • E.

      None of the above

    Correct Answer
    B. Connect via telnet to the company’s Web server
    Explanation
    Connecting via telnet to the company's web server is one method of gathering information about the operating system a company is using. By connecting through telnet, one can access the command-line interface of the web server and gather information about the operating system running on it. This method allows for direct interaction with the server and can provide valuable information about the underlying technology being used.

    Rate this question:

  • 29. 

    The loss of one of the goals of security is known as a:

    • A.

      Hole

    • B.

      Vulnerability

    • C.

      Risk

    • D.

      Compromise

    • E.

      Threat

    Correct Answer
    D. Compromise
    Explanation
    Compromise refers to the loss of one of the goals of security, which is the protection of resources and data from unauthorized access, use, disclosure, disruption, modification, or destruction. When a compromise occurs, it means that the security measures in place have been breached, allowing an attacker to gain unauthorized access or control over the system, network, or data. This can lead to various negative consequences, such as data breaches, financial losses, reputational damage, and legal implications.

    Rate this question:

  • 30. 

    In Security term, Authorization refers to:

    • A.

      Confirming your identity with a element unique to the person

    • B.

      Tracking what users are doing while accessing the systems

    • C.

      Supplying your identity when asked

    • D.

      Using your identity to assign access rights

    • E.

      None of the above

    Correct Answer
    D. Using your identity to assign access rights
    Explanation
    Authorization in security refers to the process of using an individual's identity to assign access rights. It involves granting or denying permissions to users based on their authenticated identity. This ensures that only authorized individuals can access certain resources or perform specific actions within a system. By assigning access rights based on identity, organizations can control and manage the level of access that users have to sensitive information or functionalities, thereby enhancing security and preventing unauthorized access.

    Rate this question:

  • 31. 

    In the TCP/IP stack, the ____ layer is concerned with physically moving electrons across amedia or wire.

    • A.

      Internet

    • B.

      Network

    • C.

      Transport

    • D.

      Physical

    • E.

      Application

    Correct Answer
    D. pHysical
    Explanation
    The Physical layer in the TCP/IP stack is responsible for physically moving electrons across a media or wire. This layer deals with the actual transmission of data bits over the network, including the electrical, mechanical, and functional aspects of the physical connection. It defines the specifications for cables, connectors, and other hardware components required for data transmission.

    Rate this question:

  • 32. 

    ____ is a connectionless protocol

    • A.

      ICMP

    • B.

      TCP

    • C.

      UDP

    • D.

      FTP

    • E.

      None of the above

    Correct Answer
    C. UDP
    Explanation
    UDP (User Datagram Protocol) is a connectionless protocol. Unlike TCP (Transmission Control Protocol), which establishes a connection between two devices before data transfer, UDP does not establish a connection and simply sends data packets without any guarantee of delivery or order. UDP is commonly used for applications that require low latency and can tolerate some data loss, such as streaming media, online gaming, and DNS (Domain Name System) queries.

    Rate this question:

  • 33. 

    Which of the following statements about session hijacking is false?

    • A.

      Most computers are vulnerable to this form of attack

    • B.

      Hijacking is very easy to prevent

    • C.

      Hijacking is very dangerous

    • D.

      Hijacking is quite simple with the proper tools at hand

    • E.

      If the session hijacking attempt fails, a hacker can keep trying until he gets it right

    Correct Answer
    C. Hijacking is very dangerous
  • 34. 

    Each TCP connection is uniquely identified by:

    • A.

      Source and Destination IP

    • B.

      Source and Destination port

    • C.

      Sequence Number

    • D.

      Connection Number

    • E.

      A & B only

    Correct Answer
    E. A & B only
    Explanation
    Each TCP connection is uniquely identified by the combination of the source and destination IP addresses and the source and destination port numbers. The IP addresses identify the source and destination devices, while the port numbers specify the specific application or service running on those devices. The sequence number and connection number are not used for uniquely identifying TCP connections.

    Rate this question:

  • 35. 

    Physical dangers - i.e. earthquakes, flooding - are not considered a security concern.

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    Physical dangers such as earthquakes and flooding can indeed be considered a security concern. While they may not directly relate to issues of personal safety or protection from intentional harm, they can still pose significant risks to individuals, communities, and even national security. For example, natural disasters can disrupt critical infrastructure, lead to loss of life and property, create social unrest, and even provide opportunities for malicious actors to exploit vulnerabilities. Therefore, it is incorrect to say that physical dangers are not considered a security concern.

    Rate this question:

  • 36. 

    A ___ attaches itself to a program or file so it can spread from one computer to anotherwith the file as it travels, leaving infections as it travels.

    • A.

      Worm

    • B.

      Trojan

    • C.

      Virus

    • D.

      Rootkit

    • E.

      None of the above

    Correct Answer
    C. Virus
    Explanation
    A virus is a type of malicious software that attaches itself to a program or file and spreads from one computer to another. As it travels, it leaves infections in the files it infects. Unlike worms or Trojans, viruses require a host file or program to propagate and cannot spread on their own. Rootkits, on the other hand, are a type of malware that allows unauthorized access to a computer system, but they do not spread like viruses. Therefore, the correct answer is virus.

    Rate this question:

  • 37. 

    ___ spread from computer to computer, but unlike the malware , it has theability to travel and replicate itself without any user intervention.A- WormB- TrojanC- VirusD- RootkitE- None of the above

    • A.

      Worm

    • B.

      Trojan

    • C.

      Virus

    • D.

      Rootkit

    • E.

      None of the above

    Correct Answer
    A. Worm
    Explanation
    A worm is a type of malware that can spread from computer to computer without any user intervention. Unlike viruses and trojans, worms do not require a host file or user action to replicate themselves. They can exploit vulnerabilities in network protocols or operating systems to automatically propagate and infect other systems. This makes worms particularly dangerous as they can quickly infect a large number of computers and cause widespread damage. In this case, the correct answer is A - Worm.

    Rate this question:

  • 38. 

    Define the term “Authorisation” as defined by Security principles

    Correct Answer
    Check explanation!
    Explanation
    Mechanism to decide/assign the access level granted to the user/system
    (1) Controls what systems, resources and data the user can access
    (2) Must be closely tied to the authentication process
    (3) Generally more of a background process managed by administrators

    Rate this question:

  • 39. 

    What was Captain Zap’s hack of the AT&T system? (What did he do?)

    Correct Answer
    Check explanation!
    Explanation
    He changed the system clocks on the billing servers by 12 hours, which resulted
    in reducing long-distance charges for users. This is due to the fact that, at the
    time, AT&T had different rates for long-distance for daytime (higher) and evening
    (lower).

    Rate this question:

  • 40. 

    Define the concept of Least Privileges?

    Correct Answer
    check explanation!
    Explanation
    Every security subject (user, process, resource, etc) should only have the
    minimum permissions/access required to accomplish its assigned task

    Rate this question:

  • 41. 

    Vulnerability is defined as a way that an attacker could use to get into the system

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    The statement accurately defines vulnerability as a means for an attacker to gain unauthorized access to a system. A vulnerability refers to a weakness or flaw in the system's security measures that can be exploited by an attacker to compromise the system's integrity, confidentiality, or availability. Therefore, the correct answer is "True."

    Rate this question:

  • 42. 

      Which of the following is considered a reason why hackers attack systems?

    • A.

      Profit

    • B.

      Religious / political / ethical reasons

    • C.

      “Mount Everest” syndrome

    • D.

      Revenge

    • E.

      All of the above

    Correct Answer
    E. All of the above
    Explanation
    Hackers attack systems for various reasons, including profit, religious/political/ethical motivations, the "Mount Everest" syndrome (the desire to conquer a challenging target), and revenge. These motivations can drive hackers to exploit vulnerabilities in systems and gain unauthorized access, causing damage, stealing sensitive information, or disrupting services. The combination of these different reasons makes it difficult to pinpoint a single motive for hacking, as hackers can be driven by a mix of financial gain, personal beliefs, and personal vendettas.

    Rate this question:

  • 43. 

       A security exploit is defined as:

    • A.

      Something used to shutdown a system

    • B.

      A threat turned into a vulnerability

    • C.

      A flaw in the system

    • D.

      Anything that can be used to compromise a system

    • E.

      None of the above

    Correct Answer
    D. Anything that can be used to compromise a system
    Explanation
    A security exploit refers to any method, technique, or tool that can be utilized to compromise or breach the security of a system. It can encompass various forms such as software vulnerabilities, hardware weaknesses, social engineering tactics, or even physical attacks. This broad definition includes all possible means by which an attacker can gain unauthorized access, steal information, disrupt operations, or cause harm to a system or its users.

    Rate this question:

  • 44. 

    What are the 3 main types of security?

    Correct Answer
    System Security
    Communication Security
    Physical Security
    Explanation
    A. System Security
    i) Protection of information, capabilities and services on a system/server
    (1) SANs, servers, desktops, network devices, etc…
    B. Communication Security
    i) Protection of information while it’s being transmitted
    (1) Also includes protection of the medium itself (in so far as it’s possible)
    C. Physical Security
    i) Protection from physical access to computer, communications equipment,
    facilities and personnel from damage or theft
    (1) All logical security controls must include physical security

    Rate this question:

  • 45. 

    1.    The OSI layer which provides data encryption is the:

    • A.

      Application Layer

    • B.

      Presentation Layer

    • C.

      Session Layer

    • D.

      Transport Layer

    • E.

      Network Layer

    Correct Answer
    B. Presentation Layer
    Explanation
    The Presentation Layer in the OSI model is responsible for data encryption and decryption. It ensures that the data is properly formatted and encrypted before transmission, and decrypts it at the receiving end. This layer also handles data compression, encryption, and decryption algorithms, ensuring that the data is secure and can be understood by the receiving application.

    Rate this question:

  • 46. 

    1.    Which one of the circumstances below poses a significant risk?

    • A.

      Low threat, low vulnerability

    • B.

      Low threat, high vulnerability

    • C.

      High threat, low vulnerability

    • D.

      High threat, high vulnerability

    • E.

      None of the above

    Correct Answer
    D. High threat, high vulnerability
    Explanation
    High threat, high vulnerability poses a significant risk because it indicates a situation where there is a high likelihood of a threat occurring and a high potential for it to cause harm or damage. This combination increases the chances of negative consequences and the need for proactive measures to mitigate the risk.

    Rate this question:

  • 47. 

    A closed port responds to a SYN Packet with a(n) ___packet

    Correct Answer
    RST
    rst
    Rst
    Explanation
    A closed port responds to a SYN Packet with an RST packet. When a SYN packet is sent to a closed port, the receiving system will respond with an RST (reset) packet to indicate that the port is closed and not accepting connections. This helps in quickly identifying closed ports during network scanning or connection attempts. The variations in capitalization (RST, rst, Rst) do not affect the meaning or correctness of the answer.

    Rate this question:

  • 48. 

      Which of the following is not considered a category of exploit?

    • A.

      Over the Internet

    • B.

      Over the LAN

    • C.

      Locally

    • D.

      Offline

    • E.

      Ignorance

    Correct Answer
    E. Ignorance
    Explanation
    Ignorance is not considered a category of exploit. Exploits are typically categorized based on the method or location of the attack. "Over the Internet," "Over the LAN," "Locally," and "Offline" are all categories that describe different ways in which an exploit can occur. However, "Ignorance" does not fit into any of these categories and is not a recognized category of exploit.

    Rate this question:

  • 49. 

    In security environments, Identification is the process of:

    • A.

      Confirming your identify with an element unique to the person

    • B.

      Supplying your identify

    • C.

      Using your identify to assign access rights

    • D.

      Tracking what users are doing while accessing the systems

    • E.

      None of the above

    Correct Answer
    B. Supplying your identify
    Explanation
    The correct answer is "Supplying your identity." In security environments, the process of identification involves providing or supplying your identity information to confirm who you are. This could include providing personal information such as your name, username, password, or any other unique identifier that helps establish your identity. Identification is an essential step in granting access rights and ensuring that individuals are authorized to access certain systems or resources. It is different from authentication, which verifies the validity of the supplied identity information.

    Rate this question:

  • 50. 

    Which one of the following mechanisms can hackers use to defeat Availability?

    • A.

      Destruction

    • B.

      Integrity

    • C.

      Alteration

    • D.

      Disclosure

    • E.

      Confidentiality

    Correct Answer
    A. Destruction
    Explanation
    Hackers can defeat Availability by using the mechanism of Destruction. This means they can intentionally destroy or disrupt the availability of a system, network, or service, making it inaccessible or unusable for legitimate users. This can be done through various methods such as launching a denial of service (DoS) attack, destroying physical infrastructure, or deleting critical data. By causing destruction, hackers can effectively prevent users from accessing or using the targeted resource, compromising its availability.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Mar 25, 2010
    Quiz Created by
    Sickfredo
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.