Module I Certification Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Vtgamer
V
Vtgamer
Community Contributor
Quizzes Created: 5 | Total Attempts: 3,931
| Attempts: 197
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/114 Questions

      Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications?

    • Single sign-on
    • Constrained user interfaces
    • Encryption protocol
    • Access control lists
Please wait...
About This Quiz

Just a try to see if it can be done before Odie wakes up.

Online Exam Quizzes & Trivia

Quiz Preview

  • 2. 

      Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession?

    • CHAP

    • Certificate

    • Kerberos

    • Smart Cards

    Correct Answer
    A. Smart Cards
    Explanation
    Smart cards increase the security of the authentication process because they must be in your physical possession. Smart cards are small, portable devices that contain an embedded microchip. They require a user to insert the card into a card reader and provide a personal identification number (PIN) to access the information stored on the card. This two-factor authentication method adds an extra layer of security by requiring both something you have (the physical card) and something you know (the PIN) to authenticate. This makes it more difficult for unauthorized individuals to gain access to sensitive information or systems.

    Rate this question:

  • 3. 

      The authentication process where the user can access several resources without the need for multiple credentials is known as:

    • Single sign-on

    • Decentralized management

    • Discretionary Access Control (DAC)

    • Need to know

    Correct Answer
    A. Single sign-on
    Explanation
    Single sign-on is the correct answer because it refers to the authentication process where a user can access multiple resources without having to enter separate credentials for each resource. This streamlines the user experience and improves efficiency by eliminating the need for multiple logins. With single sign-on, users only need to authenticate once, and then they can seamlessly access various resources and applications without the need for additional credentials.

    Rate this question:

  • 4. 

      Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept?

    • Cookies

    • Buffer Overflows

    • CGI

    • SMTP relay

    Correct Answer
    A. Buffer Overflows
    Explanation
    Buffer overflows occur when a program receives more data than it is programmed to accept. This can lead to the overwriting of adjacent memory locations and can be exploited by attackers to execute arbitrary code or crash the program. This vulnerability is commonly found in software written in languages like C or C++ that do not have built-in protections against buffer overflows.

    Rate this question:

  • 5. 

      In order to recover discarded company documents, which of the following might an attacker resort to?

    • Insider theft

    • Shoulder surfing

    • Dumpster diving

    • Phishing

    Correct Answer
    A. Dumpster diving
    Explanation
    An attacker might resort to dumpster diving in order to recover discarded company documents. Dumpster diving refers to the act of searching through trash or recycling bins to find valuable or sensitive information. This method can be used to gather confidential documents, such as financial records, customer data, or internal memos, that have been improperly disposed of by the company. By retrieving these discarded documents, the attacker can potentially gain access to sensitive information and use it for malicious purposes.

    Rate this question:

  • 6. 

      From the following items, which will permit a user to float a domain registration for a maximum of five days?

    • DNS poisoning

    • Domain hijacking

    • Spoofing

    • Kiting

    Correct Answer
    A. Kiting
    Explanation
    Kiting is a fraudulent practice where a person registers a domain and then cancels the payment or uses a stolen credit card to pay for it. This allows the user to float the domain registration for a maximum of five days before the payment is flagged as fraudulent and the registration is canceled. DNS poisoning, domain hijacking, and spoofing are not related to floating a domain registration.

    Rate this question:

  • 7. 

      Giving each user or group of users only the access they need to do their job is an example of which of the following security principals?

    • Least privilege

    • Access control

    • Defense in depth

    • Separation of duties

    Correct Answer
    A. Least privilege
    Explanation
    The principle of least privilege states that users should only be given the minimum level of access necessary to perform their job functions. By giving each user or group of users only the access they need, organizations can minimize the risk of unauthorized access or misuse of sensitive information. This principle helps to limit the potential damage that can be caused by a compromised account or insider threat.

    Rate this question:

  • 8. 

      Which of the following access control models uses roles to determine access permissions?

    • RBAC

    • DAB

    • None of the above

    • MAC

    Correct Answer
    A. RBAC
    Explanation
    RBAC (Role-Based Access Control) is an access control model that uses roles to determine access permissions. In RBAC, users are assigned specific roles, and these roles define the permissions and privileges that the users have within the system. By assigning roles to users, access can be easily managed and controlled, as permissions are granted based on the roles assigned to the user. This model provides a more efficient and scalable way to manage access control compared to individually assigning permissions to each user.

    Rate this question:

  • 9. 

      Which of the following is a major reason that social engineering attacks succeed?

    • Multiple logins are allowed

    • Lack of security awareness

    • Audit logs are not monitored frequently

    • Strong passwords are not required

    Correct Answer
    A. Lack of security awareness
    Explanation
    Social engineering attacks often succeed due to a lack of security awareness. This means that individuals are not properly educated or trained on how to recognize and respond to potential threats. Without this awareness, people may be easily manipulated or deceived by attackers posing as trustworthy individuals or organizations. This can lead to the disclosure of sensitive information or the execution of unauthorized actions, ultimately compromising the security of systems and networks.

    Rate this question:

  • 10. 

      A person pretends to be a telecommunications repair technician, enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. The person connects a packet sniffer to the network switch in the wiring closet and hides the sniffer behind the switch against the wall. This is an example of:

    • A man in the middle attack

    • Social engineering

    • A penetration test

    • A vulnerability scan

    Correct Answer
    A. Social engineering
    Explanation
    This scenario describes a form of social engineering. Social engineering involves manipulating or deceiving individuals to gain unauthorized access to systems or information. In this case, the person pretends to be a technician and tricks the security guard into granting access to the wiring closet. The intention is to install a packet sniffer to intercept and capture network traffic. This type of attack exploits human vulnerabilities rather than technical vulnerabilities.

    Rate this question:

  • 11. 

      Which of the following describes an attacker encouraging a person to perform an action in order to be successful?

    • Back door

    • Social engineering

    • Password guessing

    • Man in the middle

    Correct Answer
    A. Social engineering
    Explanation
    Social engineering is a tactic used by attackers to manipulate and deceive individuals into performing certain actions that benefit the attacker. This can involve tricking someone into revealing sensitive information, such as passwords or personal data, or persuading them to click on malicious links or download harmful files. The attacker relies on the victim's trust and vulnerability to achieve their goals.

    Rate this question:

  • 12. 

      Which of the below options would you consider as a program that constantly observes data traveling over a network?

    • Sniffer

    • Smurfer

    • Fragmenter

    • Spoofer

    Correct Answer
    A. Sniffer
    Explanation
    A sniffer is a program that constantly observes data traveling over a network. It is used for network monitoring and analysis purposes. A sniffer captures and analyzes network packets, allowing users to examine network traffic and identify any abnormal or suspicious activities. It is commonly used by network administrators and security professionals to troubleshoot network issues, detect network vulnerabilities, and monitor for unauthorized access or malicious activities.

    Rate this question:

  • 13. 

      As a network administrator, your company uses the RBAC (Role Based Access Control) model. You must plan the security strategy for user to access resources on the network. These resources include mailboxes and files and printers. The departments in your company are Finance, Sales, Research and Development, and Production. Users access the resources based on the department wherein he/she works. Which roles should you create to support the RBAC (Role Based Access Control) model?

    • Create user and workstation roles

    • Create mailbox, and file and printer roles

    • Create Finance, Sales, Research and Development, and Production roles

    • Create allow access and deny access roles.

    Correct Answer
    A. Create Finance, Sales, Research and Development, and Production roles
    Explanation
    The RBAC (Role Based Access Control) model is based on assigning roles to users based on their job responsibilities or departments. In this scenario, the company has different departments such as Finance, Sales, Research and Development, and Production. To support the RBAC model, it is necessary to create roles for each department. This will allow users to access resources such as mailboxes, files, and printers based on the department they work in. Therefore, creating Finance, Sales, Research and Development, and Production roles is the correct answer.

    Rate this question:

  • 14. 

      Turnstiles, double entry doors and security guards are all prevention measures for which of the following types of social engineering?

    • Looking through a co-worker’s trash

    • Impersonation

    • Piggybacking

    • Looking over a co-workers shoulder to retrieve information

    Correct Answer
    A. Piggybacking
    Explanation
    Piggybacking refers to the act of unauthorized individuals gaining access to a restricted area by following closely behind an authorized person. Turnstiles, double entry doors, and security guards are all prevention measures aimed at stopping piggybacking incidents.

    Rate this question:

  • 15. 

    The first step in creating a security baseline would be?

    • Identifying the use case

    • Creating a security policy

    • Vulnerability testing

    • Installing sodftware patches

    Correct Answer
    A. Creating a security policy
    Explanation
    The first step in creating a security baseline would be creating a security policy. A security policy outlines the guidelines and procedures for protecting an organization's assets and information. By creating a security policy, an organization can define its security objectives, identify potential risks, and establish rules and practices to mitigate those risks. This policy serves as a foundation for implementing security controls and measures to ensure the confidentiality, integrity, and availability of the organization's resources.

    Rate this question:

  • 16. 

      Which of the following definitions BEST suit Buffer Overflow?

    • It is used to provide a persistent, customized web experience for each visit

    • It receives more data than it is programmed to accept

    • It has a feature designed into many email servers that allows them to forward email to other email servers

    • It’s an older form of scripting that was used extensively in early web systems

    Correct Answer
    A. It receives more data than it is programmed to accept
    Explanation
    Buffer Overflow occurs when a program or process receives more data than it is programmed to accept. This can lead to the excess data overflowing into adjacent memory locations, potentially causing the program to crash, behave unexpectedly, or even allow an attacker to execute malicious code.

    Rate this question:

  • 17. 

      Disguising oneself as a reputable hardware manufacturer’s field technician who is picking up a server for repair would be described as:

    • A phishing attack

    • Social engineering

    • A Trojan horse

    • A man-in-the-middle attack

    Correct Answer
    A. Social engineering
    Explanation
    Social engineering involves manipulating individuals to gain unauthorized access or obtain sensitive information. In this scenario, the attacker is using deception by pretending to be a trusted field technician from a reputable hardware manufacturer to trick someone into handing over a server. This tactic relies on exploiting human trust and is a form of social engineering.

    Rate this question:

  • 18. 

      For the following items, which is an example of an attack that executes once a year on a certain date?

    • Worm

    • Logic bomb

    • Rootkit

    • Virus

    Correct Answer
    A. Logic bomb
    Explanation
    A logic bomb is a type of malicious code that is programmed to execute a specific action at a predetermined time or when certain conditions are met. In this case, the logic bomb is set to activate once a year on a certain date. This type of attack is often used to cause damage or disruption to a system or network. Unlike a virus or worm, which can spread and replicate, a logic bomb remains dormant until triggered, making it a stealthy and targeted form of attack. A rootkit, on the other hand, is a type of software that allows unauthorized access to a computer system, but it does not necessarily have a time-based trigger.

    Rate this question:

  • 19. 

    A representative from the human resources department informs a security specialist that an employee has been terminated.  Which of the following would be the BEST action to take?

    • Contact the employee's supervisor regarding disposition of user accounts

    • Hange the employee's user password and keep the data for a specified period

    • Disable the employee's user accounts and delete all data

    • Disable the employee's accounts and keep the data for a specified period

    Correct Answer
    A. Disable the employee's accounts and keep the data for a specified period
    Explanation
    When an employee is terminated, it is important to disable their user accounts to prevent unauthorized access. However, it is also necessary to keep the data for a specified period for legal and compliance purposes. This allows the organization to retain any necessary information or evidence related to the employee's activities during their tenure. By disabling the accounts, the organization ensures that the terminated employee cannot access any sensitive information or systems while still maintaining the data for a specified period.

    Rate this question:

  • 20. 

      In a classified environment, a clearance into a Top Secret compartment only allows access to certain information within that compartment. This is known as:

    • Acceptable use

    • Need to know

    • Separation of duties

    • Dual control

    Correct Answer
    A. Need to know
    Explanation
    In a classified environment, individuals with a clearance into a Top Secret compartment are only granted access to specific information within that compartment based on their "need to know." This means that they are only given access to information that is necessary for them to perform their duties and responsibilities, ensuring that sensitive information is only shared with those who require it. This principle helps to protect classified information and prevent unauthorized access or disclosure.

    Rate this question:

  • 21. 

      Which of the following access attacks would involve looking through your files in the hopes of finding something interesting?

    • Snooping

    • Eavesdropping

    • Interception

    • None of the above

    Correct Answer
    A. Snooping
    Explanation
    Snooping is an access attack that involves looking through someone's files in the hopes of finding something interesting. It refers to the unauthorized access and examination of data or information that is stored on a computer or network. This type of attack is typically carried out by individuals who are trying to gain unauthorized access to sensitive or confidential information for malicious purposes. It is important to protect against snooping by implementing strong security measures such as encryption and access controls.

    Rate this question:

  • 22. 

      Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software?

    • Logic bomb

    • Virus

    • Worm

    • Trojan horse

    Correct Answer
    A. Worm
    Explanation
    A worm is a type of malicious software that can spread across computer networks without the need for user distribution. Unlike viruses, which require a host file to attach to, worms are standalone programs that can replicate themselves and spread from one computer to another. They exploit vulnerabilities in network protocols to propagate and can cause significant damage by consuming network bandwidth, slowing down systems, and even deleting files. This makes worms a particularly dangerous type of malware as they can quickly infect multiple computers and networks without the user's knowledge or involvement.

    Rate this question:

  • 23. 

      Which of the following describes a server or application that is accepting more input than the server or application is expecting?

    • Syntax error

    • Denial of service (DoS)

    • Brute force

    • Buffer overflow

    Correct Answer
    A. Buffer overflow
    Explanation
    A buffer overflow occurs when a server or application receives more input than it can handle, causing the excess data to overwrite adjacent memory locations. This can lead to unexpected behavior, crashes, or even security vulnerabilities. Unlike a syntax error, which is a mistake in the code structure, a buffer overflow is a runtime issue. Denial of service (DoS) and brute force attacks are unrelated to the concept of accepting more input than expected.

    Rate this question:

  • 24. 

      A user has received an email from a mortgage company asking for personal information including bank account numbers. This would BEST be described as:

    • Spam

    • A hoax

    • Packet sniffing

    • Phishing

    Correct Answer
    A. Phishing
    Explanation
    Phishing is the correct answer because it involves the act of tricking users into revealing personal information, such as bank account numbers, by disguising as a trustworthy entity. In this scenario, the email from the mortgage company is likely a fraudulent attempt to obtain sensitive information, rather than a legitimate request.

    Rate this question:

  • 25. 

    You work as a network administrator for your company.  Your company has just detected a malware incident.  Which will be your first response?

    • Monitor

    • Removal

    • Recovery

    • Containment

    Correct Answer
    A. Containment
    Explanation
    In the event of a malware incident, the first response should be containment. This involves isolating the infected system or network to prevent the malware from spreading further. By containing the malware, the network administrator can minimize the impact of the incident and prevent it from affecting other systems or compromising sensitive data. Monitoring, removal, and recovery are important steps that follow containment, but containment is the initial response to limit the damage and protect the network.

    Rate this question:

  • 26. 

      Which item can be commonly programmed into an application for ease of administration?

    • Back door

    • Worm

    • Zombie

    • Trojan

    Correct Answer
    A. Back door
    Explanation
    A back door can be commonly programmed into an application for ease of administration. A back door is a hidden entry point in a software or system that allows authorized individuals to bypass normal authentication measures and gain access to the system. It is often used by system administrators or developers to troubleshoot or perform maintenance tasks without going through normal procedures. This can make administration tasks easier and more efficient, as it provides a convenient way to access and manage the application.

    Rate this question:

  • 27. 

      Choose the statement that best details the difference between a worm and a Trojan horse?

    • Worms are a form of malicious code while Trojan horses are not

    • Worms are distributed through email messages while Trojan horses do not

    • Worms self replicate while Trojan horses do not

    • There is no difference between a worm and a Trojan horse

    Correct Answer
    A. Worms self replicate while Trojan horses do not
    Explanation
    The correct answer is "Worms self replicate while Trojan horses do not." This statement accurately describes the main difference between worms and Trojan horses. Worms are a type of malicious code that can replicate and spread themselves to other systems without the need for human intervention. On the other hand, Trojan horses are malicious programs that disguise themselves as legitimate software but do not have the ability to self-replicate.

    Rate this question:

  • 28. 

      On the topic of comparing viruses and hoaxes, which statement is TRUE?

    • Hoaxes can help educate users about a virus

    • Hoaxes carry a malicious payload and can be destructiv

    • Hoaxes can create as much damage as a real virus

    • Hoaxes are harmless pranks and should be ignored

    Correct Answer
    A. Hoaxes can create as much damage as a real virus
    Explanation
    Hoaxes can create as much damage as a real virus because they can spread misinformation, cause panic, and disrupt normal operations. Even though hoaxes may not have a malicious payload like a virus, their impact can be significant. They can lead to wasted time and resources as people try to investigate and respond to the hoax. Additionally, hoaxes can also undermine trust in legitimate information sources and make it more difficult to effectively communicate important information about real threats. Therefore, it is important to take hoaxes seriously and not dismiss them as harmless pranks.

    Rate this question:

  • 29. 

      Which of the following types of programs autonomously replicates itself across networks?

    • Worm

    • Trojan horse

    • Virus

    • Spyware

    Correct Answer
    A. Worm
    Explanation
    A worm is a type of program that can autonomously replicate itself across networks. Unlike viruses, which require a host program to spread, worms can spread independently by exploiting vulnerabilities in network protocols. Worms can cause significant damage by consuming network bandwidth, overloading servers, and spreading malware to other computers. They can also create backdoors, allowing unauthorized access to infected systems. Unlike Trojan horses and spyware, which are typically hidden within legitimate programs, worms are standalone programs designed specifically for self-replication and spreading.

    Rate this question:

  • 30. 

    Human resource personel should be trained about security policy:

    • Maintenence

    • Monitering and administration

    • Guidelines and enforcement

    • Implementation

    Correct Answer
    A. Guidelines and enforcement
    Explanation
    Human resource personnel should be trained about security policy because they play a crucial role in ensuring that employees adhere to the guidelines and policies related to security. By being trained in guidelines and enforcement, HR personnel can effectively communicate and enforce security policies throughout the organization. This training will enable them to educate employees about the importance of following security protocols, monitor compliance, and take appropriate enforcement actions when necessary. Ultimately, their understanding and implementation of security guidelines will contribute to a safer and more secure work environment.

    Rate this question:

  • 31. 

      Which one of the following options will permit an attacker to hide the presence of malicious code through altering the systems process and registry entries?

    • Rootkit

    • Worm

    • Logic bomb

    • Trojan

    Correct Answer
    A. Rootkit
    Explanation
    A rootkit is a type of malicious software that allows an attacker to gain unauthorized access to a computer system and alter its processes and registry entries. By doing so, the attacker can hide the presence of any malicious code or activity, making it difficult for the victim to detect or remove the rootkit. This enables the attacker to maintain control over the compromised system and carry out further malicious actions without being detected.

    Rate this question:

  • 32. 

      Which of the following common attacks would the attacker capture the user’s login information and replay it again later?

    • Back Door Attacks

    • Man In The Middle

    • Replay Attack

    • Spoofing

    Correct Answer
    A. Replay Attack
    Explanation
    A replay attack is a type of attack where an attacker captures the user's login information and then replays it at a later time. This allows the attacker to gain unauthorized access to the user's account or system. In a replay attack, the attacker intercepts the login information, such as usernames and passwords, and then uses that information to impersonate the user and gain access to their account. This type of attack can be particularly dangerous because it does not require the attacker to have any knowledge of the user's credentials, and can be executed even if the user's login credentials are encrypted.

    Rate this question:

  • 33. 

    In order to allow for more oversight of past transactions, a company decides to exchange positions of the purchasing agent and the accounts recievable agent.  Which is an example of this?

    • Implicite deny

    • Seperation of duties

    • Job rotation

    • Least privelege

    Correct Answer
    A. Job rotation
    Explanation
    Job rotation is when employees are moved between different roles or departments within a company. In this scenario, the company decides to exchange positions of the purchasing agent and the accounts receivable agent, which is an example of job rotation. This allows for more oversight of past transactions as different employees will have the opportunity to review and understand the responsibilities of both roles, reducing the risk of fraud or errors going unnoticed.

    Rate this question:

  • 34. 

      The ability to logon to multiple systems with the same credentials is typically known as:

    • Role Based Access Control (RBAC)

    • Decentralized management

    • Centralized management

    • Single sign-on

    Correct Answer
    A. Single sign-on
    Explanation
    Single sign-on refers to the ability to log in to multiple systems or applications using the same set of credentials. This eliminates the need for users to remember and enter different usernames and passwords for each system, improving convenience and user experience. With single sign-on, users only need to authenticate once, and their credentials are then used to access multiple systems seamlessly. This reduces the risk of password fatigue and simplifies the management of user accounts.

    Rate this question:

  • 35. 

      Both the server and the client authenticate before exchanging data. This is an example of which of the following?

    • SSO

    • Biometrics

    • Mutual authentication

    • Multifactor authentication

    Correct Answer
    A. Mutual authentication
    Explanation
    Mutual authentication refers to a process where both the server and the client verify each other's identities before exchanging data. In this case, both the server and the client authenticate themselves, ensuring that they are communicating with the intended party and not an imposter. This helps establish a secure and trusted connection between the two parties, preventing unauthorized access and ensuring data confidentiality and integrity. Mutual authentication is commonly used in secure communication protocols like SSL/TLS to provide a robust level of security.

    Rate this question:

  • 36. 

      Malicious software that travels across computer networks without user assistance is an example of a:

    • Logic bomb

    • Worm

    • Trojan horse

    • Virus

    Correct Answer
    A. Worm
    Explanation
    A worm is a type of malicious software that can spread across computer networks without any user assistance. Unlike a virus, which requires a host program to spread, a worm is standalone and can replicate itself to infect other computers. It can exploit vulnerabilities in network protocols or use social engineering techniques to trick users into executing it. Once inside a system, a worm can perform various harmful actions, such as stealing information, corrupting files, or slowing down network performance. Therefore, a worm is the correct answer in this case.

    Rate this question:

  • 37. 

      Social engineering attacks would be MOST effective in which of the following environments (Select TWO).

    • A locked, windowless building

    • A company with a dedicated information technology (IT) security staff

    • A public building that has shared office space

    • A company with a help desk whose personnel have minimal training

    • Military facility with computer equipment containing biometrics

    Correct Answer(s)
    A. A public building that has shared office space
    A. A company with a help desk whose personnel have minimal training
    Explanation
    Social engineering attacks are most effective in environments where there is a lack of security awareness and protocols. In a public building with shared office space, there may be a higher likelihood of individuals with malicious intent gaining access to sensitive information or manipulating unsuspecting individuals. Similarly, in a company with a help desk whose personnel have minimal training, there may be a higher vulnerability to social engineering tactics as employees may be more easily tricked into providing sensitive information or granting unauthorized access.

    Rate this question:

  • 38. 

      Which scanner can find a rootkit?

    • Email scanner

    • Malware scanner

    • Anti-spam scanner

    • Adware scanner

    Correct Answer
    A. Malware scanner
    Explanation
    A malware scanner is designed to detect and remove various types of malware, including rootkits. Rootkits are a type of malicious software that are specifically designed to hide themselves and other malware on a system, making them difficult to detect and remove. Therefore, a malware scanner is the most appropriate tool for finding and removing rootkits. An email scanner is focused on scanning and filtering emails for potential threats, while an anti-spam scanner is designed to identify and block spam emails. An adware scanner is specifically designed to detect and remove adware, which is a type of software that displays unwanted advertisements.

    Rate this question:

  • 39. 

      Access controls based on security labels associated with each data item and each user are known as:

    • Role Based Access Control (RBAC)

    • Discretionary Access Control (DAC)

    • Mandatory Access Control (MAC)

    • List Based Access Control (LBAC)

    Correct Answer
    A. Mandatory Access Control (MAC)
    Explanation
    Mandatory Access Control (MAC) is a type of access control that uses security labels associated with each data item and each user to determine access permissions. In MAC, access decisions are based on predefined rules and policies set by the system administrator, rather than the discretion of individual users or their roles. This ensures a higher level of security as access is strictly controlled and enforced based on the sensitivity of the data and the clearance level of the user.

    Rate this question:

  • 40. 

      Study the following items carefully; which one will permit a user to float a domain registration for a maximum of five days?

    • Spoofing

    • Kiting

    • DNS poisoning

    • Domain hijacking

    Correct Answer
    A. Kiting
    Explanation
    Kiting is a fraudulent practice where a user can float a domain registration for a maximum of five days. This means that they can temporarily register a domain without actually paying for it, allowing them to use it for a short period of time before the registration is finalized and payment is required. Spoofing, DNS poisoning, and domain hijacking are not related to the ability to float a domain registration.

    Rate this question:

  • 41. 

      Which of the following definitions would be correct regarding Eavesdropping?

    • Someone looking through your files

    • Involve someone who routinely monitors network traffic

    • Listening or overhearing parts of a conversation

    • Placing a computer system between the sender and receiver to capture information

    Correct Answer
    A. Listening or overhearing parts of a conversation
    Explanation
    Eavesdropping refers to the act of listening or overhearing parts of a conversation. It involves secretly listening in on a conversation without the knowledge or consent of the individuals involved. This can be done intentionally or unintentionally, and it is often considered a breach of privacy. Eavesdropping can occur in various settings, such as in person, over the phone, or through electronic communication channels. It is important to note that eavesdropping can be illegal in certain circumstances, especially when it involves unauthorized access to private conversations.

    Rate this question:

  • 42. 

      How is access control permissions established in the RBAC access control model?

    • The role or responsibilities users have in the organization

    • The system administrator

    • The owner of the resource

    • None of the above

    Correct Answer
    A. The role or responsibilities users have in the organization
    Explanation
    Access control permissions in the RBAC access control model are established based on the role or responsibilities that users have in the organization. This means that users are granted specific permissions based on their assigned roles, allowing them to access certain resources and perform certain actions. The RBAC model focuses on managing access based on user roles rather than individual user identities, making it easier to administer and control access rights in large organizations.

    Rate this question:

  • 43. 

      From the listing of attacks, choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network?

    • SYN attack

    • Smurf attack

    • Birthday attack

    • Buffer Overflow attack

    Correct Answer
    A. SYN attack
    Explanation
    The correct answer is SYN attack. This type of attack exploits the session initiation process between a TCP client and server. In a SYN attack, the attacker sends a large number of SYN requests to the server, but never completes the handshake process. This causes the server to allocate resources for each incomplete connection, eventually leading to a denial of service.

    Rate this question:

  • 44. 

      Which solution can be used by a user to implement very tight security controls for technicians that seek to enter the users’ datacenter?

    • Magnetic lock and pin

    • Smartcard and proximity readers

    • Biometric reader and smartcard

    • Combination locks and key locks

    Correct Answer
    A. Biometric reader and smartcard
    Explanation
    Biometric reader and smartcard can be used to implement very tight security controls for technicians that seek to enter the users' datacenter. Biometric reader ensures that only authorized individuals with their unique biometric data can gain access, eliminating the risk of stolen or shared access cards. Smartcards provide an additional layer of security by requiring a physical card to be present, which can be further authenticated through PIN or password. This combination of biometric reader and smartcard ensures a high level of security and prevents unauthorized access to the datacenter.

    Rate this question:

  • 45. 

      Which description is correct about a tool used by organizations to verify whether or not a staff member has been involved in malicious activity?

    • Implicit deny

    • Implicit allow

    • Time of day restrictions

    • Mandatory vacations

    Correct Answer
    A. Mandatory vacations
    Explanation
    Mandatory vacations are a tool used by organizations to verify whether or not a staff member has been involved in malicious activity. By requiring employees to take regular vacations, organizations can ensure that other staff members have the opportunity to step into their roles and perform their duties. This can help to identify any unauthorized or malicious activities that may have been taking place while the employee is away. Additionally, mandatory vacations can also serve as a deterrent for employees who may be tempted to engage in malicious activities, as they know that their absence will be noticed and potentially investigated.

    Rate this question:

  • 46. 

      Which security threat will affect PCs and can have its software updated remotely by a command and control center?

    • Virus

    • Adware

    • Zombie

    • Worm

    Correct Answer
    A. Zombie
    Explanation
    A zombie is a type of malware that infects PCs and can be controlled remotely by a command and control center. This allows the attacker to remotely update the software on the infected PCs and use them to carry out malicious activities without the user's knowledge. Zombies are often used in botnets, which can be used for various purposes such as launching DDoS attacks or sending spam emails.

    Rate this question:

  • 47. 

      Which one of the following options is an attack launched from multiple zombie machines in attempt to bring down a service?

    • DDoS

    • Man-in-the-middle

    • DoS

    • TCP/IP hijacking

    Correct Answer
    A. DDoS
    Explanation
    A DDoS (Distributed Denial of Service) attack is launched from multiple zombie machines with the intention of overwhelming a service and causing it to become unavailable to legitimate users. This is done by flooding the target server or network with a high volume of traffic, making it unable to handle legitimate requests. Unlike a DoS (Denial of Service) attack, which is launched from a single source, a DDoS attack utilizes multiple sources to amplify its impact and make it more difficult to mitigate. Man-in-the-middle and TCP/IP hijacking are different types of attacks that involve intercepting and manipulating network traffic.

    Rate this question:

  • 48. 

      Choose the attack of malicious code that cannot be prevented or deterred solely through using technical measures

    • Social engineering

    • Dictionary attacks

    • Man in the middle attacks

    • DoS (Denial of Service) attacks

    Correct Answer
    A. Social engineering
    Explanation
    Social engineering is a type of attack where the attacker manipulates and deceives individuals into divulging sensitive information or performing actions that they normally wouldn't. Unlike other attacks listed, social engineering relies on human interaction and psychological manipulation rather than technical vulnerabilities. It cannot be prevented solely through technical measures because it exploits human trust and behavior, making it difficult to detect and defend against using traditional security measures such as firewalls or antivirus software.

    Rate this question:

  • 49. 

      Who is finally in charge of the amount of residual risk?

    • The DRP coordinator

    • The organization’s security officer

    • The senior management

    • The security technician

    Correct Answer
    A. The senior management
    Explanation
    The senior management is finally in charge of the amount of residual risk. As the highest level of decision-makers in an organization, they have the authority and responsibility to make strategic decisions regarding risk management. They are accountable for setting the overall risk appetite and ensuring that appropriate risk mitigation measures are in place. The senior management's involvement is crucial in determining the acceptable level of residual risk for the organization and making informed decisions on risk acceptance or further risk reduction measures.

    Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 19, 2010
    Quiz Created by
    Vtgamer

Popular Topics

+ Show more
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.