18. An IT professional makes a backup of critical information from a company’s system so it can still be accessed if the system is attacked. Which key principle for designing information security policies does this represent?
- The availability principle
- The intelligence principle
- The risk principle
- The integrity principle
19. Which of the following is true of black hat and white hat hackers?
- Black hats are malicious. White hats identify weaknesses to help mitigate threats.
- Black hats try to find weaknesses, but white hats don’t.
- Neither black hats nor white hats can be trusted.
- Black hats work with owners to fix problems. White hats just try to get into a system.
20. After a user downloads a free software product, the computer’s browser automatically opens and jumps to random product pages. What kind of malicious software is this?
- Adware
- A worm
- A Keylogger
- A rootkit
21. An unhappy systems administrator installed malware that attacked after a timed event, rather than when it was installed. What type of malware does this describe?
- Ransomware
- A logic bomb
- A rootkit
- Spyware
22. A victim connects to a network they think is legitimate, but the network is really an identical network controlled by a hacker. What type of network attack are they a victim of?
- A Denial of Service (DoS)
- A logic bomb
- An evil twin
- DNS cache poisoning
23. Which type of network-based attack prevents legitimate users from accessing a system by overwhelming the network?
- A brute force password attack
- An injection attack
- A Denial of Service (DoS) attack
- A malware attack
24. An attacker sends a large number of SYN packets, but does not send any ACK messages back. The connection stays open and uses up the source’s resources. What is this attack called?
- A zero day exploit
- A half-open attack
- A DNS cache poisoning attack
- A ping flood
25. Which of the following measures can prevent injection attacks? Select all that apply.
- Data sanitization
- Log analysis systems
- Input validation
- Flood guards
26. What kind of attack keeps trying different combinations of characters and letters until it gets password access to a system?
- An Injection attack
- A phishing attack
- A dictionary attack
- A brute force attack
27. An email message tells a user there is a problem with the user’s bank account. The email directs the user to a login page that steals the user’s information. What is this called?
- Phishing
- Tailgating
- Injection
- Denial of Service
Shuffle Q/A 1
28. Which of the following is an example of the CIA triad’s confidentiality principle in action?
- Preventing an unwanted download
- Making sure data hasn’t been tampered with
- Protecting online accounts with a password
- Preventing data loss
29. Which of the following is an example of a zero-day vulnerability?
- A user accidentally loads malware onto a computer that logs the user’s keypresses and uses them to get confidential information.
- After a user downloads and starts a piece of software, it starts showing ads and collecting data.
- A group of hackers finds a flaw in a new software product and takes advantage of it before the vendor or developer finds it.
- A user voluntarily downloads a piece of software hoping it will be useful, but instead it lets hackers access the user’s computer.
