Cybersecurity Essentials
Pre-Test Questions
Course Introduction
Cybersecurity Essentials provides students with a comprehensive introduction to the foundational principles and practices necessary for protecting digital information and systems. This course covers core topics including types of cyber threats, risk management, security policies, ethical and legal considerations, and common defense strategies such as firewall configurations, encryption, and authentication. Through real-world examples, case studies, and hands-on exercises, students will gain practical knowledge in identifying vulnerabilities and implementing basic safeguards to secure networks, devices, and data in both personal and organizational contexts.
Recommended Textbook
Principles of Computer Security CompTIA Security+ and Beyond 3rd Edition by Wm. Arthur Conklin
Available Study Resources on Quizplus
25 Chapters
1136 Verified Questions
1136 Flashcards
Source URL: https://quizplus.com/study-set/2933
2
Chapter 1: Introduction and Security Trends
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58443
Sample Questions
Q1) What is a port scan?
A)Identifies what ports can be used to smuggle information across borders
B)Identifies ports that are open and services that are running
C)Identifies the USB,parallel,and serial ports that can be used to connect to the system
D)Identifies the IP addresses of computers on the network
Answer: B
Q2) In April 2009,Homeland Security Secretary Janet Napolitano told reporters
A)Organized crime made attempts to break into the US electric power grid
B)Hacktivists made attempts to break into the US electric power grid
C)Terrorists made attempts to break into the US electric power grid
D)China and Russia made attempts to break into the US electric power grid
Answer: D
Q3) The biggest change that has occurred in security over the last 30 years has been the change in the computing environment from small,tightly contained mainframes to a highly widespread network of much larger systems.
A)True
B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above.
3
Chapter 2: General Security Concepts
Available Study Resources on Quizplus for this Chatper
65 Verified Questions
65 Flashcards
Source URL: https://quizplus.com/quiz/58442
Sample Questions
Q1) All applications,scripts,and batch files run in the same security context of the user who is logged in at the time.
A)True
B)False
Answer: True
Q2) Which of the following is a security model that uses transactions as the basis for its rules?
A)Biba
B)Bell-LaPadula
C)Layered defense
D)Clark-Wilson
Answer: D
Q3) A security procedure is a high-level statement produced by senior management that outlines both what security means to the organization and the organization's goals for security.
A)True
B)False
Answer: False
Q4) _______________ is the condition that a control can be verified as functioning. Answer: Auditability
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Operational-Organizational Security
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/58441
Sample Questions
Q1) _______________ are high-level,broad statements of what the organization wants to accomplish.
Answer: Policies
Q2) Choosing the location of equipment can have an impact on your security.Explain the security issues you would consider when placing various types of equipment.
Answer: Wireless access points should be placed where it is difficult for outsiders to access.Monitors should not face windows.Devices that have electromagnetic emanation should be contained properly.
Q3) Statements made by management that lays out the organization's position on an issue are called ________.
A)policies
B)procedures
C)standards
D)guidelines
Answer: A
Q4) Access controls that utilize "something you are," such as finger prints,irises,or hand geometry,is called _______________.
Answer: biometrics
To view all questions and flashcards with answers, click on the resource link above.
5
Chapter 4: The Role of People in Security
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58440
Sample Questions
Q1) The process of going through a target's trash in hopes of finding valuable information that might be used in a penetration attempt is known as
Q2) A(n)_______________ is an avenue that can be used to access a system while circumventing normal security mechanisms,and can often be used to install additional executable files.
Q3) Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view.
A)True
B)False
Q4) An attacker watches people as they enter a building requiring a key card.He waits until he see someone who appears to be in a rush and has their hands full.He then intercepts the person,makes quick small talk,offers to help them hold what's in their hands while he swipes in,and follows behind.This is an example of
A)Spear phishing
B)Pharming
C)Piggybacking
D)Man trapping
Q5) What are the dangers of non-employees having physical access? Give examples.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Cryptography
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58439
Sample Questions
Q1) Cryptographic algorithms are used for all of the following EXCEPT:
A)Confidentiality
B)Integrity
C)Availability
D)Authentication
Q2) Keeping a copy of the encryption key with a trusted third party is called
Q3) A(n)_______________ is a step-by-step,recursive computational procedure for solving a problem in a finite number of steps.
Q4) The art of secret writing that enables an individual to hide the contents of a message from all but the intended recipient is called
A)Steganography
B)Cryptanalysis
C)Cryptography
D)Key management
Q5) Decryption is the process of creating ciphertext from plaintext.
A)True
B)False
Q6) What are some of the uses of cryptographic algorithms?
Page 7
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Public Key Infrastructure
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/58438
Sample Questions
Q1) What is a public key infrastructure?
A)A structure that enables parties to use communications such as e-mail
B)A structure that provides all of the components needed for entities to communicate securely and in a predictable manner
C)A structure that enables secure communications in chat rooms,and when instant messaging and text messaging
D)Is another name for digital signatures
Q2) The term used to describe a centralized directory that can be accessed by a subset of individuals is _______________
Q3) What is a digital certificate?
A)It's a means of establishing the validity of an offer from a person,entity,web site or e-mail.
B)It's a centralized directory wherein registered keys are created and stored.
C)It's a means of establishing your credentials electronically when doing business or other transactions on the Web
D)It's an entity that generates electronic credentials and distributes them upon proving their identity sufficiently.
Q4) What are the three types of trust models?
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Standards and Protocols
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/58437
Sample Questions
Q1) What are the documents developed by the government to aid in the development of a standard for use in areas such as security or system interoperability?
A)FES,Federal encryption standards
B)FIPS,Federal Information Processing Standards
C)FIRE,Federal information regulation enterprise
D)FIES,Federal information and encryption standards
Q2) The X.905 standard specifies formats for public key certificates.
A)True
B)False
Q3) _______________ allows the encapsulation of one packet inside another to hide the original packet.
Q4) Which is the strongest implementation class of WTLS?
A)First class
B)Class 1
C)Class 2
D)Class 3
Q5) A popular program used to encrypt and decrypt e-mail and files is _______________.
Q6) List and define 5 of the 12 sections detailed by the ISO/IEC 27002 Standard.
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Physical Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58436
Sample Questions
Q1) All of the following are ways to prevent a computer from booting up from a bootable floppy EXCEPT:
A)Taking out the floppy drive.
B)Removing the a drive from the boot sequence.
C)Setting a bios password.
D)Making sure the floppy is not the first drive in the boot sequence.
Q2) The best fire extinguisher for an wood,paper and cloth fires is a
A)Class A
B)Class B
C)Class C
D)Class D
Q3) Mantraps are a good countermeasure against
A)Dumpster diving
B)Shoulder surfing
C)Tailgating
D)Phishing
Q4) A house key is an example of a(n)__________.
Q5) Explain a simple way to combat boot disks.
Q6) Explain very simply how biometrics works
Q7) The _______________ is the weakest link in the security chain.
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Network Fundamentals
Available Study Resources on Quizplus for this Chatper
55 Verified Questions
55 Flashcards
Source URL: https://quizplus.com/quiz/58435
Sample Questions
Q1) UDP uses a three-way handshake to establish connections.
A)True
B)False
Q2) _______________ is the protocol that resolves a domain name to an IP address.
Q3) A(n)_______ class address supports 65,000 hosts on each of 16,000 networks,and allows three sections of the IP address to be devoted to host addressing.
A)A
B)B
C)C
D)D
Q4) A ________ is a network typically smaller in terms of size and geographic coverage and consist of two or more connected devices.Home or office networks are typically classified as this type of network.
A)local area network
B)office area network
C)wide area network
D)internal area network
Q5) What is a DMZ and what is it used for?
Q6) Another term for an IP packet is _______________.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Infrastructure Security
Available Study Resources on Quizplus for this Chatper
42 Verified Questions
42 Flashcards
Source URL: https://quizplus.com/quiz/58434
Sample Questions
Q1) The following are steps in securing a workstation EXCEPT:
A)Install NetBIOS and IPX
B)Install antivirus
C)Remove unnecessary software
D)Disable unnecessary user accounts
Q2) Switches create one big collision domain for all connected devices.
A)True
B)False
Q3) Centralized monitoring of the health of the network is the function of a
A)File server
B)SNMP
C)NOC
D)TOC
Q4) The intentions of computer virus writers have changed over the years,from wanting to simply spread a virus and be noticed,to the work of today's stealthy botnet-creating criminals.
A)True
B)False
Q5) A network traffic management device used to connect different network segments together is called a(n)_______________.
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Authentication and Remote Access
Available Study Resources on Quizplus for this Chatper
46 Verified Questions
46 Flashcards
Source URL: https://quizplus.com/quiz/58433
Sample Questions
Q1) What are the three steps of establishing proper privileges?
Q2) Which of the following describes the wireless standard?
A)802.11
B)854.12
C)800.15
D)756.10
Q3) _______________ authentication is a term that describes the use of more than one authentication mechanism at the same time.
Q4) In addition to "What users know," "What users have," and "What users are," what did the author add to be able to authenticate a user?
A)"What users should have"
B)"What users should think"
C)"What users can argue they should be"
D)"What users do"
Q5) _______________ is the matching of user-supplied credentials to previously stored credentials on a host machine.
Q6) Telnet traffic is encrypted by default.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Wireless
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/58432
Sample Questions
Q1) Which of the following specifications of 802.11 has the highest speed?
A)g
B)n
C)i
D)s
Q2) NetStumbler is a program that is used to sniff wireless traffic and break WEP keys.
A)True
B)False
Q3) When an attacker uses Bluetooth to copy e-mails,contact lists,or other files on the device,it is called
A)Bluejacking
B)Bluesnarfing
C)Bluebugging
D)Bluehacking
Q4) What is WAP and what are its security implications?
Q5) If unauthorized wireless is set up,it is known as a(n)_______________.
Q6) Discuss 802.11 security issues and possible solutions.
Q7) _______________ is a modulation type that spreads the traffic sent over the entire bandwidth.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Intrusion Detection Systems and Network Security
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58431
Sample Questions
Q1) Deploying,maintaining,and upgrading host-based IDSs in a large network is cheaper than NIDSs.
A)True
B)False
Q2) The model that most modern intrusion detection systems use is largely based upon a model created by Dorothy Denning and Peter Neumann called:
A)Intrusion Detection Interface System (IDIS)
B)Intrusion Response Interdiction system (IRIS)
C)Intrusion Detection Expert System (IDES)
D)Discovery,Haystack,Multics Intrusion Detection and Alerting System (MIDAS)
Q3) Your boss is concerned about employees viewing in appropriate or illegal web sites in the workplace.Which device would be the best at addressing this concern?
A)Antivirus
B)Firewall
C)Protocol analyzer
D)Internet content filter
Q4) What was wrong with the first host-based IDSs?
Q5) List three approaches that antispam software uses to filter out junk e-mail.
Q6) What are the advantages and disadvantages of HIDSs?
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: Baselines
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58430
Sample Questions
Q1) In Solaris,one can use the __________ command to modify the permissions associated with a file or directory.
Q2) On a UNIX system,if a file has the permission r-x rw- ---,what permission does the world have?
A)Read and execute
B)Read and write
C)Read,write,execute
D)No permissions
Q3) What is the first step in addressing issues with passwords?
A)The first step in addressing password issues is to create an effective and manageable password policy that both system administrators and users can work with.
B)The first step in addressing password issues is to find a systematic,alpha-numeric combination and then assign passwords,so that both system administrators and users can tell which department is using what system.
C)The first step in addressing password issues is to see how many passwords are required.
D)The first step in addressing password issues is to see how many accounts can use the same password.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: Types of Attacks and Malicious Software
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/58429
Sample Questions
Q1) TCP/IP hijacking and _______________ are terms used to refer to the process of taking control of an already existing session between a client and a server.
Q2) What is it called when a person registers a domain name,relinquishes it in less than five days,and then gets the same name again,repeating this cycle over and over again?
A)DNS spoofing
B)DNS jacking
C)DNS pilfering
D)DNS kiting
Q3) A _______________ occurs when a program is provided more data for input than it was designed to handle.
Q4) Malicious code that sits dormant until a particular event occurs to release its payload is called what?
A)Trojan
B)Logic bomb
C)Trigger virus
D)Logic worm
Q5) What should be included in a security audit?
Q6) Describe some of the types of attacks that can be launched against a network.
To view all questions and flashcards with answers, click on the resource link above. Page 17
Chapter 16: E-Mail and Instant Messaging
Available Study Resources on Quizplus for this Chatper
47 Verified Questions
47 Flashcards
Source URL: https://quizplus.com/quiz/58428
Sample Questions
Q1) S/MIME is a secure implementation of the MIME protocol.
A)True
B)False
Q2) What is the best way to deal with e-mail hoax?
Q3) Viruses that are scripted to send themselves to other users are known as ______________.
Q4) A worm is a type of virus that ____________.
A)is scripted to send itself to other systems
B)is designed to crawl in under a firewall
C)buries itself between the kernel and the application layer of the operating system
D)is passed through e-mails with a subject heading that has the word "worm" in it
Q5) Which of the following is NOT one of the three primary e-mail protocols?
A)SMTP
B)SNMP
C)P3OP
D)IMAP
Q6) A(n)_______________ is a mail server that will accept mail from everyone.
Q7) Explain some of the problems with PGP.
Page 18
To view all questions and flashcards with answers, click on the resource link above.
Chapter 17: Web Components
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58427
Sample Questions
Q1) _______________ are small chunks of ASCII text passed within an HTTP stream to store data temporarily in a web browser instance.
Q2) TCP Ports 989 and 990 are associated with what application?
A)SSL/TLS 3.0
B)SPOP3
C)SFTP
D)FTPS
Q3) ActiveX refers to
A)A collection of APIs,protocols,and programs developed by Microsoft to automatically download and execute code over the Internet
B)A library of security protocols for Microsoft's Internet Explorer
C)A patch to fix a vulnerability that hackers exploit where the user downloads an MP3 file and the buffers of the sound card are overwritten
D)A method of blocking java scripts that comes from non Microsoft web sites
Q4) Authenticode is used to encrypt program code so that it is more difficult for hackers to reverse engineer it.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above.
19
Chapter 18: Secure Software Development
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58426
Sample Questions
Q1) Which type of attack is used especially against databases?
A)DB manipulation
B)DB injection
C)SQL injection
D)SQL rejection
Q2) Testing is not an essential part of the generation of secure code.
A)True
B)False
Q3) In the secure development lifecycle,how must the specific security needs of software being developed be defined?
A)Coding phase
B)Design phase
C)Requirements phase
D)Testing phase
Q4) Unvalidated input that changes the code functioning in an unintended way is which type of coding error?
A)Canonicalization error
B)Improper output handling
C)Injection
D)Buffer overflow
Page 20
To view all questions and flashcards with answers, click on the resource link above.
Chapter 19: Disaster Recovery, Business Continuity, and Organizational Policies
Available Study Resources on Quizplus for this Chatper
53 Verified Questions
53 Flashcards
Source URL: https://quizplus.com/quiz/58425
Sample Questions
Q1) RAID 5 implements exact copies of disks,with all the data mirrored on another drive.
A)True
B)False
Q2) The disadvantage to full backups is that the restore process is complex.
A)True
B)False
Q3) List at least five types of disasters that can damage or destroy the information of an organization.
Q4) Which of the following is NOT a component of a security policy?
A)Acceptable use policy
B)Separation of duties
C)Need to know
D)Programming language conformity policy
Q5) Which document's main focus is the continued operation of the organization?
A)BIA
B)DRP
C)AUP
D)BCP
Q6) What are the various ways a backup can be conducted and stored?
To view all questions and flashcards with answers, click on the resource link above. Page 21
Chapter 20: Risk Management
Available Study Resources on Quizplus for this Chatper
42 Verified Questions
42 Flashcards
Source URL: https://quizplus.com/quiz/58424
Sample Questions
Q1) A straightforward method for comparing cost estimates with the benefits of a mitigation strategy is called a(n)_______________.
Q2) Which management tool is used for diagramming the interdependencies between project activities,showing the sequence and duration of each activity?
A)Pareto charts
B)Gantt charts
C)Interrelationship digraphs
D)PERT charts
Q3) Which of the following is the formula for single loss expectancy (SLE)?
A)The exposure factor added to the asset
B)The asset multiplied by the exposure factor
C)The asset divided by the annual rate of expectancy
D)The asset multiplied by the exposure factor and divided by the annual rate of expectancy
Q4) Describe the use of risk management tools and principles to manage risk effectively.
Q5) A(n)_______________ is any characteristic of an asset that can be exploited by a threat to cause harm.
Q6) A risk that remains after implementing controls is termed a(n)_______________.
To view all questions and flashcards with answers, click on the resource link above. Page 22
Chapter 21: Change Management
Available Study Resources on Quizplus for this Chatper
35 Verified Questions
35 Flashcards
Source URL: https://quizplus.com/quiz/58423
Sample Questions
Q1) Change management can be applied to every type of software development
EXCEPT:
A)Security patches
B)Source code
C)Web pages
D)Change management should be applied to all types of software development.
Q2) Change management is the process of changing the middle managers in a company during a merger.
A)True
B)False
Q3) What are the concepts of the capability maturity model integration?
Q4) _______________ is the process of controlling changes to items that have been baselined.
Q5) Change management and configuration management are two very different processes.
A)True
B)False
Q6) Configuration status _______________ consists of the procedures for tracking and maintaining data relative to each configuration item in the baseline.
To view all questions and flashcards with answers, click on the resource link above. Page 23
Q7) Upon manager approval,the _______________ moves the executable to the production system.
Chapter 22: Privilege Management
Available Study Resources on Quizplus for this Chatper
39 Verified Questions
39 Flashcards
Source URL: https://quizplus.com/quiz/58422
Sample Questions
Q1) A file or resource owner has the ability to change the permissions on that file or resource.
A)MAC
B)DAC
C)RBAC
D)RBOC
Q2) The lowest level of classified information,which is defined as information that would "damage" national security,is known as "unclassified."
A)True
B)False
Q3) Which of the following is the strongest password?
A)swordfish
B)Supercalifragilisticexpialidocious
C)1Aw3u$iaIiWtww1s1a!
D)P@$$w0rd
Q4) User account passwords can be set up to automatically expire.
A)True
B)False
Q5) What are password and domain password policies?
Q6) What are the different methods of access management (MAC,DAC,RBAC)?
Page 24
To view all questions and flashcards with answers, click on the resource link above.
Chapter 23: Computer Forensics
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58421
Sample Questions
Q1) Which of the following has the least volatile data?
A)CPU storage
B)RAM
C)Hard drive
D)Kernel tables
Q2) What type of evidence is used to aid a jury and may be in the form of a model,experiment,chart,and so on,to indicate that an event occurred?
A)Direct evidence
B)Real evidence
C)Documentary evidence
D)Demonstrative evidence
Q3) Clusters that are marked by the operating system as usable is referred to as which of the following?
A)Free space
B)Slack space
C)Open space
D)Unused space
Q4) To be credible in court proceedings,what are the three standards that evidence must meet?
To view all questions and flashcards with answers, click on the resource link above. Page 25
Chapter 24: Legal Issues and Ethics
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58420
Sample Questions
Q1) What are the laws that govern computer access and trespass?
Q2) What are the laws and regulations regarding the import and export of encryption software?
Q3) The law that regulates unsolicited commercial e-mail is the
A)Computer Fraud and Abuse Act
B)Stored Communications Act
C)CAN-SPAM Act
D)Sarbanes-Oxley Act
Q4) What is the Gramm-Leach-Bliley Act?
A)Implements the principle that a signature,contract,or other record may not be deleted
B)Denies legal effect,validity,or enforceability solely because it is electronic form
C)Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications
D)Makes it a violation of federal law to knowingly use another's identity
E)A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
Q5) What are the laws that govern encryption and digital rights management?
To view all questions and flashcards with answers, click on the resource link above.
Page 26
Chapter 25: Privacy
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58419
Sample Questions
Q1) Which act requires credit agencies to perform timely investigations on inaccuracies reported by consumers?
A)FCRA
B)PCI DSS
C)FACTA
D)GBLA
Q2) A privacy-enhancing technology called cookie cutter does which of the following?
A)Makes copies of your information for safe keeping
B)Makes sure when you connect to sites you use the same appropriate information
C)Prevents the transfer of cookies between browsers and web servers.
D)Is used by server to prevent the use of unnecessary cookies
Q3) Define privacy.
Q4) _______________ is at the top of the list of privacy-enhancing technology (PET)for protecting privacy and anonymity.
Q5) What are the privacy laws as they relate to computer security in various industries?
Q6) VPAA is considered to be the strongest US privacy law by many privacy advocates.
A)True
B)False
Q7) What are some web-related privacy issues?
To view all questions and flashcards with answers, click on the resource link above.