Cybersecurity Principles Final
Exam
Course Introduction
Cybersecurity Principles introduces students to the foundational concepts, frameworks, and best practices for securing information systems against evolving digital threats. The course examines core topics such as risk management, threat modeling, cryptography, network security, authentication, and policy development. Students learn to identify vulnerabilities, apply security controls, understand legal and ethical considerations, and analyze contemporary case studies. Emphasizing both technical and managerial perspectives, this course prepares learners to anticipate cybersecurity challenges and design effective defense strategies for diverse organizational contexts.
Recommended Textbook
Principles of Computer Security CompTIA Security+ and Beyond 3rd Edition by Wm. Arthur Conklin
Available Study Resources on Quizplus
25 Chapters
1136 Verified Questions
1136 Flashcards
Source URL: https://quizplus.com/study-set/2933
Page 2
Chapter 1: Introduction and Security Trends
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58443
Sample Questions
Q1) Fifty years ago,few people had access to a computer system or network,so securing them was a relatively easy matter.
A)True
B)False
Answer: True
Q2) One of the hardest threats that the security professional will have to deal with is the elite hacker.
The insider threat is the hardest one to deal with.They already have access to the organization and its assets.
A)True
B)False
Answer: False
Q3) As the level of sophistication of attacks _________,the level of knowledge necessary to exploit vulnerabilities decreased.
Answer: increased
Q4) The second step an administrator can take in minimizing possible avenues of attack is _______________.
Answer: system hardening
To view all questions and flashcards with answers, click on the resource link above.
Page 3
Chapter 2: General Security Concepts
Available Study Resources on Quizplus for this Chatper
65 Verified Questions
65 Flashcards
Source URL: https://quizplus.com/quiz/58442
Sample Questions
Q1) Describe the Bell-LaPadula and Biba security models and the policies they use to protect information.
Answer: The Bell-LaPadula security model employs both mandatory and discretionary access control mechanisms when implementing its two basic security principles.The first of these principles is called the Simple Security Rule,which states that no subject (such as a user or a program)can read information from an object (such as a file)with a security classification higher than that possessed by the subject itself.This means that the system must prevent a user with only a Secret clearance,for example,from reading a document labeled Top Secret.This rule is often referred to as the "no-read-up" rule.The second security principle enforced by the Bell-LaPadula security model is known as the *-property (pronounced "star property").This principle states that a subject can write to an object only if its security classification is less than or equal to the object's security classification.
The Biba security model implements a hybrid of the Ring and Low-Water-Mark policies.Biba's model,in many respects,is the opposite of the Bell-LaPadula model in that what it enforces are "no-read-down" and "no-write-up" policies.It also implements a third rule that prevents subjects from executing higher-level programs.The Biba security model thus addresses the problems mentioned with both the Ring and Low-Water-Mark policies.
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: Operational-Organizational Security
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/58441
Sample Questions
Q1) The greatest danger to networks comes from
A)Foreign hackers
B)Attacks coming across the public switched telephone network
C)Natural disasters
D)Insiders
Answer: D
Q2) Standards are recommendations relating to a policy.
A)True
B)False
Answer: False
Q3) Plan,implement,monitor,and evaluate are the four steps of the _____________
Answer: policy lifecycle
Q4) Locks,sign-in logs,and security guards are examples of A)Access controls.
B)Intrusion detection mechanisms.
C)Authentication methods.
D)Auditing devices.
Answer: A
Q5) _______________ are mandatory elements regarding the implementation of a policy.
Answer: Standards
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: The Role of People in Security
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58440
Sample Questions
Q1) What is a good first step for companies to take to fight potential social engineering attacks?
A)Buy the latest virus protection software and install on the systems
B)Establish policies and procedures dictating the roles and responsibilities all users,as well as security administrators
C)Monitor all phone calls
D)Conduct background checks on all contractors,consultants,delivery persons,and partners that may have access to the facilities
Q2) The process of convincing an authorized individual to provide confidential information or access to an unauthorized individual is known as _______________.
Q3) _______________ is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access.
Q4) One of the most effective tools for foiling the efforts of a social engineering attack is an active security awareness program.
A)True
B)False
Q5) Give an example of a hoax and how it might actually be destructive.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Cryptography
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58439
Sample Questions
Q1) _______________ is the process of analyzing available information in an attempt to return the encrypted message to its original form.
Q2) Cryptography can be used to protect confidentiality and integrity as well be used to implement nonrepudiation,authentication,key escrow,digital signatures,and digital rights management.
A)True
B)False
Q3) A special mathematical function that performs one-way encryption is called
A)Asymmetric encryption
B)Transposition cipher
C)Hashing function
D)Multiple encryption
Q4) The process for protecting intellectual property from unauthorized used is called A)Key escrow
B)Anti-pirating management
C)Digital signatures
D)Digital rights management
Q5) What are some of the uses of cryptographic algorithms?
Q6) What is key management and why is it important?
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Public Key Infrastructure
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/58438
Sample Questions
Q1) What is a certificate authority?
A)An entity that requires proof of identity from the individual requesting a certificate
B)An entity that generates a digitally signed identification certificate
C)A centralized directory in which the registered certificate is stored
D)An entity that generates electronic credentials
Q2) The list of serial numbers of certificates that have been revoked is called the _______________.
Q3) PKI can be used as a measure to trust individuals we do not know.
A)True
B)False
Q4) What are the different fields within a digital certificate?
A)Version number,subject,public key,issuer,serial number,validity,certificate usage,signature algorithm,and extensions
B)Key encipherment,data encipherment,CRL sign,keycert sign,and nonrepudiation
C)End-entity,CA,cross-certification,and policy certification
D)CA identity,individual or party identification,company,and destination
Q5) A digital certificate binds an individual's identity to a public key.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Standards and Protocols
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/58437
Sample Questions
Q1) List and define 5 of the 12 sections detailed by the ISO/IEC 27002 Standard.
Q2) The X.905 standard specifies formats for public key certificates.
A)True
B)False
Q3) What is the ISO 17799?
A)A standard for creating and implementing security policies
B)A standard for international encryption of e-mail
C)A document used to develop physical security for a building
D)A document describing the details of wireless encryption
Q4) What is CMP?
A)This protocol defines the messages and operations required to provide certificate management services
B)An encryption protocol used to verify a key length
C)An application that decrypts encrypted e-mail
D)A common message protocol that is used in e-mail
Q5) SSL provides secure connections for web transfers using encryption.
A)True
B)False
Q6) _______________ provides a method for implementing a key exchange protocol and for negotiating a security policy.
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Physical Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58436
Sample Questions
Q1) A(n)___________ is a token that can enable cryptographic types of authentication.
Q2) Your weight is a biometric.
A)True
B)False
Q3) The best fire extinguisher for petroleum products is a
A)Class A
B)Class B
C)Class C
D)Class D
Q4) Multifactor authentication is all of these,EXCEPT:
A)What you are
B)What you have
C)What you know
D)What you calculate
Q5) Besides physically securing your computers,there is little you can do to prevent drive imaging.
A)True
B)False
Q6) What are the types of fire,and their suppression methods?
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Network Fundamentals
Available Study Resources on Quizplus for this Chatper
55 Verified Questions
55 Flashcards
Source URL: https://quizplus.com/quiz/58435
Sample Questions
Q1) A network can logically appear as one topology,but physically match a different topology.
A)True
B)False
Q2) Remote Packet Delivery (where packets are delivered to a remote location)uses _________ addresses to send packets.
Q3) List three kinds of information contained in an IP packet header.
Q4) NAT translates private (nonroutable)IP addresses into public (routable)IP addresses.
A)True
B)False
Q5) Network components connected to the same cable are often called "the backbone" in which topology?
A)Star
B)Bus
C)Ring
D)Hybrid
Q6) The method of packaging packets so that they can traverse a network in a secure manner is called _______________.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Infrastructure Security
Available Study Resources on Quizplus for this Chatper
42 Verified Questions
42 Flashcards
Source URL: https://quizplus.com/quiz/58434
Sample Questions
Q1) The point of entry from a wireless device to a wired network is performed at a device called a(n)_______________.
Q2) _______ are characterized by the use of a laser to read data stored on a physical device.
A)Authentication rules
B)FTP sites
C)Modems
D)Optical media
Q3) A network traffic management device used to connect different network segments together is called a(n)_______________.
Q4) A virtual private network (VPN)is a construct used to provide
A)Users with their own web space on the network
B)An area of relaxation for employees
C)Secure communication channel between users across public networks such as the Internet
D)A learning area for programming languages
Q5) What are the four common methods for connecting equipment at the physical layer?
Q6) Multiple operating systems can be operated concurrently on the same hardware using _______________.
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Authentication and Remote Access
Available Study Resources on Quizplus for this Chatper
46 Verified Questions
46 Flashcards
Source URL: https://quizplus.com/quiz/58433
Sample Questions
Q1) Your boss wants you to suggest a secure way to connect to the corporate network from home.You will have to connect through the Internet.What is a possible solution?
A)Telnet
B)FTP
C)VPN
D)rsh
Q2) The primary vulnerability associated with many methods of remote access is
A)Weak encryption
B)Too complicated for users to understand
C)The passing of critical data in clear text
D)Incompatibility with firewalls
Q3) L2TP uses
A)UDP port 1701
B)TCP port 1701
C)TCP port 1107
D)TCP port 1217
Q4) _______________ is the granting of specific permissions based on the privileges held by the account.
Q5) What are the three steps of establishing proper privileges?
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Wireless
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/58432
Sample Questions
Q1) The security concern over the so-called WAP gap is when
A)WAP gateways perform translation from one encryption standard to another all messages are seen in plaintext by the WAP gateway.
B)WAP gateways have a significant lag and hold the messages long enough for them to be decrypted by attackers.
C)WAP protocol is susceptible to Gateway Acquisition Pilfering (gap).
D)The encryption fails to translate from one encryption scheme to another.
Q2) Describe the different wireless systems in use today.
Q3) _______________ multiplexes or separates the data to be transmitted into smaller chunks and then transmits the chunks on several sub channels.
Q4) Alert messages in Wireless Transport Layer Security (WTLS)are sometimes sent in plaintext and are not authenticated. A)True B)False
Q5) WEP was not designed with confidentiality in mind. A)True B)False
Q6) Discuss 802.11 security issues and possible solutions.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Intrusion Detection Systems and Network
Security
Available Study Resources on Quizplus for this Chatper
49 Verified Questions
49 Flashcards
Source URL: https://quizplus.com/quiz/58431
Sample Questions
Q1) Deploying,maintaining,and upgrading host-based IDSs in a large network is cheaper than NIDSs.
A)True
B)False
Q2) The NIDS signature database is usually much larger than that of a host-based system.
A)True
B)False
Q3) While NIDS are able to detect activities such as port scans and brute force attacks,it is unable to detect tunneling.
A)True
B)False
Q4) Simple rule sets that are applied to port number and IP addresses are called
A)Network address translation
B)Stateful packet filtering
C)Access control lists
D)Basic packet filtering
Q5) Content-based signatures detect character patterns and TCP flag settings. A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: Baselines
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58430
Sample Questions
Q1) What is the process of establishing a system's security state called?
A)Hardening
B)Baselining
C)Securing
D)Controlling
Q2) Securing an application against local-and internet-based attacks is called
Q3) A _________ is a more formal,large software update that may address several or many software problems.
A)Script
B)Log
C)Hotfix
D)Patch
Q4) Which UNIX command can be used to show the patches that are installed for a specific software package?
A)pkglist
B)pkgparam
C)pkgqury
D)pkgdump
Q5) List three of the new security-specific features of Mac OS X 10.5.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: Types of Attacks and Malicious Software
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/58429
Sample Questions
Q1) An attack that takes advantage of bugs or weaknesses in the software is referred to as what?
A)A brute-force attack
B)Software exploitation
C)A dictionary attack
D)Weakness exploitation
Q2) Targeted attacks are easier and take less time and effort than attacks on targets of opportunity.
A)True
B)False
Q3) SYN flooding is an example of a A)Viral attack
B)Denial of service attack
C)Logic bomb
D)Trojan horse
Q4) A _______________ occurs when a program is provided more data for input than it was designed to handle.
Q5) A(n)_______________ is a connection to a Windows interprocess communications share (IPC$).
Page 17
Q6) What should be included in a security audit?
To view all questions and flashcards with answers, click on the resource link above.
Chapter 16: E-Mail and Instant Messaging
Available Study Resources on Quizplus for this Chatper
47 Verified Questions
47 Flashcards
Source URL: https://quizplus.com/quiz/58428
Sample Questions
Q1) The _______________ was the first list to utilize the concept of using DNS records to filter or "blackhole" spam-sending IP addresses and domains.
Q2) All of the following techniques help to secure IM communications EXCEPT which of the following?
A)Running a corporate IM server
B)Using a different user name
C)Avoiding file transfers
D)Using encryption
Q3) What are two possible solutions to security threats caused by viruses?
Q4) What is a basic description of a Trojan horse?
Q5) _______________ refers to an unsolicited commercial e-mail whose purpose is the same as the junk mails in a physical mailbox;it tries to persuade the recipient buy something.
Q6) A(n)_______________ is a mail server that will accept mail from everyone.
Q7) The two main places to filter spam are ________________.
A)at the host itself and the server
B)the firewall and the LAN
C)the proxy server and the LAN
D)the host and the firewall
Page 18
To view all questions and flashcards with answers, click on the resource link above.
Chapter 17: Web Components
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/58427
Sample Questions
Q1) Authenticode is used to encrypt program code so that it is more difficult for hackers to reverse engineer it.
A)True
B)False
Q2) _______________ are small application programs that increase a browser's ability to handle new data types and new functionality.
Q3) The presence of the keyword "secure" in a cookie indicates that it can only be accessed by the web site that placed it there in the first place.
A)True
B)False
Q4) _______________ is an application-level protocol that operates over a wide range of lower level protocols.
Q5) _______________ are pieces of code that can execute within the browser environment.
Q6) HTTP uses TCP port 8080.
A)True
B)False
Q7) What are some security issues related to web-based applications?
Page 19
To view all questions and flashcards with answers, click on the resource link above.
Chapter 18: Secure Software Development
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58426
Sample Questions
Q1) The _______________ model is characterized by iterative development,where requirements and solutions evolve through an ongoing collaboration of self-organizing cross-functioning teams.
Q2) _______________ is the conversion of a name to its simplest form.
Q3) In the secure development lifecycle,how must the specific security needs of software being developed be defined?
A)Coding phase
B)Design phase
C)Requirements phase
D)Testing phase
Q4) Testing is not an essential part of the generation of secure code.
A)True
B)False
Q5) What are the phases of the software development lifecycle?
Q6) _______________ is the systematic application of a series of malformed inputs to test how the program responds.
Q7) The _______________ is the first step in a software development process model.
Q8) What are the major types of coding errors and their root cause?
To view all questions and flashcards with answers, click on the resource link above. Page 20
Q9) How can secure coding be incorporated into the software development process?
Chapter 19: Disaster Recovery, Business Continuity, and Organizational Policies
Available Study Resources on Quizplus for this Chatper
53 Verified Questions
53 Flashcards
Source URL: https://quizplus.com/quiz/58425
Sample Questions
Q1) A key element in a business continuity plan is the availability of backups.
A)True
B)False
Q2) Which type of RAID spreads data across disks,and also adds parity,meaning that the loss of any single disk in the array will not result in the loss of any data?
A)RAID 0
B)RAID 1
C)RAID 2
D)RAID 5
Q3) If an organization can last without a business function for up to 30 days before it is severely impacted,that function would be categorized as which of the following?
A)Critical
B)Necessary for normal processing
C)Desirable
D)Optional
Q4) List at least five types of disasters that can damage or destroy the information of an organization.
Q5) _______________ increases reliability through the use of redundant hard drives.
To view all questions and flashcards with answers, click on the resource link above. Page 21
Chapter 20: Risk Management
Available Study Resources on Quizplus for this Chatper
42 Verified Questions
42 Flashcards
Source URL: https://quizplus.com/quiz/58424
Sample Questions
Q1) ALE = SLE * ARO
A)True
B)False
Q2) Which of the following is the value for the expected loss of a single asset?
A)SLE
B)ALE
C)SRO
D)ARO
Q3) Residual risk is covered by insurance companies.
A)True
B)False
Q4) How can risk best be described?
A)The possibility of suffering harm or loss
B)The chance that the organization will go bankrupt
C)Something that is dependent on the types of insurance the company buys
D)Something that is dependent on the overall asset value of the company
Q5) An organization can reduce its risks to zero through careful planning and implementation.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 22
Chapter 21: Change Management
Available Study Resources on Quizplus for this Chatper
35 Verified Questions
35 Flashcards
Source URL: https://quizplus.com/quiz/58423
Sample Questions
Q1) _______________ is an important means by which errors and fraudulent or malicious acts can be discouraged and prevented.
Q2) Change management and configuration management are two very different processes.
A)True
B)False
Q3) Network and system administrators use change management to ensure configurations consistently meet security standards.
A)True
B)False
Q4) An organization must choose between using Capability Maturity Model Integration (CMMI)or change management.
A)True
B)False
Q5) Which of the following is the first step in change management?
A)Configuration control
B)Configuration status accounting
C)Configuration identification
D)Configuration audit
Q6) A(n)______________ is used to track changes through the change control board.
To view all questions and flashcards with answers, click on the resource link above. Page 23
Chapter 22: Privilege Management
Available Study Resources on Quizplus for this Chatper
39 Verified Questions
39 Flashcards
Source URL: https://quizplus.com/quiz/58422
Sample Questions
Q1) The lowest level of classified information,which is defined as information that would "damage" national security,is known as "unclassified."
A)True
B)False
Q2) The access control model that most closely resembles an organization's structure.
A)MAC
B)DAC
C)RBAC
D)RBOC
Q3) What are password and domain password policies?
Q4) Under privilege management,a(n)_______________ is a collection of users with some common criteria,such as a need for access to a particular dataset
Q5) A(n)_______________ is the unique alphanumeric identifier used by a user when logging into or accessing a system.
Q6) What are the differences between user,group,and role management?
Q7) What are the different methods of access management (MAC,DAC,RBAC)?
Q8) A user who can do anything on a system is known as a(n)________.
To view all questions and flashcards with answers, click on the resource link above. Page 24
Chapter 23: Computer Forensics
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58421
Sample Questions
Q1) Relevant evidence must be convincing or measure up without question.
A)True
B)False
Q2) To be credible in court proceedings,what are the three standards that evidence must meet?
Q3) Evidence that is convincing or measures up without question is what standard of evidence?
A)Sufficient evidence
B)Competent evidence
C)Relevant evidence
D)Real evidence
Q4) When analyzing computer storage components,the original system should be analyzed.
A)True
B)False
Q5) Evidence offered by the witness that is not based on the personal knowledge of the witness-but is being offered to prove the truth of the matter asserted-falls under the exclusionary rule.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 25
Chapter 24: Legal Issues and Ethics
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58420
Sample Questions
Q1) What is the Convention on Cybercrime?
A)A convention of black hats who trade hacking secrets
B)The first international treaty on crimes committed via the Internet and other computer networks
C)A convention of white hats who trade hacker prevention knowledge
D)A treaty regulating international conventions
Q2) Computer trespass is treated as a crime in many countries.
A)True
B)False
Q3) _____________ is the unauthorized entry into a computer system via any means.
A)Computer trespass
B)Computer entry
C)Computer hacking
D)Cyber crime
Q4) _______________ allows unsolicited commercial e-mail as long as it adheres to three rules of compliance: unsubscribe,content,and sending behavior compliance.
Q5) The _______________ was designed to establish criminal provisions for access to stored electronic records and communications.
Q6) _______________ have the same legal status as written signatures.
To view all questions and flashcards with answers, click on the resource link above. Page 26
Chapter 25: Privacy
Available Study Resources on Quizplus for this Chatper
40 Verified Questions
40 Flashcards
Source URL: https://quizplus.com/quiz/58419
Sample Questions
Q1) Which law mandates that information that is no longer needed must be properly disposed of,either by burning,pulverizing,or shredding?
A)FCRA
B)PCI DSS
C)FACTA
D)GBLA
Q2) A school principle allows for student information to be accessed by a marketing company in exchange for goods and services for the school.The principle may have violated which law?
A)Privacy Act of 1974
B)FOIA
C)FERPA
D)FACTA
Q3) Which law prohibits the collection of information from children on web sites?
A)VPPA
B)FERPA
C)COPPA
D)CFAA
Q4) What are some web-related privacy issues?
Q5) What are some issues associated with technology and privacy?
Page 27
To view all questions and flashcards with answers, click on the resource link above.