Introduction to Cybersecurity Tools & Cyber Attacks Quiz Answers

All Weeks Introduction to Cybersecurity Tools & Cyber Attacks Quiz Answers

Week 01: History of Cybersecurity

Q1. What was shown in the movie War Games that concerned President Reagan?

  • A teenager hacked into a Pentagon computer that was capable of launching nuclear weapons.

Q2. In addition to the movie War Games, what other event made the need for advanced cybersecurity apparent?

  • 9/11

Q3. What were the three (3) main cybersecurity concerns arising from the 9/11 attacks?

  • How did this happen?
  • Could this happen again?
  • Could an attack like this happen in the virtual world too?

Q4. According to a Forbes Magazine study, the annual cost of cybercrime in the United States alone has reached how much?

  • $100B

Q5. Who are Alice, Bob and Trudy?

  • They are fictional characters used to illustrate how cryptography works.

Q6. Which of the following is considered a legitimate challenge to implementing a comprehensive cybersecurity solution?

  • All of the above

Q7. Jeff Crume described five challenges in security today. Which two (2) of these are challenges because their numbers are decreasing?

  • Available time
  • Available analysts

Q8. “A defined way to breach the security of an IT system through a vulnerability” is the definition of which key cybersecurity term?

  • Exploit

Q9. “A situation involving exposure to a danger.” Is the definition of which key cybersecurity term?

  • Risk

Q10. Which aspect of a comprehensive approach to cybersecurity includes these items: evaluate, create teams, establish baselines, identify and model threats, identify use cases, identify risks, establish monitoring and control requirements?

  • Security program

Q11. According to a 2018 report by Domo, over what period of time do the following things occur: 49,380 videos are uploaded to Instagram, 25,000 gifs are sent on Facebook Messenger, 4.2 million videos are viewed on Snapchat and 473,400 tweets are sent on Twitter?

  • Every 1 minute

Q12. In the examples using Bob, Alice and Trudy, what aspect of cybersecurity is being illustrated?

  • The security of communication between Alice and Bob that risks interception by Trudy.

Q13. Alice sends an unencrypted message to Bob but it is intercepted by Trudy. Trudy reads the message but does not in any way interfere with its content or delivery. Which precept of the CIA Triad would have been violated?

  • Confidentiality

Q14. Alice sends an encrypted message to Bob but it is intercepted by Trudy.  Trudy cannot read it so, in anger, she deletes it without allowing its delivery to Bob. Which precept of the CIA Triad would have been violated?

  • Availability

Q15. Alice sends an encrypted message to Bob but it is intercepted by Trudy. Trudy cannot read it but forwards it on to Bob from an anonymous address she controls. Which precept of the CIA Triad would have been violated?

  • Integrity

Q16. A major metropolitan police department gets a warrant from a judge to hack into the computer of a suspected crime boss. A skilled penetration tester working for the department conducts the hack and retrieves incriminating evidence. What color hat does this officer wear?

  • A White Hat

Q17. Which three (3) are resources that are available to help guide penetration testing efforts by cybersecurity specialists?

  • NIST SP 800-42 Guidelines on Network Security Testing.
  • Open Source Security Testing Methodology Manual (OSSTMM).
  • Federal Financial Institutions Examination Council (EFIEC) Information Technology Examination.

Q18. According to the Vulnerability Assessment Methodology, Vulnerabilities are determined by which 2 factors?

  • Potential Impacts and Adaptive Capacity

Week 02: brief overview of types of actors and their motives


Q1. Which hacker organization hacked into the Democratic National Convension and released Hillery Clinton’s emails? 

  • Fancy Bears

Q2. What challenges are expected in the future?

  • All of the above

Q3. Why are cyber attacks using SWIFT so dangerous?

  • SWIFT is the protocol used by all banks to transfer money

Q4. Which statement best describes Authentication?

  • Assurance that the communicating entity is the one claimed

Q5. Trusted functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism?

  • Passive security mechanism

Q6. If an organization responds to an intentional threat, that threat is now classified as what?

  • An attack

Q7. An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack?

  • Advanced Persistent Threat

Q8. Which of three (3) these approaches could be used by hackers as part of a Business Email Compromise attack?

  • CEO Fraud, where CEO sends email to an employee
  • Attorney impersonation
  • Account compromise

Q9. Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives?

  • Black Hats

Q10. A political motivation is often attributed to which type of actor?

  • Hactivist

Q11. The video Hacking organizations called out several countries with active government sponsored hacking operations in effect. Which one of these was among those named?

  • Israel

Q12. Which of these is not a known hacking organization?

  • The Ponemon Institute

Q13. Which type of actor hacked the 2016 US Presidential Elections?

  • Government

Q14. True or False: Passive attacks are easy to detect because the original messages are usually alterned or undelivered.

  • False

Q15. Trusted functionality, security labels, event detection and security audit trails are all considered which?

  • Pervasive security mechanisms

Q16. Cryptography, digital signatures, access controls and routing controls considered which?

  • Specific security mechanisms

Q17. True or False: A tornado threatening a data center can be classified as an attack.

  • False

Q18. Traffic flow analysis is classified as which?

  • A passive attack

Q19. How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files?

  • Worm

Q20. Botnets can be used to orchestrate which form of attack?

  • All of the above

Q21. Policies and training can be classified as which form of threat control?

  • Administrative controls

Q22. Which type of attack can be addressed using a switched Ethernet gateway and software on every host on your network that makes sure their NICs is not running in promiscuous mode.

  • Packet Sniffing

Q23. A flood of maliciously generated packets swamp a receiver’s network interface preventing it from responding to legitimate traffic. This is characteristic of which form of attack?

  • A Denial of Service (DOS) attack

Q24. A person calls you at work and tells you he is a lawyer for your company and that you need to send him specific confidential company documents right away, or else! Assuming the caller is not really a lawyer for your company but a bad actor, what kind of attack is this?

  • A Social Engineering attack

Q25. True or False: An individual hacks into a military computer and uses it to launch an attack on a target he personally dislikes. This is considered an act of cyberwarfare.

  • False

Week 03: Quiz: Key concepts

Q1. Which two (2) key components are part of incident response? (Select 2)

  • Response team
  • Investigation

Q2. Which is not part of the Sans Institutes Audit process?

  • Help to translate the business needs into technical or operational needs.

Q3. Which key concept to understand incident response is defined as “data inventory, helps to understand the current tech status, data classification, data management, we could use automated systems. Understand how you control data retention and backup.”

  • E-Discovery

Q4. Which is not included as part of the IT Governance process?

  • Audits

Q5. Trudy reading Alice’s message to Bob is a violation of which aspect of the CIA Triad?

  • Confidentiality

Q6. A hash is a mathematical algorithm that helps assure which aspect of the CIA Triad?

  • Integrity

Q7. A successful DOS attack against your company’s servers is a violation of which aspect of the CIA Triad?

  • Availability

Q8. Which of these is an example of the concept of non-repudiation?

  • Alice sends a message to Bob and Bob knows for a certainty that it came from Alice and no one else.

Q9. You have been asked to establish access to corporate documents in such a way that they can be read from anywhere, but only modified while the employees are in the office. Which 2 access criteria types were likely involved in setting this up?

  • Physical location
  • Transaction type

Q10. In incident management, an observed change to the normal behavior of a system, environment or process is called what?

  • Event

Q11. In incident management, tools like SIEM, SOA and UBA are part of which key concept?

  • Automated system

Q12. Which phase of the Incident Response Process do steps like Carry out a post incident review and Communicate and build on lessons learned fall into?

  • Follow Up

Q13. In the context of security standards and compliance, which two (2) of these are considered normative and compliance items?

  • They are rules to follow for a specific industry.
  • They serve as an enforcement mechanism for government, industry or clients.

Q14. A company document that details how an employee should request Internet access for her computer would be which of the following?

  • Procedure

Q15. Which of these is a methodology by which to conduct audits?

  • OCTAVE

Q16. Mile 2 CPTE Training teaches you how to do what?

  • Conduct a pentest.

Q17. Which three (3) statements about OWASP are True?

  • OWASP provides guidance and tools to help you address web application vulnerabilities on their Top 10 list.
  • OWASP stands for Open Web Application Security Project
  • OWASP provides tools and guidance for mobile applications.

Week 04: key security tools

Q1. What is the primary function of a firewall?

  • Filter traffic between networks.

Q2. How many unique encryption keys are required for 2 people to exchange a series of messages using symmetric key cryptography?

  • 1

Q3. What are the three (3) types of modern encryption?

  • Symmetric
  • Asymmetric      
  • Hash

Q4. What is Locard’s exchange principle?

  • The perpetrator of a crime will bring something into the crime scene and leave with something from it, and that both can be used as forensic evidence.

Q5. Which two (2) are types of firewall ?

  • Packet-filtering
  • Application-level

Q6. Which type of data does a packet-filtering firewall inspect when it decides whether to forward or drop a packet ?

  • All of the above.

Q7. Which three (3) of the following are limitations of Application gateways?

  • Client software must be “smart” and know to contact the gateway.
  • Each application to be managed needs its own gateway.
  • Application gateways are susceptible to IP spoofing.

Q8. Which type of firewall inspects XML packet payloads for things like executable code, a target IP address that make sense, and a known source IP address ?

  • An XML Gateway.

Q9. Which statement about Stateful firewalls is True ?

  • They have state tables that allow them to compare current packets with previous packets.

Q10. True or False: Most Antivirus/Antimalware software works by comparing a hash of every file encountered on your system against a table of hashs of known viruses and malware previously made by the antivirus/antimalware vendor.

  • True

Q11. Which type of cryptographic attack is characterized by comparing a captured hashed password against a table of many millions of previously hashed words or strings?

  • Rainbow tables

Q12. What are two (2) drawbacks to using symmetric key encryption?

  • The sender and recipient must find a secure way to share the key itself.
  • You need to use a different encryption key with everyone you communicate with, otherwise anyone who has ever received an encrypted message from you could open any message you sent to anyone else using that key.

More related Quiz Answers >>

Course 02: Convolutional Neural Networks in TensorFlow

Course 03: Natural Language Processing in TensorFlow

Course 04: Sequences, Time Series, and Prediction

Share your love

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *