From 247098e4eb7c5231eb4b8b1171c551e10799bed8 Mon Sep 17 00:00:00 2001 From: Thaddeus Thomas Date: Thu, 22 Sep 2022 03:25:19 -0600 Subject: [PATCH] Update cybersecurity-quiz.md (#4418) --- cybersecurity/cybersecurity-quiz.md | 34 ++++++++++++++--------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/cybersecurity/cybersecurity-quiz.md b/cybersecurity/cybersecurity-quiz.md index 988ea9e24e..4387007ea6 100644 --- a/cybersecurity/cybersecurity-quiz.md +++ b/cybersecurity/cybersecurity-quiz.md @@ -187,7 +187,7 @@ A rainbow table attack is a more efficient and effective way of cracking many ha - [x] Mobile Device Management (MDM) - [ ] Data Loss Prevention (DLP) - [ ] Intrusion Detection and Prevention System (IDPS) -- [ ] cloud access security broker (CASB) +- [ ] Cloud Access Security Broker (CASB) #### Q26. How many keys would be necessary to accomodate 100 users in an asymmetric cryptography system? @@ -203,7 +203,7 @@ A rainbow table attack is a more efficient and effective way of cracking many ha - [ ] Federal Information Security Managment Act (FISMA) - [x] Payment Card Industry Data Security Standard (PCI-DSS) - [ ] General Data Protection Regulation (GDPR) -- [ ] International Organization for Standardization and Internation Electronical Commission (ISO/IEC 27018) +- [ ] International Organization for Standardization and International Electrotechnical Commission (ISO/IEC 27018) **Explanation**: The Payment Card Industry Data Security Standard (`PCI DSS`) is the global card industry security standard that is **required of all entities** that store, process, or transmit cardholder data, including financial institutions, online retailers and service providers. @@ -216,7 +216,7 @@ A rainbow table attack is a more efficient and effective way of cracking many ha - [x] common vulnerabilties and exposures - [ ] common vulnerability scoring system -**Explaination**: The Common Vulnerabilities and Exposures (`CVE`) system provides a reference-method for publicly known information-security vulnerabilities and exposures. +**Explanation**: The Common Vulnerabilities and Exposures (`CVE`) system provides a reference-method for publicly known information-security vulnerabilities and exposures. #### Q29. Which type of application can intercept sensative information such as passwoprds on a network segment? @@ -598,10 +598,10 @@ autopsy is for forensic analysis #### Q79. You are implementing a cybersecurity program in your organization and want to use the "de facto standard" cybersecurity framework. Which option would you choose? -- [ ] the ISACA Cypersecurity Framework -- [ ] the COBIT Cypersecurity Framework -- [ ] the ISC2 Cypersecurity Framework -- [x] the NIST Cypersecurity Framework +- [ ] the ISACA Cybersecurity Framework +- [ ] the COBIT Cybersecurity Framework +- [ ] the ISC2 Cybersecurity Framework +- [x] the NIST Cybersecurity Framework #### Q80. In 2014, 4,278 IP addresses of zombie computers were used to flood a business with over one million packets per minute for about one hour. What is this type of attack called? @@ -782,8 +782,8 @@ What is the next step you should take to best fulfill your responsibilities and #### Q102. You are researching probable threats to your company’s internet-facing web applications. Which organization should you reference as an authoritative source for information on web-based attack vectors? - [ ] EC-Council -- [ ] ISACAISACA -- [ ] NISTNIST +- [ ] ISACA +- [ ] NIST - [x] OWASP [Explanation:](https://www.imperva.com/learn/application-security/application-security/) @@ -808,7 +808,7 @@ What is the next step you should take to best fulfill your responsibilities and - [ ] identifying and valuing assets - [ ] analyzing risks by criticality and cost -- [x] discontiniuing activities that introduce risk +- [x] discontinuing activities that introduce risk - [ ] identifying threats and analyzing vulnerabilities #### Q106. In response to an alert regarding a possible security incident, you are analyzing the logs for a web application. In the process, you see the following string: `./../../../var/secrets` What type of attack was most likely attempted against the application? @@ -820,7 +820,7 @@ What is the next step you should take to best fulfill your responsibilities and #### Q107. Which quadrant should be the focus of risk management? -![Which quadrant should be the focus of risk management?](Q107-risk-quadrant.jpg) +- ![Which quadrant should be the focus of risk management?](Q107-risk-quadrant.jpg) - [x] 2 - [ ] 1 @@ -830,22 +830,22 @@ What is the next step you should take to best fulfill your responsibilities and #### Q108. Which option will not actively identify a secuirty incident? - [ ] Extended Detection and Response (XDR) -- [x] Cloud Secuiry Posture Management (CSPM) -- [ ] Secuirty Infromation Event Managment (SEIM) +- [x] Cloud Security Posture Management (CSPM) +- [ ] Security Information Event Management (SEIM) - [ ] Endpoint Detection and Response (EDR) #### Q109. A website is asking for a password and also sending an authentication code to your phone. What factors are used in this multi-factor authentication scenario? -- [ ] what you have and what you do +- [x] what you have and what you do - [ ] what you know and what you are -- [x] what you have and what you know -- [ ] what you do and what you know +- [ ] what you have and what you know +- [x] what you do and what you know [Explanation:](https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp) #### Q110. Which option is a list of publicly dsclosed information security defects? - [ ] DBIR -- [x] CVE +- [ ] CVE - [ ] CWE - [ ] CERT