CYBER501x Cybersecurity Fundamentals Quiz 1

UNIT 1: Question 1
True or False: Information Security is a subset of cybersecurity.

• True
• False

UNIT 1: Question 2

Indicate the color of "hat" worn by each type of hacker by typing the appropriate letter next to the definition.

W = White, G = Gray, B = Black

Hacks into systems with malicious intent

Hacks into systems, without permission, and requests payment to fix vulnerabilities

Hacks into systems, with permission, to uncover vulnerabilities so they can be fixed




UNIT 1: Question 3

What is always going to be the weakest link of any cybersecurity system?

• Firewalls
• Malware
• Humans
• Encryption

Which type of hacking does not involve any technology?

• DDoS
• Penetration Testing
• Social Engineering
• White Hat Hacking

UNIT 1: Question 5
How do the growth rates of attack sophistication and intruder technical knowledge compare?

• Attack sophistication is growing more quickly
• Intruder technical knowledge is growing more quickly
• They are growing at the same rate
• They are both declining

UNIT 1: Question 6

Why is the MySpace hack still relevant today?

• Existing pages will be defaced
• People reuse passwords
• Credit card information might still be the same

UNIT 1: Question 7

True or False: Cybersecurity involves protecting data while it is in transit, while it is being processed, and when it is at rest.

• True
• False

UNIT 1: Question 8


Which two breaches started when a third-party’s credentials were compromised? (Select two)

• Home Depot
• Chase
• Target
• Houston Astros

UNIT 1: Question 9

The first hack of the Ukraine Power Grid started when an employee:

• Clicked on a link from PayPal
• Opened a Microsoft Word document correct
• Responded to spam
• Got fooled by a phone call and gave out confidential information verbally

UNIT 1: Question 10

If integrity hacks become prevalent, a direct result could be an increase in:

• The amount of malware
• The amount of Internet of Things devices affected
• The amount of time hackers can lurk on a network undetected correct
• The number of ransomware attacks incorrect

If you would like to learn more about the cybersecurity fundamentals and gain more insights than Security for Everyone (S4E) provides excellent services on different areas. With S4E: Education you get to understand different scenarios with quizzes and real-world attack situation.

Windows Server Basics - Quiz

You have finished configuring a server and want to change the server to a Server Core installation. Which PowerShell command should you use?

• Install-WindowsFeature Server-Gui-Shell
• Install-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra
• Uninstall-WindowsFeature Server-Gui-Shell
• Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra

Which three statements are true about migrations?

• Requires you to re-install and configure all of your applications.
• Leaves existing application in place.
• Requires you to migrate your server functions.
• Requires you to migrate your data.
• Leaves existing data in place.

Which three statements about Windows Server 2012 Standard edition and the Windows Server 2012 Datacenter editions are correct?

• Standard and Datacenter have different roles and features to account for different size organizations.
• Both Standard and Datacenter editions support up to 64 physical processor sockets.
• Both support up to 4 TBs of RAM.
• Both Standard and Datacenter edition have the same licensing model.
• Standard supports up to 4TBs of RAM, and Datacenter supports up to 8TBs of RAM.

Which four are valid editions of the Windows Server 2012 operating system?

• Windows Server 2012 Datacenter
• Windows Server 2012 Essentials
• Windows Server 2012 Enterprise
• Windows Server 2012 Foundation
• Windows Server 2012 Standard
• Windows Server 2012 Business

When choosing between the Windows Server 2012 Standard edition and the Windows Server 2012 Datacenter edition what is your most important consideration?

• Number of users.
• Roles and features.
• Server hardware requirements.
• Virtualization needs.

You are working on a server with the Server Core installation option. Which two of the following tools are available?

• Command Prompt
• Internet Explorer
• Server Manager
• File Explorer
• Windows PowerShell

Which installation option is the default for Windows Server 2012.

• Command line
• Server Core correct
• Server Footprint
• Server with a GUI

You have finished installing Windows Server 2012. The server has the Server Core installation. You need to change the name of the computer. Which tool can you use?

• ADAC
• Ipconfig
• SConfig correct
• Server Manager

Which server role enables the storage of information about objects on the network and enables this information to be available to users and network administrators?

• Active Directory Domain Services (AD DS)
• Domain Name Service (DNS)
• Dynamic Host Configuration Protocol (DHCP)
• Windows Update

You have received your Product Key and need to activate your Windows Server license. Which tool can you use?

• Activate.exe
• Install-ProductKey
• Kms.exe
• Slmgr.vbs correct

Windows Server Quiz

Which PowerShell cmdlet can be used to create a new group?

• Add-ADGroup
• Enable-ADGroup
• New-ADGroup
• Set-ADGroup

You are creating a group to distribute email about upcoming company events. Which type of group should you select?

• Distribution group.
• Security group.
• Local group.
• Protected group.

Which of the following group scopes can include any user in the forest with permissions on any object in the forest?

• Domain-local group scope.
• Global group scope.
• Local group scope.
• Universal group scope.

Administrators, Account Operators, and Backup Operators are which type of group scope?

• Domain-local group scope.
• Global group scope.
• Local group scope.
• Universal group scope.

You want to create a folder on a system that allows users to view its contents when they are logged on locally to the system, but that does not allow the same users to view the contents from a mapped drive over the network. Which special identity should you use?

• Authenticated users
• Creator owner
• Interactive
• Network users

You are nesting groups to make it easier to manage resources. You have identified and created user and computer accounts. What is the next step?

• Add the identities to a domain-local group.
• Add the identities to a global group.
• Add the identities to a universal group.
• Assign resources to the identities.

Which of the following is the primary benefit of using nested groups?

• You can reduce the total number of groups.
• You can reduce the total number of permissions assignments.
• You can increase the performance of user sign ins.
• You can increase the performance of Group Policy processing.

You have two domains in your forest. You want to add User1 (in Domain1) to Group2 (in Domain2). Which two types of groups can you use?

• Distribution group.
• Domain local group.
• Local group.
• Global group.
• Universal group.

Which PowerShell cmdlet can you use to add a user to a group?

• Add-ADGroup
• Add-ADGroupMember
• Set-ADGroup
• Set-ADGroupMember

Windows Server - Quiz

Which PowerShell cmdlet can be used to create a new user?

• Enable-ADAccount
• New-ADAccount
• New-ADUser
• Set-ADUser

Which settings can be used to ensure users do not reuse the same password too often?

• Complexity requirements.
• Enforce password history.
• Maximum password age.
• Minimum password age.

Your company has experienced several accounts being repeatively locked out. You suspect that a denial of service (DoS) attack is responsible. Which of the following settings should you use to temporarily halt the attack?

• Set the account lockout duration to 0.
• Set the account lockout threshold to 0.
• Set the account lockout duration to 999.
• Set the account lockout threshold to 999.

Your organization’s administrators need to have stronger passwords than the standard users. Which of the following should you implement?

• Complexity requirements.
• Fine-grained password policies.
• Group policy user controls.
• Password permissions.
• User profile redirection.

Ed Meadows has forgotten his user password, so you have to reset his password. After you have reset his password, which of the following password options should you enable?

• Account is disabled.
• Password never expires.
• User cannot change password.
• User must change password at next logon.

Which of the following AD DS attributes represents a user’s logon name?

• cn
• DisplayName
• Name
• sAMAccountName

What is the reason for configuring a minimum password age?

• To ensure that a new password is unique across the domain.
• To ensure that a new password has time to synchronize with the entire forest before it is changed.
• To prevent users from resetting their password too often.
• To prevent users from resetting their password several times in a row to bypass password history requirements.

Which setting can be used to set the number of failed logon tries that are allowed before a user account is locked out?

• Account lockout duration
• Account lockout threshold
• Complexity requirements
• Reset account lockout counter

Your organization hires a large number of employees for new office. You need to create new user accounts which have a lot of common information like the location. What is the quickest way to ensure that the information is repeated across the user accounts?


You would like use Group Policy to redirect your users Document folders to a network share. What should you configure?

• Folder Redirection.
• Policy Based QoS.
• Preferences.
• Security settings.
• User account settings.

Windows Server Quiz

Windows Server Backup can be configured to perform which two types of backup?

• Backup once
• Backup schedule
• Backup with restore
• Backup without restore

You are using Windows Server Backup and need to back up the AD DS database. Which of the following should you select for backup?

• Bare metal recovery
• Local drive
• System reserved
• System state

You have noticed a domain controller is corrupted and needs to be restored. You have a backup, but you suspect that the problem has been replicated to other domain controllers. Which type of restore should you perform?

• Authoritative restore
• Nonauthoritative restore
• Normal restore
• System Reserved restore

You have enabled the Recycled Bin and want objects to be kept in the Recycle Bin for longer than 180 days. Which setting should you change?

• Deleted object lifetime.
• Domain recycle bin object.
• Recycle bin lifetime.
• Recycled object lifetime.

You have two domains in the forest, Research and Development, that are in constant communication and frequently share resources. You want to improve user logon times between the two domains. Which type of trust should you implement?

• External
• Forest
• Parent-child
• Realm
• Shortcut

By default, which two trust relationships are two-way trusts?

• External
• Forest
• Parent-child
• Realm
• Shortcut
• Tree-root

Which Server Manager snap-in has a Windows PowerShell History area where you can see which PowerShell commands are being used?

• Active Directory Administrative Center
• Active Directory Domains and Trusts
• Active Directory Sites and Services
• Active Directory Users and Computers

Which one of the following accesses the GUI on the remote server and the configuration is performed as if you are sitting in front of that server?

• Remote Desktop
• RSAT
• Remote Assistance
• WinRM

Which of the following provides the ability to manage, configure and run scripts and commands against a remote server regardless of whether a GUI is installed or not.

• Remote Access
• Remote Desktop
• RSAT
• WinRM

BCP and DRP - CISSP Quiz

Q. 1     What is the first step that individuals responsible for the development of a business continuity plan should perform?

• A.    BCP team selection
• B.    Business organization analysis
• C.    Resource requirements analysis
• D.    Legal and regulatory assessment

Q. 2     Once the BCP team is selected, what should be the first item placed on the team’s agenda?

• A.    Business impact assessment
• B.    Business organization analysis
• C.    Resource requirements analysis
• D.    Legal and regulatory assessment

Q. 3     What is the term used to describe the responsibility of a firm’s officers and directors to ensure that adequate measures are in place to minimize the effect of a disaster on the organization’s continued viability?

• A.    Corporate responsibility
• B.    Review and validation of the business organization analysis
• C.    Due diligence
• D.    Going concern responsibility

Q. 4     What will be the major resource consumed by the BCP process during the BCP phase?

• A.    Hardware
• B.    Software
• C.    Processing time
• D.    Personnel

Q. 5     What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the business impact assessment?

• A.    Monetary
• B.    Utility
• C.    Importance
• D.    Time

Q. 6     Which one of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year?

• A.    ARO
• B.    SLE
• C.    ALE
• D.    EF

Q. 7     What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparable harm to the organization?

• A.    SLE
• B.    EF
• C.    MTD
• D.    ARO

Q. 8     You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?

• A.    $3,000,000
• B.    $2,700,000
• C.    $270,000
• D.    $135,000

Q. 9     You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the annualized loss expectancy?

• A.    $3,000,000
• B.    $2,700,000
• C.    $270,000
• D.    $135,000

Q. 10     You are concerned about the risk that a hurricane poses to your corporate headquarters in South Florida. The building itself is valued at $15 million. After consulting with the National Weather Service, you determine that there is a 10 percent likelihood that a hurricane will strike over the course of a year. You hired a team of architects and engineers who determined that the average hurricane would destroy approximately 50 percent of the building. What is the annualized loss expectancy (ALE)?

• A.    $750,000
• B.    $1.5 million
• C.    $7.5 million
• D.    $15 million

Q. 11     Martin recently completed a thorough quantitative risk assessment for his organization. Which one of the following risks is least likely to be adequately addressed by his assessment?

• A.    Downtime from data center flooding
• B.    Cost of recovery from denial of service attack
• C.    Reputational damage from data breach
• D.    Remediation costs from ransomware attack

Q. 12     Which resource should you protect first when designing continuity plan provisions and processes?

• A.    Physical plant
• B.    Infrastructure
• C.    Financial resources
• D.    People

Q. 13     Which one of the following concerns is not suitable for quantitative measurement during the business impact assessment?

• A.    Loss of a plant
• B.    Damage to a vehicle
• C.    Negative publicity
• D.    Power outage

Q. 14     Lighter Than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years. What is the single loss expectancy for this scenario?

• A.    0.01
• B.    $10,000,000
• C.    $100,000
• D.    0.10

Q. 15     Referring to the scenario in question 14, what is the annualized loss expectancy?

• A.    0.01
• B.    $10,000,000
• C.    $100,000
• D.    0.10

Q. 16     In which business continuity planning task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team?

• A.    Strategy development
• B.    Business impact assessment
• C.    Provisions and processes
• D.    Resource prioritization

Q. 17     What type of mitigation provision is utilized when redundant communications links are installed?

• A.    Hardening systems
• B.    Defining systems
• C.    Reducing systems
• D.    Alternative systems

Q. 18     What type of plan addresses the technical controls associated with alternate processing facilities, backups, and fault tolerance?

• A.    Business continuity plan
• B.    Business impact assessment
• C.    Disaster recovery plan
• D.    Vulnerability assessment

Q. 19     What is the formula used to compute the single loss expectancy for a risk scenario?

• A.    SLE = AV × EF
• B.    SLE = RO × EF
• C.    SLE = AV × ARO
• D.    SLE = EF × ARO

Q. 20     Of the individuals listed, who would provide the best endorsement for a business continuity plan’s statement of importance?

• A.    Vice president of business operations
• B.    Chief information officer
• C.    Chief executive officer
• D.    Business continuity manager

CISSP - Personal Security and Risk Management Concepts - Quiz

Q. 1     Which of the following is the weakest element in any security solution?

• A.    Software products
• B.    Internet connections
• C.    Security policies
• D.    Humans

Q. 2     When seeking to hire new employees, what is the first step?

• A.    Create a job description.
• B.    Set position classification.
• C.    Screen candidates.
• D.    Request résumés.

Q. 3     Which of the following is a primary purpose of an exit interview?

• A.    To return the exiting employee’s personal belongings
• B.    To review the nondisclosure agreement
• C.    To evaluate the exiting employee’s performance
• D.    To cancel the exiting employee’s network access accounts

Q. 4     When an employee is to be terminated, which of the following should be done?

• A.    Inform the employee a few hours before they are officially terminated.
• B.    Disable the employee’s network access just as they are informed of the termination.
• C.    Send out a broadcast email informing everyone that a specific employee is to be terminated.
• D.    Wait until you and the employee are the only people remaining in the building before announcing the termination.

Q. 5     If an organization contracts with outside entities to provide key business functions or services, such as account or technical support, what is the process called that is used to ensure that these entities support sufficient security?

• A.    Asset identification
• B.    Third-party governance
• C.    Exit interview
• D.    Qualitative analysis

Q. 6     A portion of the ______________ is the logical and practical investigation of business processes and organizational policies. This process/policy review ensures that the stated and implemented business tasks, systems, and methodologies are practical, efficient, and cost-effective, but most of all (at least in relation to security governance) that they support security through the reduction of vulnerabilities and the avoidance, reduction, or mitigation of risk.

• A.    Hybrid assessment
• B.    Risk aversion process
• C.    Countermeasure selection
• D.    Documentation review

Q. 7     Which of the following statements is not true?

• A.    IT security can provide protection only against logical or technical attacks.
• B.    The process by which the goals of risk management are achieved is known as risk analysis.
• C.    Risks to an IT infrastructure are all computer based.
• D.    An asset is anything used in a business process or task.

Q. 8     Which of the following is not an element of the risk analysis process?

• A.    Analyzing an environment for risks
• B.    Creating a cost/benefit report for safeguards to present to upper management
• C.    Selecting appropriate safeguards and implementing them
• D.    Evaluating each threat event as to its likelihood of occurring and cost of the resulting damage

Q. 9     Which of the following would generally not be considered an asset in a risk analysis?

• A.    A development process
• B.    An IT infrastructure
• C.    A proprietary system resource
• D.    Users’ personal files

Q. 10     Which of the following represents accidental or intentional exploitations of vulnerabilities?

• A.    Threat events
• B.    Risks
• C.    Threat agents
• D.    Vulnerabilities

Q. 11     When a safeguard or a countermeasure is not present or is not sufficient, what remains?

• A.    Vulnerability
• B.    Exposure
• C.    Risk
• D.    Penetration

Q. 12     Which of the following is not a valid definition for risk?

• A.    An assessment of probability, possibility, or chance
• B.    Anything that removes a vulnerability or protects against one or more specific threats
• C.    Risk = threat * vulnerability
• D.    Every instance of exposure

Q. 13     When evaluating safeguards, what is the rule that should be followed in most cases?

• A.    The expected annual cost of asset loss should not exceed the annual costs of safeguards.
• B.    The annual costs of safeguards should equal the value of the asset.
• C.    The annual costs of safeguards should not exceed the expected annual cost of asset loss.
• D.    The annual costs of safeguards should not exceed 10 percent of the security budget.

Q. 14     How is single loss expectancy (SLE) calculated?

• A.    Threat + vulnerability
• B.    Asset value ($) * exposure factor
• C.    Annualized rate of occurrence * vulnerability
• D.    Annualized rate of occurrence * asset value * exposure factor

Q. 15     How is the value of a safeguard to a company calculated?

• A.    ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard
• B.    ALE before safeguard * ARO of safeguard
• C.    ALE after implementing safeguard + annual cost of safeguard - controls gap
• D.    Total risk - controls gap

Q. 16     What security control is directly focused on preventing collusion?

• A.    Principle of least privilege
• B.    Job descriptions
• C.    Separation of duties
• D.    Qualitative risk analysis

Q. 17     What process or event is typically hosted by an organization and is targeted to groups of employees with similar job functions?

• A.    Education
• B.    Awareness
• C.    Training
• D.    Termination

Q. 18     Which of the following is not specifically or directly related to managing the security function of an organization?

• A.    Worker job satisfaction
• B.    Metrics
• C.    Information security strategies
• D.    Budget

Q. 19     While performing a risk analysis, you identify a threat of fire and a vulnerability because there are no fire extinguishers. Based on this information, which of the following is a possible risk?

• A.    Virus infection
• B.    Damage to equipment
• C.    System malfunction
• D.    Unauthorized access to confidential information

Q. 20     You’ve performed a basic quantitative risk analysis on a specific threat/vulnerability/risk relation. You select a possible countermeasure. When performing the calculations again, which of the following factors will change?

• A.    Exposure factor
• B.    Single loss expectancy
• C.    Asset value
• D.    Annualized rate of occurrence

Windows Server: Physical Components - Quiz

When you are promoting a server to a domain controller which three options are available?

• Add the domain controller to an existing domain
• Add a new domain to an existing forest
• Add a new forest
• Promote the server and convert to the Server Core installation
• Promote the server as the PDC Emulator

You have several domains in your forest. You need to speed up Exchange Server email recipient searches across the domain. Which capability should you consider implementing or expanding?

• Active Directory Domain Services
• Domain Naming Service
• Dynamic Host Configuration Protocol (DHCP)
• Global Catalog
• SQL Server database

The most common use for a Read-Only Domain Controller is providing authentication for a branch office. What are some reasons why it might be better to install an RODC, rather than a regular domain controller, in a branch office?

Show Answer

• Security. A site where there is not a physically secure facility to install the server, and there is few, if any, local IT staff to support and monitor the server.
• Users and Services. You would like users to be provided services and authentication locally, rather than have to contact a domain controller in the data center over the WAN.
• Network Latency. Users typically connect to multiple services during a workday. So, service ticket activity happens regularly. Authentication and service ticket activity over a WAN link between a branch office and a hub site can result in slow or unreliable performance.

The ______________ uniquely locates AD DS objects in the schema. For example, CN=Ed Meadows,OU=Managers,DC=Adatum,DC=com.

• Account Name
• Distinguished Name
• Object ID
• Schema ID

Which of the following files represents the AD DS database file?

• Edb.chk
• Edbres00001.jrs
• Ntds.dit
• Temp.edb

You are preparing to move the AD DS database to a dedicated volume. What should you do first?

• Change the permissions on the file.
• Copy the file to the new location.
• Flush the transaction logs.
• Stop the NTDS service.

You need to perform an offline defragmentation of your AD DS database. Which tool should you use?

• AdsiEdit.msc
• Defrag.exe
• Ldp.exe
• NtdsUtil.exe

Which of the following can be used to view objects in the Active Directory database?

• ADSIEdit
• View-ADDSSchema
• NTDSUtil
• Server Manager

Python - REST, JSON, and APIs - Quiz

Question 1

1
point

1. Question 1

Who is credited with the REST approach to web services?

Daphne Koller

Bjarne Stroustrup

Leonard Klienrock

Vint Cerf

Roy Fielding

Question 2

1
point

2. Question 2

What Python library do you have to import to parse and handle JSON?

ElementTree

BeautifulSoup

import re

import json

Question 3

1
point

3. Question 3

Which of the following is a web services approach used by the Twitter API?

SOAP

REST

XML-RPC

CORBA

Question 4

1
point

4. Question 4

What kind of variable will you get in Python when the following JSON is parsed:

1

2

3

4







{ "id" : "001",



"x" : "2",



"name" : "Chuck"



}

A list with six items

A list of tuples

A dictionary with three key / value pairs

A tuple with three items

A list with three items

Question 5

1
point

5. Question 5

Which of the following is not true about the service-oriented approach?

An application makes use of the services provided by other applications

Web services and APIs are used to transfer data between applications

Standards are developed where many pairs of applications must work together

An application runs together all in one place

Question 6

1
point

6. Question 6

Which of these two web service approaches is preferred in most modern service-oriented applications?

REST - Representational state transfer

SOAP - Simple Object Access Protocol

Question 7

1
point

7. Question 7

What library call do you make to append properly encoded parameters to the end of a URL like the following:

1







http://maps.googleapis.com/maps/api/geocode/json?sensor=false&address=Ann

+Arbor%2C+MI

re.encode()

urllib.parse.urlencode()

re.match()

urllib.urlcat()

Question 8

1
point

8. Question 8

What happens when you exceed the Google geocoding API rate limit?

Your application starts to perform very slowly

You canot use the API until you respond to an email that contains a survey question

You cannot use the API for 24 hours

The API starts to perform very slowly

Question 9

1
point

9. Question 9

What protocol does Twitter use to protect its API?

Java Web Tokens

OAuth

SOAP

SHA1-MD5

PKI-HMAC

WS*Security

Question 10

1
point

10. Question 10

What header does Twitter use to tell you how many more API requests you can make before you will be rate limited?

x-max-requests

content-type

x-request-count-down

x-rate-limit-remaining