11-21-24

11-21-24

Assessment

Flashcard

Computers

Vocational training

Hard

Created by

Quizizz Content

FREE Resource

Student preview

quiz-placeholder

19 questions

Show all answers

1.

FLASHCARD QUESTION

Front

What type of vulnerability have you exposed yourself to by using an old laptop that runs on Windows XP and has not been updated for several years?

Back

Unsupported systems and applications

Answer explanation

Unsupported systems and applications are systems or applications that are no longer receiving security updates or patches from their developers. Unsupported systems and applications may have vulnerabilities that can be exploited by attackers to gain unauthorized access or cause harm. Supply chain attacks involve compromising a third-party entity that provides products or services to a target organization, such as vendors, suppliers, or managed service providers. The goal is to use the compromised entity to deliver malware or perform other malicious actions to the target organization. Unsecure networks are networks that do not have adequate security measures, such as encryption, authentication, or firewall, to protect the data transmitted over them. Public Wi-Fi hotspots are examples of unsecure networks that can be intercepted by attackers. Vulnerable software is software that has known or unknown flaws that can be exploited by attackers to gain unauthorized access or cause harm. Outdated software may have unpatched vulnerabilities that can compromise the security of the system or the network.

2.

FLASHCARD QUESTION

Front

Which network attack has MOST likely given the attacker access to the network if a server is using an older encryption protocol? Options: Wireless, Brute force, Downgrade, On-path

Back

Downgrade

Answer explanation

A downgrade attack is a type of cryptographic attack that involves forcing a communication channel to use a weaker encryption algorithm or protocol, making it easier to decrypt or intercept data. A brute force attack is a type of password attack that involves trying all possible combinations of characters until the correct password is found.  A wireless attack is a type of network attack that involves exploiting vulnerabilities or weaknesses in wireless networks or devices, such as encryption, authentication, or configuration. Although there are wireless devices on the network, the scenario doesn't provide evidence that the attacker made use of any wireless vulnerabilities. An on-path attack is a type of network attack that involves intercepting or modifying data in transit between two parties, such as by using a packet sniffer or a proxy server. While an On-path attack could easily be the result of this attack, the question asks about how the attacker gained access to the data, not the type of attack that could have resulted

3.

FLASHCARD QUESTION

Front

During testing of a security architecture, what method ensures the system can quickly switch to a standby system when the primary system doesn't work?

Back

Fail over

Answer explanation

Fail over are meant to keep an organization running after a significant failure. They are meant to be temporary means to prevent complete failure. They are less expensive than a full scale backup plan. They are sort of a like a spare tire for your car. You wouldn’t want to use the spare tire permanently. but it will allow you to get home or to a place where you can buy a new tire or fix the flat one. Parallel processing tests check the the reliability and stability of the backup or secondary system while it's running alongside the primary system. Clustering, while crucial for high availability and load balancing, does not inherently ensure that control can be quickly switched in the event of a system failure. Warm sites have much of the equipment and the set up already at the site.  Devices may be kept updated, but the data will need to be loaded. The warm site isn't a complete standby.

4.

FLASHCARD QUESTION

Front

Which of the following is MOST needed by threat actors to obtain resources such as customized attack tools and skilled personnel? Options: Sophistication, Resources, Capability, Funding

Back

Funding

Answer explanation

Funding provides the financial support that allows threat actors to secure necessary resources. The most formidable threat actor groups often receive monetary backing from entities like nation states or criminal syndicates. Resources are what a threat actor can access or utilize due to funding, but it doesn't signify the monetary backing itself. Sophistication pertains to the complexity of a threat actor's methods, not the financial means that support their operations. While capability highlights a threat actor's skillset, it doesn't denote the financial aspect that empowers them to attain resources.

5.

FLASHCARD QUESTION

Front

In the Zero Trust model, which component focuses on making decisions about who can access what resources based on policies, identity verification, and threat analysis?

Back

Control Plane

Answer explanation

- Within the Zero Trust framework, the Control Plane is responsible for making determinations on access requests. It processes these requests by referencing policies, verifying the identity of requestors, and considering any potential threats. Essentially, it's the brain behind who gets to access what, ensuring security decisions are informed and robust. Implicit trust zones are areas within a network where communication is allowed without exhaustive security checks. While they're a component of Zero Trust, they don't function in decision-making or data transmission in the same way as the Control or Data Planes. While this is a component of Zero Trust, policy-driven access control is a specific strategy that ensures access is given based on clearly defined policies. It's more of a tactic used within the Control Plane, rather than a core component of the framework. The Data Plane manages the transmission of data. It doesn't decide on access rights; rather, it ensures that once access has been granted by the Control Plane, data flows correctly and efficiently to the designated recipient.

6.

FLASHCARD QUESTION

Front

What encryption level is MOST suitable for designing a system to store student records that ensures efficient encryption and decryption processes when querying? Options: Volume encryption, Record-level encryption, Partition encryption, Database encryption

Back

Database encryption

Answer explanation

Technologies like Transparent Data Encryption (TDE) in SQL Server provide the capability to encrypt entire databases. This is ideal for Dion Training, as they can encrypt and decrypt the whole collection of student records efficiently during database operations. While volume encryption secures an entire volume or virtual drive, it may not provide the tailored efficiency needed for database operations. Partition encryption encrypts specific partitions on a disk but isn't tailored for database operations. Record-level encryption encrypts individual records within a database, which might introduce inefficiencies when querying large numbers of records.

7.

FLASHCARD QUESTION

Front

Which term refers to the individual responsible for managing a particular risk, ensuring appropriate mitigation measures are implemented and monitored? Options: Risk register, Risk assessor, Risk indicator, Risk owner

Back

Risk owner

Answer explanation

A risk owner is responsible for identifying, assessing, managing, and mitigating a particular risk, as well as for monitoring the effectiveness of these measures and taking corrective action when necessary. A risk assessor evaluates and analyzes the risks but is not necessarily responsible for managing them. A risk register is a document listing all identified risks, their severity, and mitigation strategies, not the individual managing the risks. A risk indicator is a metric used to measure aspects of risk but does not refer to the individual overseeing the risk management process.

Create a free account and access millions of resources

Create resources
Host any resource
Get auto-graded reports
or continue with
Microsoft
Apple
Others
By signing up, you agree to our Terms of Service & Privacy Policy
Already have an account?