ITN 260 TEST QUESTIONS AND
ANSWERS
Which method of code breaking tries every possible combination of characters in an
attempt to "guess" the password or key? - Answer- Brute force
Which hashing algorithm uses a 160-bit hash value? - Answer- SHA
What are common elements in a typical forensic report? - Answer- A summary of the
forensic investigation and findings
An outline of the forensic process, including tools used and any assumptions that were
made about the tools or process
A series of sections detailing the findings for each device or drive. Accuracy is critical
when findings are shared, and conclusions must be backed up with evidence and
appropriate detail.
Recommendations or conclusions in more detail than the summary included.
When assigning permissions to users, which principle should you adhere to? - Answer-
Least privilege
Define threats, vulnerabilities, and risks. - Answer- Threats are any possible events that
might have an adverse impact on the confidentiality, integrity, and/or availability of
information or information systems.
Vulnerabilities are weaknesses in systems or controls that could be exploited by a
threat.
Risks occur at the intersection of a vulnerability and a threat that might exploit that
vulnerability. A threat without a corresponding vulnerability does not pose a risk, nor
does a vulnerability without a corresponding threat.
What is the formula to calculate the severity of a risk? - Answer- Risk Severity =
Likelihood * Impact
What a script kiddie - Answer- The term script kiddie is a derogatory term for people
who use hacking techniques but have limited skills.
What is threat intelligence - Answer- is the set of activities and resources available to
cybersecurity professionals seeking to learn about changes in the threat environment.
, What control should organizations put in place to ensure that successful ransomware
infections do not incapacitate the company? - Answer- One of the most important
defenses against ransomware is an effective backup system that stores files in a
separate location that will not be impacted if the system or device it backs up is infected
and encrypted by ransomware.
Difference between Trojans and worms - Answer- Trojans require user-interaction, while
worms are self-installed and spread themselves
What are rootkits - Answer- Rootkits are malware that is specifically designed to allow
attackers to access a system through a backdoor.
What term describes the original level of risk that exists before implementing any
controls? - Answer- Inherit risk
What category of information includes any information that uniquely identifies an
individual person, including customers, employees, and third parties - Answer-
Personally identifiable information
Gene recently conducted an assessment and determined that his organization can be
without its main transaction database for a maximum of two hours before unacceptable
damage occurs to the business. What metric has Gene identified - Answer- RTO
Three security control categories - Answer- Technical controls, operational and
managerial
What are specific goals of confidentiality, integrity, and availability - Answer-
Confidentiality ensures that unauthorized individuals are not able to gain access to
sensitive information
Integrity ensures that there are no unauthorized modifications to information or systems,
either intentionally or unintentionally.
Availability ensures that information and systems are ready to meet the needs of
legitimate users at the time those users request them.
Name all security control types. - Answer- Preventive controls, detective controls,
corrective controls, deterrent controls, physical controls, and compensating controls
Name some tools we can use in the process of data obfuscation - Answer- Hashing,
tokenization, and masking
What are the three states where data might exist - Answer- Data at rest, data in motion,
and data in processing
Name some sources you can use when you build your threat research toolkit - Answer-
Vendor security information websites, vulnerability and threat feeds from vendors,
government agencies, private organizations
ANSWERS
Which method of code breaking tries every possible combination of characters in an
attempt to "guess" the password or key? - Answer- Brute force
Which hashing algorithm uses a 160-bit hash value? - Answer- SHA
What are common elements in a typical forensic report? - Answer- A summary of the
forensic investigation and findings
An outline of the forensic process, including tools used and any assumptions that were
made about the tools or process
A series of sections detailing the findings for each device or drive. Accuracy is critical
when findings are shared, and conclusions must be backed up with evidence and
appropriate detail.
Recommendations or conclusions in more detail than the summary included.
When assigning permissions to users, which principle should you adhere to? - Answer-
Least privilege
Define threats, vulnerabilities, and risks. - Answer- Threats are any possible events that
might have an adverse impact on the confidentiality, integrity, and/or availability of
information or information systems.
Vulnerabilities are weaknesses in systems or controls that could be exploited by a
threat.
Risks occur at the intersection of a vulnerability and a threat that might exploit that
vulnerability. A threat without a corresponding vulnerability does not pose a risk, nor
does a vulnerability without a corresponding threat.
What is the formula to calculate the severity of a risk? - Answer- Risk Severity =
Likelihood * Impact
What a script kiddie - Answer- The term script kiddie is a derogatory term for people
who use hacking techniques but have limited skills.
What is threat intelligence - Answer- is the set of activities and resources available to
cybersecurity professionals seeking to learn about changes in the threat environment.
, What control should organizations put in place to ensure that successful ransomware
infections do not incapacitate the company? - Answer- One of the most important
defenses against ransomware is an effective backup system that stores files in a
separate location that will not be impacted if the system or device it backs up is infected
and encrypted by ransomware.
Difference between Trojans and worms - Answer- Trojans require user-interaction, while
worms are self-installed and spread themselves
What are rootkits - Answer- Rootkits are malware that is specifically designed to allow
attackers to access a system through a backdoor.
What term describes the original level of risk that exists before implementing any
controls? - Answer- Inherit risk
What category of information includes any information that uniquely identifies an
individual person, including customers, employees, and third parties - Answer-
Personally identifiable information
Gene recently conducted an assessment and determined that his organization can be
without its main transaction database for a maximum of two hours before unacceptable
damage occurs to the business. What metric has Gene identified - Answer- RTO
Three security control categories - Answer- Technical controls, operational and
managerial
What are specific goals of confidentiality, integrity, and availability - Answer-
Confidentiality ensures that unauthorized individuals are not able to gain access to
sensitive information
Integrity ensures that there are no unauthorized modifications to information or systems,
either intentionally or unintentionally.
Availability ensures that information and systems are ready to meet the needs of
legitimate users at the time those users request them.
Name all security control types. - Answer- Preventive controls, detective controls,
corrective controls, deterrent controls, physical controls, and compensating controls
Name some tools we can use in the process of data obfuscation - Answer- Hashing,
tokenization, and masking
What are the three states where data might exist - Answer- Data at rest, data in motion,
and data in processing
Name some sources you can use when you build your threat research toolkit - Answer-
Vendor security information websites, vulnerability and threat feeds from vendors,
government agencies, private organizations
