Information Security Fundamentals
Final Exam Study Guide WITH
ANSWERS
Which password attack is typically used specifically
against password files that contain cryptographic hashes?
- CORRECT ANSWERS ✔✔Birthday Attacks
Brian notices an attack taking place on his network. When
he digs deeper, he realizes that the attacker has a
physical presence on the local network and is forging
Media Access Control (MAC) addresses. Which type of
attack is most likely taking place? - CORRECT ANSWERS
✔✔Address Resolution Protocol (ARP) poisoning
In which type of attack does the attacker attempt to take
over an existing connection between two systems? -
CORRECT ANSWERS ✔✔Session Hijacking
Which group is the most likely target of a social
engineering attack? - CORRECT ANSWERS
✔✔Receptionists and administrative assistants
,What type of malicious software masquerades as
legitimate software to entice the user to run it? -
CORRECT ANSWERS ✔✔Trojan
An attacker attempting to break into a facility pulls the
fire alarm to distract the security guard manning an entry
point. Which type of social engineering attack is the
attacker using? - CORRECT ANSWERS ✔✔Urgency
Barry discovers that an attacker is running an access
point in a building adjacent to his company. The access
point is broadcasting the security set identifier (SSID) of
an open network owned by the coffee shop in his lobby.
Which type of attack is likely taking place? - CORRECT
ANSWERS ✔✔Evil Twin
Which type of attack against a web application uses a
newly discovered vulnerability that is not patchable? -
CORRECT ANSWERS ✔✔Zero-day attack
Which control is not designed to combat malware? -
CORRECT ANSWERS ✔✔Firewall
Florian recently purchased a set of domain names that
are similar to those of legitimate websites and used the
newly purchased sites to host malware. Which type of
, attack is Florian using? - CORRECT ANSWERS
✔✔Typosquatting
Which formula is typically used to describe the
components of information security risks? - CORRECT
ANSWERS ✔✔Risk = Threat X Vulnerability
Earl is preparing a risk register for his organization's risk
management program. Which data element is LEAST
likely to be included in a risk register? - CORRECT
ANSWERS ✔✔Risk survey results
Alan is developing a business impact assessment for his
organization. He is working with business units to
determine the maximum allowable time to recover a
particular function. What value is Alan determining? -
CORRECT ANSWERS ✔✔Recovery time objective (RTO)
Which one of the following is an example of a direct cost
that might result from a business disruption? - CORRECT
ANSWERS ✔✔Facility Repair
Tom is the IT manager for an organization that
experienced a server failure that affected a single
business function. What type of plan should guide the
Final Exam Study Guide WITH
ANSWERS
Which password attack is typically used specifically
against password files that contain cryptographic hashes?
- CORRECT ANSWERS ✔✔Birthday Attacks
Brian notices an attack taking place on his network. When
he digs deeper, he realizes that the attacker has a
physical presence on the local network and is forging
Media Access Control (MAC) addresses. Which type of
attack is most likely taking place? - CORRECT ANSWERS
✔✔Address Resolution Protocol (ARP) poisoning
In which type of attack does the attacker attempt to take
over an existing connection between two systems? -
CORRECT ANSWERS ✔✔Session Hijacking
Which group is the most likely target of a social
engineering attack? - CORRECT ANSWERS
✔✔Receptionists and administrative assistants
,What type of malicious software masquerades as
legitimate software to entice the user to run it? -
CORRECT ANSWERS ✔✔Trojan
An attacker attempting to break into a facility pulls the
fire alarm to distract the security guard manning an entry
point. Which type of social engineering attack is the
attacker using? - CORRECT ANSWERS ✔✔Urgency
Barry discovers that an attacker is running an access
point in a building adjacent to his company. The access
point is broadcasting the security set identifier (SSID) of
an open network owned by the coffee shop in his lobby.
Which type of attack is likely taking place? - CORRECT
ANSWERS ✔✔Evil Twin
Which type of attack against a web application uses a
newly discovered vulnerability that is not patchable? -
CORRECT ANSWERS ✔✔Zero-day attack
Which control is not designed to combat malware? -
CORRECT ANSWERS ✔✔Firewall
Florian recently purchased a set of domain names that
are similar to those of legitimate websites and used the
newly purchased sites to host malware. Which type of
, attack is Florian using? - CORRECT ANSWERS
✔✔Typosquatting
Which formula is typically used to describe the
components of information security risks? - CORRECT
ANSWERS ✔✔Risk = Threat X Vulnerability
Earl is preparing a risk register for his organization's risk
management program. Which data element is LEAST
likely to be included in a risk register? - CORRECT
ANSWERS ✔✔Risk survey results
Alan is developing a business impact assessment for his
organization. He is working with business units to
determine the maximum allowable time to recover a
particular function. What value is Alan determining? -
CORRECT ANSWERS ✔✔Recovery time objective (RTO)
Which one of the following is an example of a direct cost
that might result from a business disruption? - CORRECT
ANSWERS ✔✔Facility Repair
Tom is the IT manager for an organization that
experienced a server failure that affected a single
business function. What type of plan should guide the
