2
Information Security Fundamentals Final Exam Study Guide || || || || || || ||
questions with accurate detailed solutions || || || ||
Which password attack is typically used specifically against password files that contain
|| || || || || || || || || || || ||
cryptographic hashes? - ✔✔Birthday Attacks || || || ||
Brian notices an attack taking place on his network. When he digs deeper, he realizes that
|| || || || || || || || || || || || || || || ||
the attacker has a physical presence on the local network and is forging Media Access
|| || || || || || || || || || || || || || ||
Control (MAC) addresses. Which type of attack is most likely taking place? - ✔✔Address
|| || || || || || || || || || || || || ||
Resolution Protocol (ARP) poisoning || || ||
In which type of attack does the attacker attempt to take over an existing connection
|| || || || || || || || || || || || || || ||
between two systems? - ✔✔Session Hijacking || || || || ||
Which group is the most likely target of a social engineering attack? - ✔✔Receptionists and
|| || || || || || || || || || || || || || ||
administrative assistants ||
What type of malicious software masquerades as legitimate software to entice the user to
|| || || || || || || || || || || || || ||
run it? - ✔✔Trojan
|| || ||
An attacker attempting to break into a facility pulls the fire alarm to distract the security
|| || || || || || || || || || || || || || || ||
guard manning an entry point. Which type of social engineering attack is the attacker using?
|| || || || || || || || || || || || || ||
- ✔✔Urgency
|| ||
Barry discovers that an attacker is running an access point in a building adjacent to his
|| || || || || || || || || || || || || || || ||
company. The access point is broadcasting the security set identifier (SSID) of an open
|| || || || || || || || || || || || || ||
network owned by the coffee shop in his lobby. Which type of attack is likely taking place? -
|| || || || || || || || || || || || || || || || ||
✔✔Evil Twin
|| ||
, 2
Which type of attack against a web application uses a newly discovered vulnerability that is
|| || || || || || || || || || || || || || ||
not patchable? - ✔✔Zero-day attack
|| || || ||
Which control is not designed to combat malware? - ✔✔Firewall
|| || || || || || || || ||
Florian recently purchased a set of domain names that are similar to those of legitimate
|| || || || || || || || || || || || || || ||
websites and used the newly purchased sites to host malware. Which type of attack is
|| || || || || || || || || || || || || || ||
Florian using? - ✔✔Typosquatting
|| || ||
Which formula is typically used to describe the components of information security risks? -
|| || || || || || || || || || || || || ||
✔✔Risk = Threat X Vulnerability|| || || ||
Earl is preparing a risk register for his organization's risk management program. Which data
|| || || || || || || || || || || || || ||
element is LEAST likely to be included in a risk register? - ✔✔Risk survey results
|| || || || || || || || || || || || || ||
Alan is developing a business impact assessment for his organization. He is working with
|| || || || || || || || || || || || || ||
business units to determine the maximum allowable time to recover a particular function.
|| || || || || || || || || || || || ||
What value is Alan determining? - ✔✔Recovery time objective (RTO)
|| || || || || || || || ||
Which one of the following is an example of a direct cost that might result from a business
|| || || || || || || || || || || || || || || || || ||
disruption? - ✔✔Facility Repair || || ||
Tom is the IT manager for an organization that experienced a server failure that affected a
|| || || || || || || || || || || || || || || ||
single business function. What type of plan should guide the organization's recovery effort?
|| || || || || || || || || || || || ||
- ✔✔Business continuity plan (BCP)
|| || || ||
Pick which one of the following is the best example of an authorization control? -
|| || || || || || || || || || || || || || ||
✔✔Access control lists || ||
Information Security Fundamentals Final Exam Study Guide || || || || || || ||
questions with accurate detailed solutions || || || ||
Which password attack is typically used specifically against password files that contain
|| || || || || || || || || || || ||
cryptographic hashes? - ✔✔Birthday Attacks || || || ||
Brian notices an attack taking place on his network. When he digs deeper, he realizes that
|| || || || || || || || || || || || || || || ||
the attacker has a physical presence on the local network and is forging Media Access
|| || || || || || || || || || || || || || ||
Control (MAC) addresses. Which type of attack is most likely taking place? - ✔✔Address
|| || || || || || || || || || || || || ||
Resolution Protocol (ARP) poisoning || || ||
In which type of attack does the attacker attempt to take over an existing connection
|| || || || || || || || || || || || || || ||
between two systems? - ✔✔Session Hijacking || || || || ||
Which group is the most likely target of a social engineering attack? - ✔✔Receptionists and
|| || || || || || || || || || || || || || ||
administrative assistants ||
What type of malicious software masquerades as legitimate software to entice the user to
|| || || || || || || || || || || || || ||
run it? - ✔✔Trojan
|| || ||
An attacker attempting to break into a facility pulls the fire alarm to distract the security
|| || || || || || || || || || || || || || || ||
guard manning an entry point. Which type of social engineering attack is the attacker using?
|| || || || || || || || || || || || || ||
- ✔✔Urgency
|| ||
Barry discovers that an attacker is running an access point in a building adjacent to his
|| || || || || || || || || || || || || || || ||
company. The access point is broadcasting the security set identifier (SSID) of an open
|| || || || || || || || || || || || || ||
network owned by the coffee shop in his lobby. Which type of attack is likely taking place? -
|| || || || || || || || || || || || || || || || ||
✔✔Evil Twin
|| ||
, 2
Which type of attack against a web application uses a newly discovered vulnerability that is
|| || || || || || || || || || || || || || ||
not patchable? - ✔✔Zero-day attack
|| || || ||
Which control is not designed to combat malware? - ✔✔Firewall
|| || || || || || || || ||
Florian recently purchased a set of domain names that are similar to those of legitimate
|| || || || || || || || || || || || || || ||
websites and used the newly purchased sites to host malware. Which type of attack is
|| || || || || || || || || || || || || || ||
Florian using? - ✔✔Typosquatting
|| || ||
Which formula is typically used to describe the components of information security risks? -
|| || || || || || || || || || || || || ||
✔✔Risk = Threat X Vulnerability|| || || ||
Earl is preparing a risk register for his organization's risk management program. Which data
|| || || || || || || || || || || || || ||
element is LEAST likely to be included in a risk register? - ✔✔Risk survey results
|| || || || || || || || || || || || || ||
Alan is developing a business impact assessment for his organization. He is working with
|| || || || || || || || || || || || || ||
business units to determine the maximum allowable time to recover a particular function.
|| || || || || || || || || || || || ||
What value is Alan determining? - ✔✔Recovery time objective (RTO)
|| || || || || || || || ||
Which one of the following is an example of a direct cost that might result from a business
|| || || || || || || || || || || || || || || || || ||
disruption? - ✔✔Facility Repair || || ||
Tom is the IT manager for an organization that experienced a server failure that affected a
|| || || || || || || || || || || || || || || ||
single business function. What type of plan should guide the organization's recovery effort?
|| || || || || || || || || || || || ||
- ✔✔Business continuity plan (BCP)
|| || || ||
Pick which one of the following is the best example of an authorization control? -
|| || || || || || || || || || || || || || ||
✔✔Access control lists || ||
