Question

1. A situation that involves exposure to some type of danger is known as which of the following? a. vector b. risk c. threat d. asset 2. Addressing a risk by making it less serious is known as which of the following? a. acceptance b. transference c. avoidance d. mitigation 3. Which term best describes a computer program that lies dormant until it is triggered by a specific logical event, such as a certain date reached on the system calendar? a. keylogger b. logic bomb c. rootkit d. backdoor 4. Which social engineering approach involves a user masquerading as a real or fictitious character and then plays out the role of that person on a victim? a. phishing b. spam c. impersonation d. watering hole attacks 5. The process of proving that a user performed an action, such as sending an email message, is known as which of the following? a. steganography b. obfuscation c. availability d. non-repudiation 6. Which cryptography algorithm was approved by the NIST in late 2000 as a replacement for DES? a. RC1 b. AES c. IDEA d. Blowfish 7. Which type of DoS attack uses publicly accessible and open DNS servers to flood a system with DNS response traffic? a. SYN flood attack b. DNS amplification attack c. IP spoofing d. smurf attack 8. In which type of attack does the threat actor take advantage of web applications that accept user input without validating it before presenting it back to the user? a. SQL injection b. DNS poisoning c. cross-site scripting (XSS) d. man-in-the-middle (MITM) 9. A means of managing and presenting computer resources by function without regard to their physical layout or location is known as which of the following? a. cloud computing b. on-premises c. virtualization d. software as a service 10. Which of the following is not a password setting in Microsoft Windows group policy? a. Password length b. Password History c. Password alias d. Password complexity e. Password encryption.

Answer 1

1) A situation that involves exposure to some type of danger is known as

  b.Risk

explanation:

-Threat provides an unwanted impact on the computer application or system by a negative action.

-Vector is a gateway or a path which is used by the hacker to access the target application or system.

-Asset refers to the component,data,device which supports information related activities.

2) Addressing a risk by making it less serious is known as

d.Mitigation

  explanation:

-acceptance,avoidance,transference are the risk mitigating strategies.

3) The term best describes a computer program that lies dormant until it is triggered by a specific logical event,such as a certain date reached on the system calendar is

  b.Logic Bomb

  explanation:

- are used for which is meant for creating records of everything that you typed in a mobile keyboard or computer keyboard.

-Rootkit constitutes a collection of computer software which allows someone to control and maintain command over a computer without the computer owner or user knowing about it.

-Backdoor is a method which give access to unauthorized user and authorized user on a computer application,system and network.

4) The social engineering approach where a user masquerades as a real fictitious character and then plays out the role of that person on a victim is known as

  c.Impersonation

   explanation:

-watering hole attack is a method of compromising specific end users in a particular industry through famous websites.

-phishing is a social engineering attack which is used to stael user's data which include login credentials and credit card numbers.

-spam is a huge waste of time resources which consists of unwanted digital communication or mails that sent out in a bulk manner.

5) The process of proving that a user performed an action,such as sending an e-mail message is known as

d.Non-repudiation

  explanation:

- is a technique or art of science which is used to hide information by embedding messages within other, mainly harmless messages.

-obfuscation is the action or practice of making something difficult to understand or unintelligible.

-availability is ability of accessing information or resources in the correct format at a specified location.

6) The cryptographic algorithm which was approved by in late 2000 as replacement of DES is

  b.AES (Advanced Encryption Standard)

  explanation:

- (Release Candidate 1) which is considered fir a general release.

-IDEA (International Data Encryption Algorithm) which is asymmetric key block cipher that is very secure and very publicly known algorithm.

-Blowfish is a symmetric block cipher that can be used as drop-in replacement for IDEA or DES algorithms.

7) The type of attack uses publicly accessible and open DNS servers to flood a system with DNS response traffic is

  b.DNS amplification attack

  explanation:

-SYN flood attack is denial-of-service ()attack which targets any system connected to the Internet and providing TCP(Transmission Control Protocol )services that includes file server,web server,email server.

- IP Spoofing is the process of creating of Internet Protocol packets with a false source of IP address for impersonating other computer system .

-smurf attack is a distributed attack which causes packet flood on the victim by abusing protocol.

8) The attack in  which the threat actor takes advantage of web applications that accept user input without validating it before presenting it back to the user is

  c.Cross-site scripting()

explanation:

-SQL injection is a code injection technique which may destroy your database.

-DNS poisoning is an attack which is used to redirect online traffic to a fraud website which resembles its destination.

-Man -in-the-middle attack() is a cyber attack where the attacker secretly alters the communication between two parties to believe that they are communicating with each other.

9) The technology which means of managing and presenting computer resources by function without regard to their physical layout or location is known as

  c.Virtualization

explanation:

-cloud computing is the delivery of different services through internet,data storage,networking,software and servers.

-on-premises is a network or software installed with in the organization which can only be accessed by the authorized employees.

-Software as a service (SaaS) is method of software licensing on subscription basis which is centrally hosted.

10) The password setting not included in the Microsoft Windows group policy is

c.Password alias

  explanation:

-password length,password history,password complexity,password encryption are all the things included in the password setting of Microsoft Windows Group Policy.