Set of flashcards Certified in Cybersecurity (Page 2 of 5)

Flashcards	200
Students	19
Language	English
Category	Computer Science
Level	University
Created / Updated	18.08.2023 / 11.06.2025
Weblink	https://card2brain.ch/box/20230818_certified_in_cybersecurity
Embed	<iframe src="https://card2brain.ch/box/20230818_certified_in_cybersecurity/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>

Which security principle states that a user should only have the necessary permission to execute a task?

Separation of Duties

Defense in Depth

Least Privilege

Privileged Accounts

The principle of Defense in Depth refers to using multiple layers of security. The principle of Least Privilege states that subjects should be given only those privileges required to complete their specific tasks (ISC2 Study Guide Chapter 1, Module 3). Separation of Duties states that no user should ever be given enough privileges to misuse the system. Finally, Privileged Accounts are accounts with permissions beyond those of regular users, such as manager and administrator accounts.

Which of the following is an example of 2FA?

Keys

Passwords

One-Time passwords (OTA)

Badges

Which of the following is less likely to be part of an incident response team?

Legal representatives

Representatives of senior management

Information security professionals

Human Resources

Which access control model can grant access to a given object based on complex rules?

ABAC

RBAC

DAC

MAC

ABAC is an access control model that controls access to objects using rules that are evaluated according to the attributes of the subject, relevant objects, and attributes of the environment and action. The RBAC and MAC models are based on more straightforward and relatively less flexible rule systems, which are evaluated according to subject roles and security classifications. The rules that can be specified in a DAC model are even simpler than those of the previous two models

Which protocol uses a three-way handshake to establish a reliable connection?

SMTP

UDP

SNMP

TCP

TCP uses a three-way handshake to establish a reliable connection by exchanging three packets with theSYN, SYN/ACK, and ACK flags. SMTP uses a two-way handshake. Neither UDP nor SNMP require a handshake phase.

Which of the following attacks take advantage of poor input validation in websites?

Trojans

Cross-Site Scripting

Rootkits

Phishing

Which of these types of user is LESS likely to have a privileged account?

System Administrator

External Worker

Help Desk

Security Analyst

Which devices would be more effective in detecting an intrusion into a network?

HIDS

Firewalls

NIDS

Routers

Network intrusion detection systems (NIDS) are network devices that detect malicious traffic on a network. Host intrusion detection systems (HIDS) are applications that monitor computer systems for intrusion. Typically, HIDS are not concerned with network devices. A firewall is a device that filters incoming Internet traffic. Routers receive and forward traffic, but (typically) do not analyze i

In incident terminology, the meaning of Zero Day is:

Days with a cybersecurity incident

A previously unknown system vulnerability

Days without a cybersecurity incident

Days to solve a previously unknown system vulnerability

Which of the following is a detection control?

Turnstiles

Firewalls

Bollards

Smoke sensors

By definition, smoke detectors are fire protection devices employed for the early detection of fire. Firewalls are devices that filter incoming traffic, and are a type of logical preventive control. Bollards and turnstiles are types of physical preventive controls.

Which type of attack embeds malicious payload inside a reputable or trusted software?

Rootkits

Phishing

Trojans

Cross-Site Scripting

A device found not to comply with the security baseline should be

Marked as potentially vulnerable and placed in a quarantine area

Disabled or separated into a quarantine area until a virus scan can be run

Disabled or isolated into a quarantine area until it can be checked and updated.

Placed in a demilitarized zone (DMZ) until it can be reviewed and updated

The implementation of Security Controls is a form of:

Risk reduction

Risk acceptance

Risk avoidance

Risk transference

Which of the following cloud models allows access to fundamental computer resources? ( )

IaaS

FaaS

SaaS

PaaS

What is an effective way of hardening a system?

Run a vulnerability scan

Patch the system

Create a DMZ for web application services

Have an IDS in place

In which of the following access control models can the creator of an object delegate permission?

MAC

RBAC

ABAC

DAC

In a Discretionary Access control model, the permissions associated with each object (file or data) are set by the owner of the object. In this model, the creator of an object implicitly becomes its owner, and therefore can decide who will have permission over the objects. In the remaining models, access specifications are centrally determined.

The cloud deployment model where a company has resources on-premise and in the cloud is known as:

Hybrid cloud

Multi-tenant

Private cloud

Community cloud

Which of the following is NOT a feature of a cryptographic hash function?

Deterministic

Unique

Useful

Reversible

A cryptographic hash function should be unique, deterministic, useful, tamper-evident (also referred to as 'the avalanche effect' or 'integrity assurance') and non-reversible (also referred to as 'one-way'). Nonreversible means it is impossible to reverse the hash function to derive the original text of a message from its hash output value. Thus, the 'reversible' feature is not a feature of a hash function.

In which of the following phases of an Incident Recovery Plan are incident responses prioritized?

Post-incident Activity

Contentment, Eradication, and Recovery

Detection and Analysis

Preparation

Incident responses are prioritized in the Detection and Analysis phase

Which type of attack attempts to trick the user into revealing personal information by sending a fraudulent message?

Cross-Site Scripting

Phishing

Trojans

Denials of Service

Which are the components of an incident response plan?

Preparation -> Detection and Analysis -> Recovery -> Containment -> Eradication -> Post-Incident Activity

Preparation -> Detection and Analysis -> Eradication -> Recovery -> Containment -> Post-Incident Activity

Preparation -> Detection and Analysis -> Containment -> Eradication -> Post-Incident Activity -> Recovery

Preparation -> Detection and Analysis -> Containment, Eradication and Recovery -> Post-Incident Activity

The components commonly found in an incident response plan are (in this order): Preparation; Detection and Analysis; Containment, Eradication and Recovery; Post-Incident Activity

Logging and monitoring systems are essential to:

Identifying efficient performing systems, detecting compromises, and providing a record of how systems are used

Identifying efficient performing systems, labeling compromises, and providing a record of how systems are used

Identifying inefficient performing systems, preventing compromises, and providing a record of how systems are used

Identifying inefficient performing systems, detecting compromises, and providing a record of how systems are used

logging and monitoring systems are characterized as being "Essential to identifying inefficient performing systems, detecting compromises, and providing a record of how systems are used". The remaining options are incorrect variations of this definition.

Governments can impose financial penalties as a consequence of breaking a:

Standard

Regulation

Policy

Procedure

Standards are created by governing or professional bodies (not by governments themselves). Policies and procedures are created by organizations, and are therefore not subject to financial penalties

Which access control model specifies access to an object based on the subject's role in the organization?

ABAC

RBAC

MAC

DAC

The role-based access control (RBAC) model is well known for governing access to objects based on the roles of individual users within the organization. Mandatory access control is based on security classifications. Attribute-based access control is based on complex attribute rules. In discretionary access control, subjects can grant privileges to other subjects and change some of the security attributes of the objects they have access to.

What does SIEM mean?

Security Information and Enterprise Manager

System Information and Enterprise Manager

Security Information and Event Manager

System Information and Event Manager

The detailed steps to complete tasks supporting departmental or organizational policies are typically documented in:

Standards

Policies

Regulations

Procedures

Policies are high-level documents that frame all ongoing activities of an organization to ensure that it complies with industry standards and regulations. Regulations are usually devised by governments. Standards are created by governing or professional bodies to support regulations. Both regulations and standards are created outside of the organization

Which type of attack attempts to gain information by observing the device's power consumption? ( )

Denials of Service

Side Channels

Cross Site Scripting

Trojans

A side-channel attack is a passive and non-invasive attack aiming to extract information from a running system, by using special-purpose hardware to perform power monitoring, as well as timing and fault analysis attacks. The remaining are software-based attacks.

Which type of attack PRIMARILY aims to make a resource inaccessible to its intended users?

Trojans

Cross-Site Scripting

Denials of Service

Phishing

The address 8be2:4382:8d84:7ce2:ec0f:3908:d29a:903a is an:

IPv4 address

Mac address

Web address

IPv6 address

Which access control is more effective at protecting a door against unauthorized access?

Fences

Locks

Turnstiles

Barriers

The predetermined set of instructions or procedures to sustain business operations after a disaster is commonly known as:
A. Business Impact Plan
B. Business Impact Analysis
C. Business Continuity Plan
D. Disaster Recovery Plan

C

Which of the following areas is connected to PII?
A. Confidentiality
B. Authentication
C. Integrity
D. Non-Repudiation

A

Confidentiality is the most distinctive property of personally identifiable information (see ISC2 study guide, Module 1, under CIA Deep Dive). The remaining options apply to all types of data. All data requires integrity to be usable. Non-repudiation refers to the inability to deny the production, approval, or transmission of information. Authentication refers to the access to information

Which of the following is an example of an administrative security control?
A. Access Control Lists
B. Acceptable Use Policies
C. Badge Readers
D. No entry signs

B

Policies are a type of administrative security controls. An access control list is a type of technical security control. A badge reader and a 'No entry' sign are types of physical security controls

Malicious emails that aim to attack company executives are an example of:
A. Phishing
B. Trojans
C. Rootkits
D. Whaling

D

In which cloud deployment model do companies share resources and infrastructure on the cloud?
A. Private cloud
B. Community cloud
C. Multi-tenant
D. Hybrid cloud

B

The Bell and LaPadula access control model is a form of: ( )
A. RBAC
B. MAC
C. DAC
D. ABAC

B

The Bell and LaPadula access control model arranges subjects and objects into security levels and defines access specifications, whereby subjects can only access objects at certain levels based on their security level. Typical access specifications can be things like "Unclassified personnel cannot read data at confidential levels" or "Top-Secret data cannot be written into the files at unclassified levels"

Which type of key can be used to both encrypt and decrypt the same message?
A. A public key
B. A symmetric key
C. An asymmetric key
D. A private key

B

Which type of attack will most effectively maintain remote access and control over the victim's computer?
A. Phishing
B. Trojans
C. Cross-Site Scripting
D. Rootkits

D

Which of the following is NOT an element of System Security Configuration Management?
A. Baselines
B. Updates
C. Inventory
D. Audit logs

D

System Security Configuration Management elements are inventories, baselines, updates and patches. Audit logs can be generated after 'Verification and Audit'. However, 'Verification and Audit' is a configuration management procedure, and not a configuration management element

If an organization wants to protect itself against tailgating, which of the following types of access control
would be most effective?
A. Locks
B. Turnstiles
C. Barriers
D. Fences

B

A lock is a device that prevents a physical structure (typically a door) from being opened, indicating that only the authorized person (i.e. the person with the key) can open it. A fence or a barrier will prevent ALL access. Turnstiles are physical barriers that can be easily overcome (after all, it is common knowledge that intruders can easily jump over a turnstile when no one is watching).

Certified in Cybersecurity

Create or copy sets of flashcards

Create or copy sets of flashcards

Log in to see all the cards.

SWITCHaai

Office 365

Edulog

Apple ID

Google