Information Assuarance Fundamentals November 29, 2023 Contents Results - #1. What term refers to the protection of information systems against unauthorized access, disclosure, disruption, modification, or destruction? Cybersecurity Cybersecurity Encryption Encryption Data integrity Data integrity Network security Network security #2. Which of the following is a common method for ensuring the confidentiality of sensitive information during transmission over the internet? Firewalls Firewalls Virtual Private Network (VPN) Virtual Private Network (VPN) Antivirus software Antivirus software Intrusion Detection System (IDS) Intrusion Detection System (IDS) #3. The process of converting plaintext into ciphertext to secure data is known as: Decryption Decryption Hashing Hashing Encryption Encryption Authentication Authentication #4. What is the primary purpose of a firewall in the context of internet security? Data encryption Data encryption Access control Access control Virus detection Virus detection Network monitoring Network monitoring #5. Two-factor authentication typically involves the combination of: Username and password Username and password Fingerprint and retina scan Fingerprint and retina scan Security question and answer Security question and answer Smart card and PIN Smart card and PIN #6. Which of the following combinations is typically used in Two-Factor Authentication (2FA)? Something you know and something you have Something you know and something you have Something you are and something you possess Something you are and something you possess Something you remember and something you prove Something you remember and something you prove Something you possess and something you inquire Something you possess and something you inquire #7. Which type of malware disguises itself as legitimate software but carries out malicious activities without the user's knowledge? Spyware Spyware Adware Adware Trojan horse Trojan horse Worm Worm #8. In the context of internet security, what does the term "phishing" refer to? Gaining unauthorized access to a system Gaining unauthorized access to a system Intercepting network traffic Intercepting network traffic Sending deceptive emails to trick individuals into revealing sensitive information Sending deceptive emails to trick individuals into revealing sensitive information Modifying data packets during transmission Modifying data packets during transmission #9. The process of verifying the identity of a user, system, or application is called: Authorization Authorization Authentication Authentication Access control Access control Encryption Encryption #10. Which cryptographic algorithm is commonly used for secure communication over the internet, providing confidentiality and integrity? RSA RSA AES AES MD5 MD5 SHA-1 SHA-1 #11. 10. What is the purpose of a Virtual Private Network (VPN) in the context of internet security? a) Securely connect remote users to a private network over the internet a) Securely connect remote users to a private network over the internet b) Block malicious websites b) Block malicious websites c) Encrypt data stored on a local server c) Encrypt data stored on a local server d) Monitor network traffic for anomalies d) Monitor network traffic for anomalies #12. 11. The term "zero-day vulnerability" refers to: a) A software bug that has been exploited for zero days a) A software bug that has been exploited for zero days b) A newly discovered security flaw with no available patch or fix b) A newly discovered security flaw with no available patch or fix c) A type of encryption algorithm c) A type of encryption algorithm d) The first day of a cyber attack d) The first day of a cyber attack #13. 12. What is the primary goal of access control in information security? a) Ensure data confidentiality a) Ensure data confidentiality b) Prevent unauthorized access to systems and resources b) Prevent unauthorized access to systems and resources c) Detect and remove malware c) Detect and remove malware d) Monitor network traffic for suspicious activities d) Monitor network traffic for suspicious activities #14. 13. Which security measure involves encoding information to make it unreadable without the appropriate decryption key? a) Authentication a) Authentication b) Authorization b) Authorization c) Encryption c) Encryption d) Firewall d) Firewall #15. 14. A security token, such as a smart card or hardware token, is an example of: a) Encryption technology a) Encryption technology b) Biometric authentication b) Biometric authentication c) Two-factor authentication c) Two-factor authentication d) Intrusion Detection System (IDS) d) Intrusion Detection System (IDS) #16. 15. What is the purpose of an Intrusion Detection System (IDS) in the context of internet security? a) Encrypt data transmission a) Encrypt data transmission b) Monitor and detect suspicious activities or attacks b) Monitor and detect suspicious activities or attacks c) Control access to network resources c) Control access to network resources d) Filter malicious emails d) Filter malicious emails #17. 16. The process of ensuring that data is not altered or tampered with during transmission or storage is known as: a) Authentication a) Authentication b) Encryption b) Encryption c) Data integrity c) Data integrity d) Access control d) Access control #18. 17. Which of the following is a best practice for password security? a) Use easily guessable passwords a) Use easily guessable passwords b) Share passwords with trusted colleagues b) Share passwords with trusted colleagues c) Use a combination of uppercase and lowercase letters, numbers, and symbols c) Use a combination of uppercase and lowercase letters, numbers, and symbols d) Never change passwords d) Never change passwords #19. 18. What is the primary purpose of a Secure Sockets Layer (SSL) certificate on a website? a) Protect against phishing attacks a) Protect against phishing attacks b) Ensure data integrity during transmission b) Ensure data integrity during transmission c) Encrypt communication between the web server and the user's browser c) Encrypt communication between the web server and the user's browser d) Block malicious software downloads d) Block malicious software downloads #20. 19. The term "denial of service" (DoS) refers to: a) Unauthorized access to a system a) Unauthorized access to a system b) Encrypting data to make it unreadable b) Encrypting data to make it unreadable c) Overloading a system or network to disrupt normal functioning c) Overloading a system or network to disrupt normal functioning d) Intercepting communication between two parties d) Intercepting communication between two parties #21. 20. The concept of "least privilege" in access control involves: a) Providing users with the highest level of access by default a) Providing users with the highest level of access by default b) Granting access to all resources on the network b) Granting access to all resources on the network c) Giving users the minimum level of access necessary for their job roles c) Giving users the minimum level of access necessary for their job roles d) Allowing unrestricted access to sensitive information d) Allowing unrestricted access to sensitive information #22. 21. Which type of malware is designed to spread rapidly across a network, often exploiting software vulnerabilities? a) Adware a) Adware b) Worm b) Worm c) Trojan horse c) Trojan horse d) Ransomware d) Ransomware #23. 22. A biometric authentication method that analyzes the physical characteristics of an individual's face is called: a) Fingerprint recognition a) Fingerprint recognition b) Iris scanning b) Iris scanning c) Facial recognition c) Facial recognition d) Voice authentication d) Voice authentication #24. 23. The process of regularly updating and patching software to address known vulnerabilities is known as: a) Intrusion detection a) Intrusion detection b) Software hardening b) Software hardening c) Vulnerability management c) Vulnerability management d) Network segmentation d) Network segmentation #25. 24. Which of the following is an example of a physical security measure in the context of information assurance? a) Firewalls a) Firewalls b) Biometric authentication b) Biometric authentication c) Security cameras c) Security cameras d) Encryption algorithms d) Encryption algorithms #26. 25. The term "social engineering" refers to: a) Hacking social media accounts a) Hacking social media accounts b) Manipulating individuals to disclose confidential information b) Manipulating individuals to disclose confidential information c) Building social networks for cybersecurity professionals c) Building social networks for cybersecurity professionals d) Enhancing interpersonal skills for cybersecurity jobs d) Enhancing interpersonal skills for cybersecurity jobs #27. 26. The process of backing up data regularly and storing it in a separate location is a strategy for: a) Data integrity a) Data integrity b) Disaster recovery b) Disaster recovery c) Access control c) Access control d) Encryption d) Encryption #28. 27. What is the primary purpose of a proxy server in the context of internet security? a) Encrypt data transmission a) Encrypt data transmission b) Monitor network traffic for anomalies b) Monitor network traffic for anomalies c) Control and filter access to web resources c) Control and filter access to web resources d) Authenticate users d) Authenticate users #29. 28. The concept of "sandboxing" involves: a) Creating a secure area for testing and executing untrusted code a) Creating a secure area for testing and executing untrusted code b) Encrypting sensitive data during transmission b) Encrypting sensitive data during transmission c) Filtering malicious emails c) Filtering malicious emails d) Analyzing network traffic for potential threats d) Analyzing network traffic for potential threats #30. 29. The process of validating the integrity and authenticity of digital messages or documents is achieved through: a) Biometric authentication a) Biometric authentication b) Digital signatures b) Digital signatures c) Two-factor authentication c) Two-factor authentication d) Hashing algorithms d) Hashing algorithms #31. 30. The principle of "security through obscurity" suggests: a) Relying on hidden security measures to protect information a) Relying on hidden security measures to protect information b) Openly sharing security protocols for transparency b) Openly sharing security protocols for transparency c) Avoiding encryption to maintain system simplicity c) Avoiding encryption to maintain system simplicity d) Using easily guessable passwords for accessibility d) Using easily guessable passwords for accessibility Finish