Which of the following best describes the primary motivation of organized crime groups according to the FBI?

Threatening the financial services sector and expanding attacks

Disrupting critical infrastructure

Pilfering intellectual property

Influencing geopolitical policies

State sponsors, as identified by the FBI, are primarily interested in:

Pilfering intellectual property

Disrupting critical infrastructure

Stealing research and development data

Financial gain through online fraud

What is the main goal of terrorist groups as threat actors?

Disrupting or damaging critical infrastructure to harm a country’s way of life

Pilfering government secrets for economic advantage

Which of the following are effective countermeasures against password attacks?

Implement complex password policies

Require users to change passwords regularly

Employ account lockout policies

Avoid using password-cracking tools

Which of the following statements about port scans and service discovery are true? (Select all that apply)

Port scans identify all open or listening ports on a system.

Discovering running services helps attackers find potential vulnerabilities.

Proper security patches can mitigate most vulnerabilities found via port scans.

Closing unnecessary ports is recommended to reduce attack surfaces.

It is safe to leave all ports open as long as the system has a firewall.

Why is securing administrative access to a router important?

To prevent unauthorized access and configuration changes

To allow all users to configure the router freely

Which of the following tools or features can be used to secure administrative access to a router?

Cisco IOS resilient configuration feature

Which of the following statements is true about privilege levels in Cisco IOS?

Privilege levels range from 0 to 15 and determine command access.

Privilege level 1 corresponds to privileged mode (router#).

Privilege levels can only be assigned on IOS devices, not on Cisco ASA.

All privilege levels are automatically created and cannot be modified.

What do STP attacks primarily target?

The loop-free switching topology created by switches

Bridge Protocol Data Units (BPDUs) are used by switches to:

Identify which switch ports are forwarding or blocking

Establish new loop-free topologies when network changes occur

What is the primary purpose of the Address Resolution Protocol (ARP)?

To resolve IP addresses to MAC addresses for local network communication

To translate MAC addresses into IP addresses

To encrypt data packets on the network

To route packets between different networks

Which of the following statements about ARP poisoning attacks are true? (Select all that apply)

ARP poisoning exploits the normal process of learning MAC addresses from IP addresses.

ARP operates at layer 2 of the OSI model.

ARP poisoning attacks involve sending fake ARP messages to associate a wrong MAC address with an IP address.

ARP operates at layer 3 but its information is used at layer 2.

What is the main goal of a MAC spoofing attack?

To make the attacker’s device appear as another device to receive traffic or bypass access controls

To change IP addresses dynamically

Which of the following are true about MAC spoofing attacks?

They involve changing the attacker’s MAC address to impersonate another device.

They exploit the MAC address table in network switches.

The MAC address table is updated based on frames sent and received by the switch.

They primarily target IP address routing.

What is the primary goal of a VLAN hopping attack?

To receive traffic from a VLAN that the attacker’s port is not a member of

To gain access to multiple switch ports

To shut down trunk ports between switches

What is the main purpose of implementing DHCP snooping?

To block DHCP messages from rogue DHCP servers

To assign static IP addresses to all hosts

To prioritize DHCP traffic over other types of traffic

To encrypt all DHCP communication

Which of the following are functions of DHCP snooping?

Filtering DHCP messages sent by unauthorized DHCP servers

Creating a binding database that maps MAC addresses to IP addresses

Ensuring that hosts only receive IP addresses from the legitimate DHCP server

Preventing MAC spoofing on the network

What happens when hosts are segregated into VLANs?

They are placed into separate IP subnets

They all share the same IP subnet

They lose access to DHCP services

They are no longer able to communicate with routers

Why might service providers find separate VLANs for each customer problematic?

It requires a large number of interfaces on provider devices

It increases the complexity of managing network address space

It can lead to wasted IP address space

It reduces the need for IP address planning

It simplifies the configuration of ACLs

Which of the following is a challenge related to maintaining security when using multiple VLANs for different customers?

Managing multiple Access Control Lists (ACLs)

Managing VLANs without any configuration

Reducing the size of MAC address tables

Ensuring IPv6 routing is disabled

What is the primary purpose of implementing Private VLANs (PVLANs)?

To provide separation within a VLAN at Layer 2 while keeping all members in the same subnet

To separate VLANs across multiple subnets

To route traffic between different VLANs without a router

Which of the following are true about promiscuous ports in a Private VLAN?

They can communicate with any other type of port

They are typically used for router or firewall connections

They can only communicate with community ports

They are used to isolate hosts from one another

Which of the following correctly describes community ports in a Private VLAN?

They can communicate with other community ports in the same group

They can communicate with promiscuous ports

They can communicate directly with isolated ports

They cannot communicate with any other ports

What is the key difference between in-band and out-of-band management connections?

In-band uses the network for transmission, while out-of-band does not

In-band uses physical ports while out-of-band uses virtual connections

Out-of-band management is less secure than in-band management

Out-of-band connections require SNMP to function

What is the primary purpose of the 802.1X standard?

To enable centralized port-based authentication for network access

To assign IP addresses to clients

To provide encryption between two endpoints

In the 802.1X authentication process, what is the role of the supplicant?

It is the user or device requesting network access

It grants or denies access to the network

It serves as a centralized authentication database

It filters traffic based on IP addresses

What is IPsec primarily used for?

Providing a framework for secure communication over IP networks

Assigning IP addresses to hosts

Routing between different subnets

Which of the following are true about IPsec? (Select all that apply)

IPsec is both a protocol and a framework

IPsec allows flexible choices for encryption, hashing, and authentication

IPsec provides different security services depending on the configuration

IPsec requires the use of a specific encryption algorithm

IPsec can only be used in IPv4 networks

Which statement best describes the flexibility of the IPsec framework?

IPsec allows the selection of different encryption, hashing, and authentication options

IPsec has one fixed set of security algorithms

IPsec limits users to only SHA-256 for hashing

IPsec can only be used with digital certificates

Which tool is used to implement a basic clientless SSL VPN on Cisco devices?

ASDM (Adaptive Security Device Manager)

Cisco AnyConnect Secure Mobility Client

What is the main difference between a clientless SSL VPN and an AnyConnect SSL VPN?

AnyConnect SSL VPN requires installation of software on the client, while clientless does not

Clientless SSL VPN requires installation of software on the client

Clientless SSL VPN is only for site-to-site connections

AnyConnect SSL VPN uses preshared keys exclusively

Which of the following is a key feature of site-to-site VPNs?

They use IPsec with preshared key authentication to connect two networks securely

They connect remote users directly to the internal network

They do not require VPN tunnels

They are managed only via client software

What is the "golden rule" regarding the application of patches?

Apply patches as soon as they become available

Delay patches until they are thoroughly tested for months

Only apply patches after a vulnerability is exploited

Ignore patches unless they improve system performance

Why should patches be applied immediately after release?

Because cybercriminals might already know about the vulnerability and exploit it

Because patches increase hardware speed

Because patches delete old data

Because patching is optional and only for cosmetic fixes

Application of IT Security

Authored by 25B30 Instructors

Professional Development

Used 7+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which of the following are examples of assets in an organization?

Buildings

Data

Attackers

Recipes

Vulnerabilities

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which of the following statements about vulnerabilities are true? (Select all that apply)

Vulnerabilities are weaknesses or absences of countermeasures.

Vulnerabilities can be found in personnel.

Unrestricted access to a folder on a computer is an example of a vulnerability.

Vulnerabilities always lead to immediate threats.

Vulnerability assessments are used to identify vulnerabilities.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Regarding threats and threat agents, which statements are correct? (Select all that apply)

A threat happens only when a vulnerability is exploited.

A threat agent can be an attacker who exploits a vulnerability.

Not all threat agents will exploit vulnerabilities.

A threat agent is the same as a vulnerability.

Threat agents carry out threats but cannot discover vulnerabilities.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

According to NIST SP 800-30, which of the following are common information-gathering techniques used in risk analysis?

Automated risk assessment tools

Interviews

Social media monitoring

Questionnaires

Policy document reviews

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Multiple sources should be used to determine the risks to a single asset during risk analysis.

True

False

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What two factors combine to determine risk in the risk management process?

Threat and asset value

Likelihood and impact

Vulnerability and threat agent

Asset value and vulnerability

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Hackers typically hack for which of the following reasons?

Financial gain

Disruption

Geopolitical change

Notoriety

Environmental protection

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

ppg 2023 C

Quiz

•

Professional Development

45 questions

SAFe for teams

Quiz

•

Professional Development

50 questions

SELASAR W1 SEPT 2024

Quiz

•

Professional Development

50 questions

ECG Make Up

Quiz

•

Professional Development

54 questions

Una classe inclusiva

Quiz

•

Professional Development

49 questions

Health and Safety In Construction

Quiz

•

Professional Development

48 questions

Sharepoint Administration Revision

Quiz

•

Professional Development

50 questions

Customer Orientation (MSIB)

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Professional Development

44 questions

Would you rather...

Quiz

•

Professional Development