Protect Your Clients - A Practical Guide to Cybersecurity
(Oregon) Exam with complete solution
Protect Your Clients - A Practical Guide to Cybersecurity (Oregon)
Quiz 1: Reasons for Cybersecurity
A hacker who can be hired to assist your company with identifying weaknesses
in the cybersecurity protections is known as a:
A) Grey Hat Hacker.
B) White Hat Hacker.
C) Hacktivist.
D) Black Hat Hacker.
B) White Hat Hacker.
White hat hackers are hackers who sell their services and skills to "test" the firewalls
and security methods your company has put in place. White hat hackers will not invade
your company's security mechanisms without approval; while grey hat hackers will
breach systems without permission before informing your company.
According to the National Cyber Security Alliance, what percentage of small or
midsized companies go out of business within six months of being hacked?
A) 30%
B) 50%
C) 60%
D) 90%
C) 60%
The NCSA estimates that some 60% of small and midsize companies go bankrupt
within a half year of being hacked. This is typically because the companies must pay for
the forensics and insurance.
Modern technology has begun to link digital consumer goods, such as cell
phones, smart printers, and computers, allowing machines to learn your patterns
or otherwise connect all devices together for ease of use. What is the term we use
for this network?
A) The Internet of Things
B) The Smart Connect
C) The device-web
D) The Digital Network
A) The Internet of Things
The Internet of Things refers to the connected web of consumer digital devices. While
the Internet of Things can be convenient and assist a company's efficiency, it also
opens up different avenues for hackers to exploit vulnerabilities within that digital
network.
All of the following are broad descriptions of cyber-attacks EXCEPT
A) attacks on integrity.
B) attacks on confidentiality.
,C) attacks on availability.
D) attacks on personnel.
D) attacks on personnel.
Attacks on availability, confidentiality, and integrity are the broad descriptions of
cyberattacks. Attacks on availability limit access to networks, attacks on integrity limits
the credibility of your systems;,and attacks on confidentiality are violations of your
company's privacy.
A real estate agent's email account was compromised. The hacker was able to
send an email to a client explaining that "last-minute closing changes" required a
"correction" to a bank account number being used to hold closing cost funds.
The client followed the email's instructions and transferred the money to pay for
closing costs to the updated bank account.
When the client was contacted by the real estate agent and learned that the
earlier email was a spoof, they soon discovered that the transferred money had
been removed from the account and was unrecoverable. What would this sort of
attack be considered?
A) Attack on availability
B) Attack on confidentiality
C) Advanced persistent threat
D) Attack on integrity
D) Attack on integrity
This would be an example of an attack on integrity because it uses the credibility of the
real estate agent's email account to convince the client to change closing information.
Quiz 2: Cyber Threats
Which of the following best describes baiting?
A) Directing a client to transfer their closing funds to an escrow company
B) Sending an email with the subject line, "YOU ARE A WINNER!"
C) Intentionally leaving a trojan-infected USB device on the sidewalk
D) Searching for unsecured wifi networks to use as the source for an attack
C) Intentionally leaving a trojan-infected USB device on the sidewalk
Baiting is oftentimes a very simple form of social engineering where a cd, laptop, or
USB stick is left in the open to tempt the victim into using the device.
Brute-force password attacks can break through a password by randomly
guessing the codes. Which of the following measures would best prevent a
successful password attack?
A) Making the password longer than 10 characters
B) Using words that are commonly found in a dictionary
C) Using a combination of uppercase and lowercase letters
D) Adding a letter to the end of a 4-digit numeric password
A) Making the password longer than 10 characters
Longer passwords are more difficult to crack with brute force password programs. In
, general, a longer password will be harder to crack than a password with symbols or
upper case/lower case letters.
A Distributed Denial of Services (DDoS) attack oftentimes involves
simultaneously using a large number of computers and digital devices to send an
unsustainable amount of traffic to a single website. Those computers are
controlled with assorted malwares that are controlled from a host computer. What
do we call the collection of computers that performs the DDoS?
A) A distributed strike
B) A digital horde
C) A remote swarm
D) A botnet
D) A botnet
The collection of computers and devices like phones and tablets is known as a botnet. It
is usually a remotely controlled network of slave devices that can be sent en masse to a
target site.
Tyrone received an email that read, "You are included in a settlement for
overcharging at Local Gas Station." The email explained that the local gas station
had lost a lawsuit for overcharging customers. Anyone who lived around Local
Gas Station was to receive a $150 check, so long as they could prove they bought
gasoline there in the past four months. The email asked for proof of address and
a credit card number that investigators could cross-check with Local Gas Station
purchase records. When Tyrone Googled "Local Gas Station lawsuit" there were
no articles or information about any lawsuit.
What is this email likely an example of?
A) A phishing scheme
B) A Quid Pro Quo arrangement
C) A contact spamming scheme
D) A doxing attack
A) A phishing scheme
An email claiming to provide money in exchange for personal or financial information is
often a clear example of a phishing scheme. By investigating the information a little,
Tyrone was able to discover that the information in the email was not real.
Which of the following would be an example of a Quid Pro Quo attack?
A) A hacker buys an old, decommissioned work laptop from a company and
locates a draft document hidden deep in the laptop's archives that has a current
server password. The hacker uses that password to break into the company's
servers.
B) A hacker calls every business in the area pretending to be tech support. When
one company responds that they were waiting to hear back from tech support,
the hacker proceeds to assist the company with the problem, but requests
passwords and account information in order to "fix the problem."
C) A hacker puts on a maintenance crew uniform and slips into the company's
server room without being stopped. The hacker then uses a USB drive to copy all
the documents on the servers and walks out without being noticed.
(Oregon) Exam with complete solution
Protect Your Clients - A Practical Guide to Cybersecurity (Oregon)
Quiz 1: Reasons for Cybersecurity
A hacker who can be hired to assist your company with identifying weaknesses
in the cybersecurity protections is known as a:
A) Grey Hat Hacker.
B) White Hat Hacker.
C) Hacktivist.
D) Black Hat Hacker.
B) White Hat Hacker.
White hat hackers are hackers who sell their services and skills to "test" the firewalls
and security methods your company has put in place. White hat hackers will not invade
your company's security mechanisms without approval; while grey hat hackers will
breach systems without permission before informing your company.
According to the National Cyber Security Alliance, what percentage of small or
midsized companies go out of business within six months of being hacked?
A) 30%
B) 50%
C) 60%
D) 90%
C) 60%
The NCSA estimates that some 60% of small and midsize companies go bankrupt
within a half year of being hacked. This is typically because the companies must pay for
the forensics and insurance.
Modern technology has begun to link digital consumer goods, such as cell
phones, smart printers, and computers, allowing machines to learn your patterns
or otherwise connect all devices together for ease of use. What is the term we use
for this network?
A) The Internet of Things
B) The Smart Connect
C) The device-web
D) The Digital Network
A) The Internet of Things
The Internet of Things refers to the connected web of consumer digital devices. While
the Internet of Things can be convenient and assist a company's efficiency, it also
opens up different avenues for hackers to exploit vulnerabilities within that digital
network.
All of the following are broad descriptions of cyber-attacks EXCEPT
A) attacks on integrity.
B) attacks on confidentiality.
,C) attacks on availability.
D) attacks on personnel.
D) attacks on personnel.
Attacks on availability, confidentiality, and integrity are the broad descriptions of
cyberattacks. Attacks on availability limit access to networks, attacks on integrity limits
the credibility of your systems;,and attacks on confidentiality are violations of your
company's privacy.
A real estate agent's email account was compromised. The hacker was able to
send an email to a client explaining that "last-minute closing changes" required a
"correction" to a bank account number being used to hold closing cost funds.
The client followed the email's instructions and transferred the money to pay for
closing costs to the updated bank account.
When the client was contacted by the real estate agent and learned that the
earlier email was a spoof, they soon discovered that the transferred money had
been removed from the account and was unrecoverable. What would this sort of
attack be considered?
A) Attack on availability
B) Attack on confidentiality
C) Advanced persistent threat
D) Attack on integrity
D) Attack on integrity
This would be an example of an attack on integrity because it uses the credibility of the
real estate agent's email account to convince the client to change closing information.
Quiz 2: Cyber Threats
Which of the following best describes baiting?
A) Directing a client to transfer their closing funds to an escrow company
B) Sending an email with the subject line, "YOU ARE A WINNER!"
C) Intentionally leaving a trojan-infected USB device on the sidewalk
D) Searching for unsecured wifi networks to use as the source for an attack
C) Intentionally leaving a trojan-infected USB device on the sidewalk
Baiting is oftentimes a very simple form of social engineering where a cd, laptop, or
USB stick is left in the open to tempt the victim into using the device.
Brute-force password attacks can break through a password by randomly
guessing the codes. Which of the following measures would best prevent a
successful password attack?
A) Making the password longer than 10 characters
B) Using words that are commonly found in a dictionary
C) Using a combination of uppercase and lowercase letters
D) Adding a letter to the end of a 4-digit numeric password
A) Making the password longer than 10 characters
Longer passwords are more difficult to crack with brute force password programs. In
, general, a longer password will be harder to crack than a password with symbols or
upper case/lower case letters.
A Distributed Denial of Services (DDoS) attack oftentimes involves
simultaneously using a large number of computers and digital devices to send an
unsustainable amount of traffic to a single website. Those computers are
controlled with assorted malwares that are controlled from a host computer. What
do we call the collection of computers that performs the DDoS?
A) A distributed strike
B) A digital horde
C) A remote swarm
D) A botnet
D) A botnet
The collection of computers and devices like phones and tablets is known as a botnet. It
is usually a remotely controlled network of slave devices that can be sent en masse to a
target site.
Tyrone received an email that read, "You are included in a settlement for
overcharging at Local Gas Station." The email explained that the local gas station
had lost a lawsuit for overcharging customers. Anyone who lived around Local
Gas Station was to receive a $150 check, so long as they could prove they bought
gasoline there in the past four months. The email asked for proof of address and
a credit card number that investigators could cross-check with Local Gas Station
purchase records. When Tyrone Googled "Local Gas Station lawsuit" there were
no articles or information about any lawsuit.
What is this email likely an example of?
A) A phishing scheme
B) A Quid Pro Quo arrangement
C) A contact spamming scheme
D) A doxing attack
A) A phishing scheme
An email claiming to provide money in exchange for personal or financial information is
often a clear example of a phishing scheme. By investigating the information a little,
Tyrone was able to discover that the information in the email was not real.
Which of the following would be an example of a Quid Pro Quo attack?
A) A hacker buys an old, decommissioned work laptop from a company and
locates a draft document hidden deep in the laptop's archives that has a current
server password. The hacker uses that password to break into the company's
servers.
B) A hacker calls every business in the area pretending to be tech support. When
one company responds that they were waiting to hear back from tech support,
the hacker proceeds to assist the company with the problem, but requests
passwords and account information in order to "fix the problem."
C) A hacker puts on a maintenance crew uniform and slips into the company's
server room without being stopped. The hacker then uses a USB drive to copy all
the documents on the servers and walks out without being noticed.
