Ace prep Exams

Phishing, baiting, and tailgating are examples of ________ attacks. Malware Password Social engineering Network Social engineering An attacker could redirect your browser to a fake website login page using what kind of attack? Injection attack DNS cache poisoning attack DDoS attack SYN flood attack DNS cache poisoning attack A(n) _____ attack is meant to prevent legitimate traffic from reaching a service. Injection Password Denial of Service DNS Cache poisoning Denial of Service T...

What are the components that make up a cryptosystem? Check all that apply encryption algorithms decryption algorithms key generation algorithms; A cryptosystem is a collection of algorithms needed to operate an encryption service. This involves generating encryption keys, as well as encryption and decryption operations. What is steganography? the practice of hiding messages; Steganography involves hiding messages, but not encoding them. What makes an encryption algorithm symmetric? the s...

In the CIA Triad, "Confidentiality" means ensuring that data is: not accessible by unwanted parties In the CIA Triad, "Integrity" means ensuring that data is: accurate and wasn't tampered with In the CIA Triad, "Availability" means ensuring that data is: available and people can access it What's the relationship between a vulnerability and an exploit? An exploit takes an advantage of a vulnerability to run arbitrary code or gain access. Which statement is true for both a worm and ...

In the CIA Triad, "Confidentiality" means ensuring that data is: not accessible by unwanted parties; "Confidentiality," in this context, means preventing unauthorized third parties from gaining access to the data. In the CIA Triad, "Integrity" means ensuring that data is: accurate and was not tampered with; "Integrity," in this context, means ensuring that the data remains intact, uncorrupted, and not tampered with. The data that gets sent is the exact same as the data that gets rec...

In the CIA Triad, "Confidentiality" means ensuring that data is: not accessible by unwanted parties; "Confidentiality," in this context, means preventing unauthorized third parties from gaining access to the data. In the CIA Triad, "Integrity" means ensuring that data is: accurate and was not tampered with; "Integrity," in this context, means ensuring that the data remains intact, uncorrupted, and not tampered with. The data that gets sent is the exact same as the data that gets rec...

What is an attack vector? a mechanism by which an attacker can interact with your network or systems; An attack vector can be thought of as any route through which an attacker can interact with your systems and potentially attack them. Disabling unnecessary components serves which purposes? Check all that apply. closing attack vectors reducing the attack surface; Every unnecessary component represents a potential attack vector. The attack surface is the sum of all attack vectors. So, disab...

Why is normalizing log data important in a centralized logging setup? Uniformly formatted logs are easier to store and analyze. Logs from various systems may be formatted differently. Normalizing logs is the practice of reformatting the logs into a common format, allowing for easier storage and lookups in a centralized logging system. What type of attacks does a flood guard protect against? Check all that apply. DDoS Attack SYN Floods. A flood guard protects against attacks that overwhelm n...

What information does a digital certificate contain? Check all that apply. Digital signature Public Key Data Identifying information of the certificate owner. A digital certificate contains the public key information, along with a digital signature from a CA. It also includes information about the certificate, like the entity that the certificate was issued to. Which type of encryption does SSL/TLS use? Both : Asymmetric and Symmetric Encryptions What are some of the functions that a Trust...

What are the dangers of a man-in-the-middle attack? Check all that apply. An attacker can modify traffic in transit An attacker can eavesdrop on unencrypted traffic An attacker can redirect or block traffic Why is a DNS cache poisoning attack dangerous? Check all that apply. It affects any clients querying the poisoned DNS servers It allows an attacker to redirect target to malicious webservers Which of the following is true of a DDoS attack? Attack traffic comes from lots of different h...

What is an attack vector? A mechanism by which an attacker can interact with your network or systems Disabling unnecessary components serves which purposes? Check all that apply. Reducing the attack surface, closing attack vectors What's an attack surface? The combined sum of all attack vectors in a system or network A good defense in depth strategy would involve deploying which firewalls? Both host-based and network-based firewalls Using a bastion host allows for which of the following?...