CISCO SOURCES

QUIZ 1
An employee is laid off after fifteen years with the same company. The employee is then hired by
another company within a week. In the new company, the employee shares documents and ideas
for products that the employee proposed at the original company. UNETHICAL

During a meeting with the Marketing department, a representative from IT discusses features of an
upcoming product that will be released next year. ETHICAL

An employee points out a design flaw in a new product to the department manager. ETHICAL

Alicia, a company employee, has lost her corporate identification badge. She is in a hurry to get to a
meeting and does not have time to visit Human Resources to obtain a temporary badge. You lend
her your identification badge until she can obtain a replacement. UNETHICAL

An employee is at a restaurant with friends and describes an exciting new video game that is under
development at the company the employee works for. Is the behavior of the employee ethical or
unethical? UNETHICAL

QUIZ 2
In what way are zombies used in security attacks? They are infected machines that carry out a
DDoS attack.
What is the purpose of a rootkit? to gain privileged access to a device while concealing itself
What is the most common goal of search engine optimization (SEO) poisoning? to increase web
traffic to malicious sites
Which two characteristics describe a worm? (Choose two.) is self-replicating; and travels to new
computers without any intervention or knowledge of the user
Which example illustrates how malware might be concealed? An email is sent to the employees
of an organization with an attachment that looks like an antivirus update, but the attachment
actually consists of spyware.

What is the primary goal of a DoS attack? to prevent the target server from being able to handle
additional requests

Which type of attack allows an attacker to use a brute force approach? password cracking

Which tool is used to provide a list of open ports on network devices? Nmap

QUIZ 3
A user is surfing the Internet using a laptop at a public WiFi cafe. What should be checked first when
the user connects to the public network? if the laptop requires user authentication for file and
media sharing

Which technology removes direct equipment and maintenance costs from the user for data
backups? a cloud service
Which configuration on a wireless router is not considered to be adequate security for a wireless
network? prevent the broadcast of an SSID

Which type of technology can prevent malicious software from monitoring user activities, collecting
personal information, and producing unwanted pop-up ads on a user computer? Antispyware

What is the best method to prevent Bluetooth from being exploited? Always disable Bluetooth
when it is not actively used.

How can a user prevent others from eavesdropping on network traffic when operating a PC on a
public Wi-Fi hot spot? Connect with a VPN service.

A user is having difficulty remembering passwords for multiple online accounts. What is the best
solution for the user to try? Save the passwords in a centralized password manager program.

A network administrator is conducting a training session to office staff on how to create a strong and
effective password. Which password would most likely take the longest for a malicious user to guess
or break? mk$$cittykat104#
A consumer would like to print photographs stored on a cloud storage account using a third party
online printing service. After successfully logging into the cloud account, the customer is
automatically given access to the third party online printing service. What allowed this automatic
authentication to occur? The cloud storage service is an approved application for the online
printing service.
How can users working on a shared computer keep their personal browsing history hidden from
other workers that may use this computer? Operate the web browser in private browser mode.
As data is being stored on a local hard disk, which method would secure the data from unauthorized
access? data encryption
Why do IoT devices pose a greater risk than other computing devices on a network? Most IoT
devices do not receive frequent firmware updates.

QUIZ 4
What type of attack disrupts services by overwhelming network devices with bogus traffic? DDoS
Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the
traffic that is traversing the network? NetFlow
What is the last stage of the Cyber Kill Chain framework? malicious action
Which tool can perform real-time traffic and port analysis, and can also detect port scans,
fingerprinting and buffer overflow attacks? Snort
Which tool can identify malicious traffic by comparing packet contents to known attack signatures?
IDS

FINAL EXAM
What are two objectives of ensuring data integrity? (Choose two.) Data is not changed by
unauthorized entities. / Data is unaltered during transit.

A web server administrator is configuring access settings to require users to

authenticate first before accessing certain web pages. Which requirement of information
security is addressed through the configuration? Confidentiality
A company is experiencing overwhelming visits to a main web server. The IT department is
developing a plan to add a couple more web servers for load balancing and redundancy. Which
requirement of information security is addressed by implementing the plan? Availability

What is the main purpose of cyberwarfare? to gain advantage over adversaries

When describing malware, what is a difference between a virus and a worm? A virus
replicates itself by attaching to another file, whereas a worm can replicate itself
independently.

The IT department is reporting that a company web server is receiving an abnormally

high number of web page requests from different locations simultaneously. Which type
of security attack is occurring? DDoS

What is the best method to avoid getting spyware on a machine? Install software only
from trusted websites.

What are two security implementations that use biometrics? (Choose two.) voice
recognition / fingerprint

Which technology creates a security token that allows a user to log in to a desired web
application using credentials from a social media website? Open Authorization

A medical office employee sends emails to patients about recent patient visits to the
facility. What information would put the privacy of the patients at risk if it was included in
the email? patient records

Which two tools used for incident detection can be used to detect anomalous behavior,
to detect command and control traffic, and to detect infected hosts? (Choose two.)
intrusion detection system / NetFlow

For what purpose would a network administrator use the Nmap tool? detection and
identification of open ports

Which stage of the kill chain used by attackers focuses on the identification and
selection of targets? Reconnaissance

What is an example of the a Cyber Kill Chain? a planned process of cyberattack

What tool is used to lure an attacker so that an administrator can capture, log, and
analyze the behavior of the attack? Honeypot
What is one main function of the Cisco Security Incident Response Team?

to ensure company, system, and data preservation

What action will an IDS take upon detection of malicious traffic? create a network alert
and log the detection
QUIZ 1
Which method is used to check the integrity of data? Checksum
What are three methods that can be used to ensure confidentiality of information? (Choose three.)
data encryption / two factor authentication / username ID and password
What is a reason that internal security threats might cause greater damage to an organization than
external security threats? Internal users have direct access to the infrastructure devices.
What is an example of "hacktivism"? A group of environmentalists launch a denial of service
attack against an oil company that is responsible for a large oil spill.
What is another name for confidentiality of information? Privacy
Match the type of cyber attackers to the description. (Not all options are used.)
make political statements in order to create an awareness of issues that are important to
them. Hacktivists
gather intelligence or commit sabotage on specific goals on behalf of their government. state-
sponsored attackers
make political statements, or create fear, by causing physical or psychological damage to victims.
Terrorists
What three items are components of the CIA triad? (Choose three.) confidentiality / availability /
integrity
What is the motivation of a white hat attacker? discovering weaknesses of networks and
systems to improve the security level of these systems