CYBERSECURITY COURSE QUIZ
1. The most appropriate definition of Cyberspace is:
a) The origin of Cyber Attacks
b) A virtual place for virtual applications
c) A virtual place for virtual applications used by virtual
people
d) None of the above
Answer: c
2. The role of the standard ISO 27032 may be described as:
a) A tool for the definition of a cybersecurity strategy and
management
b) Guideline for cybersecurity choice of security controls
c) A valid alternative for the identification of
cybersecurity risk sources
d) All of the above
Answer: d
3. The integration between NIST and ISO 27032 may be
demonstrated by:
a) The use of the same terminology
b) Both standards describe a framework for cybersecurity
implementation
c) The security controls objectives are similar.
d) They have the same number of procedures to be
implemented
Answer: b
4. What are the objectives of protection on Cyberspace
according to ISO 27032?
a) Protection of information and data
b) Protection of databases and related applications
c) Protection of privacy data
d) Protection of confidentiality, integrity and availability.
Answer: d
5. What must be the priorities of asset protection in
Cyberspace?
a) Applications, communications and data
b) Applications, data and software development
c) Applications, communication, access control and
people
d) Applications, communication, access control
Answer: c
6. Crime activities on Cyberspace are monitored by:
a) Local Government
b) FBI and Interpol
c) Nobody
d) Darknet
Answer: b
7. Identify risk sources on Cyberspace:
a) People
b) Virtual devices and avatars
c) Offices
d) Darknet
Answer: d
8. What is the most effective technique to manage access
control in Cyberspace?
a) Not allow access at all
b) The use of local signon
c) The use of single signon
d) Use of encryption
Answer: c
9. Select which will the most effective technique to ensure
non-repudiation on networks:
a) The use of IPSec
b) The use of redundant devices
c) The use of encryption
d) The use of digital signatures
Answer: d
10. The security control A.14.2.7 — Outsourced
development security May be implemented by:
a) Using a CCMi framework
b) Using a Scrum framework
c) Implementing ISO 27001 policies, processes and
procedures
d) Implementing ISO 27034
Answer: d
11. Data breach is an attack vector that can use:
a) An SQL injection technique
b) A physical theft of information
c) Broken passwords
d) All of the above
Answer: d
CYBERSECURITY COURSE QUIZ
12. How do you respond to a Cyber Attack from the
Darknet?
a) Don't attempt to do it
b) Using some attack techniques
c) Using a Darknet collector
d) Using outrsourced services y.
Answer: a
13. Possible technics for the Web Applications attack
vector are:
a) SQL Injection
b) PHP Injection
c) Cross Site Scripting
d) All of the above
Answer: d
14. A spam attack vector will be identified as having origin
on a botnet if:
a) Several different portable devices are being used for
the attack.
b) It was traced back to the darknet
c) Logs of untheorized chances are being detected
d) None of the above
Answer: a
15. What is the meaning of anAPDosalternative for a
Denial of Service attack?
a) A combination of a massive DDos using multiple
communications layers
b) Advanced Persistent DDoS
c) A combination of repeated application layer attacks
(SQLi and XSS)
d) All of the above
Answer: b
16. Please select the most appropriated assets to be found
in Cyberspace:
a) Virtual Money
b) Attackers
c) Police enforcement
d) Datacenters
Answer: d
17. A Bluedump is a typical attack that intends:
a) Data dump and breach
b) Bluetooth PIN reversing
c) Botnet zombie control
d) None of the above
Answer: b
18. A Darknet Collector is:
a) A segregated network for traffic analysis
b) A log of attack vectors details
c) An analysis tool for cyber attacks
d) All of the above
Answer: d
19. The best alternative to describe a Sinkhole may be:
a) A segregated network for traffic analysis
b) A technic that divert attack traffic for a specific IP
address
c) A tools for implementing a sand box
d) A way to identify possible attacks
Answer: b
20. What will the best stage to protect an organization for
a phishing attack, using the "kill chain" methodology":
a) Reconnaissance, weaponization or delivery
b) Command and Control
c) Delivery
d) Exploitation
Answer:a
1
/
2
100%
