P3 Chapter 10 Quiz

Lily is the location manager of AK, a clothing line operating nationwide. AK recently suffered a cyber security breach, the extent and damage of which still remains unclear. All the managers of AK have agreed that an investigation should be carried out as to find out the extent of the breach and the person responsible for it. The management of AK plans to take the culprit to court and hence requires this investigation to collect sufficient evidence for prosecution.

Lily has previously experienced such breaches and knows that the breach and its investigation can be on three different levels. She has prepared a question to put to the investigator regarding all three levels.

“Question number 3: Has the threat affected data stored by the organization?”

Question number 3 relates to which level of the investigation?

Storage analysis
Cyber analysis
System level analysis
Network analysis

Which of the following types of penetration testing is carried out from the user’s point of view?

Phishing
Malware analysis
Black box testing
White box testing

The application of science or technology to investigate crime, including the cause and consequences, is called:

Forensic analysis
Software security
Penetration testing
Malware analysis

Lily is the location manager of AK, a clothing line operating nationwide. AK recently suffered a cyber security breach, the extent and damage of which still remains unclear. All the managers of AK have agreed that an investigation should be carried out as to find out the extent of the breach and the person responsible for it. The management of AK plans to take the culprit to court and hence requires this investigation to collect sufficient evidence for prosecution.

Lily has previously experienced such breaches and knows that the breach and its investigation can be on three different levels. She has prepared a question to put to the investigator regarding all three levels.

“Question number 1: Has the threat affected the entire system or just certain parts of it?”

The above question relates to which level of the investigation?

Storage analysis
Cyber analysis
Network analysis
System level analysis

Which of the following correctly defines IPSEC?

A series of software updates that corrects the known vulnerabilities
It is a suite of protocols that interact with one another to provide secure private communications across internet provider networks
It is a form of ethical hacking that allows an organisation to see any vulnerabilities it has in its information systems
A protocol that allows organisations to provide secure communications with end-to-end encryption.

Frampton Ltd is an electronics company, the firm specialises in producing smartphones.

Frampton’s largest competitor has just launched a revolutionary smartphone which can be fully charged in under 20 minutes. This new technology has been brought about by a new battery design.

The project team for Frampton’s latest product, the “xPhone”, has purchased a bulk order of their competitor’s phone in the hope of taking apart the phone and understanding the unique battery technology so they can apply the same technology to the xPhone.

Which of the following terms best describes the activity that Frampton Ltd is carrying out?

Decompilation
Value engineering
Disassembly
Reverse engineering

The SOC (System and Organization Controls) for Cybersecurity framework was developed by the AICPA (American Institute of Certified Professional Accountants) in 2017.

There are three components to a SOC for Cybersecurity report.

Which of the following are components of a SOC for Cybersecurity report?

Select THREE that apply:

Stakeholder inclusiveness
Shareholder’s assertion
Management’s description
Practitioner’s opinion
Stakeholder’s opinion
Management’s assertion

Which of the following is a useful way of understanding how a code behind a malware works?

Patch management
Reverse engineering
Firewall
Phishing

Forensic analysis operates at which level:

System level
Storage level
Network level
All of the listed levels

Zerg Ltd is an online retailer of sports supplements, the firm is large and the website deals with a heavy amount of users each day and so it is important that the website operates smoothly.

Following a disagreement with a customer, the website was subject to a denial-of-service (DDoS) attack which put the website under strain and resulted in two-days of downtime, costing the firm over £2m in lost sales. Contractors from a specialist cybersecurity firm had to be used to fix the issue.

The firm’s management is currently putting together the SOC (System and Organization Controls) for Cybersecurity report. As part of this, management is focusing on the nine categories of decision criteria that they will consider as part of the description criteria component of the report.

Under which category will the DDoS attack be reported?

Nature of business operations
Nature of information at risk
Cybersecurity control processes
Factors that have a significant effect on inherent cybersecurity risks
Cybersecurity and risk governance structure

Palo PLC is an online gambling firm, the firm operates a portfolio of websites that allow users to bet on horse races, sporting events and even political elections.

Recently, a customer of Palo PLC lost a substantial amount of money on a sports bet. The customer sought revenge on the firm by launching a series of denial-of-service (DDoS) attacks which slowed several of Palo’s websites down and cost the firm £5m in lost revenues due to website downtime.

After the attack ended, Palo PLC’s IT team launched a forensic analysis into the attack.

Which of the following are valid reasons for carrying out the forensic analysis after the cyberattack?

Select ALL that apply:

To help cleanse the system and remove any traces of the DDoS attack
To collect the evidence needed to convict the customer in a court of law
To help prevent the attack from occurring again
To help assess the full extent of the damage the DDoS attack caused
To help in identifying the culprit of the cyberattack

Which of the following correctly defines MIKEY-SAKKE?

A series of software update that corrects the known vulnerabilities.
A protocol that allows organizations to provide secure communications with end-to-end encryption.
It is a suite of protocols that interact with one another to provide secure private communications across internet provider networks.
It is a form of ethical hacking that allows an organisation to see any vulnerabilities it has in its information systems

The UK National Cyber Security Centre suggest that risk management techniques within a cybersecurity risk management plan (CRMP) should be:

Cost driven and benefit driven
Component driven and system driven
Externally driven and internally driven
Strategy driven and operationally driven

Bluelabs Ltd is a cybersecurity consulting firm, the firm operates in the UK and has many major clients across the world.

The firm’s most popular service is penetration testing, the firm offers a complete package and ensures that a thorough and extensive check for vulnerabilities is carried out.

What type of hacker group does Bluelabs Ltd belong to?

White-hat hacker
Black-hat hacker
Grey-hat hacker
Red-hat hacker

Which one of the following activities would you not expect to see as part of a forensic analysis into a cyber security breach due to malware?

Collecting evidence that could be used in a court of law to prosecute those responsible for the malware
Restoring all the data from back-ups taken before the cyber security breach occurred
Identifying the areas affected by the malware so it can be successfully isolated
Immediately cleansing the organization’s system to remove all traces of the malware

P3 Chapter 10 Quiz

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

Recent Posts

Recent Comments

Categories