QUIZ

Question 1
Which technologies are increasingly used today instead of IDS?
a) IPS
b) SIEM
c) Data loss prevention
d) All of the above
More about the answer:
IPSes provide high levels of security if designed, implemented and managed properly, but other
technologies, such as enterprise detection and response systems, data loss prevention and SIEM,
should be considered instead of IPS or as a complement to it in an enterprise security strategy.
Question 2
When discussing IDS/IPS, what is a signature?
a) An electronic signature used to authenticate the identity of a user on the network
b) Patterns of activity or code corresponding to attacks
c) "Normal," baseline network behavior
d) None of the above
More about the answer:
A signature in an IDS or IPS is a pattern of activity or malicious code that is known to be
associated with specific attacks. A signature-based IDS/IPS scans incoming network packets for
certain content, such as header or payload data, to determine if it is harmful.
Question 3
Which is true of a signature-based IDS?
a) It cannot work with an IPS.
b) It only identifies on known signatures.
c) It detects never-before-seen anomalies.
d) It works best in large enterprises.
More about the answer:
Signature-based IDSes are only able to detect known attacks. While effective at monitoring
inbound traffic at high volumes, signature-based IDSes seek out traffic sequences or patterns that
match known attack signatures -- not novel or previously undetected attacks.
Question 4
Which of the following provides a baseline measurement for comparison of IDSes?
a) Crossover error rate
b) False negative rate
c) False positive rate
d) Bit error rate
More about the answer:
The crossover error rate, or CER, provides a baseline measure for IDSes. A system's CER is
determined by adjusting the system's sensitivity until the false positive and false negative rates
are equal.
Question 5
A false positive can be defined as:
a) An alert that indicates nefarious activity on a system that, upon further inspection,
turns out to represent legitimate network traffic or behavior
b) An alert that indicates nefarious activity on a system that, upon further inspection, turns
out to truly be nefarious activity
c) The lack of an alert for nefarious activity
d) All of the above
More about the answer:
A false positive is any alert that indicated malicious activity but ended up being legitimate
network traffic or behavior.
Question 6
Where is an IPS commonly placed in a network?
a) In front of the firewall
b) In line with the firewall
c) Behind the firewall
d) On the end users' device
More about the answer:
An IPS is placed in line with firewalls at the network edge, usually between the internal
corporate network and the internet.
Question 7
The features of traditional IPSes are found in all of these modern systems, except:
a) Antimalware
b) Next-generation firewalls
c) Unified threat management appliances
d) Network behavior analysis systems
More about the answer:
IPS capabilities have been rolled into many modern security technologies, such as next-
generation firewalls, unified threat management appliances and network behavior analysis
systems, but are not included in traditional antimalware products.
Question 8
How much network security spending is allocated to IPSes?
a) 5%
b) 10%
c) 15%
d) 20%
More about the answer:
Although many IPS features are now incorporated into other products, the IPS market
still represents 10% of network security spending.
Question 9
If it detects a threat, an IPS can:
a) Record the details of the threat
b) Report the threat to security admins
c) Take preventative action to stop the threat
d) All of the above
More about the answer:
IPSes are designed to identify nefarious activity in real time, record threats, report detected
threats and take preventative action to stop the threat from doing damage to the system.
Question 10
How does machine learning benefit IDSes/IPSes?
a) By lowering the volume of attacks analyzed
b) By adding heuristic anomaly detection capabilities
c) By searching for similar patterns to known attacks
d) By helping identify signatures more quickly
More about the answer:
Automating discovery and creation of attack signatures, combined with the use of supervised
learning, enables machine learning systems to learn about attacks and apply that knowledge to
search for other instances displaying the same or similar behavior.
Question 11
What is the most important security awareness training topic?
Physical security
a) Types of malware
b) Social engineering
c) Remote security
d) All of the above
More about the answer:
Security awareness programs should include a variety of topics, including physical security,
social engineering training, security best practices, remote and on-premises security,
and awareness of types of malware.
Question 12
Which of the following is not a reason why security awareness training is essential for
executives?
a) Corporate travel could expose executives to foreign government or commercial
adversaries.
b) Greater access privileges make executives valuable targets for credential theft.
c) Executives are worse at retaining security basics than other employees.
d) Cyberespionage campaigns exploit executives who are privy to their organization's
sensitive trade secrets.
More about the answer:
Security awareness training is essential for executives due to their privileged access, knowledge
of trade secrets and increased exposure to risk during travel, making them high-value targets for
attackers.
Question 13
Why are humans still the weakest link despite security training and resources?
a) Threat actors spend their days thinking of new ways to exploit human vulnerabilities and
are rewarded for their innovation.
b) Average people do not spend all their time thinking about security and might feel
powerless in preventing attacks.
c) Cybersecurity practitioners may be the only people at their organizations who spend their
workdays focused on prevention, protection and mitigation activities.
d) All of the above
More about the answer:
Humans are still the weakest link because, if cybersecurity or cybercrime is not in their job
description, security can become a minor concern relative to other work responsibilities.
Question 14
True or false: Deepfake technology is an enterprise security concern.
a) True
b) False
More about the answer:
Deepfakes introduce a number of security risks. Security awareness training programs should
include information on how to detect and report digital impersonations and encourage employees
to think critically about potentially altered content.
Question 15
Do phishing simulations work?
a) Yes, they help identify users susceptible to phishing attacks.
b) Yes, they teach users signs of phishing scams.
c) No, they are unethical.
d) No, they can have negative side effects.
e) All of the above
More about the answer:
Phishing simulations are debated in the security industry. Many promote their effectiveness,
while others call them controversial. Either way, phishing simulations on their own are not an
effective phishing prevention strategy.
Question 16
Which is not an indication of a ransomware infection?
a) Alerts someone is trying to change your password
b) A pop-up window demanding a ransom
c) Device performance degradation
d) Out-of-date software
More about the answer:
Alerts about password changes, pop-ups demanding ransoms and device performance
degradation are all signs of a potential ransomware attack. While unpatched, out-of-date software
is not a sign of an infection, it is important to patch or update the software to prevent it from
becoming a ransomware attack vector.
Question 17
True or false: Although positive reinforcement in security awareness training can change risky
behavior, it can also produce costly side effects, such as damaging employee morale.
a) True
b) False
More about the answer:
Negative reinforcement, such as shaming and punishment, may change risky behavior but at the
cost of employee morale. New approaches to security awareness training incorporate positive
reinforcement, gamification and social proof to reduce human risks without hurting morale.
Question 18
What are the most important metrics to consider in security awareness training?
a) Training completion rates
b) Quiz performance
c) Engagement metrics
d) Human risk scores
More about the answer:
Traditional security awareness training metrics, such as completion rates, quiz performance and
engagement metrics, are fundamentally flawed, according to Forrester. Human risk scores are the
most important metric and should be used to adjust and improve training programs.
Question 19
What is the best way to identify a phishing email?
a) Typos
b) Grammatical errors
c) Suspicious links
d) All of the above
More about the answer:
Typos, grammatical errors and suspicious links are all indications of a phishing email.
Question 20
True or false: Passphrases are stronger than passwords.
a) True
b) False
More about the answer:
Passphrases are considered stronger than passwords. Passphrases are generally easier to
remember than long, complex passwords, which are often written down or saved to a user's
desktop.
Question 21
In Which One Of The Following Attacks Against Bluetooth Technology Is The Attacker Able
To Steal Information From The Device?
a) Bluesnarfing
b) Bluejacking
c) Blueballing
d) Bluefeeding
More about the answer:
In a bluesnarfing attack, the attacker establishes a Bluetooth connection to a target device and
then retrieves information from that device. Bluejacking attacks only allow the attacker to
display a message on the device. Blueballing attacks allow an attacker to break an existing
Bluetooth connection between two devices. Bluefeeding attacks do not exist.
Question 22
Which of the following attacks can be conducted over a landline?
a) Smishing
b) Whaling
c) Vishing
d) Pharming
Question 23
Ideally, when should passwords be changed?
a) Only when an account is compromised
b) Every day
c) Every 30-90 days
d) Never
Question 24
What consists of at least one bot server or controller and one or more client bots?
a) Virus
b) Trojan
c) Botnet
d) Adware
Question 25
What is implemented to carry out distributed DDoS attacks, steal data, and send spam messages
and permits the hacker to access various devices and their connection?
a) Trojan
b) Virus
c) Botnet
d) Worm
Question 26
Nowadays, most botnets rely on which of the following for communication?
a) Server-to-server
b) Peer-to-peer
c) Client-to-server
 d) Host-to-server
Question 27
Trojans are not capable of which of the following?
a) Stealing data
b) Self-replicating
c) Stealing financial information
d) Stealing login credentials
Question 28
What is the name of the attack where emails are exclusively designed to target any exact user?
a) Algo-based phishing
b) Vishing
c) Domain phishing
d) Spear phishing
Question 29
____________________ is the anticipation of unauthorized access or break to computers or data
by means of wireless networks.
a) Wireless access
b) Wireless security
c) Wired Security
d) Wired device apps
More about the answer:
Wireless security is the anticipation of unauthorized access or breaks to computers or data by
means of wireless networks. The most widespread types of wireless securities are Wired
Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 and recently released WPA3.
Question 30
_______________ is the central node of 802.11 wireless operations.
a) WPA
b) Access Point
c) WAP
d) Access Port
View Answer
More about the answer:
The central node of 802.11 wireless operations is the Access Point (AP). It is that interface which
acts as an intermediary of a wired & wireless network; and all the associated wireless clients’ use
this to exchange data with it.