Do I Know This Already Quiz

The "Do I Know This Already?" quiz helps you determine your level of knowledge of this chapter's topics before you begin. Table 1-1 details the major topics discussed in this chapter and their corresponding quiz questions.

Table 1-1 "Do I Know This Already?" Section-to-Question Mapping

Foundation Topics Section


Exploring Security Fundamentals

1 to 6

Understanding the Methods of Network Attacks

7 to 15

1. Where do most attacks on an organization's computer resources originate?

a. From the Internet b. From the inside network c. From universities d. From intruders who gain physical access to the computer resources

2. What are the three primary goals of network security? (Choose three.)

a. Confidentiality b. Redundancy c. Integrity d. Availability

3. The U.S. government places classified data into which classes? (Choose three.)

b. Confidential c. Secret d. Top-secret

4. Cisco defines three categories of security controls: administrative, physical, and technical. Individual controls within these categories can be further classified as what three specific types of controls? (Choose three.)

a. Preventive b. Deterrent c. Detective d. Reactive

5. Litigators typically require which three of the following elements to present an effective argument when prosecuting information security violations? (Choose three.)

a. Audit trail b. Motive c. Means d. Opportunity

6. Which type of law typically involves the enforcement of regulations by government agencies?

a. Criminal law b. Tort law c. Administrative law d. Civil law

7. Which of the following is a weakness in an information system that an attacker might leverage to gain unauthorized access to the system or data on the system?

a. Risk b. Exploit c. Mitigation d. Vulnerability

8. What type of hacker attempts to hack telephony systems?

a. Script kiddy b. Hacktivist c. Phreaker d. White hat hacker

9. Which of the following is a method of gaining access to a system that bypasses normal security measures?

a. Creating a back door b. Launching a DoS attack c. Starting a Smurf attack d. Conducting social engineering

10. What security design philosophy uses a layered approach to eliminate single points of failure and provide overlapping protection?


b. Defense in Depth c. SONA


11. What are two types of IP spoofing attacks? (Choose two.)

a. Nonblind spoofing b. Promiscuous spoofing c. Autonomous spoofing d. Blind spoofing

12. What term refers to the electromagnetic interference (EMI) that can radiate from network cables?

a. Doppler waves b. Emanations c. Gaussian distributions d. Multimode distortion

13. What kind of integrity attack is a collection of small attacks that result in a larger attack when combined?

a. Data diddling b. Botnet attack c. Hijacking a session d. Salami attack

14. Which of the following best describes a Smurf attack?

a. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system.

b. It sends ping requests in segments of an invalid size.

c. It intercepts the third step in a TCP three-way handshake to hijack a session.

d. It uses Trojan horse applications to create a distributed collection of "zombie" computers, which can be used to launch a coordinated DDoS attack.

15. Which of the following are Cisco best-practice recommendations for securing a network? (Choose three.)

a. Deploy HIPS software on all end-user workstations.

b. Routinely apply patches to operating systems and applications.

c. Disable unneeded services and ports on hosts.

d. Require strong passwords, and enable password expiration.

Foundation Topics

+1 0


  • melanie
    Which method of gaining access to a system that bypasses normal security measures?
    2 years ago

Post a comment