placeholder image to represent content

CYSA + 003 (1-4)

Quiz by AJ

Our brand new solo games combine with your quiz, on the same screen

Correct quiz answers unlock more play!

New Quizalize solo game modes
12 questions
Show answers
  • Q1

    Rick's security research company wants to gather data about current attacks and sets up a number of intentionally vulnerable systems that allow his team to log and analyze exploits and attack tools. What type of environment has Rick set up?

    a Tarpit

    a honeynet

    A honeypot

    a blackhole

    30s
  • Q2

    Which of the following capabilities is not a typical part of a SIEM system?

    Alerting

    Data aggregation

    Log retention

    Performance management

    30s
  • Q3

    What is the key difference between virtualization and containerization?

    Virtualization lets you run multiple operating systems on a single physical system, whereas containerization lets you run multiple applications on the same system.

    Virtualization lets you run multiple operating systems on asingle physical system, whereas containerization lets yourun multiple applications on the same system.

    Virtualization is necessary for containerization, but containerization is not necessary for virtualization

    Virtualization gives operating systems direct access to the hardware, whereas containerization does not allow applications to directly access the hardware.

    30s
  • Q4

    Nishi is deploying a new application that will process sensitive health information about her organization's clients. To protect this information, the organization is building a new network that does not share any hardware or logical access credentials with the organization's existing network. What approach is Nishi adopting?

    Network interconnection

    Virtual private network (VPN)

    Network segmentation

    Virtual LAN (VLAN) isolation

    30s
  • Q5

    Angela has decided to roll out a multifactor authentication system. What are the two most common factors used in MFA systems?

    Location and knowledge

    Knowledge and biometric

    Knowledge and possession

    Knowledge and location

    30s
  • Q6

    Kevin is concerned that an employee of his organization might fall victim to a phishing attack and wants to redesign his social engineering awareness program. What type of threat is he most directly addressing?

    Hacktivist

    Unintentional insider

    Kevin is concerned that an employee of his organization might fall victim to a phishing attack and wants to redesign his social engineering awareness program. What type of threat is he most directly addressing?

    Intentional insider

    Nation-state

    30s
  • Q7

    Disabling unneeded services is an example of what type of activity?

    Threat modeling

    Proactive risk assessment

    Incident remediation

    Reducing the threat attack surface area

    30s
  • Q8

    What technology is most commonly used to protect data in transit for modern web applications

    VPN

    TLS

    IPsec

    SSL

    30s
  • Q9

    Ned has discovered a key logger plugged into one of his workstations, and he believes that an attacker may have acquired usernames and passwords for all of the users of a shared workstation. Since he does not know how long the keylogger was in use or if it was used on multiple workstations, what is his best security option to prevent this and similar attacks from causing issues in the future?

    Password complexity rules

    Prevent the use of USB devices

    Password lifespan rules

    Multifactor authentication

    30s
  • Q10

    Kaiden is configuring a SIEM service in his IaaS cloud environment that will receive all of the log entries generated by other devices in that environment. Which one of the following risks is greatest with this approach in the event of a DoS attack or other outage?

    Insecure API

    Inability to access logs

    Insufficient logging

    Insufficient monitoring

    30s
  • Q11

    Ling wants to use her SOAR platform to handle phishing attacksmore effectively. What elements of potential phishing emailsshould she collect as part of her automation and workflowprocess to triage and assign severity indicators?

    Email sender addresses

    All of the above

    Subject lines

    Attachments

    30s
  • Q12

    Dave is running a vulnerability scan of a client's network for the first time. The client has never run such a scan and expects to find many results. What security control is likely to remediate the largest portion of the vulnerabilities discovered in Dave's scan?

    Encryption

    Input validation

    Intrusion prevention systems

    Patching

    30s

Teachers give this quiz to your class