1. Most security vulnerabilities are from new or previously unknown problems.
True
False
Answer: False. Source page 1 of this PDF.
2. What is one of the protocols IPsec uses to secure IP layer communications?
_________________________________________
Answer: Either AH (Authentication Header) or ESP (Encapsulating Security Payload). Source is juniper.net.
3. What is defense in depth (or DiD)?
a. A type of highly-secure cryptography for data at rest.
b. A type of highly-secure cryptography for data in transit.
c. Both of the above.
d. The implementation of a combination of security measures that may be disparate and redundant for achieving security from a pragmatic perspective.
e. A certified protocol recognized by a third party auditing company.
f. None of the above.
Choose the best answer.
Answer: D. Source: https://www.forcepoint.com/cyber-edu/defense-depth
4. What does ISMS stand for?
Answer: Information Security Management System. ISO 27001 specifies ISMS formally. Source: https://www.iso27001security.com/html/27001.html
5. How long does it take for a security breach to be detected usually?
a. Within 60 seconds
b. Within one day
c. Within one week
d. More than 180 days
Answer: D. Source: https://dev.to/shostarsson/what-is-the-owasp-why-you-should-rely-on-it-1akg
6. Who usually finds a security breach?
a. The hacker tells the enterprise about what he/she did (e.g., for ransom).
b. The company's internal auditing/security team of professionals.
c. A third party hired by the company that had the breach.
d. The U.S. government.
e. The company's internal auditing/security monitoring tools.
Choose the best answer.
Answer: C. Source: https://dev.to/shostarsson/what-is-the-owasp-why-you-should-rely-on-it-1akg
7. What is spear phishing?
a. Phishing against random people.
b. Phishing where the malicious actor knows the target.
c. Phishing against large numbers of people who are part of businesses.
d. Phishing for consumer credit cards.
e. Phishing where the emails fraudulently look like they are from a trusted source.
Answer: E. Source: https://www.dictionary.com/browse/spear-phish
8. How does SSH work in detail?
Here is one possible answer.
9. What does DSA stand for?
a. Defense Shamir Adleman
b. Delay Shamir Adelman
c. Digital Signature Algorithm
d. Direct Symmetric Algorithm
e. None of the above
Answer: C. Source: Page 648 of RHCSA/RHCE Linux Certification Study Guide Sixth Edition by Jang (McGrawHill).
10. What does the file named "secure" normally have in Red Hat distributions? (It could be found with this command "sudo find / -name secure -type f".) Choose the best answer.
a. Login and access messages.
b. Configuration settings related to Kerberos, Active Directory, Novel, OpenLDAP, NIS, etc.
c. Server-wide configuration settings related to SSH
d. None of the above
Answer: A
Source: It is a log file that lists the login and access messages according to page 552 of RHCSA/RHCE Linux Certification Study Guide Sixth Edition by Jang (McGrawHill)
11. What is smishing?
________________________
Answer: SMS phishing. This is the act of sending to cell phones a text message in an attempt to get sensitive information.
Source: https://www.dictionary.com/browse/smish
12. What is vishing?
________________________
Answer: Voice phishing. This is the act of social engineering. You get a phone call and the person is trying to get sensitive information.
Source: https://www.dictionary.com/browse/vish
13. It is acceptable to run OS shell commands from Node.js programs.
True
False
Answer: False. Page 76 of Node.js Security by Liran Tal.
14. What packages are more likely to be updated, Python or Ruby?
Answer: Python. Source: https://www.cpomagazine.com/cyber-security/open-source-security-flaws-exist-in-70-of-applications-80-of-libraries-are-never-updated/
15. Secure random number generation (e.g., for computations related to cryptographic keys) is preferably performed with seeding a number via which of the following? Choose the best answer.
a) The Mod or modulo arithmetical function
b) A sequence of unique numbers fixed in the code
c) The system clock
d) The quantified duration between keystrokes
e) All of the above
f) None of the above
Answer: D. Source: https://www.geeksforgeeks.org/random-vs-secure-random-numbers-java/