ITN260 FINAL EXAM REAL EXAM
QUESTIONS AND CORRECT
ANSWERS (VERIFIED ANSWERS)
A GRADE
Which of the following is a form of malware attack that uses specialized communication
protocols?
a. Keylogger
b. Spyware
c. Bot
d. RAT - Answer ✔ d. RAT
What is a risk to data when training a machine learning (ML) application?
a. ML algorithm security
b. API attack on the device
c. Improper exception handling in the ML program
d. Tainted training data for machine learning - Answer ✔ d. Tainted training data for
machine learning
What does ransomware do to an endpoint device?
a. Ransomware infects the endpoint devices and launches attacks on the infected
endpoint and other devices connected to the network.
b. Ransomware gets accidentally installed in the endpoint device as software along with
other programs during the installation process. This happens when the user's
installation and download options are overlooked, thus affecting the user application
adversely.
c. Ransomware attacks the endpoint device without the consent of the user or the
device, discreetly collecting and transmitting information, causing harm to the end user
d. Ransomware attacks the endpoint device holding it hostage by preventing it from
functioning unless the user fulfills the ransom payment demanded. - Answer ✔ d.
Ransomware attacks the endpoint device holding it hostage by preventing it from
functioning unless the user fulfills the ransom payment demanded
William downloaded some free software to help him with photo editing. A few days later,
William noticed several personal photographs were modified and posted to various
social media pages with obscene comments. He also noticed that there were videos of
,him that were morphed and circulated on adult websites. The videos were obviously
taken using his webcam.
What should William do to fix his problem and prevent it from happening again in the
future?
a. William should run an antimalware program and scan for all known RATs, then
quarantine and remove the infected file(s). To prevent this in the future, he should only
download software from trusted websites.
b. William should disable his network devices, then run an antimalware program to scan
for keyloggers while his computer is not connected to the internet and delete all infected
files. To prevent this in the future, William should never download free software off the -
Answer ✔ a. William should run an antimalware program and scan for all known RATs,
then quaratnine and remove the infected file(s). To prevent this in the future, he should
only download software form trusted websites
While Andel is logging into his email through a browser, the login window disappears.
Andel attempts to log in again and is successful. Days later, he goes to log into his
email, and his attempt fails. He receives a message indicating that his username and/or
password are invalid.
What is Andel likely a victim of?
a. CSRF
b. RAT
c. Spyware
d. Keyloggers - Answer ✔ a. CSRF
What is another term commonly used to define cross-site request forgery (CSRF):
a. Server-side request forgery
b. Client-side request forgery
c. Cross-server request forgery
d. Client-server request forgery - Answer ✔ b. Client-side request forgery
Which of the following is an example of a request forgery malware?
a. Ransomware
b. CSRF
c. DLL injection
d. SQL injection - Answer ✔ b. CSRF
A few computers at a high-security software firm location have been compromised. The
threat actor took user videos, confidential information like bank account IDs and
passwords, email IDs and passwords, and computer screenshots. These confidential
data have been shared every three hours from the computers to the threat actor. Which
of the following is correct, based on the evaluation of the above observation?
a. This is a hardware keylogger attack, as video capture functionality and periodic
transfer of data are not possible with a software keylogger.
b. This is a software keylogger attack, as screenshots, video captures, and keystrokes
have been routinely monitored and periodically shared.
,c. This is a hardware keylogger attack; it is only periodically sharing the information and
is a manual transfer of information by a human agent.
d. This is a software keylogger attack, as it is sharing the information every three -
Answer ✔ b. This is a software keylogger attack, as screenshots, video captures, and
keystrokes have been routinely monitored and periodically shared
Natasha, a network security administrator for an online travel portal, noticed that her
website was the victim of an SQL injection. She decided to study the SQL queries to
find which one made this vulnerability in the database, and she noticed the following
SQL code piece executed on the database:
'whatever' AND email IS NULL;
What has been accessed by the attacker running this SQL injection?
a. The attacker accessed the entirety of email address data from all users in the
database.
b. The attacker has determined the names of different types of fields in the database.
c. The attacker accessed the data of specific users.
d. The attacker has used the SQL injection to delete the table in the database. - Answer
✔ b. The attacker has determined the names of different types of fields in the database
Shanise is an IT security professional for a large private bank. She got an alert that the
bank website received a funds transfer request that was correctly credentialed but
flagged as being out of the account owner's usual pattern. If the alert is correct, what
type of attack has likely occurred?
a. CSRF attack
b. XSS attack
c. SQL injection
d. Replay attack - Answer ✔ a. CSRF attack
What is the name of the process where a website validates user input before the
application uses the input?
a. Sanitizing
b. Tokening
c. Authorizing
d. Eliminating - Answer ✔ a. Sanitizing
What should be done when the information life cycle of the data collected by an
organization ends?
a. Destroy the data
b. Mask the data
c. Protect the data
d. Tokenize the data - Answer ✔ a. Destroy the data
In a security review meeting, you are asked to calculate the single loss expectancy
(SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be
destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur
once every 100 years. Which formula should you use to calculate the SLE?
, a. 100,000,000 * 0.75/0.1
b. 100,000,000/100 * 0.75
c. 100,000,000 * 0.75
d. 100,000,000/0.75 * 100 - Answer ✔ c. 100,000,000 * 0.75
Which data category can be accessed by any curreny employee or contractor?
a. Critical
b. Proprietary
c. Confidential
d. PHI - Answer ✔ b. Proprietary
After reviewing the data collection procedures in your organization, a court ordered you
to issue a document that specifies how the organization uses the collected personal
information. This document must be displayed to the user before allowing them to share
personal data. Which of the following documents should you prepare?
a. Pseudo-anonymization
b. Privacy notice
c. Data minimization
d. Terms of agreement - Answer ✔ b. Privacy notice
How does pseudo-anonymization contribute to data privacy?
a. Pseduo-anonymization obfuscates sensitive data elements
b. Pseudo-anonymization stores whole data in encrypted form.
c. Pseudo-anonymization limits the collection of personal information.
d. Pseudo-anonymization ensures data remains within its borders. - Answer ✔ a.
Pseudo-anonymization obfuscates sensitive data elements
Which control discourages security violations before their occurrence?
a. Preventative control
b. Deterrent control
c. Compensating control
d. Corrective control - Answer ✔ b. Deterrent control
What does the end of service notice indicate?
a. The nondisclosure agreement with a service vendor has expired
b. The enterprise is halting the manufacturing of a product
c. The service-level agreement with a vendor has expired
d. The enterprise will no longer offer support services for a product - Answer ✔ d. The
enterprise will no longer offer support services for a product
The protection of which of the following data type is mandated by HIPAA?
a. Public data
b. Personally identifiable information
c. Health information
d. Proprietary data - Answer ✔ c. Health information
