WEDNESDAY: 3 August 2022. Morning paper. Time Allowed: 2 hours.
Answer ALL questions. Each question is allocated two (2) marks.
1. Which of the following digital attacks can be perpetrated against an enemy state, causing comparable harm and/or disrupting vital computer systems?
A. Cyber warfare
B. Cyber terrorism
C. Cyber Security
D. Cyber Espionage (2 marks)
2. Which kind of crime is committed by a threat actor by using tactics such as phishing, malware and social engineering?
A. Online Piracy
B. Information warfare
C. Identity theft
D. Internet Fraud (2 marks)
3. A technique used to retrieve information that could be used to carry out an attack on a computer network is known as ____________.
A. Port scan
B. Dumpster diving
C. Vulnerability scan
D. Penetration test (2 marks)
4. Which one of the following standard security model conforms to the principle of data not modified in time after the sender transmits and before the receiver picks it up.
D. Integrity (2 marks)
5. Company XYZ that deals with Human Resource consultancy pays huge sum of money to hackers in order to regain control of an email. Which type of security attack was used by the hackers?
C. Trojan Horse
D. Spyware (2 marks)
6. __________relates to a group of computers which have been infected by malware and have come under the control of a malicious actor.
D. Virus (2 marks)
7. Which one of the following is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database?
A. SQL Injection
B. Cross Site Scripting
C. Session Hijacking
D. Phishing (2 marks)
8. Which one of the following is a wireless access point running in a business or an organization without the official permission from the business or organization?
A. Onboard Wireless hotspot
B. Free Wireless hotspot
C. Rogue Wireless hotspot
D. Cyber Attack (2 marks)
9. _____________are motivated to commit cybercrimes for religious or political reasons.
A. Cyber Criminals
B. Cyber Terrorists
D. Cracker (2 marks)
10. Which of the following terminology relates to highly trained analysts who work on defending and improving organization’s defence around the clock?
A. Ethical hacker
B. Script kiddie
C. Red Team
D. Blue Team (2 marks)
11. ______________refers to a code that takes advantage of a software vulnerability or security flaw.
D. Payload (2 marks)
12. Which of the following attacks floods the target with traffic or sends information that triggers cash on a machine or network?
A. Man-in-the-Browser Attack
B. Denial-of-Service (DOS) Attack
C. Phishing Attack
D. Session hijacking (2 marks)
13. __________________entails the practice of covertly discovering and collecting information about a system.
A. Penetration testing
D. Build and configuration Review (2 marks)
14. Which of the following attack methods are used by Cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes?
C. Clone Phishing
D. Cross site request forgery (CSRF) (2 marks)
15. Software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage and information extortion can be considered as ______________________threats.
B. Cyber security
C. Information security
D. Data privacy (2 marks)
16. Which one of the following can be used on Artificial Intelligence applications to monitor network traffic for indications of an attack, alerting administrators to possible attacks?
A. Botnet Detection
B. Fraud Detection
C. Hacking Incident Forecasting
D. Intrusion Detection & Prevention (2 marks)
17. Best practices are considered to be important for processes that one needs to work correctly. Which one of the following is not considered to be IT security best practice to combat cyber-attacks in an organization?
A. Raise Cyber security awareness
B. Storing critical files on cloud servers not encrypted.
C. Protect access to your critical assets.
D. Protect your sensitive data. (2 marks)
18. Critical infrastructure describes the physical, cyber systems and assets that are important to an organisation. Identify among the following threats that are not for critical information infrastructure?
B. Cyber criminals
C. White hat hacker
D. Criminal organisations (2 marks)
19. Which one of the following penetration testing stages entails understanding the way the target application will respond to various intrusion attempts?
D. Maintaining access (2 marks)
20. ____________is a malware that secretly gathers information about a person or organization and relays this data to other parties.
D. Malware (2 marks)
21. Cyber Laws cannot be separated, and online content must be protected. Which one of the following is the non- physical domain over which communication between computers takes place through computer networks?
D. Cyber space (2 marks)
22. Shoulder surfing entails using direct observation techniques, such as looking over someone’s shoulder, to get information. The act of Miss Kajembe performing a shoulder surfing in order to check her colleague at work password is ___________ ethical practice.
A. A good
B. A proper reconnaissance
C. A bad
D. Very good social engineering (2 marks)
23. Which of the following adheres to the principle maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle.
D. Maintainability (2 marks)
24. Which one of the following cannot be categorized as Cyber-criminal stealing ideas or the invention of others and using them for their own profits?
C. Intellectual property rights
D. Patent (2 marks)
25. _________is the practice of hiding a secret message in something that is not secret.
D. Cryptanalysis (2 marks)
26. ___________is considered a type of malware that can replicate itself without any human interaction, and does not need to attach itself to a software program in order to cause damage.
D. Malicious program (2 marks)
27. Hash functions are used for data integrity and often in combination with digital signatures. Which one among the following techniques are used to verify the integrity of the message, data or media?
A. Message Digest
C. Digital signature
D. Decryption algorithm (2 marks)
28. Which of the following programs can help a newly hired employee detect viruses in an end device and take necessary action?
D. Antivirus (2 marks)
29. ___________________is not considered to be a cyber security element?
A. Application security
B. Operational security
C. Session security
D. Network security (2 marks)
30. __________________is a component in the technology category of security operation center ( SOC).
D. Software (2 marks)
31. Big data gathered from networks, computers, sensors, and cloud systems, enables system admins and analysts to get to know the details of vulnerabilities and cyber threats accurately. Which one among the following is not a Big Data security challenge that institutions should mitigate?
A. Data Storage
B. Data Privacy
C. Data Access Control
D. Data Mining (2 marks)
32. ___________refers to unsolicited bulk messages being sent through email, instant messaging, text messaging or other digital communication tools.
D. Virus (2 marks)
33. Which one of the following is a cyber-attack where the perpetrator seeks to make a network resource not available for intended users?
A. DoS Attack
C. Brute force attack
D. Soliciting (2 marks)
34. ______________refers to a means where one can access a computer system or encrypted data that bypasses the system’s customary security mechanisms.
D. Virus (2 marks)
35. Which one of the following is NOT a detection tool for collecting alert data?
D. Snort (2 marks)
36. _____________is a technique that allows suspicious files to be executed and analysed in a safe environment.
D. Cloud Computing (2 marks)
37. Which one of the following refers to attacker’s attempt to respond to DHCP requests and trying to list itself as the default gateway or DNS server?
A. DDoS Attacks
B. DHCP Snooping
C. Dynamic Arp Inspection
D. DHCP Spoofing (2 marks)
38. Which one of the following statements about Trojans is NOT true?
A. Trojans payload is unknown until it triggers
B. Trojans will conduct whatever action they have been programmed to carry out.
C. “Trojan” alludes to the mythological story of Greek soldiers hidden inside a wooden horse that was given to the enemy city of Troy.
D. Trojans do not replicate or reproduce through infection. (2 marks)
39. Which of the following attacks relates to a cybercriminal capturing small packets from the network transmitted by other computers and reading the data content in search of any type of information?
D. Whaling (2 marks)
40. _____________is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
A. Digital Signature
B. Digital Certificate
C. Message Digest
D. Encryption (2 marks)
41. ______________relates to defacing a website or creating a malware that damages electronic files.
A. Cyber Crime
B. Cyber attack
C. Cyber Espionage
D. Cyber vandalism (2 marks)
42. Which of the following statements BEST illustrates “hacktivism”?
A. A group of environmentalists launch a denial of service attack against an oil company that is responsible for large oil spill.
B. A country tries to steal defense secrets from another country by infiltrating government networks
C. Criminals use the internet to attempt to steal money from a banking company
D. A teenager breaks into the web server of a local newspaper and posts a picture of a favourite cartoon character. (2 marks)
43. A Network _______________attacks involve the unauthorized discovery and mapping of the network systems
B. Trust Exploitation
D. Access (2 marks)
44. Which of the following Cyber security terms BEST describes a victim being continuously followed by another person or group of people through electronic means to harass the victim.
D. Soliciting (2 marks)
45. Information security policy formulation for an upcoming small medium enterprise organization would be placed under_____________?
C. CIA Triad
D. Strategic Plan (2 marks)
46. Identify the reason an IT Practitioner would use forensic tools to perform penetration tests so as to identify vulnerabilities of the corporate network?
A. To obtain customized designed operating systems preloaded with tools optimized for hacking
B. To detect installed tools within files and directories that provide threat actors remote access and control over a computer or network
C. To reverse engineer binary files when writing exploits and when analysing malware
D. To detect any evidence of a hack or malware in a computer or network (2 marks)
47. Which of the following statements BEST describes Social Engineering?
A. An anonymous programmer directing a DDoS attack on a data center
B. A computer displaying unauthorized pop-ups and adware
C. An unidentified person claiming to be a technician collecting user information from employees
D. The infection of a computer by a virus called Trojan (2 marks)
48. A newly hired technician noted that attempts to discover a system password by use an electronic dictionary. Which of the following could be the access attack?
A. Port-redirection attack
B. Packet sniffer attack
C. Brute-force attack
D. IP Spoofing attack (2 marks)
49. Identify the main objective of cybercriminals using evasion techniques?
A. To identify vulnerabilities of the target system
B. To prevent detection by network and host defenses.
C. To gain the trust of a corporate employee in an effort to obtain credentials
D. To launch DDoS attacks on targets (2 marks)
50. Security Attack is regarded as an attempt to gain unauthorized access to information resource or services, or to cause harm or damage to information systems. Which of the following illustrates the way zombies are used in security attacks?
A. They target specific individuals to gain corporate or personal information
B. They probe a group of machines for open ports to learn which services are running
C. They are infected machines that carry out a DDoS attack
D. They are maliciously formed code segments used to replace legitimate applications (2 marks)