INFCSEC Quiz #1

I. Identification ( 2 pts each/ 20 pts)

1. _________ is a process not a product – Bruce Scheneir (Security)

2. The goal of IT security is to protect these assets, devices and services from being disrupted,
stolen or exploited by unauthorized users, otherwise known as ________________ (Threat
Actors).
3. ___________ Protection of information and its critical elements (i.e. data, applications,
infrastructure, and people). (Information Security)
4. Security is everyone’s _________” (responsibility)
5. _________, ___________, ___________ known as the CIA triad, is a model designed to guide
policies for information security within an organization. (Confidentiality, integrity and availability)
6. ___________ is the assurance that the information is trustworthy and accurate. (Integrity)
7. ___________ is a guarantee of reliable access to the information by authorized people.
(Availability)
8. ___________ is a set of rules that limits access to information. (Confidentiality)
9. ____________ can involve reading email over somebody’s shoulder or watching PINs or
passwords being entered (a technique called ‘shoulder surfing’). (Snooping)
10. ____________ is the psychological manipulation of people into performing actions or divulging
confidential information (Social Engineering)

II. Multiple Choice ( 2 pts each/ 20 pts)

1. It is an electronic attack where digital communications are intercepted by an individual

whom they are not intended. This is done in two main ways: directly listening to digital
or analog voice communication.
a. Wiretapping
b. Dumpster diving
c. Eavesdropping
d. Snooping
2. Unauthorized listening to POTS (plain old telephone system) phone calls with extension
phones or with recording devices in the phone.
a. Wiretapping
b. Dumpster diving
c. Eavesdropping
d. Snooping
3. It involves searching through trash or garbage looking for something useful.
a. Wiretapping
b. Dumpster diving
c. Eavesdropping
d. Snooping
 4. The practice is similar to eavesdropping but is not necessarily limited to gaining access to
data during its transmission.
a. Wiretapping
b. Social Engineering
c. Eavesdropping
d. Snooping
5. This attack is where the attacker secretly relays and possibly alters the communications
between two parties who believe that they are directly communicating with each other.
a. Replay attack
b. Impersonation
c. Alteration
d. Man in the Middle Atack
6. It is a form of network attack in which a valid data transmission is maliciously or
fraudulently repeated or delayed.
a. Replay attack
b. Impersonation
c. Alteration
d. Man in the Middle Atack
7. It is attack is a cyber attack in which the perpetrator seeks to make a machine or
network resource unavailable to its intended users by temporarily or indefinitely
disrupting services of a host connected to the internet.
a. Hardware failure
b. Cybersecurity
c. Cyber damage
d. Denial of Service (DoS)
8. An attack of few milliseconds can cause unprotected devices to shut down, causing local
and network computer errors and the potential for data loss due to disk corruption.
a. Hardware Failure
b. Cyberwarfare
c. Power Outage
d. Denial of Service (DoS).
9. Kinds of information security frameworks and standards
a. COBIT 222 and ISO 23232
b. NIST12
c. COBIT and ISO 29100
d. ISO/IEC 2022
10. Information Security Frameworks and Standards
a. General Data Regulations in America
b. HIPSA – Privacy
c. COSO COBIT Risk
d. Sarbanes-Oxley Act –Corporate Responsibility for Financial

III. Enumeration (20 points)

 1. Give at least 5 types of social engineering ( 5pts)
a. Shoulder surfing
b. Dumpster diving
c. Tailgating
d. Impersonation
e. Hoaxes
f. Whaling
g. Phishing
h. Vishing
i. Pretexting
j. Baiting
k. Quid Pro Quo
2. Give at least 3 principles behind social engineering ( 3 pts)
a. Authority
b. Intimidation
c. Consensus/social proof
d. Scarcity
e. Urgency
f. Familiarity/liking
g. Trust
3. What are the three access control terminology (3 pts)
a. Identification
b. Authentication
c. Authorization
4. Provide the 4 Access control models ( 4pts)
a. Mandatory Access Control (MAC)
b. Discretionary Access Control (DAC)
c. Role Based Access Control (RBAC)
d. Rule-Based Access Control (RBAC)
5. Identify the technologies used to implement access control ( 5pts)
a. Access Control List
b. Group Policy
c. Account Restrictions

IV. Application (30 pts)

Identify a real-life example in any social engineering method and identify the following:
a. Company Background (5 pts)
b. Current Issue/ Type of Social Engineering (5 pts)
c. Impact of the Issue in Company (5 pts)
d. How do they respond? (5 pts)
e. Lessons Learned (5 pts)
f. How do I evaluate my participation in group (rate 1 to 5)? (5pts)

Bonus (3 pts): When is the birthday of my professor?