API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 21st, 2017
3,961
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.46 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. Score for this attempt: 100 out of 100
  4. Submitted Mar 18 at 12:45pm
  5. This attempt took 21 minutes.
  6.  
  7. Question 1
  8. 2 / 2 pts
  9. Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?
  10.  
  11. script kiddies
  12.  
  13. Correct!
  14.  
  15. black hat hackers
  16.  
  17.  
  18. white hat hackers
  19.  
  20.  
  21. gray hat hackers
  22.  
  23. Refer to curriculum topic: 1.2.1
  24. Malware is a tool used by certain types of hackers to steal information.
  25.  
  26.  
  27. Question 2
  28. 2 / 2 pts
  29. What is an example of early warning systems that can be used to thwart cybercriminals?
  30.  
  31. Infragard
  32.  
  33.  
  34. ISO/IEC 27000 program
  35.  
  36. Correct!
  37.  
  38. Honeynet project
  39.  
  40.  
  41. CVE database
  42.  
  43. Refer to curriculum topic: 1.2.2
  44. Early warning systems help identify attacks and can be used by cybersecurity specialists to protect systems.
  45.  
  46.  
  47. Question 3
  48. 2 / 2 pts
  49. Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.)
  50. Correct!
  51.  
  52. They contain personal information.
  53.  
  54.  
  55. They require more equipment.
  56.  
  57.  
  58. They require 24-hour monitoring.
  59.  
  60.  
  61. They make systems more complicated.
  62.  
  63. Correct!
  64.  
  65. They collect sensitive information.
  66.  
  67.  
  68. They increase processing requirements.
  69.  
  70. Refer to curriculum topic: 1.1.1
  71. The types of information collected by these technologies have increased the need for data protection.
  72.  
  73.  
  74. Question 4
  75. 2 / 2 pts
  76. Which data state is maintained in NAS and SAN services?
  77.  
  78. data in-process
  79.  
  80. Correct!
  81.  
  82. stored data
  83.  
  84.  
  85. encrypted data
  86.  
  87.  
  88. data in-transit
  89.  
  90. Refer to curriculum topic: 2.3.1
  91. A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data.
  92.  
  93.  
  94. Question 5
  95. 2 / 2 pts
  96. A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?
  97.  
  98. encryption, authentication, and identification
  99.  
  100. Correct!
  101.  
  102. confidentiality, integrity, and availability
  103.  
  104.  
  105. secrecy, identify, and nonrepudiation
  106.  
  107.  
  108. technologies, policies, and awareness
  109.  
  110. Refer to curriculum topic: 2.1.1
  111. The CIA Triad is the foundation upon which all information management systems are developed.
  112.  
  113.  
  114. Question 6
  115. 2 / 2 pts
  116. Which technology can be used to ensure data confidentiality?
  117.  
  118. hashing
  119.  
  120.  
  121. identity management
  122.  
  123.  
  124. RAID
  125.  
  126. Correct!
  127.  
  128. encryption
  129.  
  130. Refer to curriculum topic: 2.2.1
  131. A cybersecurity specialist must be aware of the technologies available which support the CIA triad.
  132.  
  133.  
  134. Question 7
  135. 2 / 2 pts
  136. Which framework should be recommended for establishing a comprehensive information security management system in an organization?
  137. Correct!
  138.  
  139. ISO/IEC 27000
  140.  
  141.  
  142. ISO OSI model
  143.  
  144.  
  145. CIA Triad
  146.  
  147.  
  148. NIST/NICE framework
  149.  
  150. Refer to curriculum topic: 2.5.1
  151. A cybersecurity specialist needs to be familiar with the different frameworks and models for managing information security.
  152.  
  153.  
  154. Question 8
  155. 2 / 2 pts
  156. An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
  157. Correct!
  158.  
  159. VPN
  160.  
  161.  
  162. RAID
  163.  
  164.  
  165. VLANS
  166.  
  167.  
  168. SHS
  169.  
  170. Refer to curriculum topic: 2.4.1
  171. Protecting data confidentiality requires an understanding of the technologies used to protect data in all three data states.
  172.  
  173.  
  174. Question 9
  175. 2 / 2 pts
  176. Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
  177. Correct!
  178.  
  179. worm
  180.  
  181.  
  182. phishing
  183.  
  184.  
  185. virus
  186.  
  187.  
  188. spam
  189.  
  190. Refer to curriculum topic: 3.1.1
  191. A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
  192.  
  193.  
  194. Question 10
  195. 2 / 2 pts
  196. What three best practices can help defend against social engineering attacks? (Choose three.)
  197. Correct!
  198.  
  199. Resist the urge to click on enticing web links.
  200.  
  201.  
  202. Add more security guards.
  203.  
  204.  
  205. Enable a policy that states that the IT department should supply information over the phone only to managers.
  206.  
  207. Deploy well-designed firewall appliances.
  208.  
  209. Correct!
  210.  
  211. Do not provide password resets in a chat window.
  212.  
  213. Correct!
  214.  
  215. Educate employees regarding policies.
  216.  
  217. Refer to curriculum topic: 3.2.2
  218. A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.
  219.  
  220.  
  221. Question 11
  222. 2 / 2 pts
  223. What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?
  224.  
  225. ransomeware
  226.  
  227.  
  228. man-in-the-middle
  229.  
  230.  
  231. pharming
  232.  
  233. Correct!
  234.  
  235. social engineering
  236.  
  237. Refer to curriculum topic: 3.2.1
  238. A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
  239.  
  240.  
  241. Question 12
  242. 2 / 2 pts
  243. An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?
  244.  
  245. familiarity
  246.  
  247.  
  248. urgency
  249.  
  250. Correct!
  251.  
  252. intimidation
  253.  
  254.  
  255. trusted partners
  256.  
  257. Refer to curriculum topic: 3.2.1
  258. Social engineering uses several different tactics to gain information from victims.
  259.  
  260.  
  261. Question 13
  262. 2 / 2 pts
  263. Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
  264.  
  265. Trojan horse
  266.  
  267.  
  268. man-in-the-middle attack
  269.  
  270.  
  271. DoS attack
  272.  
  273. Correct!
  274.  
  275. ransomeware
  276.  
  277. Refer to curriculum topic: 3.1.1
  278. A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
  279.  
  280.  
  281. Question 14
  282. 2 / 2 pts
  283. A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?
  284.  
  285. man-in-the-middle
  286.  
  287. Correct!
  288.  
  289. DoS
  290.  
  291.  
  292. packet Injection
  293.  
  294.  
  295. SQL injection
  296.  
  297. Refer to curriculum topic: 3.3.1
  298. A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
  299.  
  300.  
  301. Question 15
  302. 2 / 2 pts
  303. What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
  304.  
  305. spoofing
  306.  
  307.  
  308. spamming
  309.  
  310.  
  311. phishing
  312.  
  313. Correct!
  314.  
  315. sniffing
  316.  
  317. Refer to curriculum topic: 3.3.1
  318. A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
  319.  
  320.  
  321. Question 16
  322. 2 / 2 pts
  323. A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?
  324.  
  325. ECC
  326.  
  327. Correct!
  328.  
  329. 3DES
  330.  
  331.  
  332. RSA
  333.  
  334.  
  335. Diffie-Hellman
  336.  
  337. Refer to curriculum topic: 4.1.4
  338. Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
  339.  
  340.  
  341. Question 17
  342. 2 / 2 pts
  343. The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?
  344.  
  345. user login auditing
  346.  
  347. Correct!
  348.  
  349. a set of attributes that describes user access rights
  350.  
  351.  
  352. a biometric fingerprint reader
  353.  
  354.  
  355. observations to be provided to all employees
  356.  
  357. Refer to curriculum topic: 4.2.5
  358. Access control prevents unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
  359.  
  360.  
  361. Question 18
  362. 2 / 2 pts
  363. What happens as the key length increases in an encryption application?
  364.  
  365. Keyspace increases proportionally.
  366.  
  367. Correct!
  368.  
  369. Keyspace increases exponentially.
  370.  
  371.  
  372. Keyspace decreases proportionally.
  373.  
  374.  
  375. Keyspace decreases exponentially.
  376.  
  377. Refer to curriculum topic: 4.1.4
  378. Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
  379.  
  380.  
  381. Question 19
  382. 2 / 2 pts
  383. Which access control should the IT department use to restore a system back to its normal state?
  384.  
  385. detective
  386.  
  387.  
  388. preventive
  389.  
  390. Correct!
  391.  
  392. corrective
  393.  
  394.  
  395. compensative
  396.  
  397. Refer to curriculum topic: 4.2.7
  398. Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
  399.  
  400.  
  401. Question 20
  402. 2 / 2 pts
  403. Which method is used by steganography to hide text in an image file?
  404.  
  405. data masking
  406.  
  407.  
  408. most significant bit
  409.  
  410.  
  411. data obfuscation
  412.  
  413. Correct!
  414.  
  415. least significant bit
  416.  
  417. Refer to curriculum topic: 4.3.2
  418. Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
  419.  
  420.  
  421. Question 21
  422. 2 / 2 pts
  423. An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?
  424.  
  425. logical
  426.  
  427.  
  428. technological
  429.  
  430. Correct!
  431.  
  432. administrative
  433.  
  434.  
  435. physical
  436.  
  437. Refer to curriculum topic: 4.2.1
  438. Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
  439.  
  440.  
  441. Question 22
  442. 2 / 2 pts
  443. What is the most difficult part of designing a cryptosystem?
  444.  
  445. encryption algorithm
  446.  
  447.  
  448. key length
  449.  
  450.  
  451. reverse engineering
  452.  
  453. Correct!
  454.  
  455. key management
  456.  
  457. Refer to curriculum topic: 4.1.1
  458. Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
  459.  
  460.  
  461. Question 23
  462. 2 / 2 pts
  463. An organization has implemented antivirus software. What type of security control did the company implement?
  464.  
  465. compensative control
  466.  
  467.  
  468. deterrent control
  469.  
  470. Correct!
  471.  
  472. recovery control
  473.  
  474.  
  475. detective control
  476.  
  477. Refer to curriculum topic: 4.2.7
  478. A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.
  479.  
  480.  
  481. Question 24
  482. 2 / 2 pts
  483. A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?
  484.  
  485. password
  486.  
  487. Correct!
  488.  
  489. HMAC
  490.  
  491.  
  492. CRC
  493.  
  494.  
  495. salting
  496.  
  497. Refer to curriculum topic: 5.1.3
  498. HMAC is an algorithm used to authenticate. The sender and receiver have a secret key that is used along with the data to ensure the message origin as well as the authenticity of the data.
  499.  
  500.  
  501. Question 25
  502. 2 / 2 pts
  503. What kind of integrity does a database have when all its rows have a unique identifier called a primary key?
  504.  
  505. user-defined integrity
  506.  
  507.  
  508. domain integrity
  509.  
  510.  
  511. referential integrity
  512.  
  513. Correct!
  514.  
  515. entity integrity
  516.  
  517. Refer to curriculum topic: 5.4.1
  518. Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies that are used to ensure data integrity.
  519.  
  520.  
  521. Question 26
  522. 2 / 2 pts
  523. You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control?
  524. Correct!
  525.  
  526. a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data
  527.  
  528. data entry controls which only allow entry staff to view current data
  529.  
  530.  
  531. a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data
  532.  
  533. data encryption operations that prevent any unauthorized users from accessing sensitive data
  534. Refer to curriculum topic: 5.4.2
  535. Data integrity deals with data validation.
  536.  
  537.  
  538. Question 27
  539. 2 / 2 pts
  540. Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?
  541.  
  542. private key from Bob
  543.  
  544.  
  545. username and password from Alice
  546.  
  547. Correct!
  548.  
  549. private key from Alice
  550.  
  551.  
  552. public key from Bob
  553.  
  554. Refer to curriculum topic: 5.2.2
  555. Alice and Bob are used to explain asymmetric cryptography used in digital signatures. Alice uses a private key to encrypt the message digest. The message, encrypted message digest, and the public key are used to create the signed document and prepare it for transmission.
  556.  
  557.  
  558. Question 28
  559. 2 / 2 pts
  560. The X.509 standards defines which security technology?
  561.  
  562. security tokens
  563.  
  564. Correct!
  565.  
  566. digital certificates
  567.  
  568.  
  569. biometrics
  570.  
  571.  
  572. strong passwords
  573.  
  574. Refer to curriculum topic: 5.3.2
  575. Digital certificates protect the parties involved in a secure communication
  576.  
  577.  
  578. Question 29
  579. 2 / 2 pts
  580. Which hashing technology requires keys to be exchanged?
  581.  
  582. AES
  583.  
  584.  
  585. salting
  586.  
  587.  
  588. MD5
  589.  
  590. Correct!
  591.  
  592. HMAC
  593.  
  594. Refer to curriculum topic: 5.1.3
  595. The difference between HMAC and hashing is the use of keys.
  596.  
  597.  
  598. Question 30
  599. 2 / 2 pts
  600. Which technology could be used to prevent a cracker from launching a dictionary or brute-force attack off a hash?
  601.  
  602. AES
  603.  
  604.  
  605. rainbow tables
  606.  
  607.  
  608. MD5
  609.  
  610. Correct!
  611.  
  612. HMAC
  613.  
  614. Refer to curriculum topic: 5.1.3
  615. HMACs use an additional secret key as input to the hash function. This adds another layer of security to the hash in order to defeat man-in-the-middle attacks and provide authentication of the data source.
  616.  
  617.  
  618. Question 31
  619. 2 / 2 pts
  620. What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?
  621. Correct!
  622.  
  623. digital certificate
  624.  
  625.  
  626. salting
  627.  
  628.  
  629. digital signature
  630.  
  631.  
  632. asymmetric encryption
  633.  
  634. Refer to curriculum topic: 5.2.2
  635. Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
  636.  
  637.  
  638. Question 32
  639. 2 / 2 pts
  640. An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?
  641. Correct!
  642.  
  643. asset classification
  644.  
  645.  
  646. asset standardization
  647.  
  648.  
  649. asset availability
  650.  
  651.  
  652. asset identification
  653.  
  654. Refer to curriculum topic: 6.2.1
  655. One of the most important steps in risk management is asset classification.
  656.  
  657.  
  658. Question 33
  659. 2 / 2 pts
  660. What approach to availability involves using file permissions?
  661. Correct!
  662.  
  663. limiting
  664.  
  665.  
  666. simplicity
  667.  
  668.  
  669. obscurity
  670.  
  671.  
  672. layering
  673.  
  674. Refer to curriculum topic: 6.2.2
  675. System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability.
  676.  
  677.  
  678. Question 34
  679. 2 / 2 pts
  680. Being able to maintain availability during disruptive events describes which of the principles of high availability?
  681.  
  682. fault tolerance
  683.  
  684. Correct!
  685.  
  686. system resiliency
  687.  
  688.  
  689. single point of failure
  690.  
  691.  
  692. uninterruptible services
  693.  
  694. Refer to curriculum topic: 6.1.1
  695. High availability can be achieved by eliminating or reducing single points of failure, by implementing system resiliency, and by designing for fault tolerance.
  696.  
  697.  
  698. Question 35
  699. 2 / 2 pts
  700. Which technology would you implement to provide high availability for data storage?
  701.  
  702. hot standby
  703.  
  704. Correct!
  705.  
  706. RAID
  707.  
  708.  
  709. N+1
  710.  
  711.  
  712. software updates
  713.  
  714. Refer to curriculum topic: 6.2.3
  715. System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to provide redundancy.
  716.  
  717.  
  718. Question 36
  719. 2 / 2 pts
  720. Which two values are required to calculate annual loss expectancy? (Choose two.)
  721.  
  722. exposure factor
  723.  
  724. Correct!
  725.  
  726. annual rate of occurrence
  727.  
  728.  
  729. quantitative loss value
  730.  
  731.  
  732. frequency factor
  733.  
  734. Correct!
  735.  
  736. single loss expectancy
  737.  
  738.  
  739. asset value
  740.  
  741. Refer to curriculum topic: 6.2.1
  742. Single loss expectancy, annualized rate of occurrence, and annualized loss expectancy are used in a quantitative risk analysis
  743.  
  744.  
  745. Question 37
  746. 2 / 2 pts
  747. The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?
  748.  
  749. qualitative analysis
  750.  
  751.  
  752. protection analysis
  753.  
  754. Correct!
  755.  
  756. quantitative analysis
  757.  
  758.  
  759. loss analysis
  760.  
  761. Refer to curriculum topic: 6.2.1
  762. A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.
  763.  
  764.  
  765. Question 38
  766. 2 / 2 pts
  767. What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?
  768. Correct!
  769.  
  770. asset standardization
  771.  
  772.  
  773. asset availability
  774.  
  775.  
  776. asset classification
  777.  
  778.  
  779. asset identification
  780.  
  781. Refer to curriculum topic: 6.2.1
  782. An organization needs to know what hardware and software are present as a prerequisite to knowing what the configuration parameters need to be. Asset management includes a complete inventory of hardware and software. Asset standards identify specific hardware and software products that the organization uses and supports. When a failure occurs, prompt action helps to maintain both access and security.
  783.  
  784.  
  785. Question 39
  786. 2 / 2 pts
  787. Keeping data backups offsite is an example of which type of disaster recovery control?
  788. Correct!
  789.  
  790. preventive
  791.  
  792.  
  793. detective
  794.  
  795.  
  796. corrective
  797.  
  798.  
  799. management
  800.  
  801. Refer to curriculum topic: 6.4.1
  802. A disaster recovery plan enables an organization to prepare for potential disasters and minimize the resulting downtime.
  803.  
  804.  
  805. Question 40
  806. 2 / 2 pts
  807. Which risk mitigation strategies include outsourcing services and purchasing insurance?
  808. Correct!
  809.  
  810. transfer
  811.  
  812.  
  813. avoidance
  814.  
  815.  
  816. reduction
  817.  
  818.  
  819. acceptance
  820.  
  821. Refer to curriculum topic: 6.2.1
  822. Risk mitigation lessens the exposure of an organization to threats and vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce risk.
  823.  
  824.  
  825. Question 41
  826. 2 / 2 pts
  827. Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)
  828.  
  829. TKIP
  830.  
  831. Correct!
  832.  
  833. WPA2
  834.  
  835.  
  836. 802.11q
  837.  
  838.  
  839. WEP
  840.  
  841. Correct!
  842.  
  843. WPA
  844.  
  845. Correct!
  846.  
  847. 802.11i
  848.  
  849. Refer to curriculum topic: 7.3.1
  850. Various protocols can be used to provide secure communication systems. AES is the strongest encryption algorithm.
  851.  
  852.  
  853. Question 42
  854. 2 / 2 pts
  855. Which of the following products or technologies would you use to establish a baseline for an operating system?
  856. Correct!
  857.  
  858. Microsoft Security Baseline Analyzer
  859.  
  860.  
  861. SANS Baselining System (SBS)
  862.  
  863.  
  864. MS Baseliner
  865.  
  866.  
  867. CVE Baseline Analyzer
  868.  
  869. Refer to curriculum topic: 7.1.1
  870. There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization.
  871.  
  872.  
  873. Question 43
  874. 2 / 2 pts
  875. What describes the protection provided by a fence that is 1 meter in height?
  876. Correct!
  877.  
  878. It deters casual trespassers only.
  879.  
  880.  
  881. It prevents casual trespassers because of its height.
  882.  
  883.  
  884. The fence deters determined intruders.
  885.  
  886.  
  887. It offers limited delay to a determined intruder.
  888.  
  889. Refer to curriculum topic: 7.4.1
  890. Security standards have been developed to assist organizations in implementing the proper controls to mitigate potential threats. The height of a fence determines the level of protection from intruders
  891.  
  892.  
  893. Question 44
  894. 2 / 2 pts
  895. What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?
  896.  
  897. Event Viewer security log
  898.  
  899.  
  900. Computer Management
  901.  
  902. Correct!
  903.  
  904. Local Security Policy tool
  905.  
  906.  
  907. Active Directory Security tool
  908.  
  909. Refer to curriculum topic: 7.2.2
  910. A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. Local Security Policy, Event Viewer, and Computer Management are Windows utilities that are all used in the security equation.
  911.  
  912.  
  913. Question 45
  914. 2 / 2 pts
  915. Which wireless standard made AES and CCM mandatory?
  916.  
  917. WPA
  918.  
  919.  
  920. WEP
  921.  
  922. Correct!
  923.  
  924. WPA2
  925.  
  926.  
  927. WEP2
  928.  
  929. Refer to curriculum topic: 7.1.2
  930. Wireless security depends on several industry standards and has progressed from WEP to WPA and finally WPA2.
  931.  
  932.  
  933. Question 46
  934. 2 / 2 pts
  935. Which protocol would be used to provide security for employees that access systems remotely from home?
  936.  
  937. SCP
  938.  
  939.  
  940. Telnet
  941.  
  942. Correct!
  943.  
  944. SSH
  945.  
  946.  
  947. WPA
  948.  
  949. Refer to curriculum topic: 7.2.1
  950. Various application layer protocols are used to for communications between systems. A secure protocol provides a secure channel over an unsecured network.
  951.  
  952.  
  953. Question 47
  954. 2 / 2 pts
  955. Which technology can be used to protect VoIP against eavesdropping?
  956.  
  957. ARP
  958.  
  959.  
  960. strong authentication
  961.  
  962.  
  963. SSH
  964.  
  965. Correct!
  966.  
  967. encrypted voice messages
  968.  
  969. Refer to curriculum topic: 7.3.2
  970. Many advanced technologies such as VoIP, streaming video, and electronic conferencing require advanced countermeasures.
  971.  
  972.  
  973. Question 48
  974. 2 / 2 pts
  975. Which threat is mitigated through user awareness training and tying security awareness to performance reviews?
  976.  
  977. physical threats
  978.  
  979.  
  980. cloud-related threats
  981.  
  982.  
  983. device-related threats
  984.  
  985. Correct!
  986.  
  987. user-related threats
  988.  
  989. Refer to curriculum topic: 8.1.1
  990. Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization. Each domain has various countermeasures available to manage threats.
  991.  
  992.  
  993. Question 49
  994. 2 / 2 pts
  995. Which law was enacted to prevent corporate accounting-related crimes?
  996.  
  997. Gramm-Leach-Bliley Act
  998.  
  999.  
  1000. Import/Export Encryption Act
  1001.  
  1002.  
  1003. The Federal Information Security Management Act
  1004.  
  1005. Correct!
  1006.  
  1007. Sarbanes-Oxley Act
  1008.  
  1009. Refer to curriculum topic: 8.2.2
  1010. New laws and regulations have come about to protect organizations, citizens, and nations from cybersecurity attacks.
  1011.  
  1012.  
  1013. Question 50
  1014. 2 / 2 pts
  1015. HVAC, water system, and fire systems fall under which of the cybersecurity domains?
  1016.  
  1017. user
  1018.  
  1019.  
  1020. device
  1021.  
  1022.  
  1023. network
  1024.  
  1025. Correct!
  1026.  
  1027. physical facilities
  1028.  
  1029. Refer to curriculum topic: 8.1.6
  1030. Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization.
  1031.  
  1032. Quiz Score: 100 out of 100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!