Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Score for this attempt: 100 out of 100
- Submitted Mar 18 at 12:45pm
- This attempt took 21 minutes.
- Question 1
- 2 / 2 pts
- Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?
- script kiddies
- Correct!
- black hat hackers
- white hat hackers
- gray hat hackers
- Refer to curriculum topic: 1.2.1
- Malware is a tool used by certain types of hackers to steal information.
- Question 2
- 2 / 2 pts
- What is an example of early warning systems that can be used to thwart cybercriminals?
- Infragard
- ISO/IEC 27000 program
- Correct!
- Honeynet project
- CVE database
- Refer to curriculum topic: 1.2.2
- Early warning systems help identify attacks and can be used by cybersecurity specialists to protect systems.
- Question 3
- 2 / 2 pts
- Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.)
- Correct!
- They contain personal information.
- They require more equipment.
- They require 24-hour monitoring.
- They make systems more complicated.
- Correct!
- They collect sensitive information.
- They increase processing requirements.
- Refer to curriculum topic: 1.1.1
- The types of information collected by these technologies have increased the need for data protection.
- Question 4
- 2 / 2 pts
- Which data state is maintained in NAS and SAN services?
- data in-process
- Correct!
- stored data
- encrypted data
- data in-transit
- Refer to curriculum topic: 2.3.1
- A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data.
- Question 5
- 2 / 2 pts
- A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?
- encryption, authentication, and identification
- Correct!
- confidentiality, integrity, and availability
- secrecy, identify, and nonrepudiation
- technologies, policies, and awareness
- Refer to curriculum topic: 2.1.1
- The CIA Triad is the foundation upon which all information management systems are developed.
- Question 6
- 2 / 2 pts
- Which technology can be used to ensure data confidentiality?
- hashing
- identity management
- RAID
- Correct!
- encryption
- Refer to curriculum topic: 2.2.1
- A cybersecurity specialist must be aware of the technologies available which support the CIA triad.
- Question 7
- 2 / 2 pts
- Which framework should be recommended for establishing a comprehensive information security management system in an organization?
- Correct!
- ISO/IEC 27000
- ISO OSI model
- CIA Triad
- NIST/NICE framework
- Refer to curriculum topic: 2.5.1
- A cybersecurity specialist needs to be familiar with the different frameworks and models for managing information security.
- Question 8
- 2 / 2 pts
- An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
- Correct!
- VPN
- RAID
- VLANS
- SHS
- Refer to curriculum topic: 2.4.1
- Protecting data confidentiality requires an understanding of the technologies used to protect data in all three data states.
- Question 9
- 2 / 2 pts
- Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
- Correct!
- worm
- phishing
- virus
- spam
- Refer to curriculum topic: 3.1.1
- A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
- Question 10
- 2 / 2 pts
- What three best practices can help defend against social engineering attacks? (Choose three.)
- Correct!
- Resist the urge to click on enticing web links.
- Add more security guards.
- Enable a policy that states that the IT department should supply information over the phone only to managers.
- Deploy well-designed firewall appliances.
- Correct!
- Do not provide password resets in a chat window.
- Correct!
- Educate employees regarding policies.
- Refer to curriculum topic: 3.2.2
- A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.
- Question 11
- 2 / 2 pts
- What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?
- ransomeware
- man-in-the-middle
- pharming
- Correct!
- social engineering
- Refer to curriculum topic: 3.2.1
- A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
- Question 12
- 2 / 2 pts
- An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?
- familiarity
- urgency
- Correct!
- intimidation
- trusted partners
- Refer to curriculum topic: 3.2.1
- Social engineering uses several different tactics to gain information from victims.
- Question 13
- 2 / 2 pts
- Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
- Trojan horse
- man-in-the-middle attack
- DoS attack
- Correct!
- ransomeware
- Refer to curriculum topic: 3.1.1
- A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
- Question 14
- 2 / 2 pts
- A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?
- man-in-the-middle
- Correct!
- DoS
- packet Injection
- SQL injection
- Refer to curriculum topic: 3.3.1
- A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
- Question 15
- 2 / 2 pts
- What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
- spoofing
- spamming
- phishing
- Correct!
- sniffing
- Refer to curriculum topic: 3.3.1
- A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
- Question 16
- 2 / 2 pts
- A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?
- ECC
- Correct!
- 3DES
- RSA
- Diffie-Hellman
- Refer to curriculum topic: 4.1.4
- Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
- Question 17
- 2 / 2 pts
- The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?
- user login auditing
- Correct!
- a set of attributes that describes user access rights
- a biometric fingerprint reader
- observations to be provided to all employees
- Refer to curriculum topic: 4.2.5
- Access control prevents unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
- Question 18
- 2 / 2 pts
- What happens as the key length increases in an encryption application?
- Keyspace increases proportionally.
- Correct!
- Keyspace increases exponentially.
- Keyspace decreases proportionally.
- Keyspace decreases exponentially.
- Refer to curriculum topic: 4.1.4
- Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
- Question 19
- 2 / 2 pts
- Which access control should the IT department use to restore a system back to its normal state?
- detective
- preventive
- Correct!
- corrective
- compensative
- Refer to curriculum topic: 4.2.7
- Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
- Question 20
- 2 / 2 pts
- Which method is used by steganography to hide text in an image file?
- data masking
- most significant bit
- data obfuscation
- Correct!
- least significant bit
- Refer to curriculum topic: 4.3.2
- Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
- Question 21
- 2 / 2 pts
- An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?
- logical
- technological
- Correct!
- administrative
- physical
- Refer to curriculum topic: 4.2.1
- Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
- Question 22
- 2 / 2 pts
- What is the most difficult part of designing a cryptosystem?
- encryption algorithm
- key length
- reverse engineering
- Correct!
- key management
- Refer to curriculum topic: 4.1.1
- Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
- Question 23
- 2 / 2 pts
- An organization has implemented antivirus software. What type of security control did the company implement?
- compensative control
- deterrent control
- Correct!
- recovery control
- detective control
- Refer to curriculum topic: 4.2.7
- A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.
- Question 24
- 2 / 2 pts
- A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?
- password
- Correct!
- HMAC
- CRC
- salting
- Refer to curriculum topic: 5.1.3
- HMAC is an algorithm used to authenticate. The sender and receiver have a secret key that is used along with the data to ensure the message origin as well as the authenticity of the data.
- Question 25
- 2 / 2 pts
- What kind of integrity does a database have when all its rows have a unique identifier called a primary key?
- user-defined integrity
- domain integrity
- referential integrity
- Correct!
- entity integrity
- Refer to curriculum topic: 5.4.1
- Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies that are used to ensure data integrity.
- Question 26
- 2 / 2 pts
- You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control?
- Correct!
- a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data
- data entry controls which only allow entry staff to view current data
- a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data
- data encryption operations that prevent any unauthorized users from accessing sensitive data
- Refer to curriculum topic: 5.4.2
- Data integrity deals with data validation.
- Question 27
- 2 / 2 pts
- Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?
- private key from Bob
- username and password from Alice
- Correct!
- private key from Alice
- public key from Bob
- Refer to curriculum topic: 5.2.2
- Alice and Bob are used to explain asymmetric cryptography used in digital signatures. Alice uses a private key to encrypt the message digest. The message, encrypted message digest, and the public key are used to create the signed document and prepare it for transmission.
- Question 28
- 2 / 2 pts
- The X.509 standards defines which security technology?
- security tokens
- Correct!
- digital certificates
- biometrics
- strong passwords
- Refer to curriculum topic: 5.3.2
- Digital certificates protect the parties involved in a secure communication
- Question 29
- 2 / 2 pts
- Which hashing technology requires keys to be exchanged?
- AES
- salting
- MD5
- Correct!
- HMAC
- Refer to curriculum topic: 5.1.3
- The difference between HMAC and hashing is the use of keys.
- Question 30
- 2 / 2 pts
- Which technology could be used to prevent a cracker from launching a dictionary or brute-force attack off a hash?
- AES
- rainbow tables
- MD5
- Correct!
- HMAC
- Refer to curriculum topic: 5.1.3
- HMACs use an additional secret key as input to the hash function. This adds another layer of security to the hash in order to defeat man-in-the-middle attacks and provide authentication of the data source.
- Question 31
- 2 / 2 pts
- What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?
- Correct!
- digital certificate
- salting
- digital signature
- asymmetric encryption
- Refer to curriculum topic: 5.2.2
- Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
- Question 32
- 2 / 2 pts
- An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?
- Correct!
- asset classification
- asset standardization
- asset availability
- asset identification
- Refer to curriculum topic: 6.2.1
- One of the most important steps in risk management is asset classification.
- Question 33
- 2 / 2 pts
- What approach to availability involves using file permissions?
- Correct!
- limiting
- simplicity
- obscurity
- layering
- Refer to curriculum topic: 6.2.2
- System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability.
- Question 34
- 2 / 2 pts
- Being able to maintain availability during disruptive events describes which of the principles of high availability?
- fault tolerance
- Correct!
- system resiliency
- single point of failure
- uninterruptible services
- Refer to curriculum topic: 6.1.1
- High availability can be achieved by eliminating or reducing single points of failure, by implementing system resiliency, and by designing for fault tolerance.
- Question 35
- 2 / 2 pts
- Which technology would you implement to provide high availability for data storage?
- hot standby
- Correct!
- RAID
- N+1
- software updates
- Refer to curriculum topic: 6.2.3
- System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to provide redundancy.
- Question 36
- 2 / 2 pts
- Which two values are required to calculate annual loss expectancy? (Choose two.)
- exposure factor
- Correct!
- annual rate of occurrence
- quantitative loss value
- frequency factor
- Correct!
- single loss expectancy
- asset value
- Refer to curriculum topic: 6.2.1
- Single loss expectancy, annualized rate of occurrence, and annualized loss expectancy are used in a quantitative risk analysis
- Question 37
- 2 / 2 pts
- The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?
- qualitative analysis
- protection analysis
- Correct!
- quantitative analysis
- loss analysis
- Refer to curriculum topic: 6.2.1
- A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.
- Question 38
- 2 / 2 pts
- What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?
- Correct!
- asset standardization
- asset availability
- asset classification
- asset identification
- Refer to curriculum topic: 6.2.1
- An organization needs to know what hardware and software are present as a prerequisite to knowing what the configuration parameters need to be. Asset management includes a complete inventory of hardware and software. Asset standards identify specific hardware and software products that the organization uses and supports. When a failure occurs, prompt action helps to maintain both access and security.
- Question 39
- 2 / 2 pts
- Keeping data backups offsite is an example of which type of disaster recovery control?
- Correct!
- preventive
- detective
- corrective
- management
- Refer to curriculum topic: 6.4.1
- A disaster recovery plan enables an organization to prepare for potential disasters and minimize the resulting downtime.
- Question 40
- 2 / 2 pts
- Which risk mitigation strategies include outsourcing services and purchasing insurance?
- Correct!
- transfer
- avoidance
- reduction
- acceptance
- Refer to curriculum topic: 6.2.1
- Risk mitigation lessens the exposure of an organization to threats and vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce risk.
- Question 41
- 2 / 2 pts
- Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)
- TKIP
- Correct!
- WPA2
- 802.11q
- WEP
- Correct!
- WPA
- Correct!
- 802.11i
- Refer to curriculum topic: 7.3.1
- Various protocols can be used to provide secure communication systems. AES is the strongest encryption algorithm.
- Question 42
- 2 / 2 pts
- Which of the following products or technologies would you use to establish a baseline for an operating system?
- Correct!
- Microsoft Security Baseline Analyzer
- SANS Baselining System (SBS)
- MS Baseliner
- CVE Baseline Analyzer
- Refer to curriculum topic: 7.1.1
- There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization.
- Question 43
- 2 / 2 pts
- What describes the protection provided by a fence that is 1 meter in height?
- Correct!
- It deters casual trespassers only.
- It prevents casual trespassers because of its height.
- The fence deters determined intruders.
- It offers limited delay to a determined intruder.
- Refer to curriculum topic: 7.4.1
- Security standards have been developed to assist organizations in implementing the proper controls to mitigate potential threats. The height of a fence determines the level of protection from intruders
- Question 44
- 2 / 2 pts
- What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?
- Event Viewer security log
- Computer Management
- Correct!
- Local Security Policy tool
- Active Directory Security tool
- Refer to curriculum topic: 7.2.2
- A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. Local Security Policy, Event Viewer, and Computer Management are Windows utilities that are all used in the security equation.
- Question 45
- 2 / 2 pts
- Which wireless standard made AES and CCM mandatory?
- WPA
- WEP
- Correct!
- WPA2
- WEP2
- Refer to curriculum topic: 7.1.2
- Wireless security depends on several industry standards and has progressed from WEP to WPA and finally WPA2.
- Question 46
- 2 / 2 pts
- Which protocol would be used to provide security for employees that access systems remotely from home?
- SCP
- Telnet
- Correct!
- SSH
- WPA
- Refer to curriculum topic: 7.2.1
- Various application layer protocols are used to for communications between systems. A secure protocol provides a secure channel over an unsecured network.
- Question 47
- 2 / 2 pts
- Which technology can be used to protect VoIP against eavesdropping?
- ARP
- strong authentication
- SSH
- Correct!
- encrypted voice messages
- Refer to curriculum topic: 7.3.2
- Many advanced technologies such as VoIP, streaming video, and electronic conferencing require advanced countermeasures.
- Question 48
- 2 / 2 pts
- Which threat is mitigated through user awareness training and tying security awareness to performance reviews?
- physical threats
- cloud-related threats
- device-related threats
- Correct!
- user-related threats
- Refer to curriculum topic: 8.1.1
- Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization. Each domain has various countermeasures available to manage threats.
- Question 49
- 2 / 2 pts
- Which law was enacted to prevent corporate accounting-related crimes?
- Gramm-Leach-Bliley Act
- Import/Export Encryption Act
- The Federal Information Security Management Act
- Correct!
- Sarbanes-Oxley Act
- Refer to curriculum topic: 8.2.2
- New laws and regulations have come about to protect organizations, citizens, and nations from cybersecurity attacks.
- Question 50
- 2 / 2 pts
- HVAC, water system, and fire systems fall under which of the cybersecurity domains?
- user
- device
- network
- Correct!
- physical facilities
- Refer to curriculum topic: 8.1.6
- Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization.
- Quiz Score: 100 out of 100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement