Cybersecurity

Which hashing algorithm is recommended for the protection of sensitive, unclassified information? Select one: MD5 SHA-256 3DES AES-256

SHA-256

AES-256

3DES

MD5

Which technology would you implement to provide high availability for data storage? Select one: RAID software updates N+1 hot standby

RAID

hot standby

N+1

software updates

Which two values are required to calculate annual loss expectancy? (Choose two.) Select one or more:

Single loss expectancy,annual rate of occurrence

frequency factor, quantitative loss value, exposure factor, asset value

An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three) Select one or more:

lookup tables,rainbow tables,everse lookup tables

password digest, algorithm tables, rouge access points

Which wireless standard made AES and CCM mandatory? Select one:

WPA2

WPA

WEP2

WEP

Which statement describes a characteristics of block ciphers? Select one:

Block ciphers result in output data that is larger than the input data most of the time.

Block ciphers encrypt plaintext one bit at a time to form a block.

Block ciphers result in compressed output.

Block ciphers are faster than stream ciphers.

What is a feature of a cryptographic hash function? Select one:

The hash function is a one-way mathematical function.

Hashing requires a public and a private key.

The output has a variable length.

The hash input can be calculated given the output value.

The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities? Select one:

CVE national database

NIST/NICE framework

Infragard

ISO/IEC 27000 model

What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?

Local Security Policy tool

Active Directory Security tool

Computer Management

Event Viewer security log

Which access control should the IT department use to restore a system back to its normal state? Select one:

detective

Corrective

Compensative

preventive

What describes the protection provided by a fence that is 1 meter in height? Select one:

It prevents casual trespassers because of its height.

It deters casual trespassers only.

The fence deters determined intruders.

It offers limited delay to a determined intruder.

What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website? Select one:

digital signature

asymmetric encryption

Digital certificate

salting

A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?

confidentiality, integrity, and availability

secrecy, identify, and nonrepudiation

Technologies, policies, and awareness

Encryption, authentication, and identification

What is an impersonation attack that takes advantage of a trusted relationship between two systems? Select one:

spoofing

spamming

man-in-the-middle

sniffing

Which technology can be implemented as part of an authentication system to verify the identification of employees? Select one:

SHA-1 hash

a smart card reader

a virtual fingerprint

a Mantrap

An organization has implemented antivirus software. What type of security control did the company implement? Select one:

recovery control

Detective control

compensative control

Deterrent control

Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent? Select one:

Exposure factor analysis

qualitative analysis

quantitative analysis

loss analysis

What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks? Select one:

Layering

obscurity

diversity

limiting

What is the most difficult part of designing a cryptosystem? Select one:

key length

encryption algorithm

key management

reverse engineering

What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document? Select one:

Digital certificate

HMAC

digital signature

asymmetric encryption

The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy? Select one:

Protection analysis

Loss analysis

qualitative analysis

quantitative analysis

Which utility uses the Internet Control Messaging Protocol (ICMP)? Select one:

NTP

RIP

DNS

ping

Mutual authentication can prevent which type of attack? Select one

Wireless poisoning

Wireless sniffing

man-in-the-middle

Wireless IP spoofing

The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email? Select one:

It is a piggy-back attack.

It is a DDoS attack.

It is a hoax.

It is an impersonation attack.

A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking? Select one:

password

Salting

HMAC

CRC

Which law was enacted to prevent corporate accounting-related crimes? Select one:

Gramm-Leach-Bliley Act

The Federal Information Security Management Act

Sarbanes-Oxley Act

Import/Export Encryption Act

What type of application attack occurs when data goes beyond the memory areas allocated to the application? Select one:

RAM Injection

Buffer overflow

SQL injection

RAM spoofing

Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems? Select one:

Internet Storm Center

The National Vulnerability Database website

CERT

The Advanced Cyber Security Center

An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?

Asset identification

Asset availability

Asset standardization

Asset classification

What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications? Select one:

Asset classification

Asset identification

Asset availability

Asset standardization

Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication? Select one:

DNS spoofing

Rogue Wi-Fi AP

Packet sniffing

Packet forgery

HVAC, water system, and fire systems fall under which of the cybersecurity domains? Select one:

Physical facilities

Device

User

Network

What happens as the key length increases in an encryption application? Select one:

Keyspace decreases exponentially.

Keyspace decreases proportionally.

Keyspace increases exponentially.

Keyspace increases proportionally.

Which protocol would be used to provide security for employees that access systems remotely from home? Select one

WPA

SCP

Telnet

SSH

Which hashing technology requires keys to be exchanged? Select one:

AES

HMAC

MD5

salting

An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario? Select one:

Trusted partners

Familiarity

Intimidation

urgency

Which two protocols pose switching threats? (Choose two.) Select one or more:

STP,ARP

IP, RIP, WPA2,ICMP

Keeping data backups offsite is an example of which type of disaster recovery control? Select one:

Corrective

Management

Preventive

detective

Which methods can be used to implement multifactor authentication? Select one:

VPNs and VLANs

Passwords and fingerprints

IDS and IPS

Tokens and hashes

What are the two most effective ways to defend against malware? (Choose two.) Select one or more:

Implement a VPN. Implement network firewalls. Implement strong passwords. Implement RAID.

Update the operating system and other application software. Install and update antivirus software.

As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions? Select one:

Laws governing the data

Potential gain

Potential bonus

cloud providers

partnerships

A breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection? Select one:

ECPA

SOX

PCI DSS

GLBA

What are the three broad categories for information security positions? (Choose three.) Select one or more:

Monitors , definers,builders.

doers , creators,seekers

An organization has implemented a private cloud infrastructure. The security administrator is asked to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.) Select one or more:

Update devices with security fixes and patches.Test inbound and outbound traffic. Disable ping, probing, and port scanning.

Hire a consultant. Disable firewalls., and port scanning.Grant administrative rights.

What are two items that can be found on the Internet Storm Center website? (Choose two.) Select one or more:

InfoSec job postings, InfoSec reports

Historical information current laws

A company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software? Select one:

IaaS

RaaS

PaaS

SaaS

A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks? Select one:

Pentest

Vulnerability scanner

Packet analyzer

Malware

A consultant is hired to make recommendations on managing device threats in a company. What are three general recommendations that can be made? (Choose three.) Select one or more:

Remove content filtering. Enforce strict HR policies. Enable media devices.

Enable automated antivirus scans.Enable screen lockout. Disable administrative rights for users.

An auditor is asked to assess the LAN of a company for potential threats. What are three potential threats the auditor may point out? (Choose three.) Select one or more:

a misconfigured firewall , unauthorized port scanning and network probing , unlocked access to network equipment

The acceptable use policy, complex passwords, locked systems

What three services does CERT provide? (Choose three.) Select one or more:

Develop tools, products, and methods to analyze vulnerabilities,develop tools, products, and methods to conduct forensic examinations,resolve software vulnerabilities

Develop attack tools enforce software standardscreate malware tools

What are three disclosure exemptions that pertain to the FOIA? (Choose three.) Select one or more:

information specifically non-exempt by statue public information from financial institutions non-geological information regarding wells

Law enforcement records that implicate one of a set of enumerated concerns,national security and foreign policy information, confidential business information

If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to? Select one:

ECPA

CFAA

GLBA

SOX

A company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage the user threats. What three things might be put in place to manage the threats? (Choose three.) Select one or more:

Provide security awareness training.Use content filtering. Disable CD and USB access.

Implement disciplinary action. Change to thin clients.Monitor all activity by the users.

A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected? Select one:

CIPA

COPPA

HIPPA

FERPA

What can be used to rate threats by an impact score to emphasize important vulnerabilities? Select one:

NVD

CERT

ACSC

ISC

What are two potential threats to applications? (Choose two.) Select one or more:

Data loss unauthorized access

Power interruptions social engineering

Why is Kali Linux a popular choice in testing the network security of an organization? Select one:

It can be used to test weaknesses by using only malicious software.

It is an open source Linux security distribution and contains over 300 tools.

It can be used to intercept and log network traffic.

It is a network scanning tool that prioritizes security risks.

As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information? Select one:

FIRPA

SOX

PCI

GLBA

Unauthorized visitors have entered a company office and are walking around the building. What two measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.)

Establish policies and procedures for guests visiting the building.Conduct security awareness training regularly.

Prohibit exiting the building during working hours. Lock cabinets.

{"name":"Cybersecurity", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Which hashing algorithm is recommended for the protection of sensitive, unclassified information? Select one: MD5 SHA-256 3DES AES-256, Which technology would you implement to provide high availability for data storage? Select one: RAID software updates N+1 hot standby, Which two values are required to calculate annual loss expectancy? (Choose two.) Select one or more:","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}