Professional Documents
Culture Documents
0 / 2 ptos.
Which two groups of people are considered internal attackers? (Choose two.)
Respuesta correcta
trusted partners
hacktivists
Respondido
amateurs
Respuesta correcta
ex-employees
Pregunta 2
0 / 2 ptos.
A cybersecurity specialist is asked to identify the potential criminals known to
attack the organization. Which type of hackers would the cybersecurity specialist
be least concerned with?
Respondido
Respuesta correcta
Pregunta 3
0 / 2 ptos.
Which type of cybercriminal attack would interfere with established network
communication through the use of constructed packets so that the packets look like
they are part of the normal communication?
DNS spoofing
rogue Wi-Fi AP
Respuesta correcta
packet forgery
Respondido
packet sniffing
Pregunta 4
0 / 2 ptos.
Which technology can be implemented as part of an authentication system to verify
the identification of employees?
Respondido
a virtual fingerprint
Respuesta correcta
a Mantrap
SHA-1 hash
Pregunta 5
2 / 2 ptos.
Which technology should be used to enforce the security policy that a computing
device must be checked against the latest antivirus update before the device is
allowed to connect to the campus network?
¡Correcto!
NAC
VPN
NAS
SAN
CIA Triad
NIST/NICE framework
Respuesta correcta
ISO/IEC 27000
Pregunta 7
2 / 2 ptos.
Which technology can be used to ensure data confidentiality?
identity management
¡Correcto!
encryption
hashing
RAID
Refer to curriculum topic: 2.2.1
A cybersecurity specialist must be aware of the technologies available which
support the CIA triad.
Pregunta 8
2 / 2 ptos.
Which data state is maintained in NAS and SAN services?
data in-process
encrypted data
¡Correcto!
stored data
data in-transit
Pregunta 9
2 / 2 ptos.
What are the two most effective ways to defend against malware? (Choose two.)
Implement a VPN.
Implement RAID.
¡Correcto!
Pregunta 10
0 / 2 ptos.
What type of attack will make illegitimate websites higher in a web search result
list?
browser hijacker
Respuesta correcta
SEO poisoning
Respondido
DNS poisoning
spam
¡Correcto!
Pregunta 12
0 / 2 ptos.
What type of attack has an organization experienced when an employee installs an
unauthorized device on the network to view network traffic?
spoofing
phishing
Respondido
spamming
Respuesta correcta
sniffing
Pregunta 13
2 / 2 ptos.
Users report that the network access is slow. After questioning the employees, the
network administrator learned that one employee downloaded a third-party
scanning program for the printer. What type of malware might be introduced that
causes slow performance of the network?
spam
¡Correcto!
worm
phishing
virus
Pregunta 14
0 / 2 ptos.
A cyber criminal sends a series of maliciously formatted packets to the database
server. The server cannot parse the packets and the event causes the server
crash. What is the type of attack the cyber criminal launches?
Respondido
SQL injection
Respuesta correcta
DoS
man-in-the-middle
packet Injection
Pregunta 15
0 / 2 ptos.
The employees in a company receive an email stating that the account password
will expire immediately and requires a password reset within 5 minutes. Which
statement would classify this email?
It is a piggy-back attack.
Respondido
It is an impersonation attack.
It is a DDoS attack.
Respuesta correcta
It is a hoax.
Pregunta 16
0 / 2 ptos.
Which algorithm will Windows use by default when a user intends to encrypt files
and folders in an NTFS volume?
DES
Respondido
RSA
Respuesta correcta
AES
3DES
Pregunta 17
0 / 2 ptos.
Alice and Bob are using public key encryption to exchange a message. Which key
should Alice use to encrypt a message to Bob?
Respuesta correcta
Respondido
Pregunta 18
2 / 2 ptos.
Which access control should the IT department use to restore a system back to its
normal state?
¡Correcto!
corrective
detective
preventive
compensative
Pregunta 19
0 / 2 ptos.
Which statement describes a characteristics of block ciphers?
Respuesta correcta
Block ciphers result in output data that is larger than the input data most of the
time.
Block ciphers encrypt plaintext one bit at a time to form a block.
Respondido
Pregunta 20
2 / 2 ptos.
Which method is used by steganography to hide text in an image file?
data masking
data obfuscation
¡Correcto!
Pregunta 21
2 / 2 ptos.
Smart cards and biometrics are considered to be what type of access control?
physical
technological
administrative
¡Correcto!
logical
Pregunta 22
0 / 2 ptos.
Before data is sent out for analysis, which technique can be used to replace
sensitive data in nonproduction environments to protect the underlying
information?
Respondido
steganalysis
Respuesta correcta
steganography
software obfuscation
Pregunta 23
2 / 2 ptos.
What is the most difficult part of designing a cryptosystem?
¡Correcto!
key management
reverse engineering
encryption algorithm
key length
Pregunta 24
2 / 2 ptos.
Alice and Bob are using a digital signature to sign a document. What key should
Alice use to sign the document so that Bob can make sure that the document came
from Alice?
¡Correcto!
Pregunta 25
0 / 2 ptos.
What kind of integrity does a database have when all its rows have a unique
identifier called a primary key?
Respondido
referential integrity
user-defined integrity
domain integrity
Respuesta correcta
entity integrity
Pregunta 26
2 / 2 ptos.
What technique creates different hashes for the same password?
¡Correcto!
salting
SHA-256
CRC
HMAC
Pregunta 27
2 / 2 ptos.
You have been asked to work with the data collection and entry staff in your
organization in order to improve data integrity during initial data entry and data
modification operations. Several staff members ask you to explain why the new
data entry screens limit the types and size of data able to be entered in specific
fields. What is an example of a new data integrity control?
¡Correcto!
data entry controls which only allow entry staff to view current data
a limitation rule which has been implemented to prevent unauthorized staff from
entering sensitive data
data encryption operations that prevent any unauthorized users from accessing
sensitive data
Refer to curriculum topic: 5.4.2
Data integrity deals with data validation.
Pregunta 28
0 / 2 ptos.
Which hashing technology requires keys to be exchanged?
Respuesta correcta
HMAC
Respondido
MD5
AES
salting
Pregunta 29
0 / 2 ptos.
Technicians are testing the security of an authentication system that uses
passwords. When a technician examines the password tables, the technician
discovers the passwords are stored as hash values. However, after comparing a
simple password hash, the technician then discovers that the values are different
from those on other systems. What are two causes of this situation? (Choose two.)
Respondido
One system uses symmetrical hashing and the other uses asymmetrical hashing.
Respuesta correcta
¡Correcto!
One system uses hashing and the other uses hashing and salting.
Both systems use MD5.
Pregunta 30
2 / 2 ptos.
A VPN will be used within the organization to give remote users secure access to
the corporate network. What does IPsec use to authenticate the origin of every
packet to provide data integrity checking?
CRC
salting
password
¡Correcto!
HMAC
Pregunta 31
2 / 2 ptos.
Which hashing algorithm is recommended for the protection of sensitive,
unclassified information?
¡Correcto!
SHA-256
MD5
3DES
AES-256
Pregunta 32
2 / 2 ptos.
An organization has recently adopted a five nines program for two critical database
servers. What type of controls will this involve?
¡Correcto!
Pregunta 33
0 / 2 ptos.
What approach to availability involves using file permissions?
Respondido
layering
simplicity
Respuesta correcta
limiting
obscurity
Pregunta 34
0 / 2 ptos.
An organization wants to adopt a labeling system based on the value, sensitivity,
and criticality of the information. What element of risk management is
recommended?
asset availability
asset identification
Respuesta correcta
asset classification
Respondido
asset standardization
Refer to curriculum topic: 6.2.1
One of the most important steps in risk management is asset classification.
Pregunta 35
0 / 2 ptos.
Which risk mitigation strategies include outsourcing services and purchasing
insurance?
Respondido
avoidance
Respuesta correcta
transfer
reduction
acceptance
Pregunta 36
2 / 2 ptos.
Which technology would you implement to provide high availability for data
storage?
hot standby
software updates
N+1
¡Correcto!
RAID
Pregunta 37
2 / 2 ptos.
What approach to availability provides the most comprehensive protection because
multiple defenses coordinate together to prevent attacks?
obscurity
diversity
limiting
¡Correcto!
layering
Pregunta 38
0 / 2 ptos.
What are two incident response phases? (Choose two.)
Respuesta correcta
containment and recovery
¡Correcto!
Respondido
Pregunta 39
0 / 2 ptos.
Your risk manager just distributed a chart that uses three colors to identify the level
of threat to key assets in the information security systems. Red represents high
level of risk, yellow represents average level of threat and green represents low
level of threat. What type of risk analysis does this chart represent?
Respondido
quantitative analysis
Respuesta correcta
qualitative analysis
loss analysis
exposure factor analysis
Pregunta 40
0 / 2 ptos.
There are many environments that require five nines, but a five nines environment
may be cost prohibitive. What is one example of where the five nines environment
might be cost prohibitive?
Respondido
Respuesta correcta
Pregunta 41
2 / 2 ptos.
Which protocol would be used to provide security for employees that access
systems remotely from home?
Telnet
WPA
¡Correcto!
SSH
SCP
Pregunta 42
0.67 / 2 ptos.
Which three protocols can use Advanced Encryption Standard (AES)? (Choose
three.)
TKIP
¡Correcto!
802.11i
Respondido
WEP
802.11q
¡Correcto!
WPA
Respuesta correcta
WPA2
Pregunta 43
2 / 2 ptos.
In a comparison of biometric systems, what is the crossover error rate?
¡Correcto!
Pregunta 44
0 / 2 ptos.
What describes the protection provided by a fence that is 1 meter in height?
Respondido
Respuesta correcta
It deters casual trespassers only.
Pregunta 45
2 / 2 ptos.
Which utility uses the Internet Control Messaging Protocol (ICMP)?
DNS
NTP
RIP
¡Correcto!
ping
Pregunta 46
2 / 2 ptos.
What Windows utility should be used to configure password rules and account
lockout policies on a system that is not part of a domain?
Computer Management
Pregunta 47
2 / 2 ptos.
Which technology can be used to protect VoIP against eavesdropping?
ARP
strong authentication
¡Correcto!
SSH
Pregunta 48
0 / 2 ptos.
Which national resource was developed as a result of a U.S. Executive Order after
a ten-month collaborative study involving over 3,000 security professionals?
ISO/IEC 27000
Respuesta correcta
NIST Framework
Respondido
Pregunta 49
0 / 2 ptos.
Which law was enacted to prevent corporate accounting-related crimes?
Respondido
Gramm-Leach-Bliley Act
Respuesta correcta
Sarbanes-Oxley Act
Refer to curriculum topic: 8.2.2
New laws and regulations have come about to protect organizations, citizens, and
nations from cybersecurity attacks.
Pregunta 50
2 / 2 ptos.
Which threat is mitigated through user awareness training and tying security
awareness to performance reviews?
¡Correcto!
user-related threats
device-related threats
physical threats
cloud-related threats