Final 2

Pregunta 1
0 / 2 ptos.
Which two groups of people are considered internal attackers? (Choose two.)
Respuesta correcta
trusted partners
hacktivists
black hat hackers
Respondido
amateurs
Respuesta correcta
ex-employees
Refer to curriculum topic: 1.4.1

Threats are classified as being from an internal source or external source. A
cybersecurity specialist needs to be aware of the source of various threats.
Pregunta 2
0 / 2 ptos.
A cybersecurity specialist is asked to identify the potential criminals known to
attack the organization. Which type of hackers would the cybersecurity specialist
be least concerned with?
Respondido
black hat hackers
Respuesta correcta
white hat hackers

script kiddies
gray hat hackers

Hackers are classified by colors to help define the purpose of their break-in
activities.
Pregunta 3
0 / 2 ptos.
Which type of cybercriminal attack would interfere with established network
communication through the use of constructed packets so that the packets look like
they are part of the normal communication?
DNS spoofing
rogue Wi-Fi AP
Respuesta correcta
packet forgery
Respondido
packet sniffing

Cybersecurity specialists need to be familiar with the characteristics of various
attacks.
Pregunta 4
0 / 2 ptos.
Which technology can be implemented as part of an authentication system to verify
the identification of employees?
Respondido
a virtual fingerprint
Respuesta correcta
a smart card reader
a Mantrap
SHA-1 hash

A cybersecurity specialist must be aware of the technologies available that support
the CIA triad.
Pregunta 5
2 / 2 ptos.
Which technology should be used to enforce the security policy that a computing
device must be checked against the latest antivirus update before the device is
allowed to connect to the campus network?
¡Correcto!
NAC
VPN
NAS
SAN

A cybersecurity specialist must be aware of the technologies available to enforce
its organization's security policy.
Pregunta 6
0 / 2 ptos.
Which framework should be recommended for establishing a comprehensive
information security management system in an organization?
Respondido
CIA Triad
NIST/NICE framework
ISO OSI model
Respuesta correcta
ISO/IEC 27000

A cybersecurity specialist needs to be familiar with the different frameworks and
models for managing information security.
Pregunta 7
2 / 2 ptos.
Which technology can be used to ensure data confidentiality?
identity management
¡Correcto!
encryption
hashing
RAID
A cybersecurity specialist must be aware of the technologies available which
support the CIA triad.
Pregunta 8
2 / 2 ptos.
Which data state is maintained in NAS and SAN services?
data in-process
encrypted data
¡Correcto!
stored data
data in-transit

A cybersecurity specialist must be familiar with the types of technologies used to
store, transmit, and process data.
Pregunta 9
2 / 2 ptos.
What are the two most effective ways to defend against malware? (Choose two.)
Implement a VPN.
Implement RAID.
Implement strong passwords.

¡Correcto!
Update the operating system and other application software.
Implement network firewalls.
¡Correcto!
Install and update antivirus software.

A cybersecurity specialist must be aware of the technologies and measures that
are used as countermeasures to protect the organization from threats and
vulnerabilities.
Pregunta 10
0 / 2 ptos.
What type of attack will make illegitimate websites higher in a web search result
list?
browser hijacker
Respuesta correcta
SEO poisoning
Respondido
DNS poisoning
spam

A cybersecurity specialist needs to be familiar with the characteristics of the
different types of malware and attacks that threaten an organization.
Pregunta 11
2 / 2 ptos.
A penetration testing service hired by the company has reported that a backdoor
was identified on the network. What action should the organization take to find out
if systems have been compromised?
Look for policy changes in Event Viewer.
¡Correcto!
Look for unauthorized accounts.
Scan the systems for viruses.
Look for usernames that do not have passwords.

Pregunta 12
0 / 2 ptos.
What type of attack has an organization experienced when an employee installs an
unauthorized device on the network to view network traffic?
spoofing
phishing
Respondido
spamming
Respuesta correcta
sniffing

Pregunta 13
2 / 2 ptos.
Users report that the network access is slow. After questioning the employees, the
network administrator learned that one employee downloaded a third-party
scanning program for the printer. What type of malware might be introduced that
causes slow performance of the network?
spam
¡Correcto!
worm
phishing
virus

Pregunta 14
0 / 2 ptos.
A cyber criminal sends a series of maliciously formatted packets to the database
server. The server cannot parse the packets and the event causes the server
crash. What is the type of attack the cyber criminal launches?
Respondido
SQL injection
Respuesta correcta
DoS
man-in-the-middle
packet Injection

Pregunta 15
0 / 2 ptos.
The employees in a company receive an email stating that the account password
will expire immediately and requires a password reset within 5 minutes. Which
statement would classify this email?
It is a piggy-back attack.
Respondido
It is an impersonation attack.
It is a DDoS attack.
Respuesta correcta
It is a hoax.

Social engineering uses several different tactics to gain information from victims.
Pregunta 16
0 / 2 ptos.
Which algorithm will Windows use by default when a user intends to encrypt files
and folders in an NTFS volume?
DES
Respondido
RSA
Respuesta correcta
AES
3DES

Encryption is an important technology used to protect confidentiality. It is important
to understand the characteristics of the various encryption methodologies.
Pregunta 17
0 / 2 ptos.
Alice and Bob are using public key encryption to exchange a message. Which key
should Alice use to encrypt a message to Bob?
the private key of Alice
Respuesta correcta
the public key of Bob
the public key of Alice
Respondido
the private key of Bob

Pregunta 18
2 / 2 ptos.
Which access control should the IT department use to restore a system back to its
normal state?
¡Correcto!
corrective
detective
preventive
compensative

Access control prevents an unauthorized user from gaining access to sensitive
data and networked systems. There are several technologies used to implement
effective access control strategies.
Pregunta 19
0 / 2 ptos.
Which statement describes a characteristics of block ciphers?
Block ciphers result in compressed output.
Respuesta correcta
Block ciphers result in output data that is larger than the input data most of the
time.
Block ciphers encrypt plaintext one bit at a time to form a block.
Respondido
Block ciphers are faster than stream ciphers.

Pregunta 20
2 / 2 ptos.
Which method is used by steganography to hide text in an image file?
most significant bit
data masking
data obfuscation
¡Correcto!
least significant bit

Pregunta 21
2 / 2 ptos.
Smart cards and biometrics are considered to be what type of access control?
physical
technological
administrative
¡Correcto!
logical

Access control prevents an unauthorized user from gaining access to sensitive
data and networked systems. There are several technologies used to implement
effective access control strategies.
Pregunta 22
0 / 2 ptos.
Before data is sent out for analysis, which technique can be used to replace
sensitive data in nonproduction environments to protect the underlying
information?
Respondido
steganalysis
Respuesta correcta
data masking substitution
steganography
software obfuscation

Technologies exist to confuse attackers by changing data and using techniques to
hide the original data.
Pregunta 23
2 / 2 ptos.
What is the most difficult part of designing a cryptosystem?
¡Correcto!
key management
reverse engineering
encryption algorithm
key length

Pregunta 24
2 / 2 ptos.
Alice and Bob are using a digital signature to sign a document. What key should
Alice use to sign the document so that Bob can make sure that the document came
from Alice?
username and password from Alice
private key from Bob
¡Correcto!
private key from Alice
public key from Bob

Alice and Bob are used to explain asymmetric cryptography used in digital
signatures. Alice uses a private key to encrypt the message digest. The message,
encrypted message digest, and the public key are used to create the signed
document and prepare it for transmission.
Pregunta 25
0 / 2 ptos.
What kind of integrity does a database have when all its rows have a unique
identifier called a primary key?
Respondido
referential integrity
user-defined integrity
domain integrity
Respuesta correcta
entity integrity

Data integrity is one of the three guiding security principles. A cybersecurity
specialist should be familiar with the tools and technologies that are used to ensure
data integrity.
Pregunta 26
2 / 2 ptos.
What technique creates different hashes for the same password?
¡Correcto!
salting
SHA-256
CRC
HMAC

specialist should be familiar with the tools and technologies used ensure data
integrity.
Pregunta 27
2 / 2 ptos.
You have been asked to work with the data collection and entry staff in your
organization in order to improve data integrity during initial data entry and data
modification operations. Several staff members ask you to explain why the new
data entry screens limit the types and size of data able to be entered in specific
fields. What is an example of a new data integrity control?
¡Correcto!
a validation rule which has been implemented to ensure completeness, accuracy,

and consistency of data
data entry controls which only allow entry staff to view current data
a limitation rule which has been implemented to prevent unauthorized staff from
entering sensitive data
data encryption operations that prevent any unauthorized users from accessing
sensitive data
Data integrity deals with data validation.
Pregunta 28
0 / 2 ptos.
Which hashing technology requires keys to be exchanged?
Respuesta correcta
HMAC
Respondido
MD5
AES
salting

The difference between HMAC and hashing is the use of keys.
Pregunta 29
0 / 2 ptos.
Technicians are testing the security of an authentication system that uses
passwords. When a technician examines the password tables, the technician
discovers the passwords are stored as hash values. However, after comparing a
simple password hash, the technician then discovers that the values are different
from those on other systems. What are two causes of this situation? (Choose two.)
Both systems scramble the passwords before hashing.
Respondido
One system uses symmetrical hashing and the other uses asymmetrical hashing.
Respuesta correcta
The systems use different hashing algorithms.
¡Correcto!
One system uses hashing and the other uses hashing and salting.
Both systems use MD5.

Hashing can be used in many different situations to ensure data integrity.
Pregunta 30
2 / 2 ptos.
A VPN will be used within the organization to give remote users secure access to
the corporate network. What does IPsec use to authenticate the origin of every
packet to provide data integrity checking?
CRC
salting
password
¡Correcto!
HMAC

HMAC is an algorithm used to authenticate. The sender and receiver have a secret
key that is used along with the data to ensure the message origin as well as the
authenticity of the data.
Pregunta 31
2 / 2 ptos.
Which hashing algorithm is recommended for the protection of sensitive,
unclassified information?
¡Correcto!
SHA-256
MD5
3DES
AES-256

specialist should be familiar with the tools and technologies used to ensure data
integrity.
Pregunta 32
2 / 2 ptos.
An organization has recently adopted a five nines program for two critical database
servers. What type of controls will this involve?
stronger encryption systems
limiting access to the data on these systems
remote access to thousands of external users
¡Correcto!
improving reliability and uptime of the servers

System and data availability is a critical responsibility of a cybersecurity specialists.
It is important to understand the technologies, process, and controls used to
provide high availability.
Pregunta 33
0 / 2 ptos.
What approach to availability involves using file permissions?
Respondido
layering
simplicity
Respuesta correcta
limiting
obscurity

System and data availability is a critical responsibility of a cybersecurity specialist.
protect provide high availability.
Pregunta 34
0 / 2 ptos.
An organization wants to adopt a labeling system based on the value, sensitivity,
and criticality of the information. What element of risk management is
recommended?
asset availability
asset identification
Respuesta correcta
asset classification
Respondido
asset standardization
One of the most important steps in risk management is asset classification.
Pregunta 35
0 / 2 ptos.
Which risk mitigation strategies include outsourcing services and purchasing
insurance?
Respondido
avoidance
Respuesta correcta
transfer
reduction
acceptance

Risk mitigation lessens the exposure of an organization to threats and
vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce
risk.
Pregunta 36
2 / 2 ptos.
Which technology would you implement to provide high availability for data
storage?
hot standby
software updates
N+1
¡Correcto!
RAID

provide redundancy.
Pregunta 37
2 / 2 ptos.
What approach to availability provides the most comprehensive protection because
multiple defenses coordinate together to prevent attacks?
obscurity
diversity
limiting
¡Correcto!
layering

Defense in depth utilizes multiple layers of security controls.
Pregunta 38
0 / 2 ptos.
What are two incident response phases? (Choose two.)
risk analysis and high availability
Respuesta correcta
containment and recovery
¡Correcto!
detection and analysis
prevention and containment
confidentiality and eradication
Respondido
mitigation and acceptance

When an incident occurs, the organization must know how to respond. An
organization needs to develop an incident response plan that includes several
phases.
Pregunta 39
0 / 2 ptos.
Your risk manager just distributed a chart that uses three colors to identify the level
of threat to key assets in the information security systems. Red represents high
level of risk, yellow represents average level of threat and green represents low
level of threat. What type of risk analysis does this chart represent?
Respondido
quantitative analysis
Respuesta correcta
qualitative analysis
loss analysis
exposure factor analysis

A qualitative or quantitative risk analysis is used to identify and prioritize threats to
the organization.
Pregunta 40
0 / 2 ptos.
There are many environments that require five nines, but a five nines environment
may be cost prohibitive. What is one example of where the five nines environment
might be cost prohibitive?
Respondido
the U.S. Department of Education
Respuesta correcta
the New York Stock Exchange
the front office of a major league sports team
department stores at the local mall

protect provide high availability.
Pregunta 41
2 / 2 ptos.
Which protocol would be used to provide security for employees that access
systems remotely from home?
Telnet
WPA
¡Correcto!
SSH
SCP

Various application layer protocols are used to for communications between
systems. A secure protocol provides a secure channel over an unsecured network.
Pregunta 42
0.67 / 2 ptos.
Which three protocols can use Advanced Encryption Standard (AES)? (Choose
three.)
TKIP
¡Correcto!
802.11i
Respondido
WEP
802.11q
¡Correcto!
WPA
Respuesta correcta
WPA2

Various protocols can be used to provide secure communication systems. AES is
the strongest encryption algorithm.
Pregunta 43
2 / 2 ptos.
In a comparison of biometric systems, what is the crossover error rate?
rate of acceptability and rate of false negatives
¡Correcto!
rate of false negatives and rate of false positives
rate of rejection and rate of false negatives
rate of false positives and rate of acceptability

In comparing biometric systems, there are several important factors to consider
including accuracy, speed or throughput rate, and acceptability to users.
Pregunta 44
0 / 2 ptos.
What describes the protection provided by a fence that is 1 meter in height?
Respondido
It offers limited delay to a determined intruder.
The fence deters determined intruders.
Respuesta correcta
It deters casual trespassers only.
It prevents casual trespassers because of its height.

Security standards have been developed to assist organizations in implementing
the proper controls to mitigate potential threats. The height of a fence determines
the level of protection from intruders
Pregunta 45
2 / 2 ptos.
Which utility uses the Internet Control Messaging Protocol (ICMP)?
DNS
NTP
RIP
¡Correcto!
ping

ICMP is used by network devices to send error messages.
Pregunta 46
2 / 2 ptos.
What Windows utility should be used to configure password rules and account
lockout policies on a system that is not part of a domain?
Active Directory Security tool

¡Correcto!
Local Security Policy tool
Event Viewer security log
Computer Management

A cybersecurity specialist must be aware of the technologies and measures that
are used as countermeasures to protect the organization from threats and
vulnerabilities. Local Security Policy, Event Viewer, and Computer Management
are Windows utilities that are all used in the security equation.
Pregunta 47
2 / 2 ptos.
Which technology can be used to protect VoIP against eavesdropping?
ARP
strong authentication
¡Correcto!
encrypted voice messages
SSH

Many advanced technologies such as VoIP, streaming video, and electronic
conferencing require advanced countermeasures.
Pregunta 48
0 / 2 ptos.
Which national resource was developed as a result of a U.S. Executive Order after
a ten-month collaborative study involving over 3,000 security professionals?
ISO/IEC 27000
Respuesta correcta
NIST Framework
ISO OSI model
Respondido
the National Vulnerability Database (NVD)

There are many tools that a cybersecurity specialist uses to evaluate the potential
vulnerabilities of an organization.
Pregunta 49
0 / 2 ptos.
Which law was enacted to prevent corporate accounting-related crimes?
Import/Export Encryption Act
Respondido
The Federal Information Security Management Act
Gramm-Leach-Bliley Act
Respuesta correcta
Sarbanes-Oxley Act
New laws and regulations have come about to protect organizations, citizens, and
nations from cybersecurity attacks.
Pregunta 50
2 / 2 ptos.
Which threat is mitigated through user awareness training and tying security
awareness to performance reviews?
¡Correcto!
user-related threats
device-related threats
physical threats
cloud-related threats

Cybersecurity domains provide a framework for evaluating and implementing
controls to protect the assets of an organization. Each domain has various
countermeasures available to manage threats.

Final 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final 2

Uploaded by

Copyright:

Available Formats

Pregunta 1

black hat hackers

Refer to curriculum topic: 1.4.1

black hat hackers

white hat hackers

gray hat hackers

Refer to curriculum topic: 1.2.1

Refer to curriculum topic: 1.3.1

a smart card reader

Refer to curriculum topic: 2.2.1

Refer to curriculum topic: 2.4.1

ISO OSI model

Refer to curriculum topic: 2.5.1

Refer to curriculum topic: 2.3.1

Implement strong passwords.

Update the operating system and other application software.

Implement network firewalls.

Install and update antivirus software.

Refer to curriculum topic: 3.1.1

Refer to curriculum topic: 3.1.2

Look for policy changes in Event Viewer.

Look for unauthorized accounts.

Scan the systems for viruses.

Look for usernames that do not have passwords.

Refer to curriculum topic: 3.1.1

Refer to curriculum topic: 3.3.1

Refer to curriculum topic: 3.1.1

Refer to curriculum topic: 3.3.1

Refer to curriculum topic: 3.2.2

Refer to curriculum topic: 4.1.4

the private key of Alice

the public key of Bob

the public key of Alice

the private key of Bob

Refer to curriculum topic: 4.2.7

Block ciphers result in compressed output.

Block ciphers are faster than stream ciphers.

Refer to curriculum topic: 4.1.2

most significant bit

least significant bit

Refer to curriculum topic: 4.3.2

Refer to curriculum topic: 4.2.1

data masking substitution

Refer to curriculum topic: 4.3.1

Refer to curriculum topic: 4.1.1

username and password from Alice

private key from Bob

private key from Alice

public key from Bob

Refer to curriculum topic: 5.4.1

Refer to curriculum topic: 5.1.2

a validation rule which has been implemented to ensure completeness, accuracy,

Refer to curriculum topic: 5.1.3

Both systems scramble the passwords before hashing.

The systems use different hashing algorithms.

Refer to curriculum topic: 5.1.2

Refer to curriculum topic: 5.1.3

Refer to curriculum topic: 5.1.1

stronger encryption systems

limiting access to the data on these systems

remote access to thousands of external users

improving reliability and uptime of the servers

Refer to curriculum topic: 6.1.1

Refer to curriculum topic: 6.2.2