cybersecurity

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which statement describes a characteristics of block ciphers?

Block ciphers result in output data that is larger than the input data most of the time.

What are two methods that ensure confidentiality? (Choose two.)

encryption authentication

What two methods help to ensure system availability? (Choose two.)

equipment maintenance up-to-date operating systems

Thwarting cyber criminals includes which of the following? (Choose two.)

establishing early warning systems sharing cyber Intelligence information

Which three processes are examples of logical access controls? (Choose three.)

firewalls to monitor traffic biometrics to validate physical characteristics intrusion detection system (IDS) to watch for suspicious network activity

What does the term BYOD represent?

bring your own device

What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?

modification

Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?

new pre-shared key

What does a rootkit modify?

operating system

What is a method of sending information from one device to another using removable media?

sneaker net

What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?

sniffing

What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?

social engineering

a security key fob

something you have

What is the term used to describe an email that is targeting a specific person employed at a financial institution?

spear phising

What is an impersonation attack that takes advantage of a trusted relationship between two systems?

spoofing

steganography

hiding data within an audio file

social steganography

hiding in plain sight. content is publicly assessable but the meaning is not.

What are the two most effective ways to defend against malware? (Choose two.)

Update the operating system and other application software. Install and update antivirus software.

What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?

algorithm

What is identified by the first dimension of the cybersecurity cube?

goals

What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)

intimidation urgency

Which three devices represent examples of physical access controls? (Choose three.)

locks swipe cards video cameras

A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?

look for unauthorized account

What mechanism can organizations use to prevent accidental changes by authorized users?

version control

Which term describes the technology that protects software from unauthorized access or modification?

watermaking

In which situation would a detective control be warranted?

when the organization needs to look for prohibited activity

A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with?

white hat hackers

Which access control strategy allows an object owner to determine whether to allow access to the object?

DAC

A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?

3DES

Which technology can be implemented as part of an authentication system to verify the identification of employees?

A smart card reader

Which 128-bit block cipher encryption algorithm does the US government use to protect classified information?

AES

Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume?

AES

Which asymmetric algorithm provides an electronic key exchange method to share the secret key?

Diffie-Hellman

A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?

Dos

Which technology can be used to ensure data confidentiality?

Encryption

A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?

Implement a firewall

What name is given to a storage device connected to a network?

NAS

Which three protocols use asymmetric key algorithms? (Choose three.)

PGP SSL SSH

What does the term vulnerability mean?

a weakness that makes a target susceptible to an attack

An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?

administrative

What encryption algorithm uses one key to encrypt data and a different key to decrypt data?

asymmetric

What is the name given to a program or program code that bypasses normal authentication?

backdoor

Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?

black hat hackers

What principle prevents the disclosure of information to unauthorized people, resources, and processes?

confidentiality

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

deterrent

Steganalysis

discovering that hidden information exists within audio file

What name is given to hackers who hack for a cause?

hactivist

Which two methods help to ensure data integrity? (Choose two.)

hashing data consistency checks

What is an example of early warning systems that can be used to thwart cybercriminals?

Honeynet project

a fingerprint scan

Something you are

What is the difference between a virus and a worm?

Worms self-replicate but viruses do not

What is the meaning of the term logic bomb?

a malicious program that uses a trigger to awaken the malicious code

What term is used to describe the technology that replaces sensitive information with a nonsensitive version?

masking

What name is given to a amateur hacker?

script kiddie

a password

something you know

What term is used to describe concealing data in another file such as a graphic, audio, or other text file?

steganography

What are three access control security services? (Choose three.)

authentication authorization accounting

Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time?

block

An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?

bluesnarfing

What type of application attack occurs when data goes beyond the memory areas allocated to the application?

buffer overflow

What are the three foundational principles of the cybersecurity domain? (Choose three.)

confidentiality integrity availability

A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?

confidentiality, integrity, and availability

Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?

NAC

What type of attack will make illegitimate websites higher in a web search result list?

SEO poisoning

What type of attack targets an SQL database using the input field of a user?

SQL injection

Which statement describes a distributed denial of service attack?"

An attacker builds a botnet comprised of zombies

What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence?

Analyze

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

Cross-site scripting

What type of attack uses many systems to flood the resources of a target, thus making the target unavailable?

DDos

An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?

VPN

What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?

ECC

What three best practices can help defend against social engineering attacks? (Choose three.)

Educate employees regarding policies. Do not provide password resets in a chat window. resist the urge to click on enticing web links

Which framework should be recommended for establishing a comprehensive information security management system in an organization?

ISO/IEC 27000

What does the acronym IoE represent?

Internet of Everything

Which two terms are used to describe cipher keys? (Choose two.)

Key length key space

What happens as the key length increases in an encryption application?

Keyspace increases exponentially.

What is an example of an Internet data domain?

Linkedin

Which statement best describes a motivation of hacktivists?

They are part of a protest group behind a political cause.

Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.)

They collect sensitive information. They contain personal information.

The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?

a set of attributes that describes user access rights

The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?

hoax

Which method is used by steganography to hide text in an image file?

least significant bit

Smart cards and biometrics are considered to be what type of access control?

logical

Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.)

medical education employment

A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?

ramsonware

Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?

ransomware

An organization has implemented antivirus software. What type of security control did the company implement?

recovery control

A specialist in the HR department is invited to promote the cybersecurity program in community schools. Which three topics would the specialist emphasize in the presentation to draw students to this field? (Choose three.)

service to the public high earning potential a career-field in high-demand

Alice and Bob are using public key encryption to exchange a message. Which key should Alice use to encrypt a message to Bob?

the public key of Bob

What is the name of the method in which letters are rearranged to create the ciphertext?

transposition

Which two groups of people are considered internal attackers? (Choose two.)

trusted partners ex-employees

Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?

wireless networks

Passwords, passphrases, and PINs are examples of which security term?

authentication

Which access control should the IT department use to restore a system back to its normal state?

corrective

What is the term used to describe the science of making and breaking secret codes?

cryptology

Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?

data masking substitution

What three design principles help to ensure high availability? (Choose three.)

detect failures as they occur provide for reliable crossover eliminate single points of failure

An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?

intimidation

Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication?

packet forgery

Which methods can be used to implement multifactor authentication?

passwords and fingerprints

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

phising

What are three examples of administrative access controls? (Choose three.)

policies and procedures background checks hiring practices

What three tasks are accomplished by a comprehensive security policy? (Choose three.)

sets rules for expected behavior defines legal consequences of violations gives security staff the backing of management

Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?

smishing

Which data state is maintained in NAS and SAN services?

stored data

What are three states of data during which data is vulnerable? (Choose three.)

stored data data in-transit data in-process

What type of cipher encrypts plaintext one byte or one bit at a time?

stream

What encryption algorithm uses the same pre-shared key to encrypt and decrypt data?

symmetric

Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?

worm


Conjuntos de estudio relacionados

Life Insurance Premiums, Proceeds, and Beneficiaries

View Set

Alcohol Use questions in book, powerpoint, online book

View Set

Life, accidental, and health review

View Set

Chapter 48: Assessment and Care of Patients with Ear and Hearing Problems

View Set

Business Vocabulary in Use Advanced Unit 3. Management Styles 2

View Set

Integrating Technology, Informatics, and the Internet Into Nursing Education, Ch. 23

View Set

RAD 101 Module 2 Test The Role of the Radiologic Technologist

View Set