Tests

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which 128-bit block cipher encryption algorithm does the US government use to protect classified information?

AES

What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?

Algorithm

Which is an acceptable definition of information?

All are acceptable definitions

Which of the multifactor authentication types match the description?

All are correct descriptions

A malicious attacker must have this:

All are necessary.

What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence?

Analyze

Which are the most critical characteristics of information? Select all that apply.

Avaliability,Confidentiality,Integrity

A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?

Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.

What is the step by step process for creating a digital signature?

Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.

What type of attack uses many systems to flood the resources of a target, thus making the target unavailable?

DDoS

Which asymmetric algorithm provides an electronic key exchange method to share the secret key?

Diffe-Hellman

What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?

ECC

True or False. A threat is a weakness in the security system, for example, in procedures, design, or implementation, that might be exploited to cause loss or harm.

False

True or False. An interruption means that some unauthorized party has gained access to an asset.

False

True or False. The ARPANET Program Plan is considered the first step in the development of the Internet. Access Control was one of its primary concerns.

False

A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use?

HMAC

For the purpose of authentication, what three methods are used to verify identity? (Choose three.)

Have,know,are

What does the acronym IoE represent?

Internet of Everything

What are two ways to protect a computer from malware? (Choose two.)

Keep software up to date.,Use antivirus software.

What is an example of an Internet data domain?

Linkedin

What name is given to a storage device connected to a network?

NAS

What are three types of sensitive information? (Choose three.)

PII,business,classified

What are two common hash functions? (Choose two.)

SHA,MD5

What type of attack targets an SQL database using the input field of a user?

SQL injection

Which three protocols use asymmetric key algorithms? (Choose three.)

Secure Shell (SSH),Pretty Good Privacy (PGP),Secure Socket Layer (SSL)

What are two common indicators of spam mail? (Choose two.)

The email has misspelled words or punctuation errors or both.

Which two reasons describe why WEP is a weak protocol? (Choose two.)

The key is static and repeats on a congested network.,The key is transmitted in clear text.

A user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username and password and the user is able to log in. What is the danger in proceeding with this transaction?

The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.

True or False. A Subject who exploits a vulnerability perpetrates an attack on the system.

True

True or False. Data owner: responsible for the security and use of a particular set of information .

True

True or False. It is impossible to obtain perfect security.

True

True or False. The primary mission of information security is to ensure systems and contents stay the same.

True

True or False. To achieve balance, level of security must allow reasonable access, yet protect against threats.

True

What is a secure virtual network called that uses the public network?

VPN

What is the difference between a virus and a worm?

Worms self-replicate but viruses do not.

What occurs on a computer when data goes beyond the limits of a buffer?

a buffer overflow

What is the meaning of the term logic bomb?

a malicious program that uses a trigger to awaken the malicious code

A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?

a type of ransomware

What does the term vulnerability mean?

a weakness that makes a target susceptible to an attack

What are three access control security services? (Choose three.)

accounting,authorization,authentication

What is the name for the type of software that generates revenue by generating annoying pop-ups?

adware

What encryption algorithm uses one key to encrypt data and a different key to decrypt data?

asymmetric

What service determines which resources a user can access along with the operations that a user can perform?

authorization

What are the three foundational principles of the cybersecurity domain? (Choose three.)

availability,confidentiality,integrity

What is the name given to a program or program code that bypasses normal authentication?

backdoor

What are three examples of administrative access controls? (Choose three.)

background checks,policies and procedures,hiring practice

Which three processes are examples of logical (technical) access controls? (Choose three.)

biometrics to validate physical characteristics,intrusion detection system (IDS) to watch for suspicious network activity,firewalls to monitor traffic

Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time?

block

An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?

bluesnarfing

What does the term BYOD represent?

bring your own device

Which method tries all possible passwords until a match is found?

brute force

What principle prevents the disclosure of information to unauthorized people, resources, and processes?

confidentiality

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

cross-site scripting

What is the term used to describe the science of making and breaking secret codes?

cryptology

What three tasks are accomplished by a comprehensive security policy? (Choose three.)

defines legal consequences of violations,gives the security staff the backing of management,sets rules for expected behavior

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

deterrent

A recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person?

digital signature

Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.)

education,medical,employment

What are two methods that ensure confidentiality? (Choose two.)

encryption,authentication

A user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table ​must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing?

entity integrity

What name is given to hackers who hack for a cause?

hactivist

Which two methods help to ensure data integrity? (Choose two.)

hashing,data consistency checks

What are the three states of data? (Choose three.)

in-process,in-transit,at rest

Which two terms are used to describe cipher keys? (Choose two.)

key space,key length

What term is used to describe the technology that replaces sensitive information with a nonsensitive version?

masking

What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?

modification

What does a rootkit modify?

operating system

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

phishing

A recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website?

poor input validation

What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?

privacy

What three design principles help to ensure high availability? (Choose three.)

provide for reliable crossover,eliminate single points of failure,detect failures as they occur

What are three type of attacks that are preventable through the use of salting? (Choose three.)

rainbow tables,lookup tables,reverse lookup tables

What name is given to an amateur hacker?

script kiddie

Thwarting cyber criminals includes which of the following? (Choose two.)

sharing cyber Intelligence information,establishing early warning systems

Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?

smishing

What is a method of sending information from one device to another using removable media?

sneaker net

What is the term used to describe an email that is targeting a specific person employed at a financial institution?

spear phishing

A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?

spyware

What term is used to describe concealing data in another file such as a graphic, audio, or other text file?

steganography

What type of cipher encrypts plaintext one byte or one bit at a time?

stream

Which three devices represent examples of physical access controls? (Choose three.)

swipe cards,video cameras,locks

What encryption algorithm uses the same pre-shared key to encrypt and decrypt data?

symmetric

What is the purpose of CSPRNG? Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)

to generate salt

What is the name of the method in which letters/messages are rearranged to create the ciphertext?

transposition

What two methods help to ensure system availability? (Choose two.)

up-to-date operating systems,equipment maintenance

What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)

urgency,intimidation

What mechanism can organizations use to prevent accidental changes by authorized users?

version control

Which term describes the technology that protects software from unauthorized access or modification?

watermarking


Conjuntos de estudio relacionados

Software Engineering Chapter 4 - Software Architecture

View Set

Econ 3010 Chapter 15—The Demand for Factors of Production

View Set

The 10 Most Commonly Used Interview Questions

View Set

Philosophy Final Exam Review Questions

View Set

NC's - Marine Diesel Engines - Chapter 3 - Routine Maintenance

View Set