CIS T
3. Which of the following is true regarding the relationship between security and convenience? I a. Security and convenience are inversely proportional. b. Security and convenience have no relationship. c. Security is less importance than convenience. d. Security and convenience are equal in importance.
a. Correct. The relationship between these two is inversely proportional so that as security is increased, convenience is decreased. b. Incorrect. There is a relationship between seculity and convenience. c. Incorrect. Security is never less important than convenience. d. Incorrect. Security and convenience are not equal in importance.
7. What is data called that is to be encrypted by inputting it into a cryptographic algorithm? a. Plaintext b. Byte-text c. Cleartext d. Ciphertext
a. Correct. Unencrypted data that is input for encryption or is the output of decryption is called plaintext. b. Incorrect. This is fictitious and does not exist. c. Incorrect. Unencrypted data that is not intended to be encrypted is cleartext (it is "in the clear") d. Incorrect. Ciphertext is the scrambled and unreadable output of encryption.
After Bella earned her security certification, she was offered a promotion. As she reviewed the job responsibilities, she saw that in this position she will report to the CISO and will be a supervisor over a group of security technicians. Which of these generally recognized security positions has she been offered? a. Security administrator b. Security technician C. Security officer d. Security manager
a. Incorrect. A security administrator manages daily operations of security technology and may analyze and design security solutions within a specific entity as well as identifying users' needs. b. Incorrect. This position is generally an entry-level position for a person who has the necessary technical skills. Technicians provide technical support to configure security hardware, implement security software, and diagnose and troubleshoot problems. c. Incorrect. A security officer is not one of the generally recognized security positions. d. Correct. The security manager reports to the CISO and supervises technicians, administrators, and security staff.
10. Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network b. through a long-term process that results in ultimate security c. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources d. through products, people, and procedures on the devices that store, manipulate, and transmit the information
a. Incorrect. All analog devices and not just limited analog devices can be protected through security. b. Incorrect. Security never results in ultimate protection. c. Incorrect. The appropriateness of the interaction does not play a role in security. d. Correct. The products, people, and procedures on the devices that store, manipulate, and transmit the information provide the security.
8. Which of the following ensures that only authorized parties can view protected information?
a. Incorrect. Authorization provides approval to access. b. Correct. Confidentiality ensures that only authorized parties can view the information. c. Incorrect. Availability ensures that data is accessible to only authorized users and not to unapproved individuals. d. Incorrect. Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data.
9. Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? a. Black hat hackers b. White hat hackers c. Gray hat hackers d. Red hat hackers
a. Incorrect. Black hat hackers are threat actors who violate computer security for personal gain (such as to steal credit card numbers) or to inflict malicious damage (corrupt a hard drive). b. Correct. Also known as ethical attackers, these white hat hackers attempt to probe a system (with an organization's permission) for weaknesses and then privately provide that information back to the organization. c. Incorrect. Gray hat hackers are attackers who attempt to break into a computer system without the organization's permission (an illegal activity) but not for their own advantage: instead, they publicly
4. Which of the following is FALSE about "security through obscurity"? a. It attempts to hide the existence from outsiders. b. It can only provide limited security. c. It is essentially impossible. d. Proprietary cryptographic algorithms are an example.
a. Incorrect. By making it obscure, the original information cannot be determined. b. Correct. Obfuscation cannot by itself be used as a general cybersecurity protection because it does not provide security, even limited security. c. Incorrect. Because it is essentially impossible to keep secrets from everyone, it will eventually be discovered, and the security compromised.
5. Which of the following is not used to describe those who attack computer systems? a. Threat actor b. Hacker c. Malicious agent d. Attacker
a. Incorrect. In cybersecurity, a threat actor is a term used to describe individuals or entities who are responsible for cyber incidents against the technology equipment of enterprises and users. b. Incorrect. In the past, the term hacker referred to a person who used advanced computer skills to attack computers c. Correct. A threat actor is also called a malicious actor, not a malicious agent. d. Incorrect. The generic term attackers is commonly used.
7. Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose? a. Fortune b. Fame c. Financial gain d. Personal security
a. Incorrect. Later threat actors purposed fortune, not the first cyberattackers. b. Correct. Early cyberattackers were trying to show off their skills to generate fame. C. Incorrect. Financial security is the same as fortune, and later threat actors pursued fortune. d. Incorrect. Threat actors do not try to achieve personal security through their attacks.
5. What is low latency? a. A low-power source requirement of a sensor. b. The time between when a byte is input into a cryptographic cipher and when the output is obtained. c. The requirements for an loT device that is using a specific network. d. The delay between when a substitution cipher decrypts the first block and when it finishes with the last block.
a. Incorrect. Low latency is not a power source requirement. b. Correct. A cryptographic algorithm should have low latency, or a small amount of time that occurs between the time a byte is input into a cryptographic algorithm and the time the output is obtained. c. Incorrect. Low latency is not a requirement for an loT devicE on a network but involves the time to compute the ciphertext. d. Incorrect. Low latency is based on the time for encrypting bytes, and not blocks.
2. Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as? a. Repudiation 5. Nonrepudiation c. Obfuscation d. Integrity
a. Incorrect. Repudiation is defined as denial. b. Correct. Nonrepudiation is the process of proving that a user performed an action, such as sending an email message. Nonrepudiation prevents an individual from fraudulently reneging on an action. c. Incorrect. Obfuscation is making something obscure or unclear. d. Incorrect. Integrity ensures that the information is correct and no unauthorized person or malicious software has altered that data.
3. Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this? a. XOR b. XAND13 c. ROT13 d. Alphabetic
a. Incorrect. The XOR cipher is based on the binary operation eXclusive OR that compares two bits: if the bits are different, a 1 is returned, but if they are identical, then a 0 is returned. b. Incorrect. This is fictitious and does not exist. c. Correct. One type of substitution cipher is ROT13, in which the entire alphabet is rotated 13 steps (A = N. B=0, etc.). d. Incorrect. This is fictitious and does not exist.
1. Which of the following hides the existence of information? a. Encryption b. Decryption c. Steganography d. Ciphering
a. Incorrect. The process of changing the original text into a scrambled message is encryption. b. Incorrect. Decryption is changing a ciphertext message back to its original form. c. Correct. Steganography hides the existence of information. Today steganography often hides data in a harmless image file, an audio file, or even a video file. d. Incorrect. This is fictitious and does not exist.
4. Which of the following of the CIA Triad ensures that the information is correct, and no unauthorized person has altered it? a. Confidentiality b. Integrity c. Availability d. Assurance
b. Correct. Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data. c. Incorrect. Availability ensures that data is accessible only to authorized users and not to unapproved individuals. d. Incorrect. Assurance is not part of the CIA Triad.
6. What are public key systems that generate different random public keys for each session? a. Public Key Exchange (PKE) b. perfect forward secrecy c. Elliptic Curve Diffie-Hellman (ECDH) d. Diffie-Hellman(DH)
b. Correct. Public key systems that generate different random public keys for each session are called perfect forward secrecy. The value of perfect forward secrecy is that if the secret key is compromised, it cannot reveal the contents of more than one message.
6. Which of the following is not true regarding security? a. Security Is a goal. b. Security includes the necessary steps to protect from harm. c. Security is a process. d. Securitv is a war that must be won at all costs.
b. Incorrect. Since complete security can never be fully achieved, the focus of security is more often on the process instead of the goal. In this light, security can be defined as the necessary steps to protect from harm. c. Incorrect. Since complete security can never be fully achieved, the focus of security is more often on the process instead of the goal. d. Correct. Information security should not be viewed as a war to be won or lost. Just as crimes such as burglary can never be completely eradicated, neither can attacks against technology devices. The goal is not a complete victory but, instead, maintaining equilibrium: as attackers take advantage of a weakness in a defense, defenders must respond with an improved defense. Information security is an endless cycle between attacker and defender.
2. Which of the following is false about the CompTIA Security+ certification? a. Security+ is one of the most widely acclaimed security certifications. b. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. c. The Security+ certification is a vendor-neutral credential. d. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.
d. Correct. The value for an IT professional who holds a CompTIA securitv certification is significant. On average, an employee with a CompTIA certification will command a salary that is between 5 to 15 times higher than their counterparts with similar qualifications but lacking a certification.
