CSC Computer Security

Which of the following is true for KRI?

A KRI exceeding its normal bounds is not always an indicator of compromise.

Which of the following can be used to mitigate a limitation of public sharing centers in OSINT?

AIS

Sara is asked to create a controller for light sensors. When the light falls on the sensor, it needs to indicate when a particular object is moved from its original position. For this, she needs a credit card-sized motherboard with a microcontroller on it. Which option should she select?

Arduino

Your organization is planning to be a part of the CISCP program as a partner. As an information security expert in your company, you are approached by your CEO, who wants to understand how the speed limit of public information centers like CISCP is handled. How should you explain how this speed limit is handled to him?

CISCP implements AIS, which resolves the speed limit issue of public information centers.

In which of the following mobile device deployment models are employees supplied a chosen device paid for by their company for both professional and personal use?

COPE

In his technical job interview, Mohan asks about the company policy regarding smartphones. He is told that employees may choose from a limited list of approved devices, but he must pay for the device himself. The company will provide him with a monthly stipend to offset the cost. Which type of enterprise deployment model does this company support?

CYOD

Which of the following mobile device connection methods has a coverage area divided into hexagon-shaped cell transmitters that can measure up to 10 square miles installed in every city?

Cellular telephony network

What is the attack by which attackers use strong algorithms and capture large sets of ciphertexts to analyze and then inject their own frames?

Ciphertext attack

A learning management system application has been written in Python. While running the application code, the specific program or application that converts the program into machine language is called what?

Compiler

Which of the following HTTP response headers provides protection against injection attacks?

Content security policy

Blockchain relies on which cryptographic algorithm to make it computationally infeasible to try to replace a block or insert a new block of information without the approval of all entities involved?

Cryptographic hash algorithms

ABC Enterprise is a global operation. As such, it needs to send regular, confidential messages and data between offices to communicate important market information, employee decisions, financial decisions, etc., for management consideration and senior-level decision making. Since these decisions impact the local employees and global businesses, they suspect that these data may be prone to attacks from threat actors internally and externally. While one of the senior systems administrators suggested implementing steganography to achieve this objective, the IT Department head at another branch suggested implementing cryptography. The management team has now called you for expert advice to select the best method to implement in the enterprise. What should your advice be, and why?

Cryptography should be implemented because it allows information to be viewed only by authorized users and checks whether the information has been altered or changed by anybody. It also makes the information unclear, even if other users see it. Cryptography is a more advanced technology than steganography. These features make cryptography the right choice for the enterprise to implement.

Which of the following is a state of data, where data is transmitted across a network?

Data in transit

John receives an encrypted document using asymmetric cryptography from Alex. Which process should Alex use along with asymmetric cryptography so that John can be sure that the received document is real, from Alex, and unaltered?

Digital signature algorithm

In which attack does an attacker force the system to abandon the current higher-security mode of operation and instead "fall back" to implementing an older, less secure mode?

Downgrade attack

Amaya is looking for a hardware chip or integrated circuit (IC) that can be programmed by the user to carry out one or more logical operations, can be reprogrammed when needed, and can be configured by either the user or designer. Which option should Amaya select?

Field-programmable gate array (FPGA)

Which encryption method in BitLocker prevents attackers from accessing data by booting from another OS or placing the hard drive in another computer?

Full disk encryption

Ramesh is very active on social media. He visits a lot of pages and views a lot of photos. He also uploads most of his photos to social media sites such as Facebook and Instagram. By doing this, he can become a victim of which of the following risks?

GPS tagging

Which of the following is the process of identifying the geographical location of a mobile device?

Geolocation

Photoplethysmography uses which type of light to measure heart rate on a wearable device?

Green

Which of the following encryption methods is external to the device and provides cryptographic services?

HSM

Ramesh is looking for an external device solution where software-based malware won't compromise data. Ramesh has shortlisted a device that meets the criteria and includes an onboard random number generator and key storage facility while backing up sensitive material in encrypted form. Which of the following has Ramesh selected for his solution?

Hardware security module (HSM)

Pooja wants to make a list of confinement tools to ensure her operating system is protected from unknown file and application hazards. Which of the following should NOT be used as a confinement tool?

Honeypots

Through which of the following mobile connection vulnerabilities can attackers eavesdrop on data transmissions and view sensitive information?

Hotspots

While going through the network log, Sarah, a network security administrator, noticed substantial outbound network traffic. Which activity did Sarah perform?

IOC

Johann is heading a project team creating a hospital accounting application using an RDBMS. When the application is tested by the company's software testing team, it is noticed that the application shows vulnerabilities when incorrect values are entered. What should Johann implement to ensure that the incorrect input vulnerabilities are removed, and values are verified before the application sends data to the database?

Implement input validation

An organization is planning a revamp of the existing computer hardware with new ones. The IT manager has informed department heads that some computers have faced BIOS attacks in the past. He has requested help in preventing future BIOS attacks. As an expert, which of these solutions can you use to effectively improve boot security when the new computers are implemented in the network?

Implement measured boot with UEFI

Which of the following is a disadvantage of the secure boot process?

It makes third party non-vendor-approved software difficult to implement.

Which of the following mobile management technologies supports the creation and subsequent editing and modification of digital content by multiple employees and can also include edit history tracking, version control, indexing, and searching?

MCM

Rohan has been appointed as the chief information security officer at a finance company. At a board meeting on "Information Security Policy Design & Enforcement," he proposes a mobile management solution that provides a high degree of control over a device but a lower level of control on the apps. Applying your knowledge of mobile device security, which of the following mobile management technologies should he suggest to fulfill the requirement?

MDM

Which of the following tools allow a mobile device to be managed remotely by an organization and typically involve a server sending out management commands to mobile devices?

MDM

What is meant by "infrastructure as code" in SecDevOps?

Managing software and hardware using principles of developing code

Which of the following boot security modes provides the highest degree of security?

Measured boot

Which one of the following is the most appropriate explanation of photoplethysmography?

Measuring heart rate by tracking changes in green light absorption, since human blood absorbs green light

Which feature of cryptography is used to prove a user's identity and prevent an individual from fraudulently reneging on an action?

Nonrepudiation

What is the secure coding technique that organizes data within the database for minimum redundancy?

Normalization

Which method combines plaintext with a random key to produce the ciphertext?

OTP

Which of the following is a coding technique wherein an application is written so that its functionality is difficult for an outsider to understand?

Obfuscation code

Which of the following is used to create a sequence of numbers whose output is close to a random number?

PRNG

Alice is looking for means of generating random public keys that are different for each session and ensuring that even if the secret key is compromised, it cannot reveal the contents of more than one message. Which of the following is the appropriate solution for Alice?

Perfect forward secrecy

John needs to identify public key systems that generate different, random public keys for each session and, even if a key gets stolen, should not reveal more than one message. Which public key system should John suggest?

Perfect forward secrecy

You download a Word file sent to you through email. When you open the file, the file is in a protected view with the option "Enable Editing" visible on top. This happens due to which of the following confinement tools?

Quarantine

Kainat is asked to suggest a cipher in which the entire alphabet is rotated (as in, A=N, B=O), making it difficult to identify. Which cipher should she suggest?

ROT13

Mary deals with confidential data that needs to be communicated to clients. How should Mary ensure that confidential data is hidden within other data, the hidden data is difficult to identify, and the encrypted data is confidential?

Steganography

Which of the following processes can conceal a file, message, image, or a video within another file, message, image, or a video?

Steganography

John works in a nuclear power plant. He discovered a worm that was actively targeting Windows computers that manage large-scale SCADA systems. The malware attempted to gain administrative access to other computers through the network to control the SCADA system. Which of the following malware can do all this damage?

Stuxnet

Which protocol is used in AIS?

TAXII

Wilson is consulting with Abram to buy a new external storage device for Wilson's enterprise. Wilson gives Abram the following requirements for the device: Allows administrators to remotely prohibit accessing the data on a device if the user is not verified Locks the user out completely the next time the device connects Can instruct the drive to initiate a self-destruct sequence to destroy all data What should Abram suggest to Wilson?

USB device encryption

Which of the following vulnerabilities involves connecting a flash drive infected with malware to a mobile device?

USB-on-the-go (OTG)

Kelly is asked to choose a mobile management tool that provides a single management interface for all applications, content, and device management. Which of the following is the best one-step solution?

Unified environment management (UEM) tool

Alex is working for Alpha Technology as a system administrator. The enterprise's sales team uses multiple external drives, often containing confidential data, that they carry between their offices and their clients' offices. What should Alex do to ensure that data is secure if it is stolen or lost, and why?

Use encrypted USBs in the enterprise because they automatically encrypt the information and give Alex remote access to the drive to monitor and disable the user.

XYZ Company is developing an application. After a few months of initial development, they decide to go through quality assurance testing. The tests show poor results. The developers realize that they have to make changes to their application but to do so, they will have to start their development process all over again. What kind of model are they using?

Waterfall model

Sherlin was asked by his team lead about a method of connecting devices that replaces their current wired local area network (LAN). Which of the following should he suggest?

Wi-Fi

What is the inbuild application available to prevent threat actors from modifying the registry in a Windows 10 operating system?

Windows 10 tamper protection

A cybercriminal attempts to trick a computer's user into sharing their personal information by implementing content to discreetly capture user information over the actual webpage.What should the user implement to avoid this situation?

X-Frame