Cyber Essentials

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which method tries all possible passwords until a match is found?

brute force

A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?

a type of ransomware

What does the term vulnerability mean?

a weakness that makes a target susceptible to an attack

What are three examples of administrative access controls? (Choose three.)

background checks, hiring practices, and policies and procedures

Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time?

block

Which two methods help to ensure data integrity? (Choose two.)

hashing and data consistency checks

Which two terms are used to describe cipher keys? (Choose two.)

key length, and key space

What mechanism can organizations use to prevent accidental changes by authorized users?

version control

Which term describes the technology that protects software from unauthorized access or modification?

watermarking

An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?

bluesnarfing

A user has completed a six month project to identify all data locations and catalog the location. The next step is to classify the data and produce some criteria on data sensitivity. Which two steps can the user take to classify the data? (Choose two.)

stablish the owner of the data and Identify sensitivity of the data.

What term is used to describe concealing data in another file such as a graphic, audio, or other text file?

steganography

What is the difference between a virus and a worm?

Worms self-replicate but viruses do not.

What occurs on a computer when data goes beyond the limits of a buffer?

a buffer overflow

Match the type of multifactor authentication with the description.

a fingerprint scan; something you are a password; something you know a security key fob;something you have

What is the meaning of the term logic bomb?

a malicious program that uses a trigger to awaken the malicious code

A user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement?

5

A user is evaluating the security infrastructure of a company and notices that some authentication systems are not using best practices when it comes to storing passwords. The user is able to crack passwords very fast and access sensitive data. The user wants to present a recommendation to the company on the proper implementation of salting to avoid password cracking techniques. What are three best practices in implementing salting? (Choose three.)

A salt must be unique, A salt should not be reused, and A salt should be unique for each password.

Which 128-bit block cipher encryption algorithm does the US government use to protect classified information?

AES

What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence?

Analyze

What does the term BYOD represent?

Bring Your Own Device

A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?

Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.

What is the step by step process for creating a digital signature?

Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

Cross-site scripting

What type of attack uses many systems to flood the resources of a target, thus making the target unavailable?

DDoS

Which asymmetric algorithm provides an electronic key exchange method to share the secret key?

Diffie-Hellman

What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?

ECC

A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use?

HMAC

A company is concerned with traffic that flows through the network. There is a concern that there may be malware that exists that is not being blocked or eradicated by antivirus. What technology can be put in place to detect potential malware traffic on the network?

IDS

What does the acronym IoE represent?

Internet of Everything

What is a strength of using a hashing function?

It is a one-way function and not reversible.

What are two ways to protect a computer from malware? (Choose two.)

Keep software up to date and Use antivirus software

An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?

The data in the image is an exact copy and nothing has been altered by the process.

What are two common indicators of spam mail? (Choose two.)

The email has no subject line and The email has misspelled words or punctuation errors or both

Which two reasons describe why WEP is a weak protocol? (Choose two.)

The key is transmitted in clear text and The key is static and repeats on a congested network.

A user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username and password and the user is able to log in. What is the danger in proceeding with this transaction?

The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.

What is a secure virtual network called that uses the public network?

VPN

A user needs to add redundancy to the routers in a company. What are the three options the user can use? (Choose three.)

VRRP, GLBP, and HSRP

What is the name for the type of software that generates revenue by generating annoying pop-ups?

adware

What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?

algorithm

What encryption algorithm uses one key to encrypt data and a different key to decrypt data?

asymmetric

What are the three states of data? (Choose three.)

at rest, in-transit, and in-process

What are two methods that ensure confidentiality? (Choose two.)

authentication and encryption

What are three access control security services? (Choose three.)

authentication, accounting, and authorization

What service determines which resources a user can access along with the operations that a user can perform?

authorization

What are the three foundational principles of the cybersecurity domain? (Choose three.)

availability, integrity, and confidentiality

What is the name given to a program or program code that bypasses normal authentication?

backdoor

What are three types of sensitive information? (Choose three.)

business, classified, and PII

What principle prevents the disclosure of information to unauthorized people, resources, and processes?

confidentiality

What is the term used to describe the science of making and breaking secret codes?

cryptology

What three tasks are accomplished by a comprehensive security policy? (Choose three.)

defines legal consequences of violations, gives security staff the backing of management, and sets rules for expected behavior

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

deterrent

A recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person?

digital signature

A user downloads an updated driver for a video card from a website. A warning message pops up saying the driver is not approved. What does this piece of software lack?

digital signature

What three design principles help to ensure high availability? (Choose three.)

eliminate single points of failure, provide for reliable crossover, and detect failures as they occur

A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing?

layered

What are three type of attacks that are preventable through the use of salting? (Choose three.)

lookup tables, rainbow tables, and reverse lookup tables

What term is used to describe the technology that replaces sensitive information with a nonsensitive version?

masking

Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.)

medical, education, and employment

What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?

modification

What does a rootkit modify?

operating system

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

phishing

A recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website?

poor input validation

What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?

privacy

A user is a consultant who is hired to prepare a report to Congress as to which industries should be required to maintain five nine availability. Which three industries should the user include in a report? (Choose three.)

public safety, healthcare, and finance

A user is asked to evaluate the security posture of a company. The user looks at past attempts to break into the company and evaluates the threats and exposures to create a report. Which type of risk analysis could the user perform?

qualitative

What name is given to a amateur hacker?

script kiddie

A user is instructed by a boss to find a better method to secure passwords in transit. The user has researched several means to do so and has settled on using HMAC. What are the key elements needed to implement HMAC?

secret key and message digest

Thwarting cyber criminals includes which of the following

sharing cyber Intelligence information and establishing early warning systems

Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?

smishing

What is a method of sending information from one device to another using removable media?

sneaker net

For the purpose of authentication, what three methods are used to verify identity? (Choose three.)

something you know, something you have, something you are

What is the term used to describe an email that is targeting a specific person employed at a financial institution?

spear phishing

A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?

spyware

What type of cipher encrypts plaintext one byte or one bit at a time?

stream

A user was hired as the new security officer. One of the first projects was to take inventory of the company assets and create a comprehensive database. Which three pieces of information would the user want to capture in an asset database? (Choose three.)

workstations, hardware network devices, and operating systems

What is the standard for a public key infrastructure to manage digital certificates?

x.509

What is an example of an Internet data domain?

Linkedin

What are two common hash functions? (Choose two.)

MD5 and SHA

What name is given to a storage device connected to a network?

NAS

Identify three situations in which the hashing function can be applied. (Choose three.)

PKI, IPsec, and CHAP

A user is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. The user wants to offer a better solution to provide fault tolerance during a drive failure. Which solution is best?

RAID

What are three NIST-approved digital signature algorithms? (Choose three.)

RSA, DSA, and ECDSA

What type of attack targets an SQL database using the input field of a user?

SQL injection

Which three protocols use asymmetric key algorithms? (Choose three.)

Secure Sockets Layer (SSL), Secure Shell (SSH), and Pretty Good Privacy (PGP)

A user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table ​must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing?

entity integrity

What are three validation criteria used for a validation rule? (Choose three.)

format, size, and range

What is identified by the first dimension of the cybersecurity cube?

goals

What name is given to hackers who hack for a cause?

hactivist

Which three processes are examples of logical access controls? (Choose three.)

intrusion detection system (IDS) to watch for suspicious network activity, firewalls to monitor traffic, and biometrics to validate physical characteristics

A user is evaluating the network infrastructure of a company. The user noted many redundant systems and devices in place, but no overall evaluation of the network. In a report, the user emphasized the methods and configurations needed as a whole to make the network fault tolerant. What is the type of design the user is stressing?

resilient

Alice and Bob use the same password to login into the company network. This means both would have the exact same hash for their passwords. What could be implemented to prevent both password hashes from being the same?

salting

Match the description with the correct term. (Not all targets are used.)

steganography- hiding data within an audio file steganalysis- discovering that hidden information exists within a graphic file social steganography- creating a message that says one thing but means something else to a specific audience obfuscation- making a message confusing so its harder to understand

Which three devices represent examples of physical access controls? (Choose three.)

swipe cards, locks, and video cameras

What encryption algorithm uses the same pre-shared key to encrypt and decrypt data?

symmetric

What three methods help to ensure system availability? (Choose three.)

system backups, equipment maintenance, up-to-date operating systems

What is the purpose of CSPRNG?

to generate salt

The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?

transference

What is the name of the method in which letters are rearranged to create the ciphertext?

transposition

What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)

urgency and intimidation


Kaugnay na mga set ng pag-aaral

Maslow's hierarchy of needs includes all of the following except:

View Set

How to Calculate Mortgage Amortization

View Set

ch 4 health promotion for the developing child

View Set

Portfolio Management: Module 53: Systematic Risk and Beta, CAPM and the SML

View Set

AH1 MOD 6 CARDIO Shock Iggy NCLEX, Iggy Chp 35 - Care of Patients with Cardiac Problems, CH 33, 35 Cardiac, Nursing Management: Coronary Artery Disease and Acute Coronary Syndrome, Nursing Assessment: Cardiovascular System

View Set