cybersecurity
Which statement describes a characteristics of block ciphers?
Block ciphers result in output data that is larger than the input data most of the time.
What are two methods that ensure confidentiality? (Choose two.)
encryption authentication
What two methods help to ensure system availability? (Choose two.)
equipment maintenance up-to-date operating systems
Thwarting cyber criminals includes which of the following? (Choose two.)
establishing early warning systems sharing cyber Intelligence information
Which three processes are examples of logical access controls? (Choose three.)
firewalls to monitor traffic biometrics to validate physical characteristics intrusion detection system (IDS) to watch for suspicious network activity
What does the term BYOD represent?
bring your own device
What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?
modification
Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?
new pre-shared key
What does a rootkit modify?
operating system
What is a method of sending information from one device to another using removable media?
sneaker net
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
sniffing
What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?
social engineering
a security key fob
something you have
What is the term used to describe an email that is targeting a specific person employed at a financial institution?
spear phising
What is an impersonation attack that takes advantage of a trusted relationship between two systems?
spoofing
steganography
hiding data within an audio file
social steganography
hiding in plain sight. content is publicly assessable but the meaning is not.
What are the two most effective ways to defend against malware? (Choose two.)
Update the operating system and other application software. Install and update antivirus software.
What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?
algorithm
What is identified by the first dimension of the cybersecurity cube?
goals
What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)
intimidation urgency
Which three devices represent examples of physical access controls? (Choose three.)
locks swipe cards video cameras
A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?
look for unauthorized account
What mechanism can organizations use to prevent accidental changes by authorized users?
version control
Which term describes the technology that protects software from unauthorized access or modification?
watermaking
In which situation would a detective control be warranted?
when the organization needs to look for prohibited activity
A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with?
white hat hackers
Which access control strategy allows an object owner to determine whether to allow access to the object?
DAC
A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?
3DES
Which technology can be implemented as part of an authentication system to verify the identification of employees?
A smart card reader
Which 128-bit block cipher encryption algorithm does the US government use to protect classified information?
AES
Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume?
AES
Which asymmetric algorithm provides an electronic key exchange method to share the secret key?
Diffie-Hellman
A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?
Dos
Which technology can be used to ensure data confidentiality?
Encryption
A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?
Implement a firewall
What name is given to a storage device connected to a network?
NAS
Which three protocols use asymmetric key algorithms? (Choose three.)
PGP SSL SSH
What does the term vulnerability mean?
a weakness that makes a target susceptible to an attack
An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?
administrative
What encryption algorithm uses one key to encrypt data and a different key to decrypt data?
asymmetric
What is the name given to a program or program code that bypasses normal authentication?
backdoor
Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?
black hat hackers
What principle prevents the disclosure of information to unauthorized people, resources, and processes?
confidentiality
A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?
deterrent
Steganalysis
discovering that hidden information exists within audio file
What name is given to hackers who hack for a cause?
hactivist
Which two methods help to ensure data integrity? (Choose two.)
hashing data consistency checks
What is an example of early warning systems that can be used to thwart cybercriminals?
Honeynet project
a fingerprint scan
Something you are
What is the difference between a virus and a worm?
Worms self-replicate but viruses do not
What is the meaning of the term logic bomb?
a malicious program that uses a trigger to awaken the malicious code
What term is used to describe the technology that replaces sensitive information with a nonsensitive version?
masking
What name is given to a amateur hacker?
script kiddie
a password
something you know
What term is used to describe concealing data in another file such as a graphic, audio, or other text file?
steganography
What are three access control security services? (Choose three.)
authentication authorization accounting
Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time?
block
An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?
bluesnarfing
What type of application attack occurs when data goes beyond the memory areas allocated to the application?
buffer overflow
What are the three foundational principles of the cybersecurity domain? (Choose three.)
confidentiality integrity availability
A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?
confidentiality, integrity, and availability
Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?
NAC
What type of attack will make illegitimate websites higher in a web search result list?
SEO poisoning
What type of attack targets an SQL database using the input field of a user?
SQL injection
Which statement describes a distributed denial of service attack?"
An attacker builds a botnet comprised of zombies
What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence?
Analyze
What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?
Cross-site scripting
What type of attack uses many systems to flood the resources of a target, thus making the target unavailable?
DDos
An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
VPN
What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?
ECC
What three best practices can help defend against social engineering attacks? (Choose three.)
Educate employees regarding policies. Do not provide password resets in a chat window. resist the urge to click on enticing web links
Which framework should be recommended for establishing a comprehensive information security management system in an organization?
ISO/IEC 27000
What does the acronym IoE represent?
Internet of Everything
Which two terms are used to describe cipher keys? (Choose two.)
Key length key space
What happens as the key length increases in an encryption application?
Keyspace increases exponentially.
What is an example of an Internet data domain?
Which statement best describes a motivation of hacktivists?
They are part of a protest group behind a political cause.
Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.)
They collect sensitive information. They contain personal information.
The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?
a set of attributes that describes user access rights
The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?
hoax
Which method is used by steganography to hide text in an image file?
least significant bit
Smart cards and biometrics are considered to be what type of access control?
logical
Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.)
medical education employment
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?
ramsonware
Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
ransomware
An organization has implemented antivirus software. What type of security control did the company implement?
recovery control
A specialist in the HR department is invited to promote the cybersecurity program in community schools. Which three topics would the specialist emphasize in the presentation to draw students to this field? (Choose three.)
service to the public high earning potential a career-field in high-demand
Alice and Bob are using public key encryption to exchange a message. Which key should Alice use to encrypt a message to Bob?
the public key of Bob
What is the name of the method in which letters are rearranged to create the ciphertext?
transposition
Which two groups of people are considered internal attackers? (Choose two.)
trusted partners ex-employees
Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?
wireless networks
Passwords, passphrases, and PINs are examples of which security term?
authentication
Which access control should the IT department use to restore a system back to its normal state?
corrective
What is the term used to describe the science of making and breaking secret codes?
cryptology
Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?
data masking substitution
What three design principles help to ensure high availability? (Choose three.)
detect failures as they occur provide for reliable crossover eliminate single points of failure
An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?
intimidation
Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication?
packet forgery
Which methods can be used to implement multifactor authentication?
passwords and fingerprints
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
phising
What are three examples of administrative access controls? (Choose three.)
policies and procedures background checks hiring practices
What three tasks are accomplished by a comprehensive security policy? (Choose three.)
sets rules for expected behavior defines legal consequences of violations gives security staff the backing of management
Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?
smishing
Which data state is maintained in NAS and SAN services?
stored data
What are three states of data during which data is vulnerable? (Choose three.)
stored data data in-transit data in-process
What type of cipher encrypts plaintext one byte or one bit at a time?
stream
What encryption algorithm uses the same pre-shared key to encrypt and decrypt data?
symmetric
Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
worm
