1601 final study
Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? 20 22 23 80
22
What is NOT a valid encryption key length for use with the Blowfish algorithm? 32 bits 64 bits 256 bits 512 bits
512 bits
Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? 96.67% 3.33% 99.96% 0.04%
96.67%
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key
Alice's private key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key
Alice's public key
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements? Applying security updates promptly Using encryption for communications Removing IoT devices from the network Turning IoT devices off when not in use
Applying security updates promptly
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? Securing wiring closets Applying patches promptly Implementing LAN configuration standards Applying strong encryption
Applying strong encryption
Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message? Alice's public key Alice's private key Bob's public key Bob's private key
Bob's public key
Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement? Privacy Bring Your Own Device (BYOD) Acceptable use Data classification
Bring Your Own Device (BYOD)
Which information security objective allows trusted entities to endorse information? Validation Authorization Certification Witnessing
Certification
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works? Chosen plaintext Ciphertext only Known plaintext Chosen ciphertext
Chosen plaintext
Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs? Voice over IP (VoIP) Audio conferencing Video conferencing Collaboration
Collaboration
Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals? Payment Card Industry Data Security Standard (PCI DSS) Federal Financial Institutions Examination Council (FFIEC) Federal Information Security Management Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA)
Correct Health Insurance Portability and Accountability Act (HIPAA)
Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions? Health Insurance Portability and Accountability Act (HIPAA) Family Educational Rights and Privacy Act (FERPA) Communications Assistance for Law Enforcement Act (CALEA) Payment Card Industry Data Security Standard (PCI DSS)
Correct Payment Card Industry Data Security Standard (PCI DSS)
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message? Encryption Hashing Decryption Validation
Decryption
Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate? Encryption Decryption Deidentification Aggregation
Deidentification
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key? Rivest, Shamir, Adelman (RSA) Message digest algorithm (MD5) Blowfish Diffie-Hellman
Diffie-Hellman
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)? Distributed denial of service (DDoS) Lost productivity Firewall configuration error Unauthorized remote access
Distributed denial of service (DDoS)
Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries? Wastewater treatment Water supply management E-commerce Agriculture
E-commerce
What mathematical problem forms the basis of most modern cryptographic algorithms? Factoring large primes Traveling salesman problem Quantum mechanics Birthday problem
Factoring large primes
In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries. True or False
False
Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications. True or False
False
The asset protection policy defines an organization's data classification standard. True or False
False
The weakest link in the security of an IT infrastructure is the server. True or False
False
Which one of the following is NOT a market driver for the Internet of Things (IoT)? Global adoption of non-IP networking Smaller and faster computing Growth of cloud computing Advancements in data analytics
Global adoption of non-IP networking
Which element of the security policy framework offers suggestions rather than mandatory actions? Policy Standard Guideline Procedure
Guideline
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature? Elliptic curve Decryption Encryption Hash
Hash
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? Virtual workplace Infrastructure monitoring Health monitoring Supply chain management
Health monitoring
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network? Home agent (HA) Foreign agent (FA) Care of address (COA) Correspondent node (CN)
Home agent (HA)
Which one of the following is NOT a good technique for performing authentication of an end user? Password Biometric scan Identification number Token
Identification number
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve? Confidentiality Integrity Authentication Nonrepudiation
Integrity
Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet? Internet Society Internet Engineering Task Force Internet Association Internet Authority
Internet Engineering Task Force
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion? Security Privacy Interoperability Compliance
Interoperability
Which network device is capable of blocking network connections that are identified as potentially malicious? Intrusion detection system (IDS) Intrusion prevention system (IPS) Demilitarized zone (DMZ) Web server
Intrusion prevention system (IPS)
Which one of the following measures the average amount of time that it takes to repair a system, application, or component? Uptime Mean time to failure (MTTF) Mean time to repair (MTTR) Recovery time objective (RTO)
Mean time to repair (MTTR)
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve? Confidentiality Integrity Authentication Nonrepudiation
Nonrepudiation
Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time? Certificate revocation list (CRL) International Data Encryption Algorithm (IDEA) Transport Layer Security (TLS) Correct Online Certificate Status Protocol (OCSP)
Online Certificate Status Protocol (OCSP)
Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? Password protection Antivirus software Deactivating USB ports Vulnerability scanning
Password protection
Which element of the security policy framework requires approval from upper management and applies to the entire organization? Policy Standard Guideline Procedure
Policy
Which approach to cryptography provides the strongest theoretical protection? Quantum cryptography Asymmetric cryptography Elliptic curve cryptography Classic cryptography
Quantum cryptography
What is NOT a symmetric encryption algorithm? Rivest-Shamir-Adelman (RSA) Data Encryption Standard (DES) International Data Encryption Algorithm (IDEA) Carlisle Adams Stafford Tavares (CAST)
Rivest-Shamir-Adelman (RSA)
Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation? Connect Secure Share Speak
Secure
From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)? Security risks will increase. Security risks will decrease. Security risks will stay the same. Security risks will be eliminated.
Security risks will increase.
Which scenario presents a unique challenge for developers of mobile applications? Applying encryption to network communications Selecting multiple items from a list Obtaining Internet Protocol (IP) addresses Using checkboxes
Selecting multiple items from a list
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using? Platform as a Service (PaaS) Software as a Service (SaaS) Communications as a Service (CaaS) Infrastructure as a Service (IaaS)
Software as a Service (SaaS)
Which set of characteristics describes the Caesar cipher accurately? Asymmetric, block, substitution Asymmetric, stream, transposition Symmetric, stream, substitution Symmetric, block, transposition
Symmetric, stream, substitution
Which one of the following is NOT an example of store-and-forward messaging? Telephone call Voicemail Unified messaging Email
Telephone call
Which term describes any action that could damage an asset? Risk Countermeasure Vulnerability Threat
Threat
Which type of cipher works by rearranging the characters in a message? Substitution Steganographic Transposition Asymmetric
Transposition
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet. True or False
True
For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories. True or False
True
Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available. True or False
True
The System/Application Domain holds all the mission-critical systems, applications, and data. True or False
True
The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy. True or False
True
The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services. True or False
True
Unified messaging allows you to download both voice and email messages to a smartphone or tablet. True or False
True
What is NOT an effective key distribution method for plaintext encryption keys? Paper Unencrypted email CD Smart card
Unencrypted email
Which one of the following is typically used during the identification phase of a remote access connection? Username Password Token Fingerprint
Username
What is the only unbreakable cipher when it is used properly? Rivest-Shamir-Adelman (RSA) Vernam Elliptic Curve Diffie-Hellman in Ephemeral mode (ECDHE) Blowfish
Vernam
What standard is NOT secure and should never be used on modern wireless networks? Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Wi-Fi Protected Access version 2 (WPA2) 802.11ac
Wired Equivalent Privacy (WEP)