443 Before 1st

Cryptography can help the following security components except:

Availability

A modem is a device that converts analog to digital. There are different types of modems. Why is particular attention to cable modem?

Because it is a shared medium

Why is the RSA algorithm considered secure?

Because it is difficult to factor N to two prime numbers

Which one of these algorithms was created in canada?

CAST

What is XKMS?

A service that handle PKI operations within the XML environment

What is the correct block size and a possible key size in AES?

128 bit block, 128 bit key

In Diffie-Hellman Algorithm, Alice and Bob agrees to use N = 11 and G = 2. Alice picks 4 and bob picks 3 as their private keys. They eventually agree on the shared secret value of 4. In the meanwhile, they have to exchange public keys. What is the value you get when you add the two public key values?

13

To use a symmetric key system, one key is needed, when you need 10 people, how many keys do you need?

45

A user recieves an email warning of a dangerous computer virus and instructing the user to delete files it claims were put there by the virus. However, the files are critical. Which term is this?

A hoax

What is a digital certificate?

A means of establishing an association between the subject's identity and a public key

Which statement describes how reverse social engineering is accomplished?

An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.

Which statement describes an example of a poor security practice?

An employee creates a good password and then uses it for all accounts

Which statement is true of an ionization fire detection device?

An ionization fire detection device detects fast-burning fires

Which security principle refers to the concept that each and every request should be verified?

Complete mediation

Tunneling encapsulates packets within packets. What security goal does it serve?

Confidentiality

The CIA of security includes:

Confidentiality, Integrity, Availability

What is the correct description about SIEM (Security Information and Event Management)?

Correlation of events across disparate sources

MS Attack Surface Analyzer allows you to take a "snap shot" of security related information on a system. Which security policy is closely related to this tool?

Change Management Policy

What is the best way to break mono-alphabetic substitution cipher such as Caesar cipher?

Frequency Analysis

Data must be protected in all 3 stages of life such as in transit, at rest, in use. Which method is least effective in protecting data IN USE?

Encryption

Which term describes interface between a virtual machine and the host machine hardware?

Hypervisor

Which one of these is not a security concern for switch?

False positives

To enable an understanding of the level of protection, which data policy is most relevant?

Data ownership policy

Which security principle is characterized by the use of multiple, different defense mechanisms with a goal of improving the defensive response to an attack?

Defense in depth

Which security tenet applies to physical barriers(wall, man trap, etc.) best?

Defense in depth

The process for protecting intellectual property from unauthorized use is called

Digital Rights Management

What application of encryption verifies that a document was sent by the person it says it is form?

Digital Signatures

The rainbow table attack on password can be prevented using:

Double hash

Which term generally refers to the standard of care a business is expected to exercise in preparation for a business transaction?

Due diligence

Which one of the following is correct about public key algorithms?

ECC is one of the public key algorithms

What condition is described by the van Eck phenomenon and studied under TEMPEST?

Electromagnetic eavesdropping

Which term refers to the disturbance on an electrical circuit caused by that circuit's reception of electromagnetic radiation?

Electromagnetic interference

What is the process of giving keys to a third party so that they can decrypt and read sensitive information?

Key escrow

Which human resources policy is most likely to reveal a fraud by employees?

Mandatory Vacation Policy

A certificate can be revoked when its validity needs to be ended before its actual expiration date is met. Two methods are used for this purpose, that is, CRL and OCSP. What is the advantage of OCSP over CRL?

OCSP is faster

What is PKCS?

One of the standards in implementing a public key infrastructure

Windows NTLM hash is better than LANMAN hash thanks to the following improvements. Find the one that is not.

Password salt is added

Among the security rules, which one is the highest level?

Policies

An attacker is able to decrypt a message by finding a key that was not securely stored and should have been revoked. This is the result of:

Poor key management

What five phases should be covered in the incident response policy?

Preparation, detection, containment, and eradication, recovery, and follow-up actions

Which of the following is a critical concept common to all PKIs?

Private keys must remain private

What occurrence activates a photoelectric fire detector?

Smoke

ICMP can suffer from a denial-of-service attack. Which one is the name of the ICMP attack?

Smurf

Find a correct description about hashing.

SHA-1 creates 160-bit message digest

The rise of which of the following has greatly increased the number of individuals who probe organizations looking for vulnerabilities to exploit?

Script Kiddies

What is the definition of clean desk policy?

Sensitive information must not be left unsecured and unattended in the work area.

The term used to describe the requirement that different portions of a critical process must be performed by different people is :

Separation of duties

Which of the following is a contractual agreement between entities that describes specified levels of service that the servicing entity agrees to guarantee for the customer?

Service level agreement

Which is a correct description about session keys?

Session keys are exchanged by public key algorithms

Which security model addresses integrity?

Simple Security

Warfare conducted against the information and information processing equipment used by an adversary is known as:

Information Warfare

Among the following statements about cybersecurity, find a wrong description.

Insiders are less dangerous than outside intruders.

Alice sends Bob a message along with an MD5 hash of the message. Upon receipt, Bob runs the MD5 hashing algorithm and finds that the hash matches the one sent by Alice. This application of encryption is an example of:

Integrity

An in-house certificate authority is a CA that:

Is maintained and controlled by the company that implements it

A one-time pad:

Is theoretically impossible to crack

Find a correct description about IDS(Intrusion Detection System).

It can detect attacks in real time

What is the capability of DLP(Data Loss Prevention)?

It can prevent transfer of data across an enterprise

What is the advantage of VLAN?

It can reconfigure the network without relocating the machines

Separation of duties is the application of separation of privilege to the people side of the security function. For this, more than one individual needs to be involved. What is the correct observation on separations of duty?

It increases the cost

What is the benefit of using community cloud in comparison with private cloud?

It is more cost-effective

TCP communication starts with three-way handshaking. What is the purpose of it?

To establish initial sequence number

What is the purpose of "least privilege" security tenet?

To limit the amount of damage

What is the purpose of ARP

To map MAC addresses to IP addresses

What is the purpose of using private IP addresses with NAT?

To mitigate the IP address depletion problem

Which term describes a category of attacks that generally are conducted over short periods of time (lasting at most a few months), involve a smaller number of individuals, have little financial backing, and are accomplished by insiders or outsiders who do not seek collusion with insiders?

Unstructured threat category

Which statement identifies the best defense to prevent information from being obtained in a shoulder surfing attack?

Users should be aware of their surroundings and not allow individuals to get into a position from which they can observe what the user is entering.

Which term is used when an attacker attempts to get credit card numbers using telephone and voice technologies?

Vishing

Which item is not an example of a clean agent file suppressor?

Water Vapor

Which device applies security policies specifically to HTTP/HTTPS traffic?

Web Application Firewall

Which term refers to an attack conducted against a site with software that is vulnerable to a specific exploit?

Specific target attack

If the root CA's private key were compromised, what would happen? - Subordinate CAs and end users would be unaffected. - Subordinate CAs would also be compromised, but users would be unaffected. - Subordinate CAs and end users would be affected. - Only the root CA would be affected.

Subordinate CA's and end users would be affected

In which of the following is an attacker looking for any organization vulnerable to a specific exploit rather than attempting to gain access to a specific organization?

Target of Opportunity Attack

Which one described DNS correctly?

The mapping information can be cached in any name server

Which statement accurately describes how pharming is accomplished?

The user is directed to a fake web site as a result of modification of local host files, which are used to convert URLs to the appropriate IP address

Which statement describes the security risk of installing games on an organization's system?

The software may contain a piece of malicious code capable of opening a backdoor

Which term refers to the combination of matching authentication items such as a token and a biometric?

multiple-factor authentication

When a message sent by a user is digitally signed with a private key, the person will not be able to deny sending the message. This application of encryption is an example of:

nonrepudiation

In RSA algorithm, given a public key (e), you need to create a private key (d). Let p= 11, q = 3, and n = 33. Consequently, the Totient function φ(n) value is 20 (=10 * 2). If you choose e = 3, what is the d value? (Hint: Find d so that d * e = 1 mod φ(n). )

d = 7

Which confidentiality model is defined by controlling read and write access based on conflict of interest rules?

Brewer-Nash security model

Hashing algorithms are most likely to be compromised:

By a collision attack

A corporate spy copies proprietary information into a text file and then hides the text file in an image file. The image file is then posted on the company's web site for others who know where to look to extract the information. This is the example of the use of - Social engineering - Steganography - Cryptography - Cryptanalysis

Steganography

Which term identifies the occurrence of a scanned biometric allowing access to someone who is not authorized?

false positive

What is a certification authority?

A third party that issues digital certificates

Which term refers to any media used to boot a computer into an operation system that is not the native OS on its harddrive?

Bootdisk

Which of the following is a physical security threat?

Cleaning crews are allowed unsupervised access because they have a contract

Doors are part of a physical security system. Which is an incorrect description about door security?

Fail-secure doors are locked when the power is off, so people can't exit the room

What is the best practice for the machines in the DMZ?

Firewalls are still needed around the DMZ

What is a good way to reduce the chance of a successful social engineering attack?

Implement a strong security education and awareness training program.

Choose an incorrect description on AES.

It simulates one-time pad

In terms of physical security, which term refers to protecting important assets by using multiple perimeters?

Layered access

Which of the following concepts requires users and system processes to use the minimal amount of permission necessary to function?

Least privilege

What is the name of the common reference protocol stack composed of 7 layers

Open Systems Interconnection

In designing cryptographic algorithms, which security principle is most applicable?

Open design

Which equation describes the operation model of security?

Protection+Prevention+(Detection+Response)

A public key infrastructure:

Provides all of the components for entities to communicate securely and predictably

Unified Threat Management (UTM) devices integrate the following function. Choose the one that is not included.

RADIUS

Which term refers to quarantine or isolation of a system from its surroundings?

Sandboxing

The Bell-LaPadula security model is an example of a security model that is based on:

The confidentiality of the data

Which firmware interface allows secure boot, which allows only digitally signed drivers and OS loaders to be used during the boot process?

UEFI