Cyber Security Finals

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

While the first and last "Received" headers in an email might identify the ultimate source or destination, what type of information do other "Received" headers provide?

Each identifies an MTA that retrieves the entire email message and forwards it to another MTA.

ASPX is

ASP scripting extended to support Microsoft's .NET framework.

Which one of the following is the best example of an authorization control?

Access control lists

Bob and Alice want to construct a shared secret key using RSA. Which of the following components must Bob use to share the secret with Alice?

Alice's public key alone

Software Development and Security

All the above

Software security standards are used for

All the above

A firewall is trying to block all unauthorized traffic and services. What type of filtering will provide the most thorough restrictions?

Application filtering to block all applications except those allowed, plus any application traffic that appears to implement tunneling

What 2 things do we identify when going through a threat modeling exercise?

Assets and threats

Which of the following is not a common cloud computing problem?

Budget

A cloud deployment that is off premises but for exclusive use of one or more particular organization is called _______?

Community Cloud

CI/CD stands for

Continuous Integration/Continuous Delivery

Vulnerability Scans are conducted in the Build phase of the pipeline.

False

What are the four domains that BSIMM framework consists of:

Governance, Intelligence, SSDL Touchpoints, Deployment

The following are principles of DevSecOps EXCEPT

Implementing Security Controls

In which phase of the data analytics process are AI, ML and Data Mining techniques implemented?

Data analysis

A block cipher algorithm operates more slowly if we change the key every time we use it. Which of the following concepts is most responsible for this delay?

Key Expansion

Which of the following uses TCP as the transport protocol?

Mailbox and delivery

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

What was the first web browser to use public key certificates?

Netscape Navigator

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

In typical applications, does SSL provide application transparency?

No, because the SSL software is traditionally integrated into the application software package and is not supported unless the application specifically provides it.

Bob has purchased a self-encrypting hard drive that always encrypts everything stored on the drive. Bob wants to install a bootable operating system on it and use it on an older computer. The old computer does not allow him to install pre-boot authentication in the BIOS. Will he be able to use the drive?

No, because there is no way to add a plaintext partition to this drive.

Another term used to refer to Descriptive Machine Learning is

Unsupervised learning

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

Vulnerability

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

Warm site

The two software development models are:

Waterfall and agile.

Secure Sockets Layer (SSL) has been replaced by:

Transport Layer Security (TLS).

A Kanban board can help team members visibly see the tasks to do, in progress, and done.

True

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

True

A personnel safety plan should include an escape plan.

True

A public cloud is hosted on hardware shared by multiple customers.

True

Application Security continues even after deployment.

True

Availability and Scalability are benefits of DevOps.

True

Data mining is an interdisciplinary field that employs analytical tools in identifying hidden patterns & anomalies.

True

Jenkins is a tool used to help with continuous integration.

True

Machine learning is the process of 'learning' from past data/experiences in order to predict future

True

True or False? Browsers often store the cookies in individual files, each named for the server that owns the cookie. Whenever the browser visits a particular server, it includes the cookies received from that server.

True

True or False? Cipher block chaining (CBC) is a widely used cipher mode that requires plaintext to be a multiple of the cipher's block size.

True

True or False? Filtering for spam sometimes produces a false positive, in which legitimate email is identified as spam.

True

A subscriber in an Infrastructure as a Service model can be ______

an individual, team, or business unit.

General Public License used for open source software is ______ for sharing proprietary code back to the public.

great concern

Access control protects data on a computer against:

hostile users.

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

Methodologies based on AI / Machine Learning (ML) are needed to detect novel, rare and constantly evolving threats.

True

The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.

True

The system life cycle includes project planning, develop, operations, and disposal.

True

True or False? A DVD player handles all key managements.

True

True or False? A network attack in which someone forges network traffic would be considered an active attack.

True

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?

13

Moore's Law observed that computing power doubled every:

18 Months

Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

2

A DVD's key is encrypted with how many player keys

409

The HTML tag that's required to create a hyperlink is

<a>

Which decryption procedure requires two inputs? Select all that apply.

A key Ciphertext

Which one of the following is an example of a direct cost that might result from a business disruption?

Facility Repair

"Security Operational Measurements" is listed as one of the OWASP Top 10

False

A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.

False

AI has been used in many areas except for in Law

False

Artificial Intelligence (AI) refers to study of the design and creation of effective computer network architectures.

False

Cloud+ exams do not build on the knowledge required for other certification exams.

False

Data stored in an Excel spreadsheet is an example of an unstructured data.

False

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Parallel test

Which of the following is not included in the acronym, LAMP?

Perl

An enterprise would like to leverage cloud solution for managing highly classified data. Which of the following cloud deployment models would be most suitable?

Private Cloud

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?

Reduce

Security Champions can help with which one of the following:

Reduce culture conflict

The S in STRIDE stands for

Spoofing

SAST stands for:

Static Application Security Testing

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?

Supervisory Control and Data Acquisition (SCADA)

Which of the following best describes the basic format of an HTML tag?

Text surrounded by angle brackets

The Enigma was used by the _________ in World War II.

The Germans

Bob connects to his bank's SSL-protected website. The browser reports that the certificate has been revoked. Which of the following may directly cause this?

The bank's private key was stolen by a hacker, and the theft was reported to the certificate authority.

Security testing of applications includes testing for

expected and unexpected actions.

The __________ controls the sending and receiving host address.

host

The field that identifies one record so that others may link to it is often called a

key field

Another term for an SMTP email server is

message transfer agent (MTA).

Digital signatures may be used to provide:

nonrepudiation

In SaaS, consumers have limited admin control and full user level control over applications.

True

Machine Learning is a subset of

Artificial Intelligence

The public school systems in the greater Atlanta region have collectively decided to setup an email system in the cloud for use by their faculty, staff and students. This could be an example of the _______ cloud deployment model.

Community Cloud

What is a key principle of risk management programs?

Don't spend more to protect an asset than it is worth.

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).

False

True or False? A bit-flipping attack is not knowing what the message says and changing it bit by bit.

False

True or False? A browser cookie, usually just called a "browser," is a piece of data stored by a browser on behalf of a web server.

False

True or False? All forgeries can be detected by examining the oldest Received header.

False

When you integrate cloud with a traditional on-premise system, which deployment model are you building?

Hybrid Cloud

Which cloud deployment is the most common?

Hybrid Cloud

The language that's the foundation of most web pages is:

Hypertext Markup Language (HTML)

Mailbox protocols include all of the following, except:

Internet Control Message Protocol (ICMP)

A protocol that establishes security associations (SAs) between a pair of hosts is:

Internet Key Exchange (IKE).

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

The following are threat modeling steps except

SAST and DAST

Gmail is an example of which cloud service offering?

SaaS


Ensembles d'études connexes

Academic Team Full Practice Set 13

View Set

Differences between Plant Cells and Animal Cells-final

View Set

APIC's CPIM Part 1 Practice Exams

View Set

THE ROARING TWENTIES AND THE GREAT DEPRESSION (Vocab Ch. 12-15)

View Set