Cybersecurity Essentials chapter 2, part 1

If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?

CFAA

What are two ways to protect a computer from malware? (Choose two.)

Keep software up to date. Use antivirus software.

What three design principles help to ensure high availability? (Choose three.)

eliminate single points of failure detect failures as they occur provide for reliable crossover

What three methods help to ensure system availability? (Choose three.)

equipment maintenance up-to-date operating systems system backups

What three tasks are accomplished by a comprehensive security policy? (Choose three.)

gives security staff the backing of management is not legally binding defines legal consequences of violations

Which two methods help to ensure data integrity? (Choose two.)

hashing, data consistency checks

An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve?

improving reliability and uptime of the servers

What are the three states of data? (Choose three.)

in-transit in-process at rest

What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?

Asset Standardization

What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?

Authentication

What are three access control security services? (Choose three.)

Authentication, authorization, accounting

What service determines which resources a user can access along with the operations that a user can perform?

Authorization

What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?

Backup

A user is asked to analyze the current state of a computer operating system. What should the user compare the current operating system against to identify potential vulnerabilities?

Baseline

A user calls the help desk complaining that an application was installed on the computer and the application cannot connect to the Internet. There are no antivirus warnings and the user can browse the Internet. What is the most likely cause of the problem?

Computer Firewall

What are the three foundational principles of the cybersecurity domain? (Choose three.)

Confidentiality, Integrity and Availability

Type of storage most vulnerable to malicious attacks

DAS

critical data should not be stored on this type of storage

DAS

Which service will resolve a specific web address into an IP address of the destination web server?

DNS

detect failures as they occur provide for reliable crossover eliminate single points of failure

Design Principles which insure high availability

A consultant is hired to make recommendations on managing device threats in a company. What are three general recommendations that can be made? (Choose three.)

Enable automated antivirus scans. Disable administrative rights for users. Enable screen lockout.

What are two methods that ensure confidentiality? (Choose two.)

Encryption authentication

A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?

FERPA

As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?

GLBA

What is identified by the first dimension of the cybersecurity cube?

Goals

A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?

HMAC

Which hashing technology requires keys to be exchanged?

HMAC

What name is given to a storage device connected to a network?

NAS

A breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection?

PCI DSS

What are three types of sensitive information? (Choose three.)

PII classified business

protect you from an organization that may want to share your information

Privacy laws

A company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage the user threats. What three things might be put in place to manage the threats? (Choose three.)

Provide security awareness training. Use content filtering. Disable CD and USB access.

Which technology would you implement to provide high availability and redundancy on local servers for data storage?

RAID

Types of network storage which are secure but complicated to set up

RAID, NAS and SAN

A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?

Rogue Access Point

What are two common hash functions? (Choose two.)

SHA MD5

Which hashing algorithm is recommended for the protection of sensitive, unclassified information?

SHA-256

You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select?

SHA-256

An administrator of a small data center wants a flexible, secure method of remotely connecting to servers.Which protocol would be best to use?

SSH (Secure Shell)

A company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software?

SaaS

Uses removable media to physically move data from one computer to another

Sneaker Net

Being able to maintain availability during disruptive events describes which of the principles of high availability?

System resiliency

sets rules for expected behavior defines legal consequences of violations gives security staff the backing of management

Tasks of a Comprehensive Security Plan

What is a feature of a cryptographic hash function?

The hash function is a one-way mathematical function.

A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.)

Updates cannot be circumvented. Administrators can approve or deny patches. Updates can be forced on systems immediately.

The company has many users who telecommute. A solution needs to be found so a secure communication channel can be established between the remote location of users and the company. What is a good solution for this situation?

VPN

What mechanism can organizations use to prevent accidental changes by authorized users?

Version Control

A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks?

Vulnerability Scanner

What are two methods that ensure confidentiality? (Choose two.)

authorization authentication

What are three disclosure exemptions that pertain to the FOIA? (Choose three.)

confidential business information national security and foreign policy information law enforcement records that implicate one of a set of enumerated concerns

What principle prevents the disclosure of information to unauthorized people, resources, and processes?

confidentiality

What are two incident response phases? (Choose two.)

containment and recovery detection and analysis

What three services does CERT provide? (Choose three.)

develop tools, products, and methods to conduct forensic examinations resolve software vulnerabilities develop tools, products, and methods to analyze vulnerabilities

What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?

digital certificate

As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?

laws governing the data

What name is given to any changes to the original data such as users manually changing data, programs processing and changing data, and equipment failures?

modification

Keeping data backups offsite is an example of which type of disaster recovery control?

preventive

limit the amount of information that a firm can obtain about a consumer and specify how that information can be used or shared

privacy laws

There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive?

the New York Stock Exchange

something you know something you have something you are

three methods used to verify identity

What are two potential threats to applications? (Choose two.)

unauthorized access data loss

What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)

urgency intimidation