Information Security Fundamentals Ch. 1-8
A team has been asked to create an incident response plan for security incidents. In what phase of an incident response plan does the team get management approval of the plan? post-incident detection recovery analysis containment preparation
preparation
What name is given to an amateur hacker? blue team red hat black hat script kiddie
script kiddie
A user is instructed by a boss to find a better method to secure passwords in transit. The user has researched several means to do so and has settled on using HMAC. What are the key elements needed to implement HMAC? message digest and asymmetric key symmetric key and asymmetric key IPsec and checksum secret key and message digest
secret key and message digest
What is a method of sending information from one device to another using removable media? wired sneaker net LAN wireless infrared packet
sneaker net
Which service will resolve a specific web address into an IP address of the destination web server? ICMP NTP DNS DHCP
DNS
Match the type of multifactor authentication with the description. a security key fob a fingerprint scan a password
a security key fob>>> something you have a fingerprint scan>>> something you are a password>>> something you know
What encryption algorithm uses one key to encrypt data and a different key to decrypt data? one-time pad asymmetric symmetric transposition
asymmetric
A user calls the help desk complaining that an application was installed on the computer and the application cannot connect to the Internet. There are no antivirus warnings and the user can browse the Internet. What is the most likely cause of the problem? corrupt application computer firewall need for a system reboot permissions
computer firewall
A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented? preventive deterrent masking detective
deterrent
Why should WEP not be used in wireless networks today? its age its lack of encryption its use of clear text passwords its lack of support easily crackable
easily crackable
A user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing? domain integrity entity integrity anomaly integrity referential integrity
entity integrity
Which term describes the technology that protects software from unauthorized access or modification? copyright access control watermarking trademark
watermarking
What name is given to a storage device connected to a network? DAS NAS Cloud RAID SAN
NAS
What name is given to hackers who hack for a cause? white hat hactivist hacker blue hat
hactivist
Why is WPA2 better than WPA? reduced keyspace supports TKIP reduced processing time mandatory use of AES algorithms
mandatory use of AES algorithms
What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures? corruption backup integrity dissemination modification deletion
modification
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? Trojan phishing backdoor vishing social engineering
phishing
Thwarting cyber criminals includes which of the following? (Choose two.) hiring hackers changing operating systems sharing cyber Intelligence information establishing early warning systems shutting down the network
sharing cyber Intelligence information establishing early warning systems
What type of cipher encrypts plaintext one byte or one bit at a time? block enigma stream hash elliptical
stream
What encryption algorithm uses the same pre-shared key to encrypt and decrypt data? hash asymmetric symmetric one-time pad
symmetric
What mechanism can organizations use to prevent accidental changes by authorized users? SHA-1 version control backups encryption hashing
version control
Companies may have different operation centers that handle different issues with the IT operations. If an issue is related to network infrastructure, what operation center would be responsible? HVAC NOC SOC HR
NOC
What are the three states of data? (Choose three.) in-cloud suspended encrypted at rest in-transit in-process
at rest in-transit in-process
What are three types of power issues that a technician should be concerned about? (Choose three.) spark brownout spike flicker blackout fuzzing
brownout spike blackout
What is identified by the first dimension of the cybersecurity cube? goals knowledge safeguards tools rules
goals
What is a vulnerability that allows criminals to inject scripts into web pages viewed by users? SQL injection buffer overflow XML injection Cross-site scripting
Cross-site scripting
Which asymmetric algorithm provides an electronic key exchange method to share the secret key? RSA hashing Diffie-Hellman DES WEP
Diffie-Hellman
A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use? MD5 HMAC SHA256 ISAKMP
HMAC
A company is concerned with traffic that flows through the network. There is a concern that there may be malware that exists that is not being blocked or eradicated by antivirus. What technology can be put in place to detect potential malware traffic on the network? IDS firewall IPS NAC
IDS
What does the acronym IoE represent? Intelligence on Everything Insight into Everything Internet of Everyday Internet of Everything
Internet of Everything
What are two ways to protect a computer from malware? (Choose two.) Use antivirus software. Keep software up to date. Empty the browser cache. Defragment the hard disk. Delete unused software.
Use antivirus software. Keep software up to date.
The company has many users who telecommute. A solution needs to be found so a secure communication channel can be established between the remote location of users and the company. What is a good solution for this situation? PPP fiber T1 modem VPN
VPN
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this? a type of virus a type of logic bomb a type of ransomware a type of worm
a type of ransomware
What are two methods that ensure confidentiality? (Choose two.) nonrepudiation authorization authentication availability encryption integrity
authentication encryption
What principle prevents the disclosure of information to unauthorized people, resources, and processes? accounting confidentiality integrity nonrepudiation availability
confidentiality
What three tasks are accomplished by a comprehensive security policy? (Choose three.) is not legally binding gives security staff the backing of management useful for management defines legal consequences of violations vagueness sets rules for expected behavior
gives security staff the backing of management defines legal consequences of violations sets rules for expected behavior
A security breach has happened at a major corporation. The incident team has responded and executed their incident response plan. During which phase are lessons learned applied? recovery containment analyze detection preparation post-incident
post-incident
What are three type of attacks that are preventable through the use of salting? (Choose three.) guessing phishing social engineering shoulder surfing reverse lookup tables lookup tables rainbow tables
reverse lookup tables lookup tables rainbow tables
A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation? rogue access point user error weak password password policy user laptop
rogue access point
What are three types of sensitive information? (Choose three.) public published classified declassified business PII
classified business PII
A user makes a request to implement a patch management service for a company. As part of the requisition the user needs to provide justification for the request. What three reasons can the user use to justify the request? (Choose three.) no opportunities for users to circumvent updates the need for systems be directly connected to the Internet the likelihood of storage savings the ability of users to select updates the ability to control when updates occur the ability to obtain reports on systems
no opportunities for users to circumvent updates the ability to control when updates occur the ability to obtain reports on systems
A user was hired as the new security officer. One of the first projects was to take inventory of the company assets and create a comprehensive database. Which three pieces of information would the user want to capture in an asset database? (Choose three.) operating systems passwords hardware network devices groups workstations users
operating systems hardware network devices workstations
An intern has started working in the support group. One duty is to set local policy for passwords on the workstations. What tool would be best to use? password policy account policy grpol.msc system administration secpol.msc
secpol.msc
A user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement? 5 1+0 1 0
5
A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.) Patches can be chosen by the user. Patches can be written quickly. Administrators can approve or deny patches. Updates cannot be circumvented. Computers require a connection to the Internet to receive patches. Updates can be forced on systems immediately.
Administrators can approve or deny patches. Updates cannot be circumvented. Updates can be forced on systems immediately.
What is the difference between an HIDS and a firewall? An HIDS works like an IPS, whereas a firewall just monitors traffic. An HIDS blocks intrusions, whereas a firewall filters them. An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems. A firewall performs packet filtering and therefore is limited in effectiveness, whereas an HIDS blocks intrusions. A firewall allows and denies traffic based on rules and an HIDS monitors network traffic.
An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.
What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence? Securely Provision Protect and Defend Oversight and Development Analyze
Analyze
A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded? Distribute the program on a thumb drive. Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded. Turn off antivirus on all the computers. Install the program on individual computers. Encrypt the program and require a password after it is downloaded.
Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.
A new PC is taken out of the box, started up and connected to the Internet. Patches were downloaded and installed. Antivirus was updated. In order to further harden the operating system what can be done? Remove unnecessary programs and services. Install a hardware firewall. Disconnect the computer from the network. Remove the administrator account. Give the computer a nonroutable address. Turn off the firewall.
Remove unnecessary programs and services.
An administrator of a small data center wants a flexible, secure method of remotely connecting to servers.Which protocol would be best to use? Secure Shell Telnet Secure Copy Remote Desktop
Secure Shell
After a security audit for an organization, multiple accounts were found to have privileged access to systems and devices. Which three best practices for securing privileged accounts should be included in the audit report? (Choose three.) Secure password storage. No one should have privileged access. Only managers should have privileged access. Reduce the number of privileged accounts. Only the CIO should have privileged access. Enforce the principle of least privilege.
Secure password storage. Reduce the number of privileged accounts. Enforce the principle of least privilege.
Which three items are malware? (Choose three.) Trojan horse keylogger email virus attachments Apt
Trojan horse keylogger virus
A company wants to implement biometric access to its data center. The company is concerned with people being able to circumvent the system by being falsely accepted as legitimate users. What type of error is false acceptance? false rejection CER Type I Type II
Type II
A user is asked to analyze the current state of a computer operating system. What should the user compare the current operating system against to identify potential vulnerabilities? a whitelist a baseline a blacklist a vulnerability scan a pentest
a baseline
What occurs on a computer when data goes beyond the limits of a buffer? a system exception an SQL injection cross-site scripting a buffer overflow
a buffer overflow
The CIO wants to secure data on company laptops by implementing file encryption. The technician determines the best method is to encrypt each hard drive using Windows BitLocker. Which two things are needed to implement this solution? (Choose two.) password management EFS backup at least two volumes TPM USB stick
at least two volumes TPM
The manager of a department suspects someone is trying to break into computers at night. You are asked to find out if this is the case. What logging would you enable? audit Windows syslog operating system
audit
The manager of desktop support wants to minimize downtime for workstations that crash or have other software-related issues. What are three advantages of using disk cloning? (Choose three.) creates greater diversity cuts down on number of staff needed can provide a full system backup ensures a clean imaged machine ensures system compatibility easier to deploy new computers within the organization
can provide a full system backup ensures a clean imaged machine easier to deploy new computers within the organization
A user is a consultant who is hired to prepare a report to Congress as to which industries should be required to maintain five nine availability. Which three industries should the user include in a report? (Choose three.) healthcare food service education finance retail public safety
healthcare finance public safety
A recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website? bad usernames poor input validation lack of operating system patching weak encryption
poor input validation
What type of cybersecurity laws protect you from an organization that might want to share your sensitive data? nonrepudiation integrity confidentiality privacy authentication
privacy
A user is asked to evaluate the security posture of a company. The user looks at past attempts to break into the company and evaluates the threats and exposures to create a report. Which type of risk analysis could the user perform? objective qualitative subjective opinion
qualitative
A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed? qualitative hardware quantitative exposure factor
quantitative
A criminal is using software to obtain information about the computer of a user. What is the name of this type of software? virus phishing spyware adware
spyware
What type of attack uses many systems to flood the resources of a target, thus making the target unavailable? ping sweep DDoS spoof DoS
DDoS
A user needs to add redundancy to the routers in a company. What are the three options the user can use? (Choose three.) GLBP VRRP HSRP IPFIX RAID STP
GLBP VRRP HSRP
A user is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. The user wants to offer a better solution to provide fault tolerance during a drive failure. Which solution is best? RAID tape backup offsite backup UPS
RAID
A user was hired by a company to provide a highly available network infrastructure. The user wants to build redundancy into the network in case of a switch failure, but wants to prevent Layer 2 looping. What would the user implement in the network? GLBP Spanning Tree Protocol HSRP VRRP
Spanning Tree Protocol
What is the meaning of the term logic bomb? a malicious virus a malicious program that uses a trigger to awaken the malicious code a malicious worm a malicious program that hides itself in a legitimate program
a malicious program that uses a trigger to awaken the malicious code
Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.) medical education employment flight food rock game
medical education employment
What is the purpose of CSPRNG? to process hash lookups to secure a web site to generate salt to prevent a computer from being a zombie
to generate salt
The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing? transference avoidance mitigation reduction
transference
What does a rootkit modify? Notepad Microsoft Word operating system screen savers programs
operating system
What is a secure virtual network called that uses the public network? Firewall IPS IDS MPLS VPN NAC
VPN
A user is asked to create a disaster recovery plan for a company. The user needs to have a few questions answered by management to proceed. Which three questions should the user ask management as part of the process of creating the plan? (Choose three.) What is the process? Does the process require approval? How long does the process take? Can the individual perform the process? Where does the individual perform the process? Who is responsible for the process
What is the process? Where does the individual perform the process? Who is responsible for the process
What is the difference between a virus and a worm? Viruses self-replicate but worms do not. Worms self-replicate but viruses do not. Worms require a host file but viruses do not. Viruses hide in legitimate programs but worms do not.
Worms self-replicate but viruses do not.
What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.) integrity honesty intimidation compassion urgency
intimidation urgency
A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing? attack based layered structured risk based
layered
Which three devices represent examples of physical access controls? (Choose three.) locks firewalls servers swipe cards routers video cameras
locks swipe cards video cameras
What term is used to describe the technology that replaces sensitive information with a nonsensitive version? hiding masking whiteout blanking retracting
masking
Which two methods help to ensure data integrity? (Choose two.) privacy availability authorization hashing repudiation data consistency checks
hashing data consistency checks
What are two common hash functions? (Choose two.) RC4 SHA RSA MD5 ECC Blowfish
SHA MD5
Which three protocols use asymmetric key algorithms? (Choose three.) Telnet Secure Shell (SSH) Advanced Encryption Standard (AES) Secure Sockets Layer (SSL) Pretty Good Privacy (PGP) Secure File Transfer Protocol (SFTP)
Secure Shell (SSH) Secure Sockets Layer (SSL) Pretty Good Privacy (PGP)
What term is used to describe concealing data in another file such as a graphic, audio, or other text file? hiding masking steganography obfuscation
steganography
What is the step by step process for creating a digital signature? Create a message digest; encrypt the digest with the public key of the sender; and bundle the message, encrypted digest, and public key together to sign the document. Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document. Create a message; encrypt the message with a MD5 hash; and send the bundle with a public key. Create a SHA-1 hash; encrypt the hash with the private key of the sender; and bundle the message, encrypted hash, and public key together to signed document.
Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.
What service determines which resources a user can access along with the operations that a user can perform? authentication authorization token biometric accounting
authorization
What are three examples of administrative access controls? (Choose three.) background checks hiring practices intrusion detection system (IDS) guard dogs encryption policies and procedures
background checks hiring practices policies and procedures
Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time? block symmetric transform stream hash
block
What three design principles help to ensure high availability? (Choose three.) use encryption provide for reliable crossover detect failures as they occur eliminate single points of failure check for data consistency ensure confidentiality
provide for reliable crossover detect failures as they occur eliminate single points of failure
What are three NIST-approved digital signature algorithms? (Choose three.) MD5 ECDSA DSA SHA256 RSA SHA1
ECDSA DSA RSA
A recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person? digital signature asymmetric key non-repudiation hashing
digital signature
A user downloads an updated driver for a video card from a website. A warning message pops up saying the driver is not approved. What does this piece of software lack? valid ID digital signature code recognition source code
digital signature
What two methods help to ensure system availability? (Choose two.) integrity checking system resiliency equipment maintenance fire extinguishers up-to-date operating systems system backups
equipment maintenance up-to-date operating system
Match the description with the correct term. steganography steganalysis social steganography obfuscation
steganography>>> hiding data within an audio file steganalysis>>> discovering that hidden information exists within a graphic file social steganography>>> creating a message that says one thing but means something else to a specific audience obfuscation>>> making a message confusing so it is harder to understand
Which three processes are examples of logical access controls? (Choose three.) guards to monitor security screens fences to protect the perimeter of a building intrusion detection system (IDS) to watch for suspicious network activity biometrics to validate physical characteristics firewalls to monitor traffic swipe cards to allow access to a restricted area
intrusion detection system (IDS) to watch for suspicious network activity biometrics to validate physical characteristics firewalls to monitor traffic
What are the three foundational principles of the cybersecurity domain? (Choose three.) encryption security integrity confidentiality availability policy
integrity confidentiality availability
A user is evaluating the network infrastructure of a company. The user noted many redundant systems and devices in place, but no overall evaluation of the network. In a report, the user emphasized the methods and configurations needed as a whole to make the network fault tolerant. What is the type of design the user is stressing? availability resilient comprehensive spanning tree
resilient
Alice and Bob use the same password to login into the company network. This means both would have the exact same hash for their passwords. What could be implemented to prevent both password hashes from being the same? pseudo-random generator RSA peppering salting
salting
Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website? smishing spam grayware impersonation
smishing
For the purpose of authentication, what three methods are used to verify identity? (Choose three.) something you do something you are something you know where you are something you have
something you are something you know something you have
What is the term used to describe an email that is targeting a specific person employed at a financial institution? vishing spyware target phishing spam spear phishing
spear phishing
What is the name of the method in which letters are rearranged to create the ciphertext? enigma substitution transposition one-time pad
transposition
What is the standard for a public key infrastructure to manage digital certificates? x.509 PKI NIST-SP800 x.503
x.509
Which two terms are used to describe cipher keys? (Choose two.) keylogging key randomness key space key length
key space key length
What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU? exhaustion APT DDoS algorithm
algorithm
What is the name given to a program or program code that bypasses normal authentication? backdoor worm ransomware virus Trojan
backdoor
What are three validation criteria used for a validation rule? (Choose three.) encryption format size range key type
format size range
A user is asked to evaluate the data center to improve availability for customers. The user notices that there is only one ISP connection, some of the equipment is out of warranty, there are no spare parts, and no one was monitoring the UPS which was tripped twice in one month. Which three deficiencies in high availability has the user identified? (Choose three.) failure to protect against poor maintenance failure to design for reliability single points of failure failure to detect errors as they occur failure to identify management issues failure to prevent security incidents
? failure to design for reliability failure to detect errors as they occur failure to prevent security incidents
What is an example of an Internet data domain? Linkedin Juniper Cisco Palo Alto
A user is evaluating the security infrastructure of a company and notices that some authentication systems are not using best practices when it comes to storing passwords. The user is able to crack passwords very fast and access sensitive data. The user wants to present a recommendation to the company on the proper implementation of salting to avoid password cracking techniques. What are three best practices in implementing salting? (Choose three.) The same salt should be used for each password. A salt should be unique for each password. Salts should be short. A salt should not be reused. Salts are not an effective best practice. A salt must be unique.
A salt should be unique for each password. A salt should not be reused. A salt must be unique.
Which 128-bit block cipher encryption algorithm does the US government use to protect classified information? AES Vignere Caesar 3DES Skipjack
AES
What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange? IDEA RSA El-Gamal ECC AES
ECC
A user has completed a six month project to identify all data locations and catalog the location. The next step is to classify the data and produce some criteria on data sensitivity. Which two steps can the user take to classify the data? (Choose two.) Treat all the data the same. Establish the owner of the data. Determine the user of the data. Identify sensitivity of the data. Determine permissions for the data. Determine how often data is backed up.
Establish the owner of the data. Identify sensitivity of the data.
What is a strength of using a hashing function? It is a one-way function and not reversible. It can take only a fixed length message. It is not commonly used in security. It has a variable length output. Two different files can be created that have the same output.
It is a one-way function and not reversible.
Identify three situations in which the hashing function can be applied. (Choose three.) PKI CHAP IPsec PPoE WPA DES
PKI CHAP IPsec
What type of attack targets an SQL database using the input field of a user? SQL injection Cross-site scripting buffer overflow XML injection
SQL injection
An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court? The data is all there. The investigator found a USB drive and was able to make a copy of it. The data in the image is an exact copy and nothing has been altered by the process. An exact copy cannot be made of a device.
The data in the image is an exact copy and nothing has been altered by the process.
What are two common indicators of spam mail? (Choose two.) The email has no subject line. The email has an attachment that is a receipt for a recent purchase. The email has keywords in it. The email is from a friend. The email is from your supervisor. The email has misspelled words or punctuation errors or both.
The email has no subject line. The email has misspelled words or punctuation errors or both.
Which two reasons describe why WEP is a weak protocol? (Choose two.) The default settings cannot be modified. The key is static and repeats on a congested network. The key is transmitted in clear text. WEP uses the same encryption features as Bluetooth. Everyone on the network uses a different key.
The key is static and repeats on a congested network. The key is transmitted in clear text.
A user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username and password and the user is able to log in. What is the danger in proceeding with this transaction? The user is using the wrong browser to perform the transaction. The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear. The certificate from the site has expired, but is still secure. Ad blocker software is preventing the security bar from working properly, and thus there is no danger with the transaction.
The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.
What does the term vulnerability mean? a method of attack to exploit a target a known target or victim machine a computer that contains sensitive information a potential threat that a hacker creates a weakness that makes a target susceptible to an attack
a weakness that makes a target susceptible to an attack
What is the name for the type of software that generates revenue by generating annoying pop-ups? adware trackers spyware pop-ups
adware
What are three access control security services? (Choose three.) repudiation authentication accounting access availability authorization
authentication accounting authorization
An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this? RF jamming bluesnarfing bluejacking smishing
bluesnarfing
What does the term BYOD represent? bring your own decision bring your own device bring your own disaster buy your own disaster
bring your own device
Which method tries all possible passwords until a match is found? cryptographic brute force birthday dictionary rainbow tables cloud
brute force
What is the term used to describe the science of making and breaking secret codes? jamming cryptology impersonation spoofing factorization
cryptology