Unit 2 Exam (Chapters 6-10)

Certificate repository (CR)

A centralized directory of digital certificates is called a(n) _____.

Community cloud

Aleksandra, the company HR manager, is completing a requisition form for the IT staff to create a type of cloud that would only be accessible to other HR managers like Aleksandra who are employed at manufacturing plants. The form asks for the type of cloud that is needed. Which type of cloud would best fit Aleksandra's need?

Fog

Alicja is working on a project to deploy automated guided vehicles on the industrial shop floor of the manufacturing plant in which she works. What location of computing would be best for this project?

Downgrade attack

Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this?

ROT13

Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this?

Host table and external DNS server

Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect?

SHA3-512

Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest?

Nonrepudiation

Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as?

MAC flooding attack

Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?

As computers become more powerful, the ability to compute factoring has increased.

Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond?

Verify the receiver

Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide?

Online Certificate Status Protocol (OCSP)

Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use?

Stateful packet filtering

Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this?

cat

Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use?

Two-person integrity/control

Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing?

traceroute

Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use?

Masking

Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use?

It detects when a BPDU is received from an endpoint.

How does BPDU guard provide protection?

ESP

How is confidentiality achieved through IPsec?

Alice's public key

If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?

Active-active

In which of the following configurations are all the load balancers always active?

Domain validation

Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need?

Policy-based firewall

Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need?

DNS sinkhole

Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider?

Deprovisioning resources that are no longer necessary

Nadia has been asked to perform dynamic resource allocation on specific cloud computing resources. What action is Nadia taking?

The user's identity with their public key

Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say?

PaaS

Oliwia has been given a project to manage the development of a new company app. She wants to use a cloud model to facilitate the development and deployment. Which cloud model will she choose?

Operational Technology

Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack?

Split tunnel

Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose?

MSSPs

The CEO is frustrated by the high costs associated with security at the organization and wants to look at a third party assuming part of their cybersecurity defenses. Nikola has been asked to look into acquiring requests for proposal (RFPs) from different third parties. What are these third-party organizations called?

Only use compiled and not interpreted Python code.

Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use?

DNS poisoning attack

Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?

perfect forward secrecy

What are public key systems that generate different random public keys for each session?

Server resources of the cloud are inconspicuous to the end user.

What does the term "serverless" mean in cloud computing?

Crypto service provider

What entity calls in crypto modules to perform cryptographic tasks?

The command-language interpreter for Linux/UNIX OSs

What is Bash?

Two files produce the same digest.

What is a collision?

A firewall that runs in the cloud

What is a virtual firewall?

Plaintext

What is data called that is to be encrypted by inputting it into a cryptographic algorithm?

The time between when a byte is input into a cryptographic cipher and when the output is obtained.

What is low latency?

DoS attacks use fewer computers than DDoS attacks.

What is the difference between a DoS and a DDoS attack?

P7B

What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption?

CN

What is the name of the device protected by a digital certificate?

Certificate attributes

What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection?

To group and verify digital certificates

What is the purpose of certificate chaining?

The ARP cache is compromised.

What is the result of an ARP poisoning attack?

Digital certificate

What is the strongest technology that would assure Alice that Bob is the sender of a message?

Man-in-the-browser (MITB)

Which attack intercepts communications between a web browser and the underlying OS?

CTR

Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged?

IaaS

Which cloud model requires the highest level of IT responsibilities?

Forward proxy server

Which device intercepts internal user requests and then processes those requests on behalf of the users?

Allow

Which firewall rule action implicitly denies all other traffic unless explicitly allowed?

Secure Shell (SSH)

Which is a protocol for securely accessing a remote computer in order to issue a command?

AH

Which is an IPsec protocol that authenticates that packets received were sent from the source?

The web browser sends a message ("ClientHello") to the server.

Which is the first step in a key exchange?

To verify the authenticity of the CA

Which of the following can a digital certificate NOT be used for?

High-interaction honeypot

Which of the following contains honeyfiles and fake telemetry?

Containment space

Which of the following does NOT describe an area that separates threat actors from defenders?

Fingerprint authentication

Which of the following functions does a network hardware security module NOT perform?

Steganography

Which of the following hides the existence of information?

It can only provide limited security.

Which of the following is FALSE about "security through obscurity"?

Trusted domain

Which of the following is NOT a Microsoft defense against macros?

Update Active Directory to indicate the device is vulnerable.

Which of the following is NOT a NAC option when it detects a vulnerable endpoint?

Visible resource pooling

Which of the following is NOT a characteristic of cloud computing?

It includes a pseudorandom number generator (PRNG).

Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)?

Bandwidth utilization

Which of the following is NOT a cloud computing security issue?

Send alerts to virtual firewalls

Which of the following is NOT a feature of a next-generation SWG?

Visibility

Which of the following is NOT a firewall rule parameter?

Application updates

Which of the following is NOT a means by which a newly approved root digital certificate is distributed?

It can be invoked prior to system boot.

Which of the following is NOT a reason that threat actors use PowerShell for attacks?

SHA

Which of the following is NOT a symmetric cryptographic algorithm?

It must be used on HTML5 compliant devices.

Which of the following is NOT correct about L2TP?

Containers require a full OS whenever APIs cannot be used.

Which of the following is NOT correct about containers?

They require that specific security appliances be located on-prem so that the local data center can be considered as a qualified Zone.

Which of the following is NOT correct about high availability across zones?

It is being phased out and replaced by PowerShell.

Which of the following is NOT true about VBA?

sn1per

Which of the following is a third-party OS penetration testing tool?

Tcpreplay

Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?

MAC address schema

Which of the following is not a basic configuration management tool?

Digest

Which of the following is not to be decrypted but is only used for comparison purposes?

It provides a central repository.

Which of the following is true about secrets management?

SFTP

Which of the following provides the highest level of security?

Proximity

Which of the following sensors can detect an object that enters the sensor's field?

SDN

Which of the following virtualizes parts of a physical network?

Eliminate APIs.

Which of the following will NOT protect a container?

UTM

Which of these appliances provides the broadest protection by combining several security functions?

Risk

Which of these is NOT a basic security protection for information that cryptography can provide?

Collisions should occur no more than 15 percent of the time.

Which of these is NOT a characteristic of a secure hash algorithm?

User experience (UX)

Which of these is NOT created and managed by a microservices API?

Data within the application message itself

Which of these is NOT used in scheduling a load balancer?

Advanced Encryption Standard

Which of these is the strongest symmetric cryptographic algorithm?

Hardware Security Module (HSM)

Which of these provides cryptographic services and is external to the device?

Key escrow

Which refers to a situation in which keys are managed by a third party, such as a trusted CA?

It contains servers that are used only by internal network users.

Which statement regarding a demilitarized zone (DMZ) is NOT true?

Type I

Which type of hypervisor runs directly on the computer's hardware?

Anomaly monitoring

Which type of monitoring methodology looks for statistical deviations from a baseline?

hping

Which utility sends custom TCP/IP packets?

Registration authority

Who verifies the authenticity of a CSR?

Transit gateway

Wiktoria is frustrated that her company is using so many different cloud services that span multiple cloud provider accounts and even different cloud providers. She wants to implement a technology to give full control and visibility over all the cloud resources, including network routing and security. What product does Wiktoria need?

Reduction in broadband costs

Zuzana is creating a report for her supervisor about the cost savings associated with cloud computing. Which of the following would she NOT include on her report on the cost savings?

Session keys

_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity.