Chapter 9 Cybersecurity practice test
HMAC
A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?
a new pre-shared key
Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?
sniffing
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
SEO poisoning
What type of attack will make illegitimate websites higher in a web search result list?
DAC
Which access control strategy allows an object owner to determine whether to allow access to the object?
AES
Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume?
vulnerability scanners
Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses?
stored data
Which data state is maintained in NAS and SAN services?
ISO/IEC 27000
Which framework should be recommended for establishing a comprehensive information security management system in an organization?
SHA-256
Which hashing algorithm is recommended for the protection of sensitive, unclassified information?
Sarbanes-Oxley Act
Which law was enacted to prevent corporate accounting-related crimes?
Microsoft Security Baseline Analyzer
Which of the following products or technologies would you use to establish a baseline for an operating system?
transfer
Which risk mitigation strategies include outsourcing services and purchasing insurance?
They are part of a protest group behind a political cause.
Which statement best describes a motivation of hacktivists?
a smart card reader
Which technology can be implemented as part of an authentication system to verify the identification of employees?
RAID
Which technology would you implement to provide high availability for data storage?
user-related threats
Which threat is mitigated through user awareness training and tying security awareness to performance reviews?
802.11i, WPA, WPA2
Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)
ARP, STP
Which two protocols pose switching threats? (Choose two.)
limiting
What approach to availability involves using file permissions?
Confidentiality, integrity, and availability
A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?
intimidation
An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?
VPN
An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
rainbow tables, lookup tables, reverse lookup tables
An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three)
improving reliability and uptime of the servers
An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve?
Asset Classification
An organization wants to adopt a labeling system based on the value, sensitivity and criticality of the information. What element of risk management is recommended.
data masking substitution
Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?
when the organization needs to look for prohibited activity
In which situation would a detective control be warranted?
preventive
Keeping data backups offsite is an example of which type of disaster recovery control?
authentication
Passwords, passphrases, and PINs are examples of which security term?
logical
Smart cards and biometrics are considered to be what type of access control?
The systems use different hashing algorithms., One system uses hashing and the other uses hashing and salting.
Technicians are testing the security of an authentication system that uses passwords. When a technician examines the password tables, the technician discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? (Choose two.)
Digital certificates
The x.509 standards defines which security technology
ransomeware
Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
Worm
Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
Local Security Policy tool
What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?
It deters casual trespassers only.
What describes the protection provided by a fence that is 1 meter in height?
spoofing
What is an impersonation attack that takes advantage of a trusted relationship between two systems?
asset standardization
What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?
Salting
What technique creates different hashes for the same password
digital signature
What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document?
Educate employees regarding policies., Do not provide password resets in a chat window., Resist the urge to click on enticing web links.
What three best practices can help defend against social engineering attacks? (Choose three.)
single loss expectancy, annual rate of occurrence
Which two values are required to calculate annual loss expectancy? (Choose two.)
packet forgery
Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication?
black hat hackers
Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?
ping
Which utility uses the Internet Control Messaging Protocol (ICMP)?
WPA2
Which wireless standard made AES and CCM mandatory?
female, 9866, $125.50
You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?
qualitative analysis
Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?
recovery control
an organization has implemented antivirus software. what type of security control did the company implement