CNT 105 Final
Which statement describes a distributed denial of service attack?" One computer accepts data packets based on the MAC address of another computer. An attacker sends an enormous quantity of data that a server cannot handle.A n attacker builds a botnet comprised of zombies. An attacker views network traffic to learn authentication credentials.
An attacker sends an enormous quantity of data that a server cannot handle.
The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email? It is a hoax. It is a DDoS attack .It is an impersonation attack. It is a piggy-back attack.
It is a hoax.
Which of the following products or technologies would you use to establish a baseline for an operating system? CVE Baseline Analyzer Microsoft Security Baseline Analyzer MS Baseliner SANS Baselining System (SBS)
Microsoft Security Baseline Analyzer
Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network? NAS NAC SAN VPN
NAC
Which national resource was developed as a result of a U.S. Executive Order after a ten-month collaborative study involving over 3,000 security professionals? ISO OSI model ISO/IEC 27000 the National Vulnerability Database (NVD) NIST Framework
NIST Framework
Which technology would you implement to provide high availability for data storage? RAID software update shot standby N+1
RAID
What type of attack will make illegitimate websites higher in a web search result list? browser hijacker spam SEO poisoning DNS poisoning
SEO poisoning
You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select? MD5 SHA-1 AES SHA-256
SHA-256
Which protocol would be used to provide security for employees that access systems remotely from home? WPA SSH SCP Telnet
SSH
Which law was enacted to prevent corporate accounting-related crimes? Import/Export Encryption Act The Federal Information Security Management Act Sarbanes-Oxley Act Gramm-Leach-Bliley Act
Sarbanes-Oxley Act
What is a feature of a cryptographic hash function? The output has a variable length. The hash input can be calculated given the output value. Hashing requires a public and a private key .The hash function is a one-way mathematical function.
The hash function is a one-way mathematical function.
What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website? digital signature digital certificate asymmetric encryption salting
digital certificate
Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions? asymmetrical encryption symmetrical encryption digital certificates data hashing
digital certificates
What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document? HMAC digital certificate digital signature asymmetric encryption
digital signature
Which technology can be used to protect VoIP against eavesdropping? strong authentication ARP SSH encrypted voice messages
encrypted voice messages
An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve? improving reliability and uptime of the servers limiting access to the data on these systems stronger encryption systems remote access to thousands of external users
improving reliability and uptime of the servers
Which method is used by steganography to hide text in an image file? data masking most significant bit data obfuscation least significant bit
least significant bit
What approach to availability involves using file permissions? layering obscurity limiting simplicity
limiting
An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement? administrative technological physical logical
logical
Mutual authentication can prevent which type of attack? man-in-the-middle wireless poisoning wireless IP spoofing wireless sniffing
man-in-the-middle
Which utility uses the Internet Control Messaging Protocol (ICMP)? RIP ping NTP DNS
ping
Keeping data backups offsite is an example of which type of disaster recovery control? detective corrective management preventive
preventive
Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent? quantitative analysis exposure factor analysis loss analysis qualitative analysis
qualitative analysis
Which hashing technology requires keys to be exchanged? MD5 HMAC AES salting
salting
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic? spoofing sniffing phishing spamming
sniffing
What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization? pharming ransomeware man-in-the-middle social engineering
social engineering
What are three states of data during which data is vulnerable? (Choose three.) data in-process purged data stored data data encrypted data decrypted data in-transit
stored data data in-transit data in-process
Which threat is mitigated through user awareness training and tying security awareness to performance reviews? user-related threats device-related threats cloud-related threats physical threats
user-related threats
Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus? sneaker net wireless networks wired networks virtual networks
wireless networks
A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement? RSA ECC Diffie-Hellman 3DES
3DES
Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.) WEP WPA2 802.11q 802.11i WPATKIP
802.11i WPA WPA2
Which statement describes a characteristics of block ciphers? Block ciphers result in compressed output .Block ciphers encrypt plaintext one bit at a time to form a block. Block ciphers result in output data that is larger than the input data most of the time .Block ciphers are faster than stream ciphers.
Block ciphers result in compressed output.
The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities? NIST/NICE framework CVE national database ISO/IEC 27000 model Infragard
CVE national database
Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume? 3DES RSA DES AES
DES
What describes the protection provided by a fence that is 1 meter in height? It deters casual trespassers only. It offers limited delay to a determined intruder. The fence deters determined intruders. It prevents casual trespassers because of its height.
It deters casual trespassers only.
Technicians are testing the security of an authentication system that uses passwords. When a technician examines the password tables, the technician discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? (Choose two.) Both systems use MD5. Both systems scramble the passwords before hashing. The systems use different hashing algorithms. One system uses hashing and the other uses hashing and salting. One system uses symmetrical hashing and the other uses asymmetrical hashing.
The systems use different hashing algorithms. One system uses hashing and the other uses hashing and salting.
Which statement best describes a motivation of hacktivists? They are part of a protest group behind a political cause. They are interested in discovering new exploits .They are trying to show off their hacking skills. They are curious and learning hacking skills.
They are part of a protest group behind a political cause.
Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.) They collect sensitive information. They require 24-hour monitoring. They make systems more complicated. They contain personal information .They increase processing requirements.They require more equipment.
They collect sensitive information. They contain personal information
What are the two most effective ways to defend against malware? (Choose two.) Implement network firewalls. Update the operating system and other application software. Install and update antivirus software. Implement a VPN.Implement RAID. Implement strong passwords.
Update the operating system and other application software. Install and update antivirus software.
Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use? the private key of Carol the public key of Bob a new pre-shared key the same pre-shared key he used with Alice
a new pre-shared key
The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement? a set of attributes that describes user access rights user login auditing observations to be provided to all employees a biometric fingerprint reader
a set of attributes that describes user access rights
Which technology can be implemented as part of an authentication system to verify the identification of employees? a virtual fingerprint SHA-1 hasha Man trapa smart card reader
a smart card reader
Which access control should the IT department use to restore a system back to its normal state? detective corrective compensative preventive
corrective
You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control? a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data data encryption operations that prevent any unauthorized users from accessing sensitive data data entry controls which only allow entry staff to view current data a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data
a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data
Which two values are required to calculate annual loss expectancy? (Choose two.) single loss expectancy quantitative loss value frequency factor asset value annual rate of occurrence exposure factor
annual rate of occurrence single loss expectancy
An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended? sasset standardization asset identification asset classification asset availability
asset classification
Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information? script kiddies gray hat hacker swhite hat hackers black hat hackers
black hat hackers
What type of application attack occurs when data goes beyond the memory areas allocated to the application? RAM spoofing RAM Injection SQL injection buffer overflow
buffer overflow
A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan? confidentiality, integrity, and availability secrecy, identify, and nonrepudiation encryption, authentication, and identification technologies, policies, and awareness
confidentiality, integrity, and availability
What are two incident response phases? (Choose two.) detection and analysis risk analysis and high availability containment and recovery prevention and containment mitigation and acceptance confidentiality and eradication
containment and recovery detection and analysis