Cyber Essentials Final Exam

What three best practices can help defend against social engineering attacks? (Choose three.) Select one or more: -Do not provide password resets in a chat window. -Resist the urge to click on enticing web links. -Enable a policy that states that the IT department should supply information over the phone only to managers. -Educate employees regarding policies. -Add more security guards. -Deploy well-designed firewall appliances.

-Resist the urge to click on enticing web links. -Educate employees regarding policies. -Do not provide password resets in a chat window.

What is a feature of a cryptographic hash function? Select one: -The output has a variable length. -The hash input can be calculated given the output value. -Hashing requires a public and a private key. -The hash function is a one-way mathematical function.

-The hash function is a one-way mathematical function.

The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email? Select one: It is a DDoS attack. It is a hoax. It is a piggy-back attack. It is an impersonation attack.

It is a hoax

What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain? Select one: Local Security Policy tool Active Directory Security tool Computer Management Event Viewer security log

Local Security Policy tool

Which of the following products or technologies would you use to establish a baseline for an operating system? Select one: SANS Baselining System (SBS) MS Baseliner CVE Baseline Analyzer Microsoft Security Baseline Analyzer

Microsoft Security Baseline Analyzer

Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network? Select one: SAN VPN NAC NAS

NAC

What type of attack will make illegitimate websites higher in a web search result list? Select one: DNS poisoning spam browser hijacker SEO poisoning

SEO poisoning

Which protocol would be used to provide security for employees that access systems remotely from home? Select one: SCP Telnet SSH WPA

SSH

Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems? Select one: The Advanced Cyber Security Center Internet Storm Center CERT The National Vulnerability Database website

The National Vulnerability Database website

The X.509 standards defines which security technology? Select one: security tokens digital certificates biometrics strong passwords

digital certificates

Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions? Select one: digital certificates asymmetrical encryption symmetrical encryption data hashing

digital certificates

What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document? Select one: digital signature HMAC digital certificate asymmetric encryption

digital signature

Which technology can be used to protect VoIP against eavesdropping? Select one: SSH encrypted voice messages ARP strong authentication

encrypted voice messages

You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals? Select one: yes/no 345-60-8745, TRF562 800-900-4560, 4040-2020-8978-0090, 01/21/2013 male, $25.25, veteran female, 9866, $125.50

female, 9866, $125.50

An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve? Select one: improving reliability and uptime of the servers remote access to thousands of external users limiting access to the data on these systems stronger encryption systems

improving reliability and uptime of the servers

What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks? Select one: obscurity diversity limiting layering

layering

Which method is used by steganography to hide text in an image file? Select one: data masking least significant bit most significant bit data obfuscation

least significant bit

What approach to availability involves using file permissions? Select one: limiting obscurity layering simplicity

limiting

Mutual authentication can prevent which type of attack? Select one: wireless sniffing wireless IP spoofing man-in-the-middle wireless poisoning

man-in-the-middle

Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication? Select one: packet forgery rogue Wi-Fi AP packet sniffing DNS spoofing

packet forgery

Which methods can be used to implement multifactor authentication? Select one: tokens and hashes IDS and IPS VPNs and VLANs passwords and fingerprints

passwords and fingerprints

Which utility uses the Internet Control Messaging Protocol (ICMP)? Select one: RIP ping NTP DNS

ping

Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice? Select one: public key from Bob username and password from Alice private key from Alice private key from Bob

private key from Alice

Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent? Select one: loss analysis exposure factor analysis qualitative analysis quantitative analysis

qualitative analysis

An organization has implemented antivirus software. What type of security control did the company implement? Select one: deterrent control compensative control recovery control detective control

recovery control

Which two values are required to calculate annual loss expectancy? (Choose two.) Select one or more: frequency factor exposure factor asset value quantitative loss value annual rate of occurrence single loss expectancy

single loss expectancy annual rate of occurrence

What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization? Select one: pharming man-in-the-middle ransomeware social engineering

social engineering

What is an impersonation attack that takes advantage of a trusted relationship between two systems? Select one: spoofing spamming sniffing man-in-the-middle

spoofing

Being able to maintain availability during disruptive events describes which of the principles of high availability? Select one: system resiliency fault tolerance single point of failure uninterruptible services

system resiliency

Which risk mitigation strategies include outsourcing services and purchasing insurance? Select one: reduction transfer acceptance avoidance

transfer

Which threat is mitigated through user awareness training and tying security awareness to performance reviews? Select one: physical threats user-related threats device-related threats cloud-related threats

user-related threats

Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses? Select one: password crackers packet analyzers packet sniffers vulnerability scanners

vulnerability scanners

A specialist in the HR department is invited to promote the cybersecurity program in community schools. Which three topics would the specialist emphasize in the presentation to draw students to this field? (Choose three.) Select one or more: -high earning potential -the CompTIA A+ certification provides an adequate knowledge base for the field -a job with routine, day-to-day tasks -service to the public -a career-field in high-demand -a field requiring a PhD degree

-high earning potential -service to the public -a career-field in high-demand

Which statement describes a characteristics of block ciphers? Select one: Block ciphers are faster than stream ciphers. Block ciphers result in output data that is larger than the input data most of the time. Block ciphers encrypt plaintext one bit at a time to form a block. Block ciphers result in compressed output.

Block ciphers result in output data that is larger than the input data most of the time.

Which access control strategy allows an object owner to determine whether to allow access to the object? Select one: RBAC DAC MAC ACL

DAC

A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches? Select one: SQL injection man-in-the-middle DoS packet Injection

DoS

A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking? Select one: HMAC password salting CRC

HMAC

A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective? Select one: Implement RAID. Implement a firewall. Implement a VLAN. Implement intrusion detection systems.

Implement a firewall.

Which wireless standard made AES and CCM mandatory? Select one: WEP WPA2 WEP2 WPA

WPA2

Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use? Select one: the private key of Carol the public key of Bob the same pre-shared key he used with Alice a new pre-shared key

a new pre-shared key

The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement? Select one: a set of attributes that describes user access rights a biometric fingerprint reader observations to be provided to all employees user login auditing

a set of attributes that describes user access rights

Which technology can be implemented as part of an authentication system to verify the identification of employees? Select one: a Mantrap SHA-1 hash a virtual fingerprint a smart card reader

a smart card reader

Which access control should the IT department use to restore a system back to its normal state? Select one: preventive detective corrective compensative

corrective

You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control? Select one: -data entry controls which only allow entry staff to view current data -a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data -a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data -data encryption operations that prevent any unauthorized users from accessing sensitive data

a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data

abc

abc

An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement? Select one: physical technological logical administrative

administrative

An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended? Select one: asset standardization asset identification asset availability asset classification

asset classification

What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications? Select one: asset classification asset standardization asset identification asset availability

asset standardization

Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information? Select one: script kiddies black hat hackers white hat hackers gray hat hackers

black hat hackers

A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan? Select one: confidentiality, integrity, and availability technologies, policies, and awareness secrecy, identify, and nonrepudiation encryption, authentication, and identification

confidentiality, integrity, and availability