Chapter 9 Cybersecurity practice test

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

HMAC

A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?

a new pre-shared key

Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?

sniffing

What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?

SEO poisoning

What type of attack will make illegitimate websites higher in a web search result list?

DAC

Which access control strategy allows an object owner to determine whether to allow access to the object?

AES

Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume?

vulnerability scanners

Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses?

stored data

Which data state is maintained in NAS and SAN services?

ISO/IEC 27000

Which framework should be recommended for establishing a comprehensive information security management system in an organization?

SHA-256

Which hashing algorithm is recommended for the protection of sensitive, unclassified information?

Sarbanes-Oxley Act

Which law was enacted to prevent corporate accounting-related crimes?

Microsoft Security Baseline Analyzer

Which of the following products or technologies would you use to establish a baseline for an operating system?

transfer

Which risk mitigation strategies include outsourcing services and purchasing insurance?

They are part of a protest group behind a political cause.

Which statement best describes a motivation of hacktivists?

a smart card reader

Which technology can be implemented as part of an authentication system to verify the identification of employees?

RAID

Which technology would you implement to provide high availability for data storage?

user-related threats

Which threat is mitigated through user awareness training and tying security awareness to performance reviews?

802.11i, WPA, WPA2

Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)

ARP, STP

Which two protocols pose switching threats? (Choose two.)

limiting

What approach to availability involves using file permissions?

Confidentiality, integrity, and availability

A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?

intimidation

An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?

VPN

An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?

rainbow tables, lookup tables, reverse lookup tables

An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three)

improving reliability and uptime of the servers

An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve?

Asset Classification

An organization wants to adopt a labeling system based on the value, sensitivity and criticality of the information. What element of risk management is recommended.

data masking substitution

Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?

when the organization needs to look for prohibited activity

In which situation would a detective control be warranted?

preventive

Keeping data backups offsite is an example of which type of disaster recovery control?

authentication

Passwords, passphrases, and PINs are examples of which security term?

logical

Smart cards and biometrics are considered to be what type of access control?

The systems use different hashing algorithms., One system uses hashing and the other uses hashing and salting.

Technicians are testing the security of an authentication system that uses passwords. When a technician examines the password tables, the technician discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? (Choose two.)

Digital certificates

The x.509 standards defines which security technology

ransomeware

Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?

Worm

Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?

Local Security Policy tool

What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?

It deters casual trespassers only.

What describes the protection provided by a fence that is 1 meter in height?

spoofing

What is an impersonation attack that takes advantage of a trusted relationship between two systems?

asset standardization

What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?

Salting

What technique creates different hashes for the same password

digital signature

What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document?

Educate employees regarding policies., Do not provide password resets in a chat window., Resist the urge to click on enticing web links.

What three best practices can help defend against social engineering attacks? (Choose three.)

single loss expectancy, annual rate of occurrence

Which two values are required to calculate annual loss expectancy? (Choose two.)

packet forgery

Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication?

black hat hackers

Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?

ping

Which utility uses the Internet Control Messaging Protocol (ICMP)?

WPA2

Which wireless standard made AES and CCM mandatory?

female, 9866, $125.50

You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?

qualitative analysis

Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?

recovery control

an organization has implemented antivirus software. what type of security control did the company implement


Set pelajaran terkait

ACCT 3210: Chapter 9 Preview: Inventories-Additional Issues

View Set

Ch 14 marriage and family questions

View Set

The Puritan Legacy: Unit 1 (American Lit)

View Set