Cryptography and Endpoint Protection Exam Chapter 21-23
Which network profile element is the time between the establishment of a data flow and its termination? a. ports used b. total throughput c. session duration d. critical asset address space
c
Which objective of secure communications is achieved by encrypting data? a. authentication b. availability c. confidentiality d. integrity
c
Which of the NIST Cybersecurity Framework core functions is to develop and implement the appropriate activities to identify the occurrence of a cybersecurity event? a. identify b. protect c. detect
c
In addressing a risk that has the low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences? a. risk sharing b. risk retention c. risk reduction d. risk avoidance
b
A cybersecurity analyst is performing a CVSS assessment on an attack where a web link was sent to several employees. Once clicked, an internal attack was launched. Which CVSS Base Metric Group Exploitability metric is used to document that the user had to click on the link in order for the attack to occur? a. availability requirement b. integrity requirement c. scope d. user interaction
d
In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself? a. from the root CA only b. from the root CA or from self-generation c. from the root CA or another subordinate CA at the same level d. from the root CA or another subordinate CA at a higher level e. from the root CA or another subordinate CA anywhere in the tree
d
In addressing a identified risk, which strategy aims to stop performing the activities that create risk? a. risk sharing b. risk retention c. risk reduction d. risk avoidance
d
What is the difference between symmetric and asymmetric encryption algorithms? a. symmetric algorithms are typically hundreds to thousands of times slower than asymmetric algorithms b. symmetric encryption algorithms are used to authenticate secure communications. Asymmetric encryption algorithms are used to repudiate messages c. symmetric encryption algorithms are used to encrypt data. Asymmetric encryption algorithms are used to decrypt data. d. symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data
d
What is the purpose for using digital signatures for code signing? a. to generate a virtual ID b. to establish an encrypted connection to exchange confidential data with a vendor website c. to authenticate the identity of the system with a vendor website d. to verify the integrity of executable files downloaded from a vendor website
d
What is the purpose of a digital certificate? a. it guarantees that a website has not been hacked b. it provides proof that data has a traditional signature attached c. it ensures that the person who is gaining access to a network device is authorized d. it authenticates a website and establishes a secure connection to exchange confidential data
d
What is the purpose of the DH algorithm? a. to provide nonrepudiation support b. to support email data confidentiality c. to encrypt data traffic after a VPN is established d. to generate a shared secret between two hosts that have not communicated before
d
Which network profile element is the IP addresses or the logical location of essential systems of data? a. ports used b. total throughput c. session duration d. critical asset address space
d
Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats? a. network admission control b. website filtering and blacklisting c. network profiling d. threat intelligence
d
Which type of attack does the use of HMACs protect against? a. DoS b. DDoS c. brute force d. man-in-the-middle
d
Which statement describes the Cisco Threat Grid Glovebox? a. it is a firewall appliance b. it is a network-based IDS/IPS c. it is a sandbox product for analyzing malware behaviors d. it is a host-based intrusion detection system (HIDS) solution to fight against malware
c
Which statement describes the term iptables? a. it is a DNS daemon in Linux b. it is a DHCP application in Windows c. it is a rule-based firewall application in Linux d. it is a file used by a DHCP server to store current active IP addresses
c
Which technique could be used by security personnel to analyze a suspicious file in a safe environment? a. baselining b. blacklisting c. sandboxing d. whitelisting
c
A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed? a. data integrity b. non-repudiation c. data confidentiality d. origin authentication
d
Which of the NIST Cybersecurity Framework core functions is to develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services? a. identify b. protect c. detect
b
A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.) a. MD5 b. AES c. 3DES d. SHA-1 e. HMAC
b, c
A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required? a. authenticity of digitally signed data b. integrity of digitally signed data c. nonrepudiation of the transaction d. confidentiality of the public key
c
A security professional is making recommendations to a company for enhancing endpoint security. Which security endpoint technology would be recommended as an agent-based system to protect hosts against malware? a. baselining b. blacklisting c. HIDS d. IPS
c
In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities? a. risk analysis b. penetration testing c. vulnerability assessment d. strength of network security testing
c
What is an action that should be taken in the discovery step of the vulnerability management life cycle? a. assigning business value to assets b. determining a risk profile c. developing a network baseline d. documenting the security plan
c
What is the difference between an HIDS and a firewall? a. an HIDS blocks intrusions, whereas a firewall filters them b. a firewall allows and denies traffic based on rules and an HIDS monitors network traffic c. an HIDS monitors operating systems on host computers and processes files system activity. Firewalls allow or deny traffic between the computer and other systems d. a firewall performs packet filtering and therefore is limited in effectiveness, whereas an HIDS blocks intrusions e. an HIDS works like an IPS, whereas a firewall just monitors traffic
c
In what order are the steps in the vulnerability management life cycle conducted? a. discover, prioritize assets, assess, report, remediate, verify b. discover, assess, prioritize assets, report, remediate, verify c. discover, prioritize assets, assess, remediate, report, verify d. discover, prioritize assets, assess, remediate, verify, report
a
What does the telemetry function provide in host-based security software? a. it enables host-based security programs to have comprehensive logging functions b. it enables updates of malware signatures c. it blocks the passage of zero-day attacks d. it updates the heuristic antivirus signature database
a
What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity? a. PKI certificates b. symmetric keys c. hashing algorithms d. digital signatures
a
Which network profile element is a list of TCP or UDP processes that are available to accept data? a. ports used b. total throughput c. session duration d. critical asset address space
a
Which of the NIST Cybersecurity Framework core functions is to develop an organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities? a. identify b. protect c. detect
a
Which security management plan specifies a component that involves tracking the location and configuration of networked devices and software across an enterprise? a. asset management b. risk management c. vulnerability management d. patch management
a
Which statement describes the policy-based intrusion detection approach? a. it compares the operations of a host against well-defined security rules b. it compares the signatures of incoming traffic to a known intrusion database c. it compare the antimalware definitions to a central repository for the latest updates d. it compares the behaviors of a host to an established baseline to identify potential intrusion
a
Which two classes of metrics are included in the CVSS Base Metric Group? a. impact metrics b. exploitability c. modified base d. exploit code maturity e. confidentiality requirement
a, b
What are three outcomes of the NIST Cybersecurity Framework identify core function? (Choose three.) a. asset management b. risk assessment c. governance d. mitigation e. recovery planning f. information protection process and procedures
a, b, c
Which two statements correctly describe certificate classes used in the PKI? (Choose two). a. a class 0 certificate is for testing purposes b. a class 0 certificate is more trusted than a class 1 certificate c. the lower the class number, the more trusted the certificate d. a class 5 certificate is for users with a focus on verification of email e. a class 4 certificate is for online business transactions between computers
a, e
An administrator suspects polymorphic malware has successfully entered the network past the HIDS system perimeter. The polymorphic malware is, however, successfully identified and isolated. What must the administrator do to create signatures to prevent the file from entering the network again? a. use Cisco AMP to track the trajectory of a file through the network b. execute the polymorphic file in the Cisco Threat Grid Glovebox c. run the Cisco Talos security intelligence service d. run a baseline to establish an accepted amount of risk, and the environmental components that contribute to the risk level of the polymorphic malware
b
On a Windows host, which tool can be used to create and maintain blacklists and whitelists? a. Task Manager b. Group Policy Editor c. Computer Management d. Local Users and Groups
b
What is a feature of distributed firewalls? a. they all use an open sharing standard platform b. they combine the feature of host-based firewalls with centralized management c. they use only iptables to configure network rules d. they use only TCP wrappers to configure rule-based access control and logging systems
b
What is blacklisting? a. this is a network process list to stop a listed process from running on a computer b. this is an application list that can dictate which user applications are not permitted to run on a computer c. this is a user list to prevent blacklisted users from accessing a computer d. this is a Heuristics-based list to prevent a process from running on a computer
b
When a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server? a. software environment b. listening ports c. service accounts d. critical asset address space
b
Which network profile element is the amount of data passing from a given source to a given destination in a given period of time? a. ports used b. total throughput c. session duration d. critical asset address space
b