Cyber Security Finals
While the first and last "Received" headers in an email might identify the ultimate source or destination, what type of information do other "Received" headers provide?
Each identifies an MTA that retrieves the entire email message and forwards it to another MTA.
ASPX is
ASP scripting extended to support Microsoft's .NET framework.
Which one of the following is the best example of an authorization control?
Access control lists
Bob and Alice want to construct a shared secret key using RSA. Which of the following components must Bob use to share the secret with Alice?
Alice's public key alone
Software Development and Security
All the above
Software security standards are used for
All the above
A firewall is trying to block all unauthorized traffic and services. What type of filtering will provide the most thorough restrictions?
Application filtering to block all applications except those allowed, plus any application traffic that appears to implement tunneling
What 2 things do we identify when going through a threat modeling exercise?
Assets and threats
Which of the following is not a common cloud computing problem?
Budget
A cloud deployment that is off premises but for exclusive use of one or more particular organization is called _______?
Community Cloud
CI/CD stands for
Continuous Integration/Continuous Delivery
Vulnerability Scans are conducted in the Build phase of the pipeline.
False
What are the four domains that BSIMM framework consists of:
Governance, Intelligence, SSDL Touchpoints, Deployment
The following are principles of DevSecOps EXCEPT
Implementing Security Controls
In which phase of the data analytics process are AI, ML and Data Mining techniques implemented?
Data analysis
A block cipher algorithm operates more slowly if we change the key every time we use it. Which of the following concepts is most responsible for this delay?
Key Expansion
Which of the following uses TCP as the transport protocol?
Mailbox and delivery
What term describes the longest period of time that a business can survive without a particular critical system?
Maximum tolerable downtime (MTD)
What was the first web browser to use public key certificates?
Netscape Navigator
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
No technology infrastructure
In typical applications, does SSL provide application transparency?
No, because the SSL software is traditionally integrated into the application software package and is not supported unless the application specifically provides it.
Bob has purchased a self-encrypting hard drive that always encrypts everything stored on the drive. Bob wants to install a bootable operating system on it and use it on an older computer. The old computer does not allow him to install pre-boot authentication in the BIOS. Will he be able to use the drive?
No, because there is no way to add a plaintext partition to this drive.
Another term used to refer to Descriptive Machine Learning is
Unsupervised learning
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?
Vulnerability
Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?
Warm site
The two software development models are:
Waterfall and agile.
Secure Sockets Layer (SSL) has been replaced by:
Transport Layer Security (TLS).
A Kanban board can help team members visibly see the tasks to do, in progress, and done.
True
A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.
True
A personnel safety plan should include an escape plan.
True
A public cloud is hosted on hardware shared by multiple customers.
True
Application Security continues even after deployment.
True
Availability and Scalability are benefits of DevOps.
True
Data mining is an interdisciplinary field that employs analytical tools in identifying hidden patterns & anomalies.
True
Jenkins is a tool used to help with continuous integration.
True
Machine learning is the process of 'learning' from past data/experiences in order to predict future
True
True or False? Browsers often store the cookies in individual files, each named for the server that owns the cookie. Whenever the browser visits a particular server, it includes the cookies received from that server.
True
True or False? Cipher block chaining (CBC) is a widely used cipher mode that requires plaintext to be a multiple of the cipher's block size.
True
True or False? Filtering for spam sometimes produces a false positive, in which legitimate email is identified as spam.
True
A subscriber in an Infrastructure as a Service model can be ______
an individual, team, or business unit.
General Public License used for open source software is ______ for sharing proprietary code back to the public.
great concern
Access control protects data on a computer against:
hostile users.
The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
Methodologies based on AI / Machine Learning (ML) are needed to detect novel, rare and constantly evolving threats.
True
The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.
True
The system life cycle includes project planning, develop, operations, and disposal.
True
True or False? A DVD player handles all key managements.
True
True or False? A network attack in which someone forges network traffic would be considered an active attack.
True
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
13
Moore's Law observed that computing power doubled every:
18 Months
Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?
2
A DVD's key is encrypted with how many player keys
409
The HTML tag that's required to create a hyperlink is
<a>
Which decryption procedure requires two inputs? Select all that apply.
A key Ciphertext
Which one of the following is an example of a direct cost that might result from a business disruption?
Facility Repair
"Security Operational Measurements" is listed as one of the OWASP Top 10
False
A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
False
AI has been used in many areas except for in Law
False
Artificial Intelligence (AI) refers to study of the design and creation of effective computer network architectures.
False
Cloud+ exams do not build on the knowledge required for other certification exams.
False
Data stored in an Excel spreadsheet is an example of an unstructured data.
False
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
Parallel test
Which of the following is not included in the acronym, LAMP?
Perl
An enterprise would like to leverage cloud solution for managing highly classified data. Which of the following cloud deployment models would be most suitable?
Private Cloud
Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?
Reduce
Security Champions can help with which one of the following:
Reduce culture conflict
The S in STRIDE stands for
Spoofing
SAST stands for:
Static Application Security Testing
Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?
Supervisory Control and Data Acquisition (SCADA)
Which of the following best describes the basic format of an HTML tag?
Text surrounded by angle brackets
The Enigma was used by the _________ in World War II.
The Germans
Bob connects to his bank's SSL-protected website. The browser reports that the certificate has been revoked. Which of the following may directly cause this?
The bank's private key was stolen by a hacker, and the theft was reported to the certificate authority.
Security testing of applications includes testing for
expected and unexpected actions.
The __________ controls the sending and receiving host address.
host
The field that identifies one record so that others may link to it is often called a
key field
Another term for an SMTP email server is
message transfer agent (MTA).
Digital signatures may be used to provide:
nonrepudiation
In SaaS, consumers have limited admin control and full user level control over applications.
True
Machine Learning is a subset of
Artificial Intelligence
The public school systems in the greater Atlanta region have collectively decided to setup an email system in the cloud for use by their faculty, staff and students. This could be an example of the _______ cloud deployment model.
Community Cloud
What is a key principle of risk management programs?
Don't spend more to protect an asset than it is worth.
Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).
False
True or False? A bit-flipping attack is not knowing what the message says and changing it bit by bit.
False
True or False? A browser cookie, usually just called a "browser," is a piece of data stored by a browser on behalf of a web server.
False
True or False? All forgeries can be detected by examining the oldest Received header.
False
When you integrate cloud with a traditional on-premise system, which deployment model are you building?
Hybrid Cloud
Which cloud deployment is the most common?
Hybrid Cloud
The language that's the foundation of most web pages is:
Hypertext Markup Language (HTML)
Mailbox protocols include all of the following, except:
Internet Control Message Protocol (ICMP)
A protocol that establishes security associations (SAs) between a pair of hosts is:
Internet Key Exchange (IKE).
What term describes the risk that exists after an organization has performed all planned countermeasures and controls?
Residual risk
Which formula is typically used to describe the components of information security risks?
Risk = Threat X Vulnerability
The following are threat modeling steps except
SAST and DAST
Gmail is an example of which cloud service offering?
SaaS
