CNT 105 Final

Ace your homework & exams now with Quizwiz!

Which statement describes a distributed denial of service attack?" One computer accepts data packets based on the MAC address of another computer. An attacker sends an enormous quantity of data that a server cannot handle.A n attacker builds a botnet comprised of zombies. An attacker views network traffic to learn authentication credentials.

An attacker sends an enormous quantity of data that a server cannot handle.

The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email? It is a hoax. It is a DDoS attack .It is an impersonation attack. It is a piggy-back attack.

It is a hoax.

Which of the following products or technologies would you use to establish a baseline for an operating system? CVE Baseline Analyzer Microsoft Security Baseline Analyzer MS Baseliner SANS Baselining System (SBS)

Microsoft Security Baseline Analyzer

Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network? NAS NAC SAN VPN

NAC

Which national resource was developed as a result of a U.S. Executive Order after a ten-month collaborative study involving over 3,000 security professionals? ISO OSI model ISO/IEC 27000 the National Vulnerability Database (NVD) NIST Framework

NIST Framework

Which technology would you implement to provide high availability for data storage? RAID software update shot standby N+1

RAID

What type of attack will make illegitimate websites higher in a web search result list? browser hijacker spam SEO poisoning DNS poisoning

SEO poisoning

You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select? MD5 SHA-1 AES SHA-256

SHA-256

Which protocol would be used to provide security for employees that access systems remotely from home? WPA SSH SCP Telnet

SSH

Which law was enacted to prevent corporate accounting-related crimes? Import/Export Encryption Act The Federal Information Security Management Act Sarbanes-Oxley Act Gramm-Leach-Bliley Act

Sarbanes-Oxley Act

What is a feature of a cryptographic hash function? The output has a variable length. The hash input can be calculated given the output value. Hashing requires a public and a private key .The hash function is a one-way mathematical function.

The hash function is a one-way mathematical function.

What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website? digital signature digital certificate asymmetric encryption salting

digital certificate

Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions? asymmetrical encryption symmetrical encryption digital certificates data hashing

digital certificates

What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document? HMAC digital certificate digital signature asymmetric encryption

digital signature

Which technology can be used to protect VoIP against eavesdropping? strong authentication ARP SSH encrypted voice messages

encrypted voice messages

An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve? improving reliability and uptime of the servers limiting access to the data on these systems stronger encryption systems remote access to thousands of external users

improving reliability and uptime of the servers

Which method is used by steganography to hide text in an image file? data masking most significant bit data obfuscation least significant bit

least significant bit

What approach to availability involves using file permissions? layering obscurity limiting simplicity

limiting

An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement? administrative technological physical logical

logical

Mutual authentication can prevent which type of attack? man-in-the-middle wireless poisoning wireless IP spoofing wireless sniffing

man-in-the-middle

Which utility uses the Internet Control Messaging Protocol (ICMP)? RIP ping NTP DNS

ping

Keeping data backups offsite is an example of which type of disaster recovery control? detective corrective management preventive

preventive

Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent? quantitative analysis exposure factor analysis loss analysis qualitative analysis

qualitative analysis

Which hashing technology requires keys to be exchanged? MD5 HMAC AES salting

salting

What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic? spoofing sniffing phishing spamming

sniffing

What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization? pharming ransomeware man-in-the-middle social engineering

social engineering

What are three states of data during which data is vulnerable? (Choose three.) data in-process purged data stored data data encrypted data decrypted data in-transit

stored data data in-transit data in-process

Which threat is mitigated through user awareness training and tying security awareness to performance reviews? user-related threats device-related threats cloud-related threats physical threats

user-related threats

Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus? sneaker net wireless networks wired networks virtual networks

wireless networks

A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement? RSA ECC Diffie-Hellman 3DES

3DES

Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.) WEP WPA2 802.11q 802.11i WPATKIP

802.11i WPA WPA2

Which statement describes a characteristics of block ciphers? Block ciphers result in compressed output .Block ciphers encrypt plaintext one bit at a time to form a block. Block ciphers result in output data that is larger than the input data most of the time .Block ciphers are faster than stream ciphers.

Block ciphers result in compressed output.

The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities? NIST/NICE framework CVE national database ISO/IEC 27000 model Infragard

CVE national database

Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume? 3DES RSA DES AES

DES

What describes the protection provided by a fence that is 1 meter in height? It deters casual trespassers only. It offers limited delay to a determined intruder. The fence deters determined intruders. It prevents casual trespassers because of its height.

It deters casual trespassers only.

Technicians are testing the security of an authentication system that uses passwords. When a technician examines the password tables, the technician discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? (Choose two.) Both systems use MD5. Both systems scramble the passwords before hashing. The systems use different hashing algorithms. One system uses hashing and the other uses hashing and salting. One system uses symmetrical hashing and the other uses asymmetrical hashing.

The systems use different hashing algorithms. One system uses hashing and the other uses hashing and salting.

Which statement best describes a motivation of hacktivists? They are part of a protest group behind a political cause. They are interested in discovering new exploits .They are trying to show off their hacking skills. They are curious and learning hacking skills.

They are part of a protest group behind a political cause.

Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.) They collect sensitive information. They require 24-hour monitoring. They make systems more complicated. They contain personal information .They increase processing requirements.They require more equipment.

They collect sensitive information. They contain personal information

What are the two most effective ways to defend against malware? (Choose two.) Implement network firewalls. Update the operating system and other application software. Install and update antivirus software. Implement a VPN.Implement RAID. Implement strong passwords.

Update the operating system and other application software. Install and update antivirus software.

Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use? the private key of Carol the public key of Bob a new pre-shared key the same pre-shared key he used with Alice

a new pre-shared key

The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement? a set of attributes that describes user access rights user login auditing observations to be provided to all employees a biometric fingerprint reader

a set of attributes that describes user access rights

Which technology can be implemented as part of an authentication system to verify the identification of employees? a virtual fingerprint SHA-1 hasha Man trapa smart card reader

a smart card reader

Which access control should the IT department use to restore a system back to its normal state? detective corrective compensative preventive

corrective

You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control? a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data data encryption operations that prevent any unauthorized users from accessing sensitive data data entry controls which only allow entry staff to view current data a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data

a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data

Which two values are required to calculate annual loss expectancy? (Choose two.) single loss expectancy quantitative loss value frequency factor asset value annual rate of occurrence exposure factor

annual rate of occurrence single loss expectancy

An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended? sasset standardization asset identification asset classification asset availability

asset classification

Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information? script kiddies gray hat hacker swhite hat hackers black hat hackers

black hat hackers

What type of application attack occurs when data goes beyond the memory areas allocated to the application? RAM spoofing RAM Injection SQL injection buffer overflow

buffer overflow

A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan? confidentiality, integrity, and availability secrecy, identify, and nonrepudiation encryption, authentication, and identification technologies, policies, and awareness

confidentiality, integrity, and availability

What are two incident response phases? (Choose two.) detection and analysis risk analysis and high availability containment and recovery prevention and containment mitigation and acceptance confidentiality and eradication

containment and recovery detection and analysis


Related study sets

BUAD 281 Final Conceptual Questions

View Set

MAR2023 Exam 2 Practice Questions

View Set

driving- lesson 13: backing up safely

View Set

Chapter 1: American Government and Civic Engagement

View Set

Ch.1 STUDY Guide "Business Ownership & Registration"

View Set

biology test 5, page 5 study material

View Set