Cyber Operations Exam 2
Please briefly explain why a VPN is the technology of choice today when connecting branch locations?
Replaces more costly Telecom leased lines
What encryption algorithm would provide strong protection for data stored on a solid-state drive (SSD) or a hard disk drive (HDD)? a. AES b. DES c. TLS d. SHA1
a. AES
Which of the following best describes the feature(s) that symmetric encryption offers? a. Confidentiality b. Authentication c. Non-Repudiation d. Hashing
a. Confidentiality
Which of the following is true about a root certificate? a. It contains information about the public key of the root certificate authority. b. It contains information about a user. c. It never expires. d. It contains information about a user.
a. It contains information about the public key of the root certificate authority.
What is the main advantage of SIEM compared to a traditional log collector? a. It provides log correlation. b. It provides log storage. c. It provides a log search functionality. d. It provides a GUI.
a. It provides log correlation.
Which of the following hashing algorithms are used in IPsec (choose 2)? a. MD5 b. SHA c. AES 256 d. AES 192
a. MD5 b. SHA
Which of the following entities can be found inside a digital certificate? a. Public key b. IP Address c. DNS Server Address d. Default gateway
a. Public key
What type of technology is possibly involved when an organization needs to deliver authentication and authorization affirmations to a cloud partner? a. SAML b. Active Directory c. RADIUS d. SPML
a. SAML
What type of encryption is typically used for data at rest? a. Symmetric b. Asymmetric c. ElGamal d. RSA
a. Symmetric
In a PKI setup, which of the following operations are accurate? a. The CA creates and signs the certificate. b. The user creates the certificate, and the CA signs it. c. The user signs the certificate after the CA creates it. d. The machine signs the certificate after the user creates it.
a. The CA creates and signs the certificate.
When downloading trial or paid software from the Internet, most often vendors publish MD5 hash values for the software they offer to their customers. How can the customers make use of the MD5 hash? a. The MD5 hash can be used to verify the software's integrity and ensure that no unknown changes were made to the software during or after downloading. b. The MD5 hash is required to activate the software when combined with the license code. c. The MD5 hash is just to illustrate that the software is secure in nature and will offer ciphers. d. The MD5 hash allows the customers to confirm the authenticity of the site from which they are downloading the software.
a. The MD5 hash can be used to verify the software's integrity and ensure that no unknown changes were made to the software during or after downloading.
Which of the following statements is true about clientless SSL VPN? a. The remote client needs only an SSL-enabled web browser to access resources on the private network of the VPN head-end device. b. Clientless SSL VPNs do not provide the same level of encryption as client-based SSL VPNs. c. All of them d. The client must use a digital certificate to authenticate.
a. The remote client needs only an SSL-enabled web browser to access resources on the private network of the VPN head-end device.
Which of the following attributes are exchanged in IKEv1 Phase 1? a. Hashing algorithms b. All of these c. Diffie-Hellman groups d. Encryption algorithms
b. All of these
In asset management, what is used to create a list of assets owned by an organization? a. Asset disposal b. Asset inventory c. Asset acceptable use d. Asset category
b. Asset inventory
An organization is carrying out a controlled security vulnerability scanning and exploitation exercise to classify the functional impact of a possible security incident and trying to establish the severity rating as per NIST CVSS guidelines. During the exercise, the incident leaves the e-commerce server disabled and unrecoverable for approximately 10 minutes and 100% of the organization's clientele. How should this incident be classified as pertinent to the functional impact of this incident according to the NIST scale? a. None b. Critical c. Low d. High
b. Critical
IPsec offers a secure channel via which two or more peers can exchange information over an insecure channel such as the Internet. Which (IPsec) phase is used for private management traffic between VPN peers? a. IKE Phase 2 b. IKE Phase 1 c. IKE Phase 5 d. SSL VPN
b. IKE Phase 1
Which of the following are examples of protocols used for remote-access VPN implementations (choose 2)? a. MPLS b. IPSEC c. GRE d. SSL/TLS
b. IPSEC d. SSL/TLS
Which of the following describes a disadvantage of symmetric encryption-based systems? a. They work slower than asymmetric encryption algorithms. b. Keys must be delivered via a secure channel. c. They are computationally more demanding than asymmetric encryption. d. They are not as secure as asymmetric encryption.
b. Keys must be delivered via a secure channel.
VPN implementations are categorized into which of the following general groups (choose 2)? a. Tunnel VPN b. Remote-Access VPN c. Site-to-Site VPN d. Encrypted VPNs
b. Remote-Access VPN c. Site-to-Site VPN
What is the main advantage of single sign-on? a. SSO is an open-source protocol. b. The user authenticates with SSO and is authorized to access resources on multiple systems. c. The SSO server is a single point of failure. d. The SSO server will automatically update the password on all systems.
b. The user authenticates with SSO and is authorized to access resources on multiple systems.
BYOD gives users (employees) the freedom to bring in personal devices and use them for work-related activities. Which of the following can be a major security risk related to personal smartphones at work? a. Users not upgrading to the latest software updates pushed by the smartphone manufacturing company b. Users downloading potentially unsafe apps that can be the vector for malware introduction c. Users spending most of the time using their personal devices for personal use rather than work d. Users are always being connected to social sites using social media apps
b. Users downloading potentially unsafe apps that can be the vector for malware introduction
Which of the following are commonly used remote-access SSL VPN implementations? a. Proxy Server b. VPN Client software c. Port Reversing d. VPN Concentrator
b. VPN Client software
In an organization, a CA has been deployed with multiple subordinate CAs. What would be the best PKI trust model for this organization to adopt? a. Linked b. Mesh c. Hierarchical d. Bridged
c. Hierarchical
What is an advantage of a system-generated password? a. It is very long. b. It is easy to remember. c. It can be configured to comply with the organization's password policy. d. It includes numbers and letters.
c. It can be configured to comply with the organization's password policy.
In the context of configuration management, which of the following best defines a security baseline configuration? a. The default configuration from the device vendor b. A configuration that can be changed without a formal approval c. The initial server configuration d. A configuration that has been formally reviewed and approved
d. A configuration that has been formally reviewed and approved
What device is the VPN gateway or server typically installed on in today's networks? a. Network Switch b. Windows Server c. Workstation d. Firewall
d. Firewall
In which phase of the identity and account life cycle are the access rights assigned? a. Registration b. Access review c. Identity validation d. Privileges provisioning
d. Privileges provisioning
Security Assertion Markup Language (SAML) is most commonly used in cloud and web-based environments. In the context of SSO capability, which of the following statements is true? a. SAML with SSO defines how secure exchange takes place in SSL and TLS. b. SAML with SSO exchanges UDP protocol messages. c. SAML with SSO is used to authorize a specific subject. d. SAML with SSO is used for identity federation and distributed authentication.
d. SAML with SSO is used for identity federation and distributed authentication.
Which of the following are most commonly used protocols or mechanisms to protect data in motion? a. TLS, IPsec, HTTPS, FTP b. HTTPS, FTPS, IPsec, Telnet c. IPsec, HTTP, SSL, TLS d. SSL, TLS, IPsec, HTTPS
d. SSL, TLS, IPsec, HTTPS
If a hacker was to capture packets of a VPN session, what would they be able to see?
encrypted traffic
