Cybersecurity Chapter 4-6 Questions
A user was hired as the new security officer. One of the first projects was to take inventory of the company assets and create a comprehensive database. Which three pieces of information would the user want to capture in an asset database? (Choose three.)
(1) Workstations (2) Hardware network devices (3) Operating systems
What are three validation criteria used for a validation rule? (Choose three.)
(1) Format (2) Size (3) Range
A user needs to add redundancy to the routers in a company. What are the three options the user can use? (Choose three.)
(1) VRRP (2) HSRP (3) GLBP
What encryption algorithm uses one key to encrypt data and a different key to decrypt data?
Asymmetric
A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?
Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.
A user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing?
Entity integrity
Alice and Bob use the same password to login into the company network. This means both would have the exact same hash for their passwords. What could be implemented to prevent both password hashes from being the same?
Salting
What is the purpose of CSPRNG?
To generate salt
A user is evaluating the security infrastructure of a company and notices that some authentication systems are not using best practices when it comes to storing passwords. The user is able to crack passwords very fast and access sensitive data. The user wants to present a recommendation to the company on the proper implementation of salting toavoid password cracking techniques. What are three best practices in implementing salting? (Choose three.)
(1) A salt should not be reused (2) A salt should be unique for each password (3) A salt must be unique
What are three NIST-approved digital signature algorithms? (Choose three.)
(1) ECDSA (2) RSA (3) DSA
What are three examples of administrative access controls? (Choose three.)
(1) Hiring practices (2) Policies and procedures (3) Background checks
Which two terms are used to describe cipher keys? (Choose two.)
(1) Key length (2) Key space
A user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement?
5
A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use?
HMAC
A recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website?
Poor input validation
A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment. The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?
Qualitative
A company is concerned with traffic that flows through the network. There is a concern that there may be malware that exists that is not being blocked or eradicated by antivirus. What technology can be put in place to detect potential malware traffic on the network?
IDS
What is a strength of using a hashing function?
It is a one-way function and not reversible
A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-awarefirewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network fromthe public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing?
Layered
What term is used to describe the technology that replaces sensitive information with a nonsensitive version?
Masking
A team has been asked to create an incident response plan for security incidents. In what phase of an incident response plan does the team get management approval of the plan?
Preparation
A user is asked to evaluate the security posture of a company. The user looks at past attempts to break into the company and evaluates the threats and exposures to create a report. Which type of risk analysis could the user perform?
Qualitative
A user is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. The user wants to offer a better solution to provide fault tolerance during a drive failure. Which solution is best?
RAID
A user is evaluating the network infrastructure of a company. The user noted many redundant systems and devices in place, but no overall evaluation of the network. In a report, the user emphasized the methods and configurations needed as a whole to make the network fault-tolerant. What is the type of design the user is stressing?
Resilient
A user is instructed by a boss to find a better method to secure passwords in transit. The user has researched several means to do so and has settled on using HMAC. What are the key elements needed to implement HMAC?
Secret key and message digest
A user was hired by a company to provide a highly available network infrastructure. The user wants to build redundancy into the network in case of a switch failure, but wants to prevent Layer 2 looping. What would the user implement in the network?
Spanning Tree Protocol
What term is used to describe concealing data in another file such as a graphic, audio, or other text file?
Steganography
What type of cipher encrypts plaintext one byte or one bit at a time?
Stream
An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?
The data in the image is an exact copy and nothing has been altered by the process
What is the standard for a public key infrastructure to manage digital certificates?
x.509
A user has completed a six month project to identify all data locations and catalog the location. The next step is to classify the data and produce some criteria on data sensitivity. Which two steps can the user take to classify the data? (Choose two.)
(1) Establish the owner of the data (2) Identify sensitivity of the data
A user is asked to evaluate the data center to improve availability for customers. The user notices that there is only one ISP connection, some of the equipment is out of warranty, there are no spare parts, and no one was monitoring the UPS which was tripped twice in one month. Which three deficiencies in high availability has the user identified? (Choose three.)
(1) Failure to detect errors as they occur (2) Failure to design for reliability (3) Single points of failure
A user is a consultant who is hired to prepare a report to Congress as to which industries should be required to maintain five nine availability. Which three industries should the user include in a report? (Choose three.)
(1) Finance (2) Public safety (3) Healthcare
Which three processes are examples of logical access controls? (Choose three.)
(1) Intrusion detection system (IDS) to watch for suspicious network activity (2) Biometrics to validate physical characteristics (3) Firewalls to monitor traffic
Identify three situations in which the hashing function can be applied. (Choose three.)
(1) PKI (2) IPsec (3) CHAP
What are three type of attacks that are preventable through the use of salting? (Choose three.)
(1) Rainbow tables (2) Reverse lookup tables (3) Lookup tables
Which three protocols use asymmetric key algorithms? (Choose three.)
(1) Secure Sockets Layer (SSL) (2) Secure Shell (SSH) (3)Pretty Good Privacy (PGP)
Which three devices represent examples of physical access controls? (Choose three.)
(1) Swipe cards (2) Locks (3) Video cameras
A user is asked to create a disaster recovery plan for a company. The user needs to have a few questions answered by management to proceed. Which three questions should the user ask management as part of the process of creating the plan? (Choose three.)
(1) What is the process? (2) Who is responsible for the process? (3) Where does the individual perform the process?
Which term describes the technology that protects software from unauthorized access or modification?
Watermarking
Which 128-bit block cipher encryption algorithm does the US government use to protect classified information?
AES
Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time?
Block
Which method tries all possible passwords until a match is found?
Brute force
What is the step by step process for creating a digital signature?
Create a message digest; encrypt the digest with the public key of the sender; and bundle the message, encrypted digest, and public key together to sign the document.
What is the term used to describe the science of making and breaking secret codes?
Cryptology
A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?
Deterrent
Which asymmetric algorithm provides an electronic key exchange method to share the secret key?
Diffie-Hellman
A recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person?
Digital signature
A user downloads an updated driver for a video card from a website. A warning message pops up saying the driver is not approved. What does this piece of software lack?
Digital signature
What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?
ECC
A user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username andpassword and the user is able to log in. What is the danger in proceeding with this transaction?
The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.
The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?
Transference
What is the name of the method in which letters are rearranged to create the ciphertext?
Transposition
A security breach has happened at a major corporation. The incident team has responded and executed their incident response plan. During which phase are lessons learned applied?
Post-incident
What encryption algorithm uses the same pre-shared key to encrypt and decrypt data?
Symmetric