Test Prep
Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as? a. Repudiation b. Nonrepudiation c. Obfuscation d. Integrity
b. Nonrepudiation
Which of the following techniques is the best fit for monitoring traffic on switches with large volumes of traffic? a. Port spanning b. Port TAP c. Signature-based monitoring c. Port mirroring
b. Port TAP
Which of the following is a layer 2 attack? a. ARP poisoning b. DNS poisoning c. DDoS d. DNS hijacking
a. ARP poisoning
Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this? a. Deprecation attack b. Pullback attack c. Downgrade attack d. Obfuscation attack
c. Downgrade attack
Luna is reading a book about the history of cybercrime. She read that the very first cyberattacks that occurred were mainly for what purpose? a. Financial gain b. Fortune c. Fame d. Personal security
c. Fame
Which of the following is not to be decrypted but is only used for comparison purposes? a. Digest b. Key c. Stream d. Algorithm
a. Digest
Which of the following access management controls best fits a home network? a. Discretionary access control b. Role-based access control c. Mandatory access control d. Rule-based access control
a. Discretionary access control
Melvin is moving his small business from his basement to an office building now that he has five full-time employees. What type of enterprise AP should he choose when setting up the new office's WLAN? a. Fat AP b. Standalone AP c. Controller AP d. Captive portal AP
a. Fat AP
What is data called that is to be encrypted by inputting it into a cryptographic algorithm? a. Plaintext b. Byte-text c. Cleartext d. Ciphertext
a. Plaintext
Which of the following is a social engineering method that attempts to influence the subject before the event occurs? a. Prepending b. Redirection c. Watering hole d. Spear phishing
a. Prepending
Which of the following RAID configurations have no fault tolerance? a. RAID level 0 b. RAID level 1 c. RAID level 5 d. RAID level 10
a. RAID level 0
What are public key systems that generate different random public keys for each session? a. Public Key Exchange (PKE) b. perfect forward secrecy c. Elliptic Curve Diffie-Hellman (ECDH) d. Diffie-Hellman (DH)
b. perfect forward secrecy
Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha's system:On booting the computer, the following message was flashing on the computer screen with the IRS logo:"This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of the law. You may make a secure payment by clicking on the following link. If you face any issues, you may reach out to us at [email protected]." The message will not close, nor is there access to applications or files on the computer; however, James can open shared files and folders on Smitha's computer through the network. What is your inference about the problem faced by Smitha on her computer? a. Smitha's computer is compromised by ransomware. b. Smitha's computer is compromised by a PUP. c. Smitha's computer is compromised by cryptomalware. d. Smitha's computer is compromised by spyware.
a. Smitha's computer is compromised by ransomware.
What is a collision? a. Two files produce the same digest. b. Two ciphertexts have the same length. c. Two algorithms have the same key. d. Two keys are the same length
a. Two files produce the same digest.
Which of the following human characteristic is used for authentication? a. Veins b. Facial expression c. Breathing pattern d. Height
a. Veins
Which of these is the strongest symmetric cryptographic algorithm? a. Data Encryption Standard b. Advanced Encryption Standard c. Triple Data Encryption Standard d. RC 1
b. Advanced Encryption Standard
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? a. Alice's private key b. Alice's public key c. Bob's public key d. Bob's private key
b. Alice's public key
Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond? a. RSA has no known weaknesses. b. As computers become more powerful, the ability to compute factoring has increased. c. RSA weaknesses are based on ECC. d. The digest produced by the RSA algorithm is too short to be secure.
b. As computers become more powerful, the ability to compute factoring has increased.
James is a black hat hacker employed as an authorized officer at Apple. He has credentials and signed a non-disclosure agreement to perform advanced penetration testing on the iOS 6.1.6 operating system, and has already gained low-level access to the mobile device using a backdoor. Which of the following actions should James take to design/create his own custom firmware to exploit underlying vulnerabilities and gain a higher level of access to a UNIX shell with root privileges, essentially allowing them to do anything on the device? a. Copy the source code of open-source Mimikatz and build custom software from it b. Clone and inherit the source code of the open-source software "P0sixspwn" c. Copy the source code of the open-source BlackArch tool and build custom software from it d. Clone and inherit the source code of the open-source software "Pwnage"
b. Clone and inherit the source code of the open-source software "P0sixspwn"
Which of these is NOT a characteristic of a secure hash algorithm? a. The results of a hash function should not be reversed. b. Collisions should occur no more than 15 percent of the time. c. A message cannot be produced from a predefined hash. d. The hash should always be the same fixed size.
b. Collisions should occur no more than 15 percent of the time.
Which of the following is a state of data, where data is transmitted across a network? a. Data in processing b. Data in transit c. Data at rest d. 3DES
b. Data in transit
Which of these provides cryptographic services and is external to the device? a. Trusted Platform Module (TPM) b. Hardware Security Module (HSM) c. Self-encrypting hard disk drives (SED) d. Encrypted hardware-based USB devices
b. Hardware Security Module (HSM)
Which of the following tools can be used to scan 16 IP addresses for vulnerabilities? a. App Scan b. Nessus Essentials c. QualysGuard d. Nessus
b. Nessus Essentials
Which of the following is NOT a symmetric cryptographic algorithm? a. DES b. SHA c. Blowfish d. 3DES
b. SHA
Which of the following is TRUE regarding the relationship between security and convenience? a. Security is less important than convenience. b. Security and convenience are inversely proportional. c. Security and convenience are equal in importance. d. Security and convenience have no relationship.
b. Security and convenience are inversely proportional.
What is low latency? a. A low-power source requirement of a sensor. b. The time between when a byte is input into a cryptographic cipher and when the output is obtained. c. The requirements for an IoT device that is using a specific network. d. The delay between when a substitution cipher decrypts the first block and when it finishes with the last block
b. The time between when a byte is input into a cryptographic cipher and when the output is obtained.
Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide? a. Verify the sender b. Verify the receiver c. Prove the integrity of the message d. Enforce nonrepudiation
b. Verify the receiver
Makayla has created software for automating the accounting process at ABL Manufacturing. She completed the software development, with testing done during development at individual stages. Before putting the software into production, Mary, who is in charge of the testing software, ran the application using tools and generated a report giving the various inputs and corresponding exceptions generated by the application.What process did Mary use? a. Dead coding b. Camouflaged coding c. Fuzzing d. Code signing
c. Fuzzing
Which of the following is FALSE about "security through obscurity"? a. It attempts to hide its existence from outsiders. b. It can only provide limited security. c. It is essentially impossible. d. Proprietary cryptographic algorithms are an example.
c. It is essentially impossible.
Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this? a. XOR b. XAND13 c. ROT13 d. Alphabetic
c. ROT13
Which of these is NOT a basic security protection for information that cryptography can provide? a. Integrity b. Authenticity c. Risk d. Confidentiality
c. Risk
Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest? a. SHA-256 b. MD5 c. SHA3-512 d. SHA6-6
c. SHA3-512
Which of the following hides the existence of information? a. Encryption b. Decryption c. Steganography d. Ciphering
c. Steganography
Robert has two cryptographic keys, and he needs to determine which of them is less prone to being attacked. The cryptoperiod is limited and equal for both the keys. The first key has a length of 2 and uses 16 characters, while the other key has a length of 3 and uses 15 characters. Which of the following is the best conclusion for Robert to come to? a. Both the keys are equally secure. b. Neither of the keys are secure because they both have a limited cryptoperiod. c. The second key is more secure than the first key. d. The first key is more secure than the second key.
c. The second key is more secure than the first key.
Which type of hacker will probe a system for weaknesses and then privately provide that information back to the organization? a. Black hat hackers b. Gray hat hackers c. White hat hackers d. Red hat hackers
c. White hat hackers
In an interview, Tom was asked to give a brief on how containers perform virtualization. How should Tom reply? a. Containers use Type I hypervisors for virtualization b. Containers use hardware hypervisors for virtualization c. Containers use dedicated physical storage for virtualization d. Containers use OS components for virtualization
d. Containers use OS components for virtualization
Several quantitative tools like mean time between failure (MTBF), mean time to recovery (MTTR), mean time to failure (MTTF), and failure in time (FIT) can be used to predict the likelihood of the risk. Which of these tools perform similar functions? a. MTTF and MTTR b. MTBF and FIT c. MTBF and MTTF d. FIT and MTTR
d. FIT and MTTR
Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)? a. It provides cryptographic services in hardware instead of software. b. It can generate asymmetric cryptographic public and private keys. c. It can easily be transported to another computer. d. It includes a pseudorandom number generator (PRNG).
d. It includes a pseudorandom number generator (PRNG).