Final Quiz PDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 37

Final Quiz

Due No due date Points 100 Questions 50


Time Limit 60 Minutes Allowed Attempts 2

Instructions
This quiz covers all of the content in Cybersecurity Essentials 1.1. It is designed to test the
skills and knowledge presented in the course.
There are multiple task types that may be available in this quiz.
NOTE: Quizzes allow for partial credit scoring on all item types to foster learning. Points on
quizzes can also be deducted for answering incorrectly.
Forms 32901 - 23908

Attempt History
Attempt Time Score
KEPT Attempt 2 35 minutes 98 out of 100

LATEST Attempt 2 35 minutes 98 out of 100

Attempt 1 60 minutes 52 out of 100

Score for this attempt: 98 out of 100


Submitted May 7 at 4:26am
This attempt took 35 minutes.

Question 1 2 / 2 pts

What is an example of early warning systems that can be used to


thwart cybercriminals?

CVE database
Correct!
Honeynet project

ISO/IEC 27000 program

Infragard

Refer to curriculum topic: 1.2.2


Early warning systems help identify attacks and can be
used by cybersecurity specialists to protect systems.

Question 2 2 / 2 pts

Technologies like GIS and IoE contribute to the growth of large


data stores. What are two reasons that these technologies
increase the need for cybersecurity specialists? (Choose two.)

They require 24-hour monitoring.

They require more equipment.

They increase processing requirements.

Correct!  They collect sensitive information.

Correct!  They contain personal information.

They make systems more complicated.


Refer to curriculum topic: 1.1.1
The types of information collected by these technologies
have increased the need for data protection.

Question 3 2 / 2 pts

Which two groups of people are considered internal attackers?


(Choose two.)

Correct!  trusted partners

hacktivists

black hat hackers

amateurs

Correct!  ex-employees

Refer to curriculum topic: 1.4.1


Threats are classified as being from an internal source or
external source. A cybersecurity specialist needs to be
aware of the source of various threats.

Question 4 2 / 2 pts
Which framework should be recommended for establishing a
comprehensive information security management system in an
organization?

ISO OSI model

NIST/NICE framework

Correct!
ISO/IEC 27000

CIA Triad

Refer to curriculum topic: 2.5.1


A cybersecurity specialist needs to be familiar with the
different frameworks and models for managing information
security.

Question 5 2 / 2 pts

Which technology can be implemented as part of an


authentication system to verify the identification of employees?

a Mantrap

a virtual fingerprint

Correct!
a smart card reader

SHA-1 hash
Refer to curriculum topic: 2.2.1
A cybersecurity specialist must be aware of the
technologies available that support the CIA triad.

Question 6 2 / 2 pts

Which technology should be used to enforce the security policy


that a computing device must be checked against the latest
antivirus update before the device is allowed to connect to the
campus network?

NAS

VPN

Correct!
NAC

SAN

Refer to curriculum topic: 2.4.1


A cybersecurity specialist must be aware of the
technologies available to enforce its organization's security
policy.

Question 7 2 / 2 pts
A cybersecurity specialist is working with the IT staff to establish
an effective information security plan. Which combination of
security principles forms the foundation of a security plan?

technologies, policies, and awareness

secrecy, identify, and nonrepudiation

encryption, authentication, and identification

Correct!
confidentiality, integrity, and availability

Refer to curriculum topic: 2.1.1


The CIA Triad is the foundation upon which all information
management systems are developed.

Question 8 2 / 2 pts

An organization allows employees to work from home two days a


week. Which technology should be implemented to ensure data
confidentiality as data is transmitted?

SHS

Correct!
VPN

VLANS

RAID
Refer to curriculum topic: 2.4.1
Protecting data confidentiality requires an understanding of
the technologies used to protect data in all three data
states.

Question 9 2 / 2 pts

What is an impersonation attack that takes advantage of a trusted


relationship between two systems?

Correct!
spoofing

man-in-the-middle

sniffing

spamming

Refer to curriculum topic: 3.3.1


A cybersecurity specialist needs to be familiar with the
characteristics of the different types of malware and
attacks that threaten an organization.

Question 10 2 / 2 pts
What three best practices can help defend against social
engineering attacks? (Choose three.)

Correct!  Do not provide password resets in a chat window.

Add more security guards.

Correct!  Resist the urge to click on enticing web links.

Correct!  Educate employees regarding policies.

Deploy well-designed firewall appliances.

Enable a policy that states that the IT department should supply


information over the phone only to managers.

Refer to curriculum topic: 3.2.2


A cybersecurity specialist must be aware of the
technologies and measures that are used as
countermeasures to protect the organization from threats
and vulnerabilities.

Question 11 2 / 2 pts

Users report that the network access is slow. After questioning the
employees, the network administrator learned that one employee
downloaded a third-party scanning program for the printer. What
type of malware might be introduced that causes slow
performance of the network?
phishing

spam

virus

Correct!
worm

Refer to curriculum topic: 3.1.1


A cybersecurity specialist needs to be familiar with the
characteristics of the different types of malware and
attacks that threaten an organization.

Question 12 2 / 2 pts

An executive manager went to an important meeting. The


secretary in the office receives a call from a person claiming that
the executive manager is about to give an important presentation
but the presentation files are corrupted. The caller sternly
recommends that the secretary email the presentation right away
to a personal email address. The caller also states that the
executive is holding the secretary responsible for the success of
this presentation. Which type of social engineering tactic would
describe this scenario?

Correct!
intimidation

urgency

familiarity
trusted partners

Refer to curriculum topic: 3.2.1


Social engineering uses several different tactics to gain
information from victims.

Question 13 2 / 2 pts

Users report that the database on the main server cannot be


accessed. A database administrator verifies the issue and notices
that the database file is now encrypted. The organization receives
a threatening email demanding payment for the decryption of the
database file. What type of attack has the organization
experienced?

DoS attack

Correct!
ransomeware

Trojan horse

man-in-the-middle attack

Refer to curriculum topic: 3.1.1


A cybersecurity specialist needs to be familiar with the
characteristics of the different types of malware and
attacks that threaten an organization.
Question 14 2 / 2 pts

What type of application attack occurs when data goes beyond


the memory areas allocated to the application?

SQL injection

Correct!
buffer overflow

RAM Injection

RAM spoofing

Refer to curriculum topic: 3.3.3


A cybersecurity specialist needs to be familiar with the
characteristics of the different types of malware and
attacks that threaten an organization.

Question 15 2 / 2 pts

A cyber criminal sends a series of maliciously formatted packets


to the database server. The server cannot parse the packets and
the event causes the server crash. What is the type of attack the
cyber criminal launches?

SQL injection

man-in-the-middle
Correct!
DoS

packet Injection

Refer to curriculum topic: 3.3.1


A cybersecurity specialist needs to be familiar with the
characteristics of the different types of malware and
attacks that threaten an organization.

Question 16 2 / 2 pts

Before data is sent out for analysis, which technique can be used
to replace sensitive data in nonproduction environments to protect
the underlying information?

steganalysis

Correct!
data masking substitution

steganography

software obfuscation

Refer to curriculum topic: 4.3.1


Technologies exist to confuse attackers by changing data
and using techniques to hide the original data.
Question 17 2 / 2 pts

Which statement describes a characteristics of block ciphers?

Block ciphers are faster than stream ciphers.

Block ciphers result in compressed output.

Block ciphers encrypt plaintext one bit at a time to form a block.

Correct!
Block ciphers result in output data that is larger than the input data
most of the time.

Refer to curriculum topic: 4.1.2


Encryption is an important technology used to protect
confidentiality. It is important to understand the
characteristics of the various encryption methodologies.

Question 18 2 / 2 pts

A user has a large amount of data that needs to be kept


confidential. Which algorithm would best meet this requirement?

Diffie-Hellman

ECC
RSA

Correct!
3DES

Refer to curriculum topic: 4.1.4


Encryption is an important technology used to protect
confidentiality. It is important to understand the
characteristics of the various encryption methodologies.

Question 19 2 / 2 pts

An organization has implemented antivirus software. What type of


security control did the company implement?

compensative control

detective control

deterrent control

Correct!
recovery control

Refer to curriculum topic: 4.2.7


A cybersecurity specialist must be aware of the
technologies and measures that are used as
countermeasures to protect the organization from threats
and vulnerabilities.
Question 20 2 / 2 pts

An organization plans to implement security training to educate


employees about security policies. What type of access control is
the organization trying to implement?

technological

physical

logical

Correct!
administrative

Refer to curriculum topic: 4.2.1


Access control prevents an unauthorized user from gaining
access to sensitive data and networked systems. There
are several technologies used to implement effective
access control strategies.

Question 21 2 / 2 pts

Smart cards and biometrics are considered to be what type of


access control?

technological

administrative
physical

Correct!
logical

Refer to curriculum topic: 4.2.1


Access control prevents an unauthorized user from gaining
access to sensitive data and networked systems. There
are several technologies used to implement effective
access control strategies.

Question 22 2 / 2 pts

Which access control strategy allows an object owner to


determine whether to allow access to the object?

MAC

Correct!
DAC

RBAC

ACL
Refer to curriculum topic: 4.2.2
Access control prevents unauthorized user from gaining
access to sensitive data and networked systems. There
are several technologies used to implement effective
access control strategies.

Question 23 0 / 2 pts

Alice and Bob are using public key encryption to exchange a


message. Which key should Alice use to encrypt a message to
Bob?

You Answered the private key of Alice

the private key of Bob

Correct Answer
the public key of Bob

the public key of Alice

Refer to curriculum topic: 4.1.3


Encryption is an important technology used to protect
confidentiality. It is important to understand the
characteristics of the various encryption methodologies.

Question 24 2 / 2 pts
An organization has determined that an employee has been
cracking passwords on administrative accounts in order to access
very sensitive payroll information. Which tools would you look for
on the system of the employee? (Choose three)

Correct!  rainbow tables

password digest

rouge access points

Correct!  reverse lookup tables

algorithm tables

Correct!  lookup tables

Refer to curriculum topic: 5.1.2


Tables that contain possible password combinations are
used to crack passwords.

Question 25 2 / 2 pts

Which technology could be used to prevent a cracker from


launching a dictionary or brute-force attack off a hash?

rainbow tables

AES
MD5

Correct!
HMAC

Refer to curriculum topic: 5.1.3


HMACs use an additional secret key as input to the hash
function. This adds another layer of security to the hash in
order to defeat man-in-the-middle attacks and provide
authentication of the data source.

Question 26 2 / 2 pts

You have been asked to work with the data collection and entry
staff in your organization in order to improve data integrity during
initial data entry and data modification operations. Several staff
members ask you to explain why the new data entry screens limit
the types and size of data able to be entered in specific fields.
What is an example of a new data integrity control?

data encryption operations that prevent any unauthorized users


from accessing sensitive data

a limitation rule which has been implemented to prevent


unauthorized staff from entering sensitive data
Correct!
a validation rule which has been implemented to ensure
completeness, accuracy, and consistency of data

data entry controls which only allow entry staff to view current data

Refer to curriculum topic: 5.4.2


Data integrity deals with data validation.

Question 27 2 / 2 pts

What technique creates different hashes for the same password?

CRC

SHA-256

Correct!
salting

HMAC

Refer to curriculum topic: 5.1.2


Data integrity is one of the three guiding security principles.
A cybersecurity specialist should be familiar with the tools
and technologies used ensure data integrity.
Question 28 2 / 2 pts

Which hashing technology requires keys to be exchanged?

AES

MD5

Correct!
HMAC

salting

Refer to curriculum topic: 5.1.3


The difference between HMAC and hashing is the use of
keys.

Question 29 2 / 2 pts

A VPN will be used within the organization to give remote users


secure access to the corporate network. What does IPsec use to
authenticate the origin of every packet to provide data integrity
checking?

password

salting

Correct!
HMAC
CRC

Refer to curriculum topic: 5.1.3


HMAC is an algorithm used to authenticate. The sender
and receiver have a secret key that is used along with the
data to ensure the message origin as well as the
authenticity of the data.

Question 30 2 / 2 pts

You have been asked to implement a data integrity program to


protect data files that need to be electronically downloaded by the
sales staff. You have decided to use the strongest hashing
algorithm available on your systems. Which hash algorithm would
you select?

MD5

Correct!
SHA-256

AES

SHA-1
Refer to curriculum topic: 5.1.1
MD5 and SHA are the two most popular hashing
algorithms. SHA-256 uses a 256-bit hash, whereas MD5
produces a 128-bit hash value.

Question 31 2 / 2 pts

Alice and Bob are using a digital signature to sign a document.


What key should Alice use to sign the document so that Bob can
make sure that the document came from Alice?

Correct!
private key from Alice

username and password from Alice

public key from Bob

private key from Bob

Refer to curriculum topic: 5.2.2


Alice and Bob are used to explain asymmetric
cryptography used in digital signatures. Alice uses a private
key to encrypt the message digest. The message,
encrypted message digest, and the public key are used to
create the signed document and prepare it for
transmission.
Question 32 2 / 2 pts

Which risk mitigation strategies include outsourcing services and


purchasing insurance?

acceptance

reduction

Correct!
transfer

avoidance

Refer to curriculum topic: 6.2.1


Risk mitigation lessens the exposure of an organization to
threats and vulnerabilities by transferring, accepting,
avoiding, or taking an action to reduce risk.

Question 33 2 / 2 pts

An organization wants to adopt a labeling system based on the


value, sensitivity, and criticality of the information. What element of
risk management is recommended?

asset identification

Correct!
asset classification

asset availability
asset standardization

Refer to curriculum topic: 6.2.1


One of the most important steps in risk management is
asset classification.

Question 34 2 / 2 pts

What are two incident response phases? (Choose two.)

confidentiality and eradication

Correct!  containment and recovery

Correct!  detection and analysis

mitigation and acceptance

risk analysis and high availability

prevention and containment

Refer to curriculum topic: 6.3.1


When an incident occurs, the organization must know how
to respond. An organization needs to develop an incident
response plan that includes several phases.
Question 35 2 / 2 pts

Being able to maintain availability during disruptive events


describes which of the principles of high availability?

uninterruptible services

single point of failure

fault tolerance

Correct!
system resiliency

Refer to curriculum topic: 6.1.1


High availability can be achieved by eliminating or reducing
single points of failure, by implementing system resiliency,
and by designing for fault tolerance.

Question 36 2 / 2 pts

What approach to availability involves using file permissions?

Correct!
limiting

simplicity

layering

obscurity
Refer to curriculum topic: 6.2.2
System and data availability is a critical responsibility of a
cybersecurity specialist. It is important to understand the
technologies, process, and controls used to protect provide
high availability.

Question 37 2 / 2 pts

What is it called when an organization only installs applications


that meet its guidelines, and administrators increase security by
eliminating all other applications?

Correct!
asset standardization

asset classification

asset identification

asset availability
Refer to curriculum topic: 6.2.1
An organization needs to know what hardware and
software are present as a prerequisite to knowing what the
configuration parameters need to be. Asset management
includes a complete inventory of hardware and software.
Asset standards identify specific hardware and software
products that the organization uses and supports. When a
failure occurs, prompt action helps to maintain both access
and security.

Question 38 2 / 2 pts

What approach to availability provides the most comprehensive


protection because multiple defenses coordinate together to
prevent attacks?

limiting

Correct!
layering

obscurity

diversity

Refer to curriculum topic: 6.2.2


Defense in depth utilizes multiple layers of security
controls.
Question 39 2 / 2 pts

Keeping data backups offsite is an example of which type of


disaster recovery control?

corrective

management

detective

Correct!
preventive

Refer to curriculum topic: 6.4.1


A disaster recovery plan enables an organization to
prepare for potential disasters and minimize the resulting
downtime.

Question 40 2 / 2 pts

The awareness and identification of vulnerabilities is a critical


function of a cybersecurity specialist. Which of the following
resources can be used to identify specific details about
vulnerabilities?

NIST/NICE framework

Correct!
CVE national database
Infragard

ISO/IEC 27000 model

Refer to curriculum topic: 6.2.1


A cybersecurity specialist needs to be familiar with the
resources such as the CVE database, Infragard, and the
NIST/NISE framework. All can be used to help plan and
implement effective an information security management
system.

Question 41 2 / 2 pts

Which wireless standard made AES and CCM mandatory?

WPA

Correct!
WPA2

WEP2

WEP

Refer to curriculum topic: 7.1.2


Wireless security depends on several industry standards
and has progressed from WEP to WPA and finally WPA2.
Question 42 2 / 2 pts

Which of the following products or technologies would you use to


establish a baseline for an operating system?

CVE Baseline Analyzer

Correct!
Microsoft Security Baseline Analyzer

MS Baseliner

SANS Baselining System (SBS)

Refer to curriculum topic: 7.1.1


There are many tools that a cybersecurity specialist uses
to evaluate the potential vulnerabilities of an organization.

Question 43 2 / 2 pts

What Windows utility should be used to configure password rules


and account lockout policies on a system that is not part of a
domain?

Computer Management

Correct!
Local Security Policy tool

Event Viewer security log


Active Directory Security tool

Refer to curriculum topic: 7.2.2


A cybersecurity specialist must be aware of the
technologies and measures that are used as
countermeasures to protect the organization from threats
and vulnerabilities. Local Security Policy, Event Viewer,
and Computer Management are Windows utilities that are
all used in the security equation.

Question 44 2 / 2 pts

Which three protocols can use Advanced Encryption Standard


(AES)? (Choose three.)

802.11q

TKIP

WEP

Correct!  WPA

Correct!  802.11i

Correct!  WPA2
Refer to curriculum topic: 7.3.1
Various protocols can be used to provide secure
communication systems. AES is the strongest encryption
algorithm.

Question 45 2 / 2 pts

Which technology can be used to protect VoIP against


eavesdropping?

Correct!
encrypted voice messages

SSH

strong authentication

ARP

Refer to curriculum topic: 7.3.2


Many advanced technologies such as VoIP, streaming
video, and electronic conferencing require advanced
countermeasures.

Question 46 2 / 2 pts
What describes the protection provided by a fence that is 1 meter
in height?

The fence deters determined intruders.

Correct!
It deters casual trespassers only.

It offers limited delay to a determined intruder.

It prevents casual trespassers because of its height.

Refer to curriculum topic: 7.4.1


Security standards have been developed to assist
organizations in implementing the proper controls to
mitigate potential threats. The height of a fence determines
the level of protection from intruders

Question 47 2 / 2 pts

Which protocol would be used to provide security for employees


that access systems remotely from home?

Correct!
SSH

SCP

WPA

Telnet
Refer to curriculum topic: 7.2.1
Various application layer protocols are used to for
communications between systems. A secure protocol
provides a secure channel over an unsecured network.

Question 48 2 / 2 pts

Which national resource was developed as a result of a U.S.


Executive Order after a ten-month collaborative study involving
over 3,000 security professionals?

ISO/IEC 27000

Correct!
NIST Framework

the National Vulnerability Database (NVD)

ISO OSI model

Refer to curriculum topic: 8.3.1


There are many tools that a cybersecurity specialist uses
to evaluate the potential vulnerabilities of an organization.

Question 49 2 / 2 pts
Which law was enacted to prevent corporate accounting-related
crimes?

Correct!
Sarbanes-Oxley Act

Import/Export Encryption Act

Gramm-Leach-Bliley Act

The Federal Information Security Management Act

Refer to curriculum topic: 8.2.2


New laws and regulations have come about to protect
organizations, citizens, and nations from cybersecurity
attacks.

Question 50 2 / 2 pts

Which threat is mitigated through user awareness training and


tying security awareness to performance reviews?

Correct!
user-related threats

cloud-related threats

device-related threats

physical threats
Refer to curriculum topic: 8.1.1
Cybersecurity domains provide a framework for evaluating
and implementing controls to protect the assets of an
organization. Each domain has various countermeasures
available to manage threats.

Quiz Score: 98 out of 100

You might also like