Final Quiz PDF
Final Quiz PDF
Final Quiz PDF
Instructions
This quiz covers all of the content in Cybersecurity Essentials 1.1. It is designed to test the
skills and knowledge presented in the course.
There are multiple task types that may be available in this quiz.
NOTE: Quizzes allow for partial credit scoring on all item types to foster learning. Points on
quizzes can also be deducted for answering incorrectly.
Forms 32901 - 23908
Attempt History
Attempt Time Score
KEPT Attempt 2 35 minutes 98 out of 100
Question 1 2 / 2 pts
CVE database
Correct!
Honeynet project
Infragard
Question 2 2 / 2 pts
Question 3 2 / 2 pts
hacktivists
amateurs
Correct! ex-employees
Question 4 2 / 2 pts
Which framework should be recommended for establishing a
comprehensive information security management system in an
organization?
NIST/NICE framework
Correct!
ISO/IEC 27000
CIA Triad
Question 5 2 / 2 pts
a Mantrap
a virtual fingerprint
Correct!
a smart card reader
SHA-1 hash
Refer to curriculum topic: 2.2.1
A cybersecurity specialist must be aware of the
technologies available that support the CIA triad.
Question 6 2 / 2 pts
NAS
VPN
Correct!
NAC
SAN
Question 7 2 / 2 pts
A cybersecurity specialist is working with the IT staff to establish
an effective information security plan. Which combination of
security principles forms the foundation of a security plan?
Correct!
confidentiality, integrity, and availability
Question 8 2 / 2 pts
SHS
Correct!
VPN
VLANS
RAID
Refer to curriculum topic: 2.4.1
Protecting data confidentiality requires an understanding of
the technologies used to protect data in all three data
states.
Question 9 2 / 2 pts
Correct!
spoofing
man-in-the-middle
sniffing
spamming
Question 10 2 / 2 pts
What three best practices can help defend against social
engineering attacks? (Choose three.)
Question 11 2 / 2 pts
Users report that the network access is slow. After questioning the
employees, the network administrator learned that one employee
downloaded a third-party scanning program for the printer. What
type of malware might be introduced that causes slow
performance of the network?
phishing
spam
virus
Correct!
worm
Question 12 2 / 2 pts
Correct!
intimidation
urgency
familiarity
trusted partners
Question 13 2 / 2 pts
DoS attack
Correct!
ransomeware
Trojan horse
man-in-the-middle attack
SQL injection
Correct!
buffer overflow
RAM Injection
RAM spoofing
Question 15 2 / 2 pts
SQL injection
man-in-the-middle
Correct!
DoS
packet Injection
Question 16 2 / 2 pts
Before data is sent out for analysis, which technique can be used
to replace sensitive data in nonproduction environments to protect
the underlying information?
steganalysis
Correct!
data masking substitution
steganography
software obfuscation
Correct!
Block ciphers result in output data that is larger than the input data
most of the time.
Question 18 2 / 2 pts
Diffie-Hellman
ECC
RSA
Correct!
3DES
Question 19 2 / 2 pts
compensative control
detective control
deterrent control
Correct!
recovery control
technological
physical
logical
Correct!
administrative
Question 21 2 / 2 pts
technological
administrative
physical
Correct!
logical
Question 22 2 / 2 pts
MAC
Correct!
DAC
RBAC
ACL
Refer to curriculum topic: 4.2.2
Access control prevents unauthorized user from gaining
access to sensitive data and networked systems. There
are several technologies used to implement effective
access control strategies.
Question 23 0 / 2 pts
Correct Answer
the public key of Bob
Question 24 2 / 2 pts
An organization has determined that an employee has been
cracking passwords on administrative accounts in order to access
very sensitive payroll information. Which tools would you look for
on the system of the employee? (Choose three)
password digest
algorithm tables
Question 25 2 / 2 pts
rainbow tables
AES
MD5
Correct!
HMAC
Question 26 2 / 2 pts
You have been asked to work with the data collection and entry
staff in your organization in order to improve data integrity during
initial data entry and data modification operations. Several staff
members ask you to explain why the new data entry screens limit
the types and size of data able to be entered in specific fields.
What is an example of a new data integrity control?
data entry controls which only allow entry staff to view current data
Question 27 2 / 2 pts
CRC
SHA-256
Correct!
salting
HMAC
AES
MD5
Correct!
HMAC
salting
Question 29 2 / 2 pts
password
salting
Correct!
HMAC
CRC
Question 30 2 / 2 pts
MD5
Correct!
SHA-256
AES
SHA-1
Refer to curriculum topic: 5.1.1
MD5 and SHA are the two most popular hashing
algorithms. SHA-256 uses a 256-bit hash, whereas MD5
produces a 128-bit hash value.
Question 31 2 / 2 pts
Correct!
private key from Alice
acceptance
reduction
Correct!
transfer
avoidance
Question 33 2 / 2 pts
asset identification
Correct!
asset classification
asset availability
asset standardization
Question 34 2 / 2 pts
uninterruptible services
fault tolerance
Correct!
system resiliency
Question 36 2 / 2 pts
Correct!
limiting
simplicity
layering
obscurity
Refer to curriculum topic: 6.2.2
System and data availability is a critical responsibility of a
cybersecurity specialist. It is important to understand the
technologies, process, and controls used to protect provide
high availability.
Question 37 2 / 2 pts
Correct!
asset standardization
asset classification
asset identification
asset availability
Refer to curriculum topic: 6.2.1
An organization needs to know what hardware and
software are present as a prerequisite to knowing what the
configuration parameters need to be. Asset management
includes a complete inventory of hardware and software.
Asset standards identify specific hardware and software
products that the organization uses and supports. When a
failure occurs, prompt action helps to maintain both access
and security.
Question 38 2 / 2 pts
limiting
Correct!
layering
obscurity
diversity
corrective
management
detective
Correct!
preventive
Question 40 2 / 2 pts
NIST/NICE framework
Correct!
CVE national database
Infragard
Question 41 2 / 2 pts
WPA
Correct!
WPA2
WEP2
WEP
Correct!
Microsoft Security Baseline Analyzer
MS Baseliner
Question 43 2 / 2 pts
Computer Management
Correct!
Local Security Policy tool
Question 44 2 / 2 pts
802.11q
TKIP
WEP
Correct! WPA
Correct! 802.11i
Correct! WPA2
Refer to curriculum topic: 7.3.1
Various protocols can be used to provide secure
communication systems. AES is the strongest encryption
algorithm.
Question 45 2 / 2 pts
Correct!
encrypted voice messages
SSH
strong authentication
ARP
Question 46 2 / 2 pts
What describes the protection provided by a fence that is 1 meter
in height?
Correct!
It deters casual trespassers only.
Question 47 2 / 2 pts
Correct!
SSH
SCP
WPA
Telnet
Refer to curriculum topic: 7.2.1
Various application layer protocols are used to for
communications between systems. A secure protocol
provides a secure channel over an unsecured network.
Question 48 2 / 2 pts
ISO/IEC 27000
Correct!
NIST Framework
Question 49 2 / 2 pts
Which law was enacted to prevent corporate accounting-related
crimes?
Correct!
Sarbanes-Oxley Act
Gramm-Leach-Bliley Act
Question 50 2 / 2 pts
Correct!
user-related threats
cloud-related threats
device-related threats
physical threats
Refer to curriculum topic: 8.1.1
Cybersecurity domains provide a framework for evaluating
and implementing controls to protect the assets of an
organization. Each domain has various countermeasures
available to manage threats.