Cybersecurity Essentials Final Quiz Solved

by
Final Quiz

Cybersecurity Essentials Full Quiz Solved

Final Quiz:

Question 1

  • A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with?
    1. black hat hackers
    2. gray hat hackers
    3. script kiddies
    4. white hat hackers

Explanation: Hackers are classified by colors to help define the purpose of their break-in activities.

Question 2

  • Which statement best describes a motivation of hacktivists?
    1. They are trying to show off their hacking skills.
    2. They are interested in discovering new exploits.
    3. They are curious and learning hacking skills.
    4. They are part of a protest group behind a political cause.

Explanation: Each type of cybercriminal has a distinct motivation for his or her actions.

Question 3

  • What is an example of early warning systems that can be used to thwart cybercriminals?
    1. Infragard
    2. ISO/IEC 27000 program
    3. Honeynet project
    4. CVE database

Explanation: Early warning systems help identify attacks and can be used by cybersecurity specialists to protect systems.

Question 4

  • Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?
    1. SAN
    2. VPN
    3. NAC
    4. NAS

Explanation: A cybersecurity specialist must be aware of the technologies available to enforce its organization’s security policy.

Question 5

  • Which data state is maintained in NAS and SAN services?
    1. stored data
    2. data in-transit
    3. encrypted data
    4. data in-process

Explanation: A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data.

Question 6

  • What are three states of data during which data is vulnerable? (Choose three.)
    1. purged data
    2. stored data
    3. data in-process
    4. data encrypted
    5. data decrypted
    6. data in-transit

Explanation: A cybersecurity specialist must be aware of each of the three states of data to effectively protect data and information. Purged data was stored data. Encrypted and decrypted data can be in any of the three states.

Question 7

  • Which technology can be used to ensure data confidentiality?
    1. hashing
    2. identity management
    3. encryption
    4. RAID

Explanation: A cybersecurity specialist must be aware of the technologies available which support the CIA triad.

Question 8

  • A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?
    1. secrecy, identify, and nonrepudiation
    2. confidentiality, integrity, and availability
    3. technologies, policies, and awareness
    4. encryption, authentication, and identification

Explanation: The CIA Triad is the foundation upon which all information management systems are developed.

Question 9

  • What are the two most effective ways to defend against malware? (Choose two.)
    1. Implement strong passwords.
    2. Implement a VPN.
    3. Implement RAID.
    4. Update the operating system and other application software.
    5. Implement network firewalls.
    6. Install and update antivirus software.

Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

Question 10

  1. What is an impersonation attack that takes advantage of a trusted relationship between two systems?
    1. man-in-the-middle
    2. spoofing
    3. spamming
    4. sniffing

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

Question 11

  1. Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
    1. virus
    2. worm
    3. spam
    4. phishing

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

Question 12

  1. Which statement describes a distributed denial of service attack?”
    1. An attacker views network traffic to learn authentication credentials.
    2. An attacker builds a botnet comprised of zombies.
    3. An attacker sends an enormous quantity of data that a server cannot handle.
    4. One computer accepts data packets based on the MAC address of another computer.

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

Question 13

  1. What type of application attack occurs when data goes beyond the memory areas allocated to the application?
    1. buffer overflow
    2. RAM Injection
    3. SQL injection
    4. RAM spoofing

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

Question 14

  1. What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
    1. sniffing
    2. spoofing
    3. phishing
    4. spamming

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

Question 15

  1. A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?
    1. Look for policy changes in Event Viewer.
    2. Scan the systems for viruses.
    3. Look for unauthorized accounts.
    4. Look for usernames that do not have passwords.

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

Question 16

  1. The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?
    1. user login auditing
    2. a biometric fingerprint reader
    3. observations to be provided to all employees
    4. a set of attributes that describes user access rights

Explanation: Access control prevents unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Question 17

  1. Smart cards and biometrics are considered to be what type of access control?
    1. administrative
    2. technological
    3. logical
    4. physical

Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Question 18

  1. Which access control should the IT department use to restore a system back to its normal state?
    1. compensative
    2. preventive
    3. corrective
    4. detective

Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Question 19

  1. A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?
    1. 3DES
    2. ECC
    3. RSA
    4. Diffie-Hellman

Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

Question 20

  • Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?
    1. the private key of Carol
    2. the public key of Bob
    3. the same pre-shared key he used with Alice
    4. a new pre-shared key

Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

Question 21

  • What happens as the key length increases in an encryption application?
    1. Keyspace increases proportionally.
    2. Keyspace decreases exponentially.
    3. Keyspace decreases proportionally.
    4. Keyspace increases exponentially.

Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

Question 22

  • In which situation would a detective control be warranted?
    1. when the organization needs to repair damage
    2. when the organization needs to look for prohibited activity
    3. when the organization cannot use a guard dog, so it is necessary to consider an alternative
    4. after the organization has experienced a breach in order to restore everything back to a normal state

Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Question 23

  • An organization has implemented antivirus software. What type of security control did the company implement?
    1. recovery control
    2. deterrent control
    3. compensative control
    4. detective control

Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

Question 24

  • You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?
    1. 800-900-4560, 4040-2020-8978-0090, 01/21/2013
    2. male, $25.25, veteran
    3. female, 9866, $125.50
    4. yes/no 345-60-8745, TRF562

Explanation: A string is a group of letters, numbers and special characters. An integer is whole number.  A decimal is a  number that is not a fraction.

Question 25

  • Which hashing technology requires keys to be exchanged?
    1. salting
    2. AES
    3. HMAC
    4. MD5

Explanation: The difference between HMAC and hashing is the use of keys.

Question 26

  • Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions?
    1. data hashing
    2. symmetrical encryption
    3. digital certificates
    4. asymmetrical encryption

Explanation: Digital certificates protect the parties involved in secure communications.

Question 27

  • What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?
    1. digital signature
    2. digital certificate
    3. asymmetric encryption
    4. salting

Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

Question 28

  • Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?
    1. private key from Bob
    2. private key from Alice
    3. username and password from Alice
    4. public key from Bob

Explanation: Alice and Bob are used to explain asymmetric cryptography used in digital signatures. Alice uses a private key to encrypt the message digest. The message, encrypted message digest, and the public key are used to create the signed document and prepare it for transmission.

Question 29

  • What is a feature of a cryptographic hash function?
    1. Hashing requires a public and a private key.
    2. The hash function is a one-way mathematical function.
    3. The output has a variable length.
    4. The hash input can be calculated given the output value.

Explanation: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies used ensure data integrity.

Question 30

  • A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?
    1. salting
    2. HMAC
    3. CRC
    4. Password

Explanation: HMAC is an algorithm used to authenticate. The sender and receiver have a secret key that is used along with the data to ensure the message origin as well as the authenticity of the data.

Question 31

  • Which hashing algorithm is recommended for the protection of sensitive, unclassified information?
    1. MD5
    2. SHA-256
    3. 3DES
    4. AES-256

Explanation: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies used ensure data integrity.

Question 32

  • Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?
    1. quantitative analysis
    2. exposure factor analysis
    3. loss analysis
    4. qualitative analysis

Explanation: A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

Question 33

  • What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?
    1. asset classification
    2. asset availability
    3. asset standardization
    4. asset identification

Explanation: An organization needs to know what hardware and software are present as a prerequisite to knowing what the configuration parameters need to be. Asset management includes a complete inventory of hardware and software. Asset standards identify specific hardware and software products that the organization uses and supports. When a failure occurs, prompt action helps to maintain both access and security.

Question 34

  • Keeping data backups offsite is an example of which type of disaster recovery control?
    1. management
    2. preventive
    3. detective
    4. corrective

Explanation: A disaster recovery plan enables an organization to prepare for potential disasters and minimize the resulting downtime.

Question 35

  • What are two incident response phases? (Choose two.)
    1. detection and analysis
    2. confidentiality and eradication
    3. prevention and containment
    4. mitigation and acceptance
    5. containment and recovery
    6. risk analysis and high availability

Explanation: When an incident occurs, the organization must know how to respond. An organization needs to develop an incident response plan that includes several phases.

Question 36

  • The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?
    1. quantitative analysis
    2. qualitative analysis
    3. loss analysis
    4. protection analysis

Explanation: A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

Question 37

  • What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks?
    1. obscurity
    2. limiting
    3. layering
    4. diversity

Explanation: Defense in depth utilizes multiple layers of security controls.

Question 38

  • Being able to maintain availability during disruptive events describes which of the principles of high availability?
    1. fault tolerance
    2. system resiliency
    3. single point of failure
    4. uninterruptible services

Explanation: High availability can be achieved by eliminating or reducing single points of failure, by implementing system resiliency, and by designing for fault tolerance.

Question 39

  • There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive?
    1. department stores at the local mall
    2. the New York Stock Exchange
    3. the U.S. Department of Education
    4. the front office of a major league sports team

Explanation: System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability.

Question 40

  • Which risk mitigation strategies include outsourcing services and purchasing insurance?
    1. reduction
    2. avoidance
    3. acceptance
    4. transfer

Explanation: Risk mitigation lessens the exposure of an organization to threats and vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce risk.

Question 41

  • Which utility uses the Internet Control Messaging Protocol (ICMP)?
    1. NTP
    2. ping
    3. RIP
    4. DNS

Explanation: ICMP is used by network devices to send error messages.

Question 42

  • Which technology can be used to protect VoIP against eavesdropping?
    1. strong authentication
    2. encrypted voice messages
    3. ARP
    4. SSH

Explanation: Many advanced technologies such as VoIP, streaming video, and electronic conferencing require advanced countermeasures.

Question 43

  • What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?
    1. Local Security Policy tool
    2. Event Viewer security log
    3. Computer Management
    4. Active Directory Security tool

Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. Local Security Policy, Event Viewer, and Computer Management are Windows utilities that are all used in the security equation.

Question 44

  • In a comparison of biometric systems, what is the crossover error rate?
    1. rate of false positives and rate of acceptability
    2. rate of false negatives and rate of false positives
    3. rate of rejection and rate of false negatives
    4. rate of acceptability and rate of false negatives

Explanation: In comparing biometric systems, there are several important factors to consider including accuracy, speed or throughput rate, and acceptability to users.

Question 45

  • Which protocol would be used to provide security for employees that access systems remotely from home?
    1. WPA
    2. SSH
    3. SCP
    4. Telnet

Explanation: Various application layer protocols are used to for communications between systems. A secure protocol provides a secure channel over an unsecured network.

Question 46

  • Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)
    1. WPA
    2. TKIP
    3. WPA2
    4. 802.11i
    5. 802.11q
    6. WEP

Explanation: Various protocols can be used to provide secure communication systems. AES is the strongest encryption algorithm.

Question 47

  • Mutual authentication can prevent which type of attack?
    1. wireless poisoning
    2. wireless sniffing
    3. wireless IP spoofing
    4. man-in-the-middle

Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

Question 48

  • Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?
    1. CERT
    2. The National Vulnerability Database website
    3. The Advanced Cyber Security Center
    4. Internet Storm Center

Explanation: There are several cybersecurity information websites that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization. Some of these websites are the National Vulnerability Database, CERT, the Internet Storm Center, and the Advanced Cyber Security Center.

Question 49

  • Which threat is mitigated through user awareness training and tying security awareness to performance reviews?
    1. user-related threats
    2. device-related threats
    3. cloud-related threats
    4. physical threats

Explanation: Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization. Each domain has various countermeasures available to manage threats.

Question 50

  • HVAC, water system, and fire systems fall under which of the cybersecurity domains?
    1. device
    2. network
    3. physical facilities
    4. user

Explanation: Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization.

Leave a Comment