ITC Final Exam PDF
Document Details
Tags
Summary
This document is an ITC final exam, covering topics on cybersecurity attacks, vulnerabilities, and important information to protect. It contains questions and explanations, focusing on concepts like DDoS, phishing, and access control.
Full Transcript
Chapter 1 1. What type of attack uses many systems to flood the resources of a target, thus making the target unavailable? ping sweep DoS spoof DDoS Explanation: DDoS is is an attack that involves multiple systems. DoS involves only a single attack system. 2. What d...
Chapter 1 1. What type of attack uses many systems to flood the resources of a target, thus making the target unavailable? ping sweep DoS spoof DDoS Explanation: DDoS is is an attack that involves multiple systems. DoS involves only a single attack system. 2. What does the term vulnerability mean? a known target or victim machine a weakness that makes a target susceptible to an attack a potential threat that a hacker creates a computer that contains sensitive information a method of attack to exploit a target Explanation: A vulnerability is not a threat, but it is a weakness that makes the PC or the software a target for attacks. 3. What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence? Protect and Defend Securely Provision Oversight and Development Analyze Explanation: The “Analyze” category of the workforce framework includes specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness. 4. Thwarting cyber criminals includes which of the following? (Choose two.) hiring hackers shutting down the network sharing cyber Intelligence information establishing early warning systems changing operating systems Explanation: Organization can join efforts to thwart cyber crime by establishing early warning systems and sharing cyber intelligence. 5. What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU? DDoS exhaustion APT algorithm Explanation: Algorithm attacks can force computers to use memory or overwork the CPU. 6. Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.) food rock medical flight game education employment Explanation: Employment, medical, and education records are important to protect because they contain personal information. 7. What name is given to a amateur hacker? script kiddie blue team red hat black hat Explanation: Script kiddies is a term used to describe inexperienced hackers. 8. What name is given to hackers who hack for a cause? white hat hactivist hacker blue hat Explanation: The term is used to describe gray hackers who rally and protect for a cause. 9. What does the term BYOD represent? bring your own decision bring your own disaster buy your own disaster bring your own device Explanation: The term bring-your-own-device is used to describe mobile devices such as iPhones, smartphones, tablets, and other devices AD 10. What is an example of an Internet data domain? Palo Alto Cisco Juniper Linkedin Explanation: A data domain is a repository for data. 11. What does the acronym IoE represent? Insight into Everything Internet of Everything Intelligence on Everything Internet of Everyday Explanation: Internet of Everything is the term used for Internet-connected devices Chapter 2 1. What is identified by the first dimension of the cybersecurity cube? tools knowledge goals safeguards rules Explanation: The first dimension of the cybersecurity sorcery cube identifies the goals or security principles required to protect the cyber world. AD 2. What are three types of sensitive information? (Choose three.) declassified public PII business published classified Explanation: Sensitive information is information that would otherwise cause harm to a company or individual if publicly disclosed. 3. What are two common hash functions? (Choose two.) Blowfish SHA MD5 ECC RC4 RSA Explanation: SHA and MD5 use use complex mathematical algorithms to compute hash values. 4. What service determines which resources a user can access along with the operations that a user can perform? authentication biometric authorization accounting token Explanation: Authorization determines whether a user has certain access privileges. 5. What type of cybersecurity laws protect you from an organization that might want to share your sensitive data? authentication confidentiality nonrepudiation privacy integrity Explanation: Privacy laws control appropriate use of data and access to data. AD 6. What three design principles help to ensure high availability? (Choose three.) detect failures as they occur eliminate single points of failure check for data consistency use encryption provide for reliable crossover ensure confidentiality Explanation: High availability systems typically include these three design principles. 7. For the purpose of authentication, what three methods are used to verify identity? (Choose three.) where you are something you are something you know something you do something you have Explanation: The forms of authentication are something you know, have , or are. 8. What two methods help to ensure system availability? (Choose two.) integrity checking system backups up-to-date operating systems system resiliency fire extinguishers equipment maintenance 9. What name is given to a storage device connected to a network? NAS SAN RAID Cloud DAS Explanation: NAS refers to a storage device connected to a network that allows storage and retrieval of data from a centralized location by authorized network users. AD 10. What are two methods that ensure confidentiality? (Choose two.) authorization availability nonrepudiation authentication integrity encryption Explanation: Confidentiality means viewing of information only for those who need to know. This can be accomplished by encrypting data and authenticating users who request access. 11. What is a secure virtual network called that uses the public network? MPLS IDS Firewall NAC IPS VPN Explanation: The term VPN describes a virtual network that uses encryption to protect data when traveling across Internet media. 12. What mechanism can organizations use to prevent accidental changes by authorized users? SHA-1 backups version control hashing encryption Explanation: Version control ensures that two users cannot update the same object. 13. What is a method of sending information from one device to another using removable media? wired infrared LAN packet wireless sneaker net Explanation: Sneaker net refers to hand delivering the removable data. AD 14. What are the three foundational principles of the cybersecurity domain? (Choose three.) policy integrity availability confidentiality security encryption Explanation: Three foundational security principles are confidentiality, integrity and availability. 15. Which two methods help to ensure data integrity? (Choose two.) data consistency checks privacy hashing availability authorization repudiation Explanation: Data integrity systems include one of the two data integrity methods. 16. What three tasks are accomplished by a comprehensive security policy? (Choose three.) useful for management defines legal consequences of violations is not legally binding gives security staff the backing of management vagueness sets rules for expected behavior Explanation: The security policy of an organization accomplishes several tasks: It demonstrates the commitment to security by an organization. It sets the rules for expected behavior. It ensures consistency in system operations, and software and hardware acquisition use and maintenance. It defines the legal consequences of violations. It gives security staff the backing of management. 17. What principle prevents the disclosure of information to unauthorized people, resources, and processes? integrity confidentiality nonrepudiation accounting availability Explanation: The security principle of confidentiality refers to the prevention of the disclosure of information to unauthorized people, resources, and processes. AD 18. What are the three states of data? (Choose three.) suspended in-cloud at rest in-transit in-process encrypted Explanation: The protection of the cyber world requires cybersecurity professionals to account for the safeguarding of data in-transit, in-cloud, and at rest. 19. What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures? deletion modification dissemination corruption backup integrity Explanation: Modification involves changes to the original data and not complete deletion of the data. 20. What are three access control security services? (Choose three.) access authentication repudiation authorization accounting availability Explanation: This question refers to AAA authentication, authorization, and accountability. 21. What three methods help to ensure system availability? (Choose three.) system backups system resiliency equipment maintenance fire extinguishers up-to-date operating systems integrity checking Explanation: Methods used to ensure high availability include system redundancy, system backups, increased system resiliency, equipment maintenance, operating system and software updates and patches, and proactive plans for swift recovery from unforeseen disasters. Chapter 3 1.What are two common indicators of spam mail? (Choose two.) The email is from a friend. The email has no subject line. The email has keywords in it. The email has misspelled words or punctuation errors or both. The email is from your supervisor. The email has an attachment that is a receipt for a recent purchase. Explanation: Spam is a common method of advertising through the use of unsolicited email and may contain malware. AD 2.What is the term used to describe an email that is targeting a specific person employed at a financial institution? spyware target phishing spear phishing spam vishing Explanation: Spear phishing is a phishing attack customized to reach a specific person or target. 3.Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website? grayware spam smishing impersonation Explanation: Smishing is also known as SMS phishing and is used to send deceptive text messages to trick a user into calling a phone number or visiting a specific website. 4.What does a rootkit modify? Microsoft Word programs screen savers operating system Notepad Explanation: A rootkit commonly modifies an operating system to create a backdoor to bypass normal authentication mechanisms. 5.What is the name given to a program or program code that bypasses normal authentication? virus worm Trojan backdoor ransomware Explanation: A backdoor is a program or program code implemented by a criminal to bypass the normal authentication that is used to access a system. AD 6.A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this? a type of worm a type of logic bomb a type of ransomware a type of virus Explanation: Ransomware commonly encrypts data on a computer and makes the data unavailable until the computer user pays a specific sum of money. 7. What is the difference between a virus and a worm? Viruses self-replicate but worms do not. Worms require a host file but viruses do not. Worms self-replicate but viruses do not. Viruses hide in legitimate programs but worms do not. Explanation: Worms are able to self-replicate and exploit vulnerabilities on computer networks without user participation. 8. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? Trojan vishing phishing backdoor social engineering Explanation: Phishing is used by malicious parties who create fraudulent messages that attempt to trick a user into either sharing sensitive information or installing malware. 9. What are two ways to protect a computer from malware? (Choose two.) Empty the browser cache. Use antivirus software. Delete unused software. Keep software up to date. Defragment the hard disk. Explanation: At a minimum, a computer should use antivirus software and have all software up to date to defend against malware. AD 10. What occurs on a computer when data goes beyond the limits of a buffer? an SQL injection cross-site scripting a buffer overflow a system exception Explanation: A buffer overflow occurs by changing data beyond the boundaries of a buffer and can lead to a system crash, data compromise, or cause escalation of privileges. 11.An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this? RF jamming bluesnarfing smishing bluejacking Explanation: Blusnarfing is the copying of user information through unauthorized Bluetooth transmissions. 12. A criminal is using software to obtain information about the computer of a user. What is the name of this type of software? phishing virus adware spyware Explanation: Spyware is software that tracks the activity of a user and obtains information about that user. 13. What is the meaning of the term logic bomb? a malicious worm a malicious program that uses a trigger to awaken the malicious code a malicious virus a malicious program that hides itself in a legitimate program Explanation: A logic bomb remains inactive until a trigger event occurs. Once activated, a logic bomb runs malicious code that causes harm to a computer. AD 14.What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.) intimidation honesty urgency compassion integrity Explanation: Social engineering tactics include the following: Authority Intimidation Consensus/Social Proof Scarcity Urgency Familiarity/Liking Trust 15.What is the name for the type of software that generates revenue by generating annoying pop-ups? pop-ups adware spyware trackers Explanation: Adware is a type of malware that displays pop-ups on a computer to generate revenue for the creator of the malware. 16. What is a vulnerability that allows criminals to inject scripts into web pages viewed by users? buffer overflow Cross-site scripting SQL injection XML injection Explanation: Cross-site scripting (XSS) allows criminals to inject scripts that contain malicious code into web applications. 17. Which two reasons describe why WEP is a weak protocol? (Choose two.) WEP uses the same encryption features as Bluetooth. The key is static and repeats on a congested network. The default settings cannot be modified. Everyone on the network uses a different key. The key is transmitted in clear text. Explanation: The initialization vector (IV) of WEP is as follows: Is a 24-bit field, which is too small Is cleartext and readable Is static and causes identical key streams to repeat on a busy network AD 18. What type of attack targets an SQL database using the input field of a user? buffer overflow XML injection Cross-site scripting SQL injection Explanation: A criminal can insert a malicious SQL statement in an entry field on a website where the system does not filter the user input correctly. Chapter 4 1.Which asymmetric algorithm provides an electronic key exchange method to share the secret key? RSA Diffie-Hellman WEP DES hashing Explanation: Diffie-Hellman provides an electronic exchange method to share a secret key and is used by multiple secure protocols. AD 2.What encryption algorithm uses one key to encrypt data and a different key to decrypt data? transposition symmetric asymmetric one-time pad Explanation: Asymmetric encryption uses one key to encrypt data and a different key to decrypt data. 3. What type of cipher encrypts plaintext one byte or one bit at a time? block stream hash enigma elliptical Explanation: Stream ciphers encrypt plaintext one byte or one bit at a time, and can be much faster than block ciphers. 4. What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange? ECC RSA AES El-Gamal IDEA Explanation: Elliptic curve cryptography (ECC) uses elliptic curves as part of the algorithm for digital signature generation and key exchange. 5.What is the term used to describe the science of making and breaking secret codes? factorization cryptology impersonation spoofing jamming Explanation: Cryptology is the science of making and breaking codes to make sure that cyber criminals cannot easily compromise protected information. AD 6.Which three processes are examples of logical access controls? (Choose three.) intrusion detection system (IDS) to watch for suspicious network activity firewalls to monitor traffic guards to monitor security screens fences to protect the perimeter of a building swipe cards to allow access to a restricted area biometrics to validate physical characteristics Explanation: Logical access controls includes but is not limited to the following: Encryption Smart cards Passwords Biometrics Access Control Lists (ACLs) Protocols Firewalls Intrusion Detection Systems (IDS) 7.What term is used to describe concealing data in another file such as a graphic, audio, or other text file? masking hiding obfuscation steganography Explanation: Steganography conceals data in a file such as a graphic, audio, or other text file and is used to prevent extra attention to the encrypted data because the data is not easily viewed. 8.What are three examples of administrative access controls? (Choose three.) policies and procedures encryption background checks hiring practices intrusion detection system (IDS) guard dogs Explanation: Administrative access controls are defined by organizations to implement and enforce all aspects of controlling unauthorized access and include the following: Policies Procedures Hiring practices Background checks Data classification Security training Reviews 9.Which three protocols use asymmetric key algorithms? (Choose three.) Secure File Transfer Protocol (SFTP) Telnet Pretty Good Privacy (PGP) Secure Shell (SSH) Advanced Encryption Standard (AES) Secure Sockets Layer (SSL) Explanation: Four protocols use asymmetric key algorithms: Internet Key Exchange (IKE) Secure Socket Layer (SSL) Secure Shell (SSH) Pretty Good Privacy (PGP) AD 10.A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented? masking deterrent detective preventive Explanation: Deterrents are implemented to discourage or mitigate an action or the behavior of a malicious person. 11. Which term describes the technology that protects software from unauthorized access or modification? copyright watermarking access control trademark Explanation: Software watermarking inserts a secret message into the program as proof of ownership and protects software from unauthorized access or modification. 12. What encryption algorithm uses the same pre-shared key to encrypt and decrypt data? hash asymmetric one-time pad symmetric Explanation: Symmetric encryption algorithms use the same pre-shared key to encrypt and decrypt data. 13.Which two terms are used to describe cipher keys? (Choose two.) key space key randomness keylogging key length AD 14.Match the type of multifactor authentication with the description. Explanation: Multi-factor authentication uses a minimum of two methods of verification and can include the following: Something you have Something you know Something you are 15. What is the name of the method in which letters are rearranged to create the ciphertext? substitution transposition one-time pad enigma Explanation: Ciphertext can be created by using the following: Transposition – letters are rearranged Substitution – letters are replaced One-time pad – plaintext combined with a secret key creates a new character, which then combines with the plaintext to produce ciphertext 16. Which 128-bit block cipher encryption algorithm does the US government use to protect classified information? Vignere AES Caesar 3DES Skipjack Explanation: The Advanced Encryption Standard (AES) is used to protect classified information by the U.S. government and is a strong algorithm that uses longer key lengths. AD 17.Match the description with the correct term. (Not all targets are used.) steganography —> hiding data within an audio file steganalysis —> discovering that hidden information exists within a graphic file social steganography —> creating a message that says one thing but means something else to a specific audience obfuscation —> making a message confusing so it is harder to understand Other Incorrect Match Options: replacing sensitive information in a file with nonsensitive information 18. What term is used to describe the technology that replaces sensitive information with a nonsensitive version? blanking whiteout masking retracting hiding Explanation: Data masking replaces sensitive information with nonsensitive information. After replacement, the nonsensitive version looks and acts like the original. 19. Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time? transform stream hash symmetric block Explanation: Block ciphers transform a fixed-length block of plaintext into a block of ciphertext. To decrypt the ciphertext, the same secret key to encrypt is used in reverse. 20. Which three devices represent examples of physical access controls? (Choose three.) locks routers swipe cards firewalls servers video cameras Explanation: Physical access controls include but are not limited to the following:Guards Fences Motion detectors Laptop locks Locked doors Swipe cards Guard dogs Video cameras Mantraps Alarms Chapter 5 1. Identify three situations in which the hashing function can be applied. (Choose three.) DES PKI PPoE IPsec CHAP WPA Explanation: Three situations where a hash function could be used are as follows: When IPsec is being used When routing authentication is enabled In challenge responses within protocols such as PPP CHAP Within digitally signed contracts and PKI certificates AD 2. A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded? Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded. Turn off antivirus on all the computers. Distribute the program on a thumb drive. Encrypt the program and require a password after it is downloaded. Install the program on individual computers. Explanation: Hashing is a method to ensure integrity and ensures that the data is not changed. 3. A recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person? non-repudiation digital signature asymmetric key hashing Explanation: Digital signatures ensures non-repudiation or the ability not to deny that a specific person sent a message. 4. What are three NIST-approved digital signature algorithms? (Choose three.) DSA ECDSA SHA256 MD5 RSA SHA1 Explanation: NIST chooses approved algorithms based on public key techniques and ECC. The digital signature algorithms approved are DSA, RSA, and ECDSA. 5. Alice and Bob use the same password to login into the company network. This means both would have the exact same hash for their passwords. What could be implemented to prevent both password hashes from being the same? peppering pseudo-random generator salting RSA Explanation: A password is stored as a combination of both a hash and a salt. AD 6. What is the step by step process for creating a digital signature? Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document. Create a message digest; encrypt the digest with the public key of the sender; and bundle the message, encrypted digest, and public key together to sign the document. Create a message; encrypt the message with a MD5 hash; and send the bundle with a public key. Create a SHA-1 hash; encrypt the hash with the private key of the sender; and bundle the message, encrypted hash, and public key together to signed document. Explanation: In order to create a digital signature, the following steps must be taken: 1. The message and message digest are created. 2. The digest and private key are encrypted. 3. The message, encrypted message digest, and public key are bundled to create the signed document. 7. What is a strength of using a hashing function? It is a one-way function and not reversible. Two different files can be created that have the same output. It has a variable length output. It is not commonly used in security. It can take only a fixed length message. Explanation: Understanding the properties of a hash function shows its applicability such as one-way function, arbitrary input length, and fixed output. 8. What are three type of attacks that are preventable through the use of salting? (Choose three.) rainbow tables social engineering lookup tables guessing phishing reverse lookup tables shoulder surfing Explanation: Salting makes precomputed tables ineffective because of the random string that is used. 9. A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use? HMAC SHA256 ISAKMP MD5 Explanation: HMAC provides the additional feature of a secret key to ensure integrity and authentication. AD 10. A user downloads an updated driver for a video card from a website. A warning message pops up saying the driver is not approved. What does this piece of software lack? digital signature valid ID source code code recognition Explanation: Code signing is a method of verifying code integrity 11. What is the purpose of CSPRNG? to secure a web site to generate salt to process hash lookups to prevent a computer from being a zombie Explanation: Salting prevents someone from using a dictionary attack to guess a password. Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) is one way (and the best way) to generate salt. 12. A recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website? poor input validation weak encryption bad usernames lack of operating system patching Explanation: The ability to pass malformed data through a website is a form of poor input validation. 13. What are three validation criteria used for a validation rule? (Choose three.) encryption size range key type format Explanation: Criteria used in a validation rule include format, consistency, range, and check digit. AD 14. A user is instructed by a boss to find a better method to secure passwords in transit. The user has researched several means to do so and has settled on using HMAC. What are the key elements needed to implement HMAC? symmetric key and asymmetric key message digest and asymmetric key IPsec and checksum secret key and message digest Explanation: HMAC implementation is a secret key added to a hash. 15. Which method tries all possible passwords until a match is found? rainbow tables cryptographic cloud birthday brute force dictionary Explanation: Two common methods of cracking hashes are dictionary and brute force. Given time, the brute force method will always crack a password. 16. What is the standard for a public key infrastructure to manage digital certificates? 503 PKI 509 NIST-SP800 Explanation: The x.509 standard is for a PKI infrastructure and x.500 if for directory structures. 17. A user is evaluating the security infrastructure of a company and notices that some authentication systems are not using best practices when it comes to storing passwords. The user is able to crack passwords very fast and access sensitive data. The user wants to present a recommendation to the company on the proper implementation of salting to avoid password cracking techniques. What are three best practices in implementing salting? (Choose three.) A salt should not be reused. A salt must be unique. The same salt should be used for each password. A salt should be unique for each password. Salts are not an effective best practice. Salts should be short. Explanation: Salting needs to be unique and not reused. Doing the opposite will cause passwords to be cracked easily. AD 18. A user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing? domain integrity entity integrity anomaly integrity referential integrity Explanation: There are three major database integrity requirements: entity, referential, and domain integrity. 19. An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court? The investigator found a USB drive and was able to make a copy of it. An exact copy cannot be made of a device. The data is all there. The data in the image is an exact copy and nothing has been altered by the process. Explanation: A hash function ensures the integrity of a program, file, or device. 20. A user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username and password and the user is able to log in. What is the danger in proceeding with this transaction? The certificate from the site has expired, but is still secure. The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear. Ad blocker software is preventing the security bar from working properly, and thus there is no danger with the transaction. The user is using the wrong browser to perform the transaction. Explanation: The lock in the browser window ensures a secure connection is being established and is not blocked by browser add-ons. Chapter 6 1. A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed? exposure factor hardware quantitative qualitative Explanation: Physical items can be assigned a value for quantitative analysis. AD 2. A user is evaluating the network infrastructure of a company. The user noted many redundant systems and devices in place, but no overall evaluation of the network. In a report, the user emphasized the methods and configurations needed as a whole to make the network fault tolerant. What is the type of design the user is stressing? comprehensive spanning tree resilient availability Explanation: In order to deploy a resilient design, it is critical to understand the needs of a business and then incorporate redundancy to address those needs. 3. A user has completed a six month project to identify all data locations and catalog the location. The next step is to classify the data and produce some criteria on data sensitivity. Which two steps can the user take to classify the data? (Choose two.) Treat all the data the same. Determine how often data is backed up. Determine the user of the data. Establish the owner of the data. Identify sensitivity of the data. Determine permissions for the data. Explanation: Categorizing data is a process of determining first who owns the data then determining the sensitivity of the data. 4. A user needs to add redundancy to the routers in a company. What are the three options the user can use? (Choose three.) VRRP IPFIX STP RAID HSRP GLBP Explanation: Three protocols that provide default gateway redundancy include VRRP, GLBP, and HSRP. 5. A user is asked to evaluate the data center to improve availability for customers. The user notices that there is only one ISP connection, some of the equipment is out of warranty, there are no spare parts, and no one was monitoring the UPS which was tripped twice in one month. Which three deficiencies in high availability has the user identified? (Choose three.) single points of failure failure to detect errors as they occur failure to prevent security incidents failure to protect against poor maintenance failure to design for reliability failure to identify management issues Explanation: A data center needs to be designed from the outset for high availability with no single points of failure. AD 6. A company is concerned with traffic that flows through the network. There is a concern that there may be malware that exists that is not being blocked or eradicated by antivirus. What technology can be put in place to detect potential malware traffic on the network? NAC IPS IDS firewall Explanation: A passive system that can analyze traffic is needed to detect malware on the network and send alerts. 7. A user is a consultant who is hired to prepare a report to Congress as to which industries should be required to maintain five nine availability. Which three industries should the user include in a report? (Choose three.) finance food service healthcare education retail public safety Explanation: Industries that are critical to everyday life like financial, healthcare, and public safety should have systems that are available 99.999% of the time (the five nines principle). 8. A security breach has happened at a major corporation. The incident team has responded and executed their incident response plan. During which phase are lessons learned applied? analyze recovery detection post-incident preparation containment Explanation: One of the key aspects of an incident response plan is to look at how monitoring can be improved and management can help minimize the impact on business. This usually occurs after the incident has been handled. 9. A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing? layered attack based structured risk based Explanation: Using different defenses at various points of the network creates a layered approach. AD 10. The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing? avoidance mitigation transference reduction Explanation: Buying insurance transfers the risk to a third party. 11. A user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement? 0 1+0 1 5 Explanation: RAID 5 striping with parity would be the best choice. 12. A team has been asked to create an incident response plan for security incidents. In what phase of an incident response plan does the team get management approval of the plan? containment preparation post-incident recovery analysis detection Explanation: When creating an incident plan for an organization, the team will require management buy-in of the plan during the initial planning phase. 13. A user was hired as the new security officer. One of the first projects was to take inventory of the company assets and create a comprehensive database. Which three pieces of information would the user want to capture in an asset database? (Choose three.) users hardware network devices groups workstations passwords operating systems Explanation: Assets include all hardware devices and their operating systems. AD 14. A user is asked to create a disaster recovery plan for a company. The user needs to have a few questions answered by management to proceed. Which three questions should the user ask management as part of the process of creating the plan? (Choose three.) Who is responsible for the process What is the process? Does the process require approval? How long does the process take? Where does the individual perform the process? Can the individual perform the process? Explanation: Disaster recovery plans are made based on the criticality of a service or process. Answers to questions of who, what, where, and why are necessary for a plan to be successful. 15. A user is asked to evaluate the security posture of a company. The user looks at past attempts to break into the company and evaluates the threats and exposures to create a report. Which type of risk analysis could the user perform? subjective opinion qualitative objective Explanation: Two approaches to risk analysis are quantitative and qualitative. Qualitative analysis is based on opinions and scenarios. 16. A user is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. The user wants to offer a better solution to provide fault tolerance during a drive failure. Which solution is best? offsite backup RAID UPS tape backup Explanation: Fault tolerance is addressing a single point of failure, in this case the hard drives. 17. A user was hired by a company to provide a highly available network infrastructure. The user wants to build redundancy into the network in case of a switch failure, but wants to prevent Layer 2 looping. What would the user implement in the network? VRRP GLBP HSRP Spanning Tree Protocol Explanation: Loops and duplicate frames cause poor performance in a switched network. The Spanning Tree Protocol (STP) provides a loop-free path through the switch network. Chapter 7 Chapter 7: Protecting a Cybersecurity Domain 1. The company has many users who telecommute. A solution needs to be found so a secure communication channel can be established between the remote location of users and the company. What is a good solution for this situation? VPN T1 modem fiber PPP Explanation: When a VPN is used, a user can be at any remote location such as home or a hotel. The VPN solution is flexible in that public lines can be used to securely connect to a company. AD 2. Why should WEP not be used in wireless networks today? its age its lack of encryption easily crackable its use of clear text passwords its lack of support Explanation: Despite improvements, WEP is still vulnerable to various security issues including the ability to be cracked. 3. A user makes a request to implement a patch management service for a company. As part of the requisition the user needs to provide justification for the request. What three reasons can the user use to justify the request? (Choose three.) the likelihood of storage savings the ability to obtain reports on systems the need for systems be directly connected to the Internet no opportunities for users to circumvent updates the ability of users to select updates the ability to control when updates occur Explanation: A patch management service can provide greater control over the update process by an administrator. It eliminates the need for user intervention. 4. A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation? user error rogue access point weak password password policy user laptop Explanation: Man-in-the-middle attacks are a threat that results in lost credentials and data. These type of attacks can occur for different reasons including traffic sniffing. 5. The manager of a department suspects someone is trying to break into computers at night. You are asked to find out if this is the case. What logging would you enable? audit syslog operating system Windows Explanation: Audit logs can track user authentication attempts on workstations and can reveal if any attempts at break-in were made. AD 6. The manager of desktop support wants to minimize downtime for workstations that crash or have other software-related issues. What are three advantages of using disk cloning? (Choose three.) easier to deploy new computers within the organization can provide a full system backup ensures system compatibility ensures a clean imaged machine cuts down on number of staff needed creates greater diversity Explanation: Disk cloning can be an efficient way to maintain a baseline for workstations and servers. It is not a cost cutting method. 7. An intern has started working in the support group. One duty is to set local policy for passwords on the workstations. What tool would be best to use? password policy secpol.msc account policy system administration msc Explanation: Local policies are not group policies and only work on the local machine. Local policies can, however, be overridden if the machine is part of a Windows domain. 8. What is the difference between an HIDS and a firewall? A firewall allows and denies traffic based on rules and an HIDS monitors network traffic. An HIDS works like an IPS, whereas a firewall just monitors traffic. A firewall performs packet filtering and therefore is limited in effectiveness, whereas an HIDS blocks intrusions. An HIDS blocks intrusions, whereas a firewall filters them. An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems. Explanation: In order to monitor local activity an HIDS should be implemented. Network activity monitors are concerned with traffic and not operating system activity. 9. A user is asked to analyze the current state of a computer operating system. What should the user compare the current operating system against to identify potential vulnerabilities? a whitelist a pentest a vulnerability scan a blacklist a baseline Explanation: A baseline allows a user to perform a comparison of how a system is performing. The user can then compare the result to baseline expectations. This process allows the user to identify potential vulnerabilities. AD 10. After a security audit for an organization, multiple accounts were found to have privileged access to systems and devices. Which three best practices for securing privileged accounts should be included in the audit report? (Choose three.) Secure password storage. Enforce the principle of least privilege. Only the CIO should have privileged access. No one should have privileged access. Only managers should have privileged access. Reduce the number of privileged accounts. Explanation: Best practices entail giving the user only what is needed to do the job. Any additional privileges should be tracked and audited. 11. A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.) Patches can be written quickly. Administrators can approve or deny patches. Patches can be chosen by the user. Updates cannot be circumvented. Computers require a connection to the Internet to receive patches. Updates can be forced on systems immediately. Explanation: A centralized patch management system can speed up deployment of patches and automate the process. Other good reasons to using an automated patch update service include the following: Administrators control the update process. Reports are generated. Updates are provided from a local server. Users cannot circumvent the update process. 12. A user calls the help desk complaining that an application was installed on the computer and the application cannot connect to the Internet. There are no antivirus warnings and the user can browse the Internet. What is the most likely cause of the problem? permissions corrupt application need for a system reboot computer firewall Explanation: When troubleshooting a user problem, look for some common issues that would prevent a user from performing a function. 13. Companies may have different operation centers that handle different issues with the IT operations. If an issue is related to network infrastructure, what operation center would be responsible? HVAC NOC SOC HR Explanation: Operation centers support different areas of the operation including the network and security. Each one focuses on particular parts of the IT structure. The center that supports security would be the SOC. AD 14. Why is WPA2 better than WPA? reduced keyspace reduced processing time supports TKIP mandatory use of AES algorithms Explanation: A good way to remember wireless security standards is to consider how they evolved from WEP to WPA, then to WPA2. Each evolution increased security measures. 15. A company wants to implement biometric access to its data center. The company is concerned with people being able to circumvent the system by being falsely accepted as legitimate users. What type of error is false acceptance? Type I TypeII false rejection CER Explanation: There are two types of errors that biometrics can have: false acceptance and false rejection. False acceptance is a Type II error. The two types can intersect at a point called the crossover error rate. 16. An administrator of a small data center wants a flexible, secure method of remotely connecting to servers.Which protocol would be best to use? Remote Desktop Telnet Secure Copy Secure Shell Explanation: Because hackers sniffing traffic can read clear text passwords, any connection needs to be encrypted. Additionally, a solution should not be operating system-dependent. 17. Which service will resolve a specific web address into an IP address of the destination web server? DHCP ICMP DNS NTP Explanation: DNS resolves a website address to the actual IP address of that destination. AD 18. Which three items are malware? (Choose three.) virus attachments keylogger email Trojan horse Apt Explanation: Email could be used to deliver malware, but email by itself is not malware. Apt is used to install or remove software within a Linux operating system. Attachments could contain malware, but not always. 19. A new PC is taken out of the box, started up and connected to the Internet. Patches were downloaded and installed. Antivirus was updated. In order to further harden the operating system what can be done? Turn off the firewall. Install a hardware firewall. Give the computer a nonroutable address. Remove the administrator account. Disconnect the computer from the network. Remove unnecessary programs and services. Explanation: When hardening an operating system, patching and antivirus are part of the process. Many extra components are added by the manufacturer that are not necessarily needed. 20. The CIO wants to secure data on company laptops by implementing file encryption. The technician determines the best method is to encrypt each hard drive using Windows BitLocker. Which two things are needed to implement this solution? (Choose two.) password management EFS backup at least two volumes USB stick TPM Explanation: Windows provides a method to encrypt files, folders, or entire hard drives depending on need. However, certain BIOS settings and configurations are necessary to implement encryption on an entire hard disk. 21. What are three types of power issues that a technician should be concerned about? (Choose three.) flicker fuzzing brownout blackout spark spike Explanation: Power issues include increases, decreases, or sudden changes in power and include the following: Spike Surge Fault Blackout Sag/dip Brownout Inrush Current Chapter 8 1. If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to? SOX ECPA CFAA GLBA Explanation: The Computer Fraud and Abuse Act (CFAA) provides the foundation for US laws criminalizing unauthorized access to computer systems. AD 2. Unauthorized visitors have entered a company office and are walking around the building. What two measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.) Lock cabinets. Conduct security awareness training regularly. Prohibit exiting the building during working hours. Establish policies and procedures for guests visiting the building. Explanation: Any unauthorized individual that accesses a facility may pose a potential threat. Common measures to increase physical security include the following: Implement access control and closed-circuit TV (CCTV) coverage at all entrances. Establish policies and procedures for guests visiting the facility. Test building security using physical means to covertly gain access. Implement badge encryption for entry access. Conduct security awareness training regularly. Implement an asset tagging system. 3. An auditor is asked to assess the LAN of a company for potential threats. What are three potential threats the auditor may point out? (Choose three.) unlocked access to network equipment a misconfigured firewall the acceptable use policy unauthorized port scanning and network probing complex passwords locked systems Explanation: The LAN can have many endpoint devices connected. Analyzing both the network devices and the endpoints connected is important in determining threats. 4. A company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage the user threats. What three things might be put in place to manage the threats? (Choose three.) Provide security awareness training. Disable CD and USB access. Implement disciplinary action. Monitor all activity by the users. Change to thin clients. Use content filtering. Explanation: Users may be unaware of their actions if not educated in the reasons why their actions can cause a problem with the computer. By implementing several technical and nontechnical practices, the threat can be reduced. 5. As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information? PCI FIRPA SOX GLBA Explanation: The Gramm-Leach-Bliley Act (GLBA) includes privacy provisions for individuals and provides opt-out methods to restrict information sharing with third-party firms. AD 6. What can be used to rate threats by an impact score to emphasize important vulnerabilities? ACSC ISC NVD CERT Explanation: The National Vulnerability Database (NVD) is used to assess the impact of vulnerabilities and can assist an organization in ranking the severity of vulnerabilities found within a network. 7. A breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection? SOX ECPA GLBA PCI DSS Explanation: The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data as merchants and banks exchange transactions. 8. Why is Kali Linux a popular choice in testing the network security of an organization? It can be used to test weaknesses by using only malicious software. It can be used to intercept and log network traffic. It is an open source Linux security distribution and contains over 300 tools. It is a network scanning tool that prioritizes security risks. Explanation: Kali is an open source Linux security distribution that is commonly used by IT professionals to test the security of networks. 9. A company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software? PaaS RaaS SaaS IaaS Explanation: Software as a service (SaaS) provides access to software that is centrally hosted and accessed by users via a web browser on the cloud. AD 10. A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks? malware pentest packet analyzer vulnerability scanner Explanation: Vulnerability scanners are commonly used to scan for the following vulnerabilities: Use of default passwords or common passwords Missing patches Open ports Misconfiguration of operating systems and software Active IP addresses 11. A consultant is hired to make recommendations on managing device threats in a company. What are three general recommendations that can be made? (Choose three.) Enable automated antivirus scans. Remove content filtering. Enforce strict HR policies. Disable administrative rights for users. Enable media devices. Enable screen lockout. Explanation: Workstations can be hardened by removing unnecessary permissions, automating processes, and turning on security features. 12. What three services does CERT provide? (Choose three.) develop tools, products, and methods to conduct forensic examinations enforce software standards develop tools, products, and methods to analyze vulnerabilities resolve software vulnerabilities develop attack tools create malware tools Explanation: CERT provides multiple services, including: helps to resolve software vulnerabilities develops tools, products, and methods to conduct forensic examinations develops tools, products, and methods to analyze vulnerabilities develops tools, products, and methods to monitor large networks helps organizations determine how effective their security-related practices are 13. What are two items that can be found on the Internet Storm Center website? (Choose two.) current laws InfoSec reports InfoSec job postings historical information Explanation: The Internet Storm Center website has a daily InfoSec blog, InfoSec tools, and news among other InfoSec information. AD 14. An organization has implemented a private cloud infrastructure. The security administrator is asked to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.) Disable firewalls. Hire a consultant. Disable ping, probing, and port scanning. Grant administrative rights. Test inbound and outbound traffic. Update devices with security fixes and patches. Explanation: Organizations can manage threats to the private cloud using the following methods: Disable ping, probing, and port scanning. Implement intrusion detection and prevention systems. Monitor inbound IP traffic anomalies. Update devices with security fixes and patches. Conduct penetration tests post configuration. Test inbound and outbound traffic. Implement a data classification standard. Implement file transfer monitoring and scanning for unknown file type. 15. A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected? HIPPA CIPA FERPA COPPA Explanation: The Family Education Records and Privacy Act (FERPA) prohibits the improper disclosure of personal education records. 16. What are the three broad categories for information security positions? (Choose three.) seekers doers builders creators monitors definers Explanation: Information security positions can be categorized as:: definers builders monitors 17. What are three disclosure exemptions that pertain to the FOIA? (Choose three.) information specifically non-exempt by statue confidential business information public information from financial institutions law enforcement records that implicate one of a set of enumerated concerns non-geological information regarding wells national security and foreign policy information Explanation: The nine Freedom of Information Act (FOIA) exemptions include the following: 1. National security and foreign policy information 2. Internal personnel rules and practices of an agency 3. Information specifically exempted by statute 4. Confidential business information 5. Inter- or intra-agency communication subject to deliberative process, litigation, and other privileges 6. Information that, if disclosed, would constitute a clearly unwarranted invasion of personal privacy 7. Law enforcement records that implicate one of a set of enumerated concerns 8. Agency information from financial institutions 9. Geological and geophysical information concerning wells AD 18. As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions? cloud providers potential gain partnerships laws governing the data potential bonus Explanation: Ethics in the security profession are extremely important because of the sensitivity of the data and assets. Compliance to government and state requirements is needed in order to make good judgments. 19. What are two potential threats to applications? (Choose two.) unauthorized access data loss power interruptions social engineering Explanation: Threats to applications can include the following: Unauthorized access to data centers, computer rooms, and wiring closets Server downtime for maintenance purposes Network operating system software vulnerability Unauthorized access to systems Data loss Downtime of IT systems for an extended period Client/server or web application development vulnerabilities Chapter Final 1. Which statement best describes a motivation of hacktivists? They are trying to show off their hacking skills. They are interested in discovering new exploits. They are curious and learning hacking skills. They are part of a protest group behind a political cause. Explanation: Each type of cybercriminal has a distinct motivation for his or her actions. AD 2. Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information? white hat hackers black hat hackers gray hat hackers script kiddies Explanation: Malware is a tool used by certain types of hackers to steal information. 3. A specialist in the HR department is invited to promote the cybersecurity program in community schools. Which three topics would the specialist emphasize in the presentation to draw students to this field? (Choose three.) a career-field in high-demand service to the public high earning potential a job with routine, day-to-day tasks a field requiring a PhD degree the CompTIA A+ certification provides an adequate knowledge base for the field Explanation: The increased demand for cybersecurity specialists offers several unique career opportunities. 4. An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted? SHS VLANS RAID VPN Explanation: Protecting data confidentiality requires an understanding of the technologies used to protect data in all three data states. 5. Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus? wireless networks wired networks sneaker net virtual networks Explanation: A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data. AD 6. A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan? confidentiality, integrity, and availability technologies, policies, and awareness secrecy, identify, and nonrepudiation encryption, authentication, and identification Explanation: The CIA Triad is the foundation upon which all information management systems are developed. 7. Which framework should be recommended for establishing a comprehensive information security management system in an organization? ISO/IEC 27000 ISO OSI model NIST/NICE framework CIA Triad Explanation: A cybersecurity specialist needs to be familiar with the different frameworks and models for managing information security. 8. What are three states of data during which data is vulnerable? (Choose three.) data in-process stored data data in-transit data encrypted purged data data decrypted Explanation: A cybersecurity specialist must be aware of each of the three states of data to effectively protect data and information. Purged data was stored data. Encrypted and decrypted data can be in any of the three states. 9. Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced? man-in-the-middle attack ransomeware Trojan horse DoS attack Explanation: In a ransomware attack, the attacker compromises the victum computer and encrypts the hard drive so that data can no longer be accessed by the user. The attacker then demands payment from the user to decrypt the drive. AD 10. What three best practices can help defend against social engineering attacks? (Choose three.) Enable a policy that states that the IT department should supply information over the phone only to managers. Add more security guards. Resist the urge to click on enticing web links. Deploy well-designed firewall appliances. Educate employees regarding policies. Do not provide password resets in a chat window. Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. 11. Which statement describes a distributed denial of service attack? An attacker sends an enormous quantity of data that a server cannot handle. An attacker builds a botnet comprised of zombies. An attacker views network traffic to learn authentication credentials. One computer accepts data packets based on the MAC address of another computer. Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization. 12. A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches? DoS man-in-the-middle packet Injection SQL injection Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization. 13. An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario? urgency intimidation familiarity trusted partners Explanation: Social engineering uses several different tactics to gain information from victims. AD 14. What are the two most effective ways to defend against malware? (Choose two.) Implement network firewalls. Install and update antivirus software. Implement RAID. Update the operating system and other application software. Implement strong passwords. Implement a VPN. Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. 15. The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email? It is a piggy-back attack. It is an impersonation attack. It is a DDoS attack. It is a hoax. Explanation: Social engineering uses several different tactics to gain information from victims. 16. In which situation would a detective control be warranted? when the organization needs to look for prohibited activity after the organization has experienced a breach in order to restore everything back to a normal state when the organization cannot use a guard dog, so it is necessary to consider an alternative when the organization needs to repair damage Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies. 17. An organization has implemented antivirus software. What type of security control did the company implement? recovery control deterrent control detective control compensative control Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. AD 18. Alice and Bob are using public key encryption to exchange a message. Which key should Alice use to encrypt a message to Bob? the private key of Alice the public key of Bob the private key of Bob the public key of Alice Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies. 19. Which statement describes a characteristics of block ciphers? Block ciphers encrypt plaintext one bit at a time to form a block. Block ciphers result in output data that is larger than the input data most of the time. Block ciphers result in compressed output. Block ciphers are faster than stream ciphers. Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies. 20. The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement? user login auditing a set of attributes that describes user access rights observations to be provided to all employees a biometric fingerprint reader Explanation: Access control prevents unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies. 21. Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use? the same pre-shared key he used with Alice the private key of Carol a new pre-shared key the public key of Bob Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies. AD 22. Which access control strategy allows an object owner to determine whether to allow access to the object? RBAC DAC MAC ACL Explanation: Access control prevents unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies. 23. Which method is used by steganography to hide text in an image file? data obfuscation data masking least significant bit most significant bit Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies. 24. The X.509 standards defines which security technology? digital certificates biometrics strong passwords security tokens Explanation: Digital certificates protect the parties involved in a secure communication 25. Which hashing algorithm is recommended for the protection of sensitive, unclassified information? MD5 AES-256 3DES SHA-256 Explanation: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies used to ensure data integrity. AD 26. Technicians are testing the security of an authentication system that uses passwords. When a technician examines the password tables, the technician discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? (Choose two.) Both systems scramble the passwords before hashing. The systems use different hashing algorithms. One system uses hashing and the other uses hashing and salting. Both systems use MD5. One system uses symmetrical hashing and the other uses asymmetrical hashing. Explanation: Hashing can be used in many different situations to ensure data integrity. 27. You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control? data encryption operations that prevent any unauthorized users from accessing sensitive data a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data data entry controls which only allow entry staff to view current data a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data Explanation: Data integrity deals with data validation. 28. What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website? digital signature salting digital certificate asymmetric encryption Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies. 29. Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions? data hashing asymmetrical encryption symmetrical encryption digital certificates Explanation: Digital certificates protect the parties involved in secure communications. AD 30. Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice? public key from Bob private key from Alice username and password from Alice private key from Bob Explanation: Alice and Bob are used to explain asymmetric cryptography used in digital signatures. Alice uses a private key to encrypt the message digest. The message, encrypted message digest, and the public key are used to create the signed document and prepare it for transmission. 31. An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three) rainbow tables lookup tables algorithm tables password digest rouge access points reverse lookup tables Explanation: Tables that contain possible password combinations are used to crack passwords. 32. An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended? asset classification asset identification asset availability asset standardization Explanation: One of the most important steps in risk management is asset classification. 33. An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve? stronger encryption systems improving reliability and uptime of the servers remote access to thousands of external users limiting access to the data on these systems Explanation: System and data availability is a critical responsibility of a cybersecurity specialists. It is important to understand the technologies, process, and controls used to provide high availability. AD 34. Being able to maintain availability during disruptive events describes which of the principles of high availability? single point of failure system resiliency fault tolerance uninterruptible services Explanation: High availability can be achieved by eliminating or reducing single points of failure, by implementing system resiliency, and by designing for fault tolerance. 35. Which risk mitigation strategies include outsourcing services and purchasing insurance? avoidance transfer reduction acceptance Explanation: Risk mitigation lessens the exposure of an organization to threats and vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce risk. 36. The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities? CVE national database NIST/NICE framework ISO/IEC 27000 model Infragard Explanation: A cybersecurity specialist needs to be familiar with the resources such as the CVE database, Infragard, and the NIST/NISE framework. All can be used to help plan and implement effective an information security management system. 37. Which technology would you implement to provide high availability for data storage? N+1 software updates RAID hot standby Explanation: System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to provide redundancy. AD 38. Which two values are required to calculate annual loss expectancy? (Choose two.) annual rate of occurrence asset value frequency factor exposure factor single loss expectancy quantitative loss value Explanation: Single loss expectancy, annualized rate of occurrence, and annualized loss expectancy are used in a quantitative risk analysis 39. What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications? asset availability asset identification asset classification asset standardization Explanation: An organization needs to know what hardware and software are present as a prerequisite to knowing what the configuration parameters need to be. Asset management includes a complete inventory of hardware and software. Asset standards identify specific hardware and software products that the organization uses and supports. When a failure occurs, prompt action helps to maintain both access and security. 40. There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive? department stores at the local mall the front office of a major league sports team the U.S. Department of Education the New York Stock Exchange Explanation: System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability. 41. Which technology can be used to protect VoIP against eavesdropping? ARP encrypted voice messages strong authentication SSH Explanation: Many advanced technologies such as VoIP, streaming video, and electronic conferencing require advanced countermeasures. 42. Mutual authentication can prevent which type of attack? wireless poisoning wireless IP spoofing wireless sniffing man-in-the-middle Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. 43. Which of the following products or technologies would you use to establish a baseline for an operating system? SANS Baselining System (SBS) Microsoft Security Baseline Analyzer MS Baseliner CVE Baseline Analyzer Explanation: There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization. 44. What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain? Active Directory Security tool Computer Management Local Security Policy tool Event Viewer security log Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. Local Security Policy, Event Viewer, and Computer Management are Windows utilities that are all used in the security equation. 45. What describes the protection provided by a fence that is 1 meter in height? It deters casual trespassers only. It prevents casual trespassers because of its height. The fence deters determined intruders. It offers limited delay to a determined intruder. Explanation: Security standards have been developed to assist organizations in implementing the proper controls to mitigate potential threats. The height of a fence determines the level of protection from intruders 46. Which wireless standard made AES and CCM mandatory? WPA2 WEP WEP2 WPA Explanation: Wireless security depends on several industry standards and has progressed from WEP to WPA and finally WPA2. 47. Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.) WEP WPA2 WPA 802.11q 802.11i TKIP Explanation: Various protocols can be used to provide secure communication systems. AES is the strongest encryption algorithm. 48. Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems? Internet Storm Center The Advanced Cyber Security Center The National Vulnerability Database website CERT Explanation: There are several cybersecurity information websites that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization. Some of these websites are the National Vulnerability Database, CERT, the Internet Storm Center, and the Advanced Cyber Security Center. 49. Which law was enacted to prevent corporate accounting-related crimes? The Federal Information Security Management Act Gramm-Leach-Bliley Act Import/Export Encryption Act Sarbanes-Oxley Act Explanation: New laws and regulations have come about to protect organizations, citizens, and nations from cybersecurity attacks. 50. Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses? packet analyzers vulnerability scanners packet sniffers password crackers Explanation: There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization. 51. A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with? black hat hackers gray hat hackers script kiddies white hat hackers Explanation: Hackers are classified by colors to help define the purpose of their break- in activities. 52. What is an example of early warning systems that can be used to thwart cybercriminals? Infragard ISO/IEC 27000 program Honeynet project CVE database Explanation: Early warning systems help identify attacks and can be used by cybersecurity specialists to protect systems. 53. Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network? SAN VPN NAC NAS Explanation: A cybersecurity specialist must be aware of the technologies available to enforce its organization’s security policy. 54. Which data state is maintained in NAS and SAN services? stored data data in-transit encrypted data data in-process Explanation: A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data. 55. Which technology can be used to ensure data confidentiality? hashing identity management encryption RAID Explanation: A cybersecurity specialist must be aware of the technologies available which support the CIA triad. 56. What is an impersonation attack that takes advantage of a trusted relationship between two systems? man-in-the-middle spoofing spamming sniffing Explanation: In spoofing attacks, hackers can disguise their devices by using a valid address from the network and therefore bypass authentication processes. MAC addresses and IP addresses can be spoofed and can also be used to spoof ARP relationships. 57. Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network? virus worm spam phishing Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization. 58. What type of application attack occurs when data goes beyond the memory areas allocated to the application? buffer overflow RAM Injection SQL injection RAM spoofing Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization. 59. What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic? sniffing spoofing phishing spamming Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization. 60. A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised? Look for policy changes in Event Viewer. Scan the systems for viruses. Look for unauthorized accounts. Look for usernames that do not have passwords. Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization. 61. Smart cards and biometrics are considered to be what type of access control? administrative technological logical physical Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies. 62. Which access control should the IT department use to restore a system back to its normal state? compensative preventive corrective detective Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies. 63. A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement? 3DES ECC RSA Diffie-Hellman Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies. 64. What happens as the key length increases in an encryption application? Keyspace increases proportionally. Keyspace decreases exponentially. Keyspace decreases proportionally. Keyspace increases exponentially. Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies. 65. You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals? 800-900-4560, 4040-2020-8978-0090, 01/21/2013 male, $25.25, veteran female, 9866, $125.50 yes/no 345-60-8745, TRF562 Explanation: A string is a group of letters, numbers and special characters. An integer is whole number. A decimal is a number that is not a fraction. 66. Which hashing technology requires keys to be exchanged? salting AES HMAC MD5 Explanation: The difference between HMAC and hashing is the use of keys. 67. What is a feature of a cryptographic hash function? Hashing requires a public and a private key. The hash function is a one-way mathematical function. The output has a variable length. The hash input can be calculated given the output value. Explanation: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies used ensure data integrity. 68. A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking? salting HMAC CRC password Explanation: HMAC is an algorithm used to authenticate. The sender and receiver have a secret key that is used along with the data to ensure the message origin as well as the authenticity of the data. 69. Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent? quantitative analysis exposure factor analysis loss analysis qualitative analysis Explanation: A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization. 70. Keeping data backups offsite is an example of which type of disaster recovery control? management preventive detective corrective Explanation: A disaster recovery plan enables an organization to prepare for potential disasters and minimize the resulting downtime. 71. What are two incident response phases? (Choose two.) detection and analysis confidentiality and eradication prevention and containment mitigation and acceptance containment and recovery risk analysis and high availability Explanation: When an incident occurs, the organization must know how to respond. An organization needs to develop an incident response plan that includes several phases. 72. The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy? quantitative analysis qualitative analysis loss analysis protection analysis Explanation: A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization. 73. What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks? obscurity limiting layering diversity Expla