Last Updated on June 14, 2021 by Admin

Modules 21 – 23: Cryptography and Endpoint Protection Group Exam Answers Full 100% 2021

  1. Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?

    • network admission control
    • website filtering and blacklisting
    • network profiling
    • threat intelligence
      Answers Explanation & Hints:

      Cisco AMP uses threat intelligence along with known file signatures to identify and block policy-violating file types and exploitations.

  2. What does the telemetry function provide in host-based security software?

    • It enables host-based security programs to have comprehensive logging functions.
    • It enables updates of malware signatures.
    • It blocks the passage of zero-day attacks.
    • It updates the heuristic antivirus signature database.
      Answers Explanation & Hints:

      The telemetry function allows for robust logging functionality that is essential to cybersecurity operations. Some host-based security programs will submit logs to a central location for analysis.

  3. What is the difference between an HIDS and a firewall?

    • An HIDS blocks intrusions, whereas a firewall filters them.
    • A firewall allows and denies traffic based on rules and an HIDS monitors network traffic.
    • An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.
    • A firewall performs packet filtering and therefore is limited in effectiveness, whereas an HIDS blocks intrusions.
    • An HIDS works like an IPS, whereas a firewall just monitors traffic.
      Answers Explanation & Hints:

      In order to monitor local activity an HIDS should be implemented. Network activity monitors are concerned with traffic and not operating system activity.

  4. Which statement describes the term iptables?

    • It is a DNS daemon in Linux.
    • It is a DHCP application in Windows.
    • It is a rule-based firewall application in Linux.
    • It is a file used by a DHCP server to store current active IP addresses.
      Answers Explanation & Hints:

      Iptables is an application that allows Linux system administrators to configure network access rules.

  5. Which statement describes the policy-based intrusion detection approach?

    • It compares the operations of a host against well-defined security rules.
    • It compares the signatures of incoming traffic to a known intrusion database.
    • It compares the antimalware definitions to a central repository for the latest updates.
    • It compares the behaviors of a host to an established baseline to identify potential intrusion.
      Answers Explanation & Hints:

      With the anomaly-based intrusion detection approach, a set of rules or policies are applied to a host. Violation of these policies is interpreted to be the result of a potential intrusion.

  6. A security professional is making recommendations to a company for enhancing endpoint security. Which security endpoint technology would be recommended as an agent-based system to protect hosts against malware?

    • baselining
    • blacklisting
    • HIDS
    • IPS
      Answers Explanation & Hints:

      A host-based intrusion detection systems (HIDS) is a comprehensive security application that provides antimalware applications, a firewall, and monitoring and reporting.

  7. What is a feature of distributed firewalls?

    • They all use an open sharing standard platform.
    • They combine the feature of host-based firewalls with centralized management.
    • They use only iptables to configure network rules.
    • They use only TCP wrappers to configure rule-based access control and logging systems.
      Answers Explanation & Hints:

      Distributed firewalls combine features of host-based firewalls with centralized management, which pushes rules to the hosts.

  8. On a Windows host, which tool can be used to create and maintain blacklists and whitelists?

    • Task Manager
    • Group Policy Editor
    • Computer Management
    • Local Users and Groups
      Answers Explanation & Hints:

      In Windows, blacklisting and whitelisting settings can be managed through the Group Policy Editor.

  9. Which statement describes the Cisco Threat Grid Glovebox?

    • It is a firewall appliance.
    • It is a network-based IDS/IPS.
    • It is a sandbox product for analyzing malware behaviors.
    • It is a host-based intrusion detection system (HIDS) solution to fight against malware.
      Answers Explanation & Hints:

      Cisco ThreatGrid Glovebox is a sandbox product for analyzing malware behaviors.

  10. Which technique could be used by security personnel to analyze a suspicious file in a safe environment?

    • baselining
    • blacklisting
    • sandboxing
    • whitelisting
      Answers Explanation & Hints:

      Sandboxing allows suspicious files to be executed and analyzed in a safe environment. There are free public sandboxes that allow for malware samples to be uploaded or submitted and analyzed.

  11. What is blacklisting?

    • This is a network process list to stop a listed process from running on a computer.
    • This is an application list that can dictate which user applications are not permitted to run on a computer.
    • This is a user list to prevent blacklisted users from accessing a computer.
    • This is a Heuristics-based list to prevent a process from running on a computer.
      Answers Explanation & Hints:

      Blacklisting can dictate which user applications are not permitted to run on a computer. Windows Local Group Policy Editor can be used to add entries for blacklisted applications.

  12. An administrator suspects polymorphic malware has successfully entered the network past the HIDS system perimeter. The polymorphic malware is, however, successfully identified and isolated. What must the administrator do to create signatures to prevent the file from entering the network again?

    • Use Cisco AMP to track the trajectory of a file through the network.
    • Execute the polymorphic file in the Cisco Threat Grid Glovebox.
    • Run the Cisco Talos security intelligence service.
    • Run a baseline to establish an accepted amount of risk, and the environmental components that contribute to the risk level of the polymorphic malware.
      Answers Explanation & Hints:

      The isolated polymorphic malware file should be run in a sandbox environment like Cisco Threat Grid Glovebox, and the activities of the file documented by the system. This information can then be used to create signatures to prevent the file from entering the network again.

  13. Which objective of secure communications is achieved by encrypting data?

    • authentication
    • availability
    • confidentiality
    • integrity
      Answers Explanation & Hints:

      When data is encrypted, it is scrambled to keep the data private and confidential so that only authorized recipients can read the message. A hash function is another way of providing confidentiality.

  14. Which type of attack does the use of HMACs protect against?

    • DoS
    • DDoS
    • brute force
    • man-in-the-middle
      Answers Explanation & Hints:

      Because only the sender and receiver know the secret key, only parties that have access to that key can compute the digest of an HMAC function. This defeats man-in-the-middle attacks and provides authentication of where the data originated.​

  15. A company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?

    • data integrity
    • non-repudiation
    • data confidentiality
    • origin authentication
      Answers Explanation & Hints:

      Secure communications consists of four elements: Data confidentiality – guarantees that only authorized users can read the message
      Data integrity – guarantees that the message was not altered
      Origin authentication – guarantees that the message is not a forgery and does actually come from whom it states
      Data nonrepudiation – guarantees that the sender cannot repudiate, or refute, the validity of a message sent

  16. What is the purpose of the DH algorithm?

    • to provide nonrepudiation support
    • to support email data confidentiality
    • to encrypt data traffic after a VPN is established
    • to generate a shared secret between two hosts that have not communicated before
      Answers Explanation & Hints:

      DH is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret, without having communicated before. Asymmetric key systems are extremely slow for any sort of bulk encryption. It is common to encrypt the bulk of the traffic using a symmetric algorithm such as DES, 3DES, or AES, and use the DH algorithm to create keys that will be used by the symmetric encryption algorithm.

  17. What is a difference between symmetric and asymmetric encryption algorithms?

    • Symmetric algorithms are typically hundreds to thousands of times slower than asymmetric algorithms.
    • Symmetric encryption algorithms are used to authenticate secure communications. Asymmetric encryption algorithms are used to repudiate messages.
    • Symmetric encryption algorithms are used to encrypt data. Asymmetric encryption algorithms are used to decrypt data.
    • Symmetric encryption algorithms use pre-shared keys. Asymmetric encryption algorithms use different keys to encrypt and decrypt data.
      Answers Explanation & Hints:

      Asymmetric algorithms can use very long key lengths in order to avoid being hacked. This results in the use of significantly increased resources and time compared to symmetric algorithms.

  18. A company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.)

    • MD5
    • AES
    • 3DES
    • SHA-1
    • HMAC
      Answers Explanation & Hints:

      The task to ensure that only authorized personnel can open a file is data confidentiality, which can be implemented with encryption. AES and 3DES are two encryption algorithms. HMAC can be used for ensuring origin authentication. MD5 and SHA-1 can be used to ensure data integrity.

  19. A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required?

    • authenticity of digitally signed data
    • integrity of digitally signed data
    • nonrepudiation of the transaction
    • confidentiality of the public key
      Answers Explanation & Hints:

      Digital signatures provide three basic security services:Authenticity of digitally signed data – Digital signatures authenticate a source, proving that a certain party has seen and signed the data in question.
      Integrity of digitally signed data – Digital signatures guarantee that the data has not changed from the time it was signed.
      Nonrepudiation of the transaction – The recipient can take the data to a third party, and the third party accepts the digital signature as a proof that this data exchange did take place. The signing party cannot repudiate that it has signed the data.

  20. What is the purpose of a digital certificate?

    • It guarantees that a website has not been hacked.
    • It provides proof that data has a traditional signature attached.
    • It ensures that the person who is gaining access to a network device is authorized.
    • It authenticates a website and establishes a secure connection to exchange confidential data.
      Answers Explanation & Hints:

      Digital signatures commonly use digital certificates that are used to verify the identity of the originator in order to authenticate a vendor website and establish an encrypted connection to exchange confidential data. One such example is when a person logs into a financial institution from a web browser.

  21. What is the purpose for using digital signatures for code signing?

    • to generate a virtual ID
    • to establish an encrypted connection to exchange confidential data with a vendor website
    • to authenticate the identity of the system with a vendor website
    • to verify the integrity of executable files downloaded from a vendor website
      Answers Explanation & Hints:

      Code signing is used to verify the integrity of executable files downloaded from a vendor website. Code signing uses digital certificates to authenticate and verify the identity of a website.

  22. In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?

    • from the root CA only
    • from the root CA or from self-generation
    • from the root CA or another subordinate CA at the same level
    • from the root CA or another subordinate CA at a higher level
    • from the root CA or another subordinate CA anywhere in the tree
      Answers Explanation & Hints:

      In a hierarchical CA topology, CAs can issue certificates to end users and to subordinate CAs, which in turn issue their certificates to end users, other lower level CAs, or both. In this way, a tree of CAs and end users is built in which every CA can issue certificates to lower level CAs and end users. Only the root CA can issue a self-signing certificate in a hierarchical CA topology.

  23. What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?

    • PKI certificates
    • symmetric keys
    • hashing algorithms
    • digital signatures
      Answers Explanation & Hints:

      Digital certificates are used to prove the authenticity and integrity of PKI certificates, but a PKI Certificate Authority is a trusted third-party entity that issues PKI certificates. PKI certificates are public information and are used to provide authenticity, confidentiality, integrity, and nonrepudiation services that can scale to large requirements.

  24. Which two statements correctly describe certificate classes used in the PKI? (Choose two.)

    • A class 0 certificate is for testing purposes.
    • A class 0 certificate is more trusted than a class 1 certificate.
    • The lower the class number, the more trusted the certificate.
    • A class 5 certificate is for users with a focus on verification of email.
    • A class 4 certificate is for online business transactions between companies.
      Answers Explanation & Hints:

      A digital certificate class is identified by a number. The higher the number, the more trusted the certificate. The classes include the following:Class 0 is for testing purposes in which no checks have been performed.
      Class 1 is for individuals with a focus on verification of email.
      Class 2 is for organizations for which proof of identity is required.
      Class 3 is for servers and software signing for which independent verification and checking of identity and authority is done by the issuing certificate authority.
      Class 4 is for online business transactions between companies.
      Class 5 is for private organizations or governmental security.

  25. In network security assessments, which type of test employs software to scan internal networks and Internet facing servers for various types of vulnerabilities?

    • risk analysis
    • penetration testing
    • vulnerability assessment
    • strength of network security testing
      Answers Explanation & Hints:

      In vulnerability assessment, security analysts use software to scan internal networks and Internet facing servers for various types of vulnerabilities. Tools for vulnerability assessment include the open source OpenVAS platform, Microsoft Baseline Security Analyzer, Nessus, Qualys, and Fireeye Mandiant services.

  26. Match the network profile element to the description. (Not all options are used.)

    Modules 21 - 23 Cryptography and Endpoint Protection Group Exam Answers 001
    Modules 21 – 23 Cryptography and Endpoint Protection Group Exam Answers 001
    Answers Explanation & Hints:

    Important elements of a network profile include:

    • Total throughput – the amount of data passing from a given source to a given destination in a given period of time
    • Session duration – the time between the establishment of a data flow and its termination
    • Ports used – a list of TCP or UDP processes that are available to accept data
    • Critical asset address space – the IP addresses or the logical location of essential systems or data
  27. When a server profile for an organization is being established, which element describes the TCP and UDP daemons and ports that are allowed to be open on the server?

    • listening ports
    • service accounts
    • software environment
    • critical asset address space
      Answers Explanation & Hints:

      A server profile will often contain the following: Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server
      User accounts – the parameters defining user access and behavior
      Service accounts – the definitions of the type of service that an application is allowed to run on a server
      Software environment – the tasks, processes, and applications that are permitted to run on the server

  28. A cybersecurity analyst is performing a CVSS assessment on an attack where a web link was sent to several employees. Once clicked, an internal attack was launched. Which CVSS Base Metric Group Exploitability metric is used to document that the user had to click on the link in order for the attack to occur?

    • availability requirement
    • integrity requirement
    • scope
    • user interaction
      Answers Explanation & Hints:

      The CVSS Base Metric Group has the following metrics: attack vector, attack complexity, privileges required, user interaction, and scope. The user interaction metric expresses the presence or absence of the requirement for user interaction in order for an exploit to be successful.

  29. Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.)

    • Impact metrics
    • Exploitability
    • Modified Base
    • Exploit Code Maturity
    • Confidentiality Requirement
      Answers Explanation & Hints:

      The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics, Exploitability and Impact.

  30. In addressing an identified risk, which strategy aims to stop performing the activities that create risk?

    • risk sharing
    • risk retention
    • risk reduction
    • risk avoidance
      Answers Explanation & Hints:

      There are four potential strategies for responding to risks that have been identified: Risk avoidance – Stop performing the activities that create risk.
      Risk reduction – Decrease the risk by taking measures to reduce vulnerability.
      Risk sharing – Shift some of the risk to other parties.
      Risk retention – Accept the risk and its consequences.

  31. In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences?

    • risk sharing
    • risk retention
    • risk reduction
    • risk avoidance
      Answers Explanation & Hints:

      There are four potential strategies for responding to risks that have been identified: Risk avoidance – Stop performing the activities that create risk.
      Risk reduction – Decrease the risk by taking measures to reduce vulnerability.
      Risk sharing – Shift some of the risk to other parties.
      Risk retention – Accept the risk and its consequences.

  32. What is an action that should be taken in the discovery step of the vulnerability management life cycle?

    • assigning business value to assets
    • determining a risk profile
    • developing a network baseline
    • documenting the security plan
      Answers Explanation & Hints:

      During the discovery step of the vulnerability management life cycle, an inventory of all network assets is made. A network baseline is developed, and security vulnerabilities are identified.

  33. Which security management plan specifies a component that involves tracking the location and configuration of networked devices and software across an enterprise?

    • asset management
    • risk management
    • vulnerability management
    • patch management
      Answers Explanation & Hints:

      Asset management involves tracking the location and configuration of networked devices and software across an enterprise.

  34. In what order are the steps in the vulnerability management life cycle conducted?

    • discover, prioritize assets, assess, report, remediate, verify
    • discover, assess, prioritize assets, report, remediate, verify
    • discover, prioritize assets, assess, remediate, report, verify
    • discover, prioritize assets, assess, remediate, verify, report
      Answers Explanation & Hints:

      There are six steps in the vulnerability management life cycle:

      1. Discover
      2. Prioritize assets
      3. Assess
      4. Report
      5. Remediate
      6. Verify
  35. What are the three outcomes of the NIST Cybersecurity Framework identify core function? (Choose three.)

    • asset management
    • risk assessment
    • governance
    • mitigation
    • recovery planning
    • information protection process and procedures
      Answers Explanation & Hints:

      The identify core function is concerned with the development of organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. It involves the following outcomes:

      Asset management
      Business environment
      Governance
      Risk assessment
      Risk management strategy

  36. Match the NIST Cybersecurity Framework core function with the description. (Not all options are used.)

    Modules 21 - 23 Cryptography and Endpoint Protection Group Exam Answers 002
    Modules 21 – 23 Cryptography and Endpoint Protection Group Exam Answers 002

     

5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments