Cybersecurity Essentials 1.13 Final Quiz Answers Full 100% 2023 2024

Cybersecurity Essentials 1.13 Final Quiz Answers Full 100% 2023 2024

This is NetAcad Cisco Cybersecurity Essentials 1.13 Final Quiz Answers Full 100% in 2023 and 2024 verified by experts.

1. What is an example of early warning systems that can be used to thwart cybercriminals?

   • CVE database
   • Infragard
   • ISO/IEC 27000 program
   • Honeynet project
     

     Explanation: Early warning systems help identify attacks and can be used by cybersecurity specialists to protect systems.

2. Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.)

   • They require 24-hour monitoring.
   • They collect sensitive information.
   • They contain personal information.
   • They increase processing requirements.
   • They require more equipment.
   • They make systems more complicated.
     

     Explanation: The types of information collected by these technologies have increased the need for data protection.

3. Which two groups of people are considered internal attackers? (Choose two.)

   • ex-employees
   • amateurs
   • black hat hackers
   • hacktivists
   • trusted partners
     

     Explanation: Threats are classified as being from an internal source or external source. A cybersecurity specialist needs to be aware of the source of various threats.

4. Which methods can be used to implement multifactor authentication?

   • IDS and IPS
   • tokens and hashes
   • VPNs and VLANs
   • passwords and fingerprints
     

     Explanation: A cybersecurity specialist must be aware of the technologies available that support the CIA triad.

5. Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?

   • NAC
   • VPN
   • SAN
   • NAS
     

     Explanation: A cybersecurity specialist must be aware of the technologies available to enforce its organization’s security policy.

6. A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?

   • Implement a firewall.
   • Implement intrusion detection systems.
   • Implement a VLAN.
   • Implement RAID.
     

     Explanation: Protecting data confidentiality requires an understanding of the technologies used to protect data in all three data states.

7. Which technology can be used to ensure data confidentiality?

   • hashing
   • identity management
   • RAID
   • encryption
     

     Explanation: A cybersecurity specialist must be aware of the technologies available which support the CIA triad.

8. An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?

   • VPN
   • VLANS
   • RAID
   • SHS
     

     Explanation: Protecting data confidentiality requires an understanding of the technologies used to protect data in all three data states.

9. What are the two most effective ways to defend against malware? (Choose two.)

   • Implement a VPN.
   • Implement strong passwords.
   • Install and update antivirus software.
   • Implement RAID.
   • Implement network firewalls.
   • Update the operating system and other application software.
     

     Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

10. An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?

    • familiarity
    • intimidation
    • trusted partners
    • urgency
      

      Explanation: Social engineering uses several different tactics to gain information from victims.

11. Which statement describes a distributed denial of service attack?”

    • An attacker sends an enormous quantity of data that a server cannot handle.
    • An attacker views network traffic to learn authentication credentials.
    • An attacker builds a botnet comprised of zombies.
    • One computer accepts data packets based on the MAC address of another computer.
      

      Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

12. What type of attack will make illegitimate websites higher in a web search result list?

    • DNS poisoning
    • browser hijacker
    • spam
    • SEO poisoning
      

      Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

13. What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?

    • man-in-the-middle
    • social engineering
    • pharming
    • ransomeware
      

      Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

14. A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?

    • Look for usernames that do not have passwords.
    • Look for unauthorized accounts.
    • Look for policy changes in Event Viewer.
    • Scan the systems for viruses.
      

      Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

15. Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?

    • DoS attack
    • Trojan horse
    • ransomeware
    • man-in-the-middle attack
      

      Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

16. A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?

    • RSA
    • Diffie-Hellman
    • 3DES
    • ECC
      

      Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

17. What happens as the key length increases in an encryption application?

    • Keyspace decreases exponentially.
    • Keyspace increases exponentially.
    • Keyspace decreases proportionally.
    • Keyspace increases proportionally.
      

      Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

18. Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume?

    • RSA
    • DES
    • AES
    • 3DES
      

      Explanation: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

19. Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?

    • data masking substitution
    • steganography
    • software obfuscation
    • steganalysis
      

      Explanation: Technologies exist to confuse attackers by changing data and using techniques to hide the original data.

20. In which situation would a detective control be warranted?

    • when the organization needs to repair damage
    • after the organization has experienced a breach in order to restore everything back to a normal state
    • when the organization needs to look for prohibited activity
    • when the organization cannot use a guard dog, so it is necessary to consider an alternative
      

      Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

21. An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?

    • administrative
    • technological
    • physical
    • logical
      

      Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

22. An organization has implemented antivirus software. What type of security control did the company implement?

    • deterrent control
    • detective control
    • recovery control
    • compensative control
      

      Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

23. Passwords, passphrases, and PINs are examples of which security term?

    • authorization
    • access
    • authentication
    • identification
      

      Explanation: Authentication methods are used to strengthen access control systems. It is important to understand the available authentication methods.

24. An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three)

    • password digest
    • reverse lookup tables
    • lookup tables
    • rouge access points
    • algorithm tables
    • rainbow tables
      

      Explanation: Tables that contain possible password combinations are used to crack passwords.

25. What technique creates different hashes for the same password?

    • SHA-256
    • HMAC
    • CRC
    • salting
      

      Explanation: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies used to ensure data integrity.

26. Which hashing technology requires keys to be exchanged?

    • HMAC
    • salting
    • MD5
    • AES
      

      Explanation: The difference between HMAC and hashing is the use of keys.

27. You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select?

    • SHA-1
    • AES
    • MD5
    • SHA-256
      

      Explanation: MD5 and SHA are the two most popular hashing algorithms. SHA-256 uses a 256-bit hash, whereas MD5 produces a 128-bit hash value.

28. What kind of integrity does a database have when all its rows have a unique identifier called a primary key?

    • entity integrity
    • referential integrity
    • domain integrity
    • user-defined integrity
      

      Explanation: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies that are used to ensure data integrity.

29. Technicians are testing the security of an authentication system that uses passwords. When a technician examines the password tables, the technician discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? (Choose two.)

    • The systems use different hashing algorithms.
    • Both systems use MD5.
    • Both systems scramble the passwords before hashing.
    • One system uses hashing and the other uses hashing and salting.
    • One system uses symmetrical hashing and the other uses asymmetrical hashing.
      

      Explanation: Hashing can be used in many different situations to ensure data integrity.

30. Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?

    • public key from Bob
    • private key from Alice
    • private key from Bob
    • username and password from Alice
      

      Explanation: Alice and Bob are used to explain asymmetric cryptography used in digital signatures. Alice uses a private key to encrypt the message digest. The message, encrypted message digest, and the public key are used to create the signed document and prepare it for transmission.

31. The X.509 standards defines which security technology?

    • digital certificates
    • security tokens
    • strong passwords
    • biometrics
      

      Explanation: Digital certificates protect the parties involved in a secure communication

32. What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?

    • asset standardization
    • asset identification
    • asset classification
    • asset availability
      

      Explanation: An organization needs to know what hardware and software are present as a prerequisite to knowing what the configuration parameters need to be. Asset management includes a complete inventory of hardware and software. Asset standards identify specific hardware and software products that the organization uses and supports. When a failure occurs, prompt action helps to maintain both access and security.

33. Being able to maintain availability during disruptive events describes which of the principles of high availability?

    • single point of failure
    • system resiliency
    • fault tolerance
    • uninterruptible services
      

      Explanation: High availability can be achieved by eliminating or reducing single points of failure, by implementing system resiliency, and by designing for fault tolerance.

34. An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve?

    • stronger encryption systems
    • remote access to thousands of external users
    • limiting access to the data on these systems
    • improving reliability and uptime of the servers
      

      Explanation: System and data availability is a critical responsibility of a cybersecurity specialists. It is important to understand the technologies, process, and controls used to provide high availability.

35. What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks?

    • layering
    • obscurity
    • diversity
    • limiting
      

      Explanation: Defense in depth utilizes multiple layers of security controls.

36. The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?

    • qualitative analysis
    • loss analysis
    • protection analysis
    • quantitative analysis
      

      Explanation: A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

37. Which two values are required to calculate annual loss expectancy? (Choose two.)

    • asset value
    • exposure factor
    • frequency factor
    • annual rate of occurrence
    • single loss expectancy
    • quantitative loss value
      

      Explanation: Single loss expectancy, annualized rate of occurrence, and annualized loss expectancy are used in a quantitative risk analysis

38. An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?

    • asset identification
    • asset availability
    • asset standardization
    • asset classification
      

      Explanation: One of the most important steps in risk management is asset classification.

39. What approach to availability involves using file permissions?

    • layering
    • simplicity
    • obscurity
    • limiting
      

      Explanation: System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability.

40. What are two incident response phases? (Choose two.)

    • prevention and containment
    • containment and recovery
    • mitigation and acceptance
    • detection and analysis
    • risk analysis and high availability
    • confidentiality and eradication
      

      Explanation: When an incident occurs, the organization must know how to respond. An organization needs to develop an incident response plan that includes several phases.

41. What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?

    • Local Security Policy tool
    • Event Viewer security log
    • Active Directory Security tool
    • Computer Management
      

      Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. Local Security Policy, Event Viewer, and Computer Management are Windows utilities that are all used in the security equation.

42. In a comparison of biometric systems, what is the crossover error rate?

    • rate of false negatives and rate of false positives
    • rate of false positives and rate of acceptability
    • rate of rejection and rate of false negatives
    • rate of acceptability and rate of false negatives
      

      Explanation: In comparing biometric systems, there are several important factors to consider including accuracy, speed or throughput rate, and acceptability to users.

43. What describes the protection provided by a fence that is 1 meter in height?

    • It deters casual trespassers only.
    • The fence deters determined intruders.
    • It offers limited delay to a determined intruder.
    • It prevents casual trespassers because of its height.
      

      Explanation: Security standards have been developed to assist organizations in implementing the proper controls to mitigate potential threats. The height of a fence determines the level of protection from intruders

44. Mutual authentication can prevent which type of attack?

    • wireless poisoning
    • man-in-the-middle
    • wireless sniffing
    • wireless IP spoofing
      

      Explanation: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

45. Which protocol would be used to provide security for employees that access systems remotely from home?

    • SSH
    • WPA
    • Telnet
    • SCP
      

      Explanation: Various application layer protocols are used to for communications between systems. A secure protocol provides a secure channel over an unsecured network.

46. Which technology can be used to protect VoIP against eavesdropping?

    • encrypted voice messages
    • strong authentication
    • SSH
    • ARP
      

      Explanation: Many advanced technologies such as VoIP, streaming video, and electronic conferencing require advanced countermeasures.

47. Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)

    • WPA
    • 802.11q
    • 802.11i
    • TKIP
    • WPA2
    • WEP
      

      Explanation: Various protocols can be used to provide secure communication systems. AES is the strongest encryption algorithm.

48. HVAC, water system, and fire systems fall under which of the cybersecurity domains?

    • network
    • user
    • device
    • physical facilities
      

      Explanation: Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization.

49. Which national resource was developed as a result of a U.S. Executive Order after a ten-month collaborative study involving over 3,000 security professionals?

    • ISO OSI model
    • NIST Framework
    • ISO/IEC 27000
    • the National Vulnerability Database (NVD)
      

      Explanation: There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization.

50. Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses?

    • packet sniffers
    • vulnerability scanners
    • password crackers
    • packet analyzers
      

      Explanation: There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization.

51. What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?

    • digital certificate
    • digital signature
    • salting
    • asymmetric encryption
      

      Explanation and Hint: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

52. Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions?

    • symmetrical encryption
    • data hashing
    • digital certificates
    • asymmetrical encryption
      

      Explanation and Hint: Digital certificates protect the parties involved in secure communications.

53. The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?

    • observations to be provided to all employees
    • a biometric fingerprint reader
    • user login auditing
    • a set of attributes that describes user access rights
      

      Explanation and Hint: Access control prevents unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

54. Which wireless standard made AES and CCM mandatory?

    • WPA2
    • WPA
    • WEP2
    • WEP
      

      Explanation and Hint: Wireless security depends on several industry standards and has progressed from WEP to WPA and finally WPA2.

55. There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive?

    • the U.S. Department of Education
    • the New York Stock Exchange
    • department stores at the local mall
    • the front office of a major league sports team
      

      Explanation and Hint: System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability.

56. The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?

    • It is a piggy-back attack.
    • It is an impersonation attack.
    • It is a DDoS attack.
    • It is a hoax.
      

      Explanation and Hint: Social engineering uses several different tactics to gain information from victims.

57. Which two protocols pose switching threats? (Choose two.)

    • WPA2
    • IP
    • ICMP
    • ARP
    • RIP
    • STP
      

      Explanation and Hint: Network switches are the heart of the modern data communication network. The main threats to network switches are theft, hacking and remote access, and attacks against network protocols.

58. What are three states of data during which data is vulnerable? (Choose three.)

    • data decrypted
    • data in-process
    • purged data
    • stored data
    • data in-transit
    • data encrypted
      

      Explanation and Hint: A cybersecurity specialist must be aware of each of the three states of data to effectively protect data and information. Purged data was stored data. Encrypted and decrypted data can be in any of the three states.

59. A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?

    • HMAC
    • password
    • CRC
    • salting
      

      Explanation and Hint: HMAC is an algorithm used to authenticate. The sender and receiver have a secret key that is used along with the data to ensure the message origin as well as the authenticity of the data.

60. Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?

    • CERT
    • The National Vulnerability Database website
    • The Advanced Cyber Security Center
    • Internet Storm Center
      

      Explanation and Hint: There are several cybersecurity information websites that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization. Some of these websites are the National Vulnerability Database, CERT, the Internet Storm Center, and the Advanced Cyber Security Center.

61. Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?

    • the same pre-shared key he used with Alice
    • the public key of Bob
    • the private key of Carol
    • a new pre-shared key
      

      Explanation and Hint: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

62. Which threat is mitigated through user awareness training and tying security awareness to performance reviews?

    • user-related threats
    • physical threats
    • device-related threats
    • cloud-related threats
      

      Explanation and Hint: Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization. Each domain has various countermeasures available to manage threats.

63. Which utility uses the Internet Control Messaging Protocol (ICMP)?

    • DNS
    • RIP
    • NTP
    • ping
      

      Explanation and Hint: ICMP is used by network devices to send error messages.

64. What three best practices can help defend against social engineering attacks? (Choose three.)

    • Deploy well-designed firewall appliances.
    • Resist the urge to click on enticing web links.
    • Add more security guards.
    • Educate employees regarding policies.
    • Do not provide password resets in a chat window.
    • Enable a policy that states that the IT department should supply information over the phone only to managers.

    • Explanation and Hint: A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

65. Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?

    • qualitative analysis
    • exposure factor analysis
    • loss analysis
    • quantitative analysis
      

      Explanation and Hint: A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

66. Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?

    • white hat hackers
    • gray hat hackers
    • script kiddies
    • black hat hackers
      

      Explanation and Hint: Malware is a tool used by certain types of hackers to steal information.

67. Which risk mitigation strategies include outsourcing services and purchasing insurance?

    • avoidance
    • transfer
    • reduction
    • acceptance
      

      Explanation and Hint: Risk mitigation lessens the exposure of an organization to threats and vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce risk.

68. Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?

    • spam
    • phishing
    • worm
    • virus
      

      Explanation and Hint: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

69. Which technology would you implement to provide high availability for data storage?

    • N+1
    • RAID
    • software updates
    • hot standby
      

      Explanation and Hint: System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to provide redundancy.

70. You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control?

    • a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data
    • a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data
    • data entry controls which only allow entry staff to view current data
    • data encryption operations that prevent any unauthorized users from accessing sensitive data
      

      Explanation and Hint: Data integrity deals with data validation.

71. Smart cards and biometrics are considered to be what type of access control?
    • administrative
    • logical
    • physical
    • technological
      

      Explanation and Hint: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

72. Which statement best describes a motivation of hacktivists?

    • They are part of a protest group behind a political cause.
    • They are curious and learning hacking skills.
    • They are interested in discovering new exploits.
    • They are trying to show off their hacking skills.
      

      Explanation and Hint: Each type of cybercriminal has a distinct motivation for his or her actions.

73. Which access control should the IT department use to restore a system back to its normal state?

    • compensative
    • corrective
    • detective
    • preventive
      

      Explanation and Hint: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

74. What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document?

    • digital certificate
    • HMAC
    • asymmetric encryption
    • digital signature
      

      Explanation and Hint: A digital signature is used to establish authenticity, integrity, and nonrepudiation.

75. A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with?

    • white hat hackers
    • script kiddies
    • gray hat hackers
    • black hat hackers
      

      Explanation and Hint: Hackers are classified by colors to help define the purpose of their break-in activities.

76. Which data state is maintained in NAS and SAN services?

    • stored data
    • data in-transit
    • encrypted data
    • data in-process
      

      Explanation: A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data.

77. A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?

    • secrecy, identify, and nonrepudiation
    • confidentiality, integrity, and availability
    • technologies, policies, and awareness
    • encryption, authentication, and identification
      

      Explanation: The CIA Triad is the foundation upon which all information management systems are developed.

78. What is an impersonation attack that takes advantage of a trusted relationship between two systems?

    • man-in-the-middle
    • spoofing
    • spamming
    • sniffing
      

      Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

79. What type of application attack occurs when data goes beyond the memory areas allocated to the application?

    • buffer overflow
    • RAM Injection
    • SQL injection
    • RAM spoofing
      

      Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

80. What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?

    • sniffing
    • spoofing
    • phishing
    • spamming
      

      Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

81. You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?

    • 800-900-4560, 4040-2020-8978-0090, 01/21/2013
    • male, $25.25, veteran
    • female, 9866, $125.50
    • yes/no 345-60-8745, TRF562
      

      Explanation: A string is a group of letters, numbers and special characters. An integer is whole number.  A decimal is a  number that is not a fraction.

82. What is a feature of a cryptographic hash function?

    • • Hashing requires a public and a private key.
      • The hash function is a one-way mathematical function.
      • The output has a variable length.
    • The hash input can be calculated given the output value.
      

      Explanation: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies used ensure data integrity.

83. Which hashing algorithm is recommended for the protection of sensitive, unclassified information?

    • MD5
    • SHA-256
    • 3DES
    • AES-256
      

      Explanation: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies used ensure data integrity.

84. Keeping data backups offsite is an example of which type of disaster recovery control?

    • management
    • preventive
    • detective
    • corrective
      

      Explanation: A disaster recovery plan enables an organization to prepare for potential disasters and minimize the resulting downtime.

85. Which technology can be implemented as part of an authentication system to verify the identification of employees?

    • SHA-1 hash
    • a virtual fingerprint
    • a Mantrap
    • a smart card reader
      

      Answers Explanation & Hints: A cybersecurity specialist must be aware of the technologies available that support the CIA triad.

86. Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication?

    • packet forgery
    • packet sniffing
    • DNS spoofing
    • rogue Wi-Fi AP
      

      Answers Explanation & Hints: Cybersecurity specialists need to be familiar with the characteristics of various attacks.

87. Which method is used by steganography to hide text in an image file?

    • data obfuscation
    • data masking
    • least significant bit
    • most significant bit
      

      Answers Explanation & Hints: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

88. A specialist in the HR department is invited to promote the cybersecurity program in community schools. Which three topics would the specialist emphasize in the presentation to draw students to this field? (Choose three.)

    • high earning potential
    • service to the public
    • a field requiring a PhD degree
    • the CompTIA A+ certification provides an adequate knowledge base for the field
    • a job with routine, day-to-day tasks
    • a career-field in high-demand
      

      Answers Explanation & Hints: The increased demand for cybersecurity specialists offers several unique career opportunities.

89. Which statement describes a characteristics of block ciphers?

    • Block ciphers result in compressed output.
    • Block ciphers result in output data that is larger than the input data most of the time.
    • Block ciphers are faster than stream ciphers.
    • Block ciphers encrypt plaintext one bit at a time to form a block.
      

      Answers Explanation & Hints: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

90. A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?

    • man-in-the-middle
    • SQL injection
    • packet Injection
    • DoS
      

      Answers Explanation & Hints: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

91. What is the most difficult part of designing a cryptosystem?

    • encryption algorithm
    • reverse engineering
    • key length
    • key management
      

      Answers Explanation & Hints: Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

92. Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?

    • sneaker net
    • wired networks
    • virtual networks
    • wireless networks
      

      Answers Explanation & Hints: A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data.

93. Which law was enacted to prevent corporate accounting-related crimes?

    • The Federal Information Security Management Act
    • Import/Export Encryption Act
    • Sarbanes-Oxley Act
    • Gramm-Leach-Bliley Act
      

      Answers Explanation & Hints: New laws and regulations have come about to protect organizations, citizens, and nations from cybersecurity attacks.

94. The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities?

    • NIST/NICE framework
    • Infragard
    • ISO/IEC 27000 model
    • CVE national database
      

      Answers Explanation & Hints: A cybersecurity specialist needs to be familiar with the resources such as the CVE database, Infragard, and the NIST/NISE framework. All can be used to help plan and implement effective an information security management system.