Last Updated on June 14, 2021 by Admin

Cybersecurity Essentials 1.12 Final Exam Answers 2021

  1. Which statement describes a characteristics of block ciphers?

    • Block ciphers result in compressed output.
    • Block ciphers result in output data that is larger than the input data most of the time.
    • Block ciphers are faster than stream ciphers.
    • Block ciphers encrypt plaintext one bit at a time to form a block.
      Answers Explanation & Hints:

      Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

  2. What type of application attack occurs when data goes beyond the memory areas allocated to the application?

    • RAM spoofing
    • SQL injection
    • buffer overflow
    • RAM Injection
      Answers Explanation & Hints:

      A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

  3. Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?

    • The National Vulnerability Database website
    • CERT
    • The Advanced Cyber Security Center
    • Internet Storm Center
      Answers Explanation & Hints:

      There are several cybersecurity information websites that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization. Some of these websites are the National Vulnerability Database, CERT, the Internet Storm Center, and the Advanced Cyber Security Center.

  4. Which two values are required to calculate annual loss expectancy? (Choose two.)

    • exposure factor
    • quantitative loss value
    • annual rate of occurrence
    • single loss expectancy
    • frequency factor
    • asset value
      Answers Explanation & Hints:

      Single loss expectancy, annualized rate of occurrence, and annualized loss expectancy are used in a quantitative risk analysis

  5. A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?

    • man-in-the-middle
    • SQL injection
    • packet Injection
    • DoS
      Answers Explanation & Hints:

      A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

  6. Mutual authentication can prevent which type of attack?

    • wireless sniffing
    • man-in-the-middle
    • wireless IP spoofing
    • wireless poisoning
      Answers Explanation & Hints:

      A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.

  7. A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?

    • 3DES
    • ECC
    • RSA
    • Diffie-Hellman
      Answers Explanation & Hints:

      Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

  8. What are two incident response phases? (Choose two.)

    • containment and recovery
    • mitigation and acceptance
    • detection and analysis
    • prevention and containment
    • risk analysis and high availability
    • confidentiality and eradication
      Answers Explanation & Hints:

      When an incident occurs, the organization must know how to respond. An organization needs to develop an incident response plan that includes several phases.

  9. Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses?

    • vulnerability scanners
    • password crackers
    • packet analyzers
    • packet sniffers
      Answers Explanation & Hints:

      There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization.

  10. What happens as the key length increases in an encryption application?

    • Keyspace decreases proportionally.
    • Keyspace increases exponentially.
    • Keyspace decreases exponentially.
    • Keyspace increases proportionally.
      Answers Explanation & Hints:

      Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

  11. Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?

    • exposure factor analysis
    • quantitative analysis
    • qualitative analysis
    • loss analysis
      Answers Explanation & Hints:

      A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

  12. An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?

    • asset classification
    • asset availability
    • asset identification
    • asset standardization
      Answers Explanation & Hints:

      One of the most important steps in risk management is asset classification.

  13. An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three)

    • password digest
    • reverse lookup tables
    • rouge access points
    • lookup tables
    • rainbow tables
    • algorithm tables
      Answers Explanation & Hints:

      Tables that contain possible password combinations are used to crack passwords.

  14. What is an impersonation attack that takes advantage of a trusted relationship between two systems?

    • man-in-the-middle
    • spoofing
    • spamming
    • sniffing
      Answers Explanation & Hints:

      A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

  15. Which statement best describes a motivation of hacktivists?

    • They are part of a protest group behind a political cause.
    • They are curious and learning hacking skills.
    • They are interested in discovering new exploits.
    • They are trying to show off their hacking skills.
      Answers Explanation & Hints:

      Each type of cybercriminal has a distinct motivation for his or her actions.

  16. Which two groups of people are considered internal attackers? (Choose two.)

    • trusted partners
    • hacktivists
    • ex-employees
    • black hat hackers
    • amateurs
      Answers Explanation & Hints:

      Threats are classified as being from an internal source or external source. A cybersecurity specialist needs to be aware of the source of various threats.

  17. Which hashing technology requires keys to be exchanged?

    • AES
    • HMAC
    • salting
    • MD5
      Answers Explanation & Hints:

      The difference between HMAC and hashing is the use of keys.

  18. What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?

    • sniffing
    • phishing
    • spamming
    • spoofing
      Answers Explanation & Hints:

      A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

  19. Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?

    • the same pre-shared key he used with Alice
    • the private key of Carol
    • the public key of Bob
    • a new pre-shared key
      Answers Explanation & Hints:

      Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

  20. Which technology would you implement to provide high availability for data storage?

    • RAID
    • N+1
    • hot standby
    • software updates
      Answers Explanation & Hints:

      System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to provide redundancy.

  21. What is an example of early warning systems that can be used to thwart cybercriminals?

    • ISO/IEC 27000 program
    • Infragard
    • CVE database
    • Honeynet project
      Answers Explanation & Hints:

      Early warning systems help identify attacks and can be used by cybersecurity specialists to protect systems.

  22. A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?

    • Implement intrusion detection systems.
    • Implement a firewall.
    • Implement a VLAN.
    • Implement RAID.
      Answers Explanation & Hints:

      Protecting data confidentiality requires an understanding of the technologies used to protect data in all three data states.

  23. What type of attack will make illegitimate websites higher in a web search result list?

    • SEO poisoning
    • DNS poisoning
    • spam
    • browser hijacker
      Answers Explanation & Hints:

      A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

  24. Which technology can be used to protect VoIP against eavesdropping?

    • SSH
    • strong authentication
    • encrypted voice messages
    • ARP
      Answers Explanation & Hints:

      Many advanced technologies such as VoIP, streaming video, and electronic conferencing require advanced countermeasures.

  25. What describes the protection provided by a fence that is 1 meter in height?

    • It deters casual trespassers only.
    • The fence deters determined intruders.
    • It offers limited delay to a determined intruder.
    • It prevents casual trespassers because of its height.
      Answers Explanation & Hints:

      Security standards have been developed to assist organizations in implementing the proper controls to mitigate potential threats. The height of a fence determines the level of protection from intruders

  26. Which two protocols pose switching threats? (Choose two.)

    • RIP
    • IP
    • ICMP
    • WPA2
    • STP
    • ARP
      Answers Explanation & Hints:

      Network switches are the heart of the modern data communication network. The main threats to network switches are theft, hacking and remote access, and attacks against network protocols.

  27. What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?

    • asymmetric encryption
    • digital signature
    • digital certificate
    • salting
      Answers Explanation & Hints:

      Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

  28. The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?

    • user login auditing
    • a set of attributes that describes user access rights
    • a biometric fingerprint reader
    • observations to be provided to all employees
      Answers Explanation & Hints:

      Access control prevents unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

  29. Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)

    • TKIP
    • 802.11q
    • WPA
    • 802.11i
    • WEP
    • WPA2
      Answers Explanation & Hints:

      Various protocols can be used to provide secure communication systems. AES is the strongest encryption algorithm.

  30. An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?

    • logical
    • physical
    • technological
    • administrative
      Answers Explanation & Hints:

      Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

  31. A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?

    • CRC
    • password
    • salting
    • HMAC
      Answers Explanation & Hints:

      HMAC is an algorithm used to authenticate. The sender and receiver have a secret key that is used along with the data to ensure the message origin as well as the authenticity of the data.

  32. The X.509 standards defines which security technology?

    • biometrics
    • strong passwords
    • digital certificates
    • security tokens
      Answers Explanation & Hints:

      Digital certificates protect the parties involved in a secure communication

  33. Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?

    • VPN
    • NAC
    • NAS
    • SAN
      Answers Explanation & Hints:

      A cybersecurity specialist must be aware of the technologies available to enforce its organization’s security policy.

  34. What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?

    • social engineering
    • ransomeware
    • man-in-the-middle
    • pharming
      Answers Explanation & Hints:

      A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

  35. Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?

    • phishing
    • worm
    • spam
    • virus
      Answers Explanation & Hints:

      A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

  36. Which data state is maintained in NAS and SAN services?

    • encrypted data
    • data in-process
    • data in-transit
    • stored data
      Answers Explanation & Hints:

      A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data.

  37. What is the most difficult part of designing a cryptosystem?

    • encryption algorithm
    • reverse engineering
    • key length
    • key management
      Answers Explanation & Hints:

      Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.

  38. Which methods can be used to implement multifactor authentication?

    • VPNs and VLANs
    • IDS and IPS
    • tokens and hashes
    • passwords and fingerprints
      Answers Explanation & Hints:

      A cybersecurity specialist must be aware of the technologies available that support the CIA triad.

  39. Keeping data backups offsite is an example of which type of disaster recovery control?

    • preventive
    • corrective
    • management
    • detective
      Answers Explanation & Hints:

      A disaster recovery plan enables an organization to prepare for potential disasters and minimize the resulting downtime.

  40. Which protocol would be used to provide security for employees that access systems remotely from home?

    • Telnet
    • SCP
    • WPA
    • SSH
      Answers Explanation & Hints:

      Various application layer protocols are used to for communications between systems. A secure protocol provides a secure channel over an unsecured network.

  41. Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?

    • sneaker net
    • wired networks
    • virtual networks
    • wireless networks
      Answers Explanation & Hints:

      A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data.

  42. In which situation would a detective control be warranted?

    • after the organization has experienced a breach in order to restore everything back to a normal state
    • when the organization needs to look for prohibited activity
    • when the organization needs to repair damage
    • when the organization cannot use a guard dog, so it is necessary to consider an alternative
      Answers Explanation & Hints:

      Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

  43. What approach to availability involves using file permissions?

    • layering
    • simplicity
    • obscurity
    • limiting
      Answers Explanation & Hints:

      System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability.

  44. Which wireless standard made AES and CCM mandatory?

    • WPA2
    • WPA
    • WEP2
    • WEP
      Answers Explanation & Hints:

      Wireless security depends on several industry standards and has progressed from WEP to WPA and finally WPA2.

  45. What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document?

    • asymmetric encryption
    • digital certificate
    • digital signature
    • HMAC
      Answers Explanation & Hints:

      A digital signature is used to establish authenticity, integrity, and nonrepudiation.

  46. Being able to maintain availability during disruptive events describes which of the principles of high availability?

    • single point of failure
    • system resiliency
    • fault tolerance
    • uninterruptible services
      Answers Explanation & Hints:

      High availability can be achieved by eliminating or reducing single points of failure, by implementing system resiliency, and by designing for fault tolerance.

  47. Which law was enacted to prevent corporate accounting-related crimes?

    • The Federal Information Security Management Act
    • Import/Export Encryption Act
    • Sarbanes-Oxley Act
    • Gramm-Leach-Bliley Act
      Answers Explanation & Hints:

      New laws and regulations have come about to protect organizations, citizens, and nations from cybersecurity attacks.

  48. The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities?

    • NIST/NICE framework
    • Infragard
    • ISO/IEC 27000 model
    • CVE national database
      Answers Explanation & Hints:

      A cybersecurity specialist needs to be familiar with the resources such as the CVE database, Infragard, and the NIST/NISE framework. All can be used to help plan and implement effective an information security management system.

  49. What kind of integrity does a database have when all its rows have a unique identifier called a primary key?

    • referential integrity
    • domain integrity
    • entity integrity
    • user-defined integrity
      Answers Explanation & Hints:

      Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies that are used to ensure data integrity.

  50. You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control?

    • a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data
    • data encryption operations that prevent any unauthorized users from accessing sensitive data
    • data entry controls which only allow entry staff to view current data
    • a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data
      Answers Explanation & Hints:

      Data integrity deals with data validation.

3.9 9 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments