Cybersecurity Essentials Final pt en

Prévia do material em texto

Translated from Portuguese to English - www.onlinedoctranslator.com
Fundamentals in Cybersecurity
	Started on
	Thursday, 14 September 2023, 9:18 PM
	State
	Finished
	Completed on
	Thursday, 14 September 2023, 10:18 PM
	Time taken
	1 hour
	Marks
	99.00/103.00
	Grid
	96.12out of 100.00
Top of the form
Question1
Correct
Mark 2.00 out of 2.00
Question text
Alice and Bob are using public key cryptography to exchange a message. What key should Alice use to encrypt a message to Bob?
Select one:
Alice's private key
Alice's public key
Bob's public key
Bob's private key
Feedback
Refer to curriculum topic: 4.1.3 Encryption is an important technology used to ensure confidentiality. It is important to understand the characteristics of different encryption methodologies.
The correct answer is: Bob's public key
Questiontwo
Correct
Mark 2.00 out of 2.00
Question text
Users report that the database on the main server cannot be accessed. A database administrator checks the problem and notices that the database file is now encrypted. An organization receives a threatening email demanding payment for decrypting a database file. What type of attack did the organization suffer?
Select one:
man-in-the-middle attack
Trojan Horse
DoS attack
ransomware
Feedback
Refer to curriculum topic: 3.1.1A cybersecurity specialist needs to be familiar with the characteristics of different types of malicious software and attacks that threaten an organization.
The correct answer is: ransomware
Question3
Correct
Mark 2.00 out of 2.00
Question text
What technology can be implemented as part of an authentication system to verify employee identification?
Select one:
a virtual fingerprint
SHA-1 Hash
a smart card reader
a security room
Feedback
Refer to curriculum topic: 2.2.1 A cybersecurity specialist must know the available technologies that support the CIA triad.
The correct answer is: a smart card reader
Question4
Correct
Mark 2.00 out of 2.00
Question text
Users report that network access is slow. After questioning employees, the network administrator learned that an employee downloaded a scanning program to the printer provided by a third party. What type of malicious software has been introduced that could be causing slow network performance?
Select one:
virus
phishing
spam
worm
Feedback
Refer to curriculum topic: 3.1.1A cybersecurity specialist needs to be familiar with the characteristics of different types of malicious software and attacks that threaten an organization.
The correct answer is: verme
Question5
Correct
Mark 2.00 out of 2.00
Question text
You have been asked to work with the data collection and entry team in your organization to improve data integrity during initial data entry and modification operations. Several team members ask you to explain why new data entry forms limit the types and size of data that can be entered into specific fields. What is an example of a new data integrity control?
Select one:
data entry controls that allow the data entry team to only view existing data
a validation rule that has been implemented to ensure data integrity, accuracy, and consistency
a throttling rule that has been implemented to prevent unauthorized personnel from entering confidential data
data encryption operations that prevent unauthorized users from accessing confidential data
Feedback
Refer to curriculum topic: 5.4.2Data integrity deals with data validation.
The correct answer is: a validation rule that was implemented to ensure data integrity, accuracy and consistency
Question6
Correct
Mark 2.00 out of 2.00
Question text
A penetration testing service contracted by the company reported that a backdoor had been identified in the network. What steps should the organization take to find out if systems have been compromised?
Select one:
Search for usernames that do not have passwords.
Search for policy changes using the Event Viewer event viewer.
Search for unauthorized accounts.
Check systems for viruses.
Feedback
Refer to curriculum topic: 3.1.1A cybersecurity specialist needs to be familiar with the characteristics of different types of malicious software and attacks that threaten an organization.
The correct answer is: Search for unauthorized accounts.
Question7
Correct
Mark 2.00 out of 2.00
Question text
What technology should be implemented to verify an organization's identity, to authenticate its website, and to provide an encrypted connection between a customer and the website?
Select one:
digital certificate
digital signature
asymmetric encryption
use of salt
Feedback
Refer to curriculum topic: 5.2.2 Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of different encryption methodologies.
The correct answer is: digital certificate
Question8
Correct
Mark 3.00 out of 3.00
Question text
What three services does CERT offer? (Choose three.)
Select one or more:
resolve software vulnerabilities
develop tools, products and methods to analyze vulnerabilities
develop tools, products and methods to perform forensic examinations
comply with software standards
create malicious software tools
develop attack tools
Feedback
Refer to curriculum topic: 8.2.3 CERT provides several services, including:
· help resolve software vulnerabilities
· develop tools, products and methods to perform forensic examinations
· develop tools, products and methods to analyze vulnerabilities
· develops tools, products and methods to monitor large networks
· help organizations determine the effectiveness of their security-related practices
The correct answers are: resolve software vulnerabilities, develop tools, products and methods to analyze vulnerabilities, develop tools, products and methods to perform forensic examinations
Question9
Correct
Mark 2.00 out of 2.00
Question text
An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation, but the presentation files are corrupt. The caller strongly recommends that the secretary immediately send the presentation to a personal email address. The caller also claims that the executive is holding the secretary responsible for the success of the presentation. What type of social engineering tactic would describe this scenario?
Select one:
urgency
familiarity
trusted partners
bullying
Feedback
Refer to curriculum topic: 3.2.1Social engineering uses several different tactics to obtain information from victims.
The correct answer is: intimidation
Question10
Correct
Mark 2.00 out of 2.00
Question text
Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can be sure that the document came from Alice?
Select one:
Alice's username and password
Alice's private key
Bob's private key
Bob's public key
Feedback
Refer to curriculum topic: 5.2.2Alice and Bob are used to explain asymmetric encryption used in digital signatures. Alice uses a private key to encrypt the message digest. The message, the encrypted message digest, and the public key are used to create the signed document and prepare it for transmission.
The correct answer is: Alice's private key
Question11
Correct
Mark 2.00 out of 2.00
Question text
What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?
Select one:
asset normalization
asset availability
asset classification
asset identification
Feedback
Refer to curriculum topic: 6.2.1 An organization needs to know what hardware and software are present as a prerequisite to knowing what the configuration parameters will be. Asset management includes a complete inventory of hardware and software. Asset standards identify specific hardware and software products that the organization uses and supports. When a failure occurs, alert action helps maintain access and security.
The correctanswer is: asset normalization
Question12
Correct
Mark 2.00 out of 2.00
Question text
What are the two most effective ways to defend against malicious software? (Choose two options.)
Select one or more:
Implement RAID.
Implement a VPN.
Implement strong passwords.
Update the operating system and other software applications.
Install and update antivirus software.
Implement network firewalls.
Feedback
Refer to curriculum topic: 3.1.1A cybersecurity specialist must know the technologies and measures that are used as countermeasures to protect the organization against threats and vulnerabilities.
The correct answers are: Update the operating system and other software applications. Install and update antivirus software.
Question13
Correct
Mark 2.00 out of 2.00
Question text
Which utility uses the Internet Control Messaging Protocol (ICMP)?
Select one:
DNS
RIP
ping
NTP
Feedback
Refer to curriculum topic: 7.3.1 ICMP is used by network devices to send error messages.
The correct answer is: ping
Question14
Correct
Mark 2.00 out of 2.00
Question text
What protocol would be used to provide security for employees accessing systems remotely from home?
Select one:
SCP
SSH
WPA
Telnet
Feedback
Refer to curriculum topic: 7.2.1 Various application layer protocols are used for communication between systems. A secure protocol provides a secure channel over an unsecured network.
The correct answer is: SSH
Question15
Correct
Mark 2.00 out of 2.00
Question text
What is an example of early warning systems that can be used to stop cybercriminals?
Select one:
the ISO/IEC 27000 Program
to Infragard
the CVE database
the Honeynet project
Feedback
Refer to curriculum topic: 1.2.2Early warning systems help identify attacks and can be used by cybersecurity experts to protect systems.
The correct answer is: the Honeynet project
Question16
Correct
Mark 2.00 out of 2.00
Question text
What method does steganography use to hide text in an image file?
Select one:
data masking
most significant bit
data obfuscation
least significant bit
Feedback
Refer to curriculum topic: 4.3.2 Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of different encryption methodologies.
The correct answer is: least significant bit
Question17
Correct
Mark 2.00 out of 2.00
Question text
The team is in the process of carrying out a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing when calculating the expected annual loss?
Select one:
loss analysis
qualitative analysis
quantitative analysis
protection analysis
Feedback
Refer to curriculum topic: 6.2.1A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.
The correct answer is: quantitative analysis
Question18
Correct
Mark 2.00 out of 2.00
Question text
You have been asked to implement a data integrity program to protect data files that need to be downloaded electronically by sales employees. He decided to use the strongest hashing algorithm available on his systems. Which hash algorithm would you select?
Select one:
SHA-256
SHA-1
AES
MD5
Feedback
Refer to curriculum topic: 5.1.1MD5 and SHA are the two most popular hashing algorithms. SHA-256 uses a 256-bit hash, while MD5 produces a 128-bit hash value.
The correct answer is: SHA-256
Question19
Correct
Mark 2.00 out of 2.00
Question text
A security expert is asked for advice on a security measure to prevent unauthorized hosts from accessing the employees' home network. What would be the most effective measure?
Select one:
Implement a firewall.
Implement intrusion detection systems
Implement a VLAN.
Implement RAID.
Feedback
Refer to curriculum topic: 2.4.1Protecting data confidentiality requires an understanding of the technologies used to protect data in the three data states.
The correct answer is: Implement a firewall.
Question20
Correct
Mark 2.00 out of 2.00
Question text
What is a copycat attack that takes advantage of a trust relationship between two systems?
Select one:
spamming
falsification
man-in-the-middle
sniffing
Feedback
Refer to curriculum topic: 3.3.1A cybersecurity specialist needs to be familiar with the characteristics of different types of malicious software and attacks that threaten an organization.
The correct answer is: forgery
Question21
Correct
Mark 2.00 out of 2.00
Question text
There are many environments that require five nines, but a five nines environment can be cost prohibitive. Give an example where the five nines environment may be cost prohibitive?
Select one:
shops in a local shopping center
the official offices of a major league football team
the US Department of Education
the New York Stock Exchange
Feedback
Refer to curriculum topic: 6.1.1 Availability of systems and data is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, processes, and controls used to secure and provide high availability.
The correct answer is: the New York Stock Exchange
Question22
Correct
Mark 2.00 out of 2.00
Question text
Being able to maintain availability during disruptive or disruptive events describes which of the principles of high availability?
Select one:
system resilience
single point of failure
fault tolerance
uninterrupted services
Feedback
Refer to curriculum topic: 6.1.1 High availability can be achieved by eliminating or reducing single points of failure, implementing system resilience, and designing for fault tolerance.
The correct answer is: system resilience
Question23
Correct
Mark 2.00 out of 2.00
Question text
Technicians are testing the security of an authentication system that uses passwords. When a technician examines password tables, he discovers that passwords are stored as hash values. However, after analyzing a hash, he discovers that the observed values ​​are different from those he observed in other systems. What are the two causes of this situation? (Choose two options.)
Select one or more:
Both systems scramble passwords before hashing them.
One system uses symmetric hashing and the other uses asymmetric hashing.
Both systems use MD5.
The systems use different hashing algorithms.
One system uses hashing and the other uses hashing and salt.
Feedback
Refer to curriculum topic: 5.1.2 Hashing can be used in many different situations to ensure data integrity.
The correct answers are: The systems use different hashing algorithms. One system uses hashing and the other uses hashing and salt.
Question24
Correct
Mark 2.00 out of 2.00
Question text
Which of the following products or technologies would you use to establish a baseline for an operating system?
Select one:
Microsoft Security Baseline Analyzer
CVE Baseline Analyzer
MS Baseliner
SANS Baselining System (SBS)
Feedback
Refer to curriculum topic: 7.1.1 There are many tools that a cybersecurity specialist uses to assess an organization's potential vulnerabilities.
The correct answer is: Microsoft Security Baseline Analyzer
Question25
Correct
Mark 2.00 out of 2.00
Question text
What wireless standard made AES and CCM mandatory?
Select one:
WEP
WPA2
WPA
WEP2
Feedback
Refer to curriculum topic: 7.1.2Wireless security depends on several industry standards having evolved from WEP to WPA and finally WPA2.
The correct answer is: WPA2
Question26
Correct
Mark 2.00 out of 2.00
Question text
Awareness and identification of vulnerabilities is a critical role of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities?
Select one:
NIST/NICE Framework
CVE database
ISO/IEC 27000 model
Infragard
Feedback
Refer to curriculum topic: 6.2.1 A cybersecurity specialist needs to be familiar with resources such as the CVE database, Infragard and the NIST/NISE framework. All can be used to help plan and implement an effective informationsecurity management system.
The correct answer is: CVE database
Question27
Correct
Mark 2.00 out of 2.00
Question text
What algorithm does Windows use by default when a user wants to encrypt files and folders on an NTFS partition?
Select one:
3DES
RSA
DES
AES
Feedback
Refer to curriculum topic: 4.1.4 Encryption is an important technology used to ensure confidentiality. It is important to understand the characteristics of different encryption methodologies.
The correct answer is: AES
Question28
Correct
Mark 2.00 out of 2.00
Question text
A company uses a VPN to provide remote users with secure access to the corporate network. What does IPsec use to authenticate the origin of each packet to provide data integrity checking?
Select one:
HMAC
password
salt
CRC
Feedback
Refer to curriculum topic: 5.1.3HMAC is an algorithm used to authenticate. The sender and receiver have a secret key that is used along with the data to ensure the origin of the message as well as the authenticity of the data.
The correct answer is: HMAC
Question29
Correct
Mark 2.00 out of 2.00
Question text
Keeping data backups off-site is an example of what type of disaster recovery control?
Select one:
detective
administrative
liquid Paper
preventive
Feedback
Refer to curriculum topic: 6.4.1 A disaster recovery plan allows an organization to prepare for potential disasters and minimize resulting downtime.
The correct answer is: preventive
Question30
Correct
Mark 2.00 out of 2.00
Question text
What types of attacks can mutual authentication prevent?
Select one:
poisoning in wireless networks
IP spoofing in wireless networks
sniffing in wireless networks
man-in-the-middle
Feedback
Refer to curriculum topic: 7.1.2A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization against threats and vulnerabilities.
The correct answer is: man-in-the-middle
Question31
Correct
Mark 2.00 out of 2.00
Question text
What type of cyberattack would interfere with established network communication through the use of packets constructed in such a way that the packets appear to be part of normal communication?
Select one:
packet sniffing
DNS spoofing
packet spoofing
Unauthorized Wi-Fi APs
Feedback
Refer to curriculum topic: 1.3.1 Cybersecurity experts need to be familiar with the characteristics of various attacks.
The correct answer is: packet spoofing
Question32
Correct
Mark 2.00 out of 2.00
Question text
What two protocols pose threats to switching devices? (Choose two options.)
Select one or more:
WPA2
RIP
ARP
STP
IP
ICMP
Feedback
Refer to curriculum topic: 7.3.1 Network switches are the center of a modern data communications network. The main threats to network switches are theft, hacking and remote access, and attacks against network protocols.
The correct answers are: ARP, STP
Question33
Correct
Mark 2.00 out of 2.00
Question text
What happens as the key length increases in a cryptography application?
Select one:
the universe of keys decreases proportionally.
the universe of keys increases proportionally.
the universe of keys decreases exponentially.
the universe of keys increases exponentially.
Feedback
Refer to curriculum topic: 4.1.4 Encryption is an important technology used to ensure confidentiality. It is important to understand the characteristics of different encryption methodologies.
The correct answer is: the universe of keys increases exponentially.
Question34
Correct
Mark 2.00 out of 2.00
Question text
What are the two phases of incident response? (Choose two options.)
Select one or more:
risk analysis and high availability
detection and analysis
confidentiality and eradication
mitigation and acceptance
prevention and containment
containment and recovery
Feedback
Refer to curriculum topic: 6.3.1When an incident occurs, the organization must know how to respond. An organization needs to develop an incident response plan that includes several phases.
The correct answers are: detection and analysis, containment and recovery
Question35
Correct
Mark 2.00 out of 2.00
Question text
Your risk manager has just distributed a chart that uses three colors to identify the level of threat to key assets in information security systems. Red represents a high level of risk, yellow represents a medium level of threat and green represents a low level of threat. What type of risk analysis does this graph represent?
Select one:
quantitative analysis
exposure factor analysis
loss analysis
qualitative analysis
Feedback
Refer to curriculum topic: 6.2.1A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.
The correct answer is: qualitative analysis
Question36
Correct
Mark 2.00 out of 2.00
Question text
An organization allows employees to work from home two days a week. What technology should be implemented to ensure data confidentiality as data is transmitted?
Select one:
SHS
VLANs
RAID
VPN
Feedback
Refer to curriculum topic: 2.4.1Protecting data confidentiality requires an understanding of the technologies used to protect data in the three data states.
The correct answer is: VPN
Question37
Correct
Mark 2.00 out of 2.00
Question text
What technology should you implement to ensure that an individual cannot later claim that they did not sign a certain document?
Select one:
asymmetric encryption
digital certificate
HMAC
digital signature
Feedback
Refer to curriculum topic: 5.2.1A digital signature is used to establish authentication, integrity and non-repudiation.
The correct answer is: digital signature
Question38
Correct
Mark 2.00 out of 2.00
Question text
A cybersecurity specialist is working with the IT team to establish an effective information security plan. What combination of security principles forms the basis for a security plan?
Select one:
confidentiality, identification and non-repudiation
confidentiality, integrity and availability
encryption, authentication and identification
technologies, policies and awareness
Feedback
Refer to curriculum topic: 2.1.1The CIA Triad is the basis on which all information management systems are developed.
The correct answer is: confidentiality, integrity and availability
Question39
Correct
Mark 2.00 out of 2.00
Question text
Passwords, passphrases and PINs are examples of what security term?
Select one:
access
identification
authorization
authentication
Feedback
Refer to curriculum topic: 4.2.4Authentication methods are used to strengthen access control systems. It is important to understand the authentication methods available.
The correct answer is: authentication
Question40
Correct
Mark 2.00 out of 2.00
Question text
What technology would you implement to provide high availability for data storage?
Select one:
RAID
hot standby
software updates
N+1
Feedback
Refer to curriculum topic: 6.2.3 Availability of systems and data is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, processes and controls used to provide redundancy.
The correct answer is: RAID
Question41
Incorrect
Mark 0.00 out of 2.00
Question text
In a comparison of biometric systems, what is the cross-error rate?
Select one:
bounce rate and false negative rate
acceptance rate and false negative rate
false positive rate and acceptability rate
false negative rate and false positive rate
Feedback
Refer to curriculum topic: 7.4.1 When comparing biometric systems, there are several important factors to consider, including accuracy, speed or transmission rate and acceptance by users.
The correct answer is: false negative rate and false positive rate
Question42
Correct
Mark 2.00 out of 2.00
Question text
The IT department is tasked with implementing a system that controls what a user can and cannot do on the corporate network. What process must be implemented to meet the requirement?
Select one:
a biometric fingerprint reader
user login registration
observations to be provided to all workers
a set of attributesthat describe the user's access rights
Feedback
Refer to curriculum topic: 4.2.5Access control prevents unauthorized users from gaining access to confidential data and networked systems. There are several technologies used to implement effective access control strategies.
The correct answer is: a set of attributes that describe the user's access rights
Question43
Correct
Mark 3.00 out of 3.00
Question text
An organization has implemented a private cloud infrastructure. The security administrator is asked to protect the infrastructure against potential threats. What are three tactics that can be implemented to secure the private cloud? (Choose three.)
Select one or more:
Update devices with security fixes and patches.
Grant administrative rights.
Disable firewalls.
Disable ping, probing and port scanning.
Test inbound and outbound traffic.
Hire a consultant.
Feedback
Refer to curriculum topic: 8.1.4 Organizations can manage private cloud threats using the following methods:
· Disable ping, probing and port scanning.
· Implement intrusion detection and prevention systems.
· Monitor incoming IP traffic anomalies.
· Update devices with security fixes and patches.
· Perform post-configuration penetration testing.
· Test inbound and outbound traffic.
· Implement a data classification standard.
· Implement file transfer monitoring and search for unknown file types.
The correct answers are: Disable ping, probing and port scanning. Test incoming and outgoing traffic. Update devices with security fixes and patches.
Question44
Correct
Mark 2.00 out of 2.00
Question text
A specialist in the human resources department is invited to promote the cybersecurity program in community schools. What three topics should the specialist highlight in his presentation to attract students to this area? (Choose three.)
Select one or more:
service to the public
a professional area with high demand
routine work, day-to-day tasks
CompTIA A+ certification provides a knowledge base suited to the field
an area that requires a doctoral degree
high earning potential
Feedback
Refer to curriculum topic: 1.2.2The increased demand for cybersecurity specialists offers several unique career opportunities.
The correct answers are: service to the public, high earning potential, a professional area in high demand
Question45
Correct
Mark 2.00 out of 2.00
Question text
What access control should an IT department use to restore a system back to its normal state?
Select one:
detective
compensative
liquid Paper
preventive
Feedback
Refer to curriculum topic: 4.2.7Access control prevents an unauthorized user from gaining access to confidential data and networked systems. There are several technologies used to implement effective access control strategies.
The correct answer is: concealer
Question46
Correct
Mark 2.00 out of 2.00
Question text
What type of attack makes illegitimate websites appear higher in the list of web search results?
Select one:
DNS poisoning
browser hijacker
spam
SEO poisoning
Feedback
Refer to curriculum topic: 3.1.2A cybersecurity specialist needs to be familiar with the characteristics of different types of malicious software and attacks that threaten an organization.
The correct answer is: SEO poisoning
Question47
Correct
Mark 2.00 out of 2.00
Question text
An organization has discovered that an employee has been cracking administrator account passwords to access sensitive salary information. What tools would you look for in the employee system? (Choose three)
Select one or more:
unauthorized access points
reverse lookup tables
rainbow tables
password summaries
lookup tables
algorithm tables
Feedback
Refer to curriculum topic: 5.1.2Tables containing possible password combinations are used to crack passwords.
The correct answers are: rainbow tables, lookup tables, reverse lookup tables
Question48
Correct
Mark 3.00 out of 3.00
Question text
A breach occurs at a company that processes credit card information. What industry-specific law governs the protection of credit card data?
Select one:
GLBA
SOX
ECPA
PCI DSS
Feedback
Refer to curriculum topic: 8.2.2The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data while merchants and banks conduct transactions.
The correct answer is: PCI DSS
Question49
Incorrect
Mark 0.00 out of 2.00
Question text
A user has a large amount of data that needs to be kept confidential. What algorithm would best ensure this requirement?
Select one:
Diffie-Hellman
3DES
RSA
ECC
Feedback
Refer to curriculum topic: 4.1.4 Encryption is an important technology used to ensure confidentiality. It is important to understand the characteristics of different encryption methodologies.
The correct answer is: 3DES
Question50
Correct
Mark 2.00 out of 2.00
Question text
What structure, or frame of reference, should be recommended for establishing a comprehensive information security management system in an organization?
Select one:
ISO/IEC 27000
ICD Triad
ISO's OSI model
NIST/NICE Framework
Feedback
Refer to curriculum topic: 2.5.1 A cybersecurity specialist needs to be familiar with the different structures and models for managing information security.
The correct answer is: ISO/IEC 27000