Marcar esta pregunta

Pregunta 12 ptos.
What is an example of early warning systems that can be used to thwart
cybercriminals?

ISO/IEC 27000 program

CVE database
Infragard
Honeynet project

Marcar esta pregunta

Pregunta 22 ptos.
Which two groups of people are considered internal attackers? (Choose two.)

hacktivists
trusted partners
black hat hackers
ex-employees
amateurs

Marcar esta pregunta

Pregunta 32 ptos.
Which type of cybercriminal is the most likely to create malware to compromise an
organization by stealing credit card information?

script kiddies
white hat hackers
black hat hackers
gray hat hackers

Marcar esta pregunta

Pregunta 42 ptos.
A security specialist is asked for advice on a security measure to prevent
unauthorized hosts from accessing the home network of employees. Which
measure would be most effective?

Implement intrusion detection systems.

Implement a VLAN.
Implement a firewall.
 Implement RAID.

Marcar esta pregunta

Pregunta 52 ptos.
Which technology should be used to enforce the security policy that a computing
device must be checked against the latest antivirus update before the device is
allowed to connect to the campus network?

SAN
NAC
NAS
VPN

Marcar esta pregunta

Pregunta 62 ptos.
What are three states of data during which data is vulnerable? (Choose three.)

purged data
data encrypted
data in-process
data in-transit
stored data
data decrypted

Marcar esta pregunta

Pregunta 72 ptos.
Which data state is maintained in NAS and SAN services?

data in-process
data in-transit
encrypted data
stored data

Marcar esta pregunta

Pregunta 82 ptos.
Which technology can be used to ensure data confidentiality?

identity management
hashing
RAID
 encryption

Marcar esta pregunta

Pregunta 92 ptos.
What three best practices can help defend against social engineering attacks?
(Choose three.)

Deploy well-designed firewall appliances.

Do not provide password resets in a chat window.
Add more security guards.
Educate employees regarding policies.
Enable a policy that states that the IT department should supply information over the phone only to
managers.
Resist the urge to click on enticing web links.

Marcar esta pregunta

Pregunta 102 ptos.
Users report that the network access is slow. After questioning the employees, the
network administrator learned that one employee downloaded a third-party
scanning program for the printer. What type of malware might be introduced that
causes slow performance of the network?

phishing
spam
worm
virus

Marcar esta pregunta

Pregunta 112 ptos.
A penetration testing service hired by the company has reported that a backdoor
was identified on the network. What action should the organization take to find out
if systems have been compromised?

Look for policy changes in Event Viewer.

Look for unauthorized accounts.
Look for usernames that do not have passwords.
Scan the systems for viruses.

Marcar esta pregunta

Pregunta 122 ptos.
An executive manager went to an important meeting. The secretary in the office
receives a call from a person claiming that the executive manager is about to give
an important presentation but the presentation files are corrupted. The caller
sternly recommends that the secretary email the presentation right away to a
personal email address. The caller also states that the executive is holding the
secretary responsible for the success of this presentation. Which type of social
engineering tactic would describe this scenario?

familiarity
trusted partners
urgency
intimidation

Marcar esta pregunta

Pregunta 132 ptos.
Users report that the database on the main server cannot be accessed. A
database administrator verifies the issue and notices that the database file is now
encrypted. The organization receives a threatening email demanding payment for
the decryption of the database file. What type of attack has the organization
experienced?

ransomeware
Trojan horse
man-in-the-middle attack
DoS attack

Marcar esta pregunta

Pregunta 142 ptos.
What are the two most effective ways to defend against malware? (Choose two.)

Implement network firewalls.

Implement a VPN.
Implement RAID.
Update the operating system and other application software.
Implement strong passwords.
Install and update antivirus software.

Marcar esta pregunta

Pregunta 152 ptos.
What is an impersonation attack that takes advantage of a trusted relationship
between two systems?
 man-in-the-middle
spoofing
sniffing
spamming

Marcar esta pregunta

Pregunta 162 ptos.
Which method is used by steganography to hide text in an image file?

data obfuscation
most significant bit
data masking
least significant bit

Marcar esta pregunta

Pregunta 172 ptos.
The IT department is tasked to implement a system that controls what a user can
and cannot do on the corporate network. Which process should be implemented to
meet the requirement?

observations to be provided to all employees

user login auditing
a set of attributes that describes user access rights
a biometric fingerprint reader

Marcar esta pregunta

Pregunta 182 ptos.
What is the most difficult part of designing a cryptosystem?

key management
key length
encryption algorithm
reverse engineering

Marcar esta pregunta

Pregunta 192 ptos.
Passwords, passphrases, and PINs are examples of which security term?

access
authorization
 identification
authentication

Marcar esta pregunta

Pregunta 202 ptos.
Which access control should the IT department use to restore a system back to its
normal state?

compensative
detective
corrective
preventive

Marcar esta pregunta

Pregunta 212 ptos.
A user has a large amount of data that needs to be kept confidential. Which
algorithm would best meet this requirement?

ECC
Diffie-Hellman
RSA
3DES

Marcar esta pregunta

Pregunta 222 ptos.
Smart cards and biometrics are considered to be what type of access control?

logical
physical
administrative
technological

Marcar esta pregunta

Pregunta 232 ptos.
An organization plans to implement security training to educate employees about
security policies. What type of access control is the organization trying to
implement?

administrative
physical
 logical
technological

Marcar esta pregunta

Pregunta 242 ptos.
An organization just completed a security audit. Your division was cited for not
conforming to X.509 requirements. What is the first security control you need to
examine?

hashing operations
digital certificates
data validation rules
VPNs and encryption services

Marcar esta pregunta

Pregunta 252 ptos.
What technique creates different hashes for the same password?

salting
SHA-256
HMAC
CRC

Marcar esta pregunta

Pregunta 262 ptos.
Which technology could be used to prevent a cracker from launching a dictionary
or brute-force attack off a hash?

AES
MD5
rainbow tables
HMAC

Marcar esta pregunta

Pregunta 272 ptos.
Alice and Bob are using a digital signature to sign a document. What key should
Alice use to sign the document so that Bob can make sure that the document came
from Alice?

public key from Bob

private key from Bob
 private key from Alice
username and password from Alice

Marcar esta pregunta

Pregunta 282 ptos.
You have been asked to describe data validation to the data entry clerks in
accounts receivable. Which of the following are good examples of strings, integers,
and decimals?

female, 9866, $125.50

yes/no 345-60-8745, TRF562
male, $25.25, veteran
800-900-4560, 4040-2020-8978-0090, 01/21/2013

Marcar esta pregunta

Pregunta 292 ptos.
You have been asked to work with the data collection and entry staff in your
organization in order to improve data integrity during initial data entry and data
modification operations. Several staff members ask you to explain why the new
data entry screens limit the types and size of data able to be entered in specific
fields. What is an example of a new data integrity control?

a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data
a validation rule which has been implemented to ensure completeness, accuracy, and consistency of
data
data entry controls which only allow entry staff to view current data
data encryption operations that prevent any unauthorized users from accessing sensitive data

Marcar esta pregunta

Pregunta 302 ptos.
What technology should you implement to ensure that an individual cannot later
claim that he or she did not sign a given document?

digital certificate
asymmetric encryption
HMAC
digital signature

Marcar esta pregunta

Pregunta 312 ptos.
Which hashing algorithm is recommended for the protection of sensitive,
unclassified information?
 AES-256
SHA-256
MD5
3DES

Marcar esta pregunta

Pregunta 322 ptos.
The team is in the process of performing a risk analysis on the database services.
The information collected includes the initial value of these assets, the threats to
the assets and the impact of the threats. What type of risk analysis is the team
performing by calculating the annual loss expectancy?

qualitative analysis
loss analysis
quantitative analysis
protection analysis

Marcar esta pregunta

Pregunta 332 ptos.
Keeping data backups offsite is an example of which type of disaster recovery
control?

detective
corrective
management
preventive

Marcar esta pregunta

Pregunta 342 ptos.
What are two incident response phases? (Choose two.)

containment and recovery

prevention and containment
risk analysis and high availability
mitigation and acceptance
confidentiality and eradication
detection and analysis

Marcar esta pregunta

Pregunta 352 ptos.
What approach to availability provides the most comprehensive protection because
multiple defenses coordinate together to prevent attacks?

layering
limiting
obscurity
diversity

Marcar esta pregunta

Pregunta 362 ptos.
The awareness and identification of vulnerabilities is a critical function of a
cybersecurity specialist. Which of the following resources can be used to identify
specific details about vulnerabilities?

Infragard
CVE national database
ISO/IEC 27000 model
NIST/NICE framework

Marcar esta pregunta

Pregunta 372 ptos.
There are many environments that require five nines, but a five nines environment
may be cost prohibitive. What is one example of where the five nines environment
might be cost prohibitive?

the front office of a major league sports team

the U.S. Department of Education
department stores at the local mall
the New York Stock Exchange

Marcar esta pregunta

Pregunta 382 ptos.
An organization has recently adopted a five nines program for two critical database
servers. What type of controls will this involve?

improving reliability and uptime of the servers

stronger encryption systems
remote access to thousands of external users
limiting access to the data on these systems

Marcar esta pregunta

Pregunta 392 ptos.
Which two values are required to calculate annual loss expectancy? (Choose two.)

frequency factor
quantitative loss value
exposure factor
asset value
single loss expectancy
annual rate of occurrence

Marcar esta pregunta

Pregunta 402 ptos.
Your risk manager just distributed a chart that uses three colors to identify the level
of threat to key assets in the information security systems. Red represents high
level of risk, yellow represents average level of threat and green represents low
level of threat. What type of risk analysis does this chart represent?

qualitative analysis
loss analysis
quantitative analysis
exposure factor analysis

Marcar esta pregunta

Pregunta 412 ptos.
Which wireless standard made AES and CCM mandatory?

WPA2
WPA
WEP
WEP2

Marcar esta pregunta

Pregunta 422 ptos.
Which three protocols can use Advanced Encryption Standard (AES)? (Choose
three.)

TKIP
802.11q
WPA
WPA2
 802.11i
WEP

Marcar esta pregunta

Pregunta 432 ptos.
Which utility uses the Internet Control Messaging Protocol (ICMP)?

ping
NTP
DNS
RIP

Marcar esta pregunta

Pregunta 442 ptos.
What Windows utility should be used to configure password rules and account
lockout policies on a system that is not part of a domain?

Local Security Policy tool

Computer Management
Active Directory Security tool
Event Viewer security log

Marcar esta pregunta

Pregunta 452 ptos.
Which protocol would be used to provide security for employees that access
systems remotely from home?

SCP
SSH
WPA
Telnet

Marcar esta pregunta

Pregunta 462 ptos.
Which of the following products or technologies would you use to establish a
baseline for an operating system?

CVE Baseline Analyzer

Microsoft Security Baseline Analyzer
SANS Baselining System (SBS)
 MS Baseliner

Marcar esta pregunta

Pregunta 472 ptos.
Which technology can be used to protect VoIP against eavesdropping?

ARP
SSH
strong authentication
encrypted voice messages

Marcar esta pregunta

Pregunta 482 ptos.
Which website offers guidance on putting together a checklist to provide guidance
on configuring and hardening operating systems?

CERT
Internet Storm Center
The Advanced Cyber Security Center
The National Vulnerability Database website

Marcar esta pregunta

Pregunta 492 ptos.
Which threat is mitigated through user awareness training and tying security
awareness to performance reviews?

device-related threats
user-related threats
physical threats
cloud-related threats

Marcar esta pregunta

Pregunta 502 ptos.
HVAC, water system, and fire systems fall under which of the cybersecurity
domains?

device
physical facilities
network
user