Вы находитесь на странице: 1из 30

Pregunta 1

0 / 2 ptos.
Which two groups of people are considered internal attackers? (Choose two.)
Respuesta correcta

trusted partners

hacktivists

black hat hackers

Respondido

amateurs

Respuesta correcta

ex-employees

Refer to curriculum topic: 1.4.1


Threats are classified as being from an internal source or external source. A
cybersecurity specialist needs to be aware of the source of various threats.

Pregunta 2
0 / 2 ptos.
A cybersecurity specialist is asked to identify the potential criminals known to
attack the organization. Which type of hackers would the cybersecurity specialist
be least concerned with?
Respondido

black hat hackers

Respuesta correcta

white hat hackers


script kiddies

gray hat hackers

Refer to curriculum topic: 1.2.1


Hackers are classified by colors to help define the purpose of their break-in
activities.

Pregunta 3
0 / 2 ptos.
Which type of cybercriminal attack would interfere with established network
communication through the use of constructed packets so that the packets look like
they are part of the normal communication?

DNS spoofing

rogue Wi-Fi AP

Respuesta correcta

packet forgery

Respondido

packet sniffing

Refer to curriculum topic: 1.3.1


Cybersecurity specialists need to be familiar with the characteristics of various
attacks.

Pregunta 4
0 / 2 ptos.
Which technology can be implemented as part of an authentication system to verify
the identification of employees?
Respondido
a virtual fingerprint

Respuesta correcta

a smart card reader

a Mantrap

SHA-1 hash

Refer to curriculum topic: 2.2.1


A cybersecurity specialist must be aware of the technologies available that support
the CIA triad.

Pregunta 5
2 / 2 ptos.
Which technology should be used to enforce the security policy that a computing
device must be checked against the latest antivirus update before the device is
allowed to connect to the campus network?
¡Correcto!

NAC

VPN

NAS

SAN

Refer to curriculum topic: 2.4.1


A cybersecurity specialist must be aware of the technologies available to enforce
its organization's security policy.
Pregunta 6
0 / 2 ptos.
Which framework should be recommended for establishing a comprehensive
information security management system in an organization?
Respondido

CIA Triad

NIST/NICE framework

ISO OSI model

Respuesta correcta

ISO/IEC 27000

Refer to curriculum topic: 2.5.1


A cybersecurity specialist needs to be familiar with the different frameworks and
models for managing information security.

Pregunta 7
2 / 2 ptos.
Which technology can be used to ensure data confidentiality?

identity management

¡Correcto!

encryption

hashing

RAID
Refer to curriculum topic: 2.2.1
A cybersecurity specialist must be aware of the technologies available which
support the CIA triad.

Pregunta 8
2 / 2 ptos.
Which data state is maintained in NAS and SAN services?

data in-process

encrypted data

¡Correcto!

stored data

data in-transit

Refer to curriculum topic: 2.3.1


A cybersecurity specialist must be familiar with the types of technologies used to
store, transmit, and process data.

Pregunta 9
2 / 2 ptos.
What are the two most effective ways to defend against malware? (Choose two.)

Implement a VPN.

Implement RAID.

Implement strong passwords.


¡Correcto!

Update the operating system and other application software.

Implement network firewalls.

¡Correcto!

Install and update antivirus software.

Refer to curriculum topic: 3.1.1


A cybersecurity specialist must be aware of the technologies and measures that
are used as countermeasures to protect the organization from threats and
vulnerabilities.

Pregunta 10
0 / 2 ptos.
What type of attack will make illegitimate websites higher in a web search result
list?

browser hijacker

Respuesta correcta

SEO poisoning

Respondido

DNS poisoning

spam

Refer to curriculum topic: 3.1.2


A cybersecurity specialist needs to be familiar with the characteristics of the
different types of malware and attacks that threaten an organization.
Pregunta 11
2 / 2 ptos.
A penetration testing service hired by the company has reported that a backdoor
was identified on the network. What action should the organization take to find out
if systems have been compromised?

Look for policy changes in Event Viewer.

¡Correcto!

Look for unauthorized accounts.

Scan the systems for viruses.

Look for usernames that do not have passwords.

Refer to curriculum topic: 3.1.1


A cybersecurity specialist needs to be familiar with the characteristics of the
different types of malware and attacks that threaten an organization.

Pregunta 12
0 / 2 ptos.
What type of attack has an organization experienced when an employee installs an
unauthorized device on the network to view network traffic?

spoofing

phishing

Respondido

spamming

Respuesta correcta
sniffing

Refer to curriculum topic: 3.3.1


A cybersecurity specialist needs to be familiar with the characteristics of the
different types of malware and attacks that threaten an organization.

Pregunta 13
2 / 2 ptos.
Users report that the network access is slow. After questioning the employees, the
network administrator learned that one employee downloaded a third-party
scanning program for the printer. What type of malware might be introduced that
causes slow performance of the network?

spam

¡Correcto!

worm

phishing

virus

Refer to curriculum topic: 3.1.1


A cybersecurity specialist needs to be familiar with the characteristics of the
different types of malware and attacks that threaten an organization.

Pregunta 14
0 / 2 ptos.
A cyber criminal sends a series of maliciously formatted packets to the database
server. The server cannot parse the packets and the event causes the server
crash. What is the type of attack the cyber criminal launches?
Respondido

SQL injection

Respuesta correcta
DoS

man-in-the-middle

packet Injection

Refer to curriculum topic: 3.3.1


A cybersecurity specialist needs to be familiar with the characteristics of the
different types of malware and attacks that threaten an organization.

Pregunta 15
0 / 2 ptos.
The employees in a company receive an email stating that the account password
will expire immediately and requires a password reset within 5 minutes. Which
statement would classify this email?

It is a piggy-back attack.

Respondido

It is an impersonation attack.

It is a DDoS attack.

Respuesta correcta

It is a hoax.

Refer to curriculum topic: 3.2.2


Social engineering uses several different tactics to gain information from victims.

Pregunta 16
0 / 2 ptos.
Which algorithm will Windows use by default when a user intends to encrypt files
and folders in an NTFS volume?

DES

Respondido

RSA

Respuesta correcta

AES

3DES

Refer to curriculum topic: 4.1.4


Encryption is an important technology used to protect confidentiality. It is important
to understand the characteristics of the various encryption methodologies.

Pregunta 17
0 / 2 ptos.
Alice and Bob are using public key encryption to exchange a message. Which key
should Alice use to encrypt a message to Bob?

the private key of Alice

Respuesta correcta

the public key of Bob

the public key of Alice

Respondido

the private key of Bob


Refer to curriculum topic: 4.1.3
Encryption is an important technology used to protect confidentiality. It is important
to understand the characteristics of the various encryption methodologies.

Pregunta 18
2 / 2 ptos.
Which access control should the IT department use to restore a system back to its
normal state?
¡Correcto!

corrective

detective

preventive

compensative

Refer to curriculum topic: 4.2.7


Access control prevents an unauthorized user from gaining access to sensitive
data and networked systems. There are several technologies used to implement
effective access control strategies.

Pregunta 19
0 / 2 ptos.
Which statement describes a characteristics of block ciphers?

Block ciphers result in compressed output.

Respuesta correcta

Block ciphers result in output data that is larger than the input data most of the
time.
Block ciphers encrypt plaintext one bit at a time to form a block.

Respondido

Block ciphers are faster than stream ciphers.

Refer to curriculum topic: 4.1.2


Encryption is an important technology used to protect confidentiality. It is important
to understand the characteristics of the various encryption methodologies.

Pregunta 20
2 / 2 ptos.
Which method is used by steganography to hide text in an image file?

most significant bit

data masking

data obfuscation

¡Correcto!

least significant bit

Refer to curriculum topic: 4.3.2


Encryption is an important technology used to protect confidentiality. It is important
to understand the characteristics of the various encryption methodologies.

Pregunta 21
2 / 2 ptos.
Smart cards and biometrics are considered to be what type of access control?

physical
technological

administrative

¡Correcto!

logical

Refer to curriculum topic: 4.2.1


Access control prevents an unauthorized user from gaining access to sensitive
data and networked systems. There are several technologies used to implement
effective access control strategies.

Pregunta 22
0 / 2 ptos.
Before data is sent out for analysis, which technique can be used to replace
sensitive data in nonproduction environments to protect the underlying
information?
Respondido

steganalysis

Respuesta correcta

data masking substitution

steganography

software obfuscation

Refer to curriculum topic: 4.3.1


Technologies exist to confuse attackers by changing data and using techniques to
hide the original data.

Pregunta 23
2 / 2 ptos.
What is the most difficult part of designing a cryptosystem?
¡Correcto!

key management

reverse engineering

encryption algorithm

key length

Refer to curriculum topic: 4.1.1


Encryption is an important technology used to protect confidentiality. It is important
to understand the characteristics of the various encryption methodologies.

Pregunta 24
2 / 2 ptos.
Alice and Bob are using a digital signature to sign a document. What key should
Alice use to sign the document so that Bob can make sure that the document came
from Alice?

username and password from Alice

private key from Bob

¡Correcto!

private key from Alice

public key from Bob


Refer to curriculum topic: 5.2.2
Alice and Bob are used to explain asymmetric cryptography used in digital
signatures. Alice uses a private key to encrypt the message digest. The message,
encrypted message digest, and the public key are used to create the signed
document and prepare it for transmission.

Pregunta 25
0 / 2 ptos.
What kind of integrity does a database have when all its rows have a unique
identifier called a primary key?
Respondido

referential integrity

user-defined integrity

domain integrity

Respuesta correcta

entity integrity

Refer to curriculum topic: 5.4.1


Data integrity is one of the three guiding security principles. A cybersecurity
specialist should be familiar with the tools and technologies that are used to ensure
data integrity.

Pregunta 26
2 / 2 ptos.
What technique creates different hashes for the same password?
¡Correcto!

salting

SHA-256
CRC

HMAC

Refer to curriculum topic: 5.1.2


Data integrity is one of the three guiding security principles. A cybersecurity
specialist should be familiar with the tools and technologies used ensure data
integrity.

Pregunta 27
2 / 2 ptos.
You have been asked to work with the data collection and entry staff in your
organization in order to improve data integrity during initial data entry and data
modification operations. Several staff members ask you to explain why the new
data entry screens limit the types and size of data able to be entered in specific
fields. What is an example of a new data integrity control?
¡Correcto!

a validation rule which has been implemented to ensure completeness, accuracy,


and consistency of data

data entry controls which only allow entry staff to view current data

a limitation rule which has been implemented to prevent unauthorized staff from
entering sensitive data

data encryption operations that prevent any unauthorized users from accessing
sensitive data
Refer to curriculum topic: 5.4.2
Data integrity deals with data validation.

Pregunta 28
0 / 2 ptos.
Which hashing technology requires keys to be exchanged?
Respuesta correcta
HMAC

Respondido

MD5

AES

salting

Refer to curriculum topic: 5.1.3


The difference between HMAC and hashing is the use of keys.

Pregunta 29
0 / 2 ptos.
Technicians are testing the security of an authentication system that uses
passwords. When a technician examines the password tables, the technician
discovers the passwords are stored as hash values. However, after comparing a
simple password hash, the technician then discovers that the values are different
from those on other systems. What are two causes of this situation? (Choose two.)

Both systems scramble the passwords before hashing.

Respondido

One system uses symmetrical hashing and the other uses asymmetrical hashing.

Respuesta correcta

The systems use different hashing algorithms.

¡Correcto!

One system uses hashing and the other uses hashing and salting.
Both systems use MD5.

Refer to curriculum topic: 5.1.2


Hashing can be used in many different situations to ensure data integrity.

Pregunta 30
2 / 2 ptos.
A VPN will be used within the organization to give remote users secure access to
the corporate network. What does IPsec use to authenticate the origin of every
packet to provide data integrity checking?

CRC

salting

password

¡Correcto!

HMAC

Refer to curriculum topic: 5.1.3


HMAC is an algorithm used to authenticate. The sender and receiver have a secret
key that is used along with the data to ensure the message origin as well as the
authenticity of the data.

Pregunta 31
2 / 2 ptos.
Which hashing algorithm is recommended for the protection of sensitive,
unclassified information?
¡Correcto!

SHA-256
MD5

3DES

AES-256

Refer to curriculum topic: 5.1.1


Data integrity is one of the three guiding security principles. A cybersecurity
specialist should be familiar with the tools and technologies used to ensure data
integrity.

Pregunta 32
2 / 2 ptos.
An organization has recently adopted a five nines program for two critical database
servers. What type of controls will this involve?

stronger encryption systems

limiting access to the data on these systems

remote access to thousands of external users

¡Correcto!

improving reliability and uptime of the servers

Refer to curriculum topic: 6.1.1


System and data availability is a critical responsibility of a cybersecurity specialists.
It is important to understand the technologies, process, and controls used to
provide high availability.

Pregunta 33
0 / 2 ptos.
What approach to availability involves using file permissions?
Respondido

layering

simplicity

Respuesta correcta

limiting

obscurity

Refer to curriculum topic: 6.2.2


System and data availability is a critical responsibility of a cybersecurity specialist.
It is important to understand the technologies, process, and controls used to
protect provide high availability.

Pregunta 34
0 / 2 ptos.
An organization wants to adopt a labeling system based on the value, sensitivity,
and criticality of the information. What element of risk management is
recommended?

asset availability

asset identification

Respuesta correcta

asset classification

Respondido

asset standardization
Refer to curriculum topic: 6.2.1
One of the most important steps in risk management is asset classification.

Pregunta 35
0 / 2 ptos.
Which risk mitigation strategies include outsourcing services and purchasing
insurance?
Respondido

avoidance

Respuesta correcta

transfer

reduction

acceptance

Refer to curriculum topic: 6.2.1


Risk mitigation lessens the exposure of an organization to threats and
vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce
risk.

Pregunta 36
2 / 2 ptos.
Which technology would you implement to provide high availability for data
storage?

hot standby

software updates

N+1
¡Correcto!

RAID

Refer to curriculum topic: 6.2.3


System and data availability is a critical responsibility of a cybersecurity specialist.
It is important to understand the technologies, process, and controls used to
provide redundancy.

Pregunta 37
2 / 2 ptos.
What approach to availability provides the most comprehensive protection because
multiple defenses coordinate together to prevent attacks?

obscurity

diversity

limiting

¡Correcto!

layering

Refer to curriculum topic: 6.2.2


Defense in depth utilizes multiple layers of security controls.

Pregunta 38
0 / 2 ptos.
What are two incident response phases? (Choose two.)

risk analysis and high availability

Respuesta correcta
containment and recovery

¡Correcto!

detection and analysis

prevention and containment

confidentiality and eradication

Respondido

mitigation and acceptance

Refer to curriculum topic: 6.3.1


When an incident occurs, the organization must know how to respond. An
organization needs to develop an incident response plan that includes several
phases.

Pregunta 39
0 / 2 ptos.
Your risk manager just distributed a chart that uses three colors to identify the level
of threat to key assets in the information security systems. Red represents high
level of risk, yellow represents average level of threat and green represents low
level of threat. What type of risk analysis does this chart represent?
Respondido

quantitative analysis

Respuesta correcta

qualitative analysis

loss analysis
exposure factor analysis

Refer to curriculum topic: 6.2.1


A qualitative or quantitative risk analysis is used to identify and prioritize threats to
the organization.

Pregunta 40
0 / 2 ptos.
There are many environments that require five nines, but a five nines environment
may be cost prohibitive. What is one example of where the five nines environment
might be cost prohibitive?
Respondido

the U.S. Department of Education

Respuesta correcta

the New York Stock Exchange

the front office of a major league sports team

department stores at the local mall

Refer to curriculum topic: 6.1.1


System and data availability is a critical responsibility of a cybersecurity specialist.
It is important to understand the technologies, process, and controls used to
protect provide high availability.

Pregunta 41
2 / 2 ptos.
Which protocol would be used to provide security for employees that access
systems remotely from home?

Telnet
WPA

¡Correcto!

SSH

SCP

Refer to curriculum topic: 7.2.1


Various application layer protocols are used to for communications between
systems. A secure protocol provides a secure channel over an unsecured network.

Pregunta 42
0.67 / 2 ptos.
Which three protocols can use Advanced Encryption Standard (AES)? (Choose
three.)

TKIP

¡Correcto!

802.11i

Respondido

WEP

802.11q

¡Correcto!

WPA

Respuesta correcta
WPA2

Refer to curriculum topic: 7.3.1


Various protocols can be used to provide secure communication systems. AES is
the strongest encryption algorithm.

Pregunta 43
2 / 2 ptos.
In a comparison of biometric systems, what is the crossover error rate?

rate of acceptability and rate of false negatives

¡Correcto!

rate of false negatives and rate of false positives

rate of rejection and rate of false negatives

rate of false positives and rate of acceptability

Refer to curriculum topic: 7.4.1


In comparing biometric systems, there are several important factors to consider
including accuracy, speed or throughput rate, and acceptability to users.

Pregunta 44
0 / 2 ptos.
What describes the protection provided by a fence that is 1 meter in height?
Respondido

It offers limited delay to a determined intruder.

The fence deters determined intruders.

Respuesta correcta
It deters casual trespassers only.

It prevents casual trespassers because of its height.

Refer to curriculum topic: 7.4.1


Security standards have been developed to assist organizations in implementing
the proper controls to mitigate potential threats. The height of a fence determines
the level of protection from intruders

Pregunta 45
2 / 2 ptos.
Which utility uses the Internet Control Messaging Protocol (ICMP)?

DNS

NTP

RIP

¡Correcto!

ping

Refer to curriculum topic: 7.3.1


ICMP is used by network devices to send error messages.

Pregunta 46
2 / 2 ptos.
What Windows utility should be used to configure password rules and account
lockout policies on a system that is not part of a domain?

Active Directory Security tool


¡Correcto!

Local Security Policy tool

Event Viewer security log

Computer Management

Refer to curriculum topic: 7.2.2


A cybersecurity specialist must be aware of the technologies and measures that
are used as countermeasures to protect the organization from threats and
vulnerabilities. Local Security Policy, Event Viewer, and Computer Management
are Windows utilities that are all used in the security equation.

Pregunta 47
2 / 2 ptos.
Which technology can be used to protect VoIP against eavesdropping?

ARP

strong authentication

¡Correcto!

encrypted voice messages

SSH

Refer to curriculum topic: 7.3.2


Many advanced technologies such as VoIP, streaming video, and electronic
conferencing require advanced countermeasures.

Pregunta 48
0 / 2 ptos.
Which national resource was developed as a result of a U.S. Executive Order after
a ten-month collaborative study involving over 3,000 security professionals?

ISO/IEC 27000

Respuesta correcta

NIST Framework

ISO OSI model

Respondido

the National Vulnerability Database (NVD)

Refer to curriculum topic: 8.3.1


There are many tools that a cybersecurity specialist uses to evaluate the potential
vulnerabilities of an organization.

Pregunta 49
0 / 2 ptos.
Which law was enacted to prevent corporate accounting-related crimes?

Import/Export Encryption Act

Respondido

The Federal Information Security Management Act

Gramm-Leach-Bliley Act

Respuesta correcta

Sarbanes-Oxley Act
Refer to curriculum topic: 8.2.2
New laws and regulations have come about to protect organizations, citizens, and
nations from cybersecurity attacks.

Pregunta 50
2 / 2 ptos.
Which threat is mitigated through user awareness training and tying security
awareness to performance reviews?
¡Correcto!

user-related threats

device-related threats

physical threats

cloud-related threats

Refer to curriculum topic: 8.1.1


Cybersecurity domains provide a framework for evaluating and implementing
controls to protect the assets of an organization. Each domain has various
countermeasures available to manage threats.