10/2/2019 Quiz: Final Quiz

Final Quiz
Started: Feb 10 at 9:05pm

Quiz Instruc ons

This quiz covers all of the content in Cybersecurity Essentials 1.1. It is designed to test the skills and
knowledge presented in the course.

There are multiple task types that may be available in this quiz.
NOTE: Quizzes allow for partial credit scoring on all item types to foster learning. Points on quizzes can
also be deducted for answering incorrectly.

Forms 32901 - 23908

Question 1 2 pts

Which statement best describes a motivation of hacktivists?

They are trying to show off their hacking skills.

They are curious and learning hacking skills.

They are part of a protest group behind a political cause.

They are interested in discovering new exploits.

Question 2 2 pts

What is an example of early warning systems that can be used to thwart cybercriminals?

Honeynet project

CVE database

Infragard

ISO/IEC 27000 program

Question 3 2 pts

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 1/18
10/2/2019 Quiz: Final Quiz

Which two groups of people are considered internal attackers? (Choose two.)

ex-employees

black hat hackers

trusted partners

amateurs

hacktivists

Question 4 2 pts

Which data state is maintained in NAS and SAN services?

data in-transit

stored data

encrypted data

data in-process

Question 5 2 pts

Which technology can be used to ensure data confidentiality?

hashing

identity management

RAID

encryption

Question 6 2 pts

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 2/18
10/2/2019 Quiz: Final Quiz

Which technology should be used to enforce the security policy that a computing device
must be checked against the latest antivirus update before the device is allowed to
connect to the campus network?

SAN

VPN

NAS

NAC

Question 7 2 pts

Which technology can be implemented as part of an authentication system to verify the

identification of employees?

a smart card reader

SHA-1 hash

a virtual fingerprint

a Mantrap

Question 8 2 pts

What are three states of data during which data is vulnerable? (Choose three.)

data encrypted

data in-transit

purged data

stored data

data in-process

data decrypted

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 3/18
10/2/2019 Quiz: Final Quiz

Question 9 2 pts

What is an impersonation attack that takes advantage of a trusted relationship between

two systems?

man-in-the-middle

spamming

sniffing

spoofing

Question 10 2 pts

What three best practices can help defend against social engineering attacks? (Choose
three.)

Educate employees regarding policies.

Add more security guards.

Resist the urge to click on enticing web links.

Enable a policy that states that the IT department should supply information over the phone only
to managers.

Do not provide password resets in a chat window.

Deploy well-designed firewall appliances.

Question 11 2 pts

What type of attack has an organization experienced when an employee installs an

unauthorized device on the network to view network traffic?

phishing

spoofing

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 4/18
10/2/2019 Quiz: Final Quiz

sniffing

spamming

Question 12 2 pts

The employees in a company receive an email stating that the account password will
expire immediately and requires a password reset within 5 minutes. Which statement
would classify this email?

It is an impersonation attack.

It is a DDoS attack.

It is a hoax.

It is a piggy-back attack.

Question 13 2 pts

An executive manager went to an important meeting. The secretary in the office receives
a call from a person claiming that the executive manager is about to give an important
presentation but the presentation files are corrupted. The caller sternly recommends that
the secretary email the presentation right away to a personal email address. The caller
also states that the executive is holding the secretary responsible for the success of this
presentation. Which type of social engineering tactic would describe this scenario?

trusted partners

intimidation

urgency

familiarity

Question 14 2 pts

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 5/18
10/2/2019 Quiz: Final Quiz

What type of application attack occurs when data goes beyond the memory areas
allocated to the application?

RAM spoofing

RAM Injection

buffer overflow

SQL injection

Question 15 2 pts

Users report that the network access is slow. After questioning the employees, the
network administrator learned that one employee downloaded a third-party scanning
program for the printer. What type of malware might be introduced that causes slow
performance of the network?

virus

spam

phishing

worm

Question 16 2 pts

Passwords, passphrases, and PINs are examples of which security term?

authorization

access

authentication

identification

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 6/18
10/2/2019 Quiz: Final Quiz

Question 17 2 pts

Smart cards and biometrics are considered to be what type of access control?

logical

physical

administrative

technological

Question 18 2 pts

A user has a large amount of data that needs to be kept confidential. Which algorithm
would best meet this requirement?

3DES

ECC

RSA

Diffie-Hellman

Question 19 2 pts

An organization has implemented antivirus software. What type of security control did the
company implement?

compensative control

detective control

deterrent control

recovery control

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 7/18
10/2/2019 Quiz: Final Quiz

Question 20 2 pts

Which access control strategy allows an object owner to determine whether to allow
access to the object?

ACL

MAC

RBAC

DAC

Question 21 2 pts

Which access control should the IT department use to restore a system back to its
normal state?

preventive

corrective

detective

compensative

Question 22 2 pts

What happens as the key length increases in an encryption application?

Keyspace increases proportionally.

Keyspace increases exponentially.

Keyspace decreases proportionally.

Keyspace decreases exponentially.

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 8/18
10/2/2019 Quiz: Final Quiz

Question 23 2 pts

Which algorithm will Windows use by default when a user intends to encrypt files and
folders in an NTFS volume?

AES

DES

RSA

3DES

Question 24 2 pts

An organization has determined that an employee has been cracking passwords on

administrative accounts in order to access very sensitive payroll information. Which tools
would you look for on the system of the employee? (Choose three)

algorithm tables

lookup tables

rainbow tables

rouge access points

reverse lookup tables

password digest

Question 25 2 pts

What kind of integrity does a database have when all its rows have a unique identifier
called a primary key?

entity integrity

referential integrity

domain integrity

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 9/18
10/2/2019 Quiz: Final Quiz

user-defined integrity

Question 26 2 pts

What technique creates different hashes for the same password?

SHA-256

HMAC

CRC

salting

Question 27 2 pts

A VPN will be used within the organization to give remote users secure access to the
corporate network. What does IPsec use to authenticate the origin of every packet to
provide data integrity checking?

salting

CRC

password

HMAC

Question 28 2 pts

Which hashing technology requires keys to be exchanged?

AES

HMAC

salting

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 10/18
10/2/2019 Quiz: Final Quiz

MD5

Question 29 2 pts

What technology should be implemented to verify the identity of an organization, to

authenticate its website, and to provide an encrypted connection between a client and the
website?

digital signature

digital certificate

asymmetric encryption

salting

Question 30 2 pts

Which hashing algorithm is recommended for the protection of sensitive, unclassified

information?

3DES

MD5

SHA-256

AES-256

Question 31 2 pts

You have been asked to describe data validation to the data entry clerks in accounts
receivable. Which of the following are good examples of strings, integers, and decimals?

female, 9866, $125.50

male, $25.25, veteran

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 11/18
10/2/2019 Quiz: Final Quiz

yes/no 345-60-8745, TRF562

800-900-4560, 4040-2020-8978-0090, 01/21/2013

Question 32 2 pts

There are many environments that require five nines, but a five nines environment may
be cost prohibitive. What is one example of where the five nines environment might be
cost prohibitive?

the New York Stock Exchange

the front office of a major league sports team

the U.S. Department of Education

department stores at the local mall

Question 33 2 pts

An organization has recently adopted a five nines program for two critical database
servers. What type of controls will this involve?

stronger encryption systems

limiting access to the data on these systems

improving reliability and uptime of the servers

remote access to thousands of external users

Question 34 2 pts

Which technology would you implement to provide high availability for data storage?

N+1

RAID

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 12/18
10/2/2019 Quiz: Final Quiz

hot standby

software updates

Question 35 2 pts

The team is in the process of performing a risk analysis on the database services. The
information collected includes the initial value of these assets, the threats to the assets
and the impact of the threats. What type of risk analysis is the team performing by
calculating the annual loss expectancy?

loss analysis

qualitative analysis

quantitative analysis

protection analysis

Question 36 2 pts

Which risk mitigation strategies include outsourcing services and purchasing insurance?

transfer

acceptance

reduction

avoidance

Question 37 2 pts

The awareness and identification of vulnerabilities is a critical function of a cybersecurity

specialist. Which of the following resources can be used to identify specific details about
vulnerabilities?

NIST/NICE framework
https://210561797.netacad.com/courses/743376/quizzes/6673458/take 13/18
10/2/2019 Quiz: Final Quiz

Infragard

CVE national database

ISO/IEC 27000 model

Question 38 2 pts

An organization wants to adopt a labeling system based on the value, sensitivity, and
criticality of the information. What element of risk management is recommended?

asset identification

asset availability

asset classification

asset standardization

Question 39 2 pts

What approach to availability provides the most comprehensive protection because

multiple defenses coordinate together to prevent attacks?

layering

diversity

obscurity

limiting

Question 40 2 pts

Which two values are required to calculate annual loss expectancy? (Choose two.)

exposure factor

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 14/18
10/2/2019 Quiz: Final Quiz

single loss expectancy

annual rate of occurrence

frequency factor

asset value

quantitative loss value

Question 41 2 pts

Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)

WPA2

TKIP

WPA

802.11q

802.11i

WEP

Question 42 2 pts

What describes the protection provided by a fence that is 1 meter in height?

It deters casual trespassers only.

It offers limited delay to a determined intruder.

It prevents casual trespassers because of its height.

The fence deters determined intruders.

Question 43 2 pts

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 15/18
10/2/2019 Quiz: Final Quiz

In a comparison of biometric systems, what is the crossover error rate?

rate of rejection and rate of false negatives

rate of false negatives and rate of false positives

rate of false positives and rate of acceptability

rate of acceptability and rate of false negatives

Question 44 2 pts

Which technology can be used to protect VoIP against eavesdropping?

ARP

SSH

encrypted voice messages

strong authentication

Question 45 2 pts

Which utility uses the Internet Control Messaging Protocol (ICMP)?

ping

RIP

NTP

DNS

Question 46 2 pts

Which wireless standard made AES and CCM mandatory?

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 16/18
10/2/2019 Quiz: Final Quiz

WEP

WPA2

WEP2

WPA

Question 47 2 pts

Which two protocols pose switching threats? (Choose two.)

STP

IP

RIP

WPA2

ARP

ICMP

Question 48 2 pts

HVAC, water system, and fire systems fall under which of the cybersecurity domains?

device

user

physical facilities

network

Question 49 2 pts

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 17/18
10/2/2019 Quiz: Final Quiz

Which website offers guidance on putting together a checklist to provide guidance on

configuring and hardening operating systems?

Internet Storm Center

The Advanced Cyber Security Center

CERT

The National Vulnerability Database website

Question 50 2 pts

Which national resource was developed as a result of a U.S. Executive Order after a ten-
month collaborative study involving over 3,000 security professionals?

the National Vulnerability Database (NVD)

ISO/IEC 27000

NIST Framework

ISO OSI model

Quiz saved at 9:29pm Submit Quiz

https://210561797.netacad.com/courses/743376/quizzes/6673458/take 18/18