- Question
A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement? Select one:
- ECC
- RSA
- Diffie-Hellman
- 3DES
Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
2. Question
Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network? Select one:
- virus
- worm
- phishing
- spam
A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
3. Question
Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.) Select one or more:
- WPA2
- TKIP
- WPA
- WEP
- 802.11q
- 802.11i
Various protocols can be used to provide secure communication systems. AES is the strongest encryption algorithm.
4. Question
Which statement best describes a motivation of hacktivists? Select one:
- They are part of a protest group behind a political cause.
- They are trying to show off their hacking skills.
- They are interested in discovering new exploits.
- They are curious and learning hacking skills.
Each type of cybercriminal has a distinct motivation for his or her actions.
5. Question
Smart cards and biometrics are considered to be what type of access control? Select one:
- technological
- physical
- administrative
- logical
Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
6. Question
Which technology could be used to prevent a cracker from launching a dictionary or brute-force attack off a hash? Select one:
- rainbow tables
- AES
- MD5
- HMAC
HMACs use an additional secret key as input to the hash function. This adds another layer of
security to the hash in order to defeat man-in-the-middle attacks and provide authentication of the
data source.
7. Question
Which law was enacted to prevent corporate accounting-related crimes? Select one:
- Sarbanes-Oxley Act
- Import/Export Encryption Act
- Gramm-Leach-Bliley Act
- The Federal Information Security Management Act
New laws and regulations have come about to protect organizations, citizens, and nations from
cybersecurity attacks.
8. Question
The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy? Select one:
- quantitative analysis
- qualitative analysis
- loss analysis
- protection analysis
A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.
9. Question
The X.509 standards defines which security technology? Select one:
- digital certificates
- biometrics
- security tokens
- strong passwords
Digital certificates protect the parties involved in a secure communication
10. Question
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic? Select one:
- spoofing
- spamming
- phishing
- sniffing
A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
11. Question
Mutual authentication can prevent which type of attack? Select one:
- wireless poisoning
- wireless sniffing
- wireless IP spoofing
- man-in-the-middle
A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.
12. Question
What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain? Select one:
- Event Viewer security log
- Computer Management
- Local Security Policy tool
- Active Directory Security tool
A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. Local Security Policy, Event Viewer, and Computer Management are Windows utilities that are all used in the security equation.
13. Question
Which two groups of people are considered internal attackers? (Choose two.)
Select one or more:
- ex-employees
- amateurs
- black hat hackers
- trusted partners
- hacktivists
Threats are classified as being from an internal source or external source. A cybersecurity specialist needs to be aware of the source of various threats.
14. Question
Which technology can be used to ensure data confidentiality? Select one:
- RAID
- hashing
- encryption
- identity management
A cybersecurity specialist must be aware of the technologies available which support the CIA triad.
15. Question
What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website? Select one:
- asymmetric encryption
- salting
- digital certificate
- digital signature
Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
16. Question
An organization plans to implement security training to educate employees about security policies.nWhat type of access control is the organization trying to implement? Select one:
- physical
- administrative
- technological
- logical
Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
17. Question
Which statement describes a characteristics of block ciphers? Select one:
- Block ciphers result in output data that is larger than the input data most of the time.
- Block ciphers encrypt plaintext one bit at a time to form a block.
- Block ciphers are faster than stream ciphers.
- Block ciphers result in compressed output.
Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
18. Question
There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive? Select one:
- department stores at the local mall
- the U.S. Department of Education
- the front office of a major league sports team
- the New York Stock Exchange
System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability.
19. Question
Which utility uses the Internet Control Messaging Protocol (ICMP)? Select one:
- NTP
- DNS
- ping
- RIP
ICMP is used by network devices to send error messages.
20. Question
An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended? Select one:
- asset identification
- asset classification
- asset availability
- asset standardization
One of the most important steps in risk management is asset classification.
21. Question
What is an impersonation attack that takes advantage of a trusted relationship between two systems? Select one:
- man-in-the-middle
- spamming
- sniffing
- spoofing
A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
22. Question
Which data state is maintained in NAS and SAN services? Select one:
- stored data
- data in-process
- encrypted data
- data in-transit
A cybersecurity specialist must be familiar with the types of technologies used to store, transmit, and process data.
23. Question
Alice and Bob are using public key encryption to exchange a message. Which key should Alice use to encrypt a message to Bob? Select one:
- the private key of Alice
- the public key of Bob
- the private key of Bob
- the public key of Alice
Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
24. Question
Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use? Select one:
- the private key of Carol
- a new pre-shared key
- the same pre-shared key he used with Alice
- the public key of Bob
Encryption is an important technology used to protect confidentiality. It is important to understand the characteristics of the various encryption methodologies.
25. Question
Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced? Select one:
- ransomeware
- DoS attack
- man-in-the-middle attack
- Trojan horse
A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.
26. Question
An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three) Select one or more:
- password digest
- reverse lookup tables
- lookup tables
- rouge access points
- algorithm tables
- rainbow tables
Tables that contain possible password combinations are used to crack passwords.
27. Question
Keeping data backups offsite is an example of which type of disaster recovery control? Select one:
- management
- corrective
- preventive
- detective
A disaster recovery plan enables an organization to prepare for potential disasters and minimize the resulting downtime.
28. Question
Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems? Select one:
- The National Vulnerability Database website
- CERT
- The Advanced Cyber Security Center
- Internet Storm Center
There are several cybersecurity information websites that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization. Some of these websites are the National Vulnerability Database, CERT, the Internet Storm Center, and the Advanced Cyber Security Center.
29. Question
Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses? Select one:
- password crackers
- vulnerability scanners
- packet sniffers
- packet analyzers
There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization.
30. Question
Which technology would you implement to provide high availability for data storage? Select one:
- software updates
- RAID
- N+1
- hot standby
System and data availability is a critical responsibility of a cybersecurity specialist. It is important to
understand the technologies, process, and controls used to provide redundancy.
31. Question
An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario? Select one:
- intimidation
- familiarity
- urgency
- trusted partners
Social engineering uses several different tactics to gain information from victims.
32. Question
Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent? Select one:
- loss analysis
- quantitative analysis
- exposure factor analysis
- qualitative analysis
A quantitative or qualitative risk analysis is used to identify and prioritize threats to the organization.
33. Question
A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with? Select one:
- black hat hackers
- script kiddies
- gray hat hackers
- white hat hackers
Hackers are classified by colors to help define the purpose of their break-in activities.
34. Question
An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted? Select one:
- VPN
- RAID
- VLANS
- SHS
Protecting data confidentiality requires an understanding of the technologies used to protect data in
all three data states.
35. Question
In a comparison of biometric systems, what is the crossover error rate? Select one:
- rate of acceptability and rate of false negatives
- rate of false positives and rate of acceptability
- rate of false negatives and rate of false positives
- rate of rejection and rate of false negatives
In comparing biometric systems, there are several important factors to consider including accuracy, speed or throughput rate, and acceptability to users.
36. Question
What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization? Select one:
- ransomeware
- social engineering
- pharming
- man-in-the-middle
A cybersecurity specialist needs to be familiar with the characteristics of the different types of
malware and attacks that threaten an organization.
37. Question
What approach to availability involves using file permissions? Select one:
- limiting
- simplicity
- obscurity
- layering
System and data availability is a critical responsibility of a cybersecurity specialist. It is important to understand the technologies, process, and controls used to protect provide high availability.
38. Question
You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control? Select one:
- data encryption operations that prevent any unauthorized users from accessing sensitive data
- a validation rule which has been implemented to ensure completeness, accuracy, and consistency
of data - data entry controls which only allow entry staff to view current data
- a limitation rule which has been implemented to prevent unauthorized staff from entering sensitive
data
Data integrity deals with data validation.
39. Question
Which access control should the IT department use to restore a system back to its normal state? Select one:
- compensative
- preventive
- detective
- corrective
Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.
40. Question
Being able to maintain availability during disruptive events describes which of the principles of high availability? Select one:
- uninterruptible services
- fault tolerance
- single point of failure
- system resiliency
High availability can be achieved by eliminating or reducing single points of failure, by implementing system resiliency, and by designing for fault tolerance.
41. Question
Which technology can be implemented as part of an authentication system to verify the identification of employees? Select one:
- a Mantrap
- SHA-1 hash
- a smart card reader
- a virtual fingerprint
A cybersecurity specialist must be aware of the technologies available that support the CIA triad.
42. Question
What are the two most effective ways to defend against malware? (Choose two.)Select one or more:
- Update the operating system and other application software.
- Implement a VPN.
- Implement strong passwords.
- Implement RAID.
- Install and update antivirus software.
- Implement network firewalls.
A cybersecurity specialist must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities.
43. Question
A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective? Select one:
- Implement RAID.
- Implement intrusion detection systems.
- Implement a VLAN.
- Implement a firewall.
Protecting data confidentiality requires an understanding of the technologies used to protect data in all three data states.
44. Question
You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select? Select one:
- MD5
- SHA-1
- AES
- SHA-256
MD5 and SHA are the two most popular hashing algorithms. SHA-256 uses a 256-bit hash, whereas MD5 produces a 128-bit hash value.
45. Question
Which technology can be used to protect VoIP against eavesdropping? Select one:
- ARP
- SSH
- encrypted voice messages
- strong authentication
Many advanced technologies such as VoIP, streaming video, and electronic conferencing require advanced countermeasures.
46. Question
An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve? Select one:
- limiting access to the data on these systems
- stronger encryption systems
- remote access to thousands of external users
- improving reliability and uptime of the servers
System and data availability is a critical responsibility of a cybersecurity specialists. It is important to
understand the technologies, process, and controls used to provide high availability.
47. Question
Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information? Select one:
- software obfuscation
- data masking substitution
- steganography
- steganalysis
Technologies exist to confuse attackers by changing data and using techniques to hide the original
data.The correct answer is: data masking substitution
48. Question
Which hashing algorithm is recommended for the protection of sensitive, unclassified information? Select one:
- SHA-256
- MD5
- 3DES
- AES-256
Data integrity is one of the three guiding security principles. A cybersecurity specialist should be
familiar with the tools and technologies used to ensure data integrity.
49. Question
What technique creates different hashes for the same password? Select one:
- HMAC
- CRC
- SHA-256
- salting
Data integrity is one of the three guiding security principles. A cybersecurity specialist should be
familiar with the tools and technologies used to ensure data integrity.
50. Question text
Which two protocols pose switching threats? (Choose two.) Select one or more:
- WPA2
- RIP
- IP
- ARP
- ICMP
- STP
Network switches are the heart of the modern data communication network. The main threats to network switches are theft, hacking and remote access, and attacks against network protocols.