Cybersecurity Essentials

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/245

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 9:22 PM on 7/4/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

246 Terms

1
New cards
Which statement best describes a motivation of hacktivists?
They are part of a protest group behind a political cause.
2
New cards
Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?
black hat hackers
3
New cards
A specialist in the HR department is invited to promote the cybersecurity program in community schools. Which three topics would the specialist emphasize in the presentation to draw students to this field? (Choose three.)
a career-field in high-demand, service to the public, high earning potential
4
New cards
An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
VPN
5
New cards
Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?
wireless networks
6
New cards
A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?
confidentiality, integrity, and availability
7
New cards
Which framework should be recommended for establishing a comprehensive information security management system in an organization?
ISO/IEC 27000
8
New cards
What are three states of data during which data is vulnerable? (Choose three.)
data in-process, stored data, data in-transit
9
New cards
Users report that the database on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?
ransomeware
10
New cards
What three best practices can help defend against social engineering attacks? (Choose three.)
Resist the urge to click on enticing web links., Educate employees regarding policies., Do not provide password resets in a chat window.
11
New cards
Which statement describes a distributed denial of service attack?
An attacker builds a botnet comprised of zombies.
12
New cards
A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?
DoS
13
New cards
An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?
intimidation
14
New cards
What are the two most effective ways to defend against malware? (Choose two.)
Install and update antivirus software., Update the operating system and other application software.
15
New cards
The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?
It is a hoax.
16
New cards
In which situation would a detective control be warranted?
when the organization needs to look for prohibited activity
17
New cards
An organization has implemented antivirus software. What type of security control did the company implement?
recovery control
18
New cards
Alice and Bob are using public key encryption to exchange a message. Which key should Alice use to encrypt a message to Bob?
the public key of Bob
19
New cards
Which statement describes a characteristics of block ciphers?
Block ciphers result in output data that is larger than the input data most of the time.
20
New cards
The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?
a set of attributes that describes user access rights
21
New cards
Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?
a new pre-shared key
22
New cards
Which access control strategy allows an object owner to determine whether to allow access to the object?
DAC
23
New cards
Which method is used by steganography to hide text in an image file?
least significant bit
24
New cards
The X.509 standards defines which security technology?
digital certificates
25
New cards
Which hashing algorithm is recommended for the protection of sensitive, unclassified information?
SHA-256
26
New cards
Technicians are testing the security of an authentication system that uses passwords. When a technician examines the password tables, the technician discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? (Choose two.)
The systems use different hashing algorithms., One system uses hashing and the other uses hashing and salting.
27
New cards
You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control?
a validation rule which has been implemented to ensure completeness, accuracy, and consistency of data
28
New cards
What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?
digital certificate
29
New cards
Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions?
digital certificates
30
New cards
Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?
private key from Alice
31
New cards
An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three)
rainbow tables, lookup tables, reverse lookup tables
32
New cards
An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?
asset classification
33
New cards
An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve?
improving reliability and uptime of the servers
34
New cards
Being able to maintain availability during disruptive events describes which of the principles of high availability?
system resiliency
35
New cards
Which risk mitigation strategies include outsourcing services and purchasing insurance?
transfer
36
New cards
The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities?
CVE national database
37
New cards
Which technology would you implement to provide high availability for data storage?
RAID
38
New cards
Which two values are required to calculate annual loss expectancy? (Choose two.)
annual rate of occurrence, single loss expectancy
39
New cards
What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?
asset standardization
40
New cards
There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive?
the New York Stock Exchange
41
New cards
Which technology can be used to protect VoIP against eavesdropping?
encrypted voice messages
42
New cards
Mutual authentication can prevent which type of attack?
man-in-the-middle
43
New cards
Which of the following products or technologies would you use to establish a baseline for an operating system?
Microsoft Security Baseline Analyzer
44
New cards
What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?
Local Security Policy tool
45
New cards
What describes the protection provided by a fence that is 1 meter in height?
It deters casual trespassers only.
46
New cards
Which wireless standard made AES and CCM mandatory?
WPA2
47
New cards
Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)
WPA2, WPA, 802.11i
48
New cards
Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?
The National Vulnerability Database website
49
New cards
Which law was enacted to prevent corporate accounting-related crimes?
Sarbanes-Oxley Act
50
New cards
Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses?
vulnerability scanners
51
New cards
A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with?
white hat hackers
52
New cards
What is an example of early warning systems that can be used to thwart cybercriminals?
Honeynet project
53
New cards
Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?
NAC
54
New cards
Which data state is maintained in NAS and SAN services?
stored data
55
New cards
Which technology can be used to ensure data confidentiality?
encryption
56
New cards
What is an impersonation attack that takes advantage of a trusted relationship between two systems?
spoofing
57
New cards
Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
worm
58
New cards
What type of application attack occurs when data goes beyond the memory areas allocated to the application?
buffer overflow
59
New cards
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
sniffing
60
New cards
A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?
Look for unauthorized accounts.
61
New cards
Smart cards and biometrics are considered to be what type of access control?
logical
62
New cards
Which access control should the IT department use to restore a system back to its normal state?
corrective
63
New cards
A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?
3DES
64
New cards
What happens as the key length increases in an encryption application?
Keyspace increases exponentially.
65
New cards
You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?
female, 9866, $125.50
66
New cards
Which hashing technology requires keys to be exchanged?
HMAC
67
New cards
What is a feature of a cryptographic hash function?
The hash function is a one-way mathematical function.
68
New cards
A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?
HMAC
69
New cards
Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?
qualitative analysis
70
New cards
Keeping data backups offsite is an example of which type of disaster recovery control?
preventive
71
New cards
What are two incident response phases? (Choose two.)
detection and analysis, containment and recovery
72
New cards
The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?
quantitative analysis
73
New cards
What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks?
layering
74
New cards
Which utility uses the Internet Control Messaging Protocol (ICMP)?
ping
75
New cards
In a comparison of biometric systems, what is the crossover error rate?
rate of false negatives and rate of false positives
76
New cards
Which protocol would be used to provide security for employees that access systems remotely from home?
SSH
77
New cards
Which threat is mitigated through user awareness training and tying security awareness to performance reviews?
user-related threats
78
New cards
HVAC, water system, and fire systems fall under which of the cybersecurity domains?
physical facilities
79
New cards
Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? (Choose two.)
They collect sensitive information., They contain personal information.
80
New cards
Which two groups of people are considered internal attackers? (Choose two.)
ex-employees, trusted partners
81
New cards
Which methods can be used to implement multifactor authentication?
passwords and fingerprints
82
New cards
A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?
Implement a firewall.
83
New cards
What type of attack will make illegitimate websites higher in a web search result list?
SEO poisoning
84
New cards
What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?
social engineering
85
New cards
Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume?
AES
86
New cards
Before data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?
data masking substitution
87
New cards
An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?
administrative
88
New cards
Passwords, passphrases, and PINs are examples of which security term?
authentication
89
New cards
What technique creates different hashes for the same password?
salting
90
New cards
You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select?
SHA-256
91
New cards
What kind of integrity does a database have when all its rows have a unique identifier called a primary key?
entity integrity
92
New cards
What approach to availability involves using file permissions?
limiting
93
New cards
Which national resource was developed as a result of a U.S. Executive Order after a ten-month collaborative study involving over 3,000 security professionals?
NIST Framework
94
New cards
Which two protocols pose switching threats? (Choose two.)
STP, ARP
95
New cards
What is the most difficult part of designing a cryptosystem?
key management
96
New cards
What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document?
digital signature
97
New cards
Which type of cybercriminal attack would interfere with established network communication through the use of constructed packets so that the packets look like they are part of the normal communication?
packet forgery
98
New cards
An organization just completed a security audit. Your division was cited for not conforming to X.509 requirements. What is the first security control you need to examine?
digital certificates
99
New cards
Which network logs contain information that a security analyst can use to determine if packets received from the web are in response to legitimate requests or are part of an exploit?
proxy logs
100
New cards
Which technology can be used to prevent a cracker from launching a dictionary or brute-force attack of a hash?
HMAC