Quiz Instrucons This quiz covers all of the content in Cybersecurity Essentials 1.1. It is designed to test the skills and knowledge presented in the course. There are multiple task types that may be available in this quiz. NOTE: Quizzes allow for partial credit scoring on all item types to foster learning. Points on quizzes can also be deducted for answering incorrectly.
Forms 32901 - 23908
Question 1
2 pts
Which statement best describes a motivation of hacktivists?
They are trying to show off their hacking skills. They are curious and learning hacking skills. They are part of a protest group behind a political cause. They are interested in discovering new exploits.
Question 2
2 pts
What is an example of early warning systems that can be used to thwart cybercriminals?
Honeynet project CVE database Infragard ISO/IEC 27000 program
Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?
SAN VPN NAS NAC
Question 7
2 pts
Which technology can be implemented as part of an authentication system to verify the identification of employees?
a smart card reader SHA-1 hash a virtual fingerprint a Mantrap
Question 8
2 pts
What are three states of data during which data is vulnerable? (Choose three.)
data encrypted data in-transit purged data stored data data in-process data decrypted
What is an impersonation attack that takes advantage of a trusted relationship between two systems?
man-in-the-middle spamming sniffing spoofing
Question 10
2 pts
What three best practices can help defend against social engineering attacks? (Choose three.)
Educate employees regarding policies. Add more security guards. Resist the urge to click on enticing web links. Enable a policy that states that the IT department should supply information over the phone only to managers. Do not provide password resets in a chat window. Deploy well-designed firewall appliances.
Question 11
2 pts
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?
It is an impersonation attack. It is a DDoS attack. It is a hoax. It is a piggy-back attack.
Question 13
2 pts
An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also states that the executive is holding the secretary responsible for the success of this presentation. Which type of social engineering tactic would describe this scenario?
Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
virus spam phishing worm
Question 16
2 pts
Passwords, passphrases, and PINs are examples of which security term?
Which algorithm will Windows use by default when a user intends to encrypt files and folders in an NTFS volume?
AES DES RSA 3DES
Question 24
2 pts
An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three)
What technique creates different hashes for the same password?
SHA-256 HMAC CRC salting
Question 27
2 pts
A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?
salting CRC password HMAC
Question 28
2 pts
Which hashing technology requires keys to be exchanged?
What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?
digital signature digital certificate asymmetric encryption salting
Question 30
2 pts
Which hashing algorithm is recommended for the protection of sensitive, unclassified information?
3DES MD5 SHA-256 AES-256
Question 31
2 pts
You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?
There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive?
the New York Stock Exchange the front office of a major league sports team the U.S. Department of Education department stores at the local mall
Question 33
2 pts
An organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve?
stronger encryption systems limiting access to the data on these systems improving reliability and uptime of the servers remote access to thousands of external users
Question 34
2 pts
Which technology would you implement to provide high availability for data storage?
The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?
loss analysis qualitative analysis quantitative analysis protection analysis
Question 36
2 pts
Which risk mitigation strategies include outsourcing services and purchasing insurance?
transfer acceptance reduction avoidance
Question 37
2 pts
The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities?
Infragard CVE national database ISO/IEC 27000 model
Question 38
2 pts
An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?
single loss expectancy annual rate of occurrence frequency factor asset value quantitative loss value
Question 41
2 pts
Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)
WPA2 TKIP WPA 802.11q 802.11i WEP
Question 42
2 pts
What describes the protection provided by a fence that is 1 meter in height?
It deters casual trespassers only. It offers limited delay to a determined intruder. It prevents casual trespassers because of its height. The fence deters determined intruders.
In a comparison of biometric systems, what is the crossover error rate?
rate of rejection and rate of false negatives rate of false negatives and rate of false positives rate of false positives and rate of acceptability rate of acceptability and rate of false negatives
Question 44
2 pts
Which technology can be used to protect VoIP against eavesdropping?
Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?
Internet Storm Center The Advanced Cyber Security Center CERT The National Vulnerability Database website
Question 50
2 pts
Which national resource was developed as a result of a U.S. Executive Order after a tenmonth collaborative study involving over 3,000 security professionals?
the National Vulnerability Database (NVD) ISO/IEC 27000 NIST Framework ISO OSI model
