Final Quiz - Ui Cybersecurityessen CV 9no Sis 2018 2019

10/2/2019 Final Quiz: UI-CYBERSECURITYESSEN-CV-9NO-SIS-2018-2019
Final Quiz
Due No due date Points 100 Questions 50 Time Limit 60 Minutes
Allowed Attempts 2
Instruc ons
This quiz covers all of the content in Cybersecurity Essentials 1.1. It is designed to test the skills and
knowledge presented in the course.
There are multiple task types that may be available in this quiz.
NOTE: Quizzes allow for partial credit scoring on all item types to foster learning. Points on quizzes can
also be deducted for answering incorrectly.
Forms 32901 - 23908
Take the Quiz Again
A empt History
Attempt Time Score
LATEST Attempt 1 24 minutes 98 out of 100
Score for this attempt: 98 out of 100

Submitted Feb 10 at 9:29pm
This attempt took 24 minutes.
Question 1 2 / 2 pts
Which statement best describes a motivation of hacktivists?
They are trying to show off their hacking skills.
They are curious and learning hacking skills.
Correct!
They are part of a protest group behind a political cause.
They are interested in discovering new exploits.
https://210561797.netacad.com/courses/743376/quizzes/6673458 1/28
Refer to curriculum topic: 1.2.1

Each type of cybercriminal has a distinct motivation for his or her
actions.
What is an example of early warning systems that can be used to thwart

cybercriminals?
Correct!
Honeynet project
CVE database
Infragard
ISO/IEC 27000 program

Early warning systems help identify attacks and can be used by
cybersecurity specialists to protect systems.
Which two groups of people are considered internal attackers? (Choose two.)
Correct!
ex-employees
black hat hackers
Correct!
trusted partners
amateurs
hacktivists

Threats are classified as being from an internal source or external
source. A cybersecurity specialist needs to be aware of the source of
various threats.
Which data state is maintained in NAS and SAN services?
data in-transit
Correct!
stored data
encrypted data
data in-process

A cybersecurity specialist must be familiar with the types of
technologies used to store, transmit, and process data.
Which technology can be used to ensure data confidentiality?
hashing
identity management
RAID
Correct!
encryption

A cybersecurity specialist must be aware of the technologies available
which support the CIA triad.
Which technology should be used to enforce the security policy that a

computing device must be checked against the latest antivirus update before
the device is allowed to connect to the campus network?
SAN
VPN
NAS
Correct!
NAC

to enforce its organization's security policy.
Which technology can be implemented as part of an authentication system to

verify the identification of employees?
Correct!
a smart card reader
SHA-1 hash
a virtual fingerprint
a Mantrap

that support the CIA triad.
What are three states of data during which data is vulnerable? (Choose
three.)
data encrypted
Correct!
data in-transit
purged data
Correct!
stored data
Correct!
data in-process
data decrypted

A cybersecurity specialist must be aware of each of the three states of
data to effectively protect data and information. Purged data was
stored data. Encrypted and decrypted data can be in any of the three
states.
What is an impersonation attack that takes advantage of a trusted

relationship between two systems?
man-in-the-middle
spamming
sniffing
Correct!
spoofing

A cybersecurity specialist needs to be familiar with the characteristics
of the different types of malware and attacks that threaten an
organization.
What three best practices can help defend against social engineering
attacks? (Choose three.)
Correct!
Educate employees regarding policies.
Add more security guards.
Correct!
Resist the urge to click on enticing web links.
Enable a policy that states that the IT department should supply information
over the phone only to managers.
Correct!
Do not provide password resets in a chat window.
Deploy well-designed firewall appliances.

A cybersecurity specialist must be aware of the technologies and
measures that are used as countermeasures to protect the
organization from threats and vulnerabilities.
What type of attack has an organization experienced when an employee

installs an unauthorized device on the network to view network traffic?
phishing
spoofing
Correct! sniffing
spamming

organization.
The employees in a company receive an email stating that the account

password will expire immediately and requires a password reset within 5
minutes. Which statement would classify this email?
It is an impersonation attack.
It is a DDoS attack.
Correct! It is a hoax.
It is a piggy-back attack.

Social engineering uses several different tactics to gain information
from victims.
An executive manager went to an important meeting. The secretary in the

office receives a call from a person claiming that the executive manager is
about to give an important presentation but the presentation files are
corrupted. The caller sternly recommends that the secretary email the
presentation right away to a personal email address. The caller also states
that the executive is holding the secretary responsible for the success of this
presentation. Which type of social engineering tactic would describe this
scenario?
trusted partners
Correct! intimidation
urgency
familiarity

Social engineering uses several different tactics to gain information
from victims.
What type of application attack occurs when data goes beyond the memory
areas allocated to the application?
RAM spoofing
RAM Injection
Correct! buffer overflow
SQL injection

organization.
Users report that the network access is slow. After questioning the
employees, the network administrator learned that one employee
downloaded a third-party scanning program for the printer. What type of
malware might be introduced that causes slow performance of the network?
virus
spam
phishing
Correct! worm

organization.
Passwords, passphrases, and PINs are examples of which security term?
authorization
access
Correct! authentication
identification

Authentication methods are used to strengthen access control
systems. It is important to understand the available authentication
methods.
Smart cards and biometrics are considered to be what type of access

control?
Correct! logical
physical
administrative
technological

Access control prevents an unauthorized user from gaining access to
sensitive data and networked systems. There are several
technologies used to implement effective access control strategies.
A user has a large amount of data that needs to be kept confidential. Which
algorithm would best meet this requirement?
Correct! 3DES
ECC
RSA
Diffie-Hellman

Encryption is an important technology used to protect confidentiality. It
is important to understand the characteristics of the various encryption
methodologies.
An organization has implemented antivirus software. What type of security

control did the company implement?
compensative control
detective control
deterrent control
Correct! recovery control

A cybersecurity specialist must be aware of the technologies and
measures that are used as countermeasures to protect the
organization from threats and vulnerabilities.
Which access control strategy allows an object owner to determine whether

to allow access to the object?
ACL
MAC
RBAC
Correct! DAC

Access control prevents unauthorized user from gaining access to
Which access control should the IT department use to restore a system back
to its normal state?
preventive
Correct! corrective
detective
compensative

Access control prevents an unauthorized user from gaining access to
What happens as the key length increases in an encryption application?
Keyspace increases proportionally.
Correct! Keyspace increases exponentially.
Keyspace decreases proportionally.
Keyspace decreases exponentially.

methodologies.
Which algorithm will Windows use by default when a user intends to encrypt
files and folders in an NTFS volume?
Correct! AES
DES
RSA
3DES

methodologies.
An organization has determined that an employee has been cracking

passwords on administrative accounts in order to access very sensitive
payroll information. Which tools would you look for on the system of the
employee? (Choose three)
algorithm tables
Correct! lookup tables
Correct! rainbow tables
rouge access points
Correct! reverse lookup tables
password digest

Tables that contain possible password combinations are used to crack
passwords.
What kind of integrity does a database have when all its rows have a unique
identifier called a primary key?
Correct! entity integrity
referential integrity
domain integrity
user-defined integrity

Data integrity is one of the three guiding security principles.
A cybersecurity specialist should be familiar with the tools and
technologies that are used to ensure data integrity.
What technique creates different hashes for the same password?
SHA-256
HMAC
CRC
Correct! salting

Data integrity is one of the three guiding security principles. A
cybersecurity specialist should be familiar with the tools and
technologies used ensure data integrity.
A VPN will be used within the organization to give remote users secure
access to the corporate network. What does IPsec use to authenticate the
origin of every packet to provide data integrity checking?
salting
CRC
password
Correct! HMAC

HMAC is an algorithm used to authenticate. The sender and receiver
have a secret key that is used along with the data to ensure the
message origin as well as the authenticity of the data.
Which hashing technology requires keys to be exchanged?
AES
Correct! HMAC
salting
MD5

The difference between HMAC and hashing is the use of keys.
What technology should be implemented to verify the identity of an

organization, to authenticate its website, and to provide an encrypted
connection between a client and the website?
digital signature
Correct! digital certificate
asymmetric encryption
salting

methodologies.
Which hashing algorithm is recommended for the protection of sensitive,

unclassified information?
3DES
MD5
Correct! SHA-256
AES-256

Data integrity is one of the three guiding security principles. A
cybersecurity specialist should be familiar with the tools and
technologies used to ensure data integrity.
You have been asked to describe data validation to the data entry clerks in
accounts receivable. Which of the following are good examples of strings,
integers, and decimals?
Correct! female, 9866, $125.50
male, $25.25, veteran
yes/no 345-60-8745, TRF562
800-900-4560, 4040-2020-8978-0090, 01/21/2013

A string is a group of letters, numbers and special characters. An
integer is whole number. A decimal is a number that is not a fraction.
There are many environments that require five nines, but a five nines
environment may be cost prohibitive. What is one example of where the five
nines environment might be cost prohibitive?
Correct! the New York Stock Exchange
the front office of a major league sports team
the U.S. Department of Education
department stores at the local mall

System and data availability is a critical responsibility of a
cybersecurity specialist. It is important to understand the technologies,
process, and controls used to protect provide high availability.
An organization has recently adopted a five nines program for two critical
database servers. What type of controls will this involve?
stronger encryption systems
limiting access to the data on these systems
Correct! improving reliability and uptime of the servers
remote access to thousands of external users

cybersecurity specialists. It is important to understand the
technologies, process, and controls used to provide high availability.
Which technology would you implement to provide high availability for data
storage?
N+1
Correct! RAID
hot standby
software updates

cybersecurity specialist. It is important to understand the technologies,
process, and controls used to provide redundancy.
The team is in the process of performing a risk analysis on the database

services. The information collected includes the initial value of these assets,
the threats to the assets and the impact of the threats. What type of risk
analysis is the team performing by calculating the annual loss expectancy?
loss analysis
You Answered qualitative analysis
orrect Answer quantitative analysis
protection analysis

A qualitative or quantitative risk analysis is used to identify and
prioritize threats to the organization.
Which risk mitigation strategies include outsourcing services and purchasing

insurance?
Correct! transfer
acceptance
reduction
avoidance

Risk mitigation lessens the exposure of an organization to threats and
vulnerabilities by transferring, accepting, avoiding, or taking an action
to reduce risk.
The awareness and identification of vulnerabilities is a critical function of a

cybersecurity specialist. Which of the following resources can be used to
identify specific details about vulnerabilities?
NIST/NICE framework
Infragard
Correct! CVE national database
ISO/IEC 27000 model

A cybersecurity specialist needs to be familiar with the resources such
as the CVE database, Infragard, and the NIST/NISE framework. All
can be used to help plan and implement effective an information
security management system.
An organization wants to adopt a labeling system based on the value,

sensitivity, and criticality of the information. What element of risk
management is recommended?
asset identification
asset availability
Correct! asset classification
asset standardization

One of the most important steps in risk management is asset
classification.
What approach to availability provides the most comprehensive protection

because multiple defenses coordinate together to prevent attacks?
Correct!
layering
diversity
obscurity
limiting

Defense in depth utilizes multiple layers of security controls.
Which two values are required to calculate annual loss expectancy? (Choose
two.)
exposure factor
Correct!
single loss expectancy
Correct!
annual rate of occurrence
frequency factor
asset value
quantitative loss value

Single loss expectancy, annualized rate of occurrence, and
annualized loss expectancy are used in a quantitative risk analysis
Which three protocols can use Advanced Encryption Standard (AES)?

(Choose three.)
Correct!
WPA2
TKIP
Correct!
WPA
802.11q
Correct!
802.11i
WEP

Various protocols can be used to provide secure communication
systems. AES is the strongest encryption algorithm.
What describes the protection provided by a fence that is 1 meter in height?
Correct!
It deters casual trespassers only.
It offers limited delay to a determined intruder.
It prevents casual trespassers because of its height.
The fence deters determined intruders.

Security standards have been developed to assist organizations in
implementing the proper controls to mitigate potential threats. The
height of a fence determines the level of protection from intruders
In a comparison of biometric systems, what is the crossover error rate?
rate of rejection and rate of false negatives
Correct!
rate of false negatives and rate of false positives
rate of false positives and rate of acceptability
rate of acceptability and rate of false negatives

In comparing biometric systems, there are several important factors to
consider including accuracy, speed or throughput rate, and
acceptability to users.
Which technology can be used to protect VoIP against eavesdropping?
ARP
SSH
Correct!
encrypted voice messages
strong authentication

Many advanced technologies such as VoIP, streaming video, and
electronic conferencing require advanced countermeasures.
Which utility uses the Internet Control Messaging Protocol (ICMP)?
Correct!
ping
RIP
NTP
DNS

ICMP is used by network devices to send error messages.
Which wireless standard made AES and CCM mandatory?
WEP
Correct!
WPA2
WEP2
WPA

Wireless security depends on several industry standards and has
progressed from WEP to WPA and finally WPA2.
Which two protocols pose switching threats? (Choose two.)
Correct!
STP
IP
RIP
WPA2
Correct!
ARP
ICMP

Network switches are the heart of the modern data communication
network. The main threats to network switches are theft, hacking and
remote access, and attacks against network protocols.
HVAC, water system, and fire systems fall under which of the cybersecurity
domains?
device
user
Correct!
physical facilities
network

Cybersecurity domains provide a framework for evaluating and
implementing controls to protect the assets of an organization.
Which website offers guidance on putting together a checklist to provide

guidance on configuring and hardening operating systems?
Internet Storm Center
The Advanced Cyber Security Center
CERT
Correct!
The National Vulnerability Database website

There are several cybersecurity information websites that a
cybersecurity specialist uses to evaluate the potential vulnerabilities of
an organization. Some of these websites are the National Vulnerability
Database, CERT, the Internet Storm Center, and the Advanced Cyber
Security Center.
Which national resource was developed as a result of a U.S. Executive Order

after a ten-month collaborative study involving over 3,000 security
professionals?
the National Vulnerability Database (NVD)
ISO/IEC 27000
Correct!
NIST Framework
ISO OSI model

There are many tools that a cybersecurity specialist uses to evaluate
the potential vulnerabilities of an organization.
Quiz Score: 98 out of 100

Final Quiz - Ui Cybersecurityessen CV 9no Sis 2018 2019

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Quiz - Ui Cybersecurityessen CV 9no Sis 2018 2019

Uploaded by

Copyright:

Available Formats

10/2/2019 Final Quiz: UI-CYBERSECURITYESSEN-CV-9NO-SIS-2018-2019

Forms 32901 - 23908

Take the Quiz Again

Score for this attempt: 98 out of 100

Which statement best describes a motivation of hacktivists?

They are trying to show off their hacking skills.

They are curious and learning hacking skills.

They are interested in discovering new exploits.

Refer to curriculum topic: 1.2.1

What is an example of early warning systems that can be used to thwart

ISO/IEC 27000 program

Refer to curriculum topic: 1.2.2

black hat hackers

Refer to curriculum topic: 1.4.1

Which data state is maintained in NAS and SAN services?

Refer to curriculum topic: 2.3.1

Which technology can be used to ensure data confidentiality?

Refer to curriculum topic: 2.2.1

Which technology should be used to enforce the security policy that a

Refer to curriculum topic: 2.4.1

Which technology can be implemented as part of an authentication system to

Refer to curriculum topic: 2.2.1

Refer to curriculum topic: 2.3.1

What is an impersonation attack that takes advantage of a trusted

Refer to curriculum topic: 3.3.1

Add more security guards.

Deploy well-designed firewall appliances.

Refer to curriculum topic: 3.2.2

What type of attack has an organization experienced when an employee

Refer to curriculum topic: 3.3.1

The employees in a company receive an email stating that the account

Refer to curriculum topic: 3.2.2

An executive manager went to an important meeting. The secretary in the

Refer to curriculum topic: 3.2.1

Correct! buffer overflow

Refer to curriculum topic: 3.3.3

Refer to curriculum topic: 3.1.1

Passwords, passphrases, and PINs are examples of which security term?

Refer to curriculum topic: 4.2.4

Smart cards and biometrics are considered to be what type of access

Refer to curriculum topic: 4.2.1

Refer to curriculum topic: 4.1.4

An organization has implemented antivirus software. What type of security

Correct! recovery control

Refer to curriculum topic: 4.2.7

Which access control strategy allows an object owner to determine whether

Refer to curriculum topic: 4.2.2

Refer to curriculum topic: 4.2.7

What happens as the key length increases in an encryption application?

Keyspace increases proportionally.

Correct! Keyspace increases exponentially.

Keyspace decreases proportionally.

Keyspace decreases exponentially.

Refer to curriculum topic: 4.1.4

Refer to curriculum topic: 4.1.4

An organization has determined that an employee has been cracking

Correct! lookup tables

Correct! rainbow tables

rouge access points

Correct! reverse lookup tables

Refer to curriculum topic: 5.1.2

Correct! entity integrity

Refer to curriculum topic: 5.4.1