What is an example of early warning systems that can be used to thwart cybercriminals?

Last Updated on December 11, 2018 by

• Recommend

Quiz Instructions

This quiz covers all of the content in Cybersecurity Essentials 1.1. It is designed to test the skills and knowledge presented in the course.

There are multiple task types that may be available in this quiz.

NOTE: Quizzes allow for partial credit scoring on all item types to foster learning. Points on quizzes can also be deducted for answering incorrectly.

1. A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with?

   • black hat hackers
   • gray hat hackers
   • script kiddies
   • white hat hackers
     

2. Which statement best describes a motivation of hacktivists?

   • They are trying to show off their hacking skills.
   • They are interested in discovering new exploits.
   • They are curious and learning hacking skills.
   • They are part of a protest group behind a political cause.
     

     Explanation:

3. What is an example of early warning systems that can be used to thwart cybercriminals?

   • Infragard
   • ISO/IEC 27000 program
   • Honeynet project
   • CVE database
     

     Explanation:

4. Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?

   • SAN
   • VPN
   • NAC
   • NAS
     

     Explanation:

5. Which data state is maintained in NAS and SAN services?

   • stored data
   • data in-transit
   • encrypted data
   • data in-process
     

     Explanation:

6. What are three states of data during which data is vulnerable? (Choose three.)

   • purged data
   • stored data
   • data in-process
   • data encrypted
   • data decrypted
   • data in-transit
     

     Explanation:

7. Which technology can be used to ensure data confidentiality?

   • hashing
   • identity management
   • encryption
   • RAID
     

     Explanation:

8. A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?

   • secrecy, identify, and nonrepudiation
   • confidentiality, integrity, and availability
   • technologies, policies, and awareness
   • encryption, authentication, and identification
     

     Explanation:

9. What are the two most effective ways to defend against malware? (Choose two.)

   • Implement strong passwords.
   • Implement a VPN.
   • Implement RAID.
   • Update the operating system and other application software.
   • Implement network firewalls.
   • Install and update antivirus software.
     

     Explanation:

10. What is an impersonation attack that takes advantage of a trusted relationship between two systems?

    • man-in-the-middle
    • spoofing
    • spamming
    • sniffing
      

      Explanation:

11. Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?

    • virus
    • worm
    • spam
    • phishing
      

      Explanation:

12. Which statement describes a distributed denial of service attack?”

    • An attacker views network traffic to learn authentication credentials.
    • An attacker builds a botnet comprised of zombies.
    • An attacker sends an enormous quantity of data that a server cannot handle.
    • One computer accepts data packets based on the MAC address of another computer.
      

      Explanation:

13. What type of application attack occurs when data goes beyond the memory areas allocated to the application?

    • buffer overflow
    • RAM Injection
    • SQL injection
    • RAM spoofing
      

      Explanation:

14. What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?

    • sniffing
    • spoofing
    • phishing
    • spamming
      

      Explanation:

15. A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?

    • Look for policy changes in Event Viewer.
    • Scan the systems for viruses.
    • Look for unauthorized accounts.
    • Look for usernames that do not have passwords.
      

      Explanation:

16. The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?

    • user login auditing
    • a biometric fingerprint reader
    • observations to be provided to all employees
    • a set of attributes that describes user access rights
      

      Explanation:

17. Smart cards and biometrics are considered to be what type of access control?

    • administrative
    • technological
    • logical
    • physical
      

      Explanation:

18. Which access control should the IT department use to restore a system back to its normal state?

    • compensative
    • preventive
    • corrective
    • detective
      

      Explanation:

19. A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?

    • 3DES
    • ECC
    • RSA
    • Diffie-Hellman
      

      Explanation:

20. Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?

    • the private key of Carol
    • the public key of Bob
    • the same pre-shared key he used with Alice
    • a new pre-shared key
      

      Explanation:

21. What happens as the key length increases in an encryption application?

    • Keyspace increases proportionally.
    • Keyspace decreases exponentially.
    • Keyspace decreases proportionally.
    • Keyspace increases exponentially.
      

      Explanation:

22. In which situation would a detective control be warranted?

    • when the organization needs to repair damage
    • when the organization needs to look for prohibited activity
    • when the organization cannot use a guard dog, so it is necessary to consider an alternative
    • after the organization has experienced a breach in order to restore everything back to a normal state
      

      Explanation:

23. An organization has implemented antivirus software. What type of security control did the company implement?

    • recovery control
    • deterrent control
    • compensative control
    • detective control
      

      Explanation:

24. You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?

    • 800-900-4560, 4040-2020-8978-0090, 01/21/2013
    • male, $25.25, veteran
    • female, 9866, $125.50
    • yes/no 345-60-8745, TRF562
      

      Explanation:

25. Which hashing technology requires keys to be exchanged?

    • salting
    • AES
    • HMAC
    • MD5
      

      Explanation:

26. Your organization will be handling market trades. You will be required to verify the identify of each customer who is executing a transaction. Which technology should be implemented to authenticate and verify customer electronic transactions?

    • data hashing
    • symmetrical encryption
    • digital certificates
    • asymmetrical encryption
      

      Explanation:

27. What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?

    • digital signature
    • digital certificate
    • asymmetric encryption
    • salting
      

      Explanation:

28. Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?

    • private key from Bob
    • private key from Alice
    • username and password from Alice
    • public key from Bob
      

      Explanation:

29. What is a feature of a cryptographic hash function?

    • Hashing requires a public and a private key.
    • The hash function is a one-way mathematical function.
    • The output has a variable length.
    • The hash input can be calculated given the output value.
      

      Explanation:

30. A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?

    • salting
    • HMAC
    • CRC
    • password
      

      Explanation:

31. Which hashing algorithm is recommended for the protection of sensitive, unclassified information?

    • MD5
    • SHA-256
    • 3DES
    • AES-256
      

      Explanation:

32. Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?

    • quantitative analysis
    • exposure factor analysis
    • loss analysis
    • qualitative analysis
      

      Explanation:

33. What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?

    • asset classification
    • asset availability
    • asset standardization
    • asset identification
      

      Explanation:

34. Keeping data backups offsite is an example of which type of disaster recovery control?

    • management
    • preventive
    • detective
    • corrective
      

      Explanation:

35. What are two incident response phases? (Choose two.)

    • detection and analysis
    • confidentiality and eradication
    • prevention and containment
    • mitigation and acceptance
    • containment and recovery
    • risk analysis and high availability
      

      Explanation:

36. The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?

    • quantitative analysis
    • qualitative analysis
    • loss analysis
    • protection analysis
      

      Explanation:

37. What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks?

    • obscurity
    • limiting
    • layering
    • diversity
      

      Explanation:

38. Being able to maintain availability during disruptive events describes which of the principles of high availability?

    • fault tolerance
    • system resiliency
    • single point of failure
    • uninterruptible services
      

      Explanation:

39. There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive?

    • department stores at the local mall
    • the New York Stock Exchange
    • the U.S. Department of Education
    • the front office of a major league sports team
      

      Explanation:

40. Which risk mitigation strategies include outsourcing services and purchasing insurance?

    • reduction
    • avoidance
    • acceptance
    • transfer
      

      Explanation:

41. Which utility uses the Internet Control Messaging Protocol (ICMP)?

    • NTP
    • ping
    • RIP
    • DNS
      

      Explanation:

42. Which technology can be used to protect VoIP against eavesdropping?

    • strong authentication
    • encrypted voice messages
    • ARP
    • SSH
      

      Explanation:

43. What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?

    • Local Security Policy tool
    • Event Viewer security log
    • Computer Management
    • Active Directory Security tool
      

      Explanation:

44. In a comparison of biometric systems, what is the crossover error rate?

    • rate of false positives and rate of acceptability
    • rate of false negatives and rate of false positives
    • rate of rejection and rate of false negatives
    • rate of acceptability and rate of false negatives
      

      Explanation:

45. Which protocol would be used to provide security for employees that access systems remotely from home?

    • WPA
    • SSH
    • SCP
    • Telnet
      

      Explanation:

46. Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)

    • WPA
    • TKIP
    • WPA2
    • 802.11i
    • 802.11q
    • WEP
      

      Explanation:

47. Mutual authentication can prevent which type of attack?

    • wireless poisoning
    • wireless sniffing
    • wireless IP spoofing
    • man-in-the-middle
      

      Explanation:

48. Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?

    • CERT
    • The National Vulnerability Database website
    • The Advanced Cyber Security Center
    • Internet Storm Center
      

      Explanation:

49. Which threat is mitigated through user awareness training and tying security awareness to performance reviews?

    • user-related threats
    • device-related threats
    • cloud-related threats
    • physical threats
      

      Explanation:

50. HVAC, water system, and fire systems fall under which of the cybersecurity domains?

    • device
    • network
    • physical facilities
    • user
      

      Explanation:

• Recommend