Download CIST 1601 Final Quiz: 50 Most Asked Questions and Answers on Cybersecurity and more Exams Information Security and Markup Languages in PDF only on Docsity!
Final Quiz CIST 1601 with 50 Most Asked
Questions with Answers.
Technologies like GIS and IoE contribute to the growth of large data stores. What are two reasons that these technologies increase the need for cybersecurity specialists? - Answer:::✔✔They collect sensitive information. They contain personal information Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information? - Answer:::✔✔black hat hackers Which statement best describes a motivation of hacktivists? - Answer:::✔✔They are part of a protest group behind a political cause. Which methods can be used to implement multifactor authentication? - Answer:::✔✔passwords and fingerprints Which technology can be implemented as part of an authentication system to verify the identification of employees? - Answer:::✔✔a smart card reader
What are three states of data during which data is vulnerable? - Answer:::✔✔data in-process data in-transit stored data A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective? - Answer:::✔✔Implement a firewall Which framework should be recommended for establishing a comprehensive information security management system in an organization? - Answer:::✔✔ISO/IEC 27000 What type of application attack occurs when data goes beyond the memory areas allocated to the application? - Answer:::✔✔buffer overflow An executive manager went to an important meeting. The secretary in the office receives a call from a person claiming that the executive manager is about to give an important presentation but the presentation files are corrupted. The caller sternly recommends that the secretary email the presentation right away to a personal email address. The caller also
A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised? - Answer:::✔✔Look for unauthorized accounts Which access control strategy allows an object owner to determine whether to allow access to the object? - Answer:::✔✔DAC Alice and Bob are using public key encryption to exchange a message. Which key should Alice use to encrypt a message to Bob? - Answer:::✔✔the public key of Bob An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement? - Answer:::✔✔administrative Smart cards and biometrics are considered to be what type of access control? - Answer:::✔✔logical The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement? - Answer:::✔✔a set of attributes that describes user access rights
Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use? - Answer:::✔✔a new pre-shared key What happens as the key length increases in an encryption application?
- Answer:::✔✔Keyspace increases exponentially Which statement describes a characteristics of block ciphers? - Answer:::✔✔Block ciphers result in output data that is larger than the input data most of the time. Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice? - Answer:::✔✔private key from Alice You have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select? - Answer:::✔✔SHA- 256
discovers the passwords are stored as hash values. However, after comparing a simple password hash, the technician then discovers that the values are different from those on other systems. What are two causes of this situation? - Answer:::✔✔One system uses hashing and the other uses hashing and salting. The systems use different hashing algorithms Which risk mitigation strategies include outsourcing services and purchasing insurance? - Answer:::✔✔transfer Which two values are required to calculate annual loss expectancy? - Answer:::✔✔single loss expectancy annual rate of occurrence Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and
green represents low level of threat. What type of risk analysis does this chart represent? - Answer:::✔✔qualitative analysis The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy? - Answer:::✔✔quantitative analysis What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications? - Answer:::✔✔asset standardization What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks? - Answer:::✔✔layering What are two incident response phases? - Answer:::✔✔containment and recovery
Which protocol would be used to provide security for employees that access systems remotely from home? - Answer:::✔✔SSH Mutual authentication can prevent which type of attack? - Answer:::✔✔man-in-the-middle Which two protocols pose switching threats? - Answer:::✔✔ARP STP Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses? - Answer:::✔✔vulnerability scanners Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems? - Answer:::✔✔The National Vulnerability Database website Which threat is mitigated through user awareness training and tying security awareness to performance reviews? - Answer:::✔✔user-related threats
