Cybersecurity Essentials Quiz Answers

Cybersecurity Essentials 1.1  Quiz Answers 100%

The entire information for quizzes answers shares below. Go through each part to get answers. I hope this will be helpful. 

Practice Quiz
Chapter 1 Quiz

1. Pick three types of records that cybercriminals would be interested in stealing from organizations. (Choose three.)
Answer: 

employment 

medical

education

 

2. What does the acronym IoE represent? - 

Internet of Everything

 

3. What name is given to hackers who hack for a cause? - 

hactivist

 

4. What does the term vulnerability mean? - 

a weakness that makes a target susceptible to an attack

 

5. What is an example of an Internet data domain? - LinkedIn

6. What does the term BYOD represent? - 

bring your own device

 

7. What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence? - 

Analyze

 

8. Thwarting cybercriminals includes which of the following? (Choose two.)

- 

sharing cyber Intelligence information

 

- establishing early warning systems

9. What type of attack can disable a computer by forcing it to use memory or by overworking its CPU? - 

algorithm

 

10. What name is given to an amateur hacker? - 

script kiddie

 

11. What type of attack uses many systems to flood the resources of a target, thus making the target unavailable? - 

DDoS

 

 Chapter 2 Quiz

1. What are the two common hash functions? (Choose two.)

- SHA, MD5

2. What service determines which resources a user can access along with the operations that a user can perform? - Authorization

3. What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?-  Privacy

4. What three design principles help to ensure high availability? (Choose three.)

- eliminate single points of failure, provide for a reliable crossover, detect failures as they occur

5. For the purpose of authentication, what three methods are used to verify identity? (Choose three.)

- something you know, something you have, something you are

6. What is a secure virtual network called that uses the public network?

- VPN

7. What mechanism can organizations use to prevent accidental changes by authorized users? - Version Control

8. What is a method of sending information from one device to another using removable media? - Sneaker Net

9. What are the three foundational principles of the cybersecurity domain? (Choose three.)

• integrity
• availability
• confidentiality

10. What are the three access control security services? (Choose three.)

• authorization
• accounting
• authentication

11. Which two methods help to ensure data integrity? (Choose two.)

  -  data consistency checks, hashing

12. What three tasks are accomplished by a comprehensive security policy? (Choose three.)

• defines legal consequences of violations
• gives security staff the backing of management
• sets rules for expected behavior

13. What two methods help to ensure system availability? (Choose two.)

• up-to-date operating systems
• equipment maintenance

14. What principle prevents the disclosure of information to unauthorized people, resources, and processes? - confidentiality

15. What are the three states of data? (Choose three.)

• at rest
• in-transit
• in-process

16. What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures? - modification

17. What is identified by the first dimension of the cybersecurity cube?

- goals

18. What name is given to a storage device connected to a network?

- NAS

19. What are the two methods that ensure confidentiality? (Choose two.)

• authentication
• encryption

20. What are the three types of sensitive information? (Choose three.)

• business
• classified
• PII

 Chapter 3 Quiz

1. What is a vulnerability that allows criminals to inject scripts into web pages viewed by users? - Cross-site scripting

2. What type of attack targets an SQL database using the input field of a user? - SQL injection

3. Which two reasons describe why WEP is a weak protocol? (Choose two.) 

• The key is static and repeats on a congested network.
• The key is transmitted in cleartext.

4. What is the difference between a virus and a worm?

- Worms self-replicate but viruses do not.

5. A criminal is using software to obtain information about the computer of a user. What is the name of this type of software? - spyware

6. What is the meaning of the term logic bomb?

- a malicious program that uses a trigger to awaken the malicious code

7. What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source? - phishing

8. What are two ways to protect a computer from malware? (Choose two.)

• Use antivirus software.
• Keep software up to date.

9. What occurs on a computer when data goes beyond the limits of a buffer? - a buffer overflow

10. What is the term used to describe an email that is targeting a specific person employed at a financial institution? - spear phishing

11. An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this? - bluesnarfing

12. What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)

• intimidation
• urgency

13. What are the two common indicators of spam mail? (Choose two.)

• The email has misspelled words or punctuation errors or both.
• The email has no subject line.

14. Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website? - smishing

15. A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this? - a type of ransomware

16. What is the name for the type of software that generates revenue by generating annoying pop-ups? - adware

17. What does a rootkit modify? - operating system

18. What is the name given to a program or program code that bypasses normal authentication? - backdoor

Chapter 4 Quiz

1. What is the name of the method in which letters are rearranged to create the ciphertext? - transposition

2. Which 128-bit block cipher encryption algorithm does the US government use to protect classified information?

• AES

3. Which term describes the technology that protects software from unauthorized access or modification?

• watermarking

4. Which three devices represent examples of physical access controls? (Choose three.)

• swipe cards
• locks
• video cameras

5. What term is used to describe the technology that replaces sensitive information with a non-sensitive version? - masking

6. Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time? - block

7. What encryption algorithm uses the same pre-shared key to encrypt and decrypt data? - symmetric

8. What type of cipher encrypts plaintext one byte or one bit at a time? - stream

9. What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?

• ECC

10. What is the term used to describe the science of making and breaking secret codes?

• cryptology

11. Which three processes are examples of logical access controls? (Choose three.)

• firewalls to monitor traffic
• intrusion detection system (IDS) to watch for suspicious network activity
• biometrics to validate physical characteristics

12. What term is used to describe concealing data in another file such as a graphic, audio, or other text files?

• steganography

13. What are three examples of administrative access controls? (Choose three.)

• hiring practices
• policies and procedures
• background checks

14. Which three protocols use asymmetric key algorithms? (Choose three.)

• Secure Shell (SSH)
• Pretty Good Privacy (PGP)
• Secure Sockets Layer (SSL)

15. A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

• deterrent

16. Which two terms are used to describe cipher keys? (Choose two.)

• key space
• key length

17. Match the type of multifactor authentication with the description.

• a security key fob  ————> something you have
• a fingerprint scan  ————> something you are
• a password           ————> something you know

18. Match the description with the correct term. (Not all targets are used.)

• steganography —————> hiding data within an audio file
• steganalysis ——————> discovering that hidden information exists within a graphic file
• social steganography ——–> creating a message that says one thing but means something else to a specific audience
• obfuscation ——————> making a message confusing so it is harder to understand

19. Which asymmetric algorithm provides an electronic key exchange method to share the secret key?

• Diffie-Hellman

20. What encryption algorithm uses one key to encrypt data and a different key to decrypt data?

• asymmetric

Chapter 5 Quiz

1. What is the strength of using a hashing function?

• It is a one-way function and not reversible.

2. A user is instructed by a boss to find a better method to secure passwords in transit. The user has researched several means to do so and has settled on using HMAC. What are the key elements needed to implement HMAC?

• secret key and message digest

3. Which method tries all possible passwords until a match is found?

• brute force

4. An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?

• The data in the image is an exact copy and nothing has been altered by the process.

5. What are the three types of attacks that are preventable through the use of salting? (Choose three.)

• lookup tables
• reverse lookup tables
• rainbow tables

6. A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use?

• HMAC

7. A user downloads an updated driver for a video card from a website. A warning message pops up saying the driver is not approved. What does this piece of software lack?

• digital signature

8. What is the purpose of CSPRNG?

• to generate salt

9. A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?

• Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.

10. A recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person?

• digital signature

11. A recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website?

• poor input validation

12. What are the three validation criteria used for a validation rule? (Choose three.)

• range
• size
• format

13. A user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username and password and the user is able to log in. What is the danger of proceeding with this transaction?

• The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.

14. Identify three situations in which the hashing function can be applied. (Choose three.)

• PKI
• IPsec
• CHAP

15. What is the standard for a public key infrastructure to manage digital certificates?

• x.509

16. A user is evaluating the security infrastructure of a company and notices that some authentication systems are not using best practices when it comes to storing passwords. The user is able to crack passwords very fast and access sensitive data. The user wants to present a recommendation to the company on the proper implementation of salting to avoid password cracking techniques. What are the three best practices in implementing salting? (Choose three.)

• A salt should not be reused.
• A salt must be unique.
• A salt should be unique for each password

17. A user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table ​must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing?

• entity integrity

18. What are three NIST-approved digital signature algorithms? (Choose three.)

• ECDSA
• RSA
• DSA

19. Alice and Bob use the same password to login to the company network. This means both would have the exact same hash for their passwords. What could be implemented to prevent both password hashes from being the same?

• salting

20. What is the step by step process for creating a digital signature?

• Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.

Chapter 6 Quiz

1. A user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement?

• 5

2. A user is asked to create a disaster recovery plan for a company. The user needs to have a few questions answered by management to proceed. Which three questions should the user ask management as part of the process of creating the plan? (Choose three.)

• Where does the individual perform the process?
• Who is responsible for the process
• What is the process?

3. A user was hired by a company to provide a highly available network infrastructure. The user wants to build redundancy into the network in case of a switch failure but wants to prevent Layer 2 looping. What would the user implement in the network?

• Spanning Tree Protocol

4. A security breach has happened at a major corporation. The incident team has responded and executed their incident response plan. During which phase are lessons learned applied?

• post-incident

5. A team has been asked to create an incident response plan for security incidents. In what phase of an incident response plan does the team get management approval of the plan?

• preparation

6. A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment. The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?

• quantitative

7. A user is evaluating the network infrastructure of a company. The user noted many redundant systems and devices in place, but no overall evaluation of the network. In a report, the user emphasized the methods and configurations needed as a whole to make the network fault-tolerant. What is the type of design the user is stressing?

• resilient

8. A user has completed a six-month project to identify all data locations and catalog the location. The next step is to classify the data and produce some criteria on data sensitivity. Which two steps can the user take to classify the data? (Choose two.)

• Identify the sensitivity of the data.
• Establish the owner of the data

9. A user needs to add redundancy to the routers in a company. What are the three options the user can use? (Choose three.)

• HSRP
• VRRP
• GLBP

10. A user is asked to evaluate the data center to improve availability for customers. The user notices that there is only one ISP connection, some of the equipment is out of warranty, there are no spare parts, and no one was monitoring the UPS which was tripped twice in one month. Which three deficiencies in high availability has the user identified? (Choose three.)

• single points of failure
• failure to detect errors as they occur
• failure to design for reliability

11. A company is concerned with traffic that flows through the network. There is a concern that there may be malware that exists that is not being blocked or eradicated by antivirus. What technology can be put in place to detect potential malware traffic on the network?

• IDS

12. A user is a consultant who is hired to prepare a report to Congress as to which industries should be required to maintain five-nine availability. Which three industries should the user include in a report? (Choose three.)

• public safety
• finance
• healthcare

13. A user is asked to evaluate the security posture of a company. The user looks at past attempts to break into the company and evaluates the threats and exposures to create a report. Which type of risk analysis could the user perform?

• qualitative

14. A user is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. The user wants to offer a better solution to provide fault tolerance during a drive failure. Which solution is best?

• RAID

15. A user was hired as the new security officer. One of the first projects was to take inventory of the company assets and create a comprehensive database. Which three pieces of information would the user want to capture in an asset database? (Choose three.)

• hardware network devices
• workstations
• operating systems

16. A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing?

• layered

17. The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is CEO implementing?

• transference

Chapter 7 Quiz

1. A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.)

• Administrators can approve or deny patches.
• Updates can be forced on systems immediately.
• Updates cannot be circumvented

2. A user calls the help desk complaining that an application was installed on the computer and the application cannot connect to the Internet. There are no antivirus warnings and the user can browse the Internet. What is the most likely cause of the problem?

• computer firewall

3. Companies may have different operation centers that handle different issues with the IT operations. If an issue is related to network infrastructure, what operation center would be responsible?

• NOC

4. Why is WPA2 better than WPA?

• mandatory use of AES algorithms

5. A company wants to implement biometric access to its data center. The company is concerned with people being able to circumvent the system by being falsely accepted as legitimate users. What type of error is false acceptance?

• Type II

6. An administrator of a small data center wants a flexible, secure method of remotely connecting to servers.Which protocol would be best to use?

• Secure Shell

7. Which service will resolve a specific web address into an IP address of the destination web server?

• DNS

8. Which three items are malware? (Choose three.)

• virus
• Trojan horse
• keylogger

9. The CIO wants to secure data on company laptops by implementing file encryption. The technician determines the best method is to encrypt each hard drive using Windows BitLocker. Which two things are needed to implement this solution? (Choose two.)

• at least two volumes
• TPM

10. A user makes a request to implement a patch management service for a company. As part of the requisition, the user needs to provide justification for the request. What three reasons can the user use to justify the request? (Choose three.)

• no opportunities for users to circumvent updates
• the ability to obtain reports on systems
• the ability to control when updates occur

11. The manager of desktop support wants to minimize downtime for workstations that crash or have other software-related issues. What are three advantages of using disk cloning? (Choose three.)

• can provide a full system backup
• easier to deploy new computers within the organization
• ensures a clean imaged machine

12. A user is asked to analyze the current state of a computer operating system. What should the user compare the current operating system against to identify potential vulnerabilities?

• a baseline

13. What is the difference between an HIDS and a firewall?

• An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.

14. What are the three types of power issues that a technician should be concerned about? (Choose three.)

• blackout
• brownout
• spike

15. A new PC is taken out of the box, started up, and connected to the Internet. Patches were downloaded and installed. The antivirus was updated. In order to further harden the operating system what can be done?

• Remove unnecessary programs and services.

16. The company has many users who telecommute. A solution needs to be found so a secure communication channel can be established between the remote location of users and the company. What is a good solution for this situation?

• VPN

17. Why should WEP not be used in wireless networks today?

• easily crackable

18. A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?

• rogue access point

19. An intern has started working in the support group. One duty is to set local policy for passwords on the workstations. What tool would be best to use?

• secpol.msc

20. The manager of a department suspects someone is trying to break into computers at night. You are asked to find out if this is the case. What logging would you enable?

• audit

21. After a security audit for an organization, multiple accounts were found to have privileged access to systems and devices. Which three best practices for securing privileged accounts should be included in the audit report? (Choose three.)

• Enforce the principle of least privilege.
• Secure password storage.
• Reduce the number of privileged accounts.

Chapter 8 Quiz

1. An auditor is asked to assess the LAN of a company for potential threats. What are the three potential threats the auditor may point out? (Choose three.)

• a misconfigured firewall
• unauthorized port scanning and network probing
• unlocked access to network equipment

2. As part of the HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?

• GLBA

3. As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?

• laws governing the data

4. A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks?

• vulnerability scanner

5. A consultant is hired to make recommendations on managing device threats in a company. What are the three general recommendations that can be made? (Choose three.)

• Disable administrative rights for users.
• Enable automated antivirus scans.
• Enable screen lockout.

6. What three services does CERT provide? (Choose three.)

• develop tools, products, and methods to analyze vulnerabilities
• develop tools, products, and methods to conduct forensic examinations
• resolve software vulnerabilities

7. What are two items that can be found on the Internet Storm Center website? (Choose two.)

• InfoSec reports
• InfoSec job postings

8. What can be used to rate threats by an impact score to emphasize important vulnerabilities?

• NVD

9. A breach occurs in a company that processes credit card information. Which industry-specific law governs credit card data protection?

• PCI DSS

10. Why is Kali Linux a popular choice in testing the network security of an organization?

• It is an open-source Linux security distribution and contains over 300 tools.

11. A company is attempting to lower the cost of deploying commercial software and is considering a cloud-based service. Which cloud-based service would be best to host the software?

• SaaS

12. An organization has implemented a private cloud infrastructure. The security administrator is asked to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.)

• Update devices with security fixes and patches.
• Test inbound and outbound traffic.
• Disable ping, probing, and port scanning.

13. A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?

• FERPA

14. What are the three broad categories for information security positions? (Choose three.)

• definers
• monitors
• builders

15. What are two potential threats to applications? (Choose two.)

• data loss
• unauthorized access

16. If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?

• CFAA

17. A company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage user threats. What three things might be put in place to manage the threats? (Choose three.)

• Disable CD and USB access.
• Provide security awareness training.
• Use content filtering.

18. What are three disclosure exemptions that pertain to the FOIA? (Choose three.)

• confidential business information
• national security and foreign policy information
• law enforcement records that implicate one of a set of enumerated concerns

19. Unauthorized visitors have entered a company office and are walking around the building. What two measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.)

• Establish policies and procedures for guests visiting the building.
• Conduct security awareness training regularly.

Final Quiz

1. A cybersecurity specialist is asked to identify the potential criminals known to attack the organization. Which type of hackers would the cybersecurity specialist be least concerned with?

• white hat hackers

2. Which statement best describes a motivation of hacktivists?

• They are part of a protest group behind a political cause.

3. What is an example of early warning systems that can be used to thwart cybercriminals?

• Honeynet project

4. Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?

• NAC

5. Which data state is maintained in NAS and SAN services?

• stored data

6. What are the three states of data during which data is vulnerable? (Choose three.)

• stored data
• data in-process
• data in-transit

7. Which technology can be used to ensure data confidentiality?

• encryption

8. A cybersecurity specialist is working with the IT staff to establish an effective information security plan. Which combination of security principles forms the foundation of a security plan?

• confidentiality, integrity, and availability

9.  What are the two most effective ways to defend against malware? (Choose two.)

• Update the operating system and other application software.
• Install and update antivirus software.

10. What is an impersonation attack that takes advantage of a trusted relationship between two systems?

• spoofing

11. Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?

• worm

12. Which statement describes a distributed denial of service attack?”

• An attacker builds a botnet comprised of zombies.

13. What type of application attack occurs when data goes beyond the memory areas allocated to the application?

• buffer overflow

14. What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?

• sniffing

15. A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?

• Look for unauthorized accounts.

16. The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?

• a set of attributes that describes user access rights

17. Smart cards and biometrics are considered to be what type of access control?

• logical

18. Which access control should the IT department use to restore a system back to its normal state?

• corrective

19. A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?

• 3DES

20. Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?

• a new pre-shared key

21. What happens as the key length increases in an encryption application?

• Keyspace increases exponentially

22. In which situation would a detective control be warranted?

• when the organization needs to look for prohibited activity

23. An organization has implemented antivirus software. What type of security control did the company implement?

• recovery control

24. You have been asked to describe data validation to the data entry clerks in accounts receivable. Which of the following are good examples of strings, integers, and decimals?

• female, 9866, $125.50

25. Which hashing technology requires keys to be exchanged?

• HMAC

26. Your organization will be handling market trades. You will be required to verify the identity of each customer who is executing a transaction. 26. Which technology should be implemented to authenticate and verify customer electronic transactions?

• digital certificates

27. What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?

• digital certificate

28. Alice and Bob are using a digital signature to sign a document. What key should Alice use to sign the document so that Bob can make sure that the document came from Alice?

• private key from Alice

29. What is a feature of a cryptographic hash function?

• The hash function is a one-way mathematical function.

30. A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?

• HMAC

31. Which hashing algorithm is recommended for the protection of sensitive, unclassified information?

• SHA-256

32. Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?

• qualitative analysis

33. What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?

• asset standardization

34. Keeping data backups offsite is an example of which type of disaster recovery control?

• preventive

35. What are the two incident response phases? (Choose two.)

• detection and analysis.
• containment and recovery

36. The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?

• quantitative analysis

37. What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks?

• layering

38. Being able to maintain availability during disruptive events describes which of the principles of high availability?

• system resiliency

39. There are many environments that require five nines, but a five nines environment may have cost prohibitive. What is one example of where the five nines' environment might be cost-prohibitive?

• the New York Stock Exchange

40. Which risk mitigation strategies include outsourcing services and purchasing insurance?

• transfer

41. Which utility uses the Internet Control Messaging Protocol (ICMP)?

• ping

42. Which technology can be used to protect VoIP against eavesdropping?

• encrypted voice messages

43. What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?

• Local Security Policy tool

44. In a comparison of biometric systems, what is the crossover error rate?

• rate of false negatives and rate of false positives

45. Which protocol would be used to provide security for employees that access systems remotely from home?

• SSH

46. Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)

• WPA
• WPA2
• 802.11i

47. Mutual authentication can prevent which type of attack?

• man-in-the-middle

48. Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?

• The National Vulnerability Database website

49. Which threat is mitigated through user awareness training and tying security awareness to performance reviews?

• user-related threats

50. HVAC, water system, and fire systems fall under which of the cybersecurity domains?

• physical facilities

Subscribe our YOUTUBE CHANNEL and LIKE our FACEBOOK PAGE to get UPDATE for COURSES

YOUTUBE  FACEBOOK TELEGRAM

THANK YOU!
ABCS PREPARATION SITE