cyber security 2016 SLC

Question 1

What type of convert attack uses devices or computer programs that captures anything the user types or anything the user clicks with a mouse?

Answer 1

A . Keylogger

Question 2

Spoofing is the act of falsely identifying a packet’s IP address, MAC address, etWhich of the below are three types of Spoofing?

A) ARP Poisoning, Web Spoofing, and DNS Spoofing

B) Web Spoofing, DNS Spoofing, and Relay Spoofing

C) Web Spoofing, ARP Poisoning, and Relay Spoofing

D) DNS Spoofing, Relay Spoofing, and ARP Poisoning

Answer 2

A) ARP Poisoning, Web Spoofing, and DNS Spoofing

Question 3

This refers to applications or files that are not classified as viruses or Trojan Horse programs, but can still negatively affect the performance of the computers on your network and introduce significant security risks to your organization. This is done by performing a variety of undesired actions such as irritating users with pop-up windows, tracking user habits, and unnecessarily exposing computer vulnerabilities to attack.

Answer 3

C) Grayware

Question 4

Malware, short for malicious software, is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. What are three methods antivirus software use to identify malware?

Answer 4

D) Signature-Based Detection, Heuristic-Based Detection, File Emulation

Question 5

Cloud-computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. What is the primary function of cloud antivirus technology?

Answer 5

C) A technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider’s infrastructure.

Question 6

Your regular bills and account statements do not arrive on time, you never receive bills or collection notices for products or services, or you receive calls from debt collectors about debts that do not belong to you are examples of:

Answer 6

C) Red Flags of Identity Theft

Question 7

What type of Trojan Horses send a copy of itself to all recipients in a user’s address book, which causes an outbreak by passing throughout a network?

Answer 7

D) Droppers

Question 8

What is considered the first piece of malicious software to have caused significant damage on the Internet?

Answer 8

B) Morris worm

Question 9

A Trojan horse, or Trojan, is a hacking program that is a non-self-replicating type of malware that gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload. What do Trojans install that create a hidden opening allowing access to a system?

Answer 9

A) Backdoor

Question 10

A computer virus is a type of malware that, when executed, replicates by inserting copies of itself into other computer programs, data files, or the boot sector. When this replication succeeds, the affected areas are then said to be infected. This type of virus spreads by infecting USB disks or hard drive disks. The virus is loaded into memory and attempts to infect any and all disks inserted into the computer.

Answer 10

C) Boot Sector

Question 11

Which one of the following is a network attack where the attacker creates an ICMP packet that’s larger than the maximum allowed size of 65,535 bytes?

Answer 11

C) Ping of Death

Question 12

12)  Which one of the following is a form of social engineering where an unauthorized person follows closely behind an authorized person into a restricted area?

Answer 12

A) piggybacking

Question 13

13)  Computer software, or just software, is any set of machine-readable instructions that directs a computer’s processor to perform specific operations. Changes and improvements to software happen. What is a collection of updates, fixes, or enhancements to a software program delivered in the form of a single installable bundle because installing is easier and less error-prone?

Answer 13

A) Service Pack

Question 14

14)  This must be regularly updated by a computer’s anti-virus program and is used to identify potential malicious software?

Answer 14

C) signature file

Question 15

Which class of brute-force mathematical attack exploits mathematical weaknesses of hash algorithms and one-way hash functions?

Answer 15

C) Birthday Attack

Question 16

Many legislative Acts affect computer security. Which Act changed computer crime damage assessments, increasing the number of crimes violating federal law?

Answer 16

C) The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Patriot Act)

Question 17

TCP/IP provides end-to-end connectivity, specifying how data should be formatted, addressed, transmitted, routed, and received at the destination. The Open Systems Interconnection (OSI) model is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model groups similar communication functions into one of seven logical layers. Which four of the seven layers does TCP/IP operate?

Answer 17

C) Application, Transport, Network, Data Link

Question 18

18)  Which is a set of protocols developed to support the secure exchange of packets and is required in IPv6?

Answer 18

D) IPsec

Question 19

19)  How do organizations classify information such as client lists, product designs, and organizational strategies?

Answer 19

B) sensitive

Question 20

20)  Risk is comprised of what two components?

C) Vulnerability and Threat

Question 21

21)  A security database that contains entries for users and their access rights for files and folders is known as?

B) an access control list (ACL)

Question 22

22)  The Open Systems Interconnection (OSI) model is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model groups similar communication functions into one of seven logical layers. This hardware device operates at the data link layer of the OSI model and can limit hostile sniffing on a LAN (Local Area Network)?

A) Ethernet Switch

Question 23

23)  The purpose of classification is to protect information from being used to damage or endanger national security, research and development, or proprietary information. How do organizations classify information such as client lists, product designs, and organizational strategies?

A) sensitive

Question 24

24)  What can an intruder place between two endpoints to capture an entire session?

B) sniffers

Question 25

25)  Internet browsers use this to store pages and other multimedia content, such as video and audio files, from websites visited by the user. This allows such websites to load more quickly the next time they are visited.

D) temporary Internet file

Answer 25

D) temporary Internet file

Question 26

26)  File Transfer Protocol (FTP) uses a client-server architecture and uses separate control and data connections between the client and the server. What do system administrators do to secure a FTP server so only authorized users can access the server?

A) Disable Anonymous Authentication

Answer 26

a

Question 27

27)  Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) Snort’s open source network-based intrusion detection system has the ability to perform real-time traffic analysis and packet logging on IP networks. Snort performs protocol analysis, content searching, and content matching. What is the correct Snort Rule syntex to log TCP traffic from any port going to ports less than or equal to 4000 on the 192.168.1.0 network?

A) log tcp any any -> 192.168.1.0/24 :4000

Answer 27

a

Question 28

28)  At what stage of the security system development life cycle do organization’s purchase or build security solution?

A) Implementation Phase

Answer 28

a

Question 29

29)  Some virtual networks may not use encryption to protect the data contents. What process do users initiate when carrying a payload over an incompatible delivery-network, or providing a secure path through an untrusted network?

D) Tunneling

Answer 29

d

Question 30

30)  When collecting digital evidence from a crime scene, often the best strategy for dealing with a computer that is powered on is to:

C) unplug it

Answer 30

c

Question 31

31)  This is a non-malicious, yet false message spread by users forwarding to a large number of recipients.

C) e-mail hoax

Answer 31

c

Question 32

32)  What is the unique number assigned to a message by the e-mail server?

D) message ID

Answer 32

d

Question 33

33)  A cyber attack is a type of offensive maneuver employed by both individuals and whole organizations that target computer information systems, infrastructures, computer networks, and/ or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system. What is a Distributed Denial of Service Attack?

Answer 33

C) An attack in which multitudes of compromised systems attack a single target and the flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

Question 34

34)  This protocol is used to encrypt and digitally sign email messages using the X.509 format for certificates.

D) S/MIME

Answer 34

d

Question 35

35)  Why is instant messaging dangerous for file transfers?

A) It bypasses server-based malware protection.

Answer 35

a

Question 36

36)  What is the difference between SMTP and POP3?

.

B) The SMTP server listens on port 25, while POP3 listens on port 110.

Answer 36

b

Question 37

37)  Simple Mail Transfer Protocol (SMTP) is an Internet standard for email transmission across Internet Protocol (IP) networks. Your SMTP server is the source of excessive spam emails. What is the most likely cause?

C) The anonymous relays are not disabled

Answer 37

c

Question 38

38)  What is the act of making an e-mail message look like it came from someone else or a different location?

D) spoofing

Answer 38

d

Question 39

39)  Attackers have learned to capitalize and take advantage of the human factor in trust relationships. What type of attack uses chat, social media, and email to exploit trust relationships?

C) Online attack

Answer 39

c

Question 40

40)  What is the purpose of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003?

B) Allow email marketers to send unsolicited commercial e-mail as long as it adheres to 3 basic types of compliance: unsubscribe, content, and sending behavior compliance

Answer 40

b

Question 41

41)  What type of email scam involves Internet fraudsters who send seemingly legitimate e-mail messages to trick unsuspecting victims into revealing personal and financial information, such as a Social Security number (SSN), that can be used to steal the victims’ identity and gain access to the victim’s finances?

C) Phishing

Answer 41

c

Question 42

42)  What is an attempt to make a machine or network resource unavailable to its intended users by temporarily or indefinitely interrupt or suspend services of a host connected to the Internet?

B) Denial of Service

Answer 42

b

Question 43

43)  This type of attack is an anomaly where a program, while writing data, overruns the boundary and overwrites adjacent memory. Most security applications and suites are incapable of adequate defense against these kinds of attacks.

B) Buffer Overflow

Answer 43

b

Question 44

44)  What type of intrusion detection system takes action after intruder detection?

C) active

Answer 44

c

Question 45

45)  What is a false positive?

ed

C) An event signaling an intrusion detection system to produce an alarm when no attack has taken place

Answer 45

c

Question 46

46)  The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates. Which encryption scheme does PKI use?

D) Asymmetric Encryption

Answer 46

d

Question 47

47)  What is the process of recovering passwords from data that has been stored in or transmitted by a computer system?

A) Password Cracking

Answer 47

a

Question 48

48)  The purpose of this is to help you make more-informed decisions about which security measures to adopt?

C) Security Assessment

Answer 48

c

Question 49

49)  This type of assessment answers the following questions: What to protect? Who/What are the threats and vulnerabilities? What are the implications of damage or loss? What is the value to the organization? What can minimize exposure to the loss or damage?

B) risk assessment

Answer 49

b

Question 50

50)  What are groups of rigorous methods for finding bugs or errors in code related to computer security. These methods are used for testing purposes and are very important for ensuring that potential vulnerabilities are prevented.

C) Attack Patterns

Answer 50

c

Question 51

51)  Heuristic scanning is a:

C) method of detecting potentially malicious behavior by examining what a program does or how it acts

Answer 51

c

Question 52

52)  In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. What is the primary principle of encryption using a key?

B) All functions are public, only the key is secret. The key contains the parameters used for the encryption responsible for decryption.

Answer 52

b

Question 53

53)  A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. What is the primary role of the Certificate Authority?

C) To digitally sign and publish the public key bound to a given user

Answer 53

c

Question 54

54)  What is the primary role of the Certificate Authority?

A) to digitally sign and publish the public key bound to a given user

B) to review critical transactions communications between two or more parties

C) to use a random number generator to create public keys

D) to track self-signed certificates and third party attestations of those certifications

Answer 54

a

Question 55

5555)  In a Public Key infrastructure, this provides nonrepudiation:

A) symmetric keys

B) digital signature

C) electronic certificates

D) e-mail signature

Answer 55

b

Question 56

5656)  The digital signature scheme consists of which three algorithms?

A) a key generation algorithm, a signing algorithm, and a signature verification algorithm

B) a key generation algorithm, an asymmetric key algorithm, and a signing algorithm

C) a key generation algorithm, a signing algorithm, and a hash-and-decrypt algorithm

D) a symmetric key algorithm, a signing algorithm, and a signature verification algorithm

Answer 56

a

Question 57

5757)  In computer security, challenge-response authentication is a family of protocols in which one party presents a question/challenge and another party must provide a valid answer/response to be authenticated. The simplest example of a challenge-response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password. Which technology issues a challenge/response test as a means of ascertaining that a user is a human and not a computer program?

A) CAPTCHA

B) Munging

C) CHAP

D) Site Key

Answer 57

a

Question 58

5858)  This security principle describes the requirement that different people should perform different portions of a critical process.

A) segregation of duties

B) defense in depth

C) job rotation

D) least privilege

Answer 58

a

Question 59

5959)  What type of authentication methodology uses a person’s physical characteristic for identification?

A) Behaviometrics

B) Biometrics

C) Voice Analysis

D) Facial Recognition

Answer 59

b

Question 60

6060)  When withdrawing money from an automated teller machine, a user inserts a card (something he has) and enters a pin code (something he knows) into a keypad. What type of authentication is this?

A) Two-factor Authentication

B) Two-factor Authorization

C) Multi-Factor Authentication

D) Common Authentication

Answer 60

A

Question 61

6161)  In networking, the Point-to-Point Protocol (PPP) is a data link protocol commonly used in establishing a direct connection between two networking nodes. What authentication method is used in conjunction with PPP to validate the identify of a client?

A) Password Authentication Protocol (PAP)

B) Routing Internet Protocol (RIP)

C) Challenge-Handshake Authentication Protocol (CHAP)

D) Extensible Authentication Protocol (EAP)

Answer 61

c

Question 62

62)  Your boss does not want anyone else to have the ability to read an email except the intended recipient. What type of security ensures only the intended recipient can read your email?

A) Availability

B) Confidentiality

C) Authentication

D) Integrity

Answer 62

c

Question 63

63)  A binary code represents text or computer processor instructions using the binary number system’s two binary digits – 0 and 1. What is added to the end of a string of binary code that indicates whether the number of bits in the string with the value one is even or odd?

A) Checksum

B) Modular Sum

C) Parity Bit

D) Parity Word

Answer 63

c

Question 64

64)  What is a credential issued by the Authentication Service that supplies valid authentication credentials?

A) User Certificate

B) Server Ticket

C) Security Ticket

D) Server Certificate

Answer 64

c

Question 65

65)  A password policy is often part of an organization’s official regulations and may be taught as part of security awareness training. What setup should an administrator use for regularly testing the strength of user passwords

A) A standalone workstation on which the password database is copied and processed by the cracking program.

B) A standalone workstation so that the live password database can be accessed and processed by the cracking program.

C) A networked workstation so the password database can easily be copied locally and processed by the cracking program.

D) A networked workstation so the cracking program can access the live password database.

Answer 65

a

Question 66

66)  In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. When does CHAP perform the handshake process?

A) Only when establishing the initial connection

B) When establishing a connection and at any time after the connection is established

C) When establishing a connection and after disconnecting the session

D) Only after the connection is established

Answer 66

b

Question 67

67)  Which one of the following is not an effect of a natural disaster on a computer?

A) smoke damage to the hard drive

B) static electricity

C) water damage

D) power fluctuations

Answer 67

b

Question 68

68)  What is the best reason water isn’t used to suppress fires in a data center?

A) It’s too expensive compared to other methods.

B) Water would ruin the electronics in computers and network equipment.

C) Water cannot put out electrical fires.

D) Water may not be able to reach all servers in a rack.

Answer 68

b

Question 69

69)  This provides duplication of server data storage by using multiple hard drive volumes.

A) Parity

B) Hot Swapping

C) Mirroring

D) Disk Striping

Answer 69

c

Question 70

70)  What RAID level uses disk striping?

A) RAID 5

B) RAID 0+1

C) RAID 1

D) RAID 0

Answer 70

d

Question 71

71)  This term refers to the ability to maintain data and operational processing despite a disrupting event?

A) business continuity

B) high definition

C) disaster planning

D) high availability

Answer 71

d

Question 72

72)  Regarding Business Continuity Planning and Disaster Recovery Planning, which one of the following determines the recovery cost balancing?

A) cost of impact and the cost of resources

B) cost of disruption and the cost to recover

C) maximum allowable outage and the cost to recover

D) cost of system inoperability and the cost of resources to recover

Answer 72

d

Question 73

73)  The CEO wants to determine the feasibility of the IT recovery process, verify the compatibility of backup facilities, and ensuring the adequacy of procedures relating to the various teams working in the recovery process. These tasks are examples of what?

A) Disaster Recovery Plan Testing

B) Disaster Recovery Plan Training

C) Disaster Recovery Plan Maintenance

D) Disaster Recovery Plan Authentication

Answer 73

a

Question 74

74)  This type of plan contains the steps for implementing critical business functions using alternate mechanisms until normal operations can be resumed at the primary site or elsewhere on a permanent basis.

A) Disaster Recovery Plan

B) Business Continuity Plan

C) Incremental Recovery Plan

D) Incident Recovery Plan

Answer 74

a

Question 75

75)  What are the three primary strategies when developing a disaster recovery plan?

A) Management Support, Detective Measures, and Preventative Measures

B) Preventive Measures, Detective Measures, and Corrective Measures

C) Risk Assessment, Independent Verification and Validation, and Management Support

D) Corrective Measures, Detective Measures, and Risk Assessment

Answer 75

b

Question 76

76)  Which one of the following configurations of elements represents the most complete disaster recovery plan?

A) alternate processing site, backup and off-site storage procedures, identification of critical applications, and test of the plan

B) vendor contract for alternate processing site, backup procedures, and names of persons on the disaster recovery team

C) vendor contract for alternate processing site, names of persons on the disaster recovery team, and offsite storage procedures

D) off-site storage procedures, identification of critical applications, and test of the plan

Answer 76

a

Question 77

77)  Which one of the following IT contingency solutions provides recovery time objectives ranging from minutes to several hours?

A) asynchronous shadowing

B) multiple location disk replications

C) single location disk replication

D) synchronous mirroring

Answer 77

d

Question 78

78)  Organizations use contingency plans for an outcome other than the usual (expected) outcome. Which one of the following IT contingency solutions provides recovery time objectives ranging from minutes to several hours?

A) multiple location disk replications

B) synchronous mirroring

C) asynchronous shadowing

D) single location disk replication

Answer 78

b

Question 79

79)  Which one of the following configurations of elements represents the most complete disaster recovery plan?

A) off-site storage procedures, identification of critical applications, test of the plan

B) vendor contract for alternate processing site, names of persons on the disaster recovery team, offsite storage procedures

C) vendor contract for alternate processing site, backup procedures, names of persons on the disaster recovery team

D) alternate processing site, backup and off-site storage procedures, identification of critical applications, and test of the plan

Answer 79

d

Question 80

80)  What maintains a historical record of all the changes make to data by constantly monitor all data written on a hard drive and thus provide backups that can be restored immediately?

A) Synchronous backups

B) Disk to Disk (D2D) backups

C) Backup Data Plan (BDP)

D) Continuous Data protection (CDP)

Answer 80

d

Question 81

81)  This is the maximum length of time that an organization can tolerate between backups.

A) Service Establishment Point (SEP)

B) Recovery Point Objective (RPO)

C) Recovery Time Objective (RTO)

D) Business Recovery Time (BRT)

Answer 81

b

Question 82

82)  This type of attack is to directly attach conductors to the circuit(s) being protected so that the information can be obtained from and/or changes injected into the system under attack.

A) Shape Charge Attack

B) Circuit Disruption Attack

C) Probe Attack

D) Machine Attack

Answer 82

c

Question 83

83)  The abbreviation RAID stands for?

A) Resistant Architecture of Interdependent Drives

B) Repository Array of Inexpensive Disks

C) Redundant Array of Independent Drives

D) Replacement Archive for Identical Disks

Answer 83

c

Question 84

84)  What is an effective technique in ventilation systems that forces air outward from a facility to help guard against dust and other pollutants?

A) Negative Pressurization

B) Adaptive Support Pressurization

C) Supply Only Pressurization

D) Positive Pressurization

Answer 84

d

Question 85

85)  Half of employees admit to taking corporate data when they leave a job, and 40 percent say they plan to use the data in their new job. How do you prevent this?

A) Enforce Non-Disclosure Agreements, Monitor Technology, Secure Intellectual Property

B) Employee Education, Enforce Non-Disclosure Agreements, Monitor Technology

C) Tag Sensitive Information, Monitor Technology, Enforce Non-Disclosure Agreements

D) Monitor Technology, Secure Intellectual Property, Education Employees

Answer 85

b

Question 86

86)  Which one of the following type of attacks requires physical access to a computer system?

A) using a bootdisk to load an alternate operating systems

B) scanning the network for open ports and IP addresses

C) cracking passwords

D) exploiting vulnerabilities in web servers

Answer 86

a

Question 87

87)  What process takes a variable sized long input of bits and produces a fixed, small sequence of bits that is effectively unique?

A) Decoy Protocol

B) Hashing

C) Cascading

D) Public Key Encryption

Answer 87

b

Question 88

88)  What process takes a variable sized long input of bits and produces a fixed, small sequence of bits that is effectively unique?

A) hashing

B) decoy protocol

C) public key encryption

D) cascading

Answer 88

a

Question 89

89)  This is a method of hiding nearly undetectable messages in images, documents, or other file types.

A) steganography

B) cryptography

C) symmetric encryption

D) cryptanalysis

Answer 89

a

Question 90

90)  In which way does the Combined Encryption combine symmetric and asymmetric encryption?

A) The secret key is symmetrically transmitted, the message itself asymmetrically.

B) First, the message is encrypted with asymmetric encryption and then it is encrypted symmetrically together with the key

C) The secret key is asymmetrically transmitted, the message itself symmetrically.

D) First, the message is encrypted with symmetric encryption and then it is encrypted asymmetrically together with the key

Answer 90

c

Question 91

91)  What does the “dd” Unix/Linux command do as part of computer forensics?

A) creates an exact duplicate of a disk image

B) duplicates the slackspace on a hard disk

C) copies the hard drive to a solid state drive

D) creates a hash of all of the contents of a drive

Answer 91

a

Question 92

92)  What are the two primary types of computer forensic investigations?

A) when a computer was the target of a crime and the computer itself was stolen

B) when a computer was used to commit a crime and when a computer was the target of a crime

C) when a computer was the target of a crime and when the computer was used by a criminal

D) when a computer was used to commit a crime and the crime involved medical records

Answer 92

b

Question 93

93)  What is the name of the special container used to hold electronic evidence that blocks the radio signals?

A) cell phone holder

B) Radio Frequency Identification (RFID)

C) signal blocking box

D) Faraday bag

Answer 93

d

Question 94

94)  Verifying the authentication of digital images is one form of forensic security. What are forensic techniques used to complete this verification?

A) Erase an image’s compression history and use its associated compression fingerprints

B) Use an image’s compression history after erasing its associated compression fingerprints

C) Use an image’s compression history and its associated compression fingerprints

D) Erase an image’s compression history and its associated compression fingerprints

Answer 94

c

Question 95

95)  Prosecuting cybercrimes is difficult because most of the evidence is digital. Forensic investigators must leverage a forensic investigation life cycle to ensure the confidentiality, integrity, or availability of digital evidence. Steps in the forensic investigation life cycle are:

A) Requirement Analysis, Representation of Evidence, Repository of Data

B) Requirement Analysis, Inaccuracy, Destruction of Evidence

C) Review of Evidence, Destruction of Evidence, Representation of Evidence

D) Representation of Evidence, Retrieval of Data, Inaccuracy

Answer 95

A

Question 96

96)  What standard company policy outlines what the organization considers to be the appropriate use of all computer resources?

A) Internet Usage Policy (IUP)

B) End User License Agreement (EULA)

C) Acceptable Use Policy (AUP)

D) Data Communication Standard (DCS)

Answer 96

c

Question 97

97)  U.S. Presidents use this power to set policy directives that implement or interpret federal statutes, a constitutional provision, or a treaty.

A) Legislation

B) Joint Resolution

C) Executive Orders

D) Public Law

Answer 97

c

Question 98

98)  This Act intended to enhance the security and resiliency of the cyber and communications infrastructure of the United States.

A) Federal Information Security Management Act of 2002

B) Computer Security Act of 1987

C) Cybersecurity Act of 2012

D) Confidential Information Protection and Statistical Efficiency Act of 2002

Answer 98

c

Question 99

99)  This is the mission of what federal organization – to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

A) Department of Homeland Security (DHS)

B) National Institute of Standards and Technology (NIST)

C) Office of Management and Budget (OMB)

D) Department of Commerce (DOC)

Answer 99

b

Question 100

100)  What are the three primary goals of the Comprehensive National Cybersecurity Initiative (CNCI)?

A) To establish a front line of defense against today’s immediate threats; To defend against the full spectrum of threats; To develop and implement a government-wide cyber counterintelligence (CI) plan.

B) To strengthen the future cybersecurity environment; To build cybersecurity capability in the electricity sector; To protect the nation’s communication grid from cyber threats

C) To establish a front line of defense against today’s immediate threats; To defend against the full spectrum of threats; To strengthen the future cybersecurity environment

D) To defend against the full spectrum of threats; To coordinate and redirect research and development (R&D) efforts; To develop and implement a government-wide cyber counterintelligence (CI) plan

Answer 100

c