Pre_Assessment Flashcards

1
Q

A military installation is evaluating backup solutions for its critical data. This installation operates in a harsh environment that is subjected to heat, humidity, and magnetic fields.

Which physical media should be selected to ensure the integrity of backups is preserved given these harsh operating conditions?

Tape media
Optical media
Hard drives
Flash drives
A

Opting for flash drives as a backup solution, especially for a military installation operating in harsh conditions, can be justified by several compelling advantages that flash drives offer in terms of durability, portability, and performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A university research group wants to collect data on animals that are native to southern Arizona, which is a hot, dry region. They plan to camp in tents for the summer at the edge of a national park and to use optical media to backup photos and research notes.

Which physical or environmental factor may damage their optical media?

Humidity
Temperature
Magnetic fields
Electric shocks
A

The physical or environmental factor that may damage their optical media in southern Arizona, known for its hot, dry region, is Temperature. High temperatures can warp or otherwise damage optical media such as CDs, DVDs, or Blu-ray discs, affecting the data stored on them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company developing and distributing open source applications realizes that attackers are copying the publicly available, open source code and inserting malware into the code.

Which type of cryptographic tool should the company use to protect the integrity of its open source applications?

Asymmetric cryptography
Block cipher
Hash functions
Symmetric cryptography
A

To protect the integrity of its open source applications and ensure that the code has not been tampered with, the company should use Hash functions. Hash functions generate a unique, fixed-size string (hash) from data (in this case, the source code). When users download the application, they can compute the hash of the downloaded code and compare it to the hash provided by the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Spear phishing attack

A

A spear phishing attack is a highly targeted type of phishing scam that aims to steal sensitive information or infect the target’s computer system with malware. Unlike broad phishing campaigns that target large groups of people with a generic message, spear phishing is meticulously crafted to target a specific individual, organization, or business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

While visiting a country in the European Union, an American purchases an expensive bottle of perfume with a credit card.

What does the European Union Directive 95/46/EC regulation safeguard for the purchaser?

Computer fraud and abuse
Personally identifiable information
Unfair trade practices
Right to return goods
A

The European Union Directive 95/46/EC, often referred to as the Data Protection Directive, safeguards the Personally Identifiable Information (PII) of individuals within the EU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company’s website policy states that ”To gain access to the corporate website, each employee must provide a valid user name and password, and then answer one of six security questions accurately.”

Which type of security does the policy address?

Operations
Application
Human element
Physical

A

Interpret the company’s policy as part of its operational security measures. Operational security (OpSec) encompasses the practices and decisions that manage and protect data assets, focusing on the procedures for handling and accessing data to prevent unauthorized access and ensure confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company wants to update its access control policy. The company wants to prevent hourly employees from logging in to company computers after business hours.

Which type of access control policy should be implemented?

Attribute-based
Mandatory
Discretionary
Physical

A

The company should implement an Attribute-based Access Control (ABAC) policy. ABAC uses policies that evaluate attributes (or characteristics) of user requests, which can include user attributes (like employee status or role), action attributes (like read or write), and environmental attributes (like time of day).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ICMP

A

ICMP, or Internet Control Message Protocol, is a network layer protocol used within the Internet Protocol Suite, as defined by RFC 792. It is primarily used by network devices, like routers and switches, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A small IT firm is required to authenticate remote customers who access the firm’s network.

Which protection technique should the IT firm employ to satisfy this requirement?

RAID
File encryption
Certificates
Data encryption
A

Certificates, specifically digital certificates in the context of IT security, are used to authenticate the identities of users, devices, or servers over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

MD5 (Message Digest Algorithm 5)

used for what?

A

Type: Hash function.
Use: MD5 is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value, typically rendered as a 32-character hexadecimal number. It’s used for creating a digital signature for a block of data, offering a way to verify data integrity. However, MD5 is not suitable for encryption or ensuring confidentiality since it’s a one-way function that does not involve keys. It’s considered to be vulnerable and not secure against collision attacks, where two different inputs produce the same output hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A company developing and distributing open source applications realizes that attackers are copying the publicly available, open source code and inserting malware into the code.

Which type of cryptographic tool should the company use to protect the integrity of its open source applications?

Asymmetric cryptography
Block cipher
Hash functions
Symmetric cryptography
A

Hash functions generate a unique, fixed-size string (hash) from data (in this case, the source code). When users download the application, they can compute the hash of the downloaded code and compare it to the hash provided by the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an example of symmetric key encryption?

AES
RSA
MD5
ECC
A

AES (Advanced Encryption Standard). In symmetric key encryption, the same key is used for both encryption and decryption of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A military installation is evaluating backup solutions for its critical data. This installation operates in a harsh environment that is subjected to heat, humidity, and magnetic fields.

Which physical media should be selected to ensure the integrity of backups is preserved given these harsh operating conditions?

Tape media
Optical media
Hard drives
Flash drives
A

Flash drives, also known as USB drives or thumb drives, are based on solid-state technology, which means they have no moving parts. This intrinsic characteristic makes them more durable and reliable than traditional hard drives, which can suffer from mechanical failures. Solid-state technology ensures that flash drives are less susceptible to physical damage from shocks, vibrations, and drops—a crucial advantage in harsh military environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

While visiting a country in the European Union, an American purchases an expensive bottle of perfume with a credit card.

What does the European Union Directive 95/46/EC regulation safeguard for the purchaser?

Computer fraud and abuse
Personally identifiable information
Unfair trade practices
Right to return good
A

The European Union Directive 95/46/EC, often referred to as the Data Protection Directive, safeguards the Personally Identifiable Information (PII) of individuals within the EU. This directive was aimed at protecting individuals’ privacy and personal data by regulating the processing of personal data within the European Union. It set the framework for EU member states to protect individuals’ privacy and personal data against misuse or unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly