section 9-10 Flashcards
A systems administrator needs to set up a secure, cloud-based file transfer environment between two data centers. Which of the following architecture models would meet this requirement?
a.
FTP.
b.
HSM.
c.
SDN.
d.
PKI.
d.
PKI.Your Answer: Correct
Public Key Infrastructure (PKI) provides the means to securely transfer files using encryption and digital certificates. This ensures secure communication and data transfer between the two data centers.
A company wants to deploy PKI on its internet-facing website. The applications that are currently deployed are www.company.com (main website) contact.us.company.com (for locating a nearby location) quotes.company.com (for requesting a price quote) The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would best meet the requirements?
a.
SAN.
b.
Wildcard.
c.
Extended validation.
d.
Self-signed.
b.
Wildcard.Your Answer: Correct
A wildcard certificate is designed to secure a single domain and all its subdomains. It will cover the existing applications and any future applications that follow the same naming conventions ‘(e.g., *.company.com).’
Which of the following describes the process of concealing code or text inside a graphical image?
a.
Symmetric encryption.
b.
Hashing.
c.
Data masking.
d.
Steganography.
d.
Steganography.Your Answer: Correct
Steganography is the process of concealing code or text inside a graphical image.
A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?
a.
Encryption at rest.
b.
Masking.
c.
Data classification.
d.
Permission restrictions.
a.
Encryption at rest.Correct Answer
Encryption at rest ensures that data on stolen laptops remains unreadable to unauthorized users.
A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?
a.
Hashing.
b.
Tokenization.
c.
Encryption.
d.
Segmentation.
c.
Encryption.Your Answer: Correct
Encryption ensures that sensitive data at rest is rendered unreadable to unauthorized users.
Which of the following is used to validate a certificate when it is presented to a user?
a.
OCSP.
b.
CSR.
c.
CA.
d.
CRC.
a.
OCSP.Your Answer: Correct
Online Certificate Status Protocol (OCSP) checks the revocation status of an X.509 digital certificate.
An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?
a.
Tokenization.
b.
Hashing.
c.
Obfuscation.
d.
Segmentation.
b.
Hashing.Your Answer: Correct
Hashing passwords ensures that even if the log-in database is breached, the actual passwords are not easily retrievable.
A systems administrator uses a key to encrypt a message being sent to a peer in a different branch office. The peer then uses the same key to decrypt the message. Which of the following describes this example?
a.
Symmetric.
b.
Asymmetric.
c.
Hashing.
d.
Salting.
a.
Symmetric.Your Answer: Correct
Symmetric encryption uses the same key for both encryption and decryption, as described in the scenario
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
a.
Key stretching.
b.
Data masking.
c.
Steganography.
d.
Salting.
d.
Salting.Your Answer: Correct
Salting involves adding a unique, random value to the input before hashing to prevent attackers from using precomputed hash tables to crack passwords.
A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?
a.
Partition.
b.
Asymmetric.
c.
Full disk.
d.
Database.
c.
Full disk.Your Answer: Correct
Full disk encryption (FDE) ensures that all data on a laptop’s hard drive is encrypted, providing comprehensive protection against data breaches if the device is lost or stolen.
One of the attendees at a meeting starts to notice delays in the connection, and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?
a.
Birthday collision on the certificate key.
b.
DNS hacking to reroute traffic.
c.
Brute force to the access point.
d.
A SSL/TLS downgrade.
d.
A SSL/TLS downgrade.Your Answer: Correct
An SSL/TLS downgrade attack forces the connection to revert from a secure HTTPS to an insecure HTTP, compromising the security of the data transmission.
An audit report showed that a former employee saved the following files to an external USB drive before the employee’s termination date annual_tax_form.pdfF encrypted_passwords.db team_picture.jpg contact_list.db human_resources.txt Which of the following could the former employee do to potentially compromise corporate credentials?
a.
Perform an offline brute-force attack.
b.
Use the files to create a rainbow table.
c.
Conduct a token replay.
d.
Release a network dictionary attack.
a.
Perform an offline brute-force attack.Your Answer: Correct
The file encrypted_passwords.db suggests that it contains encrypted passwords. The former employee could perform an offline brute-force attack to try to decrypt these passwords, potentially compromising corporate credentials.
A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)
a. Key escrow.
b. Certificate authority linking.
c. Digital signatures.
d. Data tokenization.
e. Public key management.
f. TPM presence.
a. Key escrow.Your Answer: Correct
Key escrow securely stores encryption keys for recovery, ensuring that data can be decrypted if keys are lost or corrupted.
f. TPM presence.
In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?
a.
Key stretching.Incorrect
b.
Tokenization.
c.
Data masking.
d.
Salting.
d.
Salting.Your Answer: Correct
Adding a random string (salt) to a password before hashing it makes it significantly harder for attackers to use precomputed hash tables (rainbow tables) to crack passwords.
