Unit 2 Test Bullshit

Question 1

What is hashing?

Answer 1

Transforming any key or string of values into another.

Question 2

Who created Message Digest 5 (MD5) and what value does it create?

Answer 2

Ron Rivest and it produces a 128-bit hash value.

Question 3

What are the variants of Secure Hash Algorithm SHA?

Answer 3

SHA-224 (224 bit)
SHA-256 (256 bit)
SHA-384 (384 bit)
SHA-512 (512 bit)

Question 4

What is salting?

Answer 4

Salting adds another layer of security to hashing by allowing the owner to choose a string before hashing starts.

Question 5

(HMAC) is used for what?

Answer 5

Providing a key input to a hash algorithm to make it more secure.

Question 6

What do digital signatures provide?

Answer 6

used to determine if someone edits a document after the user signs it, check the authenticity of a message, digital document, or software.

Question 7

What is a digital certificate?

Answer 7

Enables users and orgs to exchange information securely over the internet.
Equivalent to an electronic passport.

Question 8

Hash functions are ______________ functions. It is computationally infeasible for two different sets of data to come up with the same output.

Answer 8

one-way

Question 9

Integrity ensures that data remains unchanged and __________________ by anyone or anything over its entire life cycle.

Answer 9

trustworthy

Question 10

Because a hash value changes every time data is changed, cryptographic hash values are often called digital ___________________________.

Answer 10

fingerprints

Question 11

Hashing is relatively easy to compute and equally easy to reverse.
T or F

Answer 11

F

Question 12

Cryptographic hash functions have the following properties:

Answer 12

a.
The output has a fixed length.

b.
Two different input values will almost never result in the same hash values.

f.
The input can be any length.

g.
The hash function is one way

Question 13

An 8-bit checksum calculates the hash by converting the message into ____________________ numbers

Answer 13

binary

Question 14

The 8-bit checksum 2’s complement converts a binary to its opposite value, and then it adds ___________

Answer 14

one

Question 15

What malware compromised the security of MD5 in 2012?

Answer 15

Flame

Question 16

SHA is short for what?

Answer 16

secure hash algorithm

Question 17

MD5 is short for what?

Answer 17

message digest 5

Question 18

What Cisco command verifies the integrity of IOS images used on Cisco routers?

Answer 18

verify / md5

Question 19

Hashing is vulnerable to ______________________ attacks and does not provide security to transmitted data.

Answer 19

man-in-the-middle

Question 20

A _________________________ attack attempts every possible combination of characters up to a given length.

Answer 20

brute-force

Question 21

A _______________________ attack uses a file containing common words, phrases, and passwords.

Answer 21

dictionary

Question 22

___________________ creates a different hash result for two users who have the same password.

Answer 22

salting

Question 23

A ____________________ table stores the pre-computed hashes of passwords in a password dictionary along with the corresponding password.

Answer 23

lookup

Question 24

CSPRNGs generate a random number that has a high level of randomness and is completely unpredictable, so it is cryptographically secure.
T or F

Answer 24

True

Question 25

VPNs using IPsec rely on HMAC functions to authenticate the origin of every packet and provide data integrity checking.
t or f

Answer 25

True

Question 26

A(n) ______________ trail tracks an electronic document’s history for regulatory and legal defense purposes.

Answer 26

audit

Question 27

_________________________ is a way to ensure that the sender of an electronic message or electronic document cannot deny having sent the message or document and that the recipient cannot deny having received the message or document.

Answer 27

Non-repudiation

Question 28

______________________ cryptography is the basis for digital signatures.

Answer 28

asymmetric

Question 29

_____________________________________________________(PKI) is the policies, roles, and procedures required to create, manage, distribute, use, store, and revoke digital certificates.

Answer 29

public key infrastructure

Question 30

A bank clerk has exceeded a predetermined number of record modifications within a specific period of time block.

Their manager must then flag the record as legitimate (or not). This is an example of what Data Field Validation Control?

Answer 30

maximum record modification trigger

Question 31

System locks from unusual activity indicate what Data Field Validation Control?

Answer 31

unusual activity trigger

Question 32

Data field validation via input ______________ prevents users from entering invalid data or help ensure that they enter data consistently.

Answer 32

masks

Question 33

What data integrity constraints matches these descriptions?

a. All rows must have a unique identifier called a Primary Key
b. All data stored in a column must follow the same format and definition.
c. A set of rules defined by a user which does not belong to one of the other categories
d. Table relationships must remain consistent

Answer 33

a. Entity Integrity
b. Domain Integrity
c. User-defined Integrity
d. Referential Integrity

Question 34

_________________ in a database signifies missing or unknown values.

Answer 34

null

Question 35

NIST developed a “best practices” for Business Continuity.

Place these steps in the proper order as presented in our reading (and from NIST):

Develop recovery strategies
Develop the contingency plan
Identify preventive controls
Calculate risk
Conduct the business impact analysis
Maintain the plan
Develop the policy statement
Test the plan

Answer 35

1. 
Develop the policy statement
2. 
Conduct the business impact analysis
3. 
Calculate risk
4. 
Identify preventive controls
5. 
Develop recovery strategies
6. 
Develop the contingency plan
7. 
Test the plan
8. 
Maintain the plan

Question 36

In regards to IT disaster recovery, preventative controls include keeping data backed up, keeping data backups off-site, using ____________________, or installing generators.

Answer 36

surge protectors

Question 37

In regards to IT disaster recovery, Detective controls include using up-to-date _______________ software.

Answer 37

antivirus

Question 38

An organization’s DRP restores mission critical systems first.

T or f

Answer 38

True

Question 39

What are strikes and walkouts considered? (event

Answer 39

Labor events

Question 40

What are vandalism, protests, sabotage ,terrorism, and war considered? (events

Answer 40

Social-political events

Question 41

__________________ is a Cisco IOS technology that provides statistics on packets flowing through a Cisco router or multilayer switch.

Answer 41

NetFlow

Question 42

An IPS device operates in __________________ mode.

Answer 42

inline

Question 43

CSIRT is the acronym for what term?

Answer 43

computer security incident response team

Question 44

______________________ is the methods and configurations used to make a system or network tolerant of failure.

Answer 44

resiliency

Question 45

The ability of a network to dynamically recover from the failure of a device acting as a default gateway is known as ________________ redundancy.

Answer 45

first-hop

Question 46

The _______________________________ is typically the router that provides devices access to the rest of the network or to the Internet.

If there is only one router serving in this role, it is a single point of failure.

Answer 46

default gateway

Question 47

_________________________ Protocol prevents loops on a network when switches interconnect via multiple paths.

Answer 47

Spanning tree

Question 48

With RAID:

_____[a]_____ detects data errors.

_____[b]_____ writes data across multiple drives.

_____[c]_____ stores duplicate data on a second drive.

Answer 48

parity

striping

mirroring

Question 49

What is the minimum number of disks in a RAID 0+1 ?

Answer 49

2

Question 50

What is the minimum number of disks in a RAID 1 ?

Answer 50

3

Question 51

A car has four tires and a spare tire in the trunk in case of a flat.

This is a comparative example of ____________ Redundancy

Answer 51

N + 1

Question 52

If an organization implements complex systems that are hard to understand and troubleshoot, it may actually backfire.

What type of defense best alleviates this issue?

Answer 52

Simplicity

Question 53

Concealing certain types of information makes it more difficult for cyber criminals to attack a system.

This would be considered what type of defense?

Answer 53

Obscurity

Question 54

To accomplish a goal of _____________________, organizations can use security products manufactured by different companies for multifactor authentication.

Answer 54

Diversity

Question 55

Employees in the the shipping department do not need access to marketing presentations to perform their jobs.

This is an example of what defense?

Answer 55

Limiting

Question 56

An organization stores its confidential documents on a server in a building surrounded by an electronic fence.

This is an example of what defense?

Answer 56

Layering

Question 57

Mitigation involves reducing the _____[a]_____ of the loss or the likelihood of the loss from occurring

Answer 57

Severity

Question 58

Many technical controls mitigate risk including authentication systems, _____[b]_____, and firewalls.

Answer 58

file permissions

Question 59

The ___________________ Corporation maintains the CVE List and its public website.

Answer 59

MITRE

Question 60

When discussing asset and systems standardization, COTS is short for what?

Answer 60

commercial off-the-shelf

Question 61

Asset management manages the __________________ and inventory of technology assets including devices and software.

Answer 61

lifecycle

Question 62

_____[a]_____ management includes a complete inventory of hardware and software.

This means that the organization needs to know all of components that can be subject to _____[b]_____ risks.

Answer 62

Asset

Security

Question 63

Fault _____________________ enables a system to continue operating if one or more components fail.

Answer 63

Tolerance

Question 64

What environment corresponds to these high availability requirements?

Maintain high availability for continuous trading, compliance, and customer trust

Require high availability to provide around-the-clock care for patients

Provide security and services to a community, state, or nation

Efficient supply chains and the delivery of products to customers

Communicate information on events as they happen

Answer 64

Finance industry

healthcare facilities

public safety industry

retail industry

news media industry

Question 65

Five nines mean that systems and services are available _________________ % of the time.

Answer 65

99.999

Question 66

With the Five Nines, ensuring high availability includes eliminating ________[a]_________ of failure, designing for reliability, and detecting _____[b]_____ as they occur.

Answer 66

a. single points

b. failures

Question 67

List one component of a perimeter security system (as discussed in our reading):

Answer 67

Bollard (blocks cars)

Question 68

implement VoIP security by encrypting voice message packets to protect against _____________________.

Answer 68

eavesdropping

Question 69

Many DoS attacks use ICMP as part of the attack

T or F

Answer 69

True

Question 70

Attackers can target DNS servers in order to deny access to network resources or redirect traffic to ________________ websites

Answer 70

rogue

Question 71

A port ____________________________ is an application that probes a device for open ports by sending a message to each port and waiting for a response.

Answer 71

scanner

Question 72

IEEE 802.__________ is now the industry standard for securing WLANs.

Answer 72

802.11g

Question 73

Port security on these devices limits the number of valid MAC addresses allowed on a port.

Answer 73

switches

Question 74

Threats to these devices include attacks against network protocols like ARP/STP.

Answer 74

switches

Question 75

Threats to these devices include attacks against network protocols like RIP/OSPF.

Answer 75

routers

Question 76

The ______________________ Operation Center (SOC) is a dedicated site that monitors, assesses, and defends the organization’s information systems such as websites, applications, databases, data centers, networks, servers, and user systems.

Answer 76

security

Question 77

The _________________ Operation Center (NOC) is one or more locations containing the tools that provide administrators with a detailed status of the organization’s network.

Answer 77

network

Question 78

Hardware-monitoring systems have become an essential security countermeasure

T or f

Answer 78

True

Question 79

Hardware monitoring systems are used to monitor the health of these systems and to minimize server and application ________________.

Answer 79

Downtime

Question 80

Commercial HVAC systems and other building management systems now connect to the Internet for remote monitoring and control.

These systems are often called “__________________ systems”

Answer 80

smart

Question 81

Power degradation includes ______________, which are prolonged low voltage issues

Answer 81

brownout

Question 82

Power degradation includes ___________________ current, which is an initial surge of power

Answer 82

inrush

Question 83

A(n) _____[a]_____ log tracks user authentication attempts.

A(n) _____[b]_____ log provides all of the details on requests for specific files on a system

Answer 83

a. audit

b. access

Question 84

In all versions of Windows except Home edition, enter _______________ at the Run command to open the Local Security Policy tool.

Answer 84

secpol.msc

Question 85

An account _________________ Policy locks a computer for a configured duration when too many incorrect login attempts occur.

Answer 85

lockout

Question 86

When a computer is not part of an Active Directory domain, the user configures policies through Windows _______________ Security Policy.

Answer 86

local

Question 87

Best practices for securing privileged accounts includes establishing a process for ______________________ of rights when employees leave or change jobs

Answer 87

revocation

Question 88

Best practices for securing privileged accounts includes implementing a _________________ between the end-user and sensitive assets to limit network exposure to malware

Answer 88

gateway

Question 89

Privileged accounts have the credentials to gain access to systems and they provide _____________________, unrestricted access.

Answer 89

Elevated

Question 90

A simple method that many administrators use to help secure the network from unauthorized access is to disable all unused ________________ on a switch.

Answer 90

ports

Question 91

Telnet is an older protocol that uses unsecure _____[a]_____ transmission of both the login authentication.

Secure Shell (SSH) is a protocol that provides a secure _____[b]_____ management connection to a remote device.

Answer 91

a. Plaintext

b. Encrypted

Question 92

SSH uses what TCP port?

Answer 92

22

Question 93

Telnet uses what TCP port?

Answer 93

23

Question 94

Remote Desktop used which port number (by default)?

Answer 94

3389

Question 95

Remote ____________________ allows technicians to assist customers with problems from a remote location.

Answer 95

Assistance

Question 96

Higher frequency RFID systems have a faster data transfer rate and shorter read ranges.
T or F

Answer 96

False

Question 97

Higher frequency RFID systems are more sensitive to radio wave interference.
T or F

Answer 97

True

Question 98

_________________________________ identification (RFID) uses radio waves to identify and track objects.

Answer 98

radio frequency

Question 99

RFID tags contain an integrated circuit that connects to an ______________.

Answer 99

antenna

Question 100

Using GPS to locate a cell phone without the user’s permission is legal.

Answer 100

false

Question 101

GPS tracking can pinpoint a location within __________________ meters.

Answer 101

100 meters

Question 102

A ________________________ lock uses buttons that a user presses in a given sequence to open the door.

Answer 102

cipher

Question 103

Many portable devices and expensive computer monitors have a special steel bracket security slot built in to use in conjunction with __________________________.

Answer 103

cable locks

Question 104

Disk _____________________ copies the contents of the computer’s hard disk to an image file.

Answer 104

cloning

Question 105

With ________________, any applications installed or files saved are lost when the system restarts.

Answer 105

deep freezing

Question 106

Always _________________________ backups to ensure the integrity of the data.

Answer 106

validate

Question 107

Before using BitLocker, a user needs to enable Trusted Platform Module (TPM) in the BIOS.

The TPM is a specialized chip installed on the ________________________________.

Answer 107

motherboard

Question 108

A user can also choose to encrypt an entire hard drive in Windows using a feature called ______________________________.

Answer 108

BitLocker

Question 109

With EFS, only the user that encrypted the data will be able to access the encrypted files or folders.

Answer 109

True

Question 110

According to the Principle of ______________________________, users should be limited to only the resources they need on a computer system or on a network.

Answer 110

Least Privilege

Question 111

Will these actions keep permissions or inherit new ones?

Data moved to the same volume

Data copied to the same volume

Data moved to a different volume

Data copied to a different volume

Answer 111

Moved to same/keep

copied to save/new

moved to diff/new

copied to diff/new

Question 112

To prevent rouge access points, the computer industry developed ____________________ authentication, also called two-way authentication

Answer 112

mutual

Question 113

With WPA-PSK, the PSK is short for what?

Answer 113

pre-shared key

Question 114

A significant security improvement from WPA to WPA2 was the mandatory use of AES _________________

Answer 114

algorithms

Question 115

AES superseded TKIP for even key management and encryption protection.
T or F

Answer 115

True

Question 116

Mobile devices transmit data using ________________ signals that any device with a compatible antenna can receive.

Answer 116

radio

Question 117

Remote-access users must have a VPN ___________________ installed on their computers to form a secure connection with the corporate private network.

Answer 117

client

Question 118

Manufacturers may combine patches and upgrades into a comprehensive update application called a _______________________.

Answer 118

service pack

Question 119

___________________________________________________ assesses missing security updates and security misconfigurations in Microsoft Windows.

Answer 119

Microsoft baseline security analyzer

Question 120

MBSA checks blank, _______________________, or non-existent passwords

Answer 120

simple

Question 121

An administrator hardens an operating system by modifying the default _____[a]_____ to make it more secure to outside threats.

This process includes the removal of unnecessary programs and _____[b]_____.

Answer 121

a. configuration

b. services

Question 122

Device hardening involves implementing proven methods of physically securing network devices.

Answer 122

True

Question 123

A job site _________________________ is a job search site that gathers listings from other job board and company career sites and displays them in a single location.

Answer 123

aggregator

Question 124

The _________________________________________ is the top information security officer reporting to the CIO. The CISO is a business manager first, technologist second.

Answer 124

chief information security officer

Question 125

Kali _______________ incorporates more than 300 penetration testing and security auditing programs.

Answer 125

Linux

Question 126

“Kali Linux is an open source project that is maintained and funded by _______________________, a provider of world-class information security training and penetration testing services.”

Answer 126

offensive security

Question 127

Pen testing is the same as vulnerability testing.

t or f

Answer 127

False

Pen testing is done by humans to determine the degree to which a malicious attacker can gain unauthorized access to your assets. A vulnerability scan is typically automated.

Question 128

A vulnerability scanner looks for the following types of vulnerabilities:

Use of _____[a]_____ passwords or common passwords
Missing patches
Open _____[b]_____
Misconfiguration of operating systems and software
_____[c]_____ IP addresses

Answer 128

a. default
b. ports
c. active

Question 129

The Advanced Cyber Security Center (ACSC) is a _____[a]_____ organization that brings together industry, academia, and government to address advanced cyber threats.

The organization shares information on cyber threats, engages in cybersecurity research and development, and creates _____[b]_____ programs to promote the cybersecurity profession.

Answer 129

a. non-profit

b. education

Question 130

“The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the ______________ worm.

Answer 130

Li0n

Question 131

The Internet Storm Center (ISC) gathers millions of _____________________ from intrusion detection systems every day using sensors covering 500,000 IP addresses in over 50 countries.

Answer 131

log entries

Question 132

CERT (in regards to SEI) stands for what?

Answer 132

Computer emergency response team

Question 133

The CERT Division of SEI studies and solves problems in the cybersecurity arena including security vulnerabilities in _____[a]_____ products, changes in _____[b]_____ systems, and training to help improve cybersecurity.

Answer 133

a. software

b. networked

Question 134

SCAP is a method for using specific standards to automate vulnerability management, measurement, and policy compliance evaluation.
t or F

Answer 134

True

Question 135

The ________________________________________________________ is a U.S. government repository of standards-based vulnerability management data that uses SCAP.

Answer 135

National vulnerability database

Question 136

The NVD uses the Common Vulnerability ________________ System to assess the impact of vulnerabilities.

Answer 136

scoring

Question 137

SCAP is the acronym for what?

Answer 137

security content automation protocol

Question 138

The Convention on Cybercrime is also known as the _______________________________________________________

Answer 138

Budapest convention on cybercrime

Question 139

A _________________________________________________ (or PIA) ensures that personally identifiable information (PII) is properly handled throughout an organization.

Answer 139

privacy impact assessment

Question 140

Computer Fraud and Abuse Act was created in 1986

t of f

Answer 140

true

Question 141

The Computer Fraud and Abuse Act (CFAA) makes it a crime to knowingly access a computer considered either a government computer or a computer used in interstate _________________, without permission.

Answer 141

commerce

Question 142

What are the primary sources of laws and regulations in the United States?

Answer 142

statutory/written laws

common/established by court

administrative/government agencies

Question 143

“BJA provides leadership and services in ____________________ administration and criminal justice policy development to support local, state, and tribal law enforcement in achieving safer communities.”

Answer 143

grant

Question 144

The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical ______________________________.”

Answer 144

infrastructure

Question 145

The Software & Information Industry Association is the principal trade association for the software and digital content industry.

SIIA provides global services in government relations, business development, corporate education and ____________________________ protection to the leading companies that are setting the pace for the digital age.”

Answer 145

intellectual property

Question 146

“The mission of the Internet Crime Complaint Center is to provide the public with a reliable and convenient _______________________ mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners.”

Answer 146

reporting

Question 147

“NW3C provides a nationwide support system for ___________________________ and regulatory agencies involved in the prevention, investigation and prosecution of economic and high-tech crime.”

Answer 147

law enforcement

Question 148

A computer may be involved in a cybercrime in different ways (per our reading).

Answer 148

computer-targeted/ targeted

computer-incidental/information like customer lists for traffickers

computer-assisted/used as a tool

Question 149

An open lobby that allows a visitor to walk straight through to the inside facilities represent what kind of common threat?

Answer 149

physical facilities

Question 150

Malware represents what kind of common threat?

Answer 150

devices

Question 151

A misconfigured firewall represents what kind of common threat?

Answer 151

LAN

Question 152

Software as a service (SaaS) is a subscription-based model that provides access to software that is centrally hosted and accessed by users via a _____[a]_____.

Platform as a service (PaaS) provides a platform that allows an organization to develop, run, and manage its _____[b]_____ on the service’s hardware using tools that the service provides.

Infrastructure as a service (IaaS) provides _____[c]_____ computing resources such as hardware, software, servers, storage and other infrastructure components over the Internet.

Note: no partial credit given

Answer 152

a. web browser
b. applications
c. virtualized

Question 153

Data theft by users can cost organizations financially resulting in damage to an organization’s _____[a]_____ or posing a legal _____[b]_____ associated with disclosure of sensitive information.

Answer 153

a. reputation

b. liability