Mister Potato
Quiz von , erstellt am more than 1 year ago

Engineering (final) Quiz am turn on the blender please, erstellt von Mister Potato am 29/03/2019.

39
1
0
Mister Potato
Erstellt von Mister Potato vor mehr als 5 Jahre
Schließen

turn on the blender please

Frage 1 von 58

1

A security specialist is tasked to ensure that files transmitted between the headquarters office and the branch office are not altered during transmission. Which two algorithms can be used to achieve this task? (Choose two.)

Wähle eine oder mehr der folgenden:

  • 3DES

  • HMAC

  • AES

  • SHA-1

  • MD5

Erklärung

Frage 2 von 58

1

What technology has a function of using trusted third-party protocols to issue credentials that are accepted as an authoritative identity?

Wähle eine oder mehr der folgenden:

  • hashing algorithms

  • digital signatures

  • symmetric keys

  • PKI certificates

Erklärung

Frage 3 von 58

1

What are the two important components of a public key infrastructure (PKI) used in network security? (Choose two.)

Wähle eine oder mehr der folgenden:

  • symmetric encryption algorithms

  • certificate authority

  • intrusion prevention system

  • digital certificates

  • pre-shared key generation

Erklärung

Frage 4 von 58

1

Which statement describes statistical data in network security monitoring processes?

Wähle eine oder mehr der folgenden:

  • It shows the results of network activities between network hosts.

  • It contains conversations between network hosts.

  • It is created through an analysis of other forms of network data.

  • It lists each alert message along with statistical information.

Erklärung

Frage 5 von 58

1

How does a web proxy device provide data loss prevention (DLP) for an enterprise?

Wähle eine oder mehr der folgenden:

  • by checking the reputation of external web servers

  • by functioning as a firewall

  • by inspecting incoming traffic for potential exploits

  • by scanning and logging outgoing traffic

Erklärung

Frage 6 von 58

1

Which capability is provided by the aggregation function in SIEM?

Wähle eine oder mehr der folgenden:

  • reducing the volume of event data by consolidating duplicate event records

  • searching logs and event records of multiple sources for more complete forensic analysis

  • presenting correlated and aggregated event data in real-time monitoring

  • increasing speed of detection and reaction to security threats by examining logs from many systems and applications

Erklärung

Frage 7 von 58

1

Which SIEM function is associated with speeding up detection of security threats by examining logs and events from different systems?

Wähle eine oder mehr der folgenden:

  • forensic analysis

  • retention

  • correlation

  • aggregation

Erklärung

Frage 8 von 58

1

Which algorithm is used to automatically generate a shared secret for two systems to use in establishing an IPsec VPN?

Wähle eine oder mehr der folgenden:

  • SSL

  • DES

  • AH

  • DH

  • ESP

  • 3DES

Erklärung

Frage 9 von 58

1

Which statement describes the Software-Optimized Encryption Algorithm (SEAL)?

Wähle eine oder mehr der folgenden:

  • It uses a 112-bit encryption key.

  • It requires more CPU resources than software-based AES does.

  • It is an example of an asymmetric algorithm.

  • SEAL is a stream cipher

Erklärung

Frage 10 von 58

1

What technology allows users to verify the identity of a website and to trust code that is downloaded from the Internet?

Wähle eine oder mehr der folgenden:

  • encryption

  • asymmetric key algorithm

  • digital signature

  • hash algorithm

Erklärung

Frage 11 von 58

1

The IT company is recommending the use of PKI applications. In which two instances might the entrepreneur make use of PKIs? (Choose two.)

Wähle eine oder mehr der folgenden:

  • 802 is authentication

  • HTTPS web service

  • FTP transfers

  • Local NTP server

  • File and directory access permission

Erklärung

Frage 12 von 58

1

What is the term used to describe an email that is targeting a specific person employed at a financial institution?

Wähle eine oder mehr der folgenden:

  • spam

  • spyware

  • vishing

  • target phishing

  • spear phishing

Erklärung

Frage 13 von 58

1

What type of malware has the primary objective of spreading across the network?

Wähle eine oder mehr der folgenden:

  • virus

  • worm

  • Trojan horse

  • botnet

Erklärung

Frage 14 von 58

1

Which type of Trojan horse security breach uses the computer of the victim as the source device to launch other attacks?

Wähle eine oder mehr der folgenden:

  • DoS

  • FTP

  • data-sending

  • proxy

Erklärung

Frage 15 von 58

1

A company pays a significant sum of money to hackers in order to regain control of an email and data server. Which type of security attack was used by the hackers?

Wähle eine oder mehr der folgenden:

  • DoS

  • spyware

  • Trojan horse

  • ransomware

Erklärung

Frage 16 von 58

1

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

Wähle eine oder mehr der folgenden:

  • Trojan

  • vishing

  • phishing

  • backdoor

Erklärung

Frage 17 von 58

1

A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors? (Choose two.)

Wähle eine oder mehr der folgenden:

  • The computer emits a hissing sound every time the pencil sharpener is used.

  • The computer freezes and requires reboots

  • No sound emits when an audio CD is played

  • The computer gets increasingly slower to respond

  • The computer beeps once during the boot process.

Erklärung

Frage 18 von 58

1

Why would a rootkit be used by a hacker?

Wähle eine oder mehr der folgenden:

  • to gain access to a device without being detected

  • to do reconnaissance

  • to reverse engineer binary files

  • to try to guess a password

Erklärung

Frage 19 von 58

1

Which access attack method involves a software program that attempts to discover a system password by the use of an electronic dictionary?

Wähle eine oder mehr der folgenden:

  • packet sniffer attack

  • denial of service attack

  • buffer overflow attack

  • brute-force attack

  • port redirection attack

  • IP spoofing attack

Erklärung

Frage 20 von 58

1

What are two evasion methods used by hackers? (Choose two.)

Wähle eine oder mehr der folgenden:

  • scanning

  • encryption

  • access attack

  • phishing

  • resource exhaustion

Erklärung

Frage 21 von 58

1

Which type of hacker is motivated to protest against political and social issues?

Wähle eine oder mehr der folgenden:

  • cybercriminal

  • script kiddie

  • vulnerability broker

  • hacktivist

Erklärung

Frage 22 von 58

1

What is a significant characteristic of virus malware?

Wähle eine oder mehr der folgenden:

  • Virus malware is only distributed over the Internet.

  • Once installed on a host system, a virus will automatically propagate itself to other systems.

  • A virus is triggered by an event on the host system.

  • A virus can execute independently of the host system.

Erklärung

Frage 23 von 58

1

What are three techniques used in social engineering attacks? (Choose three.)

Wähle eine oder mehr der folgenden:

  • vishing

  • phishing

  • pretexting

  • buffer overflow

  • man-in-the-middle

  • sending junk email

Erklärung

Frage 24 von 58

1

What are two purposes of launching a reconnaissance attack on a network? (Choose two.)

Wähle eine oder mehr der folgenden:

  • to retrieve and modify data

  • to scan for accessibility

  • to escalate access privileges

  • to prevent other users from accessing the system

  • to gather information about the network and devices

Erklärung

Frage 25 von 58

1

What is a main purpose of launching an access attack on network systems?

Wähle eine oder mehr der folgenden:

  • to prevent other users from accessing the system

  • to scan for accessible networks

  • to gather information about the network

  • to retrieve data

Erklärung

Frage 26 von 58

1

What is a characteristic of a Trojan horse as it relates to network security?

Wähle eine oder mehr der folgenden:

  • Extreme quantities of data are sent to a particular network device interface.

  • An electronic dictionary is used to obtain a password to be used to infiltrate a key network device.

  • Too much information is destined for a particular memory block, causing additional memory areas to be affected.

  • Malware is contained in a seemingly legitimate executable program.

Erklärung

Frage 27 von 58

1

In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?

Wähle eine oder mehr der folgenden:

  • reset attack

  • session hijacking attack

  • port scan attack

  • SYN flood attack

Erklärung

Frage 28 von 58

1

Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. Which type of attack was achieved?

Wähle eine oder mehr der folgenden:

  • Access

  • DoS

  • DDoS

  • Social engineering

Erklärung

Frage 29 von 58

1

Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable. What would be the threat attribution in this case?

Wähle eine oder mehr der folgenden:

  • Evaluating the server alert data

  • Obtaining the most volatile evidence

  • Determining who is responsible for the attack

  • Reporting the incident to the proper authorities

Erklärung

Frage 30 von 58

1

What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?

Wähle eine oder mehr der folgenden:

  • password policies

  • identification and authentication policies

  • remote access policies

  • acceptable use policies

Erklärung

Frage 31 von 58

1

Which AAA component can be established using token cards?

Wähle eine oder mehr der folgenden:

  • authorization

  • authentication

  • auditing

  • accounting

Erklärung

Frage 32 von 58

1

What service determines which resources a user can access along with the operations that a user can perform?

Wähle eine oder mehr der folgenden:

  • authentication

  • biometric

  • authorization

  • accounting

  • token

Erklärung

Frage 33 von 58

1

A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?

Wähle eine oder mehr der folgenden:

  • availability

  • confidentiality

  • integrity

  • scalability

Erklärung

Frage 34 von 58

1

A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?

Wähle eine oder mehr der folgenden:

  • automation

  • accounting

  • authentication

  • authorization

Erklärung

Frage 35 von 58

1

A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

Wähle eine oder mehr der folgenden:

  • integrity

  • scalability

  • availability

  • confidentiality

Erklärung

Frage 36 von 58

1

In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks? (Choose three.)

Wähle eine oder mehr der folgenden:

  • assets that need protection

  • location of attacker or attackers

  • total number of devices that attach to the wired and wireless network

  • threats to assets

  • vulnerabilities in the system

  • past security breaches

Erklärung

Frage 37 von 58

1

Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?

Wähle eine oder mehr der folgenden:

  • statement of authority

  • statement of scope

  • campus access policy

  • Internet access policy

  • identification and authentication policy

Erklärung

Frage 38 von 58

1

Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?

Wähle eine oder mehr der folgenden:

  • mandatory access control (MAC)

  • discretionary access control (DAC)

  • attribute-based access control (ABAC)

  • Non-discretionary access control

Erklärung

Frage 39 von 58

1

In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences?

Wähle eine oder mehr der folgenden:

  • risk reduction

  • risk avoidance

  • risk retention

  • risk sharing

Erklärung

Frage 40 von 58

1

Which criterion in the Base Metric Group Exploitability metrics reflects the proximity of the threat actor to the vulnerable component?

Wähle eine oder mehr der folgenden:

  • user interaction

  • attack vector

  • attack complexity

  • privileges required

Erklärung

Frage 41 von 58

1

Which statement describes the term attack surface?

Wähle eine oder mehr der folgenden:

  • It is the total sum of vulnerabilities in a system that is accessible to an attacker.

  • It is the group of hosts that experiences the same attack.

  • It is the network interface where attacks originate.

  • It is the total number of attacks toward an organization within a day.

Erklärung

Frage 42 von 58

1

What type of antimalware program is able to detect viruses by recognizing various characteristics of a known malware file?

Wähle eine oder mehr der folgenden:

  • behavior-based

  • agent-based

  • signature-based

  • heuristic-based

Erklärung

Frage 43 von 58

1

The IT security personnel of an organization notice that the web server deployed in the DMZ is frequently targeted by threat actors. The decision is made to implement a patch management system to manage the server. Which risk management strategy method is being used to respond to the identified risk?

Wähle eine oder mehr der folgenden:

  • risk avoidance

  • risk retention

  • risk reduction

  • risk sharing

Erklärung

Frage 44 von 58

1

For network systems, which management system addresses the inventory and control of hardware and software configurations?

Wähle eine oder mehr der folgenden:

  • asset management

  • vulnerability management

  • risk management

  • configuration management

Erklärung

Frage 45 von 58

1

Which type of antimalware software detects and mitigates malware by analyzing suspicious activities?

Wähle eine oder mehr der folgenden:

  • heuristics-based

  • packet-based

  • behavior-based

  • signature-based

Erklärung

Frage 46 von 58

1

Which security procedure would be used on a Windows workstation to prevent access to a specific set of websites?

Wähle eine oder mehr der folgenden:

  • whitelisting

  • HIDS

  • blacklisting

  • baselining

Erklärung

Frage 47 von 58

1

Which two criteria in the Base Metric Group Exploitability metrics are associated with the complexity of attacks?

Wähle eine oder mehr der folgenden:

  • scope

  • attack complexity

  • user interaction

  • attack vector

  • privileges required

Erklärung

Frage 48 von 58

1

What is a host-based intrusion detection system (HIDS)?

Wähle eine oder mehr der folgenden:

  • It identifies potential attacks and sends alerts but does not stop the traffic.

  • It detects and stops potential direct attacks but does not scan for malware.

  • It is an agentless system that scans files on a host for potential malware.

  • It combines the functionalities of antimalware applications with firewall protection.

Erklärung

Frage 49 von 58

1

In addressing an identified risk, which strategy aims to stop performing the activities that create risk?

Wähle eine oder mehr der folgenden:

  • risk reduction

  • risk avoidance

  • risk retention

  • risk sharing

Erklärung

Frage 50 von 58

1

Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable.The security team at this company has removed the compromised server and preserved it with the security hack still embedded. What type of evidence is this?

Wähle eine oder mehr der folgenden:

  • Best

  • Classified

  • Corroborating

  • Indirect

Erklärung

Frage 51 von 58

1

What programs provide a complete audit trail of basic information about every IP flow forwarded on a device?

Wähle eine oder mehr der folgenden:

  • SPAN

  • Wireshark

  • NetFlow

  • SIEM

Erklärung

Frage 52 von 58

1

Grey Hat Hackers are

Wähle eine oder mehr der folgenden:

  • Commit crimes and do unethical things but not for personal gain or to cause damage. OR
    May compromise network and then disclose the problem so the organization can fix the problem.

  • wws

Erklärung

Frage 53 von 58

1

“Vulnerability Broker” Threat Actors

Wähle eine oder mehr der folgenden:

  • Discover exploits and report them to vendors, sometimes for prizes or rewards

  • wws

Erklärung

Frage 54 von 58

1

Definition of the attack " Sniffer "

Wähle eine oder mehr der folgenden:

  • an application or device that can read, monitor, and capture network data exchanges and read network packets

  • wws

Erklärung

Frage 55 von 58

1

What is the significant characteristic of worm malware?

Wähle eine oder mehr der folgenden:

  • Executes arbitrary code and installs itself in the memory of the infected device.
    Automatically replicates itself and spreads across the network from system to system.
    Components of a worm attack include an exploiting vulnerability, delivering a malicious payload, and self-propagation.
    Virus requires a host program to run, worms can run by themselves.

  • wws

Erklärung

Frage 56 von 58

1

White Hat Hackers are

Wähle eine oder mehr der folgenden:

  • Ethical hackers who use their programming skills for good, ethical, and legal purposes.
    Perform penetration tests to discover vulnerabilities and report to developers before exploitation.

  • wws

Erklärung

Frage 57 von 58

1

Black Hat Hackers are

Wähle eine oder mehr der folgenden:

  • Unethical criminals who violate security for personal gain, or for malicious reasons, such as attacking networks.

  • wws

Erklärung

Frage 58 von 58

1

Types of attacks targeting IP:

Wähle eine oder mehr der folgenden:

  • ICMP attacks
    DoS attacks
    DDoS attacks
    Address spoofing attacks
    Man-in-the-middle attack (MITM)
    Session hijacking

  • wws

Erklärung