Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Intro to cyber F3
| Question | Answer |
|---|---|
| What type of access control is implemented when a login warning banner outlines consequences for policy violations? | deterrent |
| What technology involves substituting sensitive data with non-sensitive equivalents? | masking |
| What encryption algorithm uses one key to encrypt data and a different key to decrypt data? | asymmetric |
| What are three examples of administrative access controls? | policies and procedures background checks hiring practices |
| What NSA-endorsed cryptographic algorithm utilizes elliptical curves for digital signatures and key exchange? | ECC |
| What is the term for the encryption method that involves rearranging letters to produce ciphertext? | transposition |
| Which encryption algorithm relies on a single, pre-shared key for both encryption and decryption? | symmetric |
| What asymmetric algorithm enables secure secret key exchange? | Diffie-Hellman |
| What 128-bit block cipher algorithm is used by the US government for securing classified data? | AES |
| Which three protocols rely on asymmetric key algorithms? | Secure Shell (SSH) Secure Sockets Layer (SSL) Pretty Good Privacy (PGP) |
| What's the security concern when shopping online and the browser doesn't display a lock icon, even though the site requires login credentials? | The transaction is unencrypted and vulnerable to interception. |
| What three types of attacks can be prevented by implementing salting? | rainbow tables reverse lookup tables lookup tables |
| How can a user guarantee the integrity of a newly created program when distributing it within the company, ensuring it remains unchanged during download? | Generate a hash for the program file to verify its integrity post-download. |
| In which three scenarios can a hashing function be utilized? | PKI IPsec CHAP |
| What database integrity requirement mandates that each table have a primary key with unique, non-null values? | entity integrity |
| What are the steps involved in generating a digital signature? | Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document. |
| To ensure connection integrity and authenticity using IPsec with SHA-1, what security tool should be implemented? | HMAC |
| To verify authenticity, what could have been included in the email to confirm it genuinely originated from the security officer? | digital signature |
| What is an advantage of utilizing a hashing function? | It is a one-way function and not reversible. |
| What is the standard framework for managing digital certificates within a public key infrastructure? | 509 |
| Which RAID level provides disk striping with parity across three disks? | 5 |
| In which phase of incident response planning is management approval typically obtained? | preparation |
| A user is tasked with conducting a risk analysis for a company and requests the asset database listing all equipment. What type of risk analysis can they perform with this information? | quantitative |
| What three options are available to add redundancy to company routers? | GLBP VRRP HSRP |
| After cataloging data locations, what two steps can be taken to classify data and establish sensitivity criteria? | Determine data sensitivity levels Assign data ownership. |
| What three essential pieces of information should be included in the asset database? | Hardware Network devices Operating systems |
| To ensure high availability and prevent Layer 2 looping, what technology should the user implement to provide redundant switching? | Spanning Tree Protocol |
| What type of risk analysis can the user conduct to assess the company's security posture by examining past attacks and vulnerabilities? | qualitative |
| What security approach is the user implementing by deploying multiple layers of firewalls and intrusion detection/prevention systems? | layered |
| Which three industries should be recommended to require 99.999% (five-nine) availability? | healthcare finance public safety |
| What three processes serve as examples of logical access controls? | fences to protect the perimeter of a building an intrusion detection system (IDS) monitors for suspicious network activity biometrics verify identity through physical attributes |
| What 128-bit block cipher algorithm is used by the US government for securing classified data? | AES |
| What type of cipher encrypts plaintext one byte or one bit at a time? | stream |
| What type of cipher encrypts fixed-length plaintext blocks into 128-bit ciphertext blocks? | block |
| What technology safeguards software against unauthorized access or alteration? | watermarking |
| What is the term for the encryption method that involves rearranging letters to produce ciphertext? | transposition |
| What type of access control is implemented when a login warning banner outlines consequences for policy violations? | deterrent |
| What technology involves substituting sensitive data with non-sensitive equivalents? | masking |
| What asymmetric algorithm enables secure secret key exchange? | Diffie-Hellman |
| What are three examples of administrative access controls? | policies and procedures background checks hiring practices |
| What is the term used to describe the science of making and breaking secret codes? | cryptology |
| What encryption algorithm uses one key to encrypt data and a different key to decrypt data? | asymmetric |
| What three devices serve as examples of physical access control measures? | video cameras locks swipe cards |
| What is the term for hiding data within another file, such as an image, audio, or text file? | steganography |
| Which encryption algorithm relies on a single, pre-shared key for both encryption and decryption? | symmetric |
| What two terms describe cryptographic keys? | key space key length |
| What NSA-endorsed cryptographic algorithm utilizes elliptical curves for digital signatures and key exchange? | ECC |
| What technique involves systematically attempting every possible password combination until the correct one is identified? | brute force |
| What solution can prevent identical password hashes for Alice and Bob, despite sharing the same password? | salting |
| What is an advantage of utilizing a hashing function? | It is a one-way function and not reversible. |
| By creating a forensic image and hashing the original USB drive and its copy, what is the investigator aiming to establish about the evidence in court? | The investigator is attempting to prove the integrity and authenticity of the evidence, demonstrating that the forensic image is an exact replica of the original USB drive, with no modifications or tampering. |
| What are three validation criteria used for a validation rule? | range format size |
| What's the security concern when shopping online and the browser doesn't display a lock icon, even though the site requires login credentials? | The transaction is unencrypted and vulnerable to interception. |
| What is missing from the downloaded video card driver, prompting the warning message stating that it is not approved? | digital signature |
| What vulnerability on the company website allowed the hacker to breach the corporate database using manipulated login form data? | poor input validation |
| What database integrity requirement mandates that each table have a primary key with unique, non-null values? | entity integrity |
| In which three scenarios can a hashing function be utilized? | PKI IPsec CHAP |
| What three best practices should be adopted for effective salting implementation to prevent password cracking? | A salt must be unique. A salt should be unique for each password. A salt should not be reused. |
| What is the standard framework for managing digital certificates within a public key infrastructure? | 509 |
| What is the purpose of CSPRNG? | to generate salt |
| To verify authenticity, what could have been included in the email to confirm it genuinely originated from the security officer? | digital signature |
| To implement HMAC for securing passwords in transit, what essential components are required? | secret key and message digest |
| How can a user guarantee the integrity of a newly created program when distributing it within the company, ensuring it remains unchanged during download? | Generate a hash for the program file to verify its integrity post-download. |
| To ensure connection integrity and authenticity using IPsec with SHA-1, what security tool should be implemented? | HMAC |
| What are three NIST-approved digital signature algorithms? | DSA ECDSA RSA |
| What three critical questions should the user ask management when developing a disaster recovery plan? | What are the critical processes and systems to recover? Who owns and oversees the disaster recovery process? Where will recovery operations take place? |
| In which phase of the incident response plan are lessons learned typically applied? | post-incident |
| A user assesses a company's network infrastructure, identifying redundant systems but lacking overall evaluation. Their report highlights the necessary methods and configurations for comprehensive fault tolerance. What design principle are they emphasizin | resilient |
| What type of risk analysis can the user conduct to assess the company's security posture by examining past attacks and vulnerabilities? | qualitative |
| To ensure high availability and prevent Layer 2 looping, what technology should the user implement to provide redundant switching? | Spanning Tree Protocol |
| What storage solution would provide fault tolerance and protect against drive failure for the servers? | RAID |
| What type of risk mitigation strategy is the CEO employing by purchasing insurance to address potential data breach consequences? | transference |
| What three essential pieces of information should be included in the asset database? | operating systems workstations hardware network devices |
| What technology can be implemented to detect potential malware traffic on the network? | IDS |
| After cataloging data locations, what two steps can be taken to classify data and establish sensitivity criteria? | Assign data ownership. Determine data sensitivity levels |
| What three options are available to add redundancy to company routers? | GLBP VRRP HSRP |
| What three high availability deficiencies did the user identify in the data center? | Inadequate Reliability Design Lack of Real-time Error Detection Single Points of Failure |
| Which three industries should be recommended to require 99.999% (five-nine) availability? | healthcare public safety finance |
| What security approach is the user implementing by deploying multiple layers of firewalls and intrusion detection/prevention systems? | layered |
| What three devices serve as examples of physical access control measures? | locks swipe cards video cameras |
| Creating a message that says one thing but means something else to a specific audience | Social steganography |
| Making a message confusing so it is harder to understand | obfuscation |
| Hiding data within an audio file | Steganography |
| Discovering that hidden information exists within a graphic file | Steganalysis |
Created by:
jxxnixx