UnansweredQuestion 130 / 2 ptsA cyber criminal sends a series of maliciously formatted packets to the database server.The server cannot parse the packets and the event causes the server crash. What is thetype of attack the cyber criminal launches?SQL injectionpacket InjectionCorrect AnswerDoS Show
man-in-the-middleRefer to curriculum topic: 3.3.1A cybersecurity specialist needs to be familiar with the characteristics of the differenttypes of malware and attacks that threaten an organization.UnansweredQuestion 140 / 2 ptsWhich statement describes a distributed denial of service attack?" UnansweredQuestion 150 / 2 ptsWhat three best practices can help defend against social engineering attacks? (Choosethree.) Enable a policy that states that the IT department should supply information over thephone only to managers.Correct AnswerEducate employees regarding policies.Correct AnswerDo not provide password resets in a chat window.Add more security guards.Correct AnswerResist the urge to click on enticing web links.Refer to curriculum topic: 3.2.2A cybersecurity specialist must be aware of the technologies and measures that areused as countermeasures to protect the organization from threats and vulnerabilities.UnansweredQuestion 160 / 2 ptsIn which situation would a detective control be warranted? Last Updated on October 4, 2022 by Answers Explanation &
Hints: System and data availability is a critical responsibility of a cybersecurity specialists. It is important to understand the technologies, process, and controls used to provide high availability. Answers Explanation & Hints: MD5 and SHA are the two most popular hashing algorithms. SHA-256 uses a 256-bit hash, whereas MD5 produces a 128-bit hash value. Answers Explanation & Hints: The CIA Triad is the foundation upon which all information management systems are developed. Answers Explanation & Hints: A string is a group of letters, numbers and special characters. An integer is whole number. A decimal is a number that is not a fraction. Answers Explanation & Hints: A cybersecurity
specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization. Answers Explanation & Hints: Hackers are classified by colors to help define the purpose of their break-in activities. Answers Explanation & Hints: Social engineering uses several different tactics to gain information from victims. Answers Explanation & Hints: Access control prevents an unauthorized user from gaining access to
sensitive data and networked systems. There are several technologies used to implement effective access control strategies. Answers Explanation & Hints: Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of
an organization. Answers Explanation & Hints: Data integrity is one of the three guiding security principles. A cybersecurity specialist should be familiar with the tools and technologies used to ensure data integrity. Answers Explanation & Hints: A cybersecurity specialist must be aware of the technologies available that support the CIA triad. Answers Explanation & Hints: Cybersecurity specialists need to be familiar with the characteristics of various attacks. In a comparison of biometric systems, what is the crossover error rate?
Which national resource was developed as a result of a U.S. Executive Order after a ten-month collaborative study involving over 3,000 security professionals?
The team is in the process of performing a risk analysis on the database services. The information collected includes the initial value of these assets, the threats to the assets and the impact of the threats. What type of risk analysis is the team performing by calculating the annual loss expectancy?
Which risk mitigation strategies include outsourcing services and purchasing insurance?
Which method is used by steganography to hide text in an image file?
Which technology can be used to ensure data confidentiality?
Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?
Which utility uses the Internet Control Messaging Protocol (ICMP)?
Which threat is mitigated through user awareness training and tying security awareness to performance reviews?
What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?
What is a feature of a cryptographic hash function?
Passwords, passphrases, and PINs are examples of which security term?
Which hashing algorithm is recommended for the protection of sensitive, unclassified information?
An organization allows employees to work from home two days a week. Which technology should be implemented to ensure data confidentiality as data is transmitted?
Which statement describes a distributed denial of service attack?”
What is it called when an organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications?
There are many environments that require five nines, but a five nines environment may be cost prohibitive. What is one example of where the five nines environment might be cost prohibitive?
An organization has implemented antivirus software. What type of security control did the company implement?
A specialist in the HR department is invited to promote the cybersecurity program in community schools. Which three topics would the specialist emphasize in the presentation to draw students to this field? (Choose three.)
What approach to availability provides the most comprehensive protection because multiple defenses coordinate together to prevent attacks?
What are three states of data during which data is vulnerable? (Choose three.)
A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?
Which statement describes a characteristics of block ciphers?
What type of application attack occurs when data goes beyond the memory areas allocated to the application?
Which website offers guidance on putting together a checklist to provide guidance on configuring and hardening operating systems?
Which two values are required to calculate annual loss expectancy? (Choose two.)
A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server crash. What is the type of attack the cyber criminal launches?
Mutual authentication can prevent which type of attack?
A user has a large amount of data that needs to be kept confidential. Which algorithm would best meet this requirement?
What are two incident response phases? (Choose two.)
Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses?
What happens as the key length increases in an encryption application?
Your risk manager just distributed a chart that uses three colors to identify the level of threat to key assets in the information security systems. Red represents high level of risk, yellow represents average level of threat and green represents low level of threat. What type of risk analysis does this chart represent?
An organization wants to adopt a labeling system based on the value, sensitivity, and criticality of the information. What element of risk management is recommended?
An organization has determined that an employee has been cracking passwords on administrative accounts in order to access very sensitive payroll information. Which tools would you look for on the system of the employee? (Choose three)
What is an impersonation attack that takes advantage of a trusted relationship between two systems?
Which statement best describes a motivation of hacktivists?
Which two groups of people are considered internal attackers? (Choose two.)
Which hashing technology requires keys to be exchanged?
What type of attack has an organization experienced when an employee installs an unauthorized device on the network to view network traffic?
Alice and Bob use a pre-shared key to exchange a confidential message. If Bob wants to send a confidential message to Carol, what key should he use?
Which technology would you implement to provide high availability for data storage?
What is an example of early warning systems that can be used to thwart cybercriminals?
A security specialist is asked for advice on a security measure to prevent unauthorized hosts from accessing the home network of employees. Which measure would be most effective?
What type of attack will make illegitimate websites higher in a web search result list?
Which technology can be used to protect VoIP against eavesdropping?
What describes the protection provided by a fence that is 1 meter in height?
Which two protocols pose switching threats? (Choose two.)
What technology should be implemented to verify the identity of an organization, to authenticate its website, and to provide an encrypted connection between a client and the website?
The IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?
Which three protocols can use Advanced Encryption Standard (AES)? (Choose three.)
An organization plans to implement security training to educate employees about security policies. What type of access control is the organization trying to implement?
A VPN will be used within the organization to give remote users secure access to the corporate network. What does IPsec use to authenticate the origin of every packet to provide data integrity checking?
The X.509 standards defines which security technology?
Which technology should be used to enforce the security policy that a computing device must be checked against the latest antivirus update before the device is allowed to connect to the campus network?
What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?
Users report that the network access is slow. After questioning the employees, the network administrator learned that one employee downloaded a third-party scanning program for the printer. What type of malware might be introduced that causes slow performance of the network?
Which data state is maintained in NAS and SAN services?
What is the most difficult part of designing a cryptosystem?
Which methods can be used to implement multifactor authentication?
Keeping data backups offsite is an example of which type of disaster recovery control?
Which protocol would be used to provide security for employees that access systems remotely from home?
Which type of networks poses increasing challenges to cybersecurity specialists due to the growth of BYOD on campus?
In which situation would a detective control be warranted?
What approach to availability involves using file permissions?
Which wireless standard made AES and CCM mandatory?
What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document?
Being able to maintain availability during disruptive events describes which of the principles of high availability?
Which law was enacted to prevent corporate accounting-related crimes?
The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can be used to identify specific details about vulnerabilities?
What kind of integrity does a database have when all its rows have a unique identifier called a primary key?
You have been asked to work with the data collection and entry staff in your organization in order to improve data integrity during initial data entry and data modification operations. Several staff members ask you to explain why the new data entry screens limit the types and size of data able to be entered in specific fields. What is an example of a new data integrity control?
4.1 28 votes Article Rating Which type of cybercriminal is the most likely to create malware to compromise an organization by stealing credit card information?2 / 2 ptsQuestion 2Which type of cybercriminal is the most likely to create malware tocompromise an organization by stealing credit card information? black hat hackersCorrect!
What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?Attackers use “social engineering” — non-technical methods to manipulate people into clicking on infected links or websites or giving up confidential information.
|