Last Updated on October 29, 2019 by Admin
Cybersecurity Essentials 1.1 Chapter 5 Quiz Online
CE -- Chapter 5 Quiz
Quiz-summary
0 of 20 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Information
CE — Chapter 5 Quiz
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 20 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Answered
- Review
-
Question 1 of 20
1. Question
1 pointsWhat is a strength of using a hashing function?Correct
Incorrect
Understanding the properties of a hash function shows its applicability such as one-way function, arbitrary input length, and fixed output.
Hint
Understanding the properties of a hash function shows its applicability such as one-way function, arbitrary input length, and fixed output.
-
Question 2 of 20
2. Question
1 pointsA user is instructed by a boss to find a better method to secure passwords in transit. The user has researched several means to do so and has settled on using HMAC. What are the key elements needed to implement HMAC?Correct
Incorrect
HMAC implementation is a secret key added to a hash.
Hint
HMAC implementation is a secret key added to a hash.
-
Question 3 of 20
3. Question
1 pointsWhich method tries all possible passwords until a match is found?Correct
Incorrect
Two common methods of cracking hashes are dictionary and brute force. Given time, the brute force method will always crack a password.
Hint
Two common methods of cracking hashes are dictionary and brute force. Given time, the brute force method will always crack a password.
-
Question 4 of 20
4. Question
1 pointsAn investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?Correct
Incorrect
A hash function ensures the integrity of a program, file, or device.
Hint
A hash function ensures the integrity of a program, file, or device.
-
Question 5 of 20
5. Question
3 pointsWhat are three type of attacks that are preventable through the use of salting? (Choose three.)Correct
Incorrect
Salting makes precomputed tables ineffective because of the random string that is used.
Hint
Salting makes precomputed tables ineffective because of the random string that is used.
-
Question 6 of 20
6. Question
1 pointsA user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use?Correct
Incorrect
HMAC provides the additional feature of a secret key to ensure integrity and authentication.
Hint
HMAC provides the additional feature of a secret key to ensure integrity and authentication.
-
Question 7 of 20
7. Question
1 pointsA user downloads an updated driver for a video card from a website. A warning message pops up saying the driver is not approved. What does this piece of software lack?Correct
Incorrect
Code signing is a method of verifying code integrity
Hint
Code signing is a method of verifying code integrity
-
Question 8 of 20
8. Question
1 pointsWhat is the purpose of CSPRNG?Correct
Incorrect
Salting prevents someone from using a dictionary attack to guess a password. Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) is one way (and the best way) to generate salt.
Hint
Salting prevents someone from using a dictionary attack to guess a password. Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) is one way (and the best way) to generate salt.
-
Question 9 of 20
9. Question
1 pointsA user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?Correct
Incorrect
Hashing is a method to ensure integrity and ensures that the data is not changed.
Hint
Hashing is a method to ensure integrity and ensures that the data is not changed.
-
Question 10 of 20
10. Question
1 pointsA recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person?Correct
Incorrect
Digital signatures ensures non-repudiation or the ability not to deny that a specific person sent a message.
Hint
Digital signatures ensures non-repudiation or the ability not to deny that a specific person sent a message.
-
Question 11 of 20
11. Question
1 pointsA recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website?Correct
Incorrect
The ability to pass malformed data through a website is a form of poor input validation.
Hint
The ability to pass malformed data through a website is a form of poor input validation.
-
Question 12 of 20
12. Question
3 pointsWhat are three validation criteria used for a validation rule? (Choose three.)Correct
Incorrect
Criteria used in a validation rule include format, consistency, range, and check digit.
Hint
Criteria used in a validation rule include format, consistency, range, and check digit.
-
Question 13 of 20
13. Question
1 pointsA user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username and password and the user is able to log in. What is the danger in proceeding with this transaction?Correct
Incorrect
The lock in the browser window ensures a secure connection is being established and is not blocked by browser add-ons.
Hint
The lock in the browser window ensures a secure connection is being established and is not blocked by browser add-ons.
-
Question 14 of 20
14. Question
3 pointsIdentify three situations in which the hashing function can be applied. (Choose three.)Correct
Incorrect
Three situations where a hash function could be used are as follows:
- When IPsec is being used
- When routing authentication is enabled
- In challenge responses within protocols such as PPP CHAP
- Within digitally signed contracts and PKI certificates
Hint
Three situations where a hash function could be used are as follows:
- When IPsec is being used
- When routing authentication is enabled
- In challenge responses within protocols such as PPP CHAP
- Within digitally signed contracts and PKI certificates
-
Question 15 of 20
15. Question
1 pointsWhat is the standard for a public key infrastructure to manage digital certificates?Correct
Incorrect
The x.509 standard is for a PKI infrastructure and x.500 if for directory structures.
Hint
The x.509 standard is for a PKI infrastructure and x.500 if for directory structures.
-
Question 16 of 20
16. Question
3 pointsA user is evaluating the security infrastructure of a company and notices that some authentication systems are not using best practices when it comes to storing passwords. The user is able to crack passwords very fast and access sensitive data. The user wants to present a recommendation to the company on the proper implementation of salting to avoid password cracking techniques. What are three best practices in implementing salting? (Choose three.)Correct
Incorrect
Salting needs to be unique and not reused. Doing the opposite will cause passwords to be cracked easily.
Hint
Salting needs to be unique and not reused. Doing the opposite will cause passwords to be cracked easily.
-
Question 17 of 20
17. Question
1 pointsA user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing?Correct
Incorrect
There are three major database integrity requirements: entity, referential, and domain integrity.
Hint
There are three major database integrity requirements: entity, referential, and domain integrity.
-
Question 18 of 20
18. Question
3 pointsWhat are three NIST-approved digital signature algorithms? (Choose three.)Correct
Incorrect
NIST chooses approved algorithms based on public key techniques and ECC. The digital signature algorithms approved are DSA, RSA, and ECDSA.
Hint
NIST chooses approved algorithms based on public key techniques and ECC. The digital signature algorithms approved are DSA, RSA, and ECDSA.
-
Question 19 of 20
19. Question
1 pointsAlice and Bob use the same password to login into the company network. This means both would have the exact same hash for their passwords. What could be implemented to prevent both password hashes from being the same?Correct
Incorrect
A password is stored as a combination of both a hash and a salt.
Hint
A password is stored as a combination of both a hash and a salt.
-
Question 20 of 20
20. Question
1 pointsWhat is the step by step process for creating a digital signature?Correct
Incorrect
In order to create a digital signature, the following steps must be taken:
- The message and message digest are created.
- The digest and private key are encrypted.
- The message, encrypted message digest, and public key are bundled to create the signed document.
Hint
In order to create a digital signature, the following steps must be taken:
- The message and message digest are created.
- The digest and private key are encrypted.
- The message, encrypted message digest, and public key are bundled to create the signed document.