 1. Which statement best describes a motivation of hacktivists?

They are part of a protest group behind a political cause.

 2. Which type of cybercriminal is the most likely to create

malware to compromise an organization by stealing credit card
information?
 black hat hackers

o 3. A specialist in the HR department is invited to promote

the cybersecurity program in community schools. Which
three topics would the specialist emphasize in the
presentation to draw students to this field? (Choose three.)
 a career-field in high-demand
 service to the public
 high earning potential

o 4. An organization allows employees to work from home

two days a week. Which technology should be
implemented to ensure data confidentiality as data is
transmitted?

 VPN

 5. Which type of networks poses increasing challenges to

cybersecurity specialists due to the growth of BYOD on
campus?

 wireless networks

 6. A cybersecurity specialist is working with the IT staff to

establish an effective information security plan. Which
combination of security principles forms the foundation of a
security plan?

 confidentiality, integrity, and availability

 7. Which framework should be recommended for establishing a

comprehensive information security management system in an
organization?

 ISO/IEC 27000

 8. What are three states of data during which data is vulnerable?

(Choose three.)
 data in-process
 stored data
 data in-transit

 9. Users report that the database on the main server cannot be

accessed. A database administrator verifies the issue and
notices that the database file is now encrypted. The organization
receives a threatening email demanding payment for the
decryption of the database file. What type of attack has the
organization experienced?

 ransomeware

 10. What three best practices can help defend against social
engineering attacks? (Choose three.)

 Educate employees regarding policies.

 Do not provide password resets in a chat window.
 Resist the urge to click on enticing web links.

 11. Which statement describes a distributed denial of service

attack?

 An attacker builds a botnet comprised of zombies.

 12. A cyber criminal sends a series of maliciously formatted

packets to the database server. The server cannot parse the
packets and the event causes the server crash. What is the type
of attack the cyber criminal launches?

 DoS

 13. An executive manager went to an important meeting. The

secretary in the office receives a call from a person claiming that
the executive manager is about to give an important
presentation but the presentation files are corrupted. The caller
sternly recommends that the secretary email the presentation
right away to a personal email address. The caller also states
that the executive is holding the secretary responsible for the
success of this presentation. Which type of social engineering
tactic would describe this scenario?
 intimidation

 14. What are the two most effective ways to defend against
malware? (Choose two.)

 Update the operating system and other application software.

 Install and update antivirus software

 15. The employees in a company receive an email stating that

the account password will expire immediately and requires a
password reset within 5 minutes. Which statement would
classify this email?

 It is a hoax.

 16. In which situation would a detective control be warranted?

 when the organization needs to look for prohibited activity

 17. An organization has implemented antivirus software. What

type of security control did the company implement?

 recovery control

 18. Alice and Bob are using public key encryption to exchange a
message. Which key should Alice use to encrypt a message to
Bob?

 the public key of Bob

 19. Which statement describes a characteristics of block

ciphers?

 Block ciphers result in output data that is larger than the input
data most of the time.

 20. The IT department is tasked to implement a system that

controls what a user can and cannot do on the corporate
network. Which process should be implemented to meet the
requirement?

 a set of attributes that describes user access rights

 21. Alice and Bob use a pre-shared key to exchange a
confidential message. If Bob wants to send a confidential
message to Carol, what key should he use?

 a new pre-shared key

 22. Which access control strategy allows an object owner to

determine whether to allow access to the object?

 DAC

 23. Which method is used by steganography to hide text in an

image file?

 least significant bit

 24. The X.509 standards defines which security technology?

 digital certificates

 25. Which hashing algorithm is recommended for the protection

of sensitive, unclassified information?

 SHA-256
 26. Technicians are testing the security of an authentication
system that uses passwords. When a technician examines the
password tables, the technician discovers the passwords are
stored as hash values. However, after comparing a simple
password hash, the technician then discovers that the values
are different from those on other systems. What are two causes
of this situation? (Choose two.)

 The systems use different hashing algorithms.

 One system uses hashing and the other uses hashing and
salting.

 27. You have been asked to work with the data collection and
entry staff in your organization in order to improve data integrity
during initial data entry and data modification operations.
Several staff members ask you to explain why the new data
entry screens limit the types and size of data able to be entered
in specific fields. What is an example of a new data integrity
control?
 a validation rule which has been implemented to ensure
completeness, accuracy, and consistency of data

 28. What technology should be implemented to verify the

identity of an organization, to authenticate its website, and to
provide an encrypted connection between a client and the
website?

 digital certificate

 29. Your organization will be handling market trades. You will be

required to verify the identify of each customer who is executing
a transaction. Which technology should be implemented to
authenticate and verify customer electronic transactions?

 digital certificates

 30. Alice and Bob are using a digital signature to sign a

document. What key should Alice use to sign the document so
that Bob can make sure that the document came from Alice?
 private key from Alice

 31. An organization has determined that an employee has been

cracking passwords on administrative accounts in order to
access very sensitive payroll information. Which tools would
you look for on the system of the employee? (Choose three)
 rainbow tables
 lookup tables
 reverse lookup tables

 32. An organization wants to adopt a labeling system based on

the value, sensitivity, and criticality of the information. What
element of risk management is recommended?
 asset classification

 33. An organization has recently adopted a five nines program

for two critical database servers. What type of controls will this
involve?
 improving reliability and uptime of the servers

 34. Being able to maintain availability during disruptive events

describes which of the principles of high availability?
 system resiliency

 35. Which risk mitigation strategies include outsourcing

services and purchasing insurance?
 transfer

 36. The awareness and identification of vulnerabilities is a

critical function of a cybersecurity specialist. Which of the
following resources can be used to identify specific details
about vulnerabilities?
 CVE national database

 37. Which technology would you implement to provide high

availability for data storage?
 RAID

 38. Which two values are required to calculate annual loss

expectancy? (Choose two.)
 annual rate of occurrence

 single loss expectancy

 39. What is it called when an organization only installs

applications that meet its guidelines, and administrators
increase security by eliminating all other applications?
 asset standardization

 40. There are many environments that require five nines, but a
five nines environment may be cost prohibitive. What is one
example of where the five nines environment might be cost
prohibitive?
 the New York Stock Exchange
 41. Which technology can be used to protect VoIP against
eavesdropping?
 encrypted voice messages
 42. Mutual authentication can prevent which type of attack?
 man-in-the-middle

 43. Which of the following products or technologies would you

use to establish a baseline for an operating system?
 Microsoft Security Baseline Analyzer

 44. What Windows utility should be used to configure password

rules and account lockout policies on a system that is not part
of a domain?
 Local Security Policy tool

 45. What describes the protection provided by a fence that is 1

meter in height?
 It deters casual trespassers only.

 46. Which wireless standard made AES and CCM mandatory?

 WPA2

 47. Which three protocols can use Advanced Encryption

Standard (AES)? (Choose three.)
 WPA2
 WPA
 802.11i

 48. Which website offers guidance on putting together a

checklist to provide guidance on configuring and hardening
operating systems?

 The National Vulnerability Database website

 49. Which law was enacted to prevent corporate accounting-

related crimes?
 Sarbanes-Oxley Act
 50. Which cybersecurity weapon scans for use of default
passwords, missing patches, open ports, misconfigurations,
and active IP addresses?
 vulnerability scanners

 51. A cybersecurity specialist is asked to identify the potential

criminals known to attack the organization. Which type of
hackers would the cybersecurity specialist be least concerned
with?

 white hat hackers

 52. What is an example of early warning systems that can be

used to thwart cybercriminals?
 Honeynet project

 53. Which technology should be used to enforce the security

policy that a computing device must be checked against the
latest antivirus update before the device is allowed to connect to
the campus network?
 NAC
 54. Which data state is maintained in NAS and SAN services?
 stored data

 55. Which technology can be used to ensure data

confidentiality?
 encryption

 56. What is an impersonation attack that takes advantage of a

trusted relationship between two systems?
 spoofing

 57. Users report that the network access is slow. After

questioning the employees, the network administrator learned
that one employee downloaded a third-party scanning program
for the printer. What type of malware might be introduced that
causes slow performance of the network?

 Worm
 58. What type of application attack occurs when data goes
beyond the memory areas allocated to the application?
 buffer overflow

 59. What type of attack has an organization experienced when

an employee installs an unauthorized device on the network to
view network traffic?
 sniffing
 60. A penetration testing service hired by the company has
reported that a backdoor was identified on the network. What
action should the organization take to find out if systems have
been compromised?
 Look for unauthorized accounts.

 61. Smart cards and biometrics are considered to be what type

of access control?
 Logical

 62. Which access control should the IT department use to

restore a system back to its normal state?
 Corrective

 63. A user has a large amount of data that needs to be kept

confidential. Which algorithm would best meet this requirement?
 3DES

 64. What happens as the key length increases in an encryption

application?

 Keyspace increases exponentially.

 65. You have been asked to describe data validation to the data
entry clerks in accounts receivable. Which of the following are
good examples of strings, integers, and decimals?

 female, 9866, $125.50

 66. Which hashing technology requires keys to be exchanged?

 HMAC

 67. What is a feature of a cryptographic hash function?
 The hash function is a one-way mathematical function.
 68. A VPN will be used within the organization to give remote
users secure access to the corporate network. What does IPsec
use to authenticate the origin of every packet to provide data
integrity checking?

 HMAC

 69. Your risk manager just distributed a chart that uses three
colors to identify the level of threat to key assets in the
information security systems. Red represents high level of risk,
yellow represents average level of threat and green represents
low level of threat. What type of risk analysis does this chart
represent?

 qualitative analysis

 70. Keeping data backups offsite is an example of which type of

disaster recovery control?

 preventive

 71. What are two incident response phases? (Choose two.)

 detection and analysis

 containment and recovery

 72. The team is in the process of performing a risk analysis on

the database services. The information collected includes the
initial value of these assets, the threats to the assets and the
impact of the threats. What type of risk analysis is the team
performing by calculating the annual loss expectancy?
 quantitative analysis

 73. What approach to availability provides the most

comprehensive protection because multiple defenses
coordinate together to prevent attacks?

 layering

 74. Which utility uses the Internet Control Messaging Protocol

(ICMP)?
 Ping
 75. In a comparison of biometric systems, what is the crossover
error rate?
 rate of false negatives and rate of false positives

 76. Which protocol would be used to provide security for

employees that access systems remotely from home?
 SSH

 77. Which threat is mitigated through user awareness training

and tying security awareness to performance reviews?
 user-related threats

 78. HVAC, water system, and fire systems fall under which of the
cybersecurity domains?

 physical facilities

 79. Technologies like GIS and IoE contribute to the growth of

large data stores. What are two reasons that these technologies
increase the need for cybersecurity specialists? (Choose two.)

 They collect sensitive information.

 They contain personal information.

 80. Which two groups of people are considered internal

attackers? (Choose two.)

 ex-employees
 trusted partners

 81. Which methods can be used to implement multifactor

authentication?

 passwords and fingerprints

 82. A security specialist is asked for advice on a security

measure to prevent unauthorized hosts from accessing the
home network of employees. Which measure would be most
effective?
 Implement a firewall.

 83. What type of attack will make illegitimate websites higher in

a web search result list?
 SEO poisoning

 84. What is a nontechnical method that a cybercriminal would

use to gather sensitive information from an organization?

 social engineering

 85. Which algorithm will Windows use by default when a user

intends to encrypt files and folders in an NTFS volume?

 AES

 86. Before data is sent out for analysis, which technique can be
used to replace sensitive data in nonproduction environments to
protect the underlying information?
 data masking substitution

 87. An organization plans to implement security training to

educate employees about security policies. What type of access
control is the organization trying to implement?
 administrative

 88. Passwords, passphrases, and PINs are examples of which

security term?
 authentication

 89. What technique creates different hashes for the same

password?
 salting

 90. You have been asked to implement a data integrity program

to protect data files that need to be electronically downloaded by
the sales staff. You have decided to use the strongest hashing
algorithm available on your systems. Which hash algorithm
would you select?

SHA-256

 91. What kind of integrity does a database have when all its rows
have a unique identifier called a primary key?
 entity integrity

 92. What approach to availability involves using file

permissions?
 limiting
 93. Which national resource was developed as a result of a U.S.
Executive Order after a ten-month collaborative study involving
over 3,000 security professionals?
 NIST Framework
 94. Which two protocols pose switching threats? (Choose two.)
 STP
 ARP
 95. What is the most difficult part of designing a cryptosystem?

 key management

 96. What technology should you implement to ensure that an

individual cannot later claim that he or she did not sign a given
document?

 digital signature

 97. Which type of cybercriminal attack would interfere with

established network communication through the use of
constructed packets so that the packets look like they are part of
the normal communication?

 packet forgery

 98. An organization just completed a security audit. Your

division was cited for not conforming to X.509 requirements.
What is the first security control you need to examine?
 digital certificates

 99. What technology can be implemented as part of an

authentication system to verify the identification of employees?
 a smart card reader

 100. Which technology can be used to prevent a cracker from

launching a dictionary or brute-force attack of a hash?
Which technology could be used to prevent a cracker from
launching a dictionary or brute-force attack off a hash?
 HMAC

 102. Netbus belongs to which malware type?

 backdoor

 103. A user complains about frequently receiving messages on

the smartphone that urges the user to visit different insurance
websites. If the user clicks the link to visit, a user login message
will pop up and ask the user to register first. Which wireless and
mobile device attack has the user experienced?

 SMiShing