Question 1

The following technology solution represents an example of the 'simplicity' principle EXCEPT:&#10;A) Relying on a single sign-on based password manager&#10;B) Enabling automatic full disk encryption to protect data with no productivity sacrifice&#10;C) Automated data and file backups&#10;D) Deploying all VPN connections in the transport mode&#10;E) Using passphrases rather than passwords

Accepted Answer

Deploying all VPN connections in the transport mode may provide stronger security but may not necessarily adhere to the principle of simplicity as it is more complex to implement and manage. The other options, such as relying on a single sign-on password manager, enabling automatic encryption and backups, and using passphrases, are all examples of simple and user-friendly technology solutions.

Question 2

The following figure demonstrates the ________ principle in security.  &#10;A) Limiting&#10;B) Simplicity&#10;C) Layering&#10;D) Defense-in-depth&#10;E) Hiding

Accepted Answer

A

Question 3

Which CORRECTLY pairs a security layer and an available technology in realizing the defense-in-depth principle?&#10;A) Data security -- Access Control List (ACL) on border routers&#10;B) Application security -- Hardening intermediary devices&#10;C) Host security -- Anti-virus protection&#10;D) Internal network security -- Corporate-wide data encryption&#10;E) Perimeter security -- Network segmentation (e.g., subnets, VLANs)

Accepted Answer

Anti-virus protection is a technology used to secure hosts, making it a correct pairing for host security.

Question 4

Which is NOT a primary security requirement?&#10;A) confidentiality (privacy)&#10;B) data integrity&#10;C) authentication&#10;D) access control&#10;E) spoofing detection

Accepted Answer

While spoofing detection is important in ensuring the authenticity of data and preventing attacks, it is not considered a primary security requirement. The primary security requirements are confidentiality (privacy), data integrity, authentication, and access control.

Question 5

_____ is a process that validates &#34;you are the person/system you claim to be.&#34;&#10;A) Address filtering&#10;B) Challenging&#10;C) Certification&#10;D) Authentication&#10;E) Authorization

Accepted Answer

Authentication is the process of verifying the identity of a person or system, ensuring that they are who they claim to be. Address filtering is not related to identity verification, challenging may be part of the authentication process but is not a verification method on its own, certification refers to a process of obtaining credentials or qualifications, and authorization is the process of granting or denying access to resources based on the authenticated identity.

Question 6

In realizing the defense-in-depth principle, the perimeter security technologies of a business organization include the following EXCEPT:&#10;A) Border firewalls&#10;B) Corporate file access control&#10;C) Access Control List (ACL) on border routers&#10;D) Demilitarized zone (DMZ)&#10;E) Proxy servers

Accepted Answer

Corporate file access control is not a perimeter security technology but is rather a form of access control within the internal network of the organization. The other options, including border firewalls, ACLs on border routers, DMZs, and proxy servers, are all examples of perimeter security technologies that provide layers of protection for the organization's network.

Question 7

The defense-in-depth principle may include security measures of the following layers. Which layer is LEAST relevant?&#10;A) Application security&#10;B) External network security&#10;C) Host security&#10;D) Internal network security&#10;E) Perimeter security

Accepted Answer

While all the layers are important in defense-in-depth, external network security is the least relevant because it is further away from protecting the core assets of the system. This layer protects the perimeter, but the other layers protect deeper into the system.

Question 8

The following elements/activities cut across all security layers in realizing defense-in-depth EXCEPT:&#10;A) Corporate-wide data encryption&#10;B) Regulatory compliance self-assessment&#10;C) Security policies & procedures&#10;D) Security awareness & training&#10;E) Information security self-assessment

Accepted Answer

The answer of The following elements/activities cut across all security...

Question 9

Maintaining a reliable backup system of corporate database satisfies what aspect of security requirements?&#10;A) Confidentiality&#10;B) Data integrity&#10;C) Authentication&#10;D) Authorization&#10;E) Availability

Accepted Answer

The maintenance of a reliable backup system ensures that the data is available in case of any disaster or system failure. This satisfies the availability requirement of security.

Question 10

Which of the following is NOT a technology solution intended for authentication?&#10;A) Password and passphrase&#10;B) Access control list (ACL)&#10;C) Digital signature and digital certificate&#10;D) Biometric solutions (e.g., fingerprints).&#10;E) Security token

Accepted Answer

Access control list (ACL) is not a technology solution for authentication, but rather a method for controlling access to resources such as files, folders, or network resources. The other options listed are all examples of authentication technologies.

Question 11

Maintaining data privacy achieves the _________ aspect of security requirement.&#10;A) confidentiality&#10;B) integrity&#10;C) authentication&#10;D) access control&#10;E) reliability

Accepted Answer

The answer of Maintaining data privacy achieves the _________ aspect...

Question 12

The following figure is an example of ___________ attack.  &#10;A) social engineering&#10;B) denial of service&#10;C) malware&#10;D) fingerprinting&#10;E) man-in-the-middle

Accepted Answer

The answer of The following figure is an example of...

Question 13

Below email is an example of _________:  &#10;A) sniffing&#10;B) spoofing&#10;C) monitoring&#10;D) phishing&#10;E) scanning

Accepted Answer

The answer of Below email is an example of _________:...

Deck 2: Cybersecurity: Fundamentals