CCNA Cyber Ops (210-250 SECFND)

1. What entity that issues and signs digital certificates is trusted by the browser?

Certificate Authority

Certificate Notary

Certificate Controller

Certificate Licensor

The entity that issues and signs digital certificates and is trusted by the browser is known as a Certificate Authority. Certificate Authorities are responsible for verifying the identity of individuals, organizations, or websites and issuing digital certificates that contain information about the entity's identity and public key. Browsers trust these Certificate Authorities to ensure the authenticity and integrity of the digital certificates presented by websites during secure communications.

Explanation

The entity that issues and signs digital certificates and is trusted by the browser is known as a Certificate Authority. Certificate Authorities are responsible for verifying the identity of individuals, organizations, or websites and issuing digital certificates that contain information about the entity's identity and public key. Browsers trust these Certificate Authorities to ensure the authenticity and integrity of the digital certificates presented by websites during secure communications.

2. What is the default port for HTTPS?

443

8080

80

22

The default port for HTTPS is 443. This port is used for secure communication over the internet using the HTTPS protocol. When a user accesses a website using HTTPS, the data is encrypted and transmitted securely between the user's browser and the web server on port 443. This ensures that sensitive information such as login credentials or credit card details are protected from unauthorized access.

Explanation

The default port for HTTPS is 443. This port is used for secure communication over the internet using the HTTPS protocol. When a user accesses a website using HTTPS, the data is encrypted and transmitted securely between the user's browser and the web server on port 443. This ensures that sensitive information such as login credentials or credit card details are protected from unauthorized access.

3. DNS listens on which well-known ports?

UDP port 67 and UDP port 68

TCP port 21 and TCP port 22

TCP port 53 and UDP port 53

TCP 161 and UDP 161

DNS primarily uses UDP port 53 for DNS queries and responses. DNS queries consist of a UDP request from the client followed by a UDP response from the DNS server. TCP port 53 is used when the DNS response data size exceeds 512 bytes, or for tasks such as zone transfers. Zone transfer is a type of DNS transaction. Zone transfer is used by the DNS administrators to replicate the DNS databases across a set of DNS servers.

Explanation

DNS primarily uses UDP port 53 for DNS queries and responses. DNS queries consist of a UDP request from the client followed by a UDP response from the DNS server. TCP port 53 is used when the DNS response data size exceeds 512 bytes, or for tasks such as zone transfers. Zone transfer is a type of DNS transaction. Zone transfer is used by the DNS administrators to replicate the DNS databases across a set of DNS servers.

4. Which one of the following options describes the concept of using a different key for encrypting and decrypting data?

Cipher text

Asymmetric encryption

Symmetric encryption

Avalanche effect

Asymmetric encryption refers to the concept of using different keys for encrypting and decrypting data. This technique involves a public key for encryption and a private key for decryption. The public key is freely available to anyone, while the private key is kept secret. This approach provides a higher level of security as it eliminates the need to share a single key between parties. It is widely used in secure communication protocols, such as HTTPS, to protect sensitive information during transmission.

Explanation

Asymmetric encryption refers to the concept of using different keys for encrypting and decrypting data. This technique involves a public key for encryption and a private key for decryption. The public key is freely available to anyone, while the private key is kept secret. This approach provides a higher level of security as it eliminates the need to share a single key between parties. It is widely used in secure communication protocols, such as HTTPS, to protect sensitive information during transmission.

5. Which type of encryption algorithm uses the different but related keys to encrypt and decrypt data?

Asymmetric encryption algorithm

Symmetric encryption algorithm

Dodecaphonic algorithm

Diffie-Hellman algorithm

Asymmetric encryption algorithm uses different but related keys to encrypt and decrypt data. Unlike symmetric encryption algorithm, where the same key is used for both encryption and decryption, asymmetric encryption algorithm uses a pair of keys - a public key for encryption and a private key for decryption. This allows for secure communication between two parties without the need to share a common key. The most commonly used asymmetric encryption algorithm is RSA (Rivest-Shamir-Adleman).

Explanation

Asymmetric encryption algorithm uses different but related keys to encrypt and decrypt data. Unlike symmetric encryption algorithm, where the same key is used for both encryption and decryption, asymmetric encryption algorithm uses a pair of keys - a public key for encryption and a private key for decryption. This allows for secure communication between two parties without the need to share a common key. The most commonly used asymmetric encryption algorithm is RSA (Rivest-Shamir-Adleman).

6. How many encryption key bits are needed to double the number of possible key values that are available with a 40-bit encryption key?

80 bits

41 bits

120 bits

160 bits

Modern symmetric algorithms use key lengths that range from 40 to 256 bits. This range gives symmetric algorithms key spaces that range from 240 (1,099,511,627,776 possible keys) to 2256 (1.5 x 1077) possible keys.

Every additional bit in the key length doubles the number of possible key values.

Explanation

Modern symmetric algorithms use key lengths that range from 40 to 256 bits. This range gives symmetric algorithms key spaces that range from 240 (1,099,511,627,776 possible keys) to 2256 (1.5 x 1077) possible keys.

Every additional bit in the key length doubles the number of possible key values.

7. Which type of encryption algorithm uses the same key to encrypt and decrypt data?

Asymmetric encryption algorithm

Dodecaphonic algorithm

Diffie-Hellman algorithm

Symmetric encryption algorithm

A symmetric encryption algorithm uses the same key to both encrypt and decrypt data. This means that the sender and receiver must have the same key to communicate securely. This type of encryption is commonly used for secure communication and data storage, as it is fast and efficient. Unlike asymmetric encryption, which uses different keys for encryption and decryption, symmetric encryption is simpler and more straightforward.

Explanation

A symmetric encryption algorithm uses the same key to both encrypt and decrypt data. This means that the sender and receiver must have the same key to communicate securely. This type of encryption is commonly used for secure communication and data storage, as it is fast and efficient. Unlike asymmetric encryption, which uses different keys for encryption and decryption, symmetric encryption is simpler and more straightforward.

8. Risk is a function of which three factors? (Choose three.)

Cost of security solution

Threat

Deployment time

Impact

Support costs

Vulnerabilities

Risk is a measure of the potential harm or negative impact that can result from a threat exploiting vulnerabilities. The three factors that contribute to risk are threat, impact, and vulnerabilities. The threat refers to the likelihood of a harmful event occurring, impact refers to the severity of the consequences if the event occurs, and vulnerabilities are weaknesses or flaws that can be exploited by the threat. These three factors together determine the level of risk associated with a particular situation or system.

Explanation

Risk is a measure of the potential harm or negative impact that can result from a threat exploiting vulnerabilities. The three factors that contribute to risk are threat, impact, and vulnerabilities. The threat refers to the likelihood of a harmful event occurring, impact refers to the severity of the consequences if the event occurs, and vulnerabilities are weaknesses or flaws that can be exploited by the threat. These three factors together determine the level of risk associated with a particular situation or system.

Submit

9. Which one of the following is the reason that asymmetric encryption is not used to perform bulk encryption?

Asymmetric algorithms are substantially slower than symmetric algorithms.

Asymmetric algorithms are easier to break than symmetric algorithms.

Symmetric algorithms can provide authentication and confidentiality.

Symmetric algorithms use a much larger key size.

Asymmetric encryption is not used for bulk encryption because it is substantially slower than symmetric encryption. Asymmetric encryption involves the use of a pair of keys, a public key for encryption and a private key for decryption. This process requires more computational power and time compared to symmetric encryption, where the same key is used for both encryption and decryption. Therefore, symmetric encryption is more efficient for bulk encryption where large amounts of data need to be encrypted or decrypted quickly.

Explanation

Asymmetric encryption is not used for bulk encryption because it is substantially slower than symmetric encryption. Asymmetric encryption involves the use of a pair of keys, a public key for encryption and a private key for decryption. This process requires more computational power and time compared to symmetric encryption, where the same key is used for both encryption and decryption. Therefore, symmetric encryption is more efficient for bulk encryption where large amounts of data need to be encrypted or decrypted quickly.

10. What best describes domain shadowing?

Domain shadowing provides a backup web site to redirect the user to, in the event of a compromise.

Domain shadowing involves the attacker compromising a parent domain and creating multiple subdomains to be used during their attacks.

Domain shadowing is the OpenDns response to a web site redirect when the HTTP 404 error code is received.

Domain shadowing is a fault tolerant method that is used by developers when building and developing web-based services.

Domain shadowing involves the attacker compromising a parent domain and creating multiple subdomains to be used during their attacks. This technique allows the attacker to hide their malicious activities by using legitimate subdomains within the compromised parent domain. By doing so, they can bypass security measures and make it more difficult for detection and mitigation.

Explanation

Domain shadowing involves the attacker compromising a parent domain and creating multiple subdomains to be used during their attacks. This technique allows the attacker to hide their malicious activities by using legitimate subdomains within the compromised parent domain. By doing so, they can bypass security measures and make it more difficult for detection and mitigation.

11. What best describes a brute-force attack?

An attacker's attempt to decode a cipher by attempting each possible key combination to find the correct one

Breaking and entering into a physical building or network closet

A rogue DHCP server that is posing as a legitimate DHCP server on a network segment

An attacker inserting itself between two devices in a communication session and then taking over the session.

A brute-force attack refers to an attacker's attempt to decode a cipher by systematically trying every possible key combination until the correct one is found. This method is time-consuming but effective, as it exhaustively checks all possible combinations. It is commonly used when the key length is short or weak, making it easier for the attacker to find the correct key. The other options mentioned in the question, such as breaking and entering, rogue DHCP servers, and session hijacking, are unrelated to brute-force attacks.

Explanation

A brute-force attack refers to an attacker's attempt to decode a cipher by systematically trying every possible key combination until the correct one is found. This method is time-consuming but effective, as it exhaustively checks all possible combinations. It is commonly used when the key length is short or weak, making it easier for the attacker to find the correct key. The other options mentioned in the question, such as breaking and entering, rogue DHCP servers, and session hijacking, are unrelated to brute-force attacks.

12. Malicious Windows operating system codes that share a single virtual address space, and can manage the system CPU and memory resources directly are running in which mode?

Safe

User

Kernel

Privileged

The correct answer is "kernel". In the given question, it is stated that the malicious Windows operating system codes are running in a mode that allows them to share a single virtual address space and manage the system CPU and memory resources directly. This mode is known as the kernel mode. In the kernel mode, the operating system has complete control over the hardware and can execute privileged instructions.

Explanation

The correct answer is "kernel". In the given question, it is stated that the malicious Windows operating system codes are running in a mode that allows them to share a single virtual address space and manage the system CPU and memory resources directly. This mode is known as the kernel mode. In the kernel mode, the operating system has complete control over the hardware and can execute privileged instructions.

13. What are two main goals of SQL injection attacks? (Choose two.)

Data modification

Denial of service

Theft or extraction of data

Timed execution of malware

The two main goals of SQL injection attacks are data modification and theft or extraction of data. In a SQL injection attack, an attacker manipulates a web application's database by injecting malicious SQL code. Data modification refers to the ability to alter or change the data stored in the database, while theft or extraction of data involves stealing sensitive information from the database. These goals allow the attacker to manipulate or steal data for their own malicious purposes.

Explanation

The two main goals of SQL injection attacks are data modification and theft or extraction of data. In a SQL injection attack, an attacker manipulates a web application's database by injecting malicious SQL code. Data modification refers to the ability to alter or change the data stored in the database, while theft or extraction of data involves stealing sensitive information from the database. These goals allow the attacker to manipulate or steal data for their own malicious purposes.

Submit

14. What are the three basic security requirements of network security? (Choose three.)

Accountability

Availability

Confidentiality

Visibility

Integrity

The three basic security requirements of network security are availability, confidentiality, and integrity. Availability refers to the accessibility and usability of network resources, ensuring that they are consistently available to authorized users. Confidentiality involves protecting sensitive information from unauthorized access or disclosure. Integrity ensures that data remains accurate and unaltered, preventing unauthorized modifications or tampering. Visibility, although mentioned in the options, is not considered a basic security requirement in network security.

Explanation

The three basic security requirements of network security are availability, confidentiality, and integrity. Availability refers to the accessibility and usability of network resources, ensuring that they are consistently available to authorized users. Confidentiality involves protecting sensitive information from unauthorized access or disclosure. Integrity ensures that data remains accurate and unaltered, preventing unauthorized modifications or tampering. Visibility, although mentioned in the options, is not considered a basic security requirement in network security.

Submit

15. Which one of the following options is the attack that can be used to find collisions in a cryptographic hash function?

Birthday attack

Chosen-plaintext attack

Ciphertext-only attack

Chosen-ciphertext attack

A birthday attack is a type of attack that can be used to find collisions in a cryptographic hash function. In this attack, the attacker aims to find two different inputs that produce the same hash value. The attacker generates a large number of random inputs and computes their hash values. By comparing the hash values, the attacker can identify any collisions that occur. This attack takes advantage of the birthday paradox, which states that in a group of just 23 people, there is a 50% chance that two people share the same birthday. Similarly, in a hash function with a large number of possible inputs, the probability of finding a collision becomes surprisingly high.

Explanation

A birthday attack is a type of attack that can be used to find collisions in a cryptographic hash function. In this attack, the attacker aims to find two different inputs that produce the same hash value. The attacker generates a large number of random inputs and computes their hash values. By comparing the hash values, the attacker can identify any collisions that occur. This attack takes advantage of the birthday paradox, which states that in a group of just 23 people, there is a 50% chance that two people share the same birthday. Similarly, in a hash function with a large number of possible inputs, the probability of finding a collision becomes surprisingly high.

16. Of the following, in which type of an attack does the attacker try every possible key with the decryption algorithm, knowing that eventually one of the keys will work?

Chosen-ciphertext attack

Birthday attack

Brute-force attack

Ciphertext-only attack

In a brute-force attack, an attacker tries every possible key with the decryption algorithm, knowing that eventually one of the keys will work. All encryption algorithms are vulnerable to this attack.

Explanation

In a brute-force attack, an attacker tries every possible key with the decryption algorithm, knowing that eventually one of the keys will work. All encryption algorithms are vulnerable to this attack.

17. Which resource record type is used to display the mail servers for a domain?

MX

CNAME

AAAA

PTR

MX stands for Mail Exchanger. It is a type of resource record used in the Domain Name System (DNS) to specify the mail servers responsible for accepting incoming emails for a particular domain. When someone sends an email to a domain, the MX record helps in routing the email to the correct mail server. Therefore, the correct answer is MX.

Explanation

MX stands for Mail Exchanger. It is a type of resource record used in the Domain Name System (DNS) to specify the mail servers responsible for accepting incoming emails for a particular domain. When someone sends an email to a domain, the MX record helps in routing the email to the correct mail server. Therefore, the correct answer is MX.

18. After encryption has been applied to a message, what is the message identified as?

Hash result

Ciphertext

Fingerprint

Message digest

With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message.

Explanation

With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message.

19. Which one of the following parts of the Diffie-Hellman calculation is an arbitrary item that is agreed upon by both parties before any mathematical calculations?

Secret key (a)

Prime number (p)

Public key (g)

In the Diffie-Hellman calculation, the prime number (p) is an arbitrary item that is agreed upon by both parties before any mathematical calculations. This prime number serves as the modulus in the calculation and ensures that the computation is performed within a finite field. By agreeing on a specific prime number, both parties can generate their own secret keys and public keys, which are then used to establish a shared secret key for secure communication.

Explanation

In the Diffie-Hellman calculation, the prime number (p) is an arbitrary item that is agreed upon by both parties before any mathematical calculations. This prime number serves as the modulus in the calculation and ensures that the computation is performed within a finite field. By agreeing on a specific prime number, both parties can generate their own secret keys and public keys, which are then used to establish a shared secret key for secure communication.

20. Which statement about the Diffie-Hellman Key Agreement is true?

The higher the Diffie-Hellman group number indicates a larger key size.

The higher the Diffie-Hellman group number indicates a smaller prime number (p).

The higher the Diffie-Hellman group number indicates a smaller key size.

The higher the Diffie-Hellman group number indicates no difference in processing requirements.

The Diffie-Hellman Key Agreement is a method used to securely exchange cryptographic keys over an insecure channel. In this method, a large prime number (p) and a generator (g) are chosen. The group number refers to the size of the prime number (p). The larger the group number, the larger the prime number, and consequently, the larger the key size. A larger key size provides stronger security and makes it more difficult for an attacker to break the encryption. Therefore, the statement that the higher the Diffie-Hellman group number indicates a larger key size is true.

Explanation

The Diffie-Hellman Key Agreement is a method used to securely exchange cryptographic keys over an insecure channel. In this method, a large prime number (p) and a generator (g) are chosen. The group number refers to the size of the prime number (p). The larger the group number, the larger the prime number, and consequently, the larger the key size. A larger key size provides stronger security and makes it more difficult for an attacker to break the encryption. Therefore, the statement that the higher the Diffie-Hellman group number indicates a larger key size is true.

21. You suspect that a Windows host has been infected with malware, and the malware is creating many TCP connections. Which Windows command would you use to display all the active TCP connections on the host?

Net view

Systeminfo

Route print

Netstat

The correct answer is "netstat." Netstat is a command-line tool used to display active TCP connections on a Windows host. By running the netstat command, you can view information such as the local and foreign addresses, state of the connection, and the process ID associated with each connection. This can help identify any suspicious or unwanted connections that may be a result of malware activity.

Explanation

The correct answer is "netstat." Netstat is a command-line tool used to display active TCP connections on a Windows host. By running the netstat command, you can view information such as the local and foreign addresses, state of the connection, and the process ID associated with each connection. This can help identify any suspicious or unwanted connections that may be a result of malware activity.

22. Which one of the following options describes the concept of small changes in data causing a large change in the hash algorithm output?

Butterfly effect

Keyed effect

Avalanche effect

Fibonacci effect

The concept of the avalanche effect refers to the phenomenon where even a small change in input data to a hash algorithm results in a significantly different output. This means that a slight modification in the original data will cause the hash algorithm to produce a completely different hash value. The avalanche effect is a desirable property in hash algorithms as it ensures that even a tiny alteration in the input will lead to a drastic change in the output, thereby enhancing security and preventing predictability.

Explanation

The concept of the avalanche effect refers to the phenomenon where even a small change in input data to a hash algorithm results in a significantly different output. This means that a slight modification in the original data will cause the hash algorithm to produce a completely different hash value. The avalanche effect is a desirable property in hash algorithms as it ensures that even a tiny alteration in the input will lead to a drastic change in the output, thereby enhancing security and preventing predictability.

23. Which one of the following options is used to determine the strength of a modern encryption algorithm?

Message digest (fingerprint) size

Cipher block size

Key size

Encryption operations OSI layer

The longer the encryption key is, the longer it takes an attacker to break it.

Explanation

The longer the encryption key is, the longer it takes an attacker to break it.

24. Which statement is correct?

The mail user agent is also called the SMTP daemon.

The DNS A record is used to locate the FQDN of the mail server for a domain.

POP is used by the groupware server to send emails to the MTA.

Microsoft Exchange is the groupware server and Microsoft Outlook is the mail user agent.

not-available-via-ai

Explanation

not-available-via-ai

25. What is the primary purpose for using an encryption algorithm on a message?

Availability

Integrity

Confidentiality

Authentication

Encryption is the process of disguising a message in such a way as to hide its original contents. With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message. Decryption reverses this process. Encryption is used to guarantee confidentiality so that only authorized entities can read the original message.

Explanation

Encryption is the process of disguising a message in such a way as to hide its original contents. With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message. Decryption reverses this process. Encryption is used to guarantee confidentiality so that only authorized entities can read the original message.

26. Which Windows netstat command options can be used to link the open connection to the owning process ID?

-abno

-abe

-ars

-af

The correct answer is "-abno". This option displays the active TCP connections and includes the process ID (PID) and process name for each connection. By using this option, we can link the open connection to the owning process ID.

Explanation

The correct answer is "-abno". This option displays the active TCP connections and includes the process ID (PID) and process name for each connection. By using this option, we can link the open connection to the owning process ID.

27. Which protocols use the well-known TCP port 110?

POP

IMAP

SMTP

DNS

POP (Post Office Protocol) is a protocol that is used for retrieving email from a mail server. It uses TCP port 110 as the default port for communication. This means that when a client wants to retrieve email from a server using POP, it will connect to the server's TCP port 110. Therefore, the correct answer is POP.

Explanation

POP (Post Office Protocol) is a protocol that is used for retrieving email from a mail server. It uses TCP port 110 as the default port for communication. This means that when a client wants to retrieve email from a server using POP, it will connect to the server's TCP port 110. Therefore, the correct answer is POP.

28. Which of the following protocols is typically used as the communication channel between the client and the DDNS provider?

ARP

DHCP

HTTP/HTTPS

ICMP

The communication between the client and the DDNS (Dynamic DNS) provider typically occurs over HTTP/HTTPS protocols. These protocols are commonly used for transferring data between a client (such as a computer or a mobile device) and a server (such as the DDNS provider's server). ARP (Address Resolution Protocol) is used for mapping IP addresses to MAC addresses on a local network, DHCP (Dynamic Host Configuration Protocol) is used for assigning IP addresses to devices on a network, and ICMP (Internet Control Message Protocol) is used for network diagnostics and troubleshooting.

Explanation

The communication between the client and the DDNS (Dynamic DNS) provider typically occurs over HTTP/HTTPS protocols. These protocols are commonly used for transferring data between a client (such as a computer or a mobile device) and a server (such as the DDNS provider's server). ARP (Address Resolution Protocol) is used for mapping IP addresses to MAC addresses on a local network, DHCP (Dynamic Host Configuration Protocol) is used for assigning IP addresses to devices on a network, and ICMP (Internet Control Message Protocol) is used for network diagnostics and troubleshooting.

29. What SQL command is used by attackers to exfiltrate sensitive data?

Alter

Drop

Select

Get

Post

Attackers use the "select" SQL command to exfiltrate sensitive data. The "select" command allows them to retrieve specific data from a database, including sensitive information such as personal data, financial records, or login credentials. By crafting malicious SQL queries, attackers can exploit vulnerabilities in the system and extract the desired data without authorization. This command is commonly used in SQL injection attacks, where attackers manipulate input fields to inject malicious SQL code and perform unauthorized actions on the database.

Explanation

Attackers use the "select" SQL command to exfiltrate sensitive data. The "select" command allows them to retrieve specific data from a database, including sensitive information such as personal data, financial records, or login credentials. By crafting malicious SQL queries, attackers can exploit vulnerabilities in the system and extract the desired data without authorization. This command is commonly used in SQL injection attacks, where attackers manipulate input fields to inject malicious SQL code and perform unauthorized actions on the database.

30. Which one of the following methods of cryptanalysis should you use if you only have access to the cipher text messages (all of which have been encrypted using the same encryption algorithm), and want to perform statistical analysis to attempt to determine the potentially weak keys?

Chosen-plaintext attack

Ciphertext-only attack

Birthday attack

Chosen-ciphertext attack

A ciphertext-only attack is the correct method of cryptanalysis to use in this scenario. This attack involves analyzing the cipher text messages without any knowledge of the corresponding plaintext or the encryption algorithm. By performing statistical analysis on the cipher text, patterns and frequencies can be identified, which may help in determining potential weak keys used for encryption. This method is particularly useful when only the cipher text is available and no other information about the encryption process is known.

Explanation

A ciphertext-only attack is the correct method of cryptanalysis to use in this scenario. This attack involves analyzing the cipher text messages without any knowledge of the corresponding plaintext or the encryption algorithm. By performing statistical analysis on the cipher text, patterns and frequencies can be identified, which may help in determining potential weak keys used for encryption. This method is particularly useful when only the cipher text is available and no other information about the encryption process is known.

31. If an engineering server's risk of having a hard drive failure is assigned a risk level of $500, which assessment strategy is being used?

Quantitative

Non-discretionary

Impact

Qualitative

Mandatory

Discretionary

The given correct answer for this question is "quantitative." This is because the risk level of having a hard drive failure on the engineering server is assigned a specific monetary value of $500, indicating a quantitative assessment strategy. This strategy involves assigning numerical values to risks, which allows for easier comparison and analysis of the potential impact of each risk.

Explanation

The given correct answer for this question is "quantitative." This is because the risk level of having a hard drive failure on the engineering server is assigned a specific monetary value of $500, indicating a quantitative assessment strategy. This strategy involves assigning numerical values to risks, which allows for easier comparison and analysis of the potential impact of each risk.

32. Which one of the following statements describes the risk of not destroying a session key that is no longer used for completed communication of encrypted data?

Systems can only store a certain number of keys and could be unable to generate new keys for communication.

It increases the risk of duplicate keys existing for the key space of the algorithm.

The attacker could have captured the encrypted communication and stored it while waiting for an opportunity to acquire the key.

The risk of weaker keys being generated increases as the number of keys stored increases.

Not destroying a session key that is no longer used for completed communication of encrypted data increases the risk that the attacker could have captured the encrypted communication and stored it while waiting for an opportunity to acquire the key. This means that if the key is compromised in the future, the attacker could decrypt the stored communication and gain access to sensitive information. Therefore, it is important to destroy session keys that are no longer needed to mitigate this risk.

Explanation

Not destroying a session key that is no longer used for completed communication of encrypted data increases the risk that the attacker could have captured the encrypted communication and stored it while waiting for an opportunity to acquire the key. This means that if the key is compromised in the future, the attacker could decrypt the stored communication and gain access to sensitive information. Therefore, it is important to destroy session keys that are no longer needed to mitigate this risk.

33. What are three examples of PII? (Choose three.)

Type and model of personal vehicle

Business email address

Passport number

Office location

Place and date of birth

Fingerprints

The three examples of Personally Identifiable Information (PII) are passport number, place and date of birth, and fingerprints. PII refers to any information that can be used to identify an individual, and these examples all contain unique identifiers that are directly linked to a specific person. The type and model of a personal vehicle, business email address, and office location may provide some information about an individual, but they are not considered PII as they do not directly identify a person.

Explanation

The three examples of Personally Identifiable Information (PII) are passport number, place and date of birth, and fingerprints. PII refers to any information that can be used to identify an individual, and these examples all contain unique identifiers that are directly linked to a specific person. The type and model of a personal vehicle, business email address, and office location may provide some information about an individual, but they are not considered PII as they do not directly identify a person.

Submit

34. Which statement is correct?

The mail user agent is also called the SMTP daemon.

The DNS A record is used to locate the FQDN of the mail server for a domain.

POP is used by the groupware server to send emails to the MTA.

Microsoft Exchange is the groupware server and Microsoft Outlook is the mail user agent.

The statement "Microsoft Exchange is the groupware server and Microsoft Outlook is the mail user agent" is correct because Microsoft Exchange is a popular groupware server that provides email, calendar, and contact management functionality, while Microsoft Outlook is a mail user agent that allows users to access and manage their email accounts.

Explanation

The statement "Microsoft Exchange is the groupware server and Microsoft Outlook is the mail user agent" is correct because Microsoft Exchange is a popular groupware server that provides email, calendar, and contact management functionality, while Microsoft Outlook is a mail user agent that allows users to access and manage their email accounts.

35. Which one of the following encryption algorithms is the preferred symmetrical algorithm that is intended to replace 3DES?

DES

SHA256

MD5

AES

DSA

RSA

For several years, it was recognized that DES would eventually reach the end of its usefulness. In 1997, the AES initiative was announced, and the public was invited to propose candidate encryption schemes, one of which could be chosen as the encryption standard to replace DES. The U.S. Secretary of Commerce approved the adoption of AES as an official U.S. government standard, effective May 26, 200

Explanation

For several years, it was recognized that DES would eventually reach the end of its usefulness. In 1997, the AES initiative was announced, and the public was invited to propose candidate encryption schemes, one of which could be chosen as the encryption standard to replace DES. The U.S. Secretary of Commerce approved the adoption of AES as an official U.S. government standard, effective May 26, 200

36. What two are triggers for an organization to perform a vulnerability assessment? (Choose two.)

When software or hardware updates are released.

When new users are brought on-board

When a new technology or software is planned to be deployed

Only when the network is initially deployed

The two triggers for an organization to perform a vulnerability assessment are when software or hardware updates are released and when a new technology or software is planned to be deployed. Performing a vulnerability assessment after software or hardware updates are released ensures that any potential vulnerabilities introduced by the updates are identified and addressed. Similarly, conducting a vulnerability assessment before deploying a new technology or software helps identify any weaknesses or vulnerabilities that could be exploited. These triggers help ensure that the organization's systems and networks remain secure and protected.

Explanation

The two triggers for an organization to perform a vulnerability assessment are when software or hardware updates are released and when a new technology or software is planned to be deployed. Performing a vulnerability assessment after software or hardware updates are released ensures that any potential vulnerabilities introduced by the updates are identified and addressed. Similarly, conducting a vulnerability assessment before deploying a new technology or software helps identify any weaknesses or vulnerabilities that could be exploited. These triggers help ensure that the organization's systems and networks remain secure and protected.

Submit

37. To communicate that a document is using a digital signature, which one of the following is the next step in the process after a hash of the document is calculated by the sender?

The hash is signed using the public key of the receiver.

The hash is stored by the sender.

The hash is encrypted using the private key of the sender.

The hash is appended to the end of the document.

After calculating the hash of the document, the next step in the process is to encrypt the hash using the private key of the sender. This is done to create a digital signature for the document. By encrypting the hash with the sender's private key, it ensures that only the sender, who possesses the corresponding public key, can decrypt and verify the signature. This provides authentication and integrity to the document, as any modifications to the document would result in a different hash value and the signature would no longer be valid.

Explanation

After calculating the hash of the document, the next step in the process is to encrypt the hash using the private key of the sender. This is done to create a digital signature for the document. By encrypting the hash with the sender's private key, it ensures that only the sender, who possesses the corresponding public key, can decrypt and verify the signature. This provides authentication and integrity to the document, as any modifications to the document would result in a different hash value and the signature would no longer be valid.

38. What are two examples of the impacts of cryptography on security investigations that an analyst must know? (Choose two)

Attackers can attack the cryptographic algorithms.

Cryptographic algorithms make it impossible for an attacker to carry out an attack.

Attackers can use cryptography to hide their attacks.

Cryptography does not offer any security against attacks.

Cryptography plays a crucial role in security investigations. Attackers can target the cryptographic algorithms themselves, attempting to exploit vulnerabilities or weaknesses in the algorithms to gain unauthorized access. Additionally, attackers can utilize cryptography to conceal their malicious activities, making it challenging for analysts to detect and investigate their attacks. Understanding these impacts is vital for analysts to effectively assess and mitigate security threats.

Explanation

Cryptography plays a crucial role in security investigations. Attackers can target the cryptographic algorithms themselves, attempting to exploit vulnerabilities or weaknesses in the algorithms to gain unauthorized access. Additionally, attackers can utilize cryptography to conceal their malicious activities, making it challenging for analysts to detect and investigate their attacks. Understanding these impacts is vital for analysts to effectively assess and mitigate security threats.

Submit

39. Which one of the following algorithms is most susceptible to collision when hashing different data sets?

SHA-512

SHA-256

SHA-1

MD5

MD5 was originally thought to be collision-resistant, but has been shown to have collision vulnerabilities.

Explanation

MD5 was originally thought to be collision-resistant, but has been shown to have collision vulnerabilities.

40. Select the ones you like

Option1

Option2

Option3

Option4

The correct answer is Option1 because it is the option that the person selecting the answer likes.

Explanation

The correct answer is Option1 because it is the option that the person selecting the answer likes.

41. What protocol uses TCP port 143?

SMTP

POP

LDAP

IMAP

IMAP (Internet Message Access Protocol) is a protocol that is used for retrieving and accessing email messages from a mail server. It uses TCP port 143 for communication. SMTP (Simple Mail Transfer Protocol) is used for sending email messages, POP (Post Office Protocol) is used for retrieving email messages from a mail server, and LDAP (Lightweight Directory Access Protocol) is used for accessing and maintaining directory information. Therefore, the correct answer is IMAP because it specifically uses TCP port 143.

Explanation

IMAP (Internet Message Access Protocol) is a protocol that is used for retrieving and accessing email messages from a mail server. It uses TCP port 143 for communication. SMTP (Simple Mail Transfer Protocol) is used for sending email messages, POP (Post Office Protocol) is used for retrieving email messages from a mail server, and LDAP (Lightweight Directory Access Protocol) is used for accessing and maintaining directory information. Therefore, the correct answer is IMAP because it specifically uses TCP port 143.

42. Which one of the following statements best describes crypto analysis?

The practice of breaking codes to obtain the meaning of encrypted data.

The practice of creating one-way encryption cryptographic algorithms.

The practice of breaking codes to obtain the fingerprint of encrypted data.

The practice of creating codes to obscure the meaning of plaintext data.

Crypto analysis refers to the practice of breaking codes in order to decipher or understand the meaning of encrypted data. This involves analyzing and deciphering cryptographic algorithms, keys, or codes used to encrypt the data. The purpose of crypto analysis is to reveal the original message or information that has been concealed through encryption.

Explanation

Crypto analysis refers to the practice of breaking codes in order to decipher or understand the meaning of encrypted data. This involves analyzing and deciphering cryptographic algorithms, keys, or codes used to encrypt the data. The purpose of crypto analysis is to reveal the original message or information that has been concealed through encryption.

43. Referring to the sample URL below, what statement is correct?https://www.test.example.com/tags/html_form_submit.asp?text=Hello+C+C+N+A

The plus (+) signs are used to represent the space character.

The question mark (?) sign is used to represent the space character.

The top-level domain is test.example.com.

The top-level domain is example.com.

The correct answer is that the plus (+) signs are used to represent the space character. This is because in the given URL, the text parameter is "Hello+C+C+N+A" which includes plus signs (+) instead of spaces. In URLs, spaces are not allowed and are typically represented by plus signs or percent encoding.

Explanation

The correct answer is that the plus (+) signs are used to represent the space character. This is because in the given URL, the text parameter is "Hello+C+C+N+A" which includes plus signs (+) instead of spaces. In URLs, spaces are not allowed and are typically represented by plus signs or percent encoding.

44. Which one of the following options was used by Diffie-Hellman to determine the strength of the key that is used in the key agreement process?

DH group

DH prime number (p)

DH modulus

DH base generator (g)

Diffie-Hellman used different DH groups to determine the strength of the key that is used in the key agreement process. The higher group numbers are more secure, but require additional time to compute the key. Each DH group specifies the values of p and g. DH groups are supported by Cisco IOS Software and the associated size of the value of the prime p:

DH Group 1: 768 bits

DH Group 2: 1024 bits

DH Group 5: 1536 bits

DH Group 14: 2048 bits

DH Group 15: 3072 bits

DH Group 16: 4096 bits

A DH key agreement can also be based on elliptic curve cryptography. Its use is included in the Suite B cryptographic suites. DH groups 19, 20, and 24, based on elliptic curve cryptography, are also supported by Cisco IOS Software.

Explanation

Diffie-Hellman used different DH groups to determine the strength of the key that is used in the key agreement process. The higher group numbers are more secure, but require additional time to compute the key. Each DH group specifies the values of p and g. DH groups are supported by Cisco IOS Software and the associated size of the value of the prime p:

DH Group 1: 768 bits

DH Group 2: 1024 bits

DH Group 5: 1536 bits

DH Group 14: 2048 bits

DH Group 15: 3072 bits

DH Group 16: 4096 bits

A DH key agreement can also be based on elliptic curve cryptography. Its use is included in the Suite B cryptographic suites. DH groups 19, 20, and 24, based on elliptic curve cryptography, are also supported by Cisco IOS Software.

45. If a client connected to a server using SSHv1 previously, how should the client be able to authenticate the server?

The same encryption algorithm will be used each time and will be in the client cache.

The server will autofill the stored password for the client upon connection.

The client will receive the same public key that it had stored for the server.

The server will not use any asymmetric encryption, and jump right to symmetric encryption.

SSHv1 uses a connection process as follows:

The client connects to the server and the server presents the client with its public key.

The client and server negotiate the security transforms. The two sides agree to a mutually supported symmetric encryption algorithm. This negotiation occurs in the clear. A party that intercepts the communication will be aware of the encryption algorithm that is agreed upon.

The client constructs a session key of the appropriate length to support the agreed-upon encryption algorithm. The client encrypts the session key with the server’s public key. Only the server has the appropriate private key that can decrypt the session key.

The client sends the encrypted session key to the server. The server decrypts the session key using its private key. At this point, both the client and the server have the shared session key. That key is not available to any other systems. From this point on, the session between the client and server is encrypted using a symmetric encryption algorithm.

With privacy in place, user authentication ensues. The user’s credentials and all other data are protected.

Not only does the use of asymmetric encryption facilitate symmetric key exchange, it also facilitates peer authentication. If the client is aware of the server’s public key, it would recognize if it connected to a nonauthentic system when the nonauthentic system provided a different public key.

Explanation

SSHv1 uses a connection process as follows:

The client connects to the server and the server presents the client with its public key.

The client and server negotiate the security transforms. The two sides agree to a mutually supported symmetric encryption algorithm. This negotiation occurs in the clear. A party that intercepts the communication will be aware of the encryption algorithm that is agreed upon.

The client constructs a session key of the appropriate length to support the agreed-upon encryption algorithm. The client encrypts the session key with the server’s public key. Only the server has the appropriate private key that can decrypt the session key.

The client sends the encrypted session key to the server. The server decrypts the session key using its private key. At this point, both the client and the server have the shared session key. That key is not available to any other systems. From this point on, the session between the client and server is encrypted using a symmetric encryption algorithm.

With privacy in place, user authentication ensues. The user’s credentials and all other data are protected.

Not only does the use of asymmetric encryption facilitate symmetric key exchange, it also facilitates peer authentication. If the client is aware of the server’s public key, it would recognize if it connected to a nonauthentic system when the nonauthentic system provided a different public key.

46. What is the security property that guarantees that sensitive information is changed only by an authorized party?

Integrity

Availability

Confidentiality

Accountability

Visibility

Integrity is the security property that ensures that sensitive information is changed only by an authorized party. It involves maintaining the accuracy, consistency, and reliability of data throughout its lifecycle. By implementing measures such as access controls, data validation, and audit trails, integrity ensures that unauthorized modifications or tampering with sensitive information are prevented. This helps to maintain the trustworthiness and reliability of the data, protecting it from unauthorized changes and ensuring that only authorized parties can make modifications.

Explanation

Integrity is the security property that ensures that sensitive information is changed only by an authorized party. It involves maintaining the accuracy, consistency, and reliability of data throughout its lifecycle. By implementing measures such as access controls, data validation, and audit trails, integrity ensures that unauthorized modifications or tampering with sensitive information are prevented. This helps to maintain the trustworthiness and reliability of the data, protecting it from unauthorized changes and ensuring that only authorized parties can make modifications.

47. Which two of the following statements are true regarding the CA in a PKI deployment? (Choose two.)

The CA is the trusted third party that signs the public keys of entities in a PKI-based system.

The CA becomes the center point of communications between two hosts using certificates that are issued by the CA.

The CA issues either a certificate revocation list (CRL) or uses an OCSP process to determine certificate validity.

A root CA is not necessary in a PKI.

In a PKI deployment, the CA plays a crucial role as the trusted third party that signs the public keys of entities. This ensures the authenticity and integrity of the certificates issued in the system. Additionally, the CA is responsible for determining the validity of certificates. This can be done through either issuing a certificate revocation list (CRL) or utilizing an Online Certificate Status Protocol (OCSP) process. These mechanisms allow for the identification of compromised or revoked certificates, ensuring the security of the PKI infrastructure.

Explanation

In a PKI deployment, the CA plays a crucial role as the trusted third party that signs the public keys of entities. This ensures the authenticity and integrity of the certificates issued in the system. Additionally, the CA is responsible for determining the validity of certificates. This can be done through either issuing a certificate revocation list (CRL) or utilizing an Online Certificate Status Protocol (OCSP) process. These mechanisms allow for the identification of compromised or revoked certificates, ensuring the security of the PKI infrastructure.

Submit

48. What type of attack describes malicious JavaScript, which redirects an unsuspecting user to download malware from a remote website?

Session hijacking

SQL injection

Drive-by-download

Denial of service

A drive-by-download is a type of attack where malicious JavaScript code is used to redirect an unsuspecting user to download malware from a remote website. In this attack, the user does not have to click on anything or take any action to initiate the download, making it particularly dangerous and stealthy.

Explanation

A drive-by-download is a type of attack where malicious JavaScript code is used to redirect an unsuspecting user to download malware from a remote website. In this attack, the user does not have to click on anything or take any action to initiate the download, making it particularly dangerous and stealthy.

49. The ECDHE_ECDSA part of the cipher list identifies which one of the following algorithms?

Authentication and key exchange

Encryption

Message authentication code

Pseudorandom function

The ECDHE_ECDSA part of the cipher list identifies the authentication and key exchange algorithm. This algorithm is used to authenticate the identities of the communicating parties and establish a secure session key for encryption. ECDHE_ECDSA stands for Elliptic Curve Diffie-Hellman Ephemeral with Elliptic Curve Digital Signature Algorithm, which is a secure key exchange protocol using elliptic curve cryptography and digital signatures.

Explanation

The ECDHE_ECDSA part of the cipher list identifies the authentication and key exchange algorithm. This algorithm is used to authenticate the identities of the communicating parties and establish a secure session key for encryption. ECDHE_ECDSA stands for Elliptic Curve Diffie-Hellman Ephemeral with Elliptic Curve Digital Signature Algorithm, which is a secure key exchange protocol using elliptic curve cryptography and digital signatures.

50. Which two of the following options must be included in the CSR that is to be signed by a CA? (Choose two.)

Subject’s public key information

Written invitation code to join the CA

Subject identity information

Certificate intended usage

To obtain an identity certificate, a system administrator will enroll with the PKI. The first step is to obtain the CA’s identity certificate. The next step is to create a CSR (PKCS #10). The CSR contains the identity information that is associated with the enrolling system, which can include data such as the system name, the organization to which the system belongs, and location information. Most importantly, the enrolling system’s public key is included with the CSR.

Explanation

To obtain an identity certificate, a system administrator will enroll with the PKI. The first step is to obtain the CA’s identity certificate. The next step is to create a CSR (PKCS #10). The CSR contains the identity information that is associated with the enrolling system, which can include data such as the system name, the organization to which the system belongs, and location information. Most importantly, the enrolling system’s public key is included with the CSR.

Submit

51. Which type of ciphers rearrange or permutate letters?

Substitution

Polyalphabetic

Transposition

One-time pad

Transposition ciphers rearrange or permutate letters, instead of replacing them. Transposition is also known as permutation. An example of this type of cipher takes the message “THE PACKAGE IS DELIVERED” and transposes it to read “DEREVILEDSIEGAKCAPEHT.” In this example, the key is to reverse the letters.

Explanation

Transposition ciphers rearrange or permutate letters, instead of replacing them. Transposition is also known as permutation. An example of this type of cipher takes the message “THE PACKAGE IS DELIVERED” and transposes it to read “DEREVILEDSIEGAKCAPEHT.” In this example, the key is to reverse the letters.

52. What does a digital certificate certify about an entity?

A digital certificate certifies the ownership of the public key of the named subject of the certificate.

A digital certificate certifies the ownership of the public key of the named subject of the certificate.A digital certificate certifies the ownership of the public key of the named subject of the certificate.

A digital certificate certifies the ownership of the public key of the named subject of the certificate.

A digital certificate certifies the ownership of the public key of the named subject of the certificate. This means that the certificate confirms that the entity named in the certificate is the legitimate owner of the public key associated with it. The digital certificate provides a way to verify the identity and authenticity of the entity, ensuring secure communication and transactions.

Explanation

A digital certificate certifies the ownership of the public key of the named subject of the certificate. This means that the certificate confirms that the entity named in the certificate is the legitimate owner of the public key associated with it. The digital certificate provides a way to verify the identity and authenticity of the entity, ensuring secure communication and transactions.

53. Which one of the following is the PKI operation that would likely cause out-of-band communication over the phone?

The client checks with the CA to determine whether a certificate has been revoked.

The client validates with the CA to determine if the peer that they are communicating with is the entity that is identified in a certificate.

A new signed certificate is received by the certificate applicant from the CA.

The CA administrator contacts the certificate applicant to verify enrollment data before the request can be approved.

But in some instances, particularly when a system needs to enroll with a PKI to obtain an identity certificate for itself, the CA certificate must be requested and installed manually. Then, it is advisable to use an out-of-band method to validate the certificate. For example, the CA administrator can be contacted via the phone to obtain the fingerprint of the valid CA identity certificate. The goal is to verify that the CA certificate that was received was the authentic CA certificate containing the authentic CA public key and not a certificate that is provided by an attacker containing the attacker’s public key.

Explanation

But in some instances, particularly when a system needs to enroll with a PKI to obtain an identity certificate for itself, the CA certificate must be requested and installed manually. Then, it is advisable to use an out-of-band method to validate the certificate. For example, the CA administrator can be contacted via the phone to obtain the fingerprint of the valid CA identity certificate. The goal is to verify that the CA certificate that was received was the authentic CA certificate containing the authentic CA public key and not a certificate that is provided by an attacker containing the attacker’s public key.

54. In dynamic DNS, the term "dynamic" refers to which two of the following characteristics? (Choose two.)

The client's IP address changes frequently.

The client has a dynamic IP address range.

The hostname of the client’s machine changes frequently.

The client’s IP address is not routable.

The term "dynamic" in dynamic DNS refers to the fact that the client's IP address changes frequently and that the client has a dynamic IP address range. This means that the client's IP address is not fixed and can vary over time, and the client is assigned IP addresses from a range that is subject to change. This dynamic nature allows for the automatic updating of DNS records to reflect the current IP address of the client's machine.

Explanation

The term "dynamic" in dynamic DNS refers to the fact that the client's IP address changes frequently and that the client has a dynamic IP address range. This means that the client's IP address is not fixed and can vary over time, and the client is assigned IP addresses from a range that is subject to change. This dynamic nature allows for the automatic updating of DNS records to reflect the current IP address of the client's machine.

Submit

55. Which one of the following encryption methodologies allows you to maintain the privacy of an email communication, and ensure the origin of the message using PGP?

Which one of the following encryption methodologies allows you to maintain the privacy of an email communication, and ensure the origin of the message using PGP?

Encrypt the message with your private key, and again with the destination’s public key, so that the recipients can decrypt the message with their private key and your public key.

Encrypt the message with your public key, and again with the destination’s private key, so that the recipients can decrypt the message with your private key and their public key.

Encrypt the message with the destination’s private key so that the recipients can decrypt it with their private key and know they are the only party who generated the private key.

The content of emails is encrypted twice, once with the sender’s private key, and again with the receiver’s public key.

Explanation

The content of emails is encrypted twice, once with the sender’s private key, and again with the receiver’s public key.

56. Many legacy cipher suites available in TLS are deemed insecure. Which three of the following traits make them insecure? (Choose three.)

Cipher suites using RC4

Cipher suites using MD5

Cipher suites using AES

Cipher suites using SHA-256

Cipher suites using DES

The cipher suites using RC4, MD5, and DES are deemed insecure for several reasons.

Firstly, RC4 is vulnerable to multiple attacks, such as the RC4 bias and the RC4 NOMORE attack, which can lead to the recovery of plaintext from encrypted data.

Secondly, MD5 is a hash function that has been found to have significant vulnerabilities, including collision attacks. This means that it is possible to generate different inputs that produce the same hash value, compromising the integrity of the data.

Lastly, DES is an outdated symmetric encryption algorithm that has a small key size of 56 bits, which makes it susceptible to brute-force attacks. With modern computing power, it is relatively easy to crack DES encryption.

Explanation

The cipher suites using RC4, MD5, and DES are deemed insecure for several reasons.

Firstly, RC4 is vulnerable to multiple attacks, such as the RC4 bias and the RC4 NOMORE attack, which can lead to the recovery of plaintext from encrypted data.

Secondly, MD5 is a hash function that has been found to have significant vulnerabilities, including collision attacks. This means that it is possible to generate different inputs that produce the same hash value, compromising the integrity of the data.

Lastly, DES is an outdated symmetric encryption algorithm that has a small key size of 56 bits, which makes it susceptible to brute-force attacks. With modern computing power, it is relatively easy to crack DES encryption.

Submit

57. Which part of the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 cipher suite is used to specify the bulk encryption algorithm?

ECDHE_ECDSA

AES_128_CBC

SHA256

P384

The bulk encryption algorithm in the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 cipher suite is specified by the "AES_128_CBC" part. This indicates that the Advanced Encryption Standard (AES) with a key size of 128 bits is used for bulk encryption. CBC (Cipher Block Chaining) mode is used for the encryption process, which involves XORing each plaintext block with the previous ciphertext block before encryption.

Explanation

The bulk encryption algorithm in the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 cipher suite is specified by the "AES_128_CBC" part. This indicates that the Advanced Encryption Standard (AES) with a key size of 128 bits is used for bulk encryption. CBC (Cipher Block Chaining) mode is used for the encryption process, which involves XORing each plaintext block with the previous ciphertext block before encryption.

58. What two types of information are encrypted by the HTTPS protocol? (Choose two.)

HTTP cookies

HTTP headers

TCP headers

Ethernet headers

IP headers

The HTTPS protocol encrypts two types of information: HTTP cookies and HTTP headers. HTTP cookies are small pieces of data stored on a user's computer by a website, used to track user behavior and preferences. HTTP headers contain additional information about the HTTP request or response, such as the content type or cache control directives. Encrypting these types of information helps to ensure the privacy and security of user data during transmission over the internet.

Explanation

The HTTPS protocol encrypts two types of information: HTTP cookies and HTTP headers. HTTP cookies are small pieces of data stored on a user's computer by a website, used to track user behavior and preferences. HTTP headers contain additional information about the HTTP request or response, such as the content type or cache control directives. Encrypting these types of information helps to ensure the privacy and security of user data during transmission over the internet.

Submit

59. Referring to the sample URL below, #section1 is which part of the URL?https://www.example.com/document/?docid=123456#section1

Entity marker

Scheme

Index

Named anchor

In the given URL, #section1 is the named anchor. A named anchor is a specific point within a webpage that can be linked to directly. In this case, it refers to a specific section or location within the document with the ID "section1".

Explanation

In the given URL, #section1 is the named anchor. A named anchor is a specific point within a webpage that can be linked to directly. In this case, it refers to a specific section or location within the document with the ID "section1".

60. What is the best way to manage personally identifiable information (PII) data?

Use mandatory access control to secure it

Back it up on a local hard drive

Apply confidentiality processes when handling it

Sign it using a digital signature

The best way to manage personally identifiable information (PII) data is to apply confidentiality processes when handling it. This means taking measures to ensure that the data is kept private and only accessible to authorized individuals. This can involve encrypting the data, implementing access controls and permissions, and regularly monitoring and auditing the handling of the data to prevent unauthorized access or disclosure. By applying confidentiality processes, organizations can effectively protect PII data from unauthorized disclosure and maintain the privacy and security of individuals' personal information.

Explanation

The best way to manage personally identifiable information (PII) data is to apply confidentiality processes when handling it. This means taking measures to ensure that the data is kept private and only accessible to authorized individuals. This can involve encrypting the data, implementing access controls and permissions, and regularly monitoring and auditing the handling of the data to prevent unauthorized access or disclosure. By applying confidentiality processes, organizations can effectively protect PII data from unauthorized disclosure and maintain the privacy and security of individuals' personal information.

61. What kind of response message can a root name server send to the DNS recursor to inform it to ask the gTLD name servers for the .com domain name space?

Referral

Global

Ephemeral

Hierarchal

The root name servers send a DNS referral response message to the DNS recursor informing it to ask the gTLD name servers for the .com domain name space.

The DNS recursor sends a query message to the gTLD name servers looking for the .cisco.com domain name space.

The gTLD name servers send a DNS referral response message to the DNS recursor informing it to ask the .cisco.com name servers, ns1.cisco.com or ns2.cisco.com, about this domain name space.

Explanation

The root name servers send a DNS referral response message to the DNS recursor informing it to ask the gTLD name servers for the .com domain name space.

The DNS recursor sends a query message to the gTLD name servers looking for the .cisco.com domain name space.

The gTLD name servers send a DNS referral response message to the DNS recursor informing it to ask the .cisco.com name servers, ns1.cisco.com or ns2.cisco.com, about this domain name space.

62. What HTTP method is used to request a response without the response body?

GET

POST

HEAD

FETCH

The HEAD method is used to request a response from the server without the response body. It is similar to the GET method, but it only retrieves the headers of the response, without the actual content. This can be useful when you only need to retrieve information about the resource, such as its status code or last modified date, without downloading the entire response body.

Explanation

The HEAD method is used to request a response from the server without the response body. It is similar to the GET method, but it only retrieves the headers of the response, without the actual content. This can be useful when you only need to retrieve information about the resource, such as its status code or last modified date, without downloading the entire response body.

63. Which two statements are true about password hashing? (Choose two.)

Hashing hides the true password value when passed over the network.

Password hashing is becoming less effective as attackers become increasingly proficient at salting.

Some protocols or applications do not support hashing.

Hashing produces a fixed-length "fingerprint" of the data that cannot be reversed.

The first statement is true because when a password is hashed, the original password value is transformed into a fixed-length string of characters that cannot be easily reversed. This ensures that even if the hashed password is intercepted during transmission over a network, the original password value remains hidden.

The fourth statement is also true because hashing produces a fixed-length "fingerprint" or hash value of the data that cannot be reversed. This means that even if an attacker gains access to the hashed password, they cannot easily determine the original password value from the hash alone.

Explanation

The first statement is true because when a password is hashed, the original password value is transformed into a fixed-length string of characters that cannot be easily reversed. This ensures that even if the hashed password is intercepted during transmission over a network, the original password value remains hidden.

The fourth statement is also true because hashing produces a fixed-length "fingerprint" or hash value of the data that cannot be reversed. This means that even if an attacker gains access to the hashed password, they cannot easily determine the original password value from the hash alone.

Submit

64. Which two methods might be used by an analyst to detect SSL/TLS encrypted command-and-control communication? (Choose two.)

Perform analysis of the NetFlow data to detect anomalous TLS/SSL flows

Perform firewall HTTP application inspection to detect for the command and control traffic

Perform decryption and inspection of SSL/TLS traffic

Perform IPS HTTP deep packets inspection to detect for the command and control traffic

Performing analysis of the NetFlow data can help detect anomalous TLS/SSL flows, which can indicate potential command-and-control communication. NetFlow data provides information about network traffic, such as source and destination IP addresses, ports, and protocols, allowing analysts to identify patterns and anomalies. Similarly, performing decryption and inspection of SSL/TLS traffic can reveal any suspicious or malicious activity within the encrypted communication, including command-and-control traffic. By decrypting and inspecting the traffic, analysts can gain visibility into the content and behavior of the communication, enabling them to detect any malicious intent.

Explanation

Performing analysis of the NetFlow data can help detect anomalous TLS/SSL flows, which can indicate potential command-and-control communication. NetFlow data provides information about network traffic, such as source and destination IP addresses, ports, and protocols, allowing analysts to identify patterns and anomalies. Similarly, performing decryption and inspection of SSL/TLS traffic can reveal any suspicious or malicious activity within the encrypted communication, including command-and-control traffic. By decrypting and inspecting the traffic, analysts can gain visibility into the content and behavior of the communication, enabling them to detect any malicious intent.

Submit

65. Match the term on the left with its definition on the right.

ensuring that only authorized parties can read a message

ensuring that changes to data in transit will be detected and rejected

ensuring that any messages that were received were actually sent from perceived origin

ensuring that the original source of a message cannot deny having produced the message

Confidentiality: Ensuring that only authorized parties can read a message

Data integrity: Ensuring that any changes to data in transit will be detected and rejected

Origin authentication: Ensuring that any messages received were actually sent from the perceived origin

Non-repudiation: Ensuring that the original source of a secured message cannot deny having produced the message

Explanation

Confidentiality: Ensuring that only authorized parties can read a message

Data integrity: Ensuring that any changes to data in transit will be detected and rejected

Origin authentication: Ensuring that any messages received were actually sent from the perceived origin

Non-repudiation: Ensuring that the original source of a secured message cannot deny having produced the message

Submit

66. Which two statements are true about malvertisements? (Choose two.)

Malvertisements are sometimes set up to affect all visitors to a site only during a specific period of time.

Malvertisements’ malicious code remains forever.

Malvertisements affect both trustworthy and untrustworthy sites.

Infection only occurs when the victim clicks a malvertisement.

Malvertisements are sometimes set up to affect all visitors to a site only during a specific period of time. This means that the malicious advertisements may only be active for a limited duration, targeting all visitors to a website during that time. Additionally, malvertisements can affect both trustworthy and untrustworthy sites, indicating that any website can potentially be compromised by these malicious ads.

Explanation

Malvertisements are sometimes set up to affect all visitors to a site only during a specific period of time. This means that the malicious advertisements may only be active for a limited duration, targeting all visitors to a website during that time. Additionally, malvertisements can affect both trustworthy and untrustworthy sites, indicating that any website can potentially be compromised by these malicious ads.

Submit

67. Which one of the following is the first exchange during SSHv1 authentication negotiation?

The server requests a username and password from the user.

The server sends a public key to the client.

The client generates a session key.

The client and server agree upon the encryption algorithm.

In SSHv1 authentication negotiation, the first exchange involves the server sending a public key to the client. This exchange is part of the initial authentication process where the server provides its public key to the client. The client can then use this public key to verify the authenticity of the server and establish a secure connection. This exchange is crucial for ensuring secure communication between the client and server in SSHv1.

Explanation

In SSHv1 authentication negotiation, the first exchange involves the server sending a public key to the client. This exchange is part of the initial authentication process where the server provides its public key to the client. The client can then use this public key to verify the authenticity of the server and establish a secure connection. This exchange is crucial for ensuring secure communication between the client and server in SSHv1.

68. Which one of the following options is the block cipher mode that uses an encryption method which has a feedback mechanism where each plaintext block is XORed with the previously encrypted block, and then is encrypted with the DES key?

ECB

CBC

DES

3DES

CBC: In CBC mode, each 64-bit plaintext block is XORed bitwise with the previous ciphertext block and then is encrypted with the DES key. Because of this process, the encryption of each block depends on previous blocks. Encryption of the same 64-bit plaintext block can result in different ciphertext blocks.

Explanation

CBC: In CBC mode, each 64-bit plaintext block is XORed bitwise with the previous ciphertext block and then is encrypted with the DES key. Because of this process, the encryption of each block depends on previous blocks. Encryption of the same 64-bit plaintext block can result in different ciphertext blocks.

69. What is the reason that a digital signature can be used to provide the authenticity of digitally signed data?

Only the recipient has a copy of the private key to decrypt the signature

Both the signer and the recipient must first agree on the public/private key pair that is only known to both parties.

Only the signer has sole possession of the private key.

Both the signer and the recipient must first agree on a shared secret key that is only known to both parties.

A digital signature is used to provide the authenticity of digitally signed data because only the signer has sole possession of the private key. This means that only the signer is able to create the digital signature using their private key, and it cannot be replicated or forged by anyone else. The recipient can then verify the authenticity of the data by decrypting the signature using the corresponding public key, which is widely available. This ensures that the data has not been tampered with and can be trusted.

Explanation

A digital signature is used to provide the authenticity of digitally signed data because only the signer has sole possession of the private key. This means that only the signer is able to create the digital signature using their private key, and it cannot be replicated or forged by anyone else. The recipient can then verify the authenticity of the data by decrypting the signature using the corresponding public key, which is widely available. This ensures that the data has not been tampered with and can be trusted.

70. Which three of the following options does the client validate on inspection of a server certificate? (Choose three.)

The current time is within the certificate’s validity date.

The subject matches the URL that is being visited.

The signature of the CA that is in the certificate is valid.

A root DNS server provided the IP address for the URL.

The website was already in the browser’s cache.

The client already has a session key for the URL.

The client validates three options on inspection of a server certificate:
1) The current time is within the certificate's validity date to ensure that the certificate has not expired.
2) The subject matches the URL that is being visited to verify that the certificate is issued for the correct website.
3) The signature of the CA that is in the certificate is valid to confirm that the certificate is issued by a trusted certificate authority.

Explanation

The client validates three options on inspection of a server certificate:
1) The current time is within the certificate's validity date to ensure that the certificate has not expired.
2) The subject matches the URL that is being visited to verify that the certificate is issued for the correct website.
3) The signature of the CA that is in the certificate is valid to confirm that the certificate is issued by a trusted certificate authority.

Submit

71. Which two statements are correct regarding NSA Suite B? (Choose two.)

Use AES with 128- or 256-bit keys in the GCM mode.

NSA Suite B calls for AES CBC mode because it can provide authenticated encryption.

NSA Suite B calls for ECDH, which is a more advanced variant of the Diffie-Hellman algorithm using the elliptic curve mathematics model.

The SHA-1 message digest has stronger security than SHA-2.

Encryption using the AES with128- or 256-bit keys in the GCM mode. The block cipher modes of operation include CTR mode and GCM mode, in which case, GCM is the most common. GCM is an authenticated encryption algorithm that is designed to provide both data authenticity and confidentiality.

Explanation

Encryption using the AES with128- or 256-bit keys in the GCM mode. The block cipher modes of operation include CTR mode and GCM mode, in which case, GCM is the most common. GCM is an authenticated encryption algorithm that is designed to provide both data authenticity and confidentiality.

Submit

72. Which two best describe the difference between XSS and CSRF? (Choose two.)

XSS exploits the user's trust in a particular web site.

CSRF exploits the web site's trust in a user’s browser.

XSS exploits the web site's trust in a user’s browser.

CSRF exploits the user's trust in a particular web site.

XSS (Cross-Site Scripting) and CSRF (Cross-Site Request Forgery) are both web security vulnerabilities, but they differ in their exploitation methods. XSS exploits the user's trust in a particular website by injecting malicious scripts into the website, which are then executed by the user's browser. This allows the attacker to steal sensitive information or perform unauthorized actions on behalf of the user. On the other hand, CSRF exploits the website's trust in a user's browser by tricking the website into performing unwanted actions on behalf of the user without their knowledge or consent. This is typically achieved by sending a malicious request from the user's browser, which appears legitimate to the website.

Explanation

XSS (Cross-Site Scripting) and CSRF (Cross-Site Request Forgery) are both web security vulnerabilities, but they differ in their exploitation methods. XSS exploits the user's trust in a particular website by injecting malicious scripts into the website, which are then executed by the user's browser. This allows the attacker to steal sensitive information or perform unauthorized actions on behalf of the user. On the other hand, CSRF exploits the website's trust in a user's browser by tricking the website into performing unwanted actions on behalf of the user without their knowledge or consent. This is typically achieved by sending a malicious request from the user's browser, which appears legitimate to the website.

Submit

73. Which one of the following options explains key space as it relates to cryptography?

Amount of time that a brute force attempt would take to discover the key

Randomness of a generated key

Number of possible keys that could be generated by an algorithm

Number of bits that are contained in a key

The key space in cryptography refers to the number of possible keys that could be generated by an algorithm. It represents the total number of unique keys that can be used for encryption and decryption. A larger key space indicates a higher level of security because it makes it more difficult for an attacker to guess or brute force the correct key. The key space is determined by the length and complexity of the key, and it is an important factor in ensuring the strength of a cryptographic system.

Explanation

The key space in cryptography refers to the number of possible keys that could be generated by an algorithm. It represents the total number of unique keys that can be used for encryption and decryption. A larger key space indicates a higher level of security because it makes it more difficult for an attacker to guess or brute force the correct key. The key space is determined by the length and complexity of the key, and it is an important factor in ensuring the strength of a cryptographic system.

74. What method is used by Cisco OpenDNS to help prevent attacks via iFrame?

Cisco OpenDNS cannot do anything to prevent this type of attack.

Cisco OpenDNS will run the requested web page in a sandbox environment.

Cisco OpenDNS can deny access to known malicious web sites.

Cisco OpenDNS will strip out malicious information from packets.

Cisco OpenDNS can deny access to known malicious web sites. This means that if a user tries to access a website that is known to be malicious or associated with attacks via iFrame, Cisco OpenDNS will block the access and prevent the attack from occurring. This helps to protect users from potential harm and keep their systems secure.

Explanation

Cisco OpenDNS can deny access to known malicious web sites. This means that if a user tries to access a website that is known to be malicious or associated with attacks via iFrame, Cisco OpenDNS will block the access and prevent the attack from occurring. This helps to protect users from potential harm and keep their systems secure.

75. One cryptanalysis method that is used to defeat a multi-step encryption process uses both the original clear text to work forward toward an intermediate value, and the ending cipher text to work backward toward an intermediate value so that the key space that is to be defeated is smaller and more computationally manageable. Which one of the following terms describes this method?

Brute-force attack

Birthday attack

Meet-in-the-middle attack

Ciphertext-only attack

A meet-in-the-middle attack is a cryptanalysis method that utilizes both the original clear text and the ending cipher text to narrow down the key space. By working forward from the clear text and backward from the cipher text, this method aims to find an intermediate value that reduces the computational complexity of breaking the encryption. This technique is effective in defeating multi-step encryption processes by making the key space smaller and more manageable for computation.

Explanation

A meet-in-the-middle attack is a cryptanalysis method that utilizes both the original clear text and the ending cipher text to narrow down the key space. By working forward from the clear text and backward from the cipher text, this method aims to find an intermediate value that reduces the computational complexity of breaking the encryption. This technique is effective in defeating multi-step encryption processes by making the key space smaller and more manageable for computation.

76. What is a DNS server that is responsible for the RRs for its zones considered to be?

Canonical

Distributed

Authoritative

Recursive

An authoritative DNS server is responsible for storing and providing the authoritative information about a specific domain or zone. It holds the correct and up-to-date resource records (RRs) for its zones, such as IP addresses associated with domain names. This server is considered the primary source of information and is trusted to provide accurate responses to DNS queries for its designated zones.

Explanation

An authoritative DNS server is responsible for storing and providing the authoritative information about a specific domain or zone. It holds the correct and up-to-date resource records (RRs) for its zones, such as IP addresses associated with domain names. This server is considered the primary source of information and is trusted to provide accurate responses to DNS queries for its designated zones.

77. Which best describes a fast flux service network?

Uses DNS servers to resolve many different IP addresses over short span of time

A high-bandwidth network

A low latency network

A network that generates large number of random domain names

A fast flux service network is a network that uses DNS servers to rapidly resolve multiple IP addresses within a short period of time. This technique is commonly used by malicious actors to hide the true location of their servers and make it difficult to track and block them. By constantly changing the IP addresses associated with a domain name, it becomes challenging for security systems to identify and mitigate the threats posed by these networks.

Explanation

A fast flux service network is a network that uses DNS servers to rapidly resolve multiple IP addresses within a short period of time. This technique is commonly used by malicious actors to hide the true location of their servers and make it difficult to track and block them. By constantly changing the IP addresses associated with a domain name, it becomes challenging for security systems to identify and mitigate the threats posed by these networks.

78. What is the primary purpose for using a hash algorithm for a message?

Integrity

Availability

Authentication

Confidentiality

Hashing is a mechanism that is used for data integrity assurance.

Explanation

Hashing is a mechanism that is used for data integrity assurance.

79. Which three are SMTP commands? (Choose three.)

HELLO

QUIT

DATA

SEND

SAVE

The three SMTP commands are HELLO, QUIT, and DATA. The HELLO command is used to initiate the SMTP session and identify the client to the server. The QUIT command is used to terminate the session. The DATA command is used to start the data transfer phase, allowing the client to send the email message to the server. The commands SEND and SAVE are not valid SMTP commands.

Explanation

The three SMTP commands are HELLO, QUIT, and DATA. The HELLO command is used to initiate the SMTP session and identify the client to the server. The QUIT command is used to terminate the session. The DATA command is used to start the data transfer phase, allowing the client to send the email message to the server. The commands SEND and SAVE are not valid SMTP commands.

Submit

80. Which five of the following options are components of the X.509 v3 certificate standard? (Choose five.)

Serial number

User name

Issuer

Validity date range

Subject

Subject public key info

Department name

Currently, digital identity certificates use the X.509 version 3 structure:

Version

Serial number

Algorithm ID

Issuer

Validity

Not before

Not after

Subject

Subject public key info

Public key algorithm

Subject public key

Issuer unique identifier (optional)

Subject unique identifier (optional)

Extensions (optional)

...

Certificate signature algorithm

Certificate signature

Explanation

Currently, digital identity certificates use the X.509 version 3 structure:

Version

Serial number

Algorithm ID

Issuer

Validity

Not before

Not after

Subject

Subject public key info

Public key algorithm

Subject public key

Issuer unique identifier (optional)

Subject unique identifier (optional)

Extensions (optional)

...

Certificate signature algorithm

Certificate signature

Submit

81. When using PKI which two of the following are true? (Choose two.)

The client devices must trust the issuing CA root certificate to validate and trust another device certificate that is issued by the same CA.

Currently, the PKI architecture requires that the client devices stay in constant contact with the CA in order to trust a certificate that is issued by the CA.

The CA does not sign the user or device certificate; it only signs its own root certificate.

Currently, PKI digital identity certificates use the X.509 version 3 structure.

When using PKI, it is true that client devices must trust the issuing CA root certificate to validate and trust another device certificate issued by the same CA. This is because the root certificate is used to establish trust in the CA's identity. Additionally, PKI digital identity certificates currently use the X.509 version 3 structure, which is a widely accepted standard for defining the format and content of digital certificates.

Explanation

When using PKI, it is true that client devices must trust the issuing CA root certificate to validate and trust another device certificate issued by the same CA. This is because the root certificate is used to establish trust in the CA's identity. Additionally, PKI digital identity certificates currently use the X.509 version 3 structure, which is a widely accepted standard for defining the format and content of digital certificates.

Submit

82. If an engineering server's risk of being hacked is assigned a risk level of very high, which assessment strategy is being used?

Mandatory

Non-discretionary

Discretionary

Quantitative

Impact

Qualitative

The assessment strategy being used in this scenario is qualitative. This is because the risk level of the engineering server being hacked is being assessed based on subjective judgments and opinions rather than numerical data or measurements. Qualitative assessments typically involve evaluating risks based on their characteristics, potential impacts, and expert opinions, rather than relying on quantitative data or calculations.

Explanation

The assessment strategy being used in this scenario is qualitative. This is because the risk level of the engineering server being hacked is being assessed based on subjective judgments and opinions rather than numerical data or measurements. Qualitative assessments typically involve evaluating risks based on their characteristics, potential impacts, and expert opinions, rather than relying on quantitative data or calculations.

83. Which one of the following actions should be taken by a client to verify the entity that they received a certificate from is the entity that should be using the certificate?

Decrypt the certificate signature using the CA private key and check to make sure that the certificate hash matches what they received from the peer.

Send a message encrypted with the system’s peer’s public key to verify that the peer can decrypt the message with the private key of the entity that is identified in the certificate.

Ensure that the issuer and the subject match on the certificate of the peer.

Contact the CA by phone to determine how they validated the identity of the system during certificate enrollment of the peer that they are communicating with.

To be sure that the peer is actually the entity that is identified in the certificate, a system must challenge the peer to prove that it has the private key that is associated with the validated public key. For example, a message can be encrypted with the validated public key and sent to the peer. If the peer can successfully decrypt the message, then the peer must have the associated private key and is therefore the system that is identified by the digital certificate.

Explanation

To be sure that the peer is actually the entity that is identified in the certificate, a system must challenge the peer to prove that it has the private key that is associated with the validated public key. For example, a message can be encrypted with the validated public key and sent to the peer. If the peer can successfully decrypt the message, then the peer must have the associated private key and is therefore the system that is identified by the digital certificate.

84. Which two countermeasures reduce the threat of CSRF? (Choose two.)

Educate users to recognize possible phishing attacks.

Deny access to the public Internet from workstations and laptops.

Visit the OWASP.org web site for up-to-date information and guidance on developing web content.

Implement a proxy server solution for users that access the Internet.

The two countermeasures that reduce the threat of CSRF are educating users to recognize possible phishing attacks and visiting the OWASP.org website for up-to-date information and guidance on developing web content. Educating users about phishing attacks helps them to identify and avoid malicious websites that could potentially carry out CSRF attacks. Visiting the OWASP.org website provides valuable information and guidance on secure web development practices, which can help prevent CSRF vulnerabilities in web applications. Implementing a proxy server solution and denying access to the public internet from workstations and laptops do not directly address the threat of CSRF.

Explanation

The two countermeasures that reduce the threat of CSRF are educating users to recognize possible phishing attacks and visiting the OWASP.org website for up-to-date information and guidance on developing web content. Educating users about phishing attacks helps them to identify and avoid malicious websites that could potentially carry out CSRF attacks. Visiting the OWASP.org website provides valuable information and guidance on secure web development practices, which can help prevent CSRF vulnerabilities in web applications. Implementing a proxy server solution and denying access to the public internet from workstations and laptops do not directly address the threat of CSRF.

Submit

85. Which three security services do digital signatures provide? (Choose three.)

Integrity

Confidentiality

Non-repudiation

Authenticity

Availability

Digital signatures provide three security services: integrity, non-repudiation, and authenticity.

Integrity ensures that the data has not been tampered with during transmission or storage. Non-repudiation ensures that the sender cannot deny sending the message, providing evidence of the origin of the message. Authenticity verifies the identity of the sender, ensuring that the message comes from the claimed source. Confidentiality and availability are not provided by digital signatures.

Explanation

Digital signatures provide three security services: integrity, non-repudiation, and authenticity.

Integrity ensures that the data has not been tampered with during transmission or storage. Non-repudiation ensures that the sender cannot deny sending the message, providing evidence of the origin of the message. Authenticity verifies the identity of the sender, ensuring that the message comes from the claimed source. Confidentiality and availability are not provided by digital signatures.

Submit

86. Which four encryption protocols and protective algorithms are identified in the NSA Suite B specification? (Choose four.)

AES

MD5

ECDSA

ECDH

3DES

SHA-2 (SHA-256 and SHA-384)

Diffie-Hellman Group5

The NSA Suite B specification identifies four encryption protocols and protective algorithms, which are AES, ECDSA, ECDH, and SHA-2 (SHA-256 and SHA-384). These protocols and algorithms are considered secure and recommended by the NSA for use in cryptographic applications. AES (Advanced Encryption Standard) is a symmetric encryption algorithm widely used for data encryption. ECDSA (Elliptic Curve Digital Signature Algorithm) is a digital signature algorithm based on elliptic curve cryptography. ECDH (Elliptic Curve Diffie-Hellman) is a key exchange algorithm based on elliptic curve cryptography. SHA-2 (SHA-256 and SHA-384) are secure hash algorithms used for data integrity and authentication.

Explanation

The NSA Suite B specification identifies four encryption protocols and protective algorithms, which are AES, ECDSA, ECDH, and SHA-2 (SHA-256 and SHA-384). These protocols and algorithms are considered secure and recommended by the NSA for use in cryptographic applications. AES (Advanced Encryption Standard) is a symmetric encryption algorithm widely used for data encryption. ECDSA (Elliptic Curve Digital Signature Algorithm) is a digital signature algorithm based on elliptic curve cryptography. ECDH (Elliptic Curve Diffie-Hellman) is a key exchange algorithm based on elliptic curve cryptography. SHA-2 (SHA-256 and SHA-384) are secure hash algorithms used for data integrity and authentication.

Submit

87. Which one do you like?

Sender’s private key

Sender’s shared key

Sender’s public key

Sender’s digital signature

The sender's public key is the correct answer because it is used in asymmetric encryption systems to encrypt data that can only be decrypted by the corresponding private key held by the receiver. This ensures secure communication as only the intended recipient can decrypt and access the message. The public key is freely shared and does not need to be kept secret, making it suitable for encryption purposes.

Explanation

The sender's public key is the correct answer because it is used in asymmetric encryption systems to encrypt data that can only be decrypted by the corresponding private key held by the receiver. This ensures secure communication as only the intended recipient can decrypt and access the message. The public key is freely shared and does not need to be kept secret, making it suitable for encryption purposes.

88. Which three are valid HTTP request methods? (Choose three.)

GET

PUT

FETCH

HEAD

QUIT

The question is asking for valid HTTP request methods. The HTTP request methods are used to indicate the desired action to be performed on a resource. The correct answer is GET, PUT, and HEAD. GET is used to retrieve data from a server, PUT is used to update or create a resource on a server, and HEAD is used to retrieve only the headers of a response without the actual content. FETCH and QUIT are not valid HTTP request methods.

Explanation

The question is asking for valid HTTP request methods. The HTTP request methods are used to indicate the desired action to be performed on a resource. The correct answer is GET, PUT, and HEAD. GET is used to retrieve data from a server, PUT is used to update or create a resource on a server, and HEAD is used to retrieve only the headers of a response without the actual content. FETCH and QUIT are not valid HTTP request methods.

Submit

89. Which one of the following methods allows you to verify entity authentication, data integrity, and authenticity of communications, without encrypting the actual data?

Both parties calculate an authenticated MD5 hash value of the data accompanying the message—one party uses the private key, while the other party uses the public key.

Both parties calculate a CRC32 of the data before and after transmission of the message.

Both parties obfuscate the data with XOR and a known key before and after transmission of the message.

Both parties to the communication use the same secret key to produce a message authentication code to accompany the message.

The correct answer is that both parties to the communication use the same secret key to produce a message authentication code to accompany the message. This method allows for the verification of entity authentication, data integrity, and authenticity of communications without encrypting the actual data. By using a secret key, both parties can generate a message authentication code that can be used to verify the integrity and authenticity of the message. This method does not encrypt the data itself, but rather provides a way to ensure that the data has not been tampered with during transmission.

Explanation

The correct answer is that both parties to the communication use the same secret key to produce a message authentication code to accompany the message. This method allows for the verification of entity authentication, data integrity, and authenticity of communications without encrypting the actual data. By using a secret key, both parties can generate a message authentication code that can be used to verify the integrity and authenticity of the message. This method does not encrypt the data itself, but rather provides a way to ensure that the data has not been tampered with during transmission.

90. Match the SMTP client reply codes with their function.

2XX

3XX

4XX

5XX

Submit

91. Which three of the following options are uses for the utility nslookup? (Choose three.)

Display the default DNS server

Display owner information about a domain

Query DNS servers for A records

Display the default DNS server

The utility nslookup is used to query DNS servers for A records, which are used to map domain names to IP addresses. It can also be used to display the default DNS server, which is the server that is used by default for DNS queries.

Explanation

The utility nslookup is used to query DNS servers for A records, which are used to map domain names to IP addresses. It can also be used to display the default DNS server, which is the server that is used by default for DNS queries.

Submit

92. Which of the following two options are impacts of cryptography on security investigations? (Choose two.)

Cryptographic attacks can be used to find a weakness in the cryptographic algorithms.

All the employee's SSL/TLS outbound traffic should be decrypted and inspected since it requires minimal resources on the security appliance.

With the increased legitimate usage of HTTPS traffic, attackers have taken advantage of this blind spot to launch attacks over HTTPS more than ever before.

Encryption does not pose a threat to the ability of law enforcement authorities to gain access to information for investigating and prosecuting cybercriminal activities.

The first option states that cryptographic attacks can be used to find weaknesses in cryptographic algorithms. This means that attackers can exploit vulnerabilities in encryption methods to gain unauthorized access to encrypted data. The second option explains that with the rise in legitimate usage of HTTPS traffic, attackers have found an opportunity to launch attacks over HTTPS, which was previously considered a secure protocol. Both of these options highlight the negative impacts of cryptography on security investigations, as they demonstrate how encryption can be exploited by attackers to compromise security measures.

Explanation

The first option states that cryptographic attacks can be used to find weaknesses in cryptographic algorithms. This means that attackers can exploit vulnerabilities in encryption methods to gain unauthorized access to encrypted data. The second option explains that with the rise in legitimate usage of HTTPS traffic, attackers have found an opportunity to launch attacks over HTTPS, which was previously considered a secure protocol. Both of these options highlight the negative impacts of cryptography on security investigations, as they demonstrate how encryption can be exploited by attackers to compromise security measures.

Submit

93. Which option can lead to an SQL injection attack?

Insufficient user input validation

Running a database in debugging mode

Using GET method instead of POST method when submitting a web form

Using * in a SELECT statement

A SQL injection attack involves the alteration of SQL statements that are used within a web application by using attacker-supplied data. Insufficient input validation in web applications can expose them to SQL injection attacks

Explanation

A SQL injection attack involves the alteration of SQL statements that are used within a web application by using attacker-supplied data. Insufficient input validation in web applications can expose them to SQL injection attacks

94. Which five of the following options does the process of key management deal with? (Choose five.)

Destruction of keys

Identification

Storage

Subject identity

Secure generation

Verification

Exchange

Matching

The process of key management deals with various aspects of handling cryptographic keys. It involves the destruction of keys to ensure they cannot be used again, the secure generation of new keys, the storage of keys in a secure manner, the verification of keys to ensure their authenticity, and the exchange of keys between parties involved in the communication. These activities are crucial for maintaining the security and integrity of cryptographic systems.

Explanation

The process of key management deals with various aspects of handling cryptographic keys. It involves the destruction of keys to ensure they cannot be used again, the secure generation of new keys, the storage of keys in a secure manner, the verification of keys to ensure their authenticity, and the exchange of keys between parties involved in the communication. These activities are crucial for maintaining the security and integrity of cryptographic systems.

Submit

95. Which four of the following information is included in sets of cryptographic algorithms that are defined by an SSL/TLS cipher suite? (Choose four.)

Authentication and key exchange algorithms

Public key version and type

Encryption algorithm

Peer IP address information

Message authentication code algorithm

The PRF

The information included in sets of cryptographic algorithms defined by an SSL/TLS cipher suite includes authentication and key exchange algorithms, encryption algorithm, message authentication code algorithm, and the PRF. These algorithms are essential for establishing secure communication and ensuring the confidentiality, integrity, and authenticity of the data transmitted over the network. Peer IP address information and public key version and type are not typically included in the cryptographic algorithms defined by an SSL/TLS cipher suite.

Explanation

The information included in sets of cryptographic algorithms defined by an SSL/TLS cipher suite includes authentication and key exchange algorithms, encryption algorithm, message authentication code algorithm, and the PRF. These algorithms are essential for establishing secure communication and ensuring the confidentiality, integrity, and authenticity of the data transmitted over the network. Peer IP address information and public key version and type are not typically included in the cryptographic algorithms defined by an SSL/TLS cipher suite.

Submit

96. Which two statements are true about DDNS? (Choose two.)

Attackers dislike using DDNS due to its inflexibility.

DDNS is a popular choice for home users who wish to host a website.

Clients often use DHCP to communicate to the DDNS provider.

DDNS is useful in residential networks because the IP subnets don’t change.

DDNS is often used by attackers for CnC servers.

DDNS is a popular choice for home users who wish to host a website because it allows them to associate a domain name with their dynamic IP address, ensuring that their website remains accessible even if their IP address changes. Additionally, DDNS is often used by attackers for Command and Control (CnC) servers because it allows them to maintain a stable domain name for their malicious activities, even if their IP address changes.

Explanation

DDNS is a popular choice for home users who wish to host a website because it allows them to associate a domain name with their dynamic IP address, ensuring that their website remains accessible even if their IP address changes. Additionally, DDNS is often used by attackers for Command and Control (CnC) servers because it allows them to maintain a stable domain name for their malicious activities, even if their IP address changes.

Submit

97. The vulnerability assessment process typically includes which four activities? (Choose four.)

Device discovery

Service enumeration

Patching the software and firmware

Scanning

Validation

Reimaging the infected hosts

Device Discovery | Service Enumeration | Scanning | Validation

The table that is shown above highlights some activities that are performed during the vulnerability assessment process.

The objective of a vulnerability assessment is to ensure that the network and the information systems are tested for security vulnerabilities in a consistent and repeatable manner.

Explanation

Device Discovery | Service Enumeration | Scanning | Validation

The table that is shown above highlights some activities that are performed during the vulnerability assessment process.

The objective of a vulnerability assessment is to ensure that the network and the information systems are tested for security vulnerabilities in a consistent and repeatable manner.

Submit

98. Which three are reasons for using HTTPS? (Choose three.)

For the web server to authenticate the browser using an EAP method

To encrypt the data that is sent between the browser and the web server

To ensure the identity, trust, and validity of the web server

To avoid detection when used to transport the attack CnC traffic

To ensure that the data that is sent between the browser and the web server cannot be decrypted then re-encrypted by a man-in-the-middle

The correct answer for this question is to encrypt the data that is sent between the browser and the web server, to ensure the identity, trust, and validity of the web server, and to avoid detection when used to transport the attack CnC traffic. These are the three reasons for using HTTPS. HTTPS encrypts the data to protect it from being intercepted and accessed by unauthorized individuals. It also ensures the identity, trust, and validity of the web server, preventing any unauthorized or malicious entities from impersonating the server. Additionally, using HTTPS can help avoid detection when transporting attack CnC (Command and Control) traffic, making it more difficult for security systems to detect and block such activities.

Explanation

The correct answer for this question is to encrypt the data that is sent between the browser and the web server, to ensure the identity, trust, and validity of the web server, and to avoid detection when used to transport the attack CnC traffic. These are the three reasons for using HTTPS. HTTPS encrypts the data to protect it from being intercepted and accessed by unauthorized individuals. It also ensures the identity, trust, and validity of the web server, preventing any unauthorized or malicious entities from impersonating the server. Additionally, using HTTPS can help avoid detection when transporting attack CnC (Command and Control) traffic, making it more difficult for security systems to detect and block such activities.

Submit

99. Which three apply to XSS? (Choose three.)

Malicious scripts are injected into web pages and executed on the client side.

A web application processes an attacker’s request using the victim’s authenticated session.

Scripting languages used by XSS have security weaknesses.

Clicking an infected link causes a malicious script to run in a background process.

XSS stands for Cross-Site Scripting, which is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. These scripts are then executed on the client side, allowing the attacker to steal information, manipulate content, or perform other malicious actions. XSS exploits security weaknesses in scripting languages used by web applications, making them vulnerable to these attacks. Clicking on an infected link can trigger the execution of a malicious script in the background, further compromising the security of the user's system.

Explanation

XSS stands for Cross-Site Scripting, which is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. These scripts are then executed on the client side, allowing the attacker to steal information, manipulate content, or perform other malicious actions. XSS exploits security weaknesses in scripting languages used by web applications, making them vulnerable to these attacks. Clicking on an infected link can trigger the execution of a malicious script in the background, further compromising the security of the user's system.

Submit

100. Why is using ECDHE_ECDSA stronger than using RSA?

ECDHE_ECDSA uses a pseudorandom function to generate the keying materials.

ECDHE_ECDSA provides both data authenticity and confidentiality.

ECDHE_ECDSA uses a much larger key size.

If the server's private key is later compromised, all the prior TLS handshakes that are done using the cipher suite cannot be compromised.

Using ECDHE_ECDSA is stronger than using RSA because if the server's private key is compromised, all previous TLS handshakes using the cipher suite cannot be compromised. This means that even if the private key is exposed, the confidentiality and authenticity of the data exchanged in previous communications remain intact. In contrast, if RSA is used and the private key is compromised, all previous communications can be decrypted, potentially compromising the security of the system.

Explanation

Using ECDHE_ECDSA is stronger than using RSA because if the server's private key is compromised, all previous TLS handshakes using the cipher suite cannot be compromised. This means that even if the private key is exposed, the confidentiality and authenticity of the data exchanged in previous communications remain intact. In contrast, if RSA is used and the private key is compromised, all previous communications can be decrypted, potentially compromising the security of the system.

101. Content Review Question Which two of the following options are two key factors in determining the key length requirement? (Choose two.)

Data that is more sensitive and needs to be kept secret longer must use longer keys.

Choose the key length according to the type of encryption algorithm that is to be used.

Key length depends on the support of the device that will be using the key.

You should choose the key length so that it protects data confidentiality or integrity for an adequate time.

You should choose the key length so that it protects data confidentiality or integrity for an adequate time. Data that is more sensitive and needs to be kept secret longer must use longer keys.

Explanation

You should choose the key length so that it protects data confidentiality or integrity for an adequate time. Data that is more sensitive and needs to be kept secret longer must use longer keys.

Submit

102. Which two statements best explain why domain shadowing is difficult to detect? (Choose two.)

The created subdomains are numerous, short lived, and random, with no discernible patterns.

The attacker gains admin access to a legitimate domain, and uses that legitimate domain to register many shady subdomains.

The attacker rapidly rotates a single domain to a large list of IP addresses, to avoid detection.

The exploit kit landing page subdomains are usually active for a long time and branched into using both third-level and fourth-level domains (for example, brandmuellergeifiseer.astarentals.co.uk).

Domain shadowing is difficult to detect because the created subdomains are numerous, short-lived, and random, with no discernible patterns. This makes it challenging for security systems to identify and track these subdomains. Additionally, the attacker gains admin access to a legitimate domain and uses it to register many shady subdomains, further complicating detection as the subdomains appear to be associated with a legitimate source.

Explanation

Domain shadowing is difficult to detect because the created subdomains are numerous, short-lived, and random, with no discernible patterns. This makes it challenging for security systems to identify and track these subdomains. Additionally, the attacker gains admin access to a legitimate domain and uses it to register many shady subdomains, further complicating detection as the subdomains appear to be associated with a legitimate source.

Submit

103. Match the DNS resource records with the proper description

maps hostnames to IPv6 address

maps hostnames to IPv4 address

maps IP address to hostname

identifies the name servers for a zone

maps mail servers to domain

used to specify that a domain name is an alias for another domain name, which is the "canonical" domain name

A record: Used to map host names to the IPv4 address of the host. In an A record, multiple IP addresses can correspond to a single host name. There can also be multiple host names each of which maps to the same IP address. There must be a valid A record in the DNS for the host.domain.name in order for a command, such as telnet host.domain.name, to work.

AAAA record: AAAA is used to map hostnames to the IPv6 address of the host.

MX record: MX maps a domain name to a list of mail servers for that domain.

PTR record: A PTR points to a canonical name. The most common use is for implementing reverse DNS lookups, mapping an IP address to the hostname.

NS record: An NS record identifies the DNS servers that are responsible (authoritative) for a zone.

CNAME record: A CNAME record is used to specify that a domain name is an alias for another domain name, which is the "canonical" domain name.

Explanation

A record: Used to map host names to the IPv4 address of the host. In an A record, multiple IP addresses can correspond to a single host name. There can also be multiple host names each of which maps to the same IP address. There must be a valid A record in the DNS for the host.domain.name in order for a command, such as telnet host.domain.name, to work.

AAAA record: AAAA is used to map hostnames to the IPv6 address of the host.

MX record: MX maps a domain name to a list of mail servers for that domain.

PTR record: A PTR points to a canonical name. The most common use is for implementing reverse DNS lookups, mapping an IP address to the hostname.

NS record: An NS record identifies the DNS servers that are responsible (authoritative) for a zone.

CNAME record: A CNAME record is used to specify that a domain name is an alias for another domain name, which is the "canonical" domain name.

Submit

104. Which three are valid fields in the Set-Cookie HTTP header? (Choose three.)

Expires

Domain

Session

Path

Encrypted

The Set-Cookie HTTP header is used to set a cookie on the client's browser. The Expires field specifies the date and time when the cookie will expire and be deleted. The Domain field specifies the domain to which the cookie should be sent. The Path field specifies the URL path for which the cookie is valid. Therefore, Expires, Domain, and Path are all valid fields in the Set-Cookie HTTP header.

Explanation

The Set-Cookie HTTP header is used to set a cookie on the client's browser. The Expires field specifies the date and time when the cookie will expire and be deleted. The Domain field specifies the domain to which the cookie should be sent. The Path field specifies the URL path for which the cookie is valid. Therefore, Expires, Domain, and Path are all valid fields in the Set-Cookie HTTP header.

Submit

105. What are three valid fields in a DNS resource record? (Choose three.)

RDATA

PTR

AAAA

TTL

CLASS

RDATA is a valid field in a DNS resource record. RDATA stands for Resource Data and it contains the specific information associated with the resource record, such as the IP address for an A record or the domain name for a CNAME record. The RDATA field is essential for mapping domain names to their corresponding IP addresses.

Explanation

RDATA is a valid field in a DNS resource record. RDATA stands for Resource Data and it contains the specific information associated with the resource record, such as the IP address for an A record or the domain name for a CNAME record. The RDATA field is essential for mapping domain names to their corresponding IP addresses.

106. In what two ways does the pass-the-hash attack allow an attacker to gain access to workstations, servers, and key services? (Choose two.)

Servers use the passed hash directly rather than computing a local version of the same password to make password hashing more efficient.

These attacks allow attackers to take advantage of other systems' horizontal acknowledgement of user permissions without requiring re-authentication.

All systems store passwords as hashes which can be interchanged among systems regardless of hashing algorithm.

Many systems will accept a hash of the user password allowing the captured hash to be used for authentication.

All hash technologies have been reversed with publicly available rainbow tables for all hashes, giving attackers an easy ability to reverse any hash.

The pass-the-hash attack allows an attacker to gain access to workstations, servers, and key services in two ways. Firstly, these attacks take advantage of other systems' horizontal acknowledgement of user permissions without requiring re-authentication. This means that once the attacker has gained access to one system, they can use the captured hash to authenticate themselves on other systems without needing to provide credentials again. Secondly, many systems will accept a hash of the user password for authentication. This means that if the attacker captures the hash of a user's password, they can use it directly to authenticate themselves on the system without needing the actual password.

Explanation

The pass-the-hash attack allows an attacker to gain access to workstations, servers, and key services in two ways. Firstly, these attacks take advantage of other systems' horizontal acknowledgement of user permissions without requiring re-authentication. This means that once the attacker has gained access to one system, they can use the captured hash to authenticate themselves on other systems without needing to provide credentials again. Secondly, many systems will accept a hash of the user password for authentication. This means that if the attacker captures the hash of a user's password, they can use it directly to authenticate themselves on the system without needing the actual password.

Submit

107. Which three describe what happens when a compromised system that is used for malware operation is discovered and taken down? (Choose three.)

The malware downloader may be unable to retrieve its payload.

The malware may attempt to use a different compromised system to download malicious payload.

Malware communication with the CnC server may stop.

The malware may inform the CnC center that a compromised system has been discovered and the entire operation should be aborted.

When a compromised system used for malware operation is discovered and taken down, three things may happen. Firstly, the malware downloader may be unable to retrieve its payload, as the compromised system has been removed from operation. Secondly, the malware may attempt to use a different compromised system to download the malicious payload, in order to continue its operation. Lastly, the communication between the malware and the Command and Control (CnC) server may stop, as the compromised system is no longer active.

Explanation

When a compromised system used for malware operation is discovered and taken down, three things may happen. Firstly, the malware downloader may be unable to retrieve its payload, as the compromised system has been removed from operation. Secondly, the malware may attempt to use a different compromised system to download the malicious payload, in order to continue its operation. Lastly, the communication between the malware and the Command and Control (CnC) server may stop, as the compromised system is no longer active.

108. Match the operation to its correct order in the email process.

1

2

3

4

5

6

Submit

109. Put the following SSH connection steps in order:

Step 1

Step 2

Step 3

Step 4

Step 5

Submit

110. Which three are important distinctions of HTTP? (Choose three.)

Cookie information is sent in the URL.

Cookie information is sent in the URI.

Cookie information is sent in the response header.

Cookie information is sent in the request header.

Cookie information is sent in the request body.

Cookie information is sent in the response body.

Cookie information is sent via the response codes.

Cookie information is always private and encrypted.

Cookie information is stored on the client’s browser.

The correct answer is that cookie information is sent in the response header, cookie information is sent in the request header, and cookie information is stored on the client's browser. Cookies are small pieces of data that are stored on the client's browser and are used to track user activity and personalize the browsing experience. When a server sends a response to a client, it can include a Set-Cookie header to send cookie information to be stored on the client's browser. When the client makes subsequent requests to the server, it includes the stored cookie information in the request header.

Explanation

The correct answer is that cookie information is sent in the response header, cookie information is sent in the request header, and cookie information is stored on the client's browser. Cookies are small pieces of data that are stored on the client's browser and are used to track user activity and personalize the browsing experience. When a server sends a response to a client, it can include a Set-Cookie header to send cookie information to be stored on the client's browser. When the client makes subsequent requests to the server, it includes the stored cookie information in the request header.

Submit

111. Which one of the following statements best describes a command injection attack?

The goal of a command injection attack is to exfiltrate data on the web server's operating system via a vulnerable web application.

The goal of a command injection attack is to execute arbitrary commands on the web server's OS via a vulnerable web application.

The user enters arbitrary commands on the web server's OS via a vulnerable web application.

The goal of a command injection attack is to execute arbitrary commands on the mail server.

A command injection attack refers to a type of security vulnerability in a web application where an attacker can execute arbitrary commands on the web server's operating system. This can be achieved by exploiting a vulnerability in the web application that allows the attacker to inject malicious commands into user input fields or parameters. The attacker's goal is to manipulate the web application in such a way that it executes their malicious commands, which can lead to unauthorized access, data exfiltration, or even complete control over the web server.

Explanation

A command injection attack refers to a type of security vulnerability in a web application where an attacker can execute arbitrary commands on the web server's operating system. This can be achieved by exploiting a vulnerability in the web application that allows the attacker to inject malicious commands into user input fields or parameters. The attacker's goal is to manipulate the web application in such a way that it executes their malicious commands, which can lead to unauthorized access, data exfiltration, or even complete control over the web server.

112. Which two statements are true regarding an attacker who is performing a "pass-the-hash" attack? (Choose two.)

The attacker knows the actual password.

The attacker does not know the actual password.

The attacker has control over the victim’s machine.

The attacker performs a brute-force computation of the hash.

An attacker performing a "pass-the-hash" attack does not know the actual password. Instead, they obtain the hashed password from the victim's machine and use it to gain unauthorized access to other systems. The attacker may perform a brute-force computation of the hash, trying different combinations until they find a match. This allows them to bypass the need for the actual password and gain control over the victim's machine or other systems.

Explanation

An attacker performing a "pass-the-hash" attack does not know the actual password. Instead, they obtain the hashed password from the victim's machine and use it to gain unauthorized access to other systems. The attacker may perform a brute-force computation of the hash, trying different combinations until they find a match. This allows them to bypass the need for the actual password and gain control over the victim's machine or other systems.

Submit

113. Match the following

200

301

302

307

401

403

404

407

500

Submit

114. What three changes have occurred in modern networks that require enhanced security? (Choose three.)

Modern networks utilize a common set of widely known and open protocols.

The use of common operating systems on smart phones such as Apple iOS and Android has provided attackers with simpler means to instigate targeted attacks.

Fault tolerance and backup systems provide threat actors easy access to system resources and data.

The global connectivity of the Internet provides more opportunities for threat actors to connect to information systems.

The increased complexity of operating systems and application software has made it more difficult to ensure security across all systems.

The first change that requires enhanced security is the use of common set of widely known and open protocols in modern networks. This increases the risk of attacks as attackers are familiar with these protocols and can exploit their vulnerabilities. The second change is the global connectivity of the Internet, which provides more opportunities for threat actors to connect to information systems and launch attacks from anywhere in the world. The third change is the increased complexity of operating systems and application software, which makes it more difficult to ensure security across all systems as there are more potential vulnerabilities to address.

Explanation

The first change that requires enhanced security is the use of common set of widely known and open protocols in modern networks. This increases the risk of attacks as attackers are familiar with these protocols and can exploit their vulnerabilities. The second change is the global connectivity of the Internet, which provides more opportunities for threat actors to connect to information systems and launch attacks from anywhere in the world. The third change is the increased complexity of operating systems and application software, which makes it more difficult to ensure security across all systems as there are more potential vulnerabilities to address.

Submit

CCNA Cyber Ops (210-250 Secfnd)