25-4-2019 Cybersecurity Essentials 1.

1 Chapter 5 Quiz Answers 100% 2018 - Premium IT Exam & Certified

This quiz covers the content in Cybersecurity Essentials 1.1 Chapter 5. It is designed to provide an additional opportunity to practice the
skills and knowledge presented in the chapter and to help prepare for the final quiz.

1. What is a strength of using a hashing function?

It is a one-way function and not reversible.
It is not commonly used in security.
Two different files can be created that have the same output.
It has a variable length output.
It can take only a fixed length message.
Explanation:

Understanding the properties of a hash

function shows its applicability such as one-
way function, arbitrary input length, and
fixed output.

2. A user is instructed by a boss to find a better method to secure passwords in transit. The user has

m
researched several means to do so and has settled on using HMAC. What are the key elements

er as
needed to implement HMAC?

co
secret key and message digest

eH w
symmetric key and asymmetric key
IPsec and checksum

o.
message digest and asymmetric key
rs e
Explanation:
ou urc
HMAC implementation is a secret key
added to a hash.
o

3. Which method tries all possible passwords until a match is found?

aC s

rainbow tables
vi y re

brute force
cloud
cryptographic
birthday
dictionary
ed d

Explanation:
ar stu

Two common methods of cracking hashes

are dictionary and brute force. Given time,
the brute force method will always crack a
password.
is

4.
Th
sh

An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The
investigator takes the USB drive and creates a forensic image of it and takes a hash of both the
original USB device and the image that was created. What is the investigator attempting to prove
about the USB drive when the evidence is submitted in court?
The data in the image is an exact copy and nothing has been altered by the process.
An exact copy cannot be made of a device.
The investigator found a USB drive and was able to make a copy of it.
The data is all there.
Explanation:

A hash function ensures the integrity of a

program, file, or device.

5. What are three type of attacks that are preventable through the use of salting? (Choose three.)
https://www.coursehero.com/file/44916114/Cybersecurity-Essentials-11-Chapter-5-Quiz-Answers-100-2018-Premium-IT-Exam-Certifiedpdf/
lookup tables

https://www.premiumexam.com/cybersecurity-essentials-1-1/cybersecurity-essentials-1-1-chapter-5-quiz-answers-100-2018/ 1/5
25-4-2019 Cybersecurity Essentials 1.1 Chapter 5 Quiz Answers 100% 2018 - Premium IT Exam & Certified
phishing
reverse lookup tables
rainbow tables
guessing
social engineering
shoulder surfing
Explanation:

Salting makes precomputed tables

ineffective because of the random string
that is used.

6. A user has been asked to implement IPsec for inbound external connections. The user plans to use
SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the
connection. What security tool can the user use?
ISAKMP
MD5
HMAC
SHA256
Explanation:

HMAC provides the additional feature of a

secret key to ensure integrity and
authentication.

m
er as
7. A user downloads an updated driver for a video card from a website. A warning message pops up

co
saying the driver is not approved. What does this piece of software lack?

eH w
code recognition

o.
digital signature rs e
source code
ou urc
valid ID
Explanation:

Code signing is a method of verifying code

integrity
o
aC s

8. What is the purpose of CSPRNG?

vi y re

to prevent a computer from being a zombie

to secure a web site
to process hash lookups
to generate salt
ed d

Explanation:
ar stu

Salting prevents someone from using a

dictionary attack to guess a password.
Cryptographically Secure Pseudo-Random
Number Generator (CSPRNG) is one way
(and the best way) to generate salt.
is

9. A user has created a new program and wants to distribute it to everyone in the company. The user
Th

wants to ensure that when the program is downloaded that the program is not changed while in
transit. What can the user do to ensure that the program is not changed when downloaded?
Turn off antivirus on all the computers.
sh

Encrypt the program and require a password after it is downloaded.

Install the program on individual computers.
Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.
Distribute the program on a thumb drive.
Explanation:

Hashing is a method to ensure integrity and

ensures that the data is not changed.

10. A recent email sent throughout the company stated that there would be a change in security policy.
The security officer who was presumed to have sent the message stated the message was not sent
from the security office and the company may be a victim of a spoofed email. What could have been
added to the message to ensure the message actually came from the person?
hashing
digital signature
non-repudiation
https://www.coursehero.com/file/44916114/Cybersecurity-Essentials-11-Chapter-5-Quiz-Answers-100-2018-Premium-IT-Exam-Certifiedpdf/
asymmetric key

https://www.premiumexam.com/cybersecurity-essentials-1-1/cybersecurity-essentials-1-1-chapter-5-quiz-answers-100-2018/ 2/5
25-4-2019 Cybersecurity Essentials 1.1 Chapter 5 Quiz Answers 100% 2018 - Premium IT Exam & Certified
Explanation:

Digital signatures ensures non-repudiation

or the ability not to deny that a specific
person sent a message.

11. A recent breach at a company was traced to the ability of a hacker to access the corporate database
through the company website by using malformed data in the login form. What is the problem with the
company website?
lack of operating system patching
poor input validation
bad usernames
weak encryption
Explanation:

The ability to pass malformed data through

a website is a form of poor input validation.

12. What are three validation criteria used for a validation rule? (Choose three.)
encryption
type
range
size

m
key

er as
format

co
Explanation:

eH w
Criteria used in a validation rule include
format, consistency, range, and check digit.

o.
13.
rs e
A user is connecting to an e-commerce server to buy some widgets for a company. The user connects
ou urc
to the site and notices there is no lock in the browser security status bar. The site does prompt for a
username and password and the user is able to log in. What is the danger in proceeding with this
transaction?
o

The user is using the wrong browser to perform the transaction.

aC s

The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.
The certificate from the site has expired, but is still secure.
vi y re

Ad blocker software is preventing the security bar from working properly, and thus there is no danger with the transaction.
Explanation:

The lock in the browser window ensures a

secure connection is being established and
ed d

is not blocked by browser add-ons.

ar stu

14. Identify three situations in which the hashing function can be applied. (Choose three.)
PKI
IPsec
is

CHAP
DES
Th

PPoE
WPA
Explanation:

Three situations where a hash function

sh

could be used are as follows:

When IPsec is being used

When routing authentication is enabled
In challenge responses within protocols
such as PPP CHAP
Within digitally signed contracts and PKI
certificates

15. What is the standard for a public key infrastructure to manage digital certificates?
x.509
PKI
NIST-SP800
x.503
Explanation:

The x.509 standard is for a PKI

https://www.coursehero.com/file/44916114/Cybersecurity-Essentials-11-Chapter-5-Quiz-Answers-100-2018-Premium-IT-Exam-Certifiedpdf/
infrastructure and x.500 if for directory

https://www.premiumexam.com/cybersecurity-essentials-1-1/cybersecurity-essentials-1-1-chapter-5-quiz-answers-100-2018/ 3/5
25-4-2019 Cybersecurity Essentials 1.1 Chapter 5 Quiz Answers 100% 2018 - Premium IT Exam & Certified
structures.

16. A user is evaluating the security infrastructure of a company and notices that some authentication
systems are not using best practices when it comes to storing passwords. The user is able to crack
passwords very fast and access sensitive data. The user wants to present a recommendation to the
company on the proper implementation of salting to avoid password cracking techniques. What are
three best practices in implementing salting? (Choose three.)
Salts should be short.
The same salt should be used for each password.
A salt should not be reused.
A salt must be unique.
Salts are not an effective best practice.
A salt should be unique for each password.
Explanation:

Salting needs to be unique and not reused.

Doing the opposite will cause passwords to
be cracked easily.

17. A user is the database administrator for a company. The user has been asked to implement an
integrity rule that states every table must have a primary key and that the column or columns chosen
to be the primary key must be unique and not null. Which integrity requirement is the user

m
implementing?

er as
referential integrity

co
domain integrity

eH w
anomaly integrity
entity integrity

o.
Explanation: rs e
There are three major database integrity
ou urc
requirements: entity, referential, and domain
integrity.

18. What are three NIST-approved digital signature algorithms? (Choose three.)
o

ECDSA
aC s

RSA
vi y re

SHA256
MD5
DSA
SHA1
Explanation:
ed d

NIST chooses approved algorithms based

ar stu

on public key techniques and ECC. The

digital signature algorithms approved are
DSA, RSA, and ECDSA.
is

19. Alice and Bob use the same password to login into the company network. This means both would
have the exact same hash for their passwords. What could be implemented to prevent both password
Th

hashes from being the same?

RSA
peppering
salting
sh

pseudo-random generator
Explanation:

A password is stored as a combination of

both a hash and a salt.

20. What is the step by step process for creating a digital signature?
Create a SHA-1 hash; encrypt the hash with the private key of the sender; and bundle the message, encrypted hash, and public
key together to signed document.
Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and
public key together in order to sign the document.
Create a message; encrypt the message with a MD5 hash; and send the bundle with a public key.
Create a message digest; encrypt the digest with the public key of the sender; and bundle the message, encrypted digest, and
public key together to sign the document.
Explanation:

In order to create a digital signature, the

https://www.coursehero.com/file/44916114/Cybersecurity-Essentials-11-Chapter-5-Quiz-Answers-100-2018-Premium-IT-Exam-Certifiedpdf/
following steps must be taken:
https://www.premiumexam.com/cybersecurity-essentials-1-1/cybersecurity-essentials-1-1-chapter-5-quiz-answers-100-2018/ 4/5
 25-4-2019 Cybersecurity Essentials 1.1 Chapter 5 Quiz Answers 100% 2018 - Premium IT Exam & Certified
1. The message and message digest are
created.
2. The digest and private key are
encrypted.
3. The message, encrypted message
digest, and public key are bundled to
create the signed document.

m
er as
co
eH w
o.
rs e
ou urc
o
aC s
vi y re
ed d
ar stu
is
Th
sh

https://www.coursehero.com/file/44916114/Cybersecurity-Essentials-11-Chapter-5-Quiz-Answers-100-2018-Premium-IT-Exam-Certifiedpdf/

https://www.premiumexam.com/cybersecurity-essentials-1-1/cybersecurity-essentials-1-1-chapter-5-quiz-answers-100-2018/ 5/5
Powered by TCPDF (www.tcpdf.org)