Quiz Chapter 9-10 CCNA CyberOps Version 1.1 Answers

1. If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it?
a private key

2. Which IETF standard defines the PKI digital certificate format?
X.509

3. Which statement describes the use of hashing?
Hashing can be used to detect accidental changes, but does not protect against deliberate changes.

4. What is the purpose of the DH algorithm?
to generate a shared secret between two hosts that have not communicated before

5. Fill in the blank.
The SHA-224, SHA-256, SHA-384, and SHA-512 hash functions are known collectively as SHA-2 algorithms.

6. Alice and Bob want to use a CA authentication procedure to authenticate each other. What must be obtained first?
CA self-signed certificate

7. Which two statements correctly describe certificate classes used in the PKI? (Choose two.)
A class 0 certificate is for testing purposes.
A class 4 certificate is for online business transactions between companies.

8. What is the purpose of code signing?
integrity of source .EXE files

9. In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?
from the root CA or another subordinate CA at a higher level

10. Which cryptographic technique provides both data integrity and nonrepudiation?
HMAC

11. Which objective of secure communications is achieved by encrypting data?
Confidentiality

12. Which algorithm can ensure data confidentiality?
AES

13. What are two symmetric encryption algorithms? (Choose two.)
3DES
AES

14. Refer to the exhibit of a partial window within the Windows operating system. What type of cryptographic process is shown?
digital signature

15.In profiling a server, what defines what an application is allowed to do or run on a server?
service accounts

16. In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?
risk reduction

17. In network security assessments, which type of test is used to evaluate the risk posed by vulnerabilities to a specific organization including assessment of the likelihood of attacks and the impact of successful exploits on the organization?
risk analysis

18. Which antimalware software approach can recognize various characteristics of known malware files to detect a threat?
signature-based

19. Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?
Exploitability

20. As described by the SANS Institute, which attack surface includes the exploitation of vulnerabilities in wired and wireless protocols used by IoT devices?
network attack surface

21. Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?
discover

22. Fill in the blank.

An application blacklist can specify which user applications are not permitted to run on a host.

23. In Windows Firewall, when is the Domain profile applied?
when the host is connected to a trusted network such as an internal business network

24. Which HIDS is an open-source based product?
OSSEC

25. Which regulatory compliance regulation specifies security standards for U.S. government systems and contractors to the U.S. government?
Federal Information Security Management Act of 2002 (FISMA)

26. Which three devices are possible examples of network endpoints? (Choose three.)
sensor
IoT controller
network security camera

27. Which function does CVSS provide?
risk assessment