My NetAcad  Resources  Courses  Careers  About Us      Syed S… 

Home / I'm Learning / Cybersecurity Essentials English 0820 cga

 Cybersecurity Essentials English 0820 cga

Course
Home

Started on Sunday, 9 August 2020, 2:51 PM

 State Finished
Quiz navigation
Grades
Completed on Sunday, 9 August 2020, 2:56 PM 1 2 3 4 5 6 7 8

Time taken 5 mins 2 secs

 Marks 11.00/19.00 9 10 11 12 13 14 15 16
Inbox
Grade 57.89 out of 100.00
17 18 19
Question 1 A security professional is asked to perform an analysis of the current state of a company network. What tool
 would the security professional use to scan the network only for security risks?
Calendar Incorrect
Show one page at a timeFinish review
Mark 0.00 out of
Select one:
1.00
packet analyzer 
Flag
question malware
pentest

vulnerability scanner

Refer to curriculum topic: 8.2.4

Vulnerability scanners are commonly used to scan for the following vulnerabilities:
Use of default passwords or common passwords
Missing patches
Open ports
Misconfiguration of operating systems and software
Active IP addresses
The correct answer is: vulnerability scanner

Question 2 An auditor is asked to assess the LAN of a company for potential threats. What are three potential threats
Correct the auditor may point out? (Choose three.)

Mark 1.00 out of

Select one or more:
1.00
the acceptable use policy
Flag
question a misconfigured firewall 

complex passwords

locked systems

unlocked access to network equipment 

unauthorized port scanning and network probing 

Refer to curriculum topic: 8.1.3

The LAN can have many endpoint devices connected. Analyzing both the network devices and the
endpoints connected is important in determining threats.
The correct answers are: unlocked access to network equipment, unauthorized port scanning and network
probing, a misconfigured firewall

Question 3 As a security professional, there is a possibility to have access to sensitive data and assets. What is one
Correct item a security professional should understand in order to make informed ethical decisions?

Mark 1.00 out of

Select one:
1.00
potential gain
Flag
question cloud providers

laws governing the data 

partnerships

potential bonus

Refer to curriculum topic: 8.2.1

Ethics in the security profession are extremely important because of the sensitivity of the data and assets.
Compliance to government and state requirements is needed in order to make good judgments.
The correct answer is: laws governing the data

Question 4 A school administrator is concerned with the disclosure of student information due to a breach. Under which
Correct act is student information protected?

Mark 1.00 out of

Select one:
1.00
CIPA
Flag
question HIPPA

FERPA 

COPPA

Refer to curriculum topic: 8.2.2

The Family Education Records and Privacy Act (FERPA) prohibits the improper disclosure of personal
education records.
The correct answer is: FERPA

Question 5 An organization has implemented a private cloud infrastructure. The security administrator is asked to
Incorrect secure the infrastructure from potential threats. What three tactics can be implemented to protect the private
cloud? (Choose three.)
Mark 0.00 out of
1.00
Select one or more:
Flag
Disable firewalls.
question
Disable ping, probing, and port scanning.

Test inbound and outbound traffic. 

Hire a consultant. 

Update devices with security fixes and patches. 

Grant administrative rights.

Refer to curriculum topic: 8.1.4

Organizations can manage threats to the private cloud using the following methods:
Disable ping, probing, and port scanning.
Implement intrusion detection and prevention systems.
Monitor inbound IP traffic anomalies.
Update devices with security fixes and patches.
Conduct penetration tests post configuration.
Test inbound and outbound traffic.
Implement a data classification standard.
Implement file transfer monitoring and scanning for unknown file type.
The correct answers are: Disable ping, probing, and port scanning., Test inbound and outbound traffic.,
Update devices with security fixes and patches.

Question 6 What are three disclosure exemptions that pertain to the FOIA? (Choose three.)
Incorrect
Select one or more:
Mark 0.00 out of
1.00
information specifically non-exempt by statue 

Flag
confidential business information
question non-geological information regarding wells

law enforcement records that implicate one of a set of enumerated concerns 

public information from financial institutions

national security and foreign policy information 

Refer to curriculum topic: 8.2.2

The nine Freedom of Information Act (FOIA) exemptions include the following:
1. National security and foreign policy information
2. Internal personnel rules and practices of an agency
3. Information specifically exempted by statute
4. Confidential business information
5. Inter- or intra-agency communication subject to deliberative process, litigation, and other privileges
6. Information that, if disclosed, would constitute a clearly unwarranted invasion of personal privacy
7. Law enforcement records that implicate one of a set of enumerated concerns
8. Agency information from financial institutions
9. Geological and geophysical information concerning wells
The correct answers are: national security and foreign policy information, confidential business information,
law enforcement records that implicate one of a set of enumerated concerns

Question 7 Why is Kali Linux a popular choice in testing the network security of an organization?
Correct
Select one:
Mark 1.00 out of
1.00
It is a network scanning tool that prioritizes security risks.

Flag It is an open source Linux security distribution and contains over 300 tools. 
question It can be used to test weaknesses by using only malicious software.

It can be used to intercept and log network traffic.

Refer to curriculum topic: 8.2.4

Kali is an open source Linux security distribution that is commonly used by IT professionals to test the
security of networks.
The correct answer is: It is an open source Linux security distribution and contains over 300 tools.

Question 8 A company is attempting to lower the cost in deploying commercial software and is considering a cloud
Correct based service. Which cloud based service would be best to host the software?

Mark 1.00 out of

Select one:
1.00
PaaS
Flag
question RaaS

SaaS 

IaaS

Refer to curriculum topic: 8.1.5

Software as a service (SaaS) provides access to software that is centrally hosted and accessed by users via
a web browser on the cloud.
The correct answer is: SaaS

Question 9 Unauthorized visitors have entered a company office and are walking around the building. What two
Correct measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.)

Mark 1.00 out of

Select one or more:
1.00
Establish policies and procedures for guests visiting the building. 
Flag
question Conduct security awareness training regularly. 
Lock cabinets.

Prohibit exiting the building during working hours.

Refer to curriculum topic: 8.1.6

Any unauthorized individual that accesses a facility may pose a potential threat. Common measures to
increase physical security include the following:
Implement access control and closed-circuit TV (CCTV) coverage at all entrances.
Establish policies and procedures for guests visiting the facility.
Test building security using physical means to covertly gain access.
Implement badge encryption for entry access.
Conduct security awareness training regularly.
Implement an asset tagging system.
The correct answers are: Establish policies and procedures for guests visiting the building., Conduct security
awareness training regularly.

Question 10 What are two items that can be found on the Internet Storm Center website? (Choose two.)
Correct
Select one or more:
Mark 1.00 out of
1.00
InfoSec job postings 

Flag InfoSec reports 

question historical information

current laws

Refer to curriculum topic: 8.2.3

The Internet Storm Center website has a daily InfoSec blog, InfoSec tools, and news among other InfoSec
information.
The correct answers are: InfoSec reports, InfoSec job postings

Question 11 If a person knowingly accesses a government computer without permission, what federal act laws would the
Correct person be subject to?

Mark 1.00 out of

Select one:
1.00
GLBA
Flag
question
CFAA 

ECPA
SOX

Refer to curriculum topic: 8.2.2

The Computer Fraud and Abuse Act (CFAA) provides the foundation for US laws criminalizing unauthorized
access to computer systems.
The correct answer is: CFAA

Question 12 What can be used to rate threats by an impact score to emphasize important vulnerabilities?
Correct
Select one:
Mark 1.00 out of
1.00
ACSC

Flag
CERT
question NVD 
ISC

Refer to curriculum topic: 8.2.3

The National Vulnerability Database (NVD) is used to assess the impact of vulnerabilities and can assist an
organization in ranking the severity of vulnerabilities found within a network.
The correct answer is: NVD

Question 13 A consultant is hired to make recommendations on managing device threats in a company. What are three
Incorrect general recommendations that can be made? (Choose three.)

Mark 0.00 out of

Select one or more:
1.00
Enforce strict HR policies. 
Flag
question
Disable administrative rights for users. 

Enable automated antivirus scans.

Enable screen lockout. 

Remove content filtering.

Enable media devices.

Refer to curriculum topic: 8.1.2

Workstations can be hardened by removing unnecessary permissions, automating processes, and turning
on security features.
The correct answers are: Disable administrative rights for users., Enable screen lockout., Enable automated
antivirus scans.

Question 14 As part of HR policy in a company, an individual may opt-out of having information shared with any third
Incorrect party other than the employer. Which law protects the privacy of personal shared information?

Mark 0.00 out of

Select one:
1.00
FIRPA 
Flag
question SOX

GLBA

PCI

Refer to curriculum topic: 8.2.2

The Gramm-Leach-Bliley Act (GLBA) includes privacy provisions for individuals and provides opt-out
methods to restrict information sharing with third-party firms.
The correct answer is: GLBA

Question 15 A breach occurs in a company that processes credit card information. Which industry specific law governs
Correct credit card data protection?

Mark 1.00 out of

Select one:
1.00
GLBA
Flag
question PCI DSS 

ECPA
SOX

Refer to curriculum topic: 8.2.2

The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data as
merchants and banks exchange transactions.
The correct answer is: PCI DSS

Question 16 What are two potential threats to applications? (Choose two.)

Incorrect
Select one or more:
Mark 0.00 out of
1.00
power interruptions

Flag unauthorized access 

question data loss
social engineering 

Refer to curriculum topic: 8.1.7

Threats to applications can include the following:
Unauthorized access to data centers, computer rooms, and wiring closets
Server downtime for maintenance purposes
Network operating system software vulnerability
Unauthorized access to systems
Data loss
Downtime of IT systems for an extended period
Client/server or web application development vulnerabilities
The correct answers are: data loss, unauthorized access

Question 17 A company has had several incidents involving users downloading unauthorized software, using
Incorrect unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to
manage the user threats. What three things might be put in place to manage the threats? (Choose three.)
Mark 0.00 out of
1.00
Select one or more:
Flag
Monitor all activity by the users. 
question
Provide security awareness training.

Implement disciplinary action.

Use content filtering. 

Disable CD and USB access. 

Change to thin clients.

Refer to curriculum topic: 8.1.1

Users may be unaware of their actions if not educated in the reasons why their actions can cause a problem
with the computer. By implementing several technical and nontechnical practices, the threat can be reduced.
The correct answers are: Disable CD and USB access., Use content filtering., Provide security awareness
training.

Question 18 What are the three broad categories for information security positions? (Choose three.)
Incorrect
Select one or more:
Mark 0.00 out of
1.00
creators 

Flag builders
question doers 

definers
monitors 

seekers

Refer to curriculum topic: 8.3.1

Information security positions can be categorized as::
definers
builders
monitors
The correct answers are: definers, builders, monitors

Question 19 What three services does CERT provide? (Choose three.)

Correct
Select one or more:
Mark 1.00 out of
1.00
develop tools, products, and methods to analyze vulnerabilities 

Flag develop tools, products, and methods to conduct forensic examinations 

question create malware tools

develop attack tools

enforce software standards

resolve software vulnerabilities 

Refer to curriculum topic: 8.2.3

CERT provides multiple services, including:
helps to resolve software vulnerabilities
develops tools, products, and methods to conduct forensic examinations
develops tools, products, and methods to analyze vulnerabilities
develops tools, products, and methods to monitor large networks
helps organizations determine how effective their security-related practices are
The correct answers are: resolve software vulnerabilities, develop tools, products, and methods to analyze
vulnerabilities, develop tools, products, and methods to conduct forensic examinations

Finish review

NetAcad, a Cisco Corporate Social Responsibility program, is an IT skills and career building program available to learning institutions and individuals worldwide.

Terms and Conditions Cookie Policy Privacy Statement Data Protection Accessibility Trademarks