100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CMIT 320 Final Exam Questions and Answers $13.99   Add to cart

Exam (elaborations)

CMIT 320 Final Exam Questions and Answers

 6 views  0 purchase
  • Course
  • Cmit
  • Institution
  • Cmit

CMIT 320 Final Exam Questions and Answers what connection type is very similar to bluetooth but used by more specialized devices, such as sensors and fitness trackers ANT (Adaptive Network Technology) What would you recommend to a team member who is interested in additional sources of info...

[Show more]

Preview 3 out of 19  pages

  • September 19, 2024
  • 19
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • Cmit
  • Cmit
avatar-seller
Pogba119
CMIT 320 Final Exam Questions and
Answers
what connection type is very similar to bluetooth but used by more specialized devices,
such as sensors and fitness trackers - answer ANT (Adaptive Network Technology)

What would you recommend to a team member who is interested in additional sources
of information to assist with refining their own understanding of the current attack
surface of the organization? - answer Output from the latest configuration review,
vulnerability scanning, and penetration tests

A user complains that after entering a URL into a browser, what appeared to be the
correct page is displayed in the browser. However, after clicking a few links on the
page, it became obvious that the site the user arrived at was not the correct site, but
instead a malicious copy of the site the user intended to visit. Which of the following
attacks did the user most likely fall prey to? - answer typosquatting

An enterprise cloud administrator needs to create a trust boundary between two
compute instances in the same default security group and on the same IPv4 subnet
within an AWS virtual private cloud (VPC). What would be an effective solution to the
administrator's needs? - answer Place the instances in separate subnets and use a
network firewall between the subnets.

You've taken up a contract helping to upgrade the existing industrial control network for
an oil refinery. What network type should you expect to work with? - answer DCS

Which of the following is a risk to cloud services that is not a risk to on-premises
services? - answer Your data may be threatened by attacks launched on the data of
others.

Which of the following factors has no effect on chain of custody, with regard to digital
evidence that is presented to the court? - answer Documentation of the presiding
judge and opposing counsel

On a subnet with limited physical security, you're worried about ARP poisoning and
DHCP spoofing attacks. What switch feature could help prevent both? - answer
802.1AE/MACsec

Your company is developing a custom web app for the sales team. It should be able to
access a list of Salesforce contacts, but for security reasons, the app shouldn't be able
to access the actual Salesforce account. What standard would allow this? - answer
OAuth

,Uses an authenticator to block communications between unauthorized users or
workstations and the local network
Requires the use of EAP and an authentication server - answer 802.1X

Centrally secures access to server resources deployed within or across a non-secure
network - answer Kerberos

Restricts access to a LAN via a WAN link - answer Point to Point Protocol (PPP) with
Challenge Handshake Authentication Protocol (CHAP)

a framework for enterprise risk management - answer 31000

focuses on personal data and privacy - answer 27701

defines the various security controls in greater detail - answer 27002

details the steps to implement a compliant ISMS - answer 27001

what area of compliance requirements is part of all of the following regulations
HIPAA
PCI DSS
SOX
GLBA
FISMA - answer log retention

describes attacks as the pivoting interactions among adversaries, victims, capabilities,
and infrastructure - answer The Diamond Model of Intrusion Analysis

a knowledge base of adversary techniques presented as a matrix for enterprise -
answer mitre att&ck

a linear seven step attack model that defenders use to interrupt the steps and stop the
attack - answer cyber kill chain

After a security incident, you rush to take a screenshot of a telltale running process
before you leisurely take a backup of suspicious files on the hard drive. What forensic
principle are you exercising? - answer Order of Volatility

Which of the following are forms of cybersecurity resilience that help to ensure fault
tolerance or recoverability of services in the case of an outage? - answer A diesel
generator
NIC teaming
Geographically dispersed data centers

Which organization offers freely accessible top-ten lists and cheat sheets in the field of
secure development of web applications? - answer OWASP

, What is the difference between a bluejacking and a bluesnarfing attack? - answer
Bluesnarfing involves data compromise.

In the area of threat hunting, what is meant by intelligence fusion? - answer
Gathering intelligence from multiple sources to feed advanced analytics

Upon browsing the website shop.javatucana.com, which your company uses regularly in
the normal course of business, you are greeted by a privacy error that states, "Your
connection is not private." After confirming that your own computer's date and time are
correct, you positively verify the following details:
The valid-date range of the web server's certificate is current.
The certificate's chain of trust is valid, which includes the fact that your computer trusts
the root CA's certificate
The certificate's Subject Alternative Name field contains javatucana.com.
You accurately entered shop.javatucana.com in the web browser.
Given your inability to explain the privacy error based on your investigation of these
factors, what could be the cause for the error? - answer The web server's certificate
is on the CRL.
There are no wildcards in the web server's certificate.

What technology uses the TPM to store hashes of signed boot files for comparison the
next time the system boots and for export in a quote for remote attestation? - answer
measured boot

After having trouble navigating to a webpage on the Internet, resulting in a privacy error,
you inspect the site's certificate and notice the chain of certificates contains three
nodes, one being the leaf certificate of the site you are attempting to reach. You inspect
the root certificate and find that your operating system stores an exact match for it
locally and, therefore, it and your browser trust it explicitly. Which of the following
actions might solve the problem you are facing? - answer install the certificate of the
intermediate CA

Which solution allows separation of resources down to the application level if
necessary? - answer containers

What's one of the best ways to reduce the threat associated with dead code? - answer
implementing version control

An attacker with a fraudulent certificate for your bank is planning to intercept your
transactions in an on-path (MitM) attack. The certificate hasn't been revoked yet, but
what technology could still let you know something is wrong? - answer key pinning

What kind of security training is most important for a company executive? - answer
Overall awareness of the organization's assets and threats to them

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Pogba119. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79650 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.99
  • (0)
  Add to cart