Exam (elaborations)
CMIT 320 Final Exam Questions And Correct Answers
- Course
- Institution
CMIT 320 Final Exam Questions And Correct Answers...
[Show more]
Content preview
CMIT 320 Final Exam Questions And Correct AnswersWhich of the following does NOT affect chain of custody with respect to digital evidence
being presented to the court? - ANSWER Documentation of the presiding judge and
opposing counsel
You are concerned about ARP poisoning and DHCP spoofing attacks on a subnet with
poor physical security. Which of the following switch features can prevent both? -
ANSWER 802.1AE/MACsec
Your company is having a custom web app developed for the sales team. It needs to be
able to retrieve a list of Salesforce contacts, but for security reasons, this app should
not have access to the actual Salesforce account. What standard would permit this? -
ANSWER OAuth
Considers an authenticator to block communications between unauthorized users or
workstations and the local network
Requires the use of EAP and an authentication server - ANSWER 802.1X
Centrally secures access to server resources deployed within or across a non-secure
network - ANSWER Kerberos
Restricts access to a LAN via a WAN link - ANSWER Point to Point Protocol (PPP) with
Challenge Handshake Authentication Protocol (CHAP)
What can you think of that is quite similar to Bluetooth, yet is used by even more
specialized devices like sensors and fitness trackers? ANSWER ANT - Adaptive Network
Technology
What do you recommend to a group member interested in additional sources of
information that will help them refine their own understanding of the organization's
,current attack surface? ANSWER Output from recent configuration review, vulnerability
scanning, and penetration tests
One user complained that after keying a URL into a browser, what apparently was the
correct page was returned in the browser. After several links on the page were clicked,
it became obvious that the site the user had arrived at was not the correct site but was
an evil twin of the site the user wanted to visit. Which of the following attacks did the
user most likely fall prey to? - ANSWER typosquatting
A company cloud administrator needs to establish a trust boundary between two
compute instances that belong to the same default security group and are located on
the same IPv4 subnet in an AWS VPC. Which of the following solutions will best meet the
administrator's requirements? - ANSWER Place the instances in separate subnets and
use a network firewall between the subnets.
You have taken up a contract that helps upgrade the existing industrial control network
for an oil refinery. What type of network should you expect to work with? - ANSWER DCS
Which of the following is a risk to cloud services that does not apply to on-premises
services? - ANSWER Your data may be threatened by attacks launched on the data of
others.
a framework for enterprise risk management - ANSWER 31000
focuses on personal data and privacy - ANSWER 27701
defines the different security controls in more detail - ANSWER 27002
outlines the process to actually develop an ISMS that is compliant - ANSWER 27001
which of the following areas of compliance requirements has a component of all of the
following regulations
HIPAA
, PCI DSS
SOX
GLBA
FISMA - ANSWER log retention
has modeled attacks as the pivoting interactions between adversaries, victims,
capabilities, and infrastructure - ANSWER The Diamond Model of Intrusion Analysis
a knowledge base of adversary techniques presented as a matrix for enterprise -
ANSWER mitre att&ck
a linear seven step attack model defenders use to interrupt the steps and stop the
attack - ANSWER cyber kill chain
Immediately following a security incident, you hasten to take a screenshot of a telltale
running process before leisurely taking a backup of suspicious files on the hard drive.
What forensic principle are you exercising? ANSWER Order of Volatility
Which of the following is a form of cybersecurity resilience that helps assuring fault
tolerance or recoverability of services in the case of an outage? ANSWER A diesel
generator
NIC teaming
Geographically dispersed data centers
Which organization offers opensource top-ten lists and cheat sheets in the subject area
of secure development of web applications? - ANSWER OWASP
What is the difference between a bluejacking from a bluesnarfing attack?- ANSWER
Bluesnarfing includes data compromise.
Threat hunting terms - what is the meaning of intelligence fusion? - ANSWER
Intelligence from various sources to feed advanced analytics
When attempting to access the website shop.javatucana.com, which your company
uses without incident on a daily basis in the normal course of business, there is a
privacy error that states, "Your connection is not private." Once you are satisfied that
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Braxton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
82013 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now