CCNA Cbrops Security Concepts Questions

75 of 99 questions · Page 1/2 · Cbrops Security Concepts topic · Answers revealed

1
MCQhard

An organization wants to ensure that a received email genuinely came from the claimed sender and has not been altered. Which cryptographic mechanism provides both authentication and integrity?

A.Digital signature
B.Hash function
C.Public key infrastructure (PKI)
D.Symmetric encryption
AnswerA

Digital signatures use the sender's private key, providing authentication and integrity.

Why this answer

A digital signature uses the sender's private key to sign the message, and the recipient verifies it with the sender's public key. This process provides authentication (proving the sender's identity) and integrity (detecting any alteration) because any change to the message invalidates the signature. Hash functions alone provide integrity but not authentication, while PKI is the infrastructure that supports digital signatures but is not the mechanism itself.

Exam trap

Cisco often tests the distinction between a mechanism (digital signature) and the supporting infrastructure (PKI), leading candidates to mistakenly select PKI because they associate it with certificates and authentication.

How to eliminate wrong answers

Option B is wrong because a hash function provides integrity by producing a fixed-size digest, but it does not authenticate the sender; an attacker can replace both the message and its hash. Option C is wrong because PKI is a framework of policies, roles, and certificates that enables digital signatures and encryption, but it is not a cryptographic mechanism that directly provides both authentication and integrity. Option D is wrong because symmetric encryption provides confidentiality (secrecy) but does not inherently authenticate the sender or ensure integrity; an attacker with the shared key could modify the ciphertext.

2
Multi-Selectmedium

A healthcare organization must comply with HIPAA. Which THREE security measures are typically required under HIPAA? (Choose three.)

Select 3 answers
A.Regular vulnerability scanning of all internet-facing systems
B.Encryption of electronic protected health information (ePHI)
C.Annual penetration testing by an external firm
D.Implementation of access controls to limit who can view ePHI
E.Audit controls to record and examine access to ePHI
AnswersB, D, E

Encryption is an addressable implementation specification to protect ePHI.

Why this answer

HIPAA requires encryption of ePHI, access controls, and audit controls to ensure confidentiality, integrity, and availability of protected health information.

3
MCQhard

An organization wants to ensure that data sent over the internet cannot be read if intercepted. Which cryptographic method should be used?

A.Digital signature using RSA
B.Hash-based message authentication code (HMAC)
C.Symmetric encryption with AES
D.Hashing with SHA-256
AnswerC

Symmetric encryption like AES encrypts data for confidentiality.

Why this answer

Symmetric encryption, such as AES, provides confidentiality by encrypting data so that only those with the key can read it.

4
MCQmedium

A security analyst observes repeated failed login attempts from a single external IP address, causing the authentication server to become unresponsive. Which type of attack is occurring?

A.Denial of Service
B.Reconnaissance
C.Brute force attack
D.Man-in-the-middle
AnswerA

The repeated login attempts are overwhelming the server, causing a DoS.

Why this answer

A Denial of Service (DoS) attack aims to make a system or service unavailable by overwhelming it with requests.

5
MCQmedium

An attacker uses a tool to capture keystrokes on a compromised system. What type of malware is most likely in use?

A.Spyware
B.Rootkit
C.Ransomware
D.Keylogger
AnswerD

Keylogger specifically records keystrokes.

Why this answer

Option D is correct because a keylogger is a type of malware specifically designed to capture and record keystrokes on a compromised system. The question directly describes the behavior of capturing keystrokes, which is the primary function of a keylogger, making it the most likely malware in use.

Exam trap

Cisco often tests the distinction between a general category (spyware) and a specific type (keylogger), so the trap here is that candidates may choose spyware because it is a broader term, but the question asks for the most likely malware based on the specific behavior described.

How to eliminate wrong answers

Option A is wrong because spyware is a broader category of malware that focuses on collecting information about a user's activities, such as browsing habits or login credentials, but it does not specifically specialize in capturing keystrokes; a keylogger is a subset of spyware, but the question asks for the most likely type, and keylogger is more precise. Option B is wrong because a rootkit is designed to hide the presence of other malware or provide persistent, stealthy access to a system by modifying operating system kernel or system calls, not to capture keystrokes directly. Option C is wrong because ransomware is malware that encrypts files or locks the system to demand a ransom, and it does not typically include keystroke capture as its primary function.

6
MCQmedium

A security analyst is reviewing logs and notices that an attacker has intercepted and modified communications between two devices on the same network. Which attack technique is being used?

A.Reconnaissance
B.ARP spoofing
C.Man-in-the-Middle
D.DNS poisoning
AnswerC

MitM attacks intercept and modify communications.

Why this answer

Man-in-the-Middle attacks intercept and alter communications between two parties.

7
MCQhard

A security analyst is selecting a symmetric encryption algorithm for encrypting data at rest. Which of the following is a suitable symmetric algorithm?

A.AES
B.ECC
C.RSA
D.SHA-256
AnswerA

AES is a symmetric block cipher.

Why this answer

AES is a widely used symmetric encryption algorithm.

8
Multi-Selecthard

An organization wants to ensure data integrity and non-repudiation for sensitive documents. Which THREE cryptographic mechanisms should be implemented? (Select three.)

Select 3 answers
A.Steganography
B.Digital signatures
C.Hashing
D.Asymmetric encryption
E.Symmetric encryption
AnswersB, C, D

Digital signatures authenticate the sender and provide non-repudiation.

Why this answer

Digital signatures provide both data integrity and non-repudiation by using the sender's private key to sign a hash of the document. The recipient verifies the signature with the sender's public key, ensuring the document has not been altered and that the sender cannot deny having signed it.

Exam trap

Cisco often tests the distinction between integrity-only mechanisms (hashing) and those that also provide non-repudiation (digital signatures), leading candidates to incorrectly select symmetric encryption or steganography when the question explicitly requires both integrity and non-repudiation.

9
MCQmedium

What is the primary difference between symmetric and asymmetric encryption?

A.Asymmetric encryption is used only for hashing
B.Symmetric uses two keys, asymmetric uses one
C.Symmetric is slower than asymmetric
D.Symmetric uses a single shared key; asymmetric uses a key pair
AnswerD

Correct: symmetric uses one key for both operations; asymmetric uses a public and private key.

Why this answer

Symmetric uses one shared key; asymmetric uses a public-private key pair.

10
MCQeasy

Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?

A.Availability
B.Authentication
C.Integrity
D.Confidentiality
AnswerC

Integrity ensures data is not altered by unauthorized parties.

Why this answer

The integrity element of the CIA triad ensures that data cannot be modified by unauthorized parties. Integrity mechanisms, such as hashing algorithms (e.g., SHA-256) or digital signatures, detect any unauthorized changes to data in transit or at rest. If an attacker alters a packet or file, the hash value will not match, alerting the system to the breach.

Exam trap

Cisco often tests the distinction between confidentiality and integrity, where candidates mistakenly choose confidentiality because they associate encryption with all data protection, but encryption only prevents reading, not modification.

How to eliminate wrong answers

Option A is wrong because availability ensures that data and services are accessible when needed, not that data remains unmodified; it focuses on uptime and resilience against denial-of-service attacks. Option B is wrong because authentication verifies the identity of a user or device (e.g., via passwords or certificates), but does not protect data from modification once access is granted. Option D is wrong because confidentiality ensures that data is not disclosed to unauthorized parties (e.g., via encryption), but does not prevent unauthorized modification of that data.

11
MCQmedium

Which cryptographic method uses the same key for both encryption and decryption, and is typically faster than asymmetric encryption?

A.Digital signature
B.RSA
C.AES
D.SHA-256
AnswerC

AES is a symmetric encryption algorithm.

Why this answer

Symmetric encryption uses a single shared key for both operations.

12
Multi-Selecteasy

Which TWO of the following are examples of malware that rely on user interaction to spread? (Select two.)

Select 2 answers
A.Rootkit
B.Worm
C.Trojan
D.Virus
E.Ransomware
AnswersC, D

Trojans rely on users to download and execute them.

Why this answer

A virus requires user action (e.g., opening an infected file) to execute and spread. A Trojan also relies on user deception to install. Worms spread without user interaction.

13
MCQeasy

A security analyst is notified that an employee's laptop was stolen. The laptop contains sensitive customer data. Which type of threat does this incident represent?

A.Exploit
B.Risk
C.Threat
D.Vulnerability
AnswerC

A threat is any potential danger that could exploit a vulnerability.

Why this answer

The threat is the potential compromise of confidentiality due to physical theft of a device containing sensitive data.

14
MCQhard

During a security audit, it is discovered that an organization’s network is vulnerable to ARP spoofing attacks. Which type of attack could result from exploiting this vulnerability?

A.DNS poisoning
B.Man-in-the-middle
C.Phishing
D.DoS
AnswerB

ARP spoofing enables MitM by intercepting traffic.

Why this answer

ARP spoofing can be used to perform man-in-the-middle attacks by associating the attacker's MAC address with the IP address of a legitimate host.

15
Multi-Selecteasy

A security analyst is reviewing network logs and identifies several failed login attempts followed by a successful login from an unusual geographic location. Which TWO security concepts are most directly related to this scenario? (Choose two.)

Select 2 answers
A.Exploit
B.Non-repudiation
C.Threat
D.Risk
E.Vulnerability
AnswersA, C

The successful login from an unusual location suggests an exploit was successful.

Why this answer

The failed attempts indicate an active attempt to exploit a vulnerability (threat), and the unusual location suggests unauthorized access (exploitation).

16
Multi-Selectmedium

A security engineer is implementing controls to meet compliance requirements. Which TWO of the following frameworks are specifically designed for protecting personal data?

Select 2 answers
A.HIPAA
B.NIST Cybersecurity Framework
C.GDPR
D.PCI DSS
E.ISO 27001
AnswersA, C

HIPAA protects health information.

Why this answer

HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law that mandates specific safeguards for protecting individually identifiable health information (PHI). It directly addresses the privacy and security of personal health data, making it a framework specifically designed for protecting personal data in the healthcare context.

Exam trap

Cisco often tests the distinction between frameworks that are specifically designed for personal data protection (like HIPAA and GDPR) versus general cybersecurity or information security frameworks (like NIST CSF, PCI DSS, and ISO 27001) that may include data protection but are not their primary purpose.

17
Multi-Selecthard

A security team is implementing a Public Key Infrastructure (PKI) to support digital signatures for email. Which THREE components are essential to the PKI framework? (Choose three.)

Select 3 answers
A.Registration Authority (RA)
B.Private key
C.Certificate Authority (CA)
D.Certificate Revocation List (CRL)
E.Digital certificates
AnswersA, C, E

The RA verifies identity before certificate issuance.

Why this answer

A PKI includes a Certificate Authority (CA) that issues certificates, certificates themselves that bind public keys to identities, and a registration authority (RA) that verifies identities. The private key is held by the user, not part of the PKI infrastructure. The CRL is a mechanism but not a core component.

18
MCQmedium

A user receives an email that appears to be from the company's IT department asking for their password to perform a security check. The email contains a link to a fake login page. Which type of social engineering attack is this?

A.Spear phishing
B.Vishing
C.Pretexting
D.Phishing
AnswerD

Phishing is a broad attack using fraudulent emails and websites.

Why this answer

Phishing typically uses deceptive emails and fake websites to trick users into revealing sensitive information.

19
MCQmedium

A security engineer is analyzing a recent breach. The attacker gained access by sending an email that appeared to be from the CEO, requesting the recipient to transfer funds. What type of social engineering attack is this?

A.Spear phishing
B.Vishing
C.Phishing
D.Pretexting
AnswerA

Targeted attack on a specific person with personalized email.

Why this answer

Spear phishing targets a specific individual with personalized content, often impersonating a trusted source.

20
MCQeasy

Which of the following best describes a vulnerability?

A.A weakness in a system that could be exploited
B.The act of taking advantage of a weakness
C.The likelihood that a threat will exploit a weakness
D.A potential event that could cause harm
AnswerA

Exactly.

Why this answer

A vulnerability is a weakness in a system that can be exploited by a threat.

21
MCQmedium

An organization experiences a ransomware attack where files are encrypted and a ransom is demanded. Which element of the CIA triad is most directly impacted?

A.Availability
B.Integrity
C.Non-repudiation
D.Confidentiality
AnswerA

Ransomware prevents access to data, impacting availability.

Why this answer

A ransomware attack encrypts files and demands payment, directly preventing users from accessing their data and systems. This loss of access is a direct impact on Availability, which ensures that information and resources are accessible when needed. The CIA triad's Availability element is most immediately compromised because the organization cannot retrieve or use its encrypted files.

Exam trap

Cisco often tests the distinction between Integrity and Availability by presenting a scenario where data is altered (encryption) but the primary consequence is loss of access, leading candidates to mistakenly choose Integrity because they focus on the modification rather than the resulting denial of service.

How to eliminate wrong answers

Option B is wrong because Integrity is about ensuring data has not been tampered with or altered; while ransomware does modify files by encrypting them, the primary impact is the loss of access, not the verification of data correctness. Option C is wrong because Non-repudiation refers to the ability to prove that an action or transaction occurred, typically through digital signatures or logs, which is not directly relevant to file encryption and ransom demands. Option D is wrong because Confidentiality involves protecting data from unauthorized disclosure; ransomware does not primarily expose data to unauthorized parties (unless exfiltration occurs), but rather locks authorized users out.

22
MCQhard

An organization wants to implement a security framework that includes functions such as Identify, Protect, Detect, Respond, and Recover. Which framework aligns with this structure?

A.NIST Cybersecurity Framework
B.HIPAA Security Rule
C.PCI DSS
D.ISO 27001
AnswerA

The NIST CSF includes Identify, Protect, Detect, Respond, Recover.

Why this answer

The NIST Cybersecurity Framework is built around these five core functions.

23
MCQhard

During a penetration test, a security engineer uses publicly available information from LinkedIn and Google to gather details about employees and organizational structure. Which type of reconnaissance is being performed?

A.Active reconnaissance
B.Social engineering
C.Passive reconnaissance
D.Internal reconnaissance
AnswerC

Using public sources like LinkedIn and Google without touching the target's systems is passive.

Why this answer

Option C is correct because the security engineer is gathering information from publicly available sources (LinkedIn, Google) without directly interacting with the target's systems. This is the definition of passive reconnaissance, which involves collecting data from open-source intelligence (OSINT) without sending any packets to the target network.

Exam trap

Cisco often tests the distinction between active and passive reconnaissance by describing an activity that uses public sources but might seem 'active' to a novice; the trap here is confusing passive information gathering with active scanning or social engineering.

How to eliminate wrong answers

Option A is wrong because active reconnaissance involves direct interaction with the target, such as sending probes, scans, or packets (e.g., using Nmap or ping sweeps), which is not described here. Option B is wrong because social engineering involves manipulating people to divulge confidential information, not simply collecting publicly available data from websites. Option D is wrong because internal reconnaissance is performed from within the target's network, often after gaining initial access, whereas this activity occurs externally using public sources.

24
MCQmedium

A security engineer discovers that an attacker has inserted fake entries into a DNS resolver's cache, redirecting users to a malicious website. Which attack has occurred?

A.DDoS
B.DNS poisoning
C.Man-in-the-middle
D.ARP spoofing
AnswerB

DNS poisoning corrupts the cache to redirect queries.

Why this answer

DNS poisoning, also known as DNS cache poisoning, occurs when an attacker inserts forged DNS resource records into a resolver's cache. This causes the resolver to return a malicious IP address for a legitimate domain, redirecting users to an attacker-controlled site without their knowledge.

Exam trap

Cisco often tests the distinction between DNS poisoning and ARP spoofing by presenting a scenario involving redirection to a malicious site, leading candidates to confuse the Layer 2 ARP attack with the Layer 7 DNS cache corruption.

How to eliminate wrong answers

Option A is wrong because a DDoS (Distributed Denial of Service) attack aims to overwhelm a target with traffic to disrupt service, not to insert fake DNS entries. Option C is wrong because a man-in-the-middle (MITM) attack intercepts and potentially alters communications between two parties in real time, whereas DNS poisoning corrupts the resolver's stored cache records. Option D is wrong because ARP spoofing links an attacker's MAC address to a legitimate IP address on a local network, targeting Layer 2 address resolution, not the DNS resolver's cache.

25
MCQmedium

What is the primary purpose of a digital certificate in a Public Key Infrastructure (PKI)?

A.To encrypt all network traffic
B.To bind a public key to an identity
C.To provide a backup of private keys
D.To prevent malware infections
AnswerB

Certificates associate a public key with an entity, verified by a CA.

Why this answer

The primary purpose of a digital certificate in a Public Key Infrastructure (PKI) is to bind a specific public key to a verified identity (such as a person, device, or organization). This binding is achieved through the certificate authority (CA) signing the certificate, which cryptographically asserts that the public key belongs to the named subject. Without this binding, there would be no trusted way to associate a public key with its owner, making secure communications and authentication impossible.

Exam trap

Cisco often tests the misconception that a digital certificate itself encrypts data or contains the private key, when in fact it only binds the public key to an identity and never holds the private key.

How to eliminate wrong answers

Option A is wrong because encrypting all network traffic is not the role of a digital certificate; encryption of traffic is performed by protocols like TLS using the public/private key pair, but the certificate itself only provides the binding and does not perform encryption. Option C is wrong because a digital certificate contains only the public key and identity information, never the private key; backing up private keys is a separate key management task, and exposing the private key in a certificate would break the entire security model. Option D is wrong because preventing malware infections is a function of security controls such as antivirus software, firewalls, and endpoint protection, not of digital certificates or PKI.

26
MCQeasy

Which element of the CIA triad ensures that data cannot be modified by unauthorized parties?

A.Availability
B.Non-repudiation
C.Integrity
D.Confidentiality
AnswerC

Integrity ensures data accuracy and prevents unauthorized changes.

Why this answer

Integrity protects data from unauthorized alteration. Confidentiality prevents disclosure, availability ensures access.

27
Multi-Selecteasy

A company needs to comply with regulations that protect personal data of EU citizens. Which TWO compliance frameworks are directly relevant to this requirement? (Choose two.)

Select 1 answer
A.PCI DSS
B.GDPR
C.ISO 27001
D.NIST Cybersecurity Framework
E.HIPAA
AnswersB

GDPR protects personal data of EU citizens.

Why this answer

GDPR is the EU regulation for personal data protection. PCI DSS applies to payment card data. HIPAA applies to health data in the US.

NIST CSF and ISO 27001 are general frameworks.

28
Multi-Selecteasy

A security analyst is assessing the risks to a company's data. The analyst identifies a vulnerability in the web application that could allow SQL injection. Which TWO terms correctly describe the elements of this risk scenario? (Choose two.)

Select 2 answers
A.The SQL injection flaw in the application is a threat.
B.The combination of the vulnerability and threat is the exploit.
C.The SQL injection flaw in the application is a vulnerability.
D.The possibility of an attacker exploiting the SQL injection is a vulnerability.
E.The possibility of an attacker exploiting the SQL injection is a threat.
AnswersC, E

A vulnerability is a weakness that can be exploited.

Why this answer

The SQL injection flaw is a vulnerability (weakness). The potential for an attacker to exploit it is a threat. Risk is the likelihood and impact combined.

29
MCQmedium

An attacker uses a tool to scan all IP addresses in a range to identify which hosts are online and what services are running. Which type of reconnaissance is this?

A.Active reconnaissance
B.Denial of Service
C.Passive reconnaissance
D.Social engineering
AnswerA

Active recon includes scanning and probing the target system.

Why this answer

Active reconnaissance involves direct interaction with the target, such as port scanning and ping sweeps.

30
MCQmedium

Which compliance framework specifically addresses the protection of cardholder data?

A.PCI DSS
B.GDPR
C.ISO 27001
D.HIPAA
AnswerA

PCI DSS is for payment card security.

Why this answer

PCI DSS (Payment Card Industry Data Security Standard) is designed to secure credit card transactions and protect cardholder data.

31
Multi-Selecthard

A company is implementing a security policy to reduce risk. Which THREE activities are examples of risk mitigation? (Choose three.)

Select 3 answers
A.Implementing access controls
B.Accepting the risk without action
C.Encrypting sensitive data
D.Purchasing cyber insurance
E.Patching vulnerabilities
AnswersA, C, E

Access controls limit exposure, reducing risk.

Why this answer

Risk mitigation involves implementing controls to reduce risk: patching, access controls, and encryption.

32
Multi-Selecthard

Which THREE components are part of a Public Key Infrastructure (PKI)? (Choose three.)

Select 3 answers
A.Registration Authority (RA)
B.Symmetric encryption key
C.Digital certificate
D.Hash function
E.Certificate Authority (CA)
AnswersA, C, E

The RA assists the CA by verifying certificate requestors' identities.

Why this answer

The Registration Authority (RA) is a key component of a PKI because it acts as the intermediary between the user and the Certificate Authority (CA). The RA is responsible for verifying the identity of an entity requesting a digital certificate before the CA issues the certificate, thereby offloading identity proofing tasks from the CA.

Exam trap

Cisco often tests the distinction between PKI components (CA, RA, digital certificate) and cryptographic primitives (hash functions, symmetric keys), so candidates mistakenly select hash functions or symmetric keys because they are associated with security, but they are not structural PKI components.

33
MCQeasy

Which term describes a weakness in a system that could be exploited by a threat?

A.Vulnerability
B.Risk
C.Exploit
D.Threat
AnswerA

A vulnerability is a weakness that can be exploited.

Why this answer

A vulnerability is a weakness in a system, such as a missing security patch, misconfiguration, or design flaw, that a threat actor could exploit to compromise confidentiality, integrity, or availability. In the context of the 200-201 exam, this aligns with the core security concept that vulnerabilities are the specific gaps that make an asset susceptible to attack.

Exam trap

Cisco often tests the distinction between vulnerability and exploit by describing a scenario where a tool is used to break into a system, leading candidates to mistakenly select 'exploit' when the question asks for the weakness itself.

How to eliminate wrong answers

Option B (Risk) is wrong because risk is the potential for loss or damage when a threat exploits a vulnerability, not the weakness itself. Option C (Exploit) is wrong because an exploit is the actual code, technique, or tool used to take advantage of a vulnerability, not the weakness. Option D (Threat) is wrong because a threat is any potential danger (e.g., a hacker, malware, or natural disaster) that could cause harm, not the system weakness.

34
MCQeasy

A security administrator needs to verify that a downloaded file has not been altered during transit. Which cryptographic technique should be used?

A.Public key encryption
B.Symmetric encryption
C.Hashing
D.Digital signature
AnswerC

Hashing ensures data integrity by comparing hash values.

Why this answer

Hashing produces a fixed-size hash that changes if the file is modified, allowing integrity verification.

35
MCQmedium

Which type of malware is designed to encrypt files on a victim's system and demand payment for the decryption key?

A.Rootkit
B.Worm
C.Trojan horse
D.Ransomware
AnswerD

Ransomware encrypts data and demands payment.

Why this answer

Ransomware is the correct answer because it is specifically designed to encrypt files on a victim's system using a symmetric or asymmetric encryption algorithm (e.g., AES-256, RSA-2048) and then demand a ransom payment, typically in cryptocurrency, in exchange for the decryption key. This type of malware directly targets data availability, a core component of the CIA triad, by rendering files inaccessible until the ransom is paid.

Exam trap

Cisco often tests the distinction between ransomware and Trojan horses, where candidates mistakenly choose Trojan horse because they associate it with malicious software that tricks users, but the key differentiator is that ransomware specifically encrypts files for extortion, whereas a Trojan horse may have various payloads like backdoors or keyloggers.

How to eliminate wrong answers

Option A is wrong because a rootkit is designed to hide the presence of other malware or processes by modifying the operating system kernel or system calls, not to encrypt files for ransom. Option B is wrong because a worm is a self-replicating malware that spreads across networks without user interaction, often consuming bandwidth or delivering payloads, but it does not inherently encrypt files for extortion. Option C is wrong because a Trojan horse disguises itself as legitimate software to trick users into installing it, but its primary purpose is to provide unauthorized remote access or steal data, not to encrypt files and demand payment.

36
MCQeasy

A security analyst discovers that an employee's computer is infected with malware that encrypts files and demands payment. What type of malware is this?

A.Spyware
B.Worm
C.Ransomware
D.Rootkit
AnswerC

Ransomware encrypts files and demands payment.

Why this answer

Ransomware encrypts files and demands a ransom for decryption.

37
MCQeasy

Which of the following best describes the relationship between a vulnerability, threat, and risk in cybersecurity?

A.A vulnerability is a potential danger; a threat is a weakness; risk is the impact.
B.A vulnerability is a potential attack; a threat is a weakness.
C.Risk is eliminated when a vulnerability is patched.
D.A threat exploits a vulnerability, resulting in risk.
AnswerD

Risk = likelihood of threat exploiting vulnerability * impact.

Why this answer

Option D is correct because in cybersecurity, a threat (e.g., an attacker) exploits a vulnerability (e.g., an unpatched software flaw) to cause harm, and the likelihood and impact of that exploitation constitute risk. This aligns with the NIST SP 800-30 definition: risk is a function of the likelihood of a threat exploiting a vulnerability and the resulting impact. Without the exploitation of a vulnerability by a threat, there is no risk to the asset.

Exam trap

Cisco often tests the precise definitions of vulnerability, threat, and risk, and the trap here is confusing the terms (e.g., thinking a vulnerability is a threat or that risk disappears after patching) rather than recognizing the causal chain where a threat exploits a vulnerability to create risk.

How to eliminate wrong answers

Option A is wrong because it reverses the definitions: a vulnerability is a weakness (e.g., an open port or missing patch), not a potential danger; a threat is a potential danger (e.g., a hacker or malware), not a weakness; and risk is not simply the impact but the combination of likelihood and impact. Option B is wrong because a vulnerability is not a potential attack (an attack is an action), and a threat is not a weakness (a weakness is a vulnerability). Option C is wrong because patching a vulnerability reduces risk but does not eliminate it entirely; residual risk remains due to other vulnerabilities, threats, or incomplete coverage (e.g., a patched system may still be vulnerable to zero-day exploits or misconfigurations).

38
MCQhard

A security analyst needs to ensure that a message has not been tampered with during transit and that the sender cannot deny sending it. Which cryptographic method should be used?

A.Digital signature
B.Symmetric encryption
C.Hashing
D.Public key infrastructure (PKI)
AnswerA

Digital signatures ensure integrity and non-repudiation.

Why this answer

A digital signature provides both integrity (ensuring the message has not been tampered with) and non-repudiation (preventing the sender from denying they sent it). It works by hashing the message and encrypting that hash with the sender's private key; the recipient verifies the signature using the sender's public key. This cryptographic method uniquely binds the sender to the message, unlike other options that only address one of these requirements.

Exam trap

Cisco often tests the distinction between hashing (which provides integrity only) and digital signatures (which provide both integrity and non-repudiation), leading candidates to mistakenly choose hashing when non-repudiation is required.

How to eliminate wrong answers

Option B (Symmetric encryption) is wrong because it only provides confidentiality (secrecy) and does not provide integrity or non-repudiation; both parties share the same key, so the sender can deny sending the message. Option C (Hashing) is wrong because while it ensures integrity by detecting tampering, it does not provide non-repudiation since there is no key binding the hash to a specific sender. Option D (Public key infrastructure (PKI)) is wrong because PKI is a framework of policies, roles, and procedures for managing digital certificates and keys, not a cryptographic method itself; it enables digital signatures but does not directly provide integrity and non-repudiation.

39
Multi-Selectmedium

A security analyst is investigating a potential data breach. Which two actions are examples of passive reconnaissance? (Choose two.)

Select 2 answers
A.Performing a port scan on the company's web server
B.Searching for employee information on LinkedIn
C.Using a ping sweep to identify live hosts
D.Conducting a WHOIS lookup on the company domain
E.Sending a phishing email to employees
AnswersB, D

LinkedIn is a public source, passive.

Why this answer

Passive reconnaissance involves gathering information without directly interacting with the target. WHOIS lookups and searching job postings are passive. Port scanning and social engineering are active.

40
MCQmedium

A company's web server is overwhelmed by traffic from multiple compromised systems, causing it to become unresponsive to legitimate users. Which type of attack is this?

A.MitM
B.DoS
C.Botnet
D.DDoS
AnswerD

DDoS uses many sources to launch the attack.

Why this answer

The correct answer is D (DDoS) because the scenario describes a distributed denial-of-service attack: traffic originates from multiple compromised systems (a botnet) to overwhelm the web server. A DDoS attack is a subtype of DoS that specifically uses multiple sources, making it harder to mitigate than a single-source DoS. The key clue is 'multiple compromised systems,' which directly maps to the distributed nature of a DDoS.

Exam trap

Cisco often tests the distinction between DoS and DDoS by including the phrase 'multiple compromised systems' as the key differentiator, and the trap here is that candidates may confuse the attack type (DDoS) with the infrastructure used to execute it (botnet).

How to eliminate wrong answers

Option A (MitM) is wrong because a man-in-the-middle attack intercepts or alters communication between two parties (e.g., ARP spoofing, SSL stripping), not overwhelming a server with traffic. Option B (DoS) is wrong because while a DoS attack also aims to make a service unavailable, the question explicitly states 'multiple compromised systems,' which distinguishes it as a distributed attack; a standard DoS originates from a single source. Option C (Botnet) is wrong because a botnet is the network of compromised devices used to launch the attack, not the attack itself; the question asks for the type of attack, not the infrastructure.

41
Multi-Selectmedium

A security team is analyzing a malware infection. Which two characteristics are typical of a worm? (Choose two.)

Select 2 answers
A.Exploits vulnerabilities to spread without user interaction
B.Requires a host file to propagate
C.Disguises itself as a legitimate program
D.Attaches to an email to spread
E.Self-replicates across networks
AnswersA, E

Worms often exploit network vulnerabilities.

Why this answer

Worms are self-replicating and spread across networks without human intervention. They do not require a host file and often exploit vulnerabilities.

42
MCQmedium

A security analyst needs to verify the authenticity and integrity of a software update. The update is signed with a digital signature. Which key is used to verify the signature?

A.Sender's public key
B.Sender's private key
C.Recipient's public key
D.Recipient's private key
AnswerA

The sender's public key verifies the signature created by their private key.

Why this answer

Digital signatures use asymmetric cryptography: the sender's private key signs, the public key verifies.

43
Multi-Selectmedium

A company is implementing a new security policy to protect customer payment information. Which TWO compliance frameworks are most relevant to this requirement? (Choose two.)

Select 2 answers
A.HIPAA
B.ISO 27001
C.GDPR
D.PCI DSS
E.NIST Cybersecurity Framework
AnswersC, D

GDPR protects personal data, including payment information for EU residents.

Why this answer

PCI DSS applies to payment card data; GDPR applies to personal data of EU residents, which may include payment information.

44
MCQmedium

Which encryption method uses a single key for both encryption and decryption of data?

A.Asymmetric encryption
B.Symmetric encryption
C.Digital signature
D.Hashing
AnswerB

Symmetric encryption uses one shared key.

Why this answer

Symmetric encryption uses a single shared key for both encryption and decryption of data. This is the defining characteristic of symmetric algorithms like AES, DES, and 3DES, where the same secret key must be known to both sender and receiver to protect confidentiality.

Exam trap

Cisco often tests the distinction between symmetric and asymmetric encryption by presenting a scenario where a single key is used, and candidates may confuse 'single key' with the public key in asymmetric encryption, leading them to incorrectly select asymmetric encryption.

How to eliminate wrong answers

Option A is wrong because asymmetric encryption uses a pair of keys (public and private) for encryption and decryption, not a single key. Option C is wrong because a digital signature is a cryptographic mechanism for authentication and non-repudiation, not an encryption method; it uses asymmetric keys to sign and verify, not to encrypt data. Option D is wrong because hashing is a one-way function that produces a fixed-size digest and cannot be reversed to recover the original data, so it does not support both encryption and decryption.

45
Multi-Selectmedium

A security analyst is reviewing logs from a web server and notices a high volume of HTTP requests from a single IP address targeting the same login page within a short time frame. The analyst suspects a brute force attack. Which TWO actions are most appropriate to mitigate this type of attack? (Choose two.)

Select 2 answers
A.Implement rate limiting on the login endpoint.
B.Disable the login page entirely.
C.Block all traffic from the offending IP address permanently.
D.Increase the password complexity requirements.
E.Implement account lockout after a certain number of failed attempts.
AnswersA, E

Rate limiting slows down the attacker's requests.

Why this answer

Implementing account lockout after a few failed attempts prevents further brute force attempts on the same account. Rate limiting restricts the number of requests from a single IP, slowing down the attack.

46
MCQmedium

Which type of malware is designed to replicate itself and spread to other systems without user intervention?

A.Virus
B.Ransomware
C.Trojan
D.Worm
AnswerD

Worms self-replicate and spread automatically.

Why this answer

A worm is a self-replicating malware that spreads automatically across networks, unlike viruses that require a host file.

47
MCQeasy

A security analyst discovers that an attacker is using a vulnerability scanning tool to identify open ports on the company's network. Which type of attack is being performed?

A.Social engineering
B.Passive reconnaissance
C.Active reconnaissance
D.Denial of Service
AnswerC

Port scanning is active reconnaissance because it sends probes to the target.

Why this answer

Active reconnaissance involves direct interaction with the target, such as port scanning, to gather information.

48
MCQeasy

Which NIST Cybersecurity Framework function involves developing and implementing appropriate safeguards to ensure delivery of critical infrastructure services?

A.Respond
B.Detect
C.Identify
D.Protect
AnswerD

Protect develops and implements safeguards to ensure service delivery.

Why this answer

The Protect function supports the ability to limit or contain the impact of a potential cybersecurity event.

49
MCQhard

An attacker intercepts communication between a client and server and modifies the data being transmitted. The client and server are unaware of the modification. Which type of attack is being performed?

A.Man-in-the-Middle
B.ARP spoofing
C.DNS poisoning
D.Replay attack
AnswerA

MitM attacks intercept and can modify communications between two parties.

Why this answer

Man-in-the-Middle (MitM) attack involves an attacker intercepting and potentially altering communication between two parties without their knowledge.

50
MCQeasy

Which element of the CIA triad is primarily compromised when an attacker successfully intercepts and reads encrypted network traffic without authorization?

A.Non-repudiation
B.Confidentiality
C.Integrity
D.Availability
AnswerB

Confidentiality prevents unauthorized disclosure; reading encrypted traffic without authorization breaches this.

Why this answer

Confidentiality ensures that data is not disclosed to unauthorized entities. Intercepting and reading traffic violates this principle.

51
MCQmedium

Which cryptographic technique uses a public and private key pair to provide non-repudiation?

A.Digital signature
B.Symmetric encryption
C.Digital certificate
D.Hashing
AnswerA

Digital signatures provide non-repudiation by using the signer's private key.

Why this answer

Digital signatures use asymmetric cryptography to provide authentication and non-repudiation, as only the signer's private key can create the signature.

52
MCQmedium

An attacker intercepts communication between two parties and modifies the data before forwarding it. Which type of attack is this?

A.Man-in-the-middle
B.DNS poisoning
C.Replay attack
D.ARP spoofing
AnswerA

MitM attacks intercept and can modify communications.

Why this answer

A man-in-the-middle (MITM) attack occurs when an attacker intercepts and alters communications between two parties without their knowledge. The attacker positions themselves between the sender and receiver, capturing, modifying, and then forwarding the data, which directly matches the scenario described.

Exam trap

Cisco often tests the distinction between the attack type (MITM) and the technique used to achieve it (ARP spoofing), causing candidates to confuse the method with the overarching attack category.

How to eliminate wrong answers

Option B (DNS poisoning) is wrong because it involves corrupting a DNS resolver's cache to redirect traffic to a malicious site, not intercepting and modifying an existing communication stream. Option C (Replay attack) is wrong because it captures valid data and retransmits it later, but does not involve modifying the data before forwarding. Option D (ARP spoofing) is wrong because it is a specific technique used to facilitate MITM attacks by linking the attacker's MAC address to a legitimate IP address, but it is not the attack itself—it is a method to achieve a MITM position.

53
MCQmedium

An organization wants to ensure that a message has not been altered during transmission. Which cryptographic technique should be used?

A.Asymmetric encryption
B.Digital signature
C.Hashing
D.Symmetric encryption
AnswerC

Hashing produces a unique hash; comparing hashes detects alterations.

Why this answer

Hashing creates a fixed-size digest; any change in data changes the hash, verifying integrity.

54
MCQmedium

A company's web server is overwhelmed with traffic from many compromised devices, causing legitimate users to be unable to access the site. What type of attack is this?

A.ARP spoofing
B.DoS
C.DNS poisoning
D.DDoS
AnswerD

Distributed Denial of Service uses many compromised devices.

Why this answer

A DDoS uses multiple sources to flood a target, making it unavailable.

55
MCQmedium

A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The email contains a sense of urgency. Which type of attack is this?

A.Pretexting
B.Vishing
C.Spear phishing
D.Phishing
AnswerD

This is a classic phishing attempt.

Why this answer

Phishing is a social engineering attack that uses deceptive emails to trick recipients into revealing sensitive information.

56
Multi-Selecthard

An analyst is investigating a malware infection on a workstation. The malware appears to be a trojan that downloads additional payloads and allows remote control. The analyst needs to classify the malware based on its behavior. Which THREE characteristics match this description? (Choose three.)

Select 3 answers
A.It provides unauthorized remote access to the system.
B.It downloads and installs additional malicious software.
C.It requires user interaction to execute.
D.It self-replicates without user interaction.
E.It encrypts files and demands ransom.
AnswersA, B, C

Remote control is a backdoor characteristic.

Why this answer

A is correct because a trojan is a type of malware that disguises itself as legitimate software to trick users into installing it, and once executed, it often provides unauthorized remote access to the system, commonly through a backdoor. This matches the description of allowing remote control, which is a core characteristic of Remote Access Trojans (RATs).

Exam trap

Cisco often tests the distinction between trojans and worms by emphasizing that trojans require user interaction to execute, whereas worms self-replicate and spread automatically without user action.

57
MCQmedium

A security analyst is reviewing logs and notices that an attacker has intercepted and modified communications between two devices without their knowledge. Which type of attack is this?

A.ARP spoofing
B.DNS poisoning
C.Denial of Service (DoS)
D.Man-in-the-middle (MitM)
AnswerD

MitM involves interception and alteration of communications.

Why this answer

This scenario describes an attacker intercepting and modifying communications between two devices without their knowledge, which is the defining characteristic of a Man-in-the-Middle (MitM) attack. In a MitM attack, the attacker positions themselves between the two communicating parties, allowing them to eavesdrop, capture, and alter data in transit while both endpoints believe they are communicating directly with each other.

Exam trap

The trap here is that Cisco often tests the distinction between the attack technique (e.g., ARP spoofing) and the broader attack category (MitM), leading candidates to confuse a specific method with the overall attack type described in the question.

How to eliminate wrong answers

Option A is wrong because ARP spoofing is a specific technique used to associate an attacker's MAC address with the IP address of a legitimate device on a local network, enabling traffic interception; however, it is a method to facilitate an attack, not the attack itself described in the question. Option B is wrong because DNS poisoning corrupts the DNS resolver cache to redirect users to malicious sites by altering DNS records, but it does not inherently involve intercepting and modifying communications between two specific devices in real time. Option C is wrong because a Denial of Service (DoS) attack aims to overwhelm a target with traffic to disrupt service availability, not to intercept or modify communications between two devices.

58
MCQhard

A company processes credit card payments and must comply with a framework that mandates specific security controls for protecting cardholder data. Which compliance framework applies?

A.ISO 27001
B.PCI DSS
C.GDPR
D.HIPAA
AnswerB

PCI DSS is the standard for protecting cardholder data.

Why this answer

PCI DSS is the Payment Card Industry Data Security Standard, mandatory for entities handling credit card information.

59
MCQmedium

Which compliance framework is specifically designed to protect the privacy and security of electronic health information in the United States?

A.GDPR
B.ISO 27001
C.HIPAA
D.PCI DSS
AnswerC

HIPAA covers health information privacy and security.

Why this answer

HIPAA governs protected health information (PHI) in the US.

60
MCQeasy

A security analyst discovers that an attacker has captured network traffic and used it to impersonate a legitimate user in a subsequent session. Which element of the CIA triad is most directly compromised in this scenario?

A.Integrity
B.Non-repudiation
C.Confidentiality
D.Availability
AnswerC

The attacker captured traffic, violating confidentiality.

Why this answer

Confidentiality is compromised when data is accessed by unauthorized parties. The attacker captured traffic (unauthorized access to data), which leads to impersonation, but the core violation here is confidentiality because the data was disclosed.

61
MCQmedium

Which type of malware is characterized by self-replication and spreading to other systems without user interaction, often causing network congestion?

A.Ransomware
B.Trojan
C.Worm
D.Virus
AnswerC

Worms self-replicate and spread over networks without user intervention.

Why this answer

A worm is self-replicating and spreads automatically, unlike a virus which requires a host file.

62
Multi-Selectmedium

A security analyst is configuring a firewall to block common reconnaissance techniques. Which THREE types of reconnaissance traffic should be blocked to prevent active reconnaissance? (Choose three.)

Select 3 answers
A.Social engineering
B.WHOIS lookups
C.Vulnerability scanning
D.Port scanning
E.Ping sweeps
AnswersC, D, E

Vulnerability scanning actively probes for weaknesses.

Why this answer

Active reconnaissance involves direct interaction with the target. Port scanning, ping sweeps, and vulnerability scanning are active methods. Passive reconnaissance includes social engineering, Google searches, and WHOIS lookups.

63
Multi-Selectmedium

A security analyst is investigating a potential data breach. The analyst identifies that the attacker used a technique to impersonate a legitimate user by spoofing the MAC address and IP address. Which TWO types of network attacks could involve these techniques? (Choose two.)

Select 2 answers
A.ARP spoofing
B.Denial of Service
C.DNS poisoning
D.IP spoofing
E.Phishing
AnswersA, D

ARP spoofing links an attacker's MAC to a legitimate IP.

Why this answer

ARP spoofing is correct because it involves an attacker sending forged ARP messages over a local network to associate their MAC address with the IP address of a legitimate user. This allows the attacker to intercept, modify, or redirect traffic intended for that user, effectively impersonating them at Layer 2.

Exam trap

Cisco often tests the distinction between IP spoofing (Layer 3) and ARP spoofing (Layer 2), and candidates may incorrectly assume that IP spoofing alone is sufficient for impersonation on a local network, forgetting that ARP resolution is required for actual traffic interception.

64
MCQhard

A security analyst is evaluating risks and calculates that a threat has a likelihood of 0.5 and an impact of $200,000. What is the risk value?

A.$50,000
B.$100,000
C.$400,000
D.$200,000
AnswerB

Risk = likelihood × impact = 0.5 × $200,000 = $100,000.

Why this answer

The risk value is calculated by multiplying the likelihood (0.5) by the impact ($200,000), resulting in $100,000. This is the standard quantitative risk analysis formula used in security assessments to prioritize threats.

Exam trap

Cisco often tests the basic risk calculation formula (Risk = Likelihood × Impact) and the trap here is that candidates may mistakenly use the impact value alone or apply incorrect arithmetic, such as dividing instead of multiplying.

How to eliminate wrong answers

Option A is wrong because $50,000 would result from multiplying 0.25 by $200,000, not 0.5. Option C is wrong because $400,000 would result from multiplying 2.0 by $200,000, which is not a valid probability. Option D is wrong because $200,000 assumes a likelihood of 1.0, ignoring the 0.5 probability factor.

65
MCQeasy

Which security concept describes the potential for a threat to exploit a vulnerability, and is often expressed as a combination of likelihood and impact?

A.Risk
B.Exploit
C.Threat
D.Vulnerability
AnswerA

Risk = likelihood × impact.

Why this answer

Risk is the probability and potential damage from a threat exploiting a vulnerability.

66
Multi-Selecthard

An analyst is investigating a security incident where an attacker gained access to a server by exploiting a known vulnerability. The attacker then moved laterally and exfiltrated data. Which THREE phases of the Cyber Kill Chain are evident in this scenario? (Choose three.)

Select 3 answers
A.Reconnaissance
B.Exploitation
C.Weaponization
D.Installation
E.Actions on Objectives
AnswersB, D, E

Exploiting a known vulnerability to gain access.

Why this answer

Exploitation uses the vulnerability, lateral movement is installation or command and control, and exfiltration is actions on objectives.

67
MCQhard

A security analyst is investigating an incident where an attacker successfully altered DNS records to redirect users to a fake website. Which attack occurred?

A.ARP spoofing
B.DNS poisoning
C.Man-in-the-Middle
D.Pharming
AnswerB

DNS poisoning alters DNS records to redirect traffic.

Why this answer

DNS poisoning corrupts DNS resolver caches to redirect traffic to malicious sites.

68
MCQhard

An organization needs to ensure that a document has not been altered and to verify the sender's identity. Which combination of cryptographic techniques should be used?

A.Digital signature and hashing
B.Digital signature and symmetric encryption
C.Symmetric encryption and hashing
D.Asymmetric encryption and hashing
AnswerA

Hashing verifies integrity; the digital signature authenticates the sender.

Why this answer

Hashing ensures integrity (detects changes), and digital signatures (asymmetric) provide authentication and non-repudiation.

69
MCQhard

During a security assessment, an analyst uses the Shodan search engine to find exposed industrial control systems. Which phase of the attack lifecycle does this activity represent?

A.Command and control
B.Reconnaissance
C.Delivery
D.Exploitation
AnswerB

Shodan is used for passive reconnaissance to identify targets.

Why this answer

Reconnaissance involves gathering information about targets. Shodan is a passive reconnaissance tool that indexes device information without direct interaction.

70
MCQmedium

An attacker sends an email that appears to come from the company's IT department, asking the recipient to click a link and reset their password due to a security breach. Which type of social engineering is this?

A.Vishing
B.Phishing
C.Pretexting
D.Spear phishing
AnswerB

A mass email asking for credentials is classic phishing.

Why this answer

B is correct because the attack uses email as the delivery vector to trick the recipient into clicking a malicious link and divulging credentials. This matches the definition of phishing, which is a broad social engineering technique that employs deceptive electronic communications (typically email) to steal sensitive information. The email impersonates the IT department to create a false sense of urgency, a hallmark of phishing campaigns.

Exam trap

The trap here is that candidates often confuse 'phishing' with 'spear phishing' because both involve email, but the key differentiator is that spear phishing is targeted and personalized, while the question describes a generic, untargeted email sent to a broad audience.

How to eliminate wrong answers

Option A is wrong because vishing (voice phishing) uses telephone calls or voice messages, not email, to deceive victims. Option C is wrong because pretexting involves fabricating a scenario or identity to gain trust and extract information, but it does not necessarily rely on a specific communication channel like email; the question explicitly describes an email-based attack, which is phishing. Option D is wrong because spear phishing is a targeted form of phishing aimed at a specific individual or organization, often using personalized details, whereas the scenario describes a generic email sent to a recipient without any indication of customization or prior reconnaissance.

71
MCQeasy

Which element of the CIA triad is primarily concerned with preventing unauthorized access to data?

A.Non-repudiation
B.Integrity
C.Confidentiality
D.Availability
AnswerC

Confidentiality prevents unauthorized disclosure of information.

Why this answer

Confidentiality is the CIA triad element that ensures data is accessible only to authorized users. It is primarily enforced through encryption (e.g., AES-256 for data at rest, TLS 1.3 for data in transit) and access control mechanisms (e.g., RBAC, ACLs). Preventing unauthorized access directly aligns with confidentiality's goal of protecting data from disclosure.

Exam trap

Cisco often tests the distinction between confidentiality and integrity, where candidates mistakenly choose integrity because they conflate 'preventing changes' with 'preventing access'.

How to eliminate wrong answers

Option A is wrong because non-repudiation ensures that a party cannot deny an action (e.g., using digital signatures with PKI), not that data is protected from unauthorized access. Option B is wrong because integrity ensures data has not been altered (e.g., via hashing with SHA-256 or checksums), not that it is hidden from unauthorized viewers. Option D is wrong because availability ensures systems and data are accessible when needed (e.g., via redundancy, failover), not that access is restricted.

72
MCQeasy

Which phase of the NIST Cybersecurity Framework involves actions to limit the impact of a cybersecurity incident?

A.Respond
B.Protect
C.Identify
D.Detect
AnswerA

Respond includes actions to mitigate the impact of an incident.

Why this answer

The Respond phase includes activities to contain, mitigate, and respond to incidents.

73
Multi-Selecthard

An organization is implementing a security policy to protect sensitive data. Which three are considered compliance frameworks that could guide this effort? (Choose three.)

Select 3 answers
A.NIST Cybersecurity Framework
B.ISO 27001
C.HIPAA
D.PCI DSS
E.GDPR
AnswersC, D, E

Health Insurance Portability and Accountability Act.

Why this answer

PCI DSS, HIPAA, and GDPR are well-known compliance frameworks. NIST CSF is a framework but not a compliance standard; ISO 27001 is a standard but the question asks for compliance frameworks.

74
Multi-Selectmedium

An organization wants to ensure the integrity of software updates downloaded from its vendor's website. The vendor provides a hash value for each update. Which TWO properties of hashing algorithms make them suitable for integrity verification? (Choose two.)

Select 3 answers
A.The same input always produces the same hash.
B.A small change in input results in a significantly different hash.
C.The hash can be reversed to obtain the original data.
D.The hash output is always the same length for a given algorithm.
E.Hashing requires a secret key to generate the hash.
AnswersA, B, D

Consistency is needed for comparison, but this is also true for integrity checks. However, the question asks for properties that make it suitable; both C and D are properties, but D is also true. However, the answer expects C and A per typical CyberOps. But D is also true; however, the explanation might be that D is a property but not the reason for integrity? Let's adjust: Actually, the correct two are A and C. D is also true but not unique to hashing; any deterministic function has that. So stick with A and C.

Why this answer

Hashing produces a fixed-size output regardless of input size, and it is a one-way function, meaning the original data cannot be derived from the hash. These properties allow comparison of hashes to detect changes.

75
MCQmedium

A security analyst is examining a log file and notices that the hash value of a configuration file does not match the expected value. Which security goal has been violated?

A.Integrity
B.Confidentiality
C.Non-repudiation
D.Availability
AnswerA

Hash verification is used to check integrity.

Why this answer

Integrity ensures that data has not been altered. A mismatched hash indicates the file has been modified.

Page 1 of 2 · 99 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Cbrops Security Concepts questions.