Which type of attack does the use of HMACs protect against?
Man-in-the-middle — Only sender and receiver know the secret key, preventing tampering and authenticating origin.
Which objective of secure communications is achieved by encrypting data?
Confidentiality — Encryption keeps data private so only authorized recipients can read it.
Which two statements correctly describe certificate classes used in the PKI?
A class 4 certificate is for online business transactions between companies; A class 0 certificate is for testing purposes.
A customer purchases an item from an e-commerce site. Which feature of digital signatures is required to prove the exchange?
Nonrepudiation of the transaction — Provides proof that the data exchange occurred and cannot be denied.
What is the purpose of a digital certificate?
It authenticates a website and establishes a secure connection to exchange confidential data.
In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?
From the root CA or another subordinate CA at a higher level.
What is the purpose for using digital signatures for code signing?
To verify the integrity of executable files downloaded from a vendor website.
What technology uses trusted third-party protocols to issue authoritative credentials?
PKI certificates — Issued by a trusted Certificate Authority to verify identity.
Which risk strategy accepts the risk and its consequences?
Risk retention — Used when mitigation costs exceed potential impact.
Which two classes of metrics are in the CVSS Base Metric Group?
Exploitability and Impact metrics.
Match: develop and implement detection activities
Detect — identifies cybersecurity events.
Match: develop and implement safeguards
Protect — ensures delivery of critical services.
Match: develop organizational understanding
Identify — manages cybersecurity risk.
Which CVSS metric documents that a user had to click a link for an attack to occur?
User interaction — Indicates exploit success depends on user action.
Which test scans internal networks and servers for vulnerabilities?
Vulnerability assessment — Uses automated tools like OpenVAS or Nessus.
What are three outcomes of the NIST “Identify” function?
Asset management, Governance, and Risk assessment.
When establishing a server profile, which element describes open daemons and ports?
Listening ports — TCP/UDP ports allowed to be open.
What is an action in the discovery step of the vulnerability management life cycle?
Developing a network baseline — Inventorying assets and identifying vulnerabilities.
What is the correct order of steps in the vulnerability management life cycle?
Discover → Prioritize assets → Assess → Report → Remediate → Verify.
What does the telemetry function provide in host-based security software?
Comprehensive logging functions — Enables detailed host activity logs.
Which endpoint technology protects hosts against malware using agent-based systems?
HIDS — Host-based Intrusion Detection System.
What is a feature of distributed firewalls?
They combine host-based firewalls with centralized management.
After polymorphic malware is isolated, what should be done to create signatures?
Execute the file in Cisco Threat Grid Glovebox — a sandbox for malware behavior analysis.
On a Windows host, which tool manages blacklists and whitelists?
Group Policy Editor.
