Pen used to do a practice exam.

Domain 6 Quiz

Domain 6 Quiz

  1. You want to use a system that can protect communication by authenticating the server, and also providing a copy of the server's public key in a trustworthy format. A provider of trusted certificates will only provide one when you follow their rules. There is a protocol that you can use to check in real time whether a certificate should be trusted or not. You must have a copy of the currently untrusted certificates locally, to reduce network traffic. Rather than a complete copy of the key, you may refer to its hash instead. There are ways to prevent a breach today from exposing secrets based on keys in the past. What do you need?
    1. TLS
    2. CPS
    3. OCSP
    4. CRL
    5. thumbprint
    6. PFS
  2. Abe, a security architect, needs to configure Perfect Forward Secrecy for remote access for employees working from home. What can he use? Select two.
    1. DH
    2. DHE
    3. ECDHE
    4. One-time pads
    5. AES-GCM-256
  3. Charlotte is in charge of VPN access to the data analysis facility. She has read that it is helpful to pad a secret with a short text value before encrypting it. What concept is she considering?
    1. Salt
    2. Nonce
    3. Hash
    4. PBKDF2
  4. International, national, and state/provincial regulations require the protection of personal privacy. This makes confidentiality important, but it is not the only security goal. You need to protect both endpoint authentication and data confidentiality in all data streams. Which ciphers should you choose? Select two.
    1. AES-CBC
    2. AES-CCMP
    3. AES-CFB
    4. AES-GCM
  5. Which of these are advantages of WPA/2 Enterprise over WPA/2 PSK? Select two.
    1. PKI
    2. Stronger cipher suite
    3. Higher performance
    4. Integrated Active Directory
    5. RADIUS
  6. Tasha, a network engineer, is designing a wireless solution for her large corporation. She needs to specify the current best encryption, supporting 802.1x with either LEAP or EAP-TLS. What should she use? Select three.
    1. CCMP
    2. AES-GCM-256
    3. WPA/2 PSK
    4. WPA/2 Enterprise
    5. RADIUS
    6. Active Directory
  7. Blake has been asked to configure the web server to provide Perfect Forward Secrecy. This will provide which security feature:
    1. Data sent from the server to the client will always be protected
    2. Data sent from the client to the server will always be protected
    3. A breach today does not expose keys from the past
    4. A breach today does not expose keys in the future
  8. Alice wants to send an encrypted message to Bob. What does she need?
    1. Alice's public key
    2. Alice's private key
    3. Bob's public key
    4. Bob's private key
  9. Alice has obtained a copy of Bob's certificate. Which of these does it contain?
    1. Bob's private key
    2. Bob's public key
    3. The CA's private key
    4. The CA's public key
  10. Alice has obtained a copy of what claims to be Bob's certificate. Which of these does she need to verify that it really belongs to Bob?
    1. Bob's private key
    2. Bob's public key
    3. The CA's private key
    4. The CA's public key
  11. Bob has just received an digitally signed, encrypted message from Alice. What does he need? Select three.
    1. Alice's certificate
    2. Bob's certificate
    3. The CA's certificate
    4. Bob's public key
    5. Bob's private key
  12. Isaac is a cybersecurity architect for a financial services company. He has been tasked with securing key escrow. The escrow storage is extremely sensitive. What should he use to implement trustworthy key escrow?
    1. Asymmetric encryption
    2. M-of-N control
    3. Certificate chaining
    4. Off-site storage
  13. Alice must send a message which only Bob can read. What does Alice need?
    1. Alice's private key
    2. Alice's public key
    3. Bob's private key
    4. Bob's public key
  14. Ellen is a webmaster for a major high technology company. She will use virtual hosting to provide six web sites with unique domain names on a single server:
        weyland-yutani.com
    www.weyland-yutani.com
        weyland-yutani.net
    www.weyland-yutani.net
        weyland-yutani.org
    www.weyland-yutani.org
    That is, the same corporation name in three top-level domains, both with and without leading "www.". What would be the most economic way to obtain certificates?
    1. Self-signed certificates
    2. Wildcard certificates
    3. Server Alternative Names
    4. Six individual certificates
  15. Which of the following is not needed to enable any user to encrypt a message which only the intended recipient can read?
    1. PKI
    2. Public keys
    3. Private keys
    4. Hashing
  16. Lee is a security analyst at a software development company. Their data is worth far more than the hardware on which it is stored, and confidentiality is protected with strong encryption. However, management is also concerned about availability. Lee has been tasked with providing availability of cleartext versions of encrypted software, even if an employee loses or destroys their decryption key. What should be set up?
    1. Escrow
    2. Secret sharing
    3. Certificate chaining
    4. Key pinning
    5. Key stapling
  17. Charlize, a data archivist for a government agency, needs to protect the confidentiality of a large data set. A government regulation requires the use of the Advanced Encryption Standard for this category of data. But in which mode should she employ that cipher?
    1. CBC
    2. CCMP
    3. ECB
    4. GCM
  18. Gary works for a bank, and is designing a wireless solution for customers to use during their visits to bank branches. Which two technologies should he deploy? Select two.
    1. WPA/2 Enterprise
    2. Captive portal
    3. Open system authentication
    4. Enable an Internet-facing SSID

To the answers

To the Cybersecurity Page