Day 2 Quiz - Cryptographic Solutions & Identity Management Quiz

1.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Objective 1.4/Day 2 -
Which of the following cryptographic solutions is best suited for securing communication between two parties over an untrusted network?

Full-disk encryption

Asymmetric encryption

Secure Enclave

Key escrow

Answer explanation

Asymmetric encryption uses a pair of keys (a public key and a private key) to encrypt and decrypt data. It is well-suited for securing communications over an untrusted network, as it allows secure key exchange and the establishment of encrypted communication channels.

Tags

Objective 1.4

2.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Objective 1.4/Day 2 -
Which cryptographic tool would you use to securely store and manage encryption keys for a large enterprise environment?

Trusted Platform Module (TPM)

Hardware Security Module (HSM)

Steganography

Public key

Answer explanation

Hardware Security Module (HSM) is a physical device that provides secure key management and cryptographic operations. It is designed to securely generate, store, and manage encryption keys, making it ideal for enterprise environments.

Tags

Objective 1.4

3.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Objective 1.4/Day 2 -
Which of the following cryptographic concepts adds unique data to a password before hashing it to prevent rainbow table attacks?

Blockchain

Digital Signatures

Salting

Key Stretching

Answer explanation

Salting is the process of adding unique, random data (known as a salt) to a password before it is hashed. This technique ensures that even if two users have the same password, their hashes will be different, thus preventing rainbow table attacks. Key Stretching strengthens weak passwords by applying multiple iterations of hashing but does not add unique data to the password.

Tags

Objective 1.4

4.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Objective 1.4/Day 2 -
Which certificate component is used to provide real-time status information on the validity of a digital certificate?

Certificate Revocation List (CRL)

Online Certificate Status Protocol (OCSP)

Certificate Signing Request (CSR)

Wildcard Certificate

Answer explanation

Online Certificate Status Protocol (OCSP) is a protocol used to check the real-time status of a digital certificate. It allows clients to query a CA for the validity of a certificate without having to download and parse a full CRL.

Tags

Objective 1.4

5.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Objective 4.5/Day 2 -
Your organization has noticed an increase in unauthorized access attempts to sensitive subnets within the internal network. As a security administrator, you need to enhance the network's security posture by modifying firewall settings. Which of the following actions would be the most appropriate to improve security?

Implement DNS filtering to block access to malicious domains.

Configure firewall rules to block all inbound traffic on non-essential ports.

Deploy agent-based web filters on all user devices.

Enable IDS/IPS to monitor trends in network traffic and update signatures regularly.

Answer explanation

Firewall rules are critical for controlling access to the network. By blocking inbound traffic on non-essential ports, you can reduce the attack surface and prevent unauthorized access to sensitive subnets.

Tags

Objective 4.5

6.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Objective 4.5/Day 2 -
Your organization is experiencing frequent phishing attacks, and employees are accessing websites with poor reputations. As a security administrator, you need to implement a solution that can block access to these websites and protect the organization. Which of the following solutions would be most effective in this scenario?

Configure Group Policy to enforce strict password policies.

Deploy a centralized proxy server to perform URL scanning and content categorization.

Implement SELinux to enforce security policies at the operating system level.

Modify the firewall to block all outbound traffic.

Answer explanation

Centralized proxy servers are effective for controlling and monitoring web traffic. By performing URL scanning and content categorization, you can block access to websites with poor reputations and prevent phishing attacks.

Tags

Objective 4.5

7.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Objective 4.5/Day 2 -
Your organization has recently implemented a new email security protocol, but employees are still receiving phishing emails that appear to be from trusted internal sources. To mitigate this risk, you need to ensure that only authorized mail servers are allowed to send emails on behalf of your domain. Which of the following actions should you take?

Implement Domain-based Message Authentication Reporting and Conformance (DMARC).

Configure DomainKeys Identified Mail (DKIM) to add a digital signature to outgoing emails.

Set up Sender Policy Framework (SPF) to define authorized mail servers.

Deploy a secure email gateway to filter incoming and outgoing emails.

Answer explanation

SPF is specifically designed to identify which mail servers are permitted to send emails on behalf of your domain, helping to prevent spoofing and phishing attempts.

Tags

Objective 4.5

8.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Objective 4.5/Day 2 -
A recent data breach within your organization was traced back to a compromised endpoint. The breach involved sensitive files being altered and exfiltrated. As part of your response, you need to implement security measures that will help detect and prevent similar incidents in the future. Which of the following solutions would be most effective?

Deploy Endpoint Detection and Response (EDR) tools to monitor endpoint activities in real-time.

Implement DomainKeys Identified Mail (DKIM) to prevent unauthorized email alterations.

Set up File Integrity Monitoring (FIM) to track unauthorized changes to files.

Configure Data Loss Prevention (DLP) policies to prevent sensitive data exfiltration.

Answer explanation

EDR tools are essential for monitoring endpoint activities, detecting suspicious behaviors, and providing real-time responses to threats, making them highly effective in preventing breaches from compromised endpoints.

Tags

Objective 4.5

9.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Objective 4.6/Day 2 -
A new employee has joined your organization, and you are responsible for setting up their access to various systems and applications. You must ensure that the employee has the necessary access rights based on their role but also prevent them from accessing any resources they don't need. Which of the following actions should you take first to achieve this?

Implement Single Sign-On (SSO) using Security Assertions Markup Language (SAML).

Assign permissions based on the least privilege principle.

Use Lightweight Directory Access Protocol (LDAP) for directory integration.

Perform identity proofing to verify the employee's identity.

Answer explanation

Assigning permissions based on the least privilege principle ensures that the employee only has access to the resources necessary for their role, reducing the risk of unauthorized access to sensitive information.

Tags

Objective 4.6

10.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Objective 4.6/Day 2 -
Your organization has partnered with another company, and employees from both organizations need to access each other’s resources. You want to enable seamless access for these employees without requiring them to manage multiple sets of credentials. Which of the following solutions would best address this requirement?

Implement Single Sign-On (SSO) using OAuth for authorization.

Set up Federation to allow cross-domain access between the two organizations.

Use Identity Proofing to verify the identities of all users.

Assign permissions manually to each user from the partner organization.

Answer explanation

Federation is designed to enable seamless access across different domains or organizations, allowing users to authenticate with their own credentials and access resources in partner organizations without needing multiple sets of credentials. SSO using OAuth simplifies access within a single organization but does not inherently address cross-domain access requirements.

Tags

Objective 4.6

Day 2 Quiz - Cryptographic Solutions & Identity Management

22 questions

Objective 1.4/Day 2 -
Which of the following cryptographic solutions is best suited for securing communication between two parties over an untrusted network?

Asymmetric encryption uses a pair of keys (a public key and a private key) to encrypt and decrypt data. It is well-suited for securing communications over an untrusted network, as it allows secure key exchange and the establishment of encrypted communication channels.

Objective 1.4/Day 2 -
Which cryptographic tool would you use to securely store and manage encryption keys for a large enterprise environment?

Hardware Security Module (HSM) is a physical device that provides secure key management and cryptographic operations. It is designed to securely generate, store, and manage encryption keys, making it ideal for enterprise environments.

Objective 1.4/Day 2 -
Which of the following cryptographic concepts adds unique data to a password before hashing it to prevent rainbow table attacks?

Objective 1.4/Day 2 -
Which certificate component is used to provide real-time status information on the validity of a digital certificate?

Online Certificate Status Protocol (OCSP) is a protocol used to check the real-time status of a digital certificate. It allows clients to query a CA for the validity of a certificate without having to download and parse a full CRL.

Firewall rules are critical for controlling access to the network. By blocking inbound traffic on non-essential ports, you can reduce the attack surface and prevent unauthorized access to sensitive subnets.

Centralized proxy servers are effective for controlling and monitoring web traffic. By performing URL scanning and content categorization, you can block access to websites with poor reputations and prevent phishing attacks.

SPF is specifically designed to identify which mail servers are permitted to send emails on behalf of your domain, helping to prevent spoofing and phishing attempts.

EDR tools are essential for monitoring endpoint activities, detecting suspicious behaviors, and providing real-time responses to threats, making them highly effective in preventing breaches from compromised endpoints.

Assigning permissions based on the least privilege principle ensures that the employee only has access to the resources necessary for their role, reducing the risk of unauthorized access to sensitive information.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

Day 2 Quiz - Cryptographic Solutions & Identity Management

22 questions

Objective 1.4/Day 2 -Which of the following cryptographic solutions is best suited for securing communication between two parties over an untrusted network?

Asymmetric encryption uses a pair of keys (a public key and a private key) to encrypt and decrypt data. It is well-suited for securing communications over an untrusted network, as it allows secure key exchange and the establishment of encrypted communication channels.

Objective 1.4/Day 2 -Which cryptographic tool would you use to securely store and manage encryption keys for a large enterprise environment?

Hardware Security Module (HSM) is a physical device that provides secure key management and cryptographic operations. It is designed to securely generate, store, and manage encryption keys, making it ideal for enterprise environments.

Objective 1.4/Day 2 -Which of the following cryptographic concepts adds unique data to a password before hashing it to prevent rainbow table attacks?

Objective 1.4/Day 2 -Which certificate component is used to provide real-time status information on the validity of a digital certificate?

Online Certificate Status Protocol (OCSP) is a protocol used to check the real-time status of a digital certificate. It allows clients to query a CA for the validity of a certificate without having to download and parse a full CRL.

Firewall rules are critical for controlling access to the network. By blocking inbound traffic on non-essential ports, you can reduce the attack surface and prevent unauthorized access to sensitive subnets.

Centralized proxy servers are effective for controlling and monitoring web traffic. By performing URL scanning and content categorization, you can block access to websites with poor reputations and prevent phishing attacks.

SPF is specifically designed to identify which mail servers are permitted to send emails on behalf of your domain, helping to prevent spoofing and phishing attempts.

EDR tools are essential for monitoring endpoint activities, detecting suspicious behaviors, and providing real-time responses to threats, making them highly effective in preventing breaches from compromised endpoints.

Assigning permissions based on the least privilege principle ensures that the employee only has access to the resources necessary for their role, reducing the risk of unauthorized access to sensitive information.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

Objective 1.4/Day 2 -
Which of the following cryptographic solutions is best suited for securing communication between two parties over an untrusted network?

Objective 1.4/Day 2 -
Which cryptographic tool would you use to securely store and manage encryption keys for a large enterprise environment?

Objective 1.4/Day 2 -
Which of the following cryptographic concepts adds unique data to a password before hashing it to prevent rainbow table attacks?

Objective 1.4/Day 2 -
Which certificate component is used to provide real-time status information on the validity of a digital certificate?