Practice Free 100-160 Exam Online Questions
Question #11
Which of the following is true regarding the incident response process?
- A . It is a reactive process that is only initiated after an incident has occurred.
- B . It is a proactive process that focuses on preventing incidents from occurring.
- C . It is an iterative process that involves continuous improvement based on lessons learned.
- D . It is a one-time process that is only performed when an organization first establishes its security program.
Correct Answer: C
C
Explanation:
Option 1: Incorrect. The incident response process can be both proactive and reactive. While it does involve reacting to incidents that have already occurred, it also includes proactive measures to prevent incidents from happening again in the future.
Option 2: Incorrect. While incident response can involve proactive measures to prevent incidents, it is not solely focused on prevention. It also includes reacting to incidents that have already occurred.
Option 3: Correct. The incident response process is an iterative process that involves continuous improvement based on lessons learned. Organizations should regularly review and update their incident response plans to ensure they are effective and up to date.
Option 4: Incorrect. The incident response process is not a one-time process. It should be an ongoing and continuous process to address security incidents as they occur and to improve the incident response
capabilities of the organization.
C
Explanation:
Option 1: Incorrect. The incident response process can be both proactive and reactive. While it does involve reacting to incidents that have already occurred, it also includes proactive measures to prevent incidents from happening again in the future.
Option 2: Incorrect. While incident response can involve proactive measures to prevent incidents, it is not solely focused on prevention. It also includes reacting to incidents that have already occurred.
Option 3: Correct. The incident response process is an iterative process that involves continuous improvement based on lessons learned. Organizations should regularly review and update their incident response plans to ensure they are effective and up to date.
Option 4: Incorrect. The incident response process is not a one-time process. It should be an ongoing and continuous process to address security incidents as they occur and to improve the incident response
capabilities of the organization.
Question #12
Which of the following is a best practice for implementing strong password policies within an organization?
- A . Allowing users to choose their own passwords, regardless of complexity
- B . Requiring users to change their password every 90 days
- C . Storing passwords in clear text in a central database
- D . Allowing users to reuse their previous passwords
Correct Answer: B
B
Explanation:
Option 1: Incorrect. Allowing users to choose their own passwords, regardless of complexity, can lead to weak passwords that are easily guessed or cracked.
Option 2: Correct. Requiring users to change their password every 90 days helps to ensure that passwords are regularly updated and less likely to be compromised.
Option 3: Incorrect. Storing passwords in clear text in a central database is a security risk as it exposes the passwords to potential unauthorized access.
Option 4: Incorrect.
Allowing users to reuse their previous passwords increases the risk of unauthorized access as attackers
may already be aware of the user’s previous passwords.
B
Explanation:
Option 1: Incorrect. Allowing users to choose their own passwords, regardless of complexity, can lead to weak passwords that are easily guessed or cracked.
Option 2: Correct. Requiring users to change their password every 90 days helps to ensure that passwords are regularly updated and less likely to be compromised.
Option 3: Incorrect. Storing passwords in clear text in a central database is a security risk as it exposes the passwords to potential unauthorized access.
Option 4: Incorrect.
Allowing users to reuse their previous passwords increases the risk of unauthorized access as attackers
may already be aware of the user’s previous passwords.
Question #13
Which of the following is NOT a typical phase of the planning process in cybersecurity?
- A . Policy development
- B . Risk assessment
- C . Vulnerability scanning
- D . Incident response planning
Correct Answer: C
C
Explanation:
The planning process in cybersecurity typically includes several phases, such as risk assessment, policy development, and incident response planning. Vulnerability scanning, although an important activity in cybersecurity, is considered a technical control rather than a specific phase of the planning process.
C
Explanation:
The planning process in cybersecurity typically includes several phases, such as risk assessment, policy development, and incident response planning. Vulnerability scanning, although an important activity in cybersecurity, is considered a technical control rather than a specific phase of the planning process.
Question #14
Which cryptographic technique is used to ensure the integrity of data without the ability to reverse the process?
- A . Hashing algorithm
- B . Digital signature
- C . Asymmetric encryption
- D . Symmetric encryption
Correct Answer: A
A
Explanation:
Hashing is a cryptographic technique where an input (data/message) is processed through an algorithm to produce a fixed-size output, known as a hash value. The key characteristic of hashing is that it is a one-way function, meaning that it is computationally infeasible to reverse the process and derive the original input from the hash value. Hashing is commonly used to verify data integrity, as even a small change in the input will result in a significantly different hash value.
A
Explanation:
Hashing is a cryptographic technique where an input (data/message) is processed through an algorithm to produce a fixed-size output, known as a hash value. The key characteristic of hashing is that it is a one-way function, meaning that it is computationally infeasible to reverse the process and derive the original input from the hash value. Hashing is commonly used to verify data integrity, as even a small change in the input will result in a significantly different hash value.
Question #15
Which of the following is NOT a component of an incident response policy?
- A . Escalation procedures
- B . Incident handling procedures
- C . Roles and responsibilities
- D . Backup and recovery processes
Correct Answer: D
D
Explanation:
Backup and recovery processes are typically part of an organization’s data backup and disaster recovery plan, which is separate from the incident response policy. The incident response policy focuses on defining roles, responsibilities, escalation procedures, and incident handling procedures for responding to cybersecurity incidents.
D
Explanation:
Backup and recovery processes are typically part of an organization’s data backup and disaster recovery plan, which is separate from the incident response policy. The incident response policy focuses on defining roles, responsibilities, escalation procedures, and incident handling procedures for responding to cybersecurity incidents.
Question #16
Which logging mechanism is used in Linux and Unix-based systems to store system and application logs?
- A . System and application logs
- B . Syslog
- C . Event Viewer
- D . Audit logs
Correct Answer: B
B
Explanation:
Syslog is a standard logging protocol that is commonly used in Linux and Unix-based systems to store and forward system and application logs. It allows administrators to collect logs from multiple devices and applications and store them in a centralized location for analysis, troubleshooting, and compliance purposes.
B
Explanation:
Syslog is a standard logging protocol that is commonly used in Linux and Unix-based systems to store and forward system and application logs. It allows administrators to collect logs from multiple devices and applications and store them in a centralized location for analysis, troubleshooting, and compliance purposes.
Question #17
Which of the following is an example of a natural disaster?
- A . Malware attack
- B . Data breach
- C . Power outage
- D . Server failure
Correct Answer: C
C
Explanation:
A power outage is considered a natural disaster because it is caused by factors beyond human control, such as severe weather conditions or infrastructure failures. It can disrupt normal operations and impact the availability of systems and resources.
C
Explanation:
A power outage is considered a natural disaster because it is caused by factors beyond human control, such as severe weather conditions or infrastructure failures. It can disrupt normal operations and impact the availability of systems and resources.
Question #18
You work for a hospital that stores electronic protected health information (ePHI) in an online portal.
Authorized employees can use their mobile devices to access patient ePHI.
You need to ensure that employees’ mobile devices comply with HIPAA regulations.
Which safeguard should you develop and implement?
- A . An ownership policy for employees’ mobile devices
- B . A contingency plan
- C . A policy that requires multi-factor authentication to use the mobile device
- D . A policy to govern how ePHI is removed from mobile devices
Correct Answer: D
D
Explanation:
The CCST Cybersecurity Study Guide notes that HIPAA (Health Insurance Portability and Accountability Act) requires that ePHI be protected both in storage and when devices are decommissioned or repurposed. This includes implementing data removal policies for mobile devices.
"HIPAA requires procedures for the removal of electronic protected health information (ePHI) from devices before disposal, reuse, or reassignment."
(CCST Cybersecurity, Essential Security Principles, Regulatory Compliance section, Cisco Networking Academy)
D
Explanation:
The CCST Cybersecurity Study Guide notes that HIPAA (Health Insurance Portability and Accountability Act) requires that ePHI be protected both in storage and when devices are decommissioned or repurposed. This includes implementing data removal policies for mobile devices.
"HIPAA requires procedures for the removal of electronic protected health information (ePHI) from devices before disposal, reuse, or reassignment."
(CCST Cybersecurity, Essential Security Principles, Regulatory Compliance section, Cisco Networking Academy)
Question #19
What is the main purpose of risk management in the context of cybersecurity?
- A . To transfer all cybersecurity risks to a third-party vendor.
- B . To identify and prioritize potential cybersecurity risks for effective mitigation.
- C . To ignore potential cybersecurity risks to minimize costs.
- D . To eliminate all possible risks to an organization’s cybersecurity.
Correct Answer: B
B
Explanation:
The main purpose of risk management in the context of cybersecurity is to identify and prioritize potential risks associated with a system, network, or application. By understanding the risks, organizations can develop effective mitigation strategies and allocate resources accordingly. Risk management involves assessing the likelihood and impact of potential risks, determining their significance to the organization, and implementing appropriate controls to mitigate or reduce those risks to an acceptable level.
B
Explanation:
The main purpose of risk management in the context of cybersecurity is to identify and prioritize potential risks associated with a system, network, or application. By understanding the risks, organizations can develop effective mitigation strategies and allocate resources accordingly. Risk management involves assessing the likelihood and impact of potential risks, determining their significance to the organization, and implementing appropriate controls to mitigate or reduce those risks to an acceptable level.
Question #20
What type of encryption is used to secure data that is stored on a hard drive or other storage media?
- A . File-based encryption
- B . Hash encryption
- C . Symmetric encryption
- D . Public Key Infrastructure (PKI)
Correct Answer: C
C
Explanation:
Symmetric encryption is a type of encryption where the same key is used for both the encryption and decryption processes. It is commonly employed to secure data at rest, such as on a hard drive or other storage media. With symmetric encryption, the key must be kept secret to ensure the confidentiality of the encrypted data.
C
Explanation:
Symmetric encryption is a type of encryption where the same key is used for both the encryption and decryption processes. It is commonly employed to secure data at rest, such as on a hard drive or other storage media. With symmetric encryption, the key must be kept secret to ensure the confidentiality of the encrypted data.