SNSA MOD21 -23 EXAM RATED A. 1. Which type of attack does the use of HMACs protect against? Correct Answer -
man-in-the-middle 2. Which objective of secure communications is achieved by encrypting data? Correct Answer -confidentiality 3. Which two statements correctly describe certificate classes used in the PKI? (Choose two.) Correct Answer -A class 4 certificate is for online business transactions between companies. A class 0 certificate is for testing purposes. 4. A customer purchases an item from an e -commerce site. The e -commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required? Correct Answer -nonrepudiation of the transaction 5. What is the purpose of a digital certificate? Correct Answer -It authenticates a website and establishes a secure connection to exchange confidential data. 6. In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself? Correct Answer -from the root CA or another subordinate CA at a higher level 7. What is the purpose for using digital signatures for code signing? Correct Answer -to verify the integrity of executable files downloaded from a vendor website 8. What technology has a function of using trusted third -party protocols to issue credentials that are accepted as an authoritative identity? Correct Answer -PKI certificates 9. In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences? Correct Answer -risk retention 10. Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.) Correct Answer -Exploitability Impact metrics 12. A cybersecurity analyst is performing a CVSS assessment on an attack where a web link was sent to several employees. Once clicked, an internal attack was launched. Which CVSS Base Metric Group Exploitability metric is used to document that the user had to click on the link in order for the attack to occur? Correct Answer -user interaction
man-in-the-middle 2. Which objective of secure communications is achieved by encrypting data? Correct Answer -confidentiality 3. Which two statements correctly describe certificate classes used in the PKI? (Choose two.) Correct Answer -A class 4 certificate is for online business transactions between companies. A class 0 certificate is for testing purposes. 4. A customer purchases an item from an e -commerce site. The e -commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required? Correct Answer -nonrepudiation of the transaction 5. What is the purpose of a digital certificate? Correct Answer -It authenticates a website and establishes a secure connection to exchange confidential data. 6. In a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself? Correct Answer -from the root CA or another subordinate CA at a higher level 7. What is the purpose for using digital signatures for code signing? Correct Answer -to verify the integrity of executable files downloaded from a vendor website 8. What technology has a function of using trusted third -party protocols to issue credentials that are accepted as an authoritative identity? Correct Answer -PKI certificates 9. In addressing a risk that has low potential impact and relatively high cost of mitigation or reduction, which strategy will accept the risk and its consequences? Correct Answer -risk retention 10. Which two classes of metrics are included in the CVSS Base Metric Group? (Choose two.) Correct Answer -Exploitability Impact metrics 12. A cybersecurity analyst is performing a CVSS assessment on an attack where a web link was sent to several employees. Once clicked, an internal attack was launched. Which CVSS Base Metric Group Exploitability metric is used to document that the user had to click on the link in order for the attack to occur? Correct Answer -user interaction
