CMIT 382 FINAL EXAM LATEST 2025 REAL EXAM 2 LATEST VERSIONS QUESTIONS AND
CORRECT ANSWERS|A+GRADE
what connection type is very similar to bluetooth but used by more specialized devices, such as sensors
and fitness trackers -(answer)ANT (Adaptive Network Technology)
What would you recommend to a team member who is interested in additional sources of information
to assist with refining their own understanding of the current attack surface of the organization? -
(answer)Output from the latest configuration review, vulnerability scanning, and penetration tests
A user complains that after entering a URL into a browser, what appeared to be the correct page is
displayed in the browser. However, after clicking a few links on the page, it became obvious that the site
the user arrived at was not the correct site, but instead a malicious copy of the site the user intended to
visit. Which of the following attacks did the user most likely fall prey to? -(answer)typosquatting
An enterprise cloud administrator needs to create a trust boundary between two compute instances in
the same default security group and on the same IPv4 subnet within an AWS virtual private cloud (VPC).
What would be an effective solution to the administrator's needs? -(answer)Place the instances in
separate subnets and use a network firewall between the subnets.
You've taken up a contract helping to upgrade the existing industrial control network for an oil refinery.
What network type should you expect to work with? -(answer)DCS
Which of the following is a risk to cloud services that is not a risk to on-premises services? -(answer)Your
data may be threatened by attacks launched on the data of others.
Which of the following factors has no effect on chain of custody, with regard to digital evidence that is
presented to the court? -(answer)Documentation of the presiding judge and opposing counsel
On a subnet with limited physical security, you're worried about ARP poisoning and DHCP spoofing
attacks. What switch feature could help prevent both? -(answer)802.1AE/MACsec
,CMIT 382 FINAL EXAM LATEST 2025 REAL EXAM 2 LATEST VERSIONS QUESTIONS AND
CORRECT ANSWERS|A+GRADE
Your company is developing a custom web app for the sales team. It should be able to access a list of
Salesforce contacts, but for security reasons, the app shouldn't be able to access the actual Salesforce
account. What standard would allow this? -(answer)OAuth
Uses an authenticator to block communications between unauthorized users or workstations and the
local network
Requires the use of EAP and an authentication server -(answer)802.1X
Centrally secures access to server resources deployed within or across a non-secure network -
(answer)Kerberos
Restricts access to a LAN via a WAN link -(answer)Point to Point Protocol (PPP) with Challenge
Handshake Authentication Protocol (CHAP)
a framework for enterprise risk management -(answer)31000
focuses on personal data and privacy -(answer)27701
defines the various security controls in greater detail -(answer)27002
details the steps to implement a compliant ISMS -(answer)27001
what area of compliance requirements is part of all of the following regulations
HIPAA
PCI DSS
SOX
, CMIT 382 FINAL EXAM LATEST 2025 REAL EXAM 2 LATEST VERSIONS QUESTIONS AND
CORRECT ANSWERS|A+GRADE
GLBA
FISMA -(answer)log retention
describes attacks as the pivoting interactions among adversaries, victims, capabilities, and infrastructure
-(answer)The Diamond Model of Intrusion Analysis
a knowledge base of adversary techniques presented as a matrix for enterprise -(answer)mitre att&ck
a linear seven step attack model that defenders use to interrupt the steps and stop the attack -
(answer)cyber kill chain
After a security incident, you rush to take a screenshot of a telltale running process before you leisurely
take a backup of suspicious files on the hard drive. What forensic principle are you exercising? -
(answer)Order of Volatility
Which of the following are forms of cybersecurity resilience that help to ensure fault tolerance or
recoverability of services in the case of an outage? -(answer)A diesel generator
NIC teaming
Geographically dispersed data centers
Which organization offers freely accessible top-ten lists and cheat sheets in the field of secure
development of web applications? -(answer)OWASP
What is the difference between a bluejacking and a bluesnarfing attack? -(answer)Bluesnarfing involves
data compromise.
CORRECT ANSWERS|A+GRADE
what connection type is very similar to bluetooth but used by more specialized devices, such as sensors
and fitness trackers -(answer)ANT (Adaptive Network Technology)
What would you recommend to a team member who is interested in additional sources of information
to assist with refining their own understanding of the current attack surface of the organization? -
(answer)Output from the latest configuration review, vulnerability scanning, and penetration tests
A user complains that after entering a URL into a browser, what appeared to be the correct page is
displayed in the browser. However, after clicking a few links on the page, it became obvious that the site
the user arrived at was not the correct site, but instead a malicious copy of the site the user intended to
visit. Which of the following attacks did the user most likely fall prey to? -(answer)typosquatting
An enterprise cloud administrator needs to create a trust boundary between two compute instances in
the same default security group and on the same IPv4 subnet within an AWS virtual private cloud (VPC).
What would be an effective solution to the administrator's needs? -(answer)Place the instances in
separate subnets and use a network firewall between the subnets.
You've taken up a contract helping to upgrade the existing industrial control network for an oil refinery.
What network type should you expect to work with? -(answer)DCS
Which of the following is a risk to cloud services that is not a risk to on-premises services? -(answer)Your
data may be threatened by attacks launched on the data of others.
Which of the following factors has no effect on chain of custody, with regard to digital evidence that is
presented to the court? -(answer)Documentation of the presiding judge and opposing counsel
On a subnet with limited physical security, you're worried about ARP poisoning and DHCP spoofing
attacks. What switch feature could help prevent both? -(answer)802.1AE/MACsec
,CMIT 382 FINAL EXAM LATEST 2025 REAL EXAM 2 LATEST VERSIONS QUESTIONS AND
CORRECT ANSWERS|A+GRADE
Your company is developing a custom web app for the sales team. It should be able to access a list of
Salesforce contacts, but for security reasons, the app shouldn't be able to access the actual Salesforce
account. What standard would allow this? -(answer)OAuth
Uses an authenticator to block communications between unauthorized users or workstations and the
local network
Requires the use of EAP and an authentication server -(answer)802.1X
Centrally secures access to server resources deployed within or across a non-secure network -
(answer)Kerberos
Restricts access to a LAN via a WAN link -(answer)Point to Point Protocol (PPP) with Challenge
Handshake Authentication Protocol (CHAP)
a framework for enterprise risk management -(answer)31000
focuses on personal data and privacy -(answer)27701
defines the various security controls in greater detail -(answer)27002
details the steps to implement a compliant ISMS -(answer)27001
what area of compliance requirements is part of all of the following regulations
HIPAA
PCI DSS
SOX
, CMIT 382 FINAL EXAM LATEST 2025 REAL EXAM 2 LATEST VERSIONS QUESTIONS AND
CORRECT ANSWERS|A+GRADE
GLBA
FISMA -(answer)log retention
describes attacks as the pivoting interactions among adversaries, victims, capabilities, and infrastructure
-(answer)The Diamond Model of Intrusion Analysis
a knowledge base of adversary techniques presented as a matrix for enterprise -(answer)mitre att&ck
a linear seven step attack model that defenders use to interrupt the steps and stop the attack -
(answer)cyber kill chain
After a security incident, you rush to take a screenshot of a telltale running process before you leisurely
take a backup of suspicious files on the hard drive. What forensic principle are you exercising? -
(answer)Order of Volatility
Which of the following are forms of cybersecurity resilience that help to ensure fault tolerance or
recoverability of services in the case of an outage? -(answer)A diesel generator
NIC teaming
Geographically dispersed data centers
Which organization offers freely accessible top-ten lists and cheat sheets in the field of secure
development of web applications? -(answer)OWASP
What is the difference between a bluejacking and a bluesnarfing attack? -(answer)Bluesnarfing involves
data compromise.
