错题集

Which test provides the most accurate and detailed information about the security state of a server?

Authenticated scans it can read configuration information from the target system and reduce the instances of false positive and false negative reports.

Beth would like to run an nmap scan against all of the systems on her organization's private network. These include systems in the 10.0.0.0 private address space. She would like to scan this entire private address space because she is not certain what subnets are used. What network address should Beth specify as the target of her scan? a) 10.0.0.0/0 b) 10.0.0.0/8 c) 10.0.0.0/16 d) 10.0.0.0/24

B /8代表前八位固定，这样可以保证所有10.开头的网络都被扫描到

What information security management task ensures that the organization's data protection requirements are met effectively?

Back up verification. it ensures backups are running properly and thus meeting the organization's data protection objective.

Badin Industries runs a web application that processes e-commerce orders and handles credit card transactions. As such, it is subject to the Payment Card Industry Data Security Standard (PCI DSS). The company recently performed a web vulnerability scan of the application and it had no unsatisfactory findings. How often must Badin rescan the application? A. Only if the application changes B. At least monthly C. At least annually D. There is no rescanning requirement.

C PCI DSS requires that Badin rescan the application at least annually and after any change in the application.

Using visualization to identify patterns of information within a database is known as: A)Data mining in databases B)Data discovery in databases C)Knowledge discovery in databases D)Data extrapolation in databases

C)Knowledge discovery in databases While data mining is the process of trawling through the data contained within a database, knowledge discovery in databases uses mathematical, statistical and visualization to produce usable information which in turn helps drive business decisions. Answers B and D are not valid terms associated with the use of databases.

Which one of the following is not normally included in a security assessment? A. Vulnerability scan B. Risk assessment C. Mitigation of vulnerabilities D. Threat assessment

C. Mitigation - 缓和 Security assessment include many types of tests designed to identify vulnerabilities, and the assessment report normally includes recommendations for mitigation. The assessment does not, however, include actual mitigation of those vulnerabilites

Adam recently ran a network port scan of a web server running in his organization. He ran the scan from an external network to get an attacker's perspective on the scan. Which one of the following results is the greatest cause for alarm? A. 80/open B. 22/filtered C. 443/open D. 1422/pen

D. Only open ports represent potentially significant security risks. 80,443 are expected to be open on a web server. 1433 is a database port and should never be exposed to an external network.

Which one of the following is the final step of the Fagan inspection process?

Follow-up. A Fagan inspection is a process of trying to find defects in documents Planning→Overview→Preparation→Meeting→Rework（Can jump to Planning）→Follow-up

Who is the intended audience for a security assessment report?

Management. Security assessment reports should be addressed to the organization's management. For this reason, they should be written in plain English and avoid technical jargon(技术用语)

Grace is preforming a penetration test against a client's network and would like to use a tool to assist in automatically executing common exploits. Which security tool will best meet her needs?

Metasploit it is an automated exploit tool that allows attackers to easily execute common attack techniques.

Paul would like to test his application against slightly modified versions of previously used input. What test does Paul intend to perform

Mutation fuzzing fuzzing uses modified inputs to test software performance under unexpected circumstances. Mutation fuzzing modifies known inputs to generate synthetic inputs that may trigger unexpected behavior. Generational fuzzing develops inputs based on models of expected inputs to perform the same task.

What is the difference between source code and object code? Question options: A) Source code consists of human-readable statements. Object code is the binary machine language executed by the CPU (Central Processing Unit). B) Source code expresses a program's required function. Object code is the binary machine language executed by the CPU (Central Processing Unit). C) Object code consists of human-readable statements. Source code is the binary machine language executed by the CPU (Central Processing Unit). D) Source code consists of human-readable statements. Object code expresses a program's required function.

The correct answer is A. Answers B and D are actually introducing the concept of Intermediate code. Sitting, as its name suggests, between source and object code (also known as executable code), it is commonly used to provide machine independence and code portability.

What is the difference between continuous integration and continuous delivery? Question options: A)Continuous integration requires changes to code are frequently updated to a code repository and tested using an automated process. Continuous delivery focuses on moving the changes into production. B)Continuous delivery requires changes to code are frequently updated to a code repository and tested using an automated process. Continuous integration is moving the changes into production. C)Continuous integration is a purely manual process whereby changes to code are fed directly back into existing code without prior testing. Continuous delivery focuses on quickly responding to the customer's needs. D)Continuous delivery is a purely manual process whereby changes to code are fed directly back into existing code without prior testing. Continuous integration focuses on quickly responding to the customer's needs.

The correct answer is A. Continuous integration can reduce the number of bugs in code by detecting problems quickly. This becomes necessary since changes and testing are being performed much more frequently (potentially many times a day), and automated testing is being utilized. This makes early bug detection possible and reduces follow-on testing workload. Continuous delivery can reduce both cost and risk and produce higher quality applications.

What is the difference between DevOps and DevSecOps? Question options: A)As DevOps focuses primarily on rapid delivery of new and updated code into operational use, it relies on other processes to address security considerations. DevSecOps integrates security review and assessment into the total design, development, and deployment workflow. B)DevSecOps integrates security testing and assessment into the operational use of software, while DevOps performs security testing and assessment activities throughout the lifecycle. C)Very little. Originally, DevOps did not explicitly consider security activities in its rapid development and release to operational use of new and modified software. Market pressure, and the creation of the competing DevSecOps model, has caused these two models to become more similar than different. D)DevOps emphasizes the use of IDEs and configuration management tools, while DevSecOps emphasizes the use of continuous integration and continuous deployment processes.

The correct answer is A. Different organizations implement these models differently, but in general terms, DevSecOps focuses management attention on security as being part of every step in the software lifecycle. Answer B has these reversed; answer C is false. Answer D is also false, since CI/CD is a way of automating the services that IDEs and other tools such as configuration management and control systems provide.

What is the difference between centralized and decentralized administration? Question options: A)Centralized is where a single function is responsible for configuring access control. Decentralized is where access control is managed by the owners or creators of resources. B)Decentralized is where a single function is responsible for configuring access control. Centralized is where access control is managed by the owners or creators of resources. C)Centralized is widely implemented whereas decentralized is rarely used. D)Decentralized is widely implemented whereas centralized is rarely used.

The correct answer is A. By having a central point of administration, very strict controls can be configured and administered. With decentralized administration, the control is in the hands of the individuals most accountable for the information and most familiar with it. Answers C and D are incorrect as both can be found in general use with the decision to use whichever approach is dependent on the organization's infrastructure requirements.

At which Identity Assurance Level (IAL) do organizations like Facebook and Gmail function when allowing users to create accounts with their services? Question options: A)IAL1 B)IAL2 C)IAL3 D)IAL1 and 2

The correct answer is A. IAL1 is self-assertion meaning the user is not required to present anything that confirms their claim to an identity. IAL2 is either remote or in person. When obtaining a certificate from a certificate authority (CA), the registration authority (RA) will take steps to verify the user's identity. This might come in the form of a phone call, email or a request for a unique ID such as a copy of a passport. IAL3 requires identities must be verified in-person by a credential service provider. Creating a bank account would be an example of this approach as the bank will require the user to produce a passport or driver's license together with proof of residence.

IDS/IPS systems can detect malicious activities in a number of ways. Which method compares actual activities to a baseline? Question options: A)Deviation B)Signature C)Heuristic D)Temporal

The correct answer is A. The IDS/IPS can learn a standard activity baseline normal to the organization; deviations from this baseline of expected behavior are deemed suspect. Using signature: The IDS/IPS can recognize known attack patterns in traffic and activity. Using heuristic: Machine-learning algorithms in the IDS/IPS can acquire more information about the environment as the tools operate, beyond a simple baseline. This is an advanced form of deviation analysis. Temporal matching is not a feature of IDS/IPS systems.

Which programming language is considered to be the lowest of the low-level languages? Question options: A)Compiled B)Assembly C)Interpreted D)None of the above

The correct answer is B. Assemblers convert one statement into one function and produce binary instructions. Compilers convert one statement into multiple binary instructions. Interpreters convert one statement into multiple operating instructions and produce intermediate code in real-time. Note that assemblers deal with assembly languages, while compilers are used for compiled languages.

Which of the following backup methods requires the greatest number of data versions to conduct a complete restoration? Question options: A)Full B)Incremental C)Differential D)Composite

The correct answer is B. Incremental backups copy all data changed since the last full or incremental backup; this would, on average, require more versions for a complete restoration than full backup (requires one version) and differential which requires the last full and the last differential (so just two). There is no such thing as composite backup.

What error type presents an organization with higher risk impacts? Question options: A)Type 1 B)Type 2 C)Type 3 D)All of them

The correct answer is B. A Type 2 error is a false acceptance that incorrectly identifies someone as being a legitimate user and thus grants them access. A Type 1, or false rejection, denies access to legitimate users. There is no Type 3 error.

In the identity management process flow, an individual can make a request to access resources such as data. Who is responsible for the approval of that request? Question options: A)The data processor B)The data owner C)The data custodian D)Only senior managers

The correct answer is B. Access is always approved by the data owner; this may be a senior manager but that is not always the case. The request is then passed to the data custodian. The data processor is an entity that is working with (processing) data on behalf of the data controller. The data custodian manages the data on a day-to-day basis for the data controller.

One security model includes a set of rules that can dynamically restrict access to information based upon information that a subject has already accessed in order to prevent any potential conflict of interest. What is the name of this model? Question options: A)Biba B)Brewer and Nash C)Graham-Denning D)Harrison, Ruzzo, Ullman (HRU)

The correct answer is B. Answers A, C, and D are models that describe an information system's rules for operation, but those rules are applied universally. The Brewer and Nash model is the only model that explicitly addresses conflicts of interest.

Databases require lock controls to maintain the internal integrity of the data. But there is another set of requirements in a database environment. These requirements are known as the ACID test. Which of these four tests ensure transactions are invisible to other users? Question options: A)Atomicity B)Consistence C)Isolation D)Durability

The correct answer is C. Atomicity requires that all transactions are either completed or are all rolled back. Consistency requires that all transactions meet the internal integrity constraints. Isolation is the correct answer, as its purpose is in fact to keep an in-process transaction separate and prevent it from clashing with other actions. Durability ensures that when a transaction is completed it is permanent and can survive system failures.

Heating, Ventilation and Air Conditions (HVAC) control is an important aspect of facilities management. The American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) Standard 90.4-2019 recommends setting the temperature ranges for maximum uptime and hardware life as between which of the following? Question options: A)50° and 81° F B)64° and 70° F C)64° and 81° F D)50° and 70° F

The correct answer is C. The ANSI/ASHRAE Standard 90.4-2019, Energy Standard for Data Centers defines the maximum mechanical load component (MLC) and electrical loss component (ELC) values. These values were lowered in the second version of the standard. This range has become widely accepted as an industry best practice.

Which of the following is an example of a privilege of escalation attack? Question options: A)Domain B)Root C)Horizontal D)Admin

The correct answer is C. A horizontal privilege of escalation occurs when a malicious actor successfully elevates the credentials of a regular user to that of a higher user such as root or admin. Answers B and D are what the attacker is trying to achieve but there would be little point trying to perform a privilege of escalation attack on these accounts as they are already at the highest level. Answer A is a collection of objects that make up an organization's schema (users, machines, etc.). An attacker might want to gain high-level access within a domain, but that would involve elevating individual accounts.

Internal security controls require the use of devices and technologies that can monitor a building and trigger an alarm. All of the following devices can provide that level of protection, but which one relies on the use of magnets? Question options: A)Acoustic sensors B)Linear beam sensors C)BMS D)Passive IR

The correct answer is C. Balanced magnetic switches (BMS) are small devices, consisting of two parts fixed to windows and doors. While the door or window is closed, a magnet holds the switch but when opened the circuit is broken, thus triggering an alarm. An acoustic sensor is sound activated, and a linear beam sensor sends a focused infrared (IR) light beam from an emitter and bounces off a reflector that is placed at the other side of the detection area. A passive infrared detector picks up heat signatures from intruders by comparing infrared receptors to typical background infrared levels.

NIST Special Publication 800-61, Computer Security Incident Handling Guide, structures incident response activities in a four-phase lifecycle. Which of the following is incorrect? Question options: A)Preparation B)Detection C)Prevention D)Post-incident activities

The correct answer is C. Incident response is just that, "response." The preparation phase will include identifying potential incidents, selection and training of responders, etc., and the deployment of solutions to detect incidents. Steps necessary to contain the incident include the eradication and recovery phases and the de-brief or post-incident activities, which may include the acquisition of new technologies, changes in team members or training, etc. Other solutions will be deployed to prevent incidents from occurring such as access control systems, CCTV, guards (and many, many more).

What is a "between-the-lines" attack? Question options: A)A hidden mechanism used to bypass access control protection B)A condition where the output of an operation is dependent upon the timing of uncontrolled events C)A condition that occurs where temporary storage is subjected to excess data input D)A condition in which telecommunication lines are tapped and false data is inserted into a transmission

The correct answer is D. Answer A is an example of a backdoor attack. Answer B is an example of a race condition failure and answer C is an example of a buffer overflow attack.

Which of the following statements is true about digital evidence? Question options: A)Evidence is useless if the original version has been changed in any way. B)Evidence can expire. C)Electronic evidence is inadmissible. D)Evidence should be believable.

The correct answer is D. Evidence is material used to support a theory and argument concerning the events of an alleged crime. It must be presented in a format that is understandable to the intended audience (perhaps a jury) who must believe in the veracity of said evidence. While crimes might have a lifespan (a statute of limitations), evidence typically does not. Evidence that has been changed may be admissible, if the changes have been documented to a court's satisfaction. Electronic evidence is admissible.

Java, C++, Python and Delphi are a few examples of object-oriented programming (OOP). This programming concept focuses on objects as opposed to actions. Which of the following is used to prevent inferences being drawn in OOP? Question options: A)Inheritance B)Encapsulation C)Polymorphism D)Polyinstantiation

The correct answer is D. 多源化 By creating new versions of an object, containing different values, the different versions of the same information can exist at different classification levels. Inheritance is the concept whereby subclasses of an object can be defined by a parent class by using the fields and properties of the parent. Encapsulation, data hiding, occurs when a class of an object defines only the data it needs. Polymorphism allows an object to take different forms that are based on how the object is being used.

What type of interface testing would identify flows in a program's command-line interface?

User interface testing. It includes assessments of both graphical user interfaces(GUIs) and command-line interfaces(CLIs) for a software program.

Alan ran an nmap scan against a server and determined that port 80 is open on the server. What tool would likely provide him the best additional information about the server's purpose and the identity of the server's operator?

Web browser. 因为80port打开着，所以可以通过登录网页确认各类信息。