ISC2 MC Q & A
Don's company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use? A. IaaS B. PaaS C. CaaS D. SaaS
A. IaaS #In this scenario, the vendor is providing object-based storage, a core infrastructure service. Therefore, this is an example of infrastructure as a service (IaaS).
In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity? A. Public cloud B. Private cloud C. Community cloud D. Shared cloud
A. Public cloud #In the public cloud computing model, the vendor builds a single platform that is shared among many different customers. This is also known as the shared tenancy model.
Gary is analyzing a security incident and, during his investigation, encounters a user who denies having performed an action that Gary believes he did perform. What type of threat has taken place under the STRIDE model? A. Repudiation B. Information disclosure C. Tampering D. Elevation of privilege
A. Repudiation #Repudiation threats allow an attacker to deny having performed an action or activity without the other party being able to prove differently.
Which of the following is used only to encrypt data in transit over a network and cannot be used to encrypt data at rest? A. TKIP B. AES C. 3DES D. RSA
A. TKIP #TKIP is used only as a means to encrypt transmissions and is not used for data at rest. RSA, AES, and 3DES are all used on data at rest as well as data in transit.
Jim is designing his organization's log management systems and knows that he needs to carefully plan to handle the organization's log data. Which of the following is not a factor that Jim should be concerned with? A. The volume of log data B. A lack of sufficient log sources C. Data storage security requirements D. Network bandwidth
B. A lack of sufficient log sources #Not having enough log sources is not a key consideration in log management system design, although it may be a worry for security managers who can't capture the data they need. Log management system designs must take into account the volume of log data and the network bandwidth it consumes, the security of the data, and the amount of effort required to analyze the data.
Carla has worked for her company for 15 years and has held a variety of different positions. Each time she changed positions, she gained new privileges associated with that position, but no privileges were ever taken away. What concept describes the sets of privileges she has accumulated? A. Entitlement B. Aggregation C. Transitivity D. Isolation
B. Aggregation #Carla's account has experienced aggregation, where privileges accumulated over time. This condition is also known as privilege creep and likely constitutes a violation of the least privilege principle.
Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing? A. Need to know B. Least privilege C. Two-person control D. Transitive trust
B. Least privilege #The principle of least privilege says that an individual should only have the privileges necessary to complete their job functions. Removing administrative privileges from nonadministrative users is an example of least privilege.
Juan is retrofitting an existing door to his facility to include a lock with automation capabilities. Which one of the following types of lock is easiest to install as a retrofit to the existing door? A. Mantrap B. Electric lock C. Magnetic lock D. Turnstile
C. Magnetic lock #A magnetic lock may usually be retrofitted to an existing door with a minimum of effort. Installing an electric lock usually requires replacing the entire door. Mantraps and turnstiles will require significant renovation projects.
What does a blue-snarfing attack target? A. Data on IBM systems B. An outbound phone call via Bluetooth C. 802.11b networks D. Data from a Bluetooth-enabled device
D. Data from a Bluetooth-enabled device #Bluesnarfing targets the data or information on Bluetooth-enabled devices. Bluejacking occurs when attackers send unsolicited messages via Bluetooth.
When handling cross-jurisdictional issues, disputes are resolved based upon the law of the cloud service provider's home country. TRUE FALSE
FALSE
Once an organization complies with GAPP, best practice says they should collect as much information as possible to provide good service, provided that they remain GAPP compliant. FALSE TRUE
FALSE #Minimum or only the amount of information (that is required)
Vendors extend your organization's technology environment. If they handle data on your behalf, you should expect they execute the same degree of care that you would in your own operations. FALSE TRUE
TRUE
What DLP technique tags sensitive content and then watches for those tags in data leaving the organization? a) pattern recognition b) watermarking c) host-based DLP d) intrusion detection
b) watermarking
What technology can you use as a compensating control when it's not possible to patch an embedded system? a) SIEM b) wrappers c) log analysis d) IDS
b) wrappers
What character is essential in your input for a SQL injection attack? a) * b) ! c) '
c) '
What is the minimum number of disk required to perform RAID level 5? a) 2 b) 1 c) 3 d) 4
c) 3
What technology is commonly used for Big Data datasets? a) MySQL b) SQL Server c) NoSQL d) PostgreSQL
c) NoSQL
What type of disaster recovery site is able to be activated most quickly in the event of a disruption? a) warm site b) lukewarm site c) cold site d) hot site
d) hot site
What security principle does a firewall implement with traffic when it does not have a rule that explicitly defines an action for that communication? a) least privilege b) separation of duties c) informed consent d) implicit deny
d) implicit deny
What is not an effective defense against XSRF attacks? a) preventing the use of HTTP GET requests b) user education c) automatic logouts d) network segmentation
d) network segmentation
What is the most important control to apply to smart devices? a) intrusion detection b) application firewalls c) wrappers d) network segmentation
d) network segmentation
What type of attack seeks to write data in areas of memory reserved for other purposes? a) SQL injection b) buffer overflow c) XSS d) XSRF
b) buffer overflow
What type of physical security control should always be disclosed to visitors when used? a) fences b) cameras c) intrusion alarms d) security guards
b) cameras
1. What security tool can be configured to prevent DDoS attacks? a) switch b) firewall c) endpoint detection and response platform d) intrusion detection system
b) firewall
What is not a characteristic of cloud computing? a) ubiquitous b) fixed c) convenient d) on-demand
b) fixed
Which one of the following is not a characteristic of cloud computing? a) ubiquitous b) fixed c) on-demand d) convenient
b) fixed
The core issues surrounding BYOD relate to _____. a) administration b) ownership c) process d) standards
b) ownership
Which one of the following individuals would not normally be found on the incident response team? a) information security professional b) CEO c) human resources staff d) legal counsel
b) CEO
What privacy law covers the financial services sector? a) FERPA b) GLBA c) HIPAA d) HITECH
b) GLBA
Which cloud deployment model exclusively uses dedicated cloud resources for a customer? a) community cloud b) private cloud c) hybrid cloud d) public cloud
b) private cloud
What network device can connect together multiple networks? a) switch b) router c) AP d) wireless controller
b) router
Mary is helping a computer user who sees the following message appear on his computer screen. What type of attack has occurred? A. Availability B. Confidentiality C. Disclosure D. Distributed
A. Availability #The message displayed is an example of ransomware, which encrypts the contents of a user's computer to prevent legitimate use. This is an example of an availability attack.
Cameron is configuring his organization's Internet router and would like to enable anti-spoofing technology. Which one of the following source IP addresses on an inbound packet should trigger anti-spoofing controls? A. 192.168.163.109 B. 13.5.102.5 C. 124.70.14.100 D. 222.222.222.222
A. 192.168.163.109 #The 192.168.0.0/16 address range, which includes 192.168.163.109 is one of the address ranges reserved for use as private IP addresses. These addresses should not appear on packets inbound to a network from the Internet. The other addresses mentioned here are all normal public IP addresses.
What are called user interfaces that limit the functions that can be selected by a user? A. Constrained user interfaces B. Limited user interfaces C. Mini user interfaces D. Unlimited user interfaces
A. Constrained user interfaces #Constrained user interfaces limit the functions that can be selected by a user.Another method for controlling access is by restricting users to specific functions based on their role in the system. This is typically implemented by limiting available menus, data views, encryption, or by physically constraining the user interfaces.
Lauren's organization has deployed VoIP phones on the same switches that the desktop PCs are on. What security issue could this create, and what solution would help? A. VLAN hopping; use physically separate switches. B. VLAN hopping; use encryption. C. Caller ID spoofing; MAC filtering D. Denial-of-service attacks; use a firewall between networks.
A. VLAN hopping; use physically separate switches. #VLAN hopping between the voice and computer VLANs can be accomplished when devices share the same switch infrastructure. Using physically separate switches can prevent this attack. Encryption won't help with VLAN hopping because it relies on header data that the switch needs to read (and this is unencrypted), while Caller ID spoofing is an inherent problem with VoIP systems. A denial of service is always a possibility, but it isn't specifically a VoIP issue and a firewall may not stop the problem if it's on a port that must be allowed through.
Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data? A. 0 B. 1 C. 2 D. 3
B. 1 #RAID level 5 is also known as disk striping with parity. It uses three or more disks, with one disk containing parity information used to restore data to another disk in the event of failure. When used with three disks, RAID 5 is able to withstand the loss of a single disk.
What speed is Category 3 UTP cable rated for? A. 5 Mbps B. 10 Mbps C. 100 Mbps D. 1000 Mbps
B. 10 Mbps #Category 3 UTP cable is primarily used for phone cables and was also used for early Ethernet networks where it provided 10 Mbps of throughput. Cat 5 cable provides 100 Mbps (and 1000 Mbps if it is Cat 5e). Cat 6 cable can also provide 1000 Mbps.
What is the minimum number of cryptographic keys necessary to achieve strong security when using the 3DES algorithm? A. 1 B. 2 C. 3 D. 4
B. 2 #Triple DES functions by using either two or three encryption keys. When used with only one key, 3DES produces weakly encrypted ciphertext that is the insecure equivalent of DES.
Which NIST special publication covers the assessment of security and privacy controls? A. 800-12 B. 800-53A C. 800-34 D. 800-86
B. 800-53A #NIST SP 800-53A is titled "Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans" and covers methods for assessing and measuring controls. NIST 800-12 is an introduction to computer security, 800-34 covers contingency planning, and 800-86 is the "Guide to Integrating Forensic Techniques into Incident Response."
What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database? A. Database Management system B. Database views C. Database security D. Database shadowing
B. Database views
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative
B. Detective/technical
Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered? A. Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets. B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer. C. Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID. D. Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.
B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer. #Disabling SSID broadcast can help prevent unauthorized personnel from attempting to connect to the network. Since the SSID is still active, it can be discovered by using a wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are used to broadcast the SSID, and it is possible to have multiple networks with the same SSID.
Alex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university's help desk. He is now a manager for the team that runs the university's web applications. Using the provisioning diagram shown here, answer the following question. If Alex hires a new employee and the employee's account is provisioned after HR manually inputs information into the provisioning system based on data Alex provides via a series of forms, what type of provisioning has occurred? A. Discretionary account provisioning B. Workflow-based account provisioning C. Automated account provisioning D. Self-service account provisioning
B. Workflow-based account provisioning #Provisioning that occurs through an established workflow, such as through an HR process, is workflow-based account provisioning. If Alex had set up accounts for his new hire on the systems he manages, he would have been using discretionary account provisioning. If the provisioning system allowed the new hire to sign up for an account on their own, they would have used self-service account provisioning, and if there was a central, software-driven process, rather than HR forms, it would have been automated account provisioning.
Alex wants to use an automated tool to fill web application forms to test for format string vulnerabilities. What type of tool should he use? A. A black box B. A brute-force tool C. A fuzzer D. A static analysis tool
C. A fuzzer #Fuzzers are tools that are designed to provide invalid or unexpected input to applications, testing for vulnerabilities like format string vulnerabilities, buffer overflow issues, and other problems. A static analysis relies on examining code without running the application or code and thus would not fill forms as part of a web application. Brute-force tools attempt to bypass security by trying every possible combination for passwords or other values. A black box is a type of penetration test where the testers do not know anything about the environment.
Which of the following types of controls does not describe a mantrap? A. Deterrent B. Preventive C. Compensating D. Physical
C. Compensating #A mantrap, which is composed of a pair of doors with an access mechanism that allows only one door to open at a time, is an example of a preventive access control because it can stop unwanted access by keeping intruders from accessing a facility because of an opened door or following legitimate staff in. It can serve as a deterrent by discouraging intruders who would be trapped in it without proper access, and of course, doors with locks are an example of a physical control. A compensating control attempts to make up for problems with an existing control or to add additional controls to improve a primary control.
What scenario describes data at rest? A. Data in an IPSec tunnel B. Data in an e-commerce transaction C. Data stored on a hard drive D. Data stored in RAM
C. Data stored on a hard drive #Data at rest is inactive data that is physically stored. #Data in an IPsec tunnel or part of an e-commerce transaction is data in motion. Data in RAM is ephemeral and is not inactive (also called data in use)
Lucca wants to prevent workstations on his network from attacking each other. If Lucca's corporate network looks like the network shown here, what technology should he select to prevent laptop A from being able to attack workstation B? A. IPS B. IDS C. HIPS D. HIDS
C. HIPS #When endpoints are connected without a network control point between them, a host-based solution is required. In this case, Lucca's specific requirement is to prevent attacks, rather than simply detect them, meaning that a HIPS is required to meet his needs. Many modern products combine HIPS capabilities with other features such as data loss prevention and system compliance profiling, so Lucca may end up with additional useful capabilities if he selects a product with those features.
What major issue would Charles face if he relied on hashing malware packages to identify malware packages? A. Hashing can be spoofed. B. Collisions can result in false positives. C. Hashing cannot identify unknown malware. D. Hashing relies on unencrypted malware samples.
C. Hashing cannot identify unknown malware. #Relying on hashing means that Charles will only be able to identify the specific versions of malware packages that have already been identified. This is a consistent problem with signature-based detections and malware. Packages commonly implement polymorphic capabilities, meaning that two instances of the same package will not have identical hashes because of changes meant to avoid signature-based detection systems.
When Alex changes roles, what should occur? A. He should be deprovisioned, and a new account should be created. B. He should have his new rights added to his existing account. C. He should be provisioned for only the rights that match his role. D. He should have his rights set to match those of the person he is replacing.
C. He should be provisioned for only the rights that match his role. #When a user's role changes, they should be provisioned based on their role and other access entitlements. Deprovisioning and reprovisioning is time-consuming and can lead to problems with changed IDs and how existing credentials work. Simply adding new rights leads to privilege creep, and matching another user's rights can lead to excessive privileges because of privilege creep for that other user.
Jennifer is an Active Directory domain administrator for her company and knows that a quickly spreading botnet relies on a series of domain names for command and control and that preventing access to those domain names will cause the malware infection that connects to the botnet to fail to take further action. Which of the following actions is her best option if she wants to prevent off-site Windows users from connecting to botnet command-and-control systems? A. Force a BGP update. B. Set up a DNS sinkhole. C. Modify the hosts file. D. Install an anti-malware application.
C. Modify the hosts file. #Jennifer can push an updated hosts file to her domain-connected systems that will direct traffic intended for known bad domains to the localhost or a safe system. She might want to work with a security analyst or other IT staff member to capture queries sent to that system to track any potentially infected workstations. A DNS sinkhole would work only if all the systems were using local DNS, and off-site users are likely to have DNS settings set by the local networks they connect to. Anti-malware applications may not have an update yet or may fail to detect the malware, and forcing a BGP update for third-party networks is likely a bad idea!
Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control ? A. Discretionary Access Control (DAC) B. Mandatory Access control (MAC) C. Non-Discretionary Access Control (NDAC) D. Lattice-based Access control
C. Non-Discretionary Access Control (NDAC) #Rule-based access control is a type of non-discretionary access control because this access is determined by rules and the subject does not decide what those rules will be, the rules are uniformly applied to ALL of the users or subjects.In general, all access control policies other than DAC are grouped in the category of non- discretionary access control (NDAC).
What term is used to describe loading apps onto a device without going through the official app store? a) transforming b) sideloading c) rooting d) jailbreaking
b) sideloading
Fred needs to transfer files between two servers on an untrusted network. Since he knows the network isn't trusted, he needs to select an encrypted protocol that can ensure that his data remains secure. What protocol should he choose? A. SSH B. TCP C. SFTP D. IPsec
C. SFTP #The Secure File Transfer Protocol (SFTP) is specifically designed for encrypted file transfer. SSH is used for secure command-line access, whereas TCP is one of the bundles of Internet protocols commonly used to transmit data across a network. IPsec could be used to create a tunnel to transfer the data but is not specifically designed for file transfer.
Bruce is seeing quite a bit of suspicious activity on his network. It appears that an outside entity is attempting to connect to all of his systems using a TCP connection on port 22. What type of scanning is the outsider likely engaging in? A. FTP scanning B. Telnet scanning C. SSH scanning D. HTTP scanning
C. SSH scanning #SSH uses 22
Connor's company recently experienced a denial-of-service attack that Connor believes came from an inside source. If true, what type of event has the company experienced? A. Espionage B. Confidentiality breach C. Sabotage D. Integrity breach
C. Sabotage #An attack committed against an organization by an insider, such as an employee, is known as sabotage. Espionage and confidentiality breaches involve the theft of sensitive information, which is not alleged to have occurred in this case. Integrity breaches involve the unauthorized modification of information, which is not described in this scenario.
Purchasing server instances and configuring them to run your own software is an example of which cloud service? a) SaaS b) IaaS c) SecaaS d) PaaS
b) IaaS In IaaS deployments, customers purchase and configure cloud server instances.
What penetration testing technique can best help assess training and awareness issues? A. Port scanning B. Discovery C. Social engineering D. Vulnerability scanning
C. Social engineering #Social engineering is the best answer, as it can be useful to penetration testers who are asked to assess whether staff members are applying security training and have absorbed the awareness messages the organization uses. Port scanning and vulnerability scanning find technical issues that may be related to awareness or training issues but that are less likely to be directly related. Discovery can involve port scanning or other data-gathering efforts but is also less likely to be directly related to training and awareness.
SYN floods rely on implementations of what protocol to cause denial-of-service conditions? A. IGMP B. UDP C. TCP D. ICMP
C. TCP #SYN floods rely on the TCP implementation on machines and network devices to cause denial-of-service conditions.
Which one of the following is not a requirement for evidence to be admissible in court? A. The evidence must be relevant. B. The evidence must be material. C. The evidence must be tangible. D. The evidence must be competent.
C. The evidence must be tangible. #Evidence provided in court must be relevant to determining a fact in question, material to the case at hand, and competently obtained. Evidence does not need to be tangible. Witness testimony is an example of intangible evidence that may be offered in court.
Joe works at a major pharmaceutical research and development company and has been tasked with writing his organization's data retention policy. As part of its legal requirements, the organization must comply with the U.S. Food and Drug Administration's Code of Federal Regulations Title 21. To do so, it is required to retain records with electronic signatures. Why would a signature be part of a retention requirement? A. It ensures that someone has reviewed the data. B. It provides confidentiality. C. It ensures that the data has not been changed. D. It validates who approved the data.
D. It validates who approved the data. #Electronic signatures, as used in this rule, prove that the signature was provided by the intended signer. Electronic signatures as part of the FDA code are intended to ensure that electronic records are "trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper." Signatures cannot provide confidentiality or integrity and don't ensure that someone has reviewed the data.
Tom is planning to terminate an employee this afternoon for fraud and expects that the meeting will be somewhat hostile. He is coordinating the meeting with human resources and wants to protect the company against damage. Which one of the following steps is most important to coordinate in time with the termination meeting? A. Informing other employees of the termination B. Retrieving the employee's photo ID C. Calculating the final paycheck D. Revoking electronic access rights
D. Revoking electronic access rights #Electronic access to company resources must be carefully coordinated. An employee who retains access after being terminated may use that access to take retaliatory action. On the other hand, if access is terminated too early, the employee may figure out that he or she is about to be terminated.
What type of network is most often used to connect peripherals to computers and mobile devices? a) WiFi b) Bluetooth c) WAN d) LAN
b) Bluetooth
Which one of the following is not a possible hash length from the SHA-2 function? a) 128 bits b) 256 bits c) 512 bits d) 224 bits
a) 128 bits
During what phase of the access control process does a user prove his or her identity? a) Authentication b) Authorization c) Identification d) Remediation
a) Authentication
Which one of the following is not one of the GAPP principles? a) Integrity b) Collection c) Notice d) Management
a) Integrity
What type of document is used to agree upon vendor obligations? a) SLA Service level agreements document vendor obligations. b) IRP c) BCP d) DRP
a) SLA Service level agreements document vendor obligations.
What type of security training is specifically designed to educate employees about attack techniques? a) capture the flag b) awareness efforts c) gamification d) phishing simulation
a) capture the flag
Which security control is built into Microsoft Windows? a) host firewall b) host IDS c) host IPS d) MDM
a) host firewall
What does not need to exist in a containerized computing environment? a) hypervisor b) applications c) host operating system d) containerization platform
a) hypervisor #Hypervisors are not required in containerization environments.
What security principle most directly applies to limiting information access? a) need to know b) separation of duties c) least privilege d) two person control
a) need to know
What letter is used to describe the file permissions given to all users on a Linux system? a) o b) r c) u d) g
a) o
If Alice wants to send a message to Bob using symmetric cryptography, what key does she use to encrypt the message? a) shared secret key b) Alice's public key c) Alice's private key d) Bob's public key
a) shared secret key
Which one of the following devices carries VLANs on a network? a) switch b) router c) firewall d) hub
a) switch
Linda's organization recently experienced a social engineering attack. The attacker called a help desk employee and persuaded her that she was a project manager on a tight deadline and locked out of her account. The help desk technician provided the attacker with access to the account. What social engineering principle was used? a) urgency b) social proof c) scarcity d) authority
a) urgency
What is the minimum acceptable temperature for a data center? a) 80.6 degrees Fahrenheit b) 64.4 degrees Fahrenheit c) 72.4 degrees Fahrenheit d) 68.0 degrees Fahrenheit
b) 64.4 degrees Fahrenheit
What is the name of the application control technology built into Microsoft Windows? a) AppControl b) AppLocker c) BitLocker d) BitControl
b) AppLocker
When properly installed, which type of the card/badge reader is tamper resistent? a) Card swipe device b) Optical reader c) Proximity reader d) Card insertion device
c) Proximity reader
What hardware technology may be embedded in a laptop computer to protect encrypted hard drives from removal? a) SSL b) TLS c) TPM d) USB
c) TPM
Which option is a file integrity monitoring tool? a) Splunk b) Snort c) Tripwire d) SCCM
c) Tripwire
What is the most effective defense against cross-site scripting attacks? a) query parameterization b) vulnerability scanning c) input validation d) antivirus software
c) input validation
Which cloud deployment model exclusively uses dedicated cloud resources for a customer? a) public cloud b) hybrid cloud c) private cloud d) community cloud
c) private cloud #Private cloud deployments use dedicated resources for each customer.
Which option is a provider activity in the cloud reference architecture? a) performing service trials b) providing billing reports c) providing audit data d) administering security
c) providing audit data
Which one of the following is NOT one of the major principles of COBIT? a) governance distinct from management b) tailored to enterprise needs c) securing the enterprise end-to-end d) provide stakeholder value
c) securing the enterprise end-to-end
Data classifications should be assigned based upon: a) criticality b) sensitivity c) sensitivity and criticality d) sensitivity, criticality, and age
c) sensitivity and criticality
What command is used to apply operating system updates on some Linux distributions? a) ps b) update c) upgrade d) systeminfo
c) upgrade
Ricky would like to separate his network into three distinct security zones. Which one of the following devices is best suited to that task? a) IPS b) Router c) Switch d) Firewall
d) Firewall
Purchasing server instances and configuring them to run your own software is an example of what cloud deployment model? a) SecaaS b) PaaS c) SaaS d) IaaS
d) IaaS
What type of agreement is used to define availability requirements for an IT service that an organization is purchasing from a vendor? a) ISA b) MOU c) BPA d) SLA
d) SLA
Which public cloud computing tier places the most security responsibility on the vendor? a) PaaS b) IDaaS c) IaaS d) SaaS
d) SaaS
Which one of the following is not a commonly-used business classification level? a) Internal b) Highly Sensitive c) Sensitive d) Top Secret
d) Top Secret
What type of hypervisor runs directly on top of bare hardware? a) Type 2 b) Type 3 c) Type 4 d) Type 1
d) Type 1
Which monitoring technique focuses on the behavior of end users? a) IPS b) account monitoring c) SSL stripping d) UEBA
d) UEBA
What type of object does a hacker typically access in order to engage in a session hijacking attack? a) hard disk b) one-time password generator c) network cable d) cookie
d) cookie
Which one of the following data sanitization strategies is most secure? a) clearing b) purging c) erasing d) destruction
d) destruction
Alan is analyzing his web server logs and sees several strange entries that contain strings similar to ../../" in URL requests. What type of attack was attempted against his server? a) buffer overflow b) cross-site scripting c) SQL injection d) directory traversal
d) directory traversal
Nmap is an example of a _____ tool. a) port scanning b) web application vulnerability scanning c) protocol analyzing d) network vulnerability scanning
a) Port scanning
What technology could Lauren's employer implement to help prevent confidential data from being emailed out of the organization? A. DLP B. IDS C. A firewall D. UDP
A. DLP #A data loss prevention (DLP) system or software is designed to identify labeled data or data that fits specific patterns and descriptions to help prevent it from leaving the organization. #An IDS is designed to identify intrusions. Although some IDS systems can detect specific types of sensitive data using pattern matching, they have no ability to stop traffic. #A firewall uses rules to control traffic routing, while UDP is a network protocol.
What term best describes making a snapshot of a system or application at a point in time for later comparison? a) baselining b) documenting c) diagramming d) versioning
a) baselining
Which one of the following does not describe a standard physical security requirement for wiring closets? A. Place only in areas monitored by security guards. B. Do not store flammable items in the closet. C. Use sensors on doors to log entries. D. Perform regular inspections of the closet.
A. Place only in areas monitored by security guards. #While it would be ideal to have wiring closets in a location where they are monitored by security staff, this is not feasible in most environments. Wiring closets must be distributed geographically in multiple locations across each building used by an organization.
The leadership at Susan's company has asked her to implement an access control system that can support rule declarations like "Only allow access to salespeople from managed devices on the wireless network between 8 a.m. and 6 p.m." What type of access control system would be Susan's best choice? A. ABAC B. Rule-based access control (RBAC) C. DAC D. MAC
A. ABAC #An attribute-based access control (ABAC) system will allow Susan to specify details about subjects, objects, and access, allowing granular control. Although a rule-based access control system (RBAC) might allow this, the attribute-based access control system can be more specific and thus is more flexible. Discretionary access control (DAC) would allow object owners to make decisions, and mandatory access controls (MACs) would use classifications; neither of these capabilities was described in the requirements.
Which of the following is not one of the four canons of the (ISC)2 code of ethics? A. Avoid conflicts of interest that may jeopardize impartiality. B. Protect society, the common good, necessary public trust and confidence, and the infrastructure. C. Act honorably, honestly, justly, responsibly, and legally. D. Provide diligent and competent service to principals.
A. Avoid conflicts of interest that may jeopardize impartiality. #The four canons of the (ISC)2 code of ethics are to 1) protect society, the common good, necessary public trust and confidence, and the infrastructure; 2) act honorably, honestly, justly, responsibly, and legally; 3) provide diligent and competent service to principals; and 4) advance and protect the profession.
What two factors are used to evaluate a risk? a) likelihood and impact b) criticality and likelihood c) impact and criticality d) frequency and likelihood
a) likelihood and impact
Ann is a security professional for a midsize business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Ann received this alert and began looking into the origin of the traffic. Ann continues her investigation and realizes that the traffic generating the alert is abnormally high volumes of inbound UDP traffic on port 53. What service typically uses this port? A. DNS B. SSH/SCP C. SSL/TLS D. HTTP
A. DNS #DNS traffic commonly uses port 53 for both TCP and UDP communications. SSH and SCP use TCP port 22. SSL and TLS do not have ports assigned to them but are commonly used for HTTPS traffic on port 443. Unencrypted web traffic over HTTP often uses port 80.
Juniper Content is a web content development company with 40 employees located in two offices: one in New York and a smaller office in the San Francisco Bay Area. Each office has a local area network protected by a perimeter firewall. The local area network (LAN) contains modern switch equipment connected to both wired and wireless networks. Each office has its own file server, and the information technology (IT) team runs software every hour to synchronize files between the two servers, distributing content between the offices. These servers are primarily used to store images and other files related to web content developed by the company. The team also uses a SaaS-based email and document collaboration solution for much of their work. You are the newly appointed IT manager for Juniper Content, and you are working to augment existing security controls to improve the organization's security. Finally, there are historical records stored on the server that are extremely important to the business and should never be modified. You would like to add an integrity control that allows you to verify on a periodic basis that the files were not modified. What control can you add? A. Hashing B. ACLs C. Read-only attributes D. Firewalls
A. Hashing #Hashing allows you to computationally verify that a file has not been modified between hash evaluations. ACLs and read-only attributes are useful controls that may help you prevent unauthorized modification, but they cannot verify that files were not modified. Firewalls are network security controls and do not verify file integrity.
What type of inbound packet is characteristic of a ping flood attack? A. ICMP echo request B. ICMP echo reply C. ICMP destination unreachable D. ICMP route changed
A. ICMP echo request #The ping flood attack sends echo requests at a targeted system. These pings use inbound ICMP echo request packets, causing the system to respond with an outbound ICMP echo reply.
Chris is building an Ethernet network and knows that he needs to span a distance of more than 150 meters with his 1000BaseT network. What network technology should he use to help with this? A. Install a repeater or a concentrator before 100 meters. B. Use Category 7 cable, which has better shielding for higher speeds. C. Install a gateway to handle the distance. D. Use STP cable to handle the longer distance at high speeds.
A. Install a repeater or a concentrator before 100 meters. #A repeater or concentrator will amplify the signal, ensuring that the 100-meter distance limitation of 1000BaseT is not an issue. #A gateway would be useful if network protocols were changing, while Cat7 cable is appropriate for a 10Gbps network at much shorter distances. STP cable is limited to 155 Mbps and 100 meters, which would leave Chris with network problems.
Which one of the following components should be included in an organization's emergency response guidelines? A. List of individuals who should be notified of an emergency incident B. Long-term business continuity protocols C. Activation procedures for the organization's cold sites D. Contact information for ordering equipment
A. List of individuals who should be notified of an emergency incident #The emergency response guidelines should include the immediate steps an organization should follow in response to an emergency situation. These include immediate response procedures, a list of individuals who should be notified of the emergency and secondary response procedures for first responders. They do not include long-term actions such as activating business continuity protocols, ordering equipment, or activating DR sites.
Gary is concerned about applying consistent security settings to the many mobile devices used throughout his organization. What technology would best assist with this challenge? A. MDM B. IPS C. IDS D. SIEM
A. MDM #Mobile device management (MDM) products provide a consistent, centralized interface for applying security configuration settings to mobile devices.
Which one of the following components should be included in an organization's emergency response guidelines? A. Secondary response procedures for first responders B. Long-term business continuity protocols C. Activation procedures for the organization's cold sites D. Contact information for ordering equipment
A. Secondary response procedures for first responders #The emergency response guidelines should include the immediate steps an organization should follow in response to an emergency situation. These include immediate response procedures, a list of individuals who should be notified of the emergency, and secondary response procedures for first responders. They do not include long-term actions such as activating business continuity protocols, ordering equipment, or activating disaster recovery sites.
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? A. Preventive/Technical Pairing B. Preventive/Administrative Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing
B. Preventive/Administrative Pairing #Soft Control is another way of referring to Administrative control.Technical and Physical controls are NOT soft control, so any choice listing them was not the best answer.
Which one of the following is not a canon of the (ISC)2 code of ethics? A. Protect society, the common good, necessary public trust and confidence, and the infrastructure. B. Promptly report security vulnerabilities to relevant authorities. C. Act honorably, honestly, justly, responsibly, and legally. D. Provide diligent and competent service to principals.
B. Promptly report security vulnerabilities to relevant authorities. #The four canons of the (ISC)2 code of ethics are to protect society, the common good, necessary public trust and confidence and the infrastructure; act honorably, honestly, justly, responsibly and legally; provide diligent and competent service to principals; and advance and protect the profession.
What is the piece of software running on a device that enables it to connect to a NAC-protected network? a) SNMP agent b) authenticator c) supplicant d) authentication server
c) supplicant
Alan is considering the use of new identification cards in his organization that will be used for physical access control. He comes across a sample card and is unsure of the technology. He breaks it open and sees the following internal construction. What type of card is this? A. Smart card B. Proximity card C. Magnetic stripe D. Phase-two card
B. Proximity card #The use of an electromagnetic coil inside the card indicates that this is a proximity card.
What level of RAID is also known as disk mirroring? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10
B. RAID 1 #RAID level 1 is also known as disk mirroring. RAID 0 is called disk striping. RAID 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors.
What type of firewall uses multiple proxy servers that filter traffic based on analysis of the protocols used for each service? A. A static packet filtering firewall B. An application-level gateway firewall C. A circuit-level gateway firewall D. A stateful inspection firewall
B. An application-level gateway firewall #An application-level gateway firewall uses proxies for each service it filters. Each proxy is designed to analyze traffic for its specific traffic type, allowing it to better understand valid traffic and to prevent attacks. Static packet filters and circuit-level gateways simply look at the source, destination, and ports in use, whereas a stateful packet inspection firewall can track the status of communication and allow or deny traffic based on that understanding.
Susan has been asked to recommend whether her organization should use a MAC scheme or a DAC scheme. If flexibility and scalability are important requirements for implementing access controls, which scheme should she recommend and why? A. MAC, because it provides greater scalability and flexibility because you can simply add more labels as needed B. DAC, because allowing individual administrators to make choices about the objects they control provides scalability and flexibility C. MAC, because compartmentalization is well suited to flexibility and adding compartments will allow it to scale well D. DAC, because a central decision process allows quick responses and will provide scalability by reducing the number of decisions required and flexibility by moving those decisions to a central authority
B. DAC, because allowing individual administrators to make choices about the objects they control provides scalability and flexibility #Discretionary access control (DAC) can provide greater scalability by leveraging many administrators, and those administrators can add flexibility by making decisions about access to their objects without fitting into an inflexible mandatory access control (MAC) system. MAC is more secure because of the strong set of controls it provides, but it does not scale as well as DAC and is relatively inflexible in comparison.
What process adds a header and a footer to data received at each layer of the OSI model? A. Attribution B. Encapsulation C. TCP wrapping D. Data hiding
B. Encapsulation #Encapsulation is a process that adds a header and possibly a footer to data received at each layer before handoff to the next layer. TCP wrappers are a host-based network access control system, attribution is determining who or what performed an action or sent data, and data hiding is a term from object-oriented programming that is not relevant here.
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? A. Authentication B. Identification C. Authorization D. Confidentiality
B. Identification
Which one of the following actions might be taken as part of a business continuity plan? A. Restoring from backup tapes B. Implementing RAID C. Relocating to a cold site D. Restarting business operations
B. Implementing RAID #RAID technology provides fault tolerance for hard drive failures and is an example of a business continuity action. Restoring from backup tapes, relocating to a cold site, and restarting business operations are all disaster recovery actions.
How does single sign-on increase security? A. It decreases the number of accounts required for a subject. B. It helps decrease the likelihood that users will write down their passwords. C. It provides logging for each system that it is connected to. D. It provides better encryption for authentication data.
B. It helps decrease the likelihood that users will write down their passwords. #Studies consistently show that users are more likely to write down passwords if they have more accounts. Central control of a single account is also easier to shut off if something does go wrong. Simply decreasing the number of accounts required for a subject doesn't increase security by itself, and SSO does not guarantee individual system logging, although it should provide central logging of SSO activity. Since an SSO system was not specified, there is no way of determining whether a given SSO system provides better or worse encryption for authentication data.
Maddox is conducting an information audit for his organization. Which one of the following elements that he discovered is least likely to be classified as PII when used in isolation? A. Street addresses B. Item codes C. Mobile phone numbers D. Social Security numbers
B. Item codes #Privacy is of the utmost concern when handling personally identifiable information (PII). PII includes any information that may be reasonably tied to a specific person. This would include street addresses, telephone numbers, and national ID numbers (such as Social Security numbers). Item codes, when not tied to a name or other identifier, would not constitute PII.
Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature? A. Matthew's public key B. Matthew's private key C. Richard's public key D. Richard's private key
B. Matthew's private key #An individual creates a digital signature by encrypting the message digest with his or her own private key.
Which one of the following is not a technique used by virus authors to hide the existence of their virus from anti-malware software? A. Stealth B. Multi-partitism C. Polymorphism D. Encryption
B. Multi-partitism #Multipartite viruses use multiple propagation mechanisms to defeat system security controls but do not necessarily include techniques designed to hide the malware from antivirus software. Stealth viruses tamper with the operating system to hide their existence. Polymorphic viruses alter their code on each system they infect to defeat signature detection. Encrypted viruses use a similar technique, employing encryption to alter their appearance and avoid signature detection mechanisms.
The company that Fred works for is reviewing the security of its company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. What are the most likely circumstances that would cause a remote wipe of a mobile phone to fail? A. The phone has a passcode on it. B. The phone cannot contact a network. C. The provider has not unlocked the phone. D. The phone is in use.
B. The phone cannot contact a network. #Remote wipe tools are a useful solution, but they work only if the phone can access either a cellular or Wi-Fi network. Remote wipe solutions are designed to wipe data from the phone regardless of whether it is in use or has a passcode. Providers unlock phones for use on other cellular networks rather than for wiping or other feature support.
While investigating a malware infection, Lauren discovers that the hosts file for the system she is reviewing contains multiple entries as shown here: 0.0.0.0 symantec.com 0.0.0.0 mcafee.com 0.0.0.0 microsoft.com 0.0.0.0 kapersky.com Why would the malware make this change? A. To redirect 0.0.0.0 to known sites B. To prevent antivirus updates C. To prevent other attackers from compromising the system D. To enable remote access to the system
B. To prevent antivirus updates #Changing the hosts file has been used by various malware packages to prevent updates by stopping DNS resolution of the antivirus update server. Lauren should check to see whether the antivirus software on the system is up-to-date, but she will probably need to recommend a rebuild or reinstallation of the system.
Angela wants to test a web browser's handling of unexpected data using an automated tool. What tool should she choose? A. Nmap B. zzuf C. Nessus D. Nikto
B. zzuf #zzuf is the only fuzzer on the list, and zzuf is specifically designed to work with tools like web browsers, image viewers, and similar software by modifying network and file input to application. Nmap is a port scanner, Nessus is a vulnerability scanner, and Nikto is a web server scanner.
The following diagram shows a typical workstation and server and their connections to each other and the Internet. Which letters on this diagram are locations where you might find data at rest? A. A, B, and C B. C and E C. A and E D. B, D, and F
C. A and E #A and E can both be expected to have data at rest. C, the Internet, is an unknown, and the data can't be guaranteed to be at rest. B, D, and F are all data in transit across network links.
What type of Windows audit record describes events like an OS shutdown or a service being stopped? A. An application log B. A security log C. A system log D. A setup log
C. A system log #Windows system logs include reboots, shutdowns, and service state changes. Application logs record events generated by programs, security logs track events like logins and uses of rights, and setup logs track application setup.
What encryption algorithm would provide strong protection for data stored on a USB thumb drive? A. TLS B. SHA1 C. AES D. DES
C. AES #AES is a strong symmetric cipher that is appropriate for use with data at rest. SHA1 is a cryptographic hash, while TLS is appropriate for data in motion. DES is an outdated and insecure symmetric encryption method.
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative
C. Detective/physical
Which one of the following goals of physical security environments occurs first in the functional order of controls? A. Delay B. Detection C. Deterrence D. Denial
C. Deterrence #Deterrence is the first functional goal of physical security mechanisms. If a physical security control presents a formidable challenge to a potential attacker, they may not attempt the attack in the first place.
Alan is responding to a security incident and receives a hard drive image from a cooperating organization that contains evidence. What additional information should he request to verify the integrity of the evidence? A. Private key B. Public key C. Hash D. Drive capacity
C. Hash #Alan should request that the organization provide him with a securely generated hash value that was created when the evidence was originally collected. Alan can then compare the hash value of the current drive contents with that value to verify that the evidence was not altered.
Greg is redesigning his organization's incident response process, seeking to improve its efficiency and effectiveness. Which one of the following actions is not likely to improve his incident response plan? A. Create a mentoring program for technical staff B. Provide team members with opportunities to work on other tasks C. Keep all members of the team on permanent assignment to the team D. Conduct training exercises for the team
C. Keep all members of the team on permanent assignment to the team #The National Institute for Standards and Technologies (NIST) recommends that organizations implement a mentoring program for incident response team members and provide team members with the opportunity to work on other tasks. They also recommend periodic exercises to evaluate the team's effectiveness. Rather than assigning all members of the team on a permanent basis, NIST recommends rotating members on and off the team periodically.
What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values? A. Mandatory model B. Discretionary model C. Lattice model D. Rule model
C. Lattice model #In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values.
Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy? A. Mandatory Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Rule-based Access control
C. Non-Discretionary Access Control #Non Discretionary Access Control include Role Based Access Control(RBAC) and Rule Based Access Control (RBAC or RuBAC). RABC being a subset of NDAC, it was easy to eliminate RBAC as it was covered under NDAC already. #Discretionary Access control (DAC) is for environment with very low level of security. There is no control on the dissemination of the information. A user who has access to a file can copy the file or further share it with other users.
Jeff discovers a series of JPEG photos on a drive that he is analyzing for evidentiary purposes. He uses exiftool to collect metadata from those files. Which information is not likely to be included in that metadata? A. GPS location B. Camera type C. Number of copies made D. Timestamp
C. Number of copies made #Photo metadata commonly includes the GPS location, the type of camera used to capture the photo, and the timestamp when the photo was taken. It does not include the number of times that the file was copied.
IP addresses like 10.10.10.10 and 172.19.24.21 are both examples of what type of IP address? A. Public IP addresses B. Prohibited IP addresses C. Private IP addresses D. Class B IP ranges
C. Private IP addresses #These are examples of private IP addresses. RFC1918 defines a set of private IP addresses for use in internal networks. These private addresses including 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 196.168.255.255 should never be routable on the public Internet.
Which one of the following disaster recovery tests involves the actual activation of the DR site? a) parallel test b) simulation c) read-through d) walk-through
a) parallel test #Parallel test uses the actual DR sites. #Read-through, walk-through and simulations are just theoretical form of DR. #Read-through is just discussion among experts regarding the plan of DR. Walk-through uses tabletop exercises involving all the DR team members and simulations performs those exercises.
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. When the certificate authority created Renee's digital certificate, what key did it use to digitally sign the completed certificate? A. Renee's public key B. Renee's private key C. CA's public key D. CA's private key
D. CA's private key #The last step of the certificate creation process is the digital signature. During this step, the certificate authority signs the certificate using its own private key.
As part of her malware analysis process, Caitlyn diagrams the high-level functions and processes that the malware uses to accomplish its goals. What is this process known as? A. Static analysis B. Composition C. Dynamic analysis D. Decomposition
D. Decomposition #Caitlyn is preparing a decomposition diagram that maps the high-level functions to lower-level components. This will allow her to better understand how the malware package works and may help her identify areas she should focus on.
Which one of the following backup types does not alter the status of the archive bit on a file? A. Full backup B. Incremental backup C. Partial backup D. Differential backup
D. Differential backup #Differential backups do not alter the archive bit on a file, whereas incremental and full backups reset the archive bit to 0 after the backup completes. Partial backups are not a backup type.
In virtualization platforms, what name is given to the module that is responsible for controlling access to physical resources by virtual resources? A. Guest machine B. SDN C. Kernel D. Hypervisor
D. Hypervisor #The hypervisor runs within the virtualization platform and serves as the moderator between virtual resources and physical resources.
Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts? A. Read only B. Editor C. Administrator D. No access
D. No access #The principle of least privilege should guide Joe in this case. He should apply no access permissions by default and then give each user the necessary permissions to perform their job responsibilities. Read-only, editor, and administrator permissions may be necessary for one or more of these users, but those permissions should be assigned based upon business need and not by default.
During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering? A. Web servers B. File servers C. Wireless access points D. Printers
D. Printers #Network-enabled printers often provide services via TCP 515 and 9100 and have both nonsecure and secure web-enabled management interfaces on TCP 80 and 443. Web servers, access points, and file servers would not typically provide service on the LPR and LPD ports (515 and 9100).
Microsoft's STRIDE threat assessment framework uses six categories for threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. If a penetration tester is able to modify audit logs, what STRIDE categories best describe this issue? A. Tampering and information disclosure B. Elevation of privilege and tampering C. Repudiation and denial of service D. Repudiation and tampering
D. Repudiation and tampering #Modification of audit logs will prevent repudiation because the data cannot be trusted, and thus actions cannot be provably denied. The modification of the logs is also a direct example of tampering. It might initially be tempting to answer elevation of privileges and tampering, as the attacker made changes to files that should be protected, but this is an unknown without more information. Similarly, the attacker may have accessed the files, resulting in information disclosure in addition to tampering, but again, this is not specified in the question. Finally, this did not cause a denial of service, and thus that answer can be ignored.
Martin is inspecting a system where the user reported unusual activity, including disk activity when the system is idle, and abnormal CPU and network usage. He suspects that the machine is infected by a virus but scans come up clean. What malware technique might be in use here that would explain the clean scan results? A. File infector virus B. MBR virus C. Service injection virus D. Stealth virus
D. Stealth virus #One possibility for the clean scan results is that the virus is using stealth techniques, such as intercepting read requests from the antivirus software and returning a correct-looking version of the infected file. The system may also be the victim of a zero-day attack, using a virus that is not yet included in the signature definition files provided by the antivirus vendor.
You are normally required to report security incidents to law enforcement if you believe a law may have been violated. True False
False
What type of malware prevention is most effective against known viruses? a) behavior analysis b) signature detection c) anomaly detection d) heuristic detection
b) signature detection NOTE: anomaly, behavior, and heuristic detection are all the same thing. Effective against unknown viruses, thus great for defense against zero-day attack.
What type of security policy normally describes how users may access business information with their own devices? a) BYOD policy b) change management policy c) password policy d) acceptable use policy
a) BYOD policy
Which one of the following ports is not normally used by email systems? a) 25 b) 139 c) 110 d) 143
b) 139
What TCP flag indicates that a packet is requesting a new connection? a) PSH b) SYN c) RST d) URG
b) SYN
What goal of security is enhanced by a strong business continuity program? a) non-repudiation b) availability c) confidentiality d) integrity
b) availability
Which element of the security policy framework includes suggestions that are not mandatory? a) procedures b) guidelines c) standards d) policies
b) guidelines
What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails? a) clustering b) high availability c) load balancing d) component redundancy
b) high availability
What set of principles uses the built environment to improve security? a) CSA b) NSA c) CPTED d) NIST
c) CPTED #Crime Prevention Through Environmental Design.
Ben is an information security professional at an organization that is replacing its physical servers with virtual machines. As the organization builds its virtual environment, it is decreasing the number of physical servers it uses while purchasing more powerful servers to act as the virtualization platforms. The IDS Ben is responsible for is used to monitor communications in the data center using a mirrored port on the data center switch. What traffic will Ben see once the majority of servers in the data center have been virtualized? a) The same traffic he currently sees b) All inter-VM traffic c) Only traffic sent outside the VM environment d) All inter-hypervisor traffic
c) Only traffic sent outside the VM environment #One of the visibility risks of virtualization is that communication between servers and systems using virtual interfaces can occur "inside" the virtual environment. This means that visibility into traffic in the virtualization environment has to be purpose-built as part of its design. Option D is correct but incomplete because inter-hypervisor traffic isn't the only traffic the IDS will see.
Brad is configuring a new wireless network for his small business. What wireless security standard should he use? a) WPA b) WEP2 c) WPA2 d) WEP
c) WPA2
What term describes risks that originate inside the organization? a) external b) intranet c) internal d) extranet
c) internal
What network port is used for SSL/TLS VPN connections? a) 88 b) 80 c) 1521 d) 443
d) 443
What technology provides the translation that assigns public IP addresses to privately addressed systems that wish to communicate on the Internet? a) TLS b) HTTP c) SSL d) NAT
d) NAT
What type of lock always requires entering a code to enter the facility? a) magnetic stripe card lock b) proximity card lock c) biometric lock d) cipher lock
d) cipher lock
During an incident response, what is the highest priority of first responders? a) identifying the root cause b) collecting evidence c) restoring operations d) containing the damage
d) containing the damage
What security control provides non-repudiation for messages? a) digital certificates b) hash values c) symmetric encryption d) digital signatures
d) digital signatures
Rachel recently investigated a security alert from her intrusion detection system and, after exhaustive research, determined that the alert was not the result of an intrusion. What type of error occurred? a) true positive b) false negative c) true negative d) false positive
d) false positive
Nessus is an example of a _____ tool. a) port scanning b) web application vulnerability scanning c) protocol analyzing d) network vulnerability scanning
d) network vulnerability scanning
