CI-119 Final
RSA is an example of which of the following? A. Asymmetric encryption protocol B. Secret key encryption protocol C. Public key encryption protocol D. Shared key encryption protocol
A
Which of the following statements best describes a simulation test of the DRP? A. Members of key departments perform a dry run of the emergency. B. Members of key departments trace their steps through the plan checking for omissions and inaccuracies. C. Members of key departments check off the tasks for which they are responsible. D. Backup processing run simultaneously with the production services. E. Production systems are stopped to evaluate how backup systems perform.
A Explanation: A simulation is a practice session that mimics and actual emergency, and key personnel goes through the steps in the plan to ensure the plan is working.
Which of the following is a symmetric key algorithm? A. DES B. RSSA C. DSA D. All the above
A Explanation: DES is a symmetric key algorithm, and RSSA and DSA are asymmetric key algorithms.
Which of the following fences is used to discourage a casual passerby? A. Fence 3 to 4 feet high B. Fence 6 to 7 feet high C. Fence over 8 feet high D. PIDAS
A Explanation: Fences 3 to 4 feet high are used to discourage the casual passerby; fences 6 to 7 feet high are used to general intruders; and fences over 8 feet and PIDAS are used to keep determined intruders out.
Which of the following security evaluation criteria was developed jointly by NIST and NSA? A. The Federal Criteria for Information Technology Security B. The Trusted Computer System Evaluation Criteria C. The Information Technology Security Evaluation Criteria D. The Common Criteria
A Explanation: The Federal Criteria for Information Technology Security (FC) was developed by NIST and NSA to replace TCSEC and introduced the concept of a protection profile (PP).
Which of the following is not one of the three parts of the CIA triad? A. Availability B. Encryption C. Integrity D. Confidentiality
B Explanation: The CIA triad consists of confidentiality, integrity, and availability. Encryption is used to ensure the confidentiality of information.
Which of the following certifications is not administered by (ISC)2 ? A. CISSP B. CEH C. SSCP D. CSSLP
B Explanation: The certified ethical hacker (CEH) is administered by EC-Council. The other three certifications are offered and administered by (ISC)2.
Which of the following statements best describes a DMZ? A. It allows users to establish a secure connection over a public network. B. It filters incoming and outgoing traffics based on a set of rules. C. It is a specially configured network that sits between the public and the internal network. D. It translates the internal private IP addresses to a public IP address.
C Explanation: A DMZ is a specially configured network that sits between the Internet and the internal network. It typically contains the company web server and firewalls to additionally filter incoming and outgoing traffic.
Which of the following are examples of federated identity providers? A. Facebook B. Google C. LinkedIn D. All the above
D Explanation: Federated identities allow users to log in to their site without creating a unique ID and password but using an existing one instead from sites such as Facebook, Google, and LinkedIn.
Which of the following protocols operates at the network layers of the OSI model? A. UDP B. TCP C. PPP D. IP
D Explanation: IP protocols operates at the network layer. UDP and TCP are transport layer protocols. PPP operates at the data link layer.
The FTP protocol operates at which of the following layers of the OSI model? A. Session B. Presentation C. Network D. Application
D Explanation: The FTP protocol operates at the application layer of the OSI model.
The term standard is often used interchangeably with which of the following terms? A. Regulation B. Procedure C. Baseline D. Guideline
D Explanation: The terms standards and guidelines are often used interchangeably.
Which of the following DRP tests is typically done as the first step toward a more comprehensive testing? A. Simulations B. Walk-throughs C. Full interruption D. Parallel testing E. Checklists
E Explanation: Checklists are considered passive type of test and a first step to comprehensive testing. In this type of testing, key personnel check off the tasks for which they are responsible to ensure the tasks are accurate.
Which of the following statements best describe multitasking? A. Running two or more programs at a time B. Running two or more tasks at a time C. Running two tasks one after another D. Running two programs one after another
B Explanation: Multitasking is a technique where a system runs multiple tasks at the same time.
Which of the following is a block cipher? A. SSL B. PRP C. AES D. RSA
C Explanation: AES is a symmetric block cipher. SSL is an asymmetric algorithm used to secure Internet communications. PGP is open source encryption protocol commonly used to encrypt email messages. RSA is an asymmetric encryption protocol.
Which of the following protocols is used send emails? A. FTP B. TCP C. SMPT D. SNTP
C Explanation: Simple Mail Transfer Protocol (SMTP) is used to send email messages through the Internet.
Which of the following is not needed to create a secure system? A. People B. Processes C. Technology D. All the above are needed to create a secure system
D Explanation: People, processes, and technology are all needed to create a secure system. None of these elements alone can adequately secure a system.
Which of the following statements best describes a VPN? A. It allows users to establish a secure connection over a public network. B. It filters incoming and outgoing traffics based on a set of rules. C. It is a specially configured network that sits between the public and the internal network. D. It translates the internal private IP addresses to a public IP address.
A Explanation: A virtual private network (VPN) is a technology that allows users to establish a private secure connection over a public network.
The goal of which of the following is preventing unauthorized users from modifying data? A. Confidentiality B. Integrity C. Availability D. Auditing
B Explanation: The goal of integrity is to ensure that unauthorized users cannot modify data and that authorized users are not making improper or unauthorized modifications of the data.
Which of the following alternate sites provides all the services needed to continue running the business without interruption? A. Cold site B. Warm site C. Hot site D. Mobile site
C Explanation: A hot site provides a full backup solution to the existing business operation including application and data in a so-called mirror site. The business can continue operation with little or no interruptions.
Using multiple overlapping layers to secure data and resources is known as which of the following? A. Principle of least privilege B. Separation of duties C. Defense in depth D. Security triad
C Explanation: Defense in depth is also known as layered security and involves using overlapping layers of security to protect data and resources.
Which of the following media sanitization methods magnetically erases the data from magnetic drives? A. Formatting B. Destruction C. Degaussing D. Overwriting
C Explanation: Degaussing involves magnetically erasing data from magnetic drives.
Which of the following is an asymmetric key algorithm? A. DES B. AES C. RSA D. 3DES
C Explanation: RSA is an asymmetric encryption algorithm, and DES, 3DES, and AES are symmetric encryption algorithms.
Which of the following statements best describes secondary storage? A. Stores data on a page/swap file on a disk B. The computer main memory that is volatile and directly addressable by the CPU C. Nonvolatile storage format that can store data, applications, and system code D. Computer memory that is accessed sequentially
C Explanation: Secondary storage is nonvolatile storage that can store data and program code. Primary storage is the computer main memory that is volatile. Virtual memory is data stored in a page file on disk. Sequential storage is memory accessed sequentially.
Which of the following protocols is used to establish a remote login connection to another computer? A. ICMP B. ARP C. Telnet D. SMTP
C Explanation: Telnet is used to establish a remote login connection to another computer. It sends the username and password as clear text.
Which of the following topics is covered under the legal regulations, investigations, and compliance CBK domain? A. Developing a disaster recovery plan B. Establishing secure communication channels C. Supporting the protection and security of equipment D. Using digital signatures
C Explanation: The Physical (environmental) security domain covers topics related to physical security controls to protect people, data, and equipment.
Which of the following is an example of a single factor authentication? A. Password and PIN B. Smart card and token C. USB drive and fingerprint recognition D. Fingerprint recognition and password
A Explanation: Multifactor authentication involves using more than one factor (authentication method) for authentication. Passwords and PIN represent a single factor. The other options involve more than one factor.
Passwords are an example of which of the following? A. Something you know authentication B. Something you have authentication C. Something you are authentication D. All the above
A Explanation: Passwords and PINs are examples of something you know authentication.
Which of the following statements about full interruption tests is true? A. It is considered a true/false test. B. It is a passive type of test. C. During the test key personnel performs a dry run of the emergency. D. Backup processing occurs in parallel with production services that never stop.
A Explanation: A full interruption test is known as a true/false test and involves stopping the production systems to see how the backup works in case of a disaster.
Question: A buffer overflow is an example of which of the following? A. Vulnerability B. Exploit C. Threat D. Risk
A Explanation: A vulnerability is a known problem within a system or software. A buffer overflow is an example of a vulnerability.
Site selection and work area restrictions are examples of which type of controls used for physical security? A. Administrative access controls B. Environmental/life safety controls C. Technical controls D. Physical security controls
A Explanation: Examples of administrative controls include site selection, visitor control, and work restrictions.
Which of the following protocols operates at the application layer of the OSI model? A. UDP B. FTP C. PPP D. IP
B Explanation: FTP protocol is an application layer protocol. IP protocol operates at the network layer. UDP is a transport layer protocol. PPP operates at the data link layer.
Which of the following statement about hashing is true? A. It is used to ensure message confidentiality. B. It is a one-way function. C. It is used to encrypt messages. D. It is used to ensure message integrity.
B Explanation: Hashing uses a mathematical algorithm to create a digital fingerprint of the data and is a one way function because the data cannot be re-created by using the hash of the data.
The ping utility uses which of the following protocols? A. ARP B. ICMP C. SMTP D. FTP
B Explanation: ICMP is used to identify network errors and congestions. The ping utility uses the ICMP protocol.
In which of the following do users sign each other's certificates? A. PKI B. PGP C. TSL D. SSL
B Explanation: PGP works based on a web of trust concept in which users sign each other's certificates.
Which of the following is the most commonly used authentication method? A. Usernames B. Passwords C. Smart cards D. Fingerprints
B Explanation: Passwords are the most commonly used authentication method. Usernames are used for identification.
Grudge attacks are most likely to be carried out by which of the following? A. Terrorists B. Social engineers C. Disgruntled employees D. External attackers
C Explanation: Grudge attacks ate typically carried out by disgruntled employees.
In PGP digital certificates are issued by which of the following? A. Registration authority B. Certificate authority C. Other users D. All the above
C Explanation: PGP operates in a web of trusts where users issue each other's certificates.
Which of the following keeps track of the state of the connection? A. Packet filters firewalls B. Routers C. Stateful inspection firewalls D. All the above
C Explanation: Stateful inspection firewalls are more advanced than packet filter and can keep track of the state of the current connection
Which of the following protocols is used to provide communications privacy over the Internet? A. SHA-1 B. MD5 C. TLS D. AES
C Explanation: TLS allows client/server applications to communicate securely over the Internet. MD5 and SHA-1 are hashing protocols, and AES is a symmetric encryption protocol.
Which of the following topics is covered under the operations security CBK domain? A. Applying the SDLC B. Establishing secure communication channels C. Implementing patch and vulnerability management D. Using digital signatures
C Explanation: The Operations security domain covers operational procedures and tools that can be used to eliminate or reduce the capability to exploit critical information. These includes managing incident response and vulnerability management, understanding change and control management, and understanding fault tolerance.
Which of the following layer of the OSI model is responsible for addressing of the packets? A. Presentation B. Session C. Network D. Transport
C Explanation: The network layer is responsible for addressing of the packets.
Usernames are used for which of the following? A. Authorization B. Verification C. Identification D. Authentication
C Explanation: Usernames are used for identification. Passwords are used for authentications.
Backups can be used to protect which of the following? A. Confidentiality B. Integrity C. Availability D. Auditing
C Explanation: The goal of availability is to ensure data is available for authorized use. Backups are an example of availability controls.
Which of the following best describes detective controls? A. Reduce the likelihood of a deliberate attack. B. Protect vulnerabilities. C. Reduce the effect of an attack. D. Discover attack and trigger preventive or corrective controls.
D Explanation: Detective controls discover the attack and trigger preventive or corrective controls. Deterrent controls reduce the likelihood of a deliberate attack. Preventive controls protect vulnerabilities and either make an attack unsuccessful or reduce its effect. Corrective controls reduce the effect of an attack.
Which of the following is an examples of an issue specific policy? A. Email acceptable use B. Wireless security policy C. Laptop security policy D. All the above
D Explanation: Issue-specific policies address specific issues of concern to the organization, such as regulatory issues like HIPAA, SOX, PCI, and others. Examples of issue-specific policies include email and Internet acceptable use, wireless security, and laptop security policies.
Question: Which of the following laws does not involve imprisonment? A. Civil law B. Criminal law C. Regulatory law D. All laws above involve imprisonment
A Explanation: Civil laws are used to compensate individuals that have been harmed through wrongful acts. Civil disputes are resolved with financial compensations and do not involve imprisonment.
Digital signatures and digital certificates are topics covered in which of the following CBK domains? A. Access control B. Cryptography C. Operations security D. Software development security
B Explanation: The cryptography domain covers cryptographic techniques for data encryption, using digital certificates and signatures, and public key infrastructure.
Which of the following best describes a patent? A. A word, name, symbol, or device that the individual intends to use commercially and wants to distinguish from as unique B. A company secret or sensitive information C. Discovery or invention that is protected by law and cannot be used by others D. A copyrighted artwork or music
C Explanation: A patent is a discovery or invention protected by law.
Symmetric key cryptography uses which of the following? A. One secret key B. Two public keys C. Two private keys D. One public and one private key
A Explanation: Symmetric encryption, also called private or secret key encryption, uses one key to encrypt and decrypt data.
Which of the following statements about packet filter firewalls is not true? A. They can filter traffic based on the port number. B. They can filter traffic based on the protocol type. C. They can filter traffic based on the state of the connection. D. They can filter traffic based on the source and destination address.
C Explanation: Packet filter firewalls can filter traffic based on the protocol, port number, and addresses but cannot keep track of the state of the connection.
Which of the following best describes a false negative result from and IDS? A. An IDS incorrectly identifies a legitimate traffic as an intrusion B. An IDS correctly identifies an intrusion as such C. An IDS correctly identifies legitimate traffic as such D. An IDS incorrectly identifies an intrusion as legitimate traffic
D Explanation: A false negative occurs when the IDS fails to identify an intrusion but instead lets it pass as legitimate traffic.
Which of the following media sanitization methods uses a program to write 1s and 0s on disk? A. Formatting B. Deleting C. Degaussing D. Overwriting
D Explanation: Overwriting uses a program to write 0s and 1s on a disk in effect overwriting the existing information.
Which of the following statements best describes the walk-through test of the DRP? A. Members of key departments perform a dry run of the emergency. B. Members of key departments trace their steps through the plan checking for omissions and inaccuracies. C. Members of key departments check off the tasks for which they are responsible. D. Backup processing run simultaneously with the production services. E. Production systems are stopped to evaluate how backup systems perform.
B Explanation: In a walk-through members of key departments trace their steps though the plan and verify it for accuracy and completeness.
Which of the following statements best describes fail-secure system controls? A. Used to track and approve changes to a system B. Ensures security is not breached when a computer system crashes C. Preserves the state of the system before the crash and prevent further damage D. Used to clearly mark and handle assets
C Explanation: Fail-secure system controls preserve the state of the system before the crash and prevent further damage.
Which of the following attacks installs a key logger on the victim's system in an attempt to collect usernames and passwords? A. IP spoofing attack B. Denial-of-service attack C. Rogue code attack D. Emanation eavesdropping attack
C Explanation: In a rouge code attack, the victim without his knowledge installs a key logger that collects sensitive information, such as username and passwords.
Which of the following statements about qualitative analysis is true? A. Probability of data is required. B. It uses annualized loss expectancy to rank events. C. It is the most widely used approach to risk analysis. D. The problems associated with this risk analysis are the unreliability and inaccuracy of the data.
C Explanation: Qualitative risk analysis is the most widely used approach to risk analysis. In this type of analysis, probability data is not required; instead the estimated potential loss is used.
Magnetic tape is an example of which of the following? A. Primary storage B. Virtual memory C. Sequential storage D. Volatile memory
C Explanation: Sequential storage is memory accessed sequentially. Magnetic tape is an example of sequential storage.
Quantitative risk analysis uses which of the following? A. Annualized loss expectancy B. Probability C. Control D. All the above
D Explanation: A quantitative risk analysis attempts to establish and maintain an independent set of risk metrics and statistics. It uses annualized loss expectancy, probability, threats, controls, and vulnerabilities to calculate risk.
Keys and combination locks are an example of which type of controls used for physical security? A. Administrative access controls B. Environmental/life safety controls C. Technical controls D. Physical security controls
D Explanation: Examples of physical security controls include perimeter security controls, badges, dogs, guards, fences, locks and keys, and lights.
Which of the following risk types requires an immediate action? A. Low risk B. Moderate risk C. High risk D. Extreme risk
D Explanation: Extreme risk requires an immediate action. High risk requires senior management attention. Management responsibility must be specified for moderate risks, and low risks are handled by routine procedures.
Which of the following best describes an issue-specific policy? A. Used to create a management-sponsored computer security program B. Focuses on policy issues that management has decided for a specific system C. Establishes the overall approach to computer security D. Addresses specific issues of concerns to the organization
D Explanation: Issue-specific policies address specific issues of concern to the organization, such as regulatory issues like HIPAA, SOX, PCI, and others.
Which of the following is an example of physical security controls that can be used for physical security? A. Smart cards B. Biometric devices C. HVAC D. Mantraps
D Explanation: Mantraps are an example of physical security controls. Smart cards and biometric devices are technical controls, and HVAC systems are environmental control.
Which of the following is not an example of a multifactor authentication? A. Passwords and tokens B. Retina scans and smart cards C. PINs and tokens D. Fingerprint recognition and iris scanning
D Explanation: Multifactor authentication involves using more than one factor (authentication method) for authentication. Fingerprint recognition and iris scanning represent a single factor: biometrics.
Which of the following statements about checklists testing is true? A. It is considered a true/false test. B. It is a passive type of test. C. During the test key personnel performs a dry run of the emergency. D. Members of the key business units meet to trace their steps through the plan.
B Explanation: Checklists are considered passive type of test and a first step to comprehensive testing. In this type of testing, key personnel check off the tasks for which they are responsible to ensure the tasks are accurate.
A cold site provides which of the following? A. Hardware systems B. Software systems C. Power and air conditioning systems D. The servers
C Explanation: A cold site is the most cost effective type of an alternate site, however, it provides only the physical facilities and systems such as power and air conditioning to run a data processing center.
Which of the following statements best describes configuration and change management controls? A. Used to track and approve changes to a system B. Ensures security is not breached when a computer system crashes C. Used to determine how long records should be kept D. Used to clearly mark and handle assets
A Explanation: Configuration and change management controls are used to track and approve changes to a system.
Which of the following statements best describes data hiding? A. Mechanism used to ensure that information available at one processing level is not available at another level. B. A process operation that is divided into layers by function. C. The process of segmenting the memory into protected segments. D. A design objective in which each process has its own address space.
A Explanation: Data hiding is a mechanism where information available at one level is not available at another. A process isolation is when each process has its own address space to store its data and application code. Hardware segmentation is the process of segmenting memory into protected segments. Layering is a process operation that is divided into layers by function.
Which of the following risk types is managed by routine procedures? A. Low risk B. Moderate risk C. High risk D. Extreme risk
A Explanation: Low risk is handled by routine procedures. Extreme risk requires an immediate action. High risk requires senior management attention. Management responsibility must be specified for moderate risks.
Which of the following topics is covered under the business continuity and disaster recovery planning CBK domain? A. Developing a recovery strategy B. Following compliance requirements C. Developing and implementing security policies D. Managing personnel security
A Explanation: The business continuity and disaster recovery planning domain covers topics such as business continuity planning, including conducting a business impact analysis and developing a recovery strategy and a disaster recovery plan.
Which of the following topics is covered under the cryptography CBK domain? A. Understanding and using digital certificates B. Establishing secure communication channels C. Managing incident response D. Understanding access control attacks
A Explanation: The cryptography domain covers cryptographic techniques for data encryption, using digital certificates and signatures, and public key infrastructure.
Which of the following statements best describes separation of duties? A. No one person in an organization has the ability to control a security activity. B. Different tasks are assigned to different people. C. Each person is assigned the highest level of privileges needed to complete a task. D. Multiple people have the ability to control a security activity.
A Explanation: The goal of separation of duties is to ensure no single person can control a security activity to prevent errors in judgment or malicious acts.
Which of the following is the only sure method of media sanitization? A. Formatting B. Destruction C. Degaussing D. Overwriting
B Explanation: Destruction of media is done by shredding and brining and is the only sure method of media sanitization.
Which of the following statements is not true? A. Computer security depends on two types of requirements: functional and assurance. B. Security through obscurity is an effective way to secure a system. C. The three goals of security are confidentiality, integrity, and availability. D. The three types of security controls are preventive, detective, and responsive.
B Explanation: Security through obscurity is based on the premises that hiding how the system security works makes that system more secure. This is not an effective way to secure a system because the entire system security would collapse when someone uncovers that the system is not secure.
Which of the following provides backup processing at a remote location? A. Cold sites B. Service bureaus C. Mobile sites D. Warm sites
B Explanation: Service bureaus provide backup processing services at a remote location. In addition they provide primary application services.
Which of the following topics is covered under the access control CBK domain? A. Applying the SDLC B. Establishing secure communication channels C. Implementing patch and vulnerability management D. Understanding access control attacks
D Explanation: The access control domain discusses who may access the system and what type of access they have. It covers topics such as identification, authentication, authorization, and logging.
Which of the following topics is covered under the security architecture and design CBK domain? A. Understanding forensic procedures B. Following compliance requirements C. Developing and implementing security policies D. Understanding the fundamental concepts of security models
D Explanation: The security architecture and design domain discusses the principles, concepts, and standards used to develop secure systems and network. Understanding the fundamental concepts of security models is a key topic within the domain.
Which of the following are considerations when selecting a site? A. Visibility B. Locale considerations C. Natural disasters D. Transportation E. A and B F. B and C G. All the above
G Explanation: Site selection considerations include visibility, locale considerations, natural disasters, and transportation.
Which of the following is an example of an environmental/life safety controls? A. Smart cards B. Fire detectors C. Site selection D. Biometric systems
B Explanation: Fire detection and prevention systems are an example of environmental/life safety controls. Smart cards and biometric devices are technical controls, and site selection is an administrative control.
Running two or more programs simultaneously is called which of the following? A. Multitasking B. Multiprocessing C. Multithreading D. Multiprogramming
B Explanation: Multiprocessing occurs when two or more programs run at the same time by the same CPU.
Which of the following best describes recovery controls? A. Reduce the likelihood of a deliberate attack. B. Restore lost computer resources or capabilities. C. Reduce the effect of an attack. D. Discover attack and trigger preventive or corrective controls.
B Explanation: Recovery controls restore lost resources and capabilities. Detective controls discover the attack and trigger preventive or corrective controls. Deterrent controls reduce the likelihood of a deliberate attack. Corrective controls reduce the effect of an attack.
Which of the following is an example of an administrative control that can be used for physical security? A. Intrusion detection systems B. Work area restrictions C. Fences D. Turnstiles
B Explanation: Work area restrictions are an example of administrative controls. Intrusion detection systems are technical controls, and fences and turnstiles are physical security controls.
Which of the following statements about the Common Criteria is true? A. It's referred to as The Orange Book. B. It was jointly developed by NIST and NSA. C. It's an international standard that provides a common language and structure to define IT security requirements. D. It is a European-developed criterion of security standards.
C Explanation: The Common Criteria project was started to align different international criteria into a single set of IT security criteria used as a single security standard across multiple countries. The CC provides a common language and structure to express IT security requirements.
Which of the following topics is covered under the software development security CBK domain? A. Understanding the cryptographic life cycle B. Understanding public key infrastructure C. Assessing the effectiveness of software security D. Securing network components
C Explanation: The software development security CBK focuses on secure application development techniques throughout the software development life cycle, including assessing the effectiveness of software security.
Which of the following statements about the Biba integrity model is true? A. It is an integrity model. B. It is an availability model. C. It simplifies analysis of covert channels. D. It uses read-up, write down approach.
D Explanation: The Biba integrity model is an integrity model that uses a read-up, write-down approach so that subjects cannot read objects at lesser integrity and cannot write to objects of higher integrity.
Which of the following statements best describes a full-interruption test of the DRP? A. Members of key departments perform a dry run of the emergency. B. Members of key departments trace their steps through the plan checking for omissions and inaccuracies. C. Members of key departments check off the tasks for which they are responsible. D. Backup processing run simultaneously with the production services. E. Production systems are stopped to evaluate how backup systems perform.
E Explanation: A full interruption test is known as a true/false test and involves stopping the production systems to see how the backup works in case of a disaster.
Which of the following is a process that defines a specific set of permissible values for an object and operations for that object? A. Layering B. Abstraction C. Data hiding D. Hardware segmentation
B Explanation: Abstraction is a process that defines a specific set of values and operations that are allowed for an object. Layering is a process operation that is divided into layers by function. Hardware segmentation is the process of segmenting memory into protected segments. Data hiding is a mechanism where information available at one level is not available at another.
Which of the following statements about quantitative risk analysis is true? A. It is the most widely used approach to risk analysis. B. Probability data is not required for this type of risk analysis. C. It uses annual loss expectancy to rank events. D. It is reliable and accurate way to calculate risk.
C Explanation: A quantitative risk analysis attempts to establish and maintain an independent set of risk metrics and statistics. It uses annualized loss expectancy, probability, threats, controls, and vulnerabilities to calculate risk. Some of the disadvantages of this type of risk analysis are the unreliability and inaccuracy of the data. The qualitative risk analysis is the most widely used risk analysis method.
Which of the following statements best describes computer forensics? A. Performing penetration testing of computer systems to evaluate their security B. Scanning computer systems for viruses and malware C. Investigating crimes committed with computers D. Breaking into computer systems
C Explanation: Computer forensics involves analyzing computer systems to determine if a crime has been committed.
Smart cards are an example of which type of controls used for physical security? A. Administrative access controls B. Environmental/life safety controls C. Technical controls D. Physical security controls
C Explanation: Examples of technical controls include smart cards, biometric devices, intrusion detection systems, and auditing.
Which of the following topics is covered under the information security governance and risk management CBK domain? A. Understanding forensic procedures B. Following compliance requirements C. Developing and implementing security policies D. Understanding the fundamental concepts of security models
C Explanation: The information security governance and risk management domain covers topics such as the need and importance of a comprehensive security plan, including the creation and management of security policies and employing risk management techniques.
Which of the following topics is covered under the telecommunications and network CBK domain? A. Understanding and using digital certificates B. Understanding public key infrastructure C. Understanding denial of service and spoofing attacks D. Understanding access control attacks
C Explanation: The telecommunications and network security domain covers securing network topologies and network components, understanding secure network architecture and design such as VPNs, and understanding network attacks, such as denial of service and spoofing attacks.
Which of the following statements about rings of trust on a standalone system is true? A. Outer rings contain a higher level of security. B. Inner rings contain a lower level of security. C. Systems requiring a higher level of security are placed in the inner rings. D. Systems requiring a higher level of security are placed in the outer rings.
C Explanation: Trust in a ring of trust system moves from the outside in, and the closer the ring is to the center, the higher the security level. Systems requiring a higher security level are placed in the inner rings.
Which of the following physical security controls are enclosed areas with a secure door on either end? A. Fences B. Bollards C. Turnstiles D. Mantraps
D Explanation: Mantraps are enclosed areas with a secure door on either end that allow one person at a time. They can be used to protect against piggybacking.
Which of the following statements best describes media viability controls? A. Used to track and approve changes to a system B. Ensures security is not breached when a computer system crashes C. Used to determine how long records should be kept D. Used to clearly mark and handle assets
D Explanation: Media viability controls are used to ensure assets are properly marked and handled. This includes marking media with date, content, classification, and any other information that can be used to easily identify and locate the media.
How many evaluation assurance levels are part of the Common Criteria? A. Four B. Five C. Six D. Seven
D Explanation: There are seven evaluation assurance levels in the Common Criteria: EAL1 through EAL7 with EAL7 representing the highest level of security.
Which of the following best describes the goal of the network layer of the OSI model? A. It is responsible for addressing of the packets. B. It defines the characteristics of the network hardware. C. It is responsible for establishing connections and terminations between the computers. D. It is responsible for the transfer of data.
A Explanation: The network layer manages addressing and delivery between networks.
Which of the following best describes the goal of the presentation layer of the OSI model? A. It is responsible for addressing of the packets. B. It is responsible for formatting of packets including encryption and encryption. C. It is responsible for establishing connections and terminations between the computers. D. It is responsible for the transfer of data.
B Explanation: The presentation layer is responsible for data formatting including encryption and decryption of packets.
Virtual private networks use which of the following to allow users to log in to the corporate network? A. Private network B. Internet C. Intranet D. Extranet
B Explanation: VPNs allow remote users to connect to the corporate network by using the Internet.
How is annualized loss expectancy computed? A. The probability of an event occurring multiplied by the likely loss it would incur B. The probability of an event occurring multiplied by the existing vulnerabilities C. The probability of an event occurring divided by the existing threats D. The probability of an event occurring divided by the existing controls
A Explanation: The annualized loss expectancy is used in quantitative risk analysis and is computed by multiplying the probability of an event occurring by the likely loss it would incur.
Which of the following operation security controls reduce the frequency and impact of errors? A. Preventive controls B. Detective controls C. Corrective controls D. Deterrent controls
A Explanation: Preventive controls prevent unauthorized access and reduce the frequency and impact of errors. Deterrent controls encourage compliance with external controls. Detective controls discover errors after they have occurred. Corrective controls help mitigate the impact of a loss.
Which of the following best describes the goal of process controls? A. Ensures that different people can perform the same operation exactly the same way each time B. Ensures that different people can perform operations differently C. Ensures that the same people can perform the same operations differently each time D. Ensures that the same people can perform the same operation exactly the same each time
A Explanation: Process controls are used to ensure that different people can perform the same task the same way.
Which of the following best describes a baseline? A. Specific set of requirements for a technology implementation B. Specific security requirements, or what a system or a process needs to be considered secure C. Detailed step-by-step instructions on how to complete a task or a process D. Documentation and guidance that aids in compliance
A Explanation: A baseline is a specific set of requirements for a technology implementation, such as Windows Server security settings or database setting. A procedure is a detailed step-by-step instructions on how to complete a task. A standard refers to specific security requirements or what a system needs to be considered secure. A guideline is a documentation that aids in compliance with a standard.
Assigning users only the minimum amount of privileges they need to perform their job is known as which of the following? A. Principle of least privilege B. Separation of duties C. Defense in depth D. Security triad
A Explanation: Confidentiality is sometimes referred as the principle of least privilege to indicate that users should be given only the minimum amount of permissions and privileges to do their job and no more.
Which of the following best describes business impact analysis? A. Evaluates risks to the organization and prioritizes the systems that will be used for recovery B. Describes the critical processes, procedures, and personnel that must be protected in an event of an emergency C. Describes the exact steps and procedures that should be followed to recover critical business systems in the event of a disaster D. Determines the cost of continuous operation and the value of each service
A Explanation: The business impact analysis (BIA) evaluates the risks and prioritizes the systems. The disaster recovery plan (DRP) describes the exact steps and procedures that should be followed in case of an emergency. The business continuity plan (BCP) describes the critical processes, procedures, and personnel that must be protected in an event of an emergency. Determining the cost of continuous operation is part of BCP.
Which of the following is an example of a prevention control? A. Intrusion detection system B. Firewall C. Motion sensors D. Security alarm
B Explanation: Firewalls are examples of prevention controls because their goal is to stop security breaches before they happen. Intrusion detection systems and motion sensors are detection controls, and security alarms are responsive controls.
Which of the following is an example of technical controls that can be used for physical security? A. Audit trails/access logs B. Fire suppressions systems C. HVAC D. Mantraps
A Explanation: Audit trails and access logs are examples of technical controls. Fire suppressions systems and HVAC are environmental controls, and mantraps are an example of physical security controls.
Torts are associated with which of the following laws? A. Civil law B. Criminal law C. Regulatory law D. Administrative laws
A Explanation: Civil law are used to compensate individuals that have been harmed through wrongful acts known as torts. Torts could be intentional or unintentional.
Which of the following best describes deterrent controls? A. Reduce the likelihood of a deliberate attack. B. Protect vulnerabilities. C. Reduce the effect of an attack. D. Discover attack and trigger preventive or corrective controls.
A Explanation: Deterrent controls reduce the likelihood of a deliberate attack. Detective controls discover the attack and trigger preventive or corrective controls. Preventive controls protect vulnerabilities and either make an attack unsuccessful or reduce its effect. Corrective controls reduce the effect of an attack.
Which of the following CBK domains covers developing and implementing security policies? A. Information security governance and risk management B. Business continuity and disaster recovery planning C. Legal regulations, investigations, and compliance D. Security architecture and design
A Explanation: The Information security governance and risk management domain includes creating policies and procedures for protecting data, including developing and implementing security policies and managing the information life cycle.
Using routers, firewalls, and intrusion detection systems in combination with real-time human monitoring is an example of which of the following? A. Separation of duties B. Defense in depth C. Principle of least privilege D. Intrusion monitoring
B Explanation: Defense in depth is also known as layered security and involves using overlapping layers of security to protect data and resources.
Which of the following statements best describes primary storage? A. Stores data on a page/swap file on a disk B. The computer main memory that is volatile and directly addressable by the CPU C. Nonvolatile storage format that can store data, applications, and system code D. Computer memory that is accessed sequentially
B Explanation: Primary storage is the computer main memory that is volatile. Virtual memory is data stored in a page file on disk. Secondary storage is nonvolatile storage that can store data and program code. Sequential storage is memory accessed sequentially.
Question: Which of the following is concerned with placing an economic value on assets to determine appropriate countermeasures? A. Risk mitigation B. Risk assessment C. Vulnerability assessment D. Risk avoidance
B Explanation: Risk assessment and risk management are concerned with evaluating assets and placing an economic value on each to determine what countermeasures should be applied.
In which of the following attacks the attacker intercepts radio frequency signals from a wireless computer? A. IP spoofing attack B. Denial-of-service attack C. Rogue code attack D. Emanation eavesdropping attack
D Explanation: In an emanation eavesdropping attack, the attacker intercepts radio frequencies from wireless computers in an attempt to collect sensitive information.
According to the Electronic Marketplace report of the Federal Trade Commission Fair Information Practices, which of the following is not one of the four privacy practices companies engaged in e-commerce should observe? A. Notice/awareness B. Choice/consent C. Access/participation D. Availability/privacy
D Explanation: The four privacy practices that e-commerce companies should observe include notice/awareness, choice/consent, access/participation, and security/integrity.
Understanding confidentiality and integrity models and defense in depth are covered in which of the following CBK domains? A. Cryptography B. Telecommunications and network security C. Operations security D. Security architecture and design
D Explanation: The security architecture and design domain discusses the principles, concepts, and standards used to develop secure systems and network. Understanding the fundamental concepts of security models is a key topic within the domain.
Which of the following statements best describes the Biba integrity model? A. Subjects can read objects at a lower level but cannot write to objects at a higher level. B. Subjects can't read objects at a lower level but can write to objects at a higher level. C. Subjects can read objects at a lower level and can write to objects at a higher level. D. Subjects can't read objects at a lower level and can't write to objects at a higher level.
D Explanation: The Biba integrity model is an integrity model that uses a read-up, write-down approach so that subjects cannot read objects at lesser integrity and cannot write to objects of higher integrity.
How often should training be conducted? A. Monthly B. Annually C. Whenever the policies change D. Both A and B E. Both B and C
E Explanation: Training should be conducted annually and when there is a change to the security policy.
Which of the following is an example of something you know authentication mechanism? A. PIN B. Smart card C. Fingerprint D. Signature dynamics
A Explanation: Passwords and PIN numbers are an example of a something you know authentication. Smart cards and tones are examples of something you have authentication method, and fingerprint scans and signature dynamics are an example of something you are authentication.
Which of the following best describes a system-specific policy? A. Used to create a management-sponsored computer security program B. Focuses on policy issues that management has decided for a specific system C. Establishes the overall approach to computer security D. Addresses specific issues of concerns to the organization
B Explanation: A system-specific policy typically addresses a single system and is usually issued by the manager or owner of that system.
Which of the following media sanitization methods removes data by shredding or burning? A. Formatting B. Destruction C. Degaussing D. Overwriting
B Explanation: Destruction of media is done by shredding and brining and is the only sure method of media sanitization.
Which of the following statements best describes layering? A. Mechanism used to ensure that information available at one processing level is not available at another level B. A process operation that is divided into layers by function C. The process of segmenting the memory into protected segments D. A design objective in which each process has its own address space
B Explanation: Layering is a process operation that is divided into layers by function. A process isolation is when each process has its own address space to store its data and application code. Hardware segmentation is the process of segmenting memory into protected segments. Data hiding is a mechanism where information available at one level is not available at another.
Which of the following statements about primary storage is true? A. Primary storage is the same as virtual memory. B. Primary storage is volatile. C. Primary storage is a storage format that can store data and application when the system in not in use. D. Primary storage is memory that is access sequentially.
B Explanation: Primary storage is the computer main memory that is volatile and directly accessible by the CPU.
Which of the following is an example of a trade secret? A. Social Security numbers B. Recipe for Coca-Cola C. Departmental budget D. Marketing information
B Explanation: Proprietary secrets are examples of trade secret information such as recipes for products. Public information is intended for public distribution. Published annual reports and information on webpages and direct mailings are an example of public information. Business sensitive information is information employees need to perform their duties. Department budget information is an example of business sensitive information. Social Security numbers are examples of customer confidential information.
Which of the following topics is covered under the legal regulations, investigations, and compliance CBK domain? A. Developing a recovery strategy B. Following compliance requirements C. Understanding encryption concepts D. Managing personnel security
B Explanation: The legal regulations, investigations, and compliance domain covers computer crimes and the law and regulations that apply to computer security including professional ethics, forensic procedures, and compliance requirements.
Which of the following statements best describes the goal of the physical layer of the OSI model? A. It is responsible for addressing of the packets. B. It defines the characteristics of the network hardware. C. It is responsible for establishing connections and terminations between the computers. D. It is responsible for the transfer of data.
B Explanation: The physical layer of the OSI model defines the characteristics of the network hardware.
Using SSL and VPN to establish a secure communication channel is covered in which of the following CBK domain? A. Cryptography B. Telecommunications and network security C. Operations security D. Security architecture and design
B Explanation: The telecommunications and network security domain covers securing network topologies and network components; understanding secure network architecture, design, and protocols, such as VPNs and SSL; and understanding network attacks, such as denial-of-service and spoofing attacks.
Which of the following statements best describes trusted recovery controls? A. Used to track and approve changes to a system B. Ensures security is not breached when a computer system crashes C. Preserves the state of the system before the crash and prevent further damage D. Used to clearly mark and handle assets
B Explanation: Trusted recovery controls ensure security is not breached when a computer system crashes.
Which of the following authentication methods measure unique human characteristics to confirm identity? A. Smart cards B. Tokens C. Biometrics D. PINs
C Explanation: Biometrics work by measuring unique human characteristics, such as fingerprint scans or retina scans, to confirm a person's identity.
Which of the following operation security controls help mitigate the impact of a loss? A. Preventive controls B. Detective controls C. Corrective controls D. Deterrent controls
C Explanation: Corrective controls help mitigate the impact of a loss. Deterrent controls encourage compliance with external controls. Preventive controls prevent unauthorized access and reduce the frequency and impact of errors. Detective controls discover errors after they have occurred.
Which of the following best describes role-based access control? A. The information owner decides who has access to resources. B. Access to resources is determined based on the need to know principle. C. Access to resources is decided by the system based on the concept of subjects, objects, and labels. D. Users are grouped based on a common access need, such as job function.
D Explanation: Role-based access control groups users with a common access need, such as same job functions.
Which of the following best describes a procedure? A. Law passed by regulators and lawmakers B. Specific security requirements, or what a system or a process needs to be considered secure C. Detailed step-by-step instructions on how to complete a task or a process D. Documentation and guidance that aids in compliance
C Explanation: A procedure is a detailed step-by-step instructions on how to complete a task. A standard refers to specific security requirements or what a system needs to be considered secure. A regulation is a law passed by regulators and lawmakers. A guideline is a documentation that aids in compliance with a standard.
Which of the following statements best describes a simulation test of the DRP? A. Members of key departments perform a dry run of the emergency. B. Members of key departments trace their steps through the plan checking for omissions and inaccuracies. C. Members of key departments check off the tasks for which they are responsible. D. Backup processing run simultaneously with the production services. E. Production systems are stopped to evaluate how backup systems perform.
A
Which of the following best describes discretionary access control? A. The information owner decides who has access to resources. B. Access to resources is determined based on the need to know principle. C. Access to resources is decided by the system based on the concept of subjects, objects, and labels. D. Users are grouped based on a common access need, such as job function.
A Explanation: In a discretionary access control, the information owner decided who has access to resources. This access control method is built in most operating systems and is used in the corporate world.
Kerberos is an example of which of the following? A. Single sign-on B. Federated identity C. Multifactor authentication D. Asymmetric encryption
A Explanation: Kerberos is a network authentication protocol that uses symmetric key cryptography to provide authentication services. It issues a unique key, called a ticket, to authenticated users. Users need to log in only once, and each resource checks the assigned ticket to determine if access should be granted, thus allowing for a single sign-on.
Kerberos uses which of the following? A. Symmetric key cryptography B. Asymmetric key cryptography C. Federated identity D. All the above
A Explanation: Kerberos is a network authentication protocol that uses symmetric key cryptography to provide authentication services. It issues a unique key, called a ticket, to authenticated users. Users need to log in only once, and each resource checks the assigned ticket to determine if access should be granted, thus allowing for a single sign-on.
Which of the following allows you to establish a secure connection to a corporate network? A. IDS B. VPN C. IPS D. DMZ
B Explanation: A virtual private network (VPN) is a technology that allows users to establish a private secure connection over a public network.
In a mandatory access control, what are the elements that are protected called? A. Subjects B. Objects C. Resources D. Labels
B Explanation: Mandatory access control is also called nondiscretionary access control and is most commonly used in military and government systems. In this type of access control, the system decides who has access to resources based on subjects, objects, and labels. The elements within the system that are protected are called objects.
Which of the following is an example of a multifactor authentication? A. Password and PIN B. Smart card and PIN C. Smart card and USB drive D. Iris scan and retina scan
B Explanation: Multifactor authentication involves using more than one factor (authentication method) for authentication. Passwords and PIN, smart cards and USB drives, and iris and retina scans represent a single factor. Smart card and PIN involves two factors: something you have and something you know.
Which of the following uses one public and one private key? A. Private key cryptography B. Public key cryptography C. Secret key cryptography D. Symmetric key cryptography
B Explanation: Public key cryptography, also called asymmetric key, uses two keys one
Which of the following allows remote users to communicate with a central server for authentication and access to requested systems and services? A. VPN B. RADIUS C. Kerberos D. Federates identities
B Explanation: RADIUS is a client/server software that enables remote users to connect to corporate systems and resources by communicating with a central server for authentication and authorization.
Bob sends Alice an encrypted message using RSA. What key would Alice need to use to decrypt the message? A. Public key B. Private key C. Shared key D. The same key that Bob used to encrypt the message
B Explanation: RSA is an asymmetric/public key encryption protocol. In asymmetric encryption uses two keys: A message is encrypted with a public key and then decrypted with the private key.
Which of the following is not an advantage of a role-based access control? A. Automated user provisioning B. Automated logon C. Automatic detection of excessive permission D. Significant time saving
B Explanation: Role-based access control groups users with a common access need, such as same job functions. It allows for significant time-saving including automated user provisioning and using automated tools to detect excessive permissions.
Smart cards are an example of which of the following? A. Something you know authentication B. Something you have authentication C. Something you are authentication D. All the above
B Explanation: Smart cards are an example of something you have authentication.
Which of the following best describes mandatory access control? A. The information owner decides who has access to resources. B. Access to resources is determined based on the principle of least privilege. C. Access to resources is decided by the system based on the concept of subjects, objects, and labels. D. Users are grouped based on a common access need, such as job function.
C Explanation: Mandatory access control is also called nondiscretionary access control and is most commonly used in military and government systems. In this type of access control, the system decides who has access to resources based on subjects, objects, and labels.
S/MIME is used for which of the following? A. Encrypt Internet transactions B. Encrypt credit card numbers C. Encrypt email communications D. Encrypt digital certificates
C Explanation: S/MIME is a standard for email encryption and digital signatures.
Bob sends Alice an encrypted message using AES. What key would Alice need to use to decrypt the message? A. Bob's public key B. Bob's private key C. Alice's public key D. The same key that Bob used to encrypt the message
D Explanation: AES is a private/symmetric key algorithm. Symmetric key encryption uses one shared key to encrypt and decrypt data, so Alice needs to use the same key Bob used to encrypt the data to decrypt the message.
AES is an example of which of the following? A. Hashing protocol B. Public key encryption key protocol C. Email encryption protocol D. Symmetric key encryption protocol
D Explanation: AES is an example of a symmetric key encryption protocol.
Which of the following can be used to encrypt email messages? A. MD5 B. SHA-1 C. SET D. S/MIME
D Explanation: S/MIME is based on RSA and is a standard for encrypting email messages and digital signatures. MD5 and SHA-1 are hashing algorithms, and SET is used to secure e-commerce transactions.
