CISSP Topic 3 - Security Engineering
Which security model uses division of operations into different parts and requires different users to perform each part? A. Bell-LaPadula model B. Biba model C. Clark-Wilson model D. Non-interference model
C. Clark-Wilson model
What is the main focus of the Bell-LaPadula security model? A. Accountability B. Integrity C. Confidentiality D. Availability
C. Confidentiality
The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis? A. Critical-channel analysis B. Covert channel analysis C. Critical-path analysis D. Critical-conduit analysis
C. Critical-path analysis
Which of the following does NOT concern itself with key management? A. Internet Security Association Key Management Protocol (ISAKMP) B. Diffie-Hellman (DH) C. Cryptology (CRYPTO) D. Key Exchange Algorithm (KEA)
C. Cryptology (CRYPTO)
Which is NOT a suitable method for distributing certificate revocation information? A. CA revocation mailing list B. Delta CRL C. OCSP (online certificate status protocol) D. Distribution point CRL
A. CA revocation mailing list
What is NOT an authentication method within IKE and IPsec? A. CHAP B. Pre shared key C. certificate based authentication D. Public key authentication
A. CHAP
Which of the following is the preferred way to suppress an electrical fire in an information center? A. CO2 B. CO2, soda acid, or Halon C. water or soda acid D. ABC Rated Dry Chemical
A. CO2
Where in a PKI infrastructure is a list of revoked certificates stored? A. CRL B. Registration Authority C. Recovery Agent D. Key escrow
A. CRL
Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on? A. Caesar B. The Jefferson disks C. Enigma D. SIGABA
A. Caesar
This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I? A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack
A. Chosen-Ciphertext attack
Readable is to unreadable just as plain text is to: A. Cipher Text B. Encryption C. Unplain Text D. Digitally Signed
A. Cipher Text
Which fire class can water be most appropriate for? A. Class A fires B. Class B fires C. Class C fires D. Class D fires
A. Class A fires
Which of the following is BEST provided by symmetric cryptography? A. Confidentiality B. Integrity C. Availability D. Non-repudiation
A. Confidentiality
What is the primary role of cross certification? A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certificates by CA certificate revocation
A. Creating trust between different PKIs
What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities
A. Cross-certification
Which of the following is the MOST secure form of triple-DES encryption? A. DES-EDE3 B. DES-EDE1 C. DES-EEE4 D. DES-EDE2
A. DES-EDE3
Which of the following is NOT a true statement regarding the implementation of the 3DES modes? A. DES-EEE1 uses one key B. DES-EEE2 uses two keys C. DES-EEE3 uses three keys D. DES-EDE2 uses two keys
A. DES-EEE1 uses one key
What attribute is included in a X.509-certificate? A. Distinguished name of the subject B. Telephone number of the department C. secret key of the issuing CA D. the key pair of the certificate holder
A. Distinguished name of the subject
Which encryption algorithm is BEST suited for communication with handheld wireless devices? A. ECC (Elliptic Curve Cryptosystem) B. RSA C. SHA D. RC4
A. ECC (Elliptic Curve Cryptosystem)
Critical areas should be lighted: A. Eight feet high and two feet out. B. Eight feet high and four feet out. C. Ten feet high and four feet out. D. Ten feet high and six feet out.
A. Eight feet high and two feet out.
In which mode of DES, will a block of plaintext and a key always give the same ciphertext? A. Electronic Code Book (ECB) B. Output Feedback (OFB) C. Counter Mode (CTR) D. Cipher Feedback (CFB)
A. Electronic Code Book (ECB)
Which of the following modes of DES is MOST likely used for Database Encryption? A. Electronic Code Book (ECB) B. Cipher Block Chaining (CBC) C. Cipher Feedback (CFB) D. Output Feedback (OFB)
A. Electronic Code Book (ECB)
An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to the true ceiling and installs a white noise generator. What attack is the employee trying to protect against? A. Emanation Attacks B. Social Engineering C. Object reuse D. Wiretapping
A. Emanation Attacks
Which of the following services is NOT provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signature D. Authentication
A. Encryption
Which of the following is NOT a basic component of security architecture? A. Motherboard B. Central Processing Unit (CPU) C. Storage Devices D. Peripherals (input/output devices)
A. Motherboard
What does the simple security (ss) property mean in the Bell-LaPadula model? A. No read up B. No write down C. No read down D. No write up
A. No read up
Which of the following is more suitable for a hardware implementation? A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book
A. Stream ciphers
Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? A. Symmetric Key Cryptography B. PKI - Public Key Infrastructure C. Diffie-Hellman D. DSS - Digital Signature Standard
A. Symmetric Key Cryptography
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense? A. TCSEC B. ITSEC C. DIACAP D. NIACAP
A. TCSEC
Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer? A. TPM - Trusted Platform Module B. TPM - Trusted Procedure Module C. Smart Card D. Enigma Machine
A. TPM - Trusted Platform Module
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)? A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates. B. The OCSP (Online Certificate Status Protocol) is a proprietary certificate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard. C. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorities D. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate
A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.
Complete the following sentence. A message can be encrypted, which provides: A. confidentiality. B. non-repudiation. C. authentication. D. integrity.
A. confidentiality.
Complete the following sentence. A digital signature is a: A. hash value that has been encrypted with the sender's private key B. hash value that has been encrypted with the sender's public key C. hash value that has been encrypted with the senders Session key D. senders signature signed and scanned in a digital format
A. hash value that has been encrypted with the sender's private key
Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext? A. known plaintext B. brute force C. ciphertext only D. chosen plaintext
A. known plaintext
Which of the following is NOT a system-sensing wireless proximity card? A. magnetically striped card B. passive device C. field-powered device D. transponder
A. magnetically striped card
Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is BEST described as: A. ownership. B. protecting specific areas with different measures. C. localized emissions. D. compromise of the perimeter.
A. ownership.
What is the role of IKE within the IPsec protocol? A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service
A. peer authentication and key exchange
Which is the last line of defense in a physical security sense? A. people B. interior barriers C. exterior barriers D. perimeter barriers
A. people
Which of the following is NOT a precaution you can take to reduce static electricity? A. power line conditioning B. anti-static sprays C. maintain proper humidity levels D. anti-static flooring
A. power line conditioning
Which of the following is currently the most recommended water system for a computer room? A. preaction B. wet pipe C. dry pipe D. deluge
A. preaction
A momentary high voltage is a: A. spike B. blackout C. surge D. fault
A. spike
Devices that supply power when the commercial utility power system fails are called which of the following? A. power conditioners B. uninterruptible power supplies C. power filters D. power dividers
B. uninterruptible power supplies
Which of the following is NOT an example of an asymmetric key algorithm? A. Elliptic curve cryptosystem (ECC) B. Diffie-Hellman C. Advanced Encryption Standard (AES) D. Merkle-Hellman Knapsack
C. Advanced Encryption Standard (AES)
Which of the following questions is less likely to help in assessing physical and environmental protection? A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled?
C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information?
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)
D. Internet Key Exchange (IKE)
Which of the following is NOT a disadvantage of symmetric cryptography when compared with asymmetric ciphers? A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed
C. Speed
Which of the following is a class C fire? A. electrical B. liquid C. common combustibles D. soda acid
A. electrical
Which Orange book security rating is the FIRST to be concerned with covert channels? A. A1 B. B3 C. B2 D. B1
C. B2
Which of the following algorithms does NOT provide hashing? A. SHA-1 B. MD2 C. RC4 D. MD5
C. RC4
A momentary power outage is a: A. spike B. blackout C. surge D. fault
D. fault
What is the length of an MD5 message digest? A. 128 bits B. 160 bits C. 256 bits D. varies depending upon the message size.
A. 128 bits
What size is an MD5 message digest (hash)? A. 128 bits B. 160 bits C. 256 bits D. 128 bytes
A. 128 bits
How many rounds are used by DES? A. 16 B. 32 C. 64 D. 48
A. 16
What is the effective key size of DES? A. 56 bits B. 64 bits C. 128 bits D. 1024 bits
A. 56 bits
What is a characteristic of using the Electronic Code Book mode of DES encryption? A. A given block of plaintext and a given key will always produce the same ciphertext. B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. C. Individual characters are encoded by combining output from earlier encryption routines with plaintext. D. The previous DES output is used as input.
A. A given block of plaintext and a given key will always produce the same ciphertext.
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext- ciphertext pairs? A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack
A. A known-plaintext attack
In which of the following models are Subjects and Objects identified and the permissions applied to each subject/object combination are specified? Such a model can be used to quickly summarize what permissions a subject has for various system objects. A. Access Control Matrix model B. Take-Grant model C. Bell-LaPadula model D. Biba model
A. Access Control Matrix model
The RSA algorithm is an example of what type of cryptography? A. Asymmetric Key. B. Symmetric Key. C. Secret Key. D. Private Key.
A. Asymmetric Key.
Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec? A. Authentication Header (AH) B. Encapsulating Security Payload (ESP) C. Secure Sockets Layer (SSL) D. Secure Shell (SSH-2)
A. Authentication Header (AH)
Cryptography does NOT concern itself with which of the following choices? A. Availability B. Integrity C. Confidentiality D. Validation
A. Availability
Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles? A. B2 B. B1 C. A1 D. A2
A. B2
Which of the following is not classified as "Security and Audit Frameworks and Methodologies"? A. Bell LaPadula B. Committee of Sponsoring Organizations of the Treadway Commission (COSO) C. IT Infrastructure Library (ITIL) D. Control Objectives for Information and related Technology (COBIT)
A. Bell LaPadula
The Computer Security Policy Model the Orange Book is based on is which of the following? A. Bell-LaPadula B. Data Encryption Standard C. Kerberos D. Tempest
A. Bell-LaPadula
In an SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server
A. Both client and server
Which of the following is not an EPA-approved replacement for Halon? A. Bromine B. Inergen C. FM-200 D. FE-13
A. Bromine
Which of the following is NOT true of Secure Sockets Layer (SSL)? A. By convention it uses 's-http://' instead of 'http://'. B. Is the predecessor to the Transport Layer Security (TLS) protocol. C. It was developed by Netscape. D. It is used for transmitting private information, data, and documents over the Internet.
A. By convention it uses 's-http://' instead of 'http://'.
When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this:0101 0001 Plain text0111 0011 Key stream0010 0010 OutputWhat is this cryptographic operation called? A. Exclusive-OR B. Bit Swapping C. Logical-NOR D. Decryption
A. Exclusive-OR
Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire? A. Halon B. CO2 C. water D. soda acid
A. Halon
What are the four basic elements of Fire? A. Heat, Fuel, Oxygen, and Chain Reaction B. Heat, Fuel, CO2, and Chain Reaction C. Heat, Wood, Oxygen, and Chain Reaction D. Flame, Fuel, Oxygen, and Chain Reaction
A. Heat, Fuel, Oxygen, and Chain Reaction
Which of the following is an example of discretionary access control? A. Identity-based access control B. Task-based access control C. Role-based access control D. Rule-based access control
A. Identity-based access control
You have been approached by one of your clients. They are interested in doing some security re-engineering. The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications. Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional, which model would you recommend to the client? A. Information Flow Model combined with Bell LaPadula B. Bell LaPadula C. Biba D. Information Flow Model
A. Information Flow Model combined with Bell LaPadula
In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. Initiation B. Development/acquisition C. Implementation D. Operation/maintenance
A. Initiation
What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)? A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol
A. Internet Key Exchange (IKE)
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations? A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)
A. Internet Key exchange (IKE)
Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message.
A. It converts a message of a fixed length into a message digest of arbitrary length.
What is NOT true about a one-way hashing function? A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message
A. It provides authentication of the message
Which key agreement scheme uses implicit signatures? A. MQV B. DH C. ECC D. RSA
A. MQV
Which access control model would a lattice-based access control model be an example of? A. Mandatory access control. B. Discretionary access control. C. Non-discretionary access control. D. Rule-based access control.
A. Mandatory access control.
Which one of the following authentication mechanisms creates a problem for mobile users? A. Mechanisms based on IP addresses B. Mechanism with reusable passwords C. One-time password mechanism. D. Challenge response mechanism.
A. Mechanisms based on IP addresses
Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender? A. Message Authentication Code - MAC B. PAM - Pluggable Authentication Module C. NAM - Negative Acknowledgement Message D. Digital Signature Certificate
A. Message Authentication Code - MAC
Which of the following answers BEST describes the Bell La-Padula model of storage and access control of classified information? A. No read up and No write down B. No write up, no read down C. No read over and no write up D. No reading from higher classification levels
A. No read up and No write down
You are an information systems security officer at a mid-sized business and are called upon to investigate a threat conveyed in an email from one employee to another.You gather the evidence from both the email server transaction logs and from the computers of the two individuals involved in the incident and prepare an executive summary.You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn't send the email in question.What concept of PKI - Public Key Infrastructure will implicate the sender? A. Non-repudiation B. The digital signature of the recipient C. Authentication D. Integrity
A. Non-repudiation
Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part? A. One Time Pad (OTP) B. One time Cryptopad (OTC) C. Cryptanalysis D. Pretty Good Privacy (PGP)
A. One Time Pad (OTP)
What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed. A. One-way hash B. DES C. Transposition D. Substitution
A. One-way hash
Which of the following is NOT a type of motion detector? A. Photoelectric sensor B. Passive infrared sensors C. Microwave Sensor. D. Ultrasonic Sensor.
A. Photoelectric sensor
Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key. A. Private / Public B. Public / Private C. Symmetric / Asymmetric D. Private / Symmetric
A. Private / Public
A public key algorithm that does both encryption and digital signature is which of the following? A. RSA B. DES C. IDEA D. Diffie-Hellman
A. RSA
Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support? A. SESAME B. RADIUS C. KryptoKnight D. TACACS+
A. SESAME
Which of the following is a Hashing Algorithm? A. SHA B. RSA C. Diffie Hellman (DH) D. Elliptic Curve Cryptography (ECC)
A. SHA
Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic? A. SSL or TLS B. 802.1X C. ARP Cache Security D. SSH - Secure Shell
A. SSL or TLS
The main risks that physical security components combat are all of the following EXCEPT: A. SYN flood B. Physical damage C. Theft D. Tailgating
A. SYN flood
The DES algorithm is an example of what type of cryptography? A. Secret Key B. Two-key C. Asymmetric Key D. Public Key
A. Secret Key
Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet? A. Secure Electronic Transaction (SET) B. MONDEX C. Secure Shell (SSH-2) D. Secure Hypertext Transfer Protocol (S-HTTP)
A. Secure Electronic Transaction (SET)
The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts? A. Static electricity B. Electro-plating C. Energy-plating D. Element-plating
A. Static electricity
Guards are appropriate whenever the function required by the security program involves which of the following? A. The use of discriminating judgment B. The use of physical force C. The operation of access control devices D. The need to detect unauthorized access
A. The use of discriminating judgment
Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID card that she uses to digitally sign and encrypt emails in the PKI.What happens to the certificates contained on the smart card after the security officer takes appropriate action? A. They are added to the CRL B. They are reissued to the user C. New certificates are issued to the user D. The user may no longer have certificates
A. They are added to the CRL
What is a common problem when using vibration detection devices for perimeter control? A. They are vulnerable to non-adversarial disturbances. B. They can be defeated by electronic means. C. Signal amplitude is affected by weather conditions. D. They must be buried below the frost line.
A. They are vulnerable to non-adversarial disturbances.
What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. A. Trusted Platform Module (TPM) B. Trusted BIOS Module (TBM) C. Central Processing Unit (CPU) D. Arithmetic Logical Unit (ALU)
A. Trusted Platform Module (TPM)
Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean? A. Use of public key encryption to secure a secret key, and message encryption using the secret key. B. Use of the recipient's public key for encryption and decryption based on the recipient's private key. C. Use of software encryption assisted by a hardware encryption accelerator. D. Use of elliptic curve encryption.
A. Use of public key encryption to secure a secret key, and message encryption using the secret key.
Which of the following would best describe certificate path validation? A. Verification of the validity of all certificates of the certificate chain to the root certificate B. Verification of the integrity of the associated root certificate C. Verification of the integrity of the concerned private key D. Verification of the revocation status of the concerned certificate
A. Verification of the validity of all certificates of the certificate chain to the root certificate
Public key infrastructure (PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.This infrastructure is based upon which of the following Standard? A. X.509 B. X.500 C. X.400 D. X.25
A. X.509
A prolonged electrical power supply that is below normal voltage is a: A. brownout B. blackout C. surge D. fault
A. brownout
Which of the following is a class A fire? A. common combustibles B. liquid C. electrical D. Halon
A. common combustibles
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields
A. computing in Galois fields
What is the key size of the International Data Encryption Algorithm (IDEA)? A. 64 bits B. 128 bits C. 160 bits D. 192 bits
B. 128 bits
The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. 4 B. 16 C. 54 D. 64
B. 16
Which of the following binds a subject name to a public key value? A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate
B. A public key infrastructure
Which of the following statements pertaining to stream ciphers is TRUE? A. A stream cipher is a type of asymmetric encryption algorithm. B. A stream cipher generates what is called a keystream. C. A stream cipher is slower than a block cipher. D. A stream cipher is not appropriate for hardware-based encryption.
B. A stream cipher generates what is called a keystream.
PGP uses which of the following to encrypt data? A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate
B. A symmetric encryption algorithm
Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader? A. A passive system sensing device B. A transponder C. A card swipe D. A magnetic card
B. A transponder
Which of the following controls related to physical security is NOT an administrative control? A. Personnel controls B. Alarms C. Training D. Emergency response and procedures
B. Alarms
According to ISC -, what should be the fire rating for the internal walls of an information processing facility? A. All walls must have a one-hour minimum fire rating. B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating. C. All walls must have a two-hour minimum fire rating. D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have
B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating.
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate
B. An attribute certificate
Which Orange book security rating introduces security labels? A. C2 B. B1 C. B2 D. B3
B. B1
According to the Orange Book, which security level is the first to require a system to protect against covert timing channels? A. A1 B. B3 C. B2 D. B1
B. B3
Which of the following was the FIRST mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access, and to outline rules of access? A. Biba B. Bell-LaPadula C. Clark-Wilson D. State machine
B. Bell-LaPadula
Which of the following security models introduced the idea of mutual exclusivity which generates dynamically changing permissions? A. Biba B. Brewer & Nash C. Graham-Denning D. Clark-Wilson
B. Brewer & Nash
Which Orange book security rating introduces the object reuse protection? A. C1 B. C2 C. B1 D. B2
B. C2
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors
B. Capacitance detectors
Who vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority
B. Certification authority
Which of the following type of lock uses a numeric keypad or dial to gain entry? A. Bolting door locks B. Cipher lock C. Electronic door lock D. Biometric door lock
B. Cipher lock
In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process? A. Known-plaintext attack B. Ciphertext-only attack C. Chosen-Ciphertext attack D. Plaintext-only attack
B. Ciphertext-only attack
The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts? A. Static electricity B. Corrosion C. Energy-plating D. Element-plating
B. Corrosion
Which of the following is NOT a symmetric key algorithm? A. Blowfish B. Digital Signature Standard (DSS) C. Triple DES (3DES) D. RC5
B. Digital Signature Standard (DSS)
The most prevalent cause of computer center fires is which of the following? A. AC equipment B. Electrical distribution systems C. Heating systems D. Natural causes
B. Electrical distribution systems
Which of the following is TRUE about digital certificate? A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be. C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.
B. Electronic credential proving that the person the certificate was issued to is who they claim to be.
What is an error called that causes a system to be vulnerable because of the environment in which it is installed? A. Configuration error B. Environmental error C. Access validation error D. Exceptional condition handling error
B. Environmental error
Which of the following would BEST describe a Concealment cipher? A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed.
B. Every X number of words within a text, is a part of the real message.
What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
B. Needs a Public Key Infrastructure (PKI) to work
What kind of encryption technology does SSL utilize? A. Secret or Symmetric key B. Hybrid (both Symmetric and Asymmetric) C. Public Key D. Private Key
B. Hybrid (both Symmetric and Asymmetric)
What does the Clark-Wilson security model focus on? A. Confidentiality B. Integrity C. Accountability D. Availability
B. Integrity
Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is NOT a component that achieves this type of security? A. Administrative control mechanisms B. Integrity control mechanisms C. Technical control mechanisms D. Physical control mechanisms
B. Integrity control mechanisms
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)
B. Internet Security Association and Key Management Protocol (ISAKMP)
Which of the following questions is LESS likely to help in assessing physical access controls? A. Does management regularly review the list of persons with physical access to sensitive facilities? B. Is the operating system configured to prevent circumvention of the security software and application controls? C. Are keys or other access devices needed to enter the computer room and media library? D. Are visitors to sensitive areas signed in and escorted?
B. Is the operating system configured to prevent circumvention of the security software and application controls?
The primary purpose for using one-way hashing of user passwords within a password file is which of the following? A. It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords.
B. It prevents an unauthorized person from reading the password.
What is the main problem of the renewal of a root CA certificate? A. It requires key recovery of all end user keys B. It requires the authentic distribution of the new root CA certificate to all PKI participants C. It requires the collection of the old root CA certificates from all the users D. It requires issuance of the new root CA certificate
B. It requires the authentic distribution of the new root CA certificate to all PKI participants
How should a doorway of a manned facility with automatic locks be configured? A. It should be configured to be fail-secure. B. It should be configured to be fail-safe. C. It should have a door delay cipher lock. D. It should not allow piggybacking.
B. It should be configured to be fail-safe.
The Diffie-Hellman algorithm is primarily used to provide which of the following? A. Confidentiality B. Key Agreement C. Integrity D. Non-repudiation
B. Key Agreement
The Clipper Chip utilizes which concept in public key cryptography? A. Substitution B. Key Escrow C. An undefined algorithm D. Super strong encryption
B. Key Escrow
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? A. Key collision B. Key clustering C. Hashing D. Ciphertext collision
B. Key clustering
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)
B. Message Authentication Code (MAC)
What does the simple integrity axiom mean in the Biba model? A. No write down B. No read down C. No read up D. No write up
B. No read down
What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition? A. Running key cipher B. One-time pad C. Steganography D. Cipher block chaining
B. One-time pad
While using IPsec, the ESP and AH protocols both provide integrity services. However, when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and its Integrity Check Value (ICV) the MOST? A. Key session exchange B. Packet Header Source or Destination address C. VPN cryptographic key size D. Cryptographic algorithm used
B. Packet Header Source or Destination address
In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? A. Pre Initialization Phase B. Phase 1 C. Phase 2 D. No peer authentication is performed
B. Phase 1
Which of the following is BEST at defeating frequency analysis? A. Substitution cipher B. Polyalphabetic cipher C. Transposition cipher D. Ceasar cipher
B. Polyalphabetic cipher
Which of the following algorithms is a stream cipher? A. RC2 B. RC4 C. RC5 D. RC6
B. RC4
Which of the following is not a one-way hashing algorithm? A. MD2 B. RC4 C. SHA-1 D. HAVAL
B. RC4
Which of the following is NOT an encryption algorithm? A. Skipjack B. SHA-1 C. Twofish D. DEA
B. SHA-1
Kerberos depends upon what encryption method? A. Public Key cryptography. B. Secret Key cryptography. C. El Gamal cryptography. D. Blowfish cryptography.
B. Secret Key cryptography.
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys? This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis? A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)
B. Simple Key-management for Internet Protocols (SKIP)
In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained? A. Functional Requirements Phase B. Testing and evaluation control C. Acceptance Phase D. Post installation Phase
B. Testing and evaluation control
The Orange Book is founded upon which security policy model? A. The Biba Model B. The Bell LaPadula Model C. Clark-Wilson Model D. TEMPEST
B. The Bell LaPadula Model
Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)? A. The National Computer Security Center (NCSC) B. The National Institute of Standards and Technology (NIST) C. The National Security Agency (NSA) D. The American National Standards Institute (ANSI)
B. The National Institute of Standards and Technology (NIST)
Which of the following statements pertaining to Secure Sockets Layer (SSL) is FALSE? A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols.
B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.
Individual accountability does not include which of the following? A. unique identifiers B. policies and procedures C. access rules D. audit trails
B. policies and procedures
While referring to physical security, what does positive pressurization means? A. The pressure inside your sprinkler system is greater than zero. B. The air goes out of a room when a door is opened and outside air does not go into the room. C. Causes the sprinkler system to go off. D. A series of measures that increase pressure on employees in order to make them more productive.
B. The air goes out of a room when a door is opened and outside air does not go into the room.
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that: A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use. B. The channels through which the information flows are secure. C. The recipient's identity can be positively verified by the sender. D. The sender of the message is the only other person with access to the recipient's private key.
B. The channels through which the information flows are secure.
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack? A. The use of good key generators. B. The use of session keys. C. Nothing can defend you against a brute force crypto key attack. D. Algorithms that are immune to brute force key attacks.
B. The use of session keys.
In a Public Key Infrastructure, how are public keys published? A. They are sent via e-mail. B. Through digital certificates. C. They are sent by owners. D. They are not published.
B. Through digital certificates.
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term? A. Subordinate CA B. Top Level CA C. Big CA D. Master CA
B. Top Level CA
Which of the following would MOST likely ensure that a system development project meets business objectives? A. Development and tests are run by different individuals B. User involvement in system specification and acceptance C. Development of a project plan identifying all development activities D. Strict deadlines and budgets
B. User involvement in system specification and acceptance
Which of the following statements pertaining to key management is NOT true? A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.
B. When not using the full keyspace, the key should be extremely random.
Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to the use of a "Class A" hand-held fire extinguisher? A. When the fire is in its incipient stage. B. When the fire involves electrical equipment. C. When the fire is located in an enclosed area. D. When the fire is caused by flammable products.
B. When the fire involves electrical equipment.
Which of the following statements pertaining to secure information processing facilities is NOT true? A. Walls should have an acceptable fire rating. B. Windows should be protected with bars. C. Doors must resist forcible entry. D. Location and type of fire suppression systems should be known.
B. Windows should be protected with bars.
A prolonged complete loss of electric power is a: A. brownout B. blackout C. surge D. fault
B. blackout
Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires? A. traverse-mode noise B. common-mode noise C. crossover-mode noise D. transversal-mode noise
B. common-mode noise
Cryptography does NOT help in: A. detecting fraudulent insertion. B. detecting fraudulent deletion. C. detecting fraudulent modification. D. detecting fraudulent disclosure.
B. detecting fraudulent deletion.
You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by: A. having the sender encrypt the message with his private key. B. having the sender encrypt the hash with his private key. C. having the sender encrypt the message with his symmetric key. D. having the sender encrypt the hash with his public key.
B. having the sender encrypt the hash with his private key.
What is the minimum static charge able to cause disk drive data loss? A. 550 volts B. 1000 volts C. 1500 volts D. 2000 volts
C. 1500 volts
What is the maximum allowable key size of the Rijndael encryption algorithm? A. 128 bits B. 192 bits C. 256 bits D. 512 bits
C. 256 bits
What is the maximum number of different keys that can be used when encrypting with Triple DES? A. 1 B. 2 C. 3 D. 4
C. 3
How many bits is the effective length of the key of the Data Encryption Standard algorithm? A. 168 B. 128 C. 56 D. 64
C. 56
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics? A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output
C. 64 bit blocks with a 64 bit total key length
For maximum security design, what type of fence is most effective and cost-effective method (Foot is being used as measurement unit below)? A. 3' to 4' high. B. 6' to 7' high. C. 8' high and above with strands of barbed wire. D. Double fencing
C. 8' high and above with strands of barbed wire.
What is the RESULT of a hash algorithm being applied to a message? A. A digital signature B. A ciphertext C. A message digest D. A plaintext
C. A message digest
Which of the following would best define a digital envelope? A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's private key.
C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.
Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used)? A. A subject is not allowed to read up. B. The *- property restriction can be escaped by temporarily downgrading a high level subject. C. A subject is not allowed to read down. D. It is restricted to confidentiality.
C. A subject is not allowed to read down.
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list
C. Authority revocation list
Who developed one of the first mathematical models of a multilevel-security computer system? A. Diffie and Hellman. B. Clark and Wilson. C. Bell and LaPadula. D. Gasser and Lipner.
C. Bell and LaPadula.
Which of the following models does NOT include data integrity or conflict of interest? A. Biba B. Clark-Wilson C. Bell-LaPadula D. Brewer-Nash
C. Bell-LaPadula
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack
C. Birthday attack
Which of the following was NOT designed to be a proprietary encryption algorithm? A. RC2 B. RC4 C. Blowfish D. Skipjack
C. Blowfish
Which of the following concerning the Rijndael block cipher algorithm is NOT true? A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.
C. Both block size and key length can be extended to multiples of 64 bits.
Which security model uses an access control triple and also requires separation of duty? A. DAC B. Lattice C. Clark-Wilson D. Bell-LaPadula
C. Clark-Wilson
Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption usingSymmetric Cryptography. A. RSA B. PKI C. Diffie_Hellmann D. 3DES
C. Diffie_Hellmann
Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms? A. Rivest, Shamir, Adleman (RSA) B. El Gamal C. Elliptic Curve Cryptography (ECC) D. Advanced Encryption Standard (AES)
C. Elliptic Curve Cryptography (ECC)
During which phase of an IT system life cycle are security requirements developed? A. Operation B. Initiation C. Functional design analysis and Planning D. Implementation
C. Functional design analysis and Planning
FIPS-140 is a standard for the security of which of the following? A. Cryptographic service providers B. Smartcards C. Hardware and software cryptographic modules D. Hardware security modules
C. Hardware and software cryptographic modules
Which of the following protocols offers native encryption? A. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP B. IPSEC, SSH, SSL, TFTP C. IPSEC, SSH, SSL, TLS D. IPSEC, SSH, PPTP, SSL, MPLS, and L2TP
C. IPSEC, SSH, SSL, TLS
Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. S/MIME and SSH B. TLS and SSL C. IPsec and L2TP D. PKCS#10 and X.509
C. IPsec and L2TP
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? A. Illuminated at nine feet high with at least three foot-candles B. Illuminated at eight feet high with at least three foot-candles C. Illuminated at eight feet high with at least two foot-candles D. Illuminated at nine feet high with at least two foot-candles
C. Illuminated at eight feet high with at least two foot-candles
Which of the following statements pertaining to link encryption is FALSE? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
C. Information stays encrypted from one end of its journey to the other.
Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design? A. Development/acquisition B. Implementation C. Initiation D. Maintenance
C. Initiation
Which of the following is not a DES mode of operation? A. Cipher block chaining B. Electronic code book C. Input feedback D. Cipher feedback
C. Input feedback
A one-way hash provides which of the following? A. Confidentiality B. Availability C. Integrity D. Authentication
C. Integrity
Which of the following statements is MOST accurate regarding a digital signature? A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.
C. It allows the recipient of data to prove the source and integrity of data.
Which of the following is not a property of the Rijndael block cipher algorithm? A. It employs a round transformation that is comprised of three layers of distinct and invertible transformations. B. It is suited for high speed chips with no area restrictions. C. It operates on 64-bit plaintext blocks and uses a 128 bit key. D. It could be used on a smart card.
C. It operates on 64-bit plaintext blocks and uses a 128 bit key.
Which of the following is true about a "dry pipe" sprinkler system? A. It is a substitute for carbon dioxide systems. B. It maximizes chances of accidental discharge of water. C. It reduces the likelihood of the sprinkler system pipes freezing. D. It uses less water than "wet pipe" systems.
C. It reduces the likelihood of the sprinkler system pipes freezing.
The Diffie-Hellman algorithm is used for: A. Encryption B. Digital signature C. Key agreement D. Non-repudiation
C. Key agreement
Which of the following can best be defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties can perform the decryption operation to retrieve the stored key? A. Key escrow B. Fair cryptography C. Key encapsulation D. Zero-knowledge recovery
C. Key encapsulation
Which of the following would be used to implement Mandatory Access Control (MAC)? A. Clark-Wilson Access Control B. Role-based access control C. Lattice-based access control D. User dictated access control
C. Lattice-based access control
Which of the following is NOT a property of the Rijndael block cipher algorithm? A. The key sizes must be a multiple of 32 bits B. Maximum block size is 256 bits C. Maximum key size is 512 bits D. The key size does not have to match the block size
C. Maximum key size is 512 bits
Which of the following can best define the "revocation request grace period"? A. The period of time allotted within which the user must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation request and the publication of the revocation information
C. Maximum response time for performing a revocation by the CA
What does the * (star) property mean in the Bell-LaPadula model? A. No write up B. No read up C. No write down D. No read down
C. No write down
Which of the following encryption methods is known to be unbreakable? A. Symmetric ciphers. B. DES codebooks. C. One-time pads. D. Elliptic Curve Cryptography.
C. One-time pads.
Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. Development/acquisition B. Implementation C. Operation/Maintenance D. Initiation
C. Operation/Maintenance
To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room? A. Order an immediate refill with Halon 1201 from the manufacturer. B. Contact a Halon recycling bank to make arrangements for a refill. C. Order a Non-Hydrochlorofluorocarbon compound from the manufacturer. D. Order an immediate refill with Halon 1301 from the manufacturer.
C. Order a Non-Hydrochlorofluorocarbon compound from the manufacturer.
Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA? A. PKCS #17799 B. PKCS-RSA C. PKCS#1 D. PKCS#11
C. PKCS#1
Which of the following statements pertaining to block ciphers is NOT true? A. It operates on fixed-size blocks of plaintext. B. It is more suitable for software than hardware implementations. C. Plain text is encrypted with a public key and decrypted with a private key. D. Some Block ciphers can operate internally as a stream.
C. Plain text is encrypted with a public key and decrypted with a private key.
What kind of encryption is realized in the S/MIME-standard? A. Asymmetric encryption scheme B. Password based encryption scheme C. Public key based, hybrid encryption scheme D. Elliptic curve based encryption
C. Public key based, hybrid encryption scheme
Which of the following is a symmetric encryption algorithm? A. RSA B. Elliptic Curve C. RC5 D. El Gamal
C. RC5
What is the name for a substitution cipher that shifts the alphabet by 13 places? A. Caesar cipher B. Polyalphabetic cipher C. ROT13 cipher D. Transposition cipher
C. ROT13 cipher
Which of the following asymmetric encryption algorithms is based on the difficulty of factoring LARGE numbers? A. El Gamal B. Elliptic Curve Cryptosystems (ECCs) C. RSA D. International Data Encryption Algorithm (IDEA)
C. RSA
Which of the following encryption algorithms does NOT deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve
C. RSA
What algorithm has been selected as the AES algorithm, replacing the DES algorithm? A. RC6 B. Twofish C. Rijndael D. Blowfish
C. Rijndael
The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? A. Black hats B. White hats C. Script kiddies D. Phreakers
C. Script kiddies
Which of the following keys has the SHORTEST lifespan? A. Secret key B. Public key C. Session key D. Private key
C. Session key
Which of the following is NOT a known type of Message Authentication Code (MAC)? A. Keyed-hash message authentication code (HMAC) B. DES-CBC C. Signature-based MAC (SMAC) D. Universal Hashing Based MAC (UMAC)
C. Signature-based MAC (SMAC)
Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? A. The Take-Grant model B. The Biba integrity model C. The Clark Wilson integrity model D. The Bell-LaPadula integrity model
C. The Clark Wilson integrity model
Which security model introduces access to objects only through programs? A. The Biba model B. The Bell-LaPadula model C. The Clark-Wilson model D. The information flow model
C. The Clark-Wilson model
Which of the following Kerberos components holds all users' and services' cryptographic keys? A. The Key Distribution Service B. The Authentication Service C. The Key Distribution Center D. The Key Granting Service
C. The Key Distribution Center
Which of the following statements pertaining to message digests is NOT true? A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Message digests are usually of fixed size.
C. The message digest should be calculated using at least 128 bytes of the file.
Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? A. The Bell-LaPadula model B. The information flow model C. The noninterference model D. The Clark-Wilson model
C. The noninterference model
Which of the following offers confidentiality to an e-mail message? A. The sender encrypting it with its private key. B. The sender encrypting it with its public key. C. The sender encrypting it with the receiver's public key. D. The sender encrypting it with the receiver's private key.
C. The sender encrypting it with the receiver's public key.
Which of the following is TRUE about link encryption? A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.
C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
When considering an IT System Development Life-cycle, security should be: A. Mostly considered during the initiation phase. B. Mostly considered during the development phase. C. Treated as an integral part of the overall system design. D. Added once the design is completed.
C. Treated as an integral part of the overall system design.
Which of the following components are considered part of the Trusted Computing Base? A. Trusted hardware and firmware. B. Trusted hardware and software. C. Trusted hardware, software and firmware. D. Trusted computer operators and system managers.
C. Trusted hardware, software and firmware.
Which type of fire extinguisher is MOST appropriate for a digital information processing facility? A. Type A B. Type B C. Type C D. Type D
C. Type C
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher? A. When the fire involves paper products B. When the fire is caused by flammable products C. When the fire involves electrical equipment D. When the fire is in an enclosed area
C. When the fire involves electrical equipment
Which of the following standards concerns digital certificates? A. X.400 B. X.25 C. X.509 D. X.75
C. X.509
The Secure Hash Algorithm (SHA-1) creates: A. a fixed length message digest from a fixed length input message. B. a variable length message digest from a variable length input message. C. a fixed length message digest from a variable length input message. D. a variable length message digest from a fixed length input message.
C. a fixed length message digest from a variable length input message.
In a known plaintext attack, the cryptanalyst has knowledge of which of the following? A. the ciphertext and the key B. the plaintext and the secret key C. both the plaintext and the associated ciphertext of several messages D. the plaintext and the algorithm
C. both the plaintext and the associated ciphertext of several messages
A code, as is pertains to cryptography: A. is a generic term for encryption. B. is specific to substitution ciphers. C. deals with linguistic units. D. is specific to transposition ciphers.
C. deals with linguistic units.
The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address? A. integrity and confidentiality B. confidentiality and availability C. integrity and availability D. none of the above
C. integrity and availability
Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. This area is referred to as the: A. smoke boundary area. B. fire detection area. C. plenum area. D. intergen area.
C. plenum area.
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? A. public keys B. private keys C. public-key certificates D. private-key certificates
C. public-key certificates
What can be defined as a momentary low voltage? A. spike B. blackout C. sag D. fault
C. sag
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to: A. specify what users can do. B. specify which resources they can access. C. specify how to restrain hackers. D. specify what operations they can perform on a system.
C. specify how to restrain hackers.
A prolonged high voltage is a: A. spike B. blackout C. surge D. fault
C. surge
Which of the following is not a physical control for physical security? A. lighting B. fences C. training D. facility construction materials
C. training
An X.509 public key certificate with the key usage attribute "non-repudiation" can be used for which of the following? A. encrypting messages B. signing messages C. verifying signed messages D. decrypting encrypted messages
C. verifying signed messages
What is the Biba security model concerned with? A. Confidentiality B. Reliability C. Availability D. Integrity
D. Integrity
What is the maximum key size for the RC5 algorithm? A. 128 bits B. 256 bits C. 1024 bits D. 2040 bits
D. 2040 bits
What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits
D. 80 bits
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature
D. A digital signature
What can be defined as: It confirms that users' needs have been met by the supplied solution? A. Accreditation B. Certification C. Assurance D. Acceptance
D. Acceptance
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm
D. An auxiliary station alarm
What is the name of the FIRST mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A. Clark and Wilson Model B. Harrison-Ruzzo-Ullman Model C. Rivest and Shamir Model D. Bell-LaPadula Model
D. Bell-LaPadula Model
In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve? A. Relief valve B. Emergency valve C. Release valve D. Clapper valve
D. Clapper valve
Which of the following is NOT an asymmetric key algorithm? A. RSA B. Elliptic Curve Cryptosystem (ECC) C. El Gamal D. Data Encryption Standard (DES)
D. Data Encryption Standard (DES)
Risk reduction in a system development life-cycle should be applied: A. Mostly to the initiation phase. B. Mostly to the development phase. C. Mostly to the disposal phase. D. Equally to all phases.
D. Equally to all phases.
In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which of the following configuration? A. Fail Soft B. Fail Open C. Fail Safe D. Fail Secure
D. Fail Secure
At which of the basic phases of the System Development Life Cycle are security requirements formalized? A. Disposal B. System Design Specifications C. Development and Implementation D. Functional Requirements Definition
D. Functional Requirements Definition
Which of the following statements pertaining to the Bell-LaPadula model is TRUE if you are NOT making use of the strong star property? A. It allows "read up." B. It addresses covert channels. C. It addresses management of access controls. D. It allows "write up."
D. It allows "write up."
Compared to RSA, which of the following is true of Elliptic Curve Cryptography (ECC)? A. It has been mathematically proved to be more secure. B. It has been mathematically proved to be less secure. C. It is believed to require longer key for equivalent security. D. It is believed to require shorter keys for equivalent security.
D. It is believed to require shorter keys for equivalent security.
Which of the following statements is TRUE about data encryption as a method of protecting data? A. It should sometimes be used for password files B. It is usually easily administered C. It makes few demands on system resources D. It requires careful key management
D. It requires careful key management
Which of the following is related to physical security and is NOT considered a technical control? A. Access control Mechanisms B. Intrusion Detection Systems C. Firewalls D. Locks
D. Locks
What algorithm was DES derived from? A. Twofish. B. Skipjack. C. Brooks-Aldeman. D. Lucifer.
D. Lucifer.
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. Message non-repudiation. B. Message confidentiality. C. Message interleave checking. D. Message integrity.
D. Message integrity.
The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following? A. K(N - 1)/ 2 B. N(K - 1)/ 2 C. K(N + 1)/ 2 D. N(N - 1)/ 2
D. N(N - 1)/ 2
The BIGGEST difference between System High Security Mode and Dedicated Security Mode is: A. The clearance required B. Object classification C. Subjects cannot access all objects D. Need-to-know
D. Need-to-know
What does the * (star) integrity axiom mean in the Biba model? A. No read up B. No write down C. No read down D. No write up
D. No write up
What security model implies a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects? A. Flow Model B. Discretionary access control C. Mandatory access control D. Non-discretionary access control
D. Non-discretionary access control
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY
D. OAKLEY
Which of the following provides coordinated procedures for minimizing loss of life, injury, and property damage in response to a physical threat? A. Business continuity plan B. Incident response plan C. Disaster recovery plan D. Occupant emergency plan
D. Occupant emergency plan
Which of the following fire extinguishing systems incorporating a detection system is currently the most recommended water system for a computer room? A. Wet pipe B. Dry pipe C. Deluge D. Preaction
D. Preaction
Which of the following statements relating to the Biba security model is FALSE? A. It is a state machine model. B. A subject is not allowed to write up. C. Integrity levels are assigned to subjects and objects. D. Programs serve as an intermediate layer between subjects and objects.
D. Programs serve as an intermediate layer between subjects and objects.
What type of key would you find within a browser's list of trusted root CAs? A. Private key B. Symmetric key C. Recovery key D. Public key
D. Public key
Which of the following is NOT an example of a block cipher? A. Skipjack B. IDEA C. Blowfish D. RC4
D. RC4
o mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it? A. Rate-of-rise temperature sensor installed on the side wall B. Variable heat sensor installed above the suspended ceiling C. Fixed-temperature sensor installed in the air vent D. Rate-of-rise temperature sensor installed below the raised floors
D. Rate-of-rise temperature sensor installed below the raised floors
Which of the following service is not provided by a public key infrastructure (PKI)? A. Access control B. Integrity C. Authentication D. Reliability
D. Reliability
Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard? A. Twofish B. Serpent C. RC6 D. Rijndael
D. Rijndael
The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is NOT one of these areas? A. Threats B. Countermeasures C. Vulnerabilities D. Risks
D. Risks
Which of the following is the most costly countermeasure to reducing physical security risks? A. Procedural Controls B. Hardware Devices C. Electronic Systems D. Security Guards
D. Security Guards
Scenario: What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples? A. *-Property and Polymorphism B. Strong *-Property and Polyinstantiation C. Simple Security Property and Polymorphism D. Simple Security Property and Polyinstantiation
D. Simple Security Property and Polyinstantiation
Which of the following statements pertaining to air conditioning for an information processing facility is TRUE? A. The AC units must be controllable from outside the area. B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room. C. The AC units must be on the same power source as the equipment in the room to allow for easier shutdown. D. The AC units must be dedicated to the information processing facility.
D. The AC units must be dedicated to the information processing facility.
Which of the following security models does NOT concern itself with the flow of data? A. The information flow model B. The Biba model C. The Bell-LaPadula model D. The noninterference model
D. The noninterference model
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is: A. Concern that the laser beam may cause eye damage. B. The iris pattern changes as a person grows older. C. There is a relatively high rate of false accepts. D. The optical unit must be positioned so that the sun does not shine into the aperture.
D. The optical unit must be positioned so that the sun does not shine into the aperture.
Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate? A. The project will be completed late. B. The project will exceed the cost estimates. C. The project will be incompatible with existing systems. D. The project will fail to meet business and user needs.
D. The project will fail to meet business and user needs.
The RSA Algorithm uses which mathematical concept as the basis of its encryption? A. Geometry B. 16-round ciphers C. PI (3.14159...) D. Two large prime numbers
D. Two large prime numbers
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? A. Transient Noise B. Faulty Ground C. Brownouts D. UPS
D. UPS
Which of the following statements pertaining to fire suppression systems is TRUE? A. Halon is today the most common choice as far as agents are concerned because it is highly effective in the way that it interferes with the chemical reaction of the elements within a fire. B. Gas masks provide an effective protection against use of CO2 systems. They are recommended for the protection of the employees within data centers. C. CO2 systems are NOT effective because they suppress the oxygen supply required to sustain the fire. D. Water Based extinguishers are NOT an effective fire suppression method for class C (electrical) fires.
D. Water Based extinguishers are NOT an effective fire suppression method for class C (electrical) fires.
Which of the following issues is not addressed by digital signatures? A. nonrepudiation B. authentication C. data integrity D. denial-of-service
D. denial-of-service
Examples of types of physical access controls include all EXCEPT which of the following? A. badges B. locks C. guards D. passwords
D. passwords
Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of: A. administrative controls. B. logical controls. C. technical controls. D. physical controls.
D. physical controls.
The "vulnerability of a facility" to damage or attack may be assessed by all of the following EXCEPT: A. Inspection B. History of losses C. Security controls D. security budget
D. security budget