CISSP Wrong Questions

Q. 140 Abnormal or unauthorized activities detectable to an IDS include which of the following? (Choose all that apply.) A. External connection attempts B. Execution of malicious code C. Access to controlled objects D. None of the above

A, B, C. IDSs watch for violations of confidentiality, integrity, and availability. Attacks recognized by IDSs can come from external connections (such as the Internet or partner networks), viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.

Q. 66 Which of the following are elements of the Process for Attack Simulation and Threat Analysis (PASTA), a seven-step threat modeling methodology? (Choose all that apply.) A. Definition the Objectives (DO) for the Analysis of Risks B. Definition of the Technical Scope (DTS) C. Containment and Eradication (CE) D. Application Decomposition and Analysis (ADA) E. Threat Analysis (TA) F. Weakness and Vulnerability Analysis (WVA) G. Attack Modeling and Simulation (AMS)

A, B, D, E, F, G The seven steps of PASTA are: Definition the Objectives (DO) for the Analysis of Risks, Definition of the Technical Scope (DTS), Application Decomposition and Analysis (ADA), Threat Analysis (TA), Weakness and Vulnerability Analysis (WVA), Attack Modeling and Simulation (AMS), and Risk Analysis and Management (RAM). Containment and Eradication (CE) is not a step of PASTA. Instead, these are two elements of a typical incident response policy.

Q. 96 What is a covert channel? A. A method that is used to pass information and that is not normally used for communication B. Any communication used to transmit secret or top-secret data C. A trusted path between the TCB and the rest of the system D. Any channel that crosses the security perimeter

A. A covert channel is any method that is used to secretly pass data and that is not normally used for communication. All the other options describe normal communication channels.

Q. 132 Which firewall type looks exclusively at the message header to determine whether to transmit or drop data? A. Static packet filtering B. Application-level gateway C. Stateful inspection D. Dynamic packet filtering

A. A static packet-filtering firewall filters traffic by examining data from a message header

Q. 119 Identification is the first step toward what ultimate goal? A. Accountability B. Authorization C. Auditing D. Nonrepudiation

A. Accountability is the ultimate goal of a process started by identification.

What is system accreditation? A. Formal acceptance of a stated system configuration B. A functional evaluation of the manufacturer's goals for each hardware and software component to meet integration standards C. Acceptance of test results that prove the computer system enforces the security policy D. The process to specify secure communication between machines

A. Accreditation is the formal acceptance process. Option B is not an appropriate answer because it addresses manufacturer standards. Options C and D are incorrect because there is no way to prove that a configuration enforces a security policy and accreditation does not entail secure communication specification.

Q. 86 What term describes the processor mode used to run the system tools used by administrators seeking to make configuration changes to a machine? A. User mode B. Supervisory mode C. Kernel mode D. Privileged mode

A. All user applications, regardless of the security permissions assigned to the user, execute in user mode. Supervisory mode, kernel mode, and privileged mode are all terms that describe the mode used by the processor to execute instructions that originate from the operating system.

Q. 3 What is an access control list (ACL) based on? A. An object B. A subject C. A role D. An account

A. An ACL is based on an object and includes a list of subjects that are granted access. A capability table is focused on a subject and includes a list of objects the subject can access. Roles and accounts are examples of subjects and may be included in an ACL, but they aren't the focus.

Q. 22 The loss of signal strength and integrity over distance on a cable is known as what? A. Attenuation B. Deencapsulation C. Degradation D. Defragmentation

A. Attenuation is the loss of signal strength and integrity over distance on a cable.

Q. 10 Which of the following is a component or element of IPsec that provides authentication, integrity, and nonrepudiation? A. Authentication Header B. Challenge Handshake Authentication Protocol C. Encapsulating Security Payload D. Terminal Access Controller Access Control System

A. Authentication Header (AH) provides authentication, integrity, and nonrepudiation.

Q. 11 A _______________ contains levels with various compartments that are isolated from the rest of the security domain. A. Hybrid environment B. Compartmentalized environment C. Hierarchical environment D. Security environment

A. Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.

Q. 18 What are the well-known ports? A. 0 to 1,023 B. 80, 135, 110, 25 C. 0 to 65, 536 D. 32,000 to 65,536

A. Ports 0 to 1,023 are the well-known ports.

Q. 116 What type of access control system is deployed to physically stop unwanted or unauthorized activity and access? A. Preventive access control B. Deterrent access control C. Directive access control D. Compensation access control

A. Preventive access control is deployed to stop or thwart unwanted or unauthorized activity from occurring.

Q. 83 Which of the following is not a typical security concern with VoIP? A. VLAN hopping B. Caller ID falsification C. Vishing D. SPIT

A. VLAN hopping is a switch security issue, not a VoIP security issue. Caller ID falsification, vishing, and SPIT (spam over Internet telephony) are VoIP security concerns.

Q. 141 Beth is planning to run a network port scan against her organization's web server. What ports should she expect will be open to the world? A. 80 and 443 B. 22 and 80 C. 80 and 1433 D. 22, 80, and 443

A. Web servers should expose ports 80 and/or 443 to the world to support HTTP and/or HTTPS connections. Port 22, used by SSH, and port 1433, used by SQL Server databases, should not normally be publicly exposed.

Q. 32 What is confidentiality dependent on? A. Integrity B. Availability C. Nonrepudiation D. Auditing

A. Without object integrity, confidentiality cannot be maintained. In fact, integrity and confidentiality depend on one another.

Q. 2 The term personal area network is most closely associated with what wireless technology? A. 802.15 B. 802.11 C. 802.16 D. 802.3

A.802.15 (aka Bluetooth) creates personal area networks (PANs).

Q. 120 What is a Type I hypervisor? A. A bare-metal hypervisor B. A hosted hypervisor C. A typical desktop virtualization system D. A means of virtualizing applications in a container

A.A Type I hypervisor is a native or bare-metal hypervisor. In this configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where the host OS would normally reside. Type 1 hypervisors are often used to support server virtualization. A Type II hypervisor is a hosted hypervisor. In this configuration, a standard regular OS is present on the hardware, and then the hypervisor is installed as another software application. Type II hypervisors are often used in relation to desktop deployments, where the guest OSs offer safe sandbox areas to test new code, allow the execution of legacy applications, support apps from alternate OSs, and provide the user with access to the capabilities of a host OS.

Q. 22 What is used to increase the strength of cryptography by creating a unique cipher text every time the same message is encrypted with the same key? A. Initialization vector B. Vignere cipher C. Steganography D. Stream cipher

A.An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key.

Q. 32 When an organization is attempting to identify risks, what should they identify first? A. Assets B. Threats C. Vulnerabilities D. Public attacks

A.An organization must first identify the value of assets when identifying risks so that they can focus on the potential risks for their most valuable assets. They can then identify threats and vulnerabilities related to these assets. Public attacks can be evaluated to determine whether they present a risk to the organization, but this should not be the first step.

Q. 11 Which of the following is not true? A. Policies, standards, baselines, guidelines, and procedures can be combined in a single document. B. Not all users need to know the security standards, baselines, guidelines, and procedures for all security classification levels. C. When changes occur, it is easier to update and redistribute only the affected material rather than update a monolithic policy and redistribute it. D. Higher up the formalization structure (that is, security policies), there are fewer documents because they are general broad discussions of overview and goals. Further down the formalization structure (that is, guidelines and procedures), there are many documents because they contain details specific to a limited number of systems, networks, divisions, areas, and so on.

A.Avoid combining policies, standards, baselines, guidelines, and procedures in a single document. Each of these structures must exist as a separate entity because each performs a different specialized function.

Q. 26 What protocol manages the security associations used by IPsec? A. ISAKMP B. SKIP C. IPComp D. SSL

A.The Internet Security Association and Key Management Protocol (ISAKMP) provides background security support services for IPsec, including managing security associations.

Q. 41 Which of the following cipher algorithms uses the longest key? A. One-time pad cipher B. Caesar cipher C. Vigenère cipher D. Columnar transposition cipher

A.The one-time pad uses a key that is equal in length to the message. All of the other algorithms use keys that are shorter than the message.

Q. 37 The security role of ________________ is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management. A. Data custodian B. Data owner C. Auditor D. InfoSec officer

A.The security role of data custodian is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management.

Q. 23 In the Biba model, what rule prevents a user from reading from lower levels of classification? A. Star axiom B. Simple property C. No read up D. No write down

B .The Biba simple property rule is "no read down." The Biba star axiom is "no write up". "No read up" is the simple rule for Bell LaPadula. "No write down" is the star rule for Bell LaPadula.

Q. 9 Which of the following statements is true? A. An open system does not allow anyone to view its programming code. B. A closed system does not define whether or not its programming code can be viewed. C. An open source program can only be distributed for free. D. A closed source program cannot be reverse engineered or decompiled.

B. A closed system is designed to work well with a narrow range of other systems, generally all from the same manufacturer. The standards for closed systems are often proprietary and not normally disclosed. However, a closed system (as a concept) does not define whether or not its programming code can be viewed. An open system (as a concept) also does not define whether or not its programming code can be viewed. An open source program can be distributed for free or for a fee. A closed source program can be reverse engineered or decompiled.

Q. 23 What is split-DNS? A. Dividing the zone file between two primary authoritative servers B. Dividing internal DNS from external DNS C. Dividing DNS web records from other services on two public DNS servers D. Hosting two domain sets on a single primary authoritative server

B. A split-DNS is deploying a DNS server for public use and a separate DNS server for internal use. All data in the zone file on the public DNS server is accessible by the public via queries or probing. However, the internal DNS is for internal use only. Only internal systems are granted access to interact with the internal DNS server.

When you're designing a security system for internet-delivered email, which of the following is least important? A. Nonrepudiation B. Availability C. Message integrity D. Access restriction.

B. Although availability is a key aspect of security in general, it is the least important aspect of security systems for internet-delivered email.

Q. 4 Which one of the following is an example of a third-generation language? A. Assembly language B. C++ C. SQL D. Machine language

B. C++ and other compiled languages are third generation programming languages.

Q. 61 A system that can readily identify and actively repel forms of network-driven attacks is what kind of system? A. Intrusion detection system B. Intrusion prevention system C. Behavior-based system D. Signature-based system

B. Intrusion prevention systems (IPSs) pick up where intrusion detection systems (IDSs) leave off by actively denying any illicit traffic patterns they detect.

Q. 101 Which type of access control system relies on using classification labels that are representative of security domains and realms? A. Nondiscretionary access control B. Mandatory access control C. Discretionary access control D. Logical access control

B. Mandatory access control enforces an access policy that is determined by the system, not the object owner.

Q. 60 Which one of the following tools is used primarily to perform network vulnerability scans? A. nmap B. Nessus C. Metasploit D. lsof

B. Nessus is a network vulnerability scanning tool that searches systems for known vulnerabilities while minimizing damage caused during the assessment. The tool nmap is used to detect live systems and the status of ports; it is not considered a vulnerability scanner. Metasploit is an exploitation framework that can cause damage to assessed systems. The Linux command lsof is used to "list open files."

Q. 109 What phase of the Electronic Discovery Reference Model performs a rough cut of irrelevant information? A. Collection B. Processing C. Review D. Analysis

B. Processing screens the collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening.

Q. 136 What is the Delphi technique? A. A security model B. A form of qualitative risk analysis C. An encryption mechanism D. A security audit process

B. The Delphi technique is a form of qualitative risk analysis that uses an anonymous feedback-and-response process to arrive at a group consensus.

Q. 122 What regulation formalizes the prudent man rule that requires senior executives to take personal responsibility for their actions? A. CFAA B. Federal Sentencing Guidelines C. GLBA D. Sarbanes-Oxley

B. The Federal Sentencing Guidelines released in 1991 formalized the prudent man rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.

What is the first step that individuals responsible for the development of a business continuity plan should perform? A. BCP team selection B. Business organization analysis C. Resource requirements analysis D. Legal and regulatory assessment

B. The business organization analysis helps the initial planners select appropriate BCP team members and then guides the overall BCP process.

Q. 110 Which of the following is not a step or element of AAA services? A. Identification B. Availability C. Authorization D. Accounting

B. The five elements of AAA services in order are identification, authentication, authorization, auditing, and accounting. Availability is not part of AAA services, but it is part of the CIA triad.

Q. 10 Which of the following elements of teaching is considered a prerequisite for the others? A. Education B. Awareness C. Training D. Certification

B.Awareness must be established before actual training can take place.

Q. 9 Which of the following is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI)? A. ISO 17799 Your selection is incorrect B. COBIT C. OSSTMM D. Common Criteria (IS 15408)

B.Control Objectives for Information and Related Technology (COBIT) is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI).

Q. 4 What Internet standard does all public email comply with? A. IEEE 802.11 B. X.400 C. X.509 D. LDAP

B.Internet email must comply with the X.400 standard.

Q. 6 Which of the following is not a feature of packet switching? A. Bursty traffic focused B. Fixed known delays C. Sensitive to data loss D. Supports any type of traffic

B.Packet switching has variable delays; circuit switching has fixed known delays. However, packet switching is still preferred overall because it is less sensitive to hardware pathway loss.

Q. 40 If you require hourly updates to backup facilities, what option do you choose? A. Manual backups B. Remote journaling C. Remote mirroring D. Remote control

B.Remote journaling data transfers are performed expeditiously on a frequent (usually hourly) basis through copies of the transaction logs.

Q. 25 What package provides secure replacements for common Internet utilities like FTP and some internal network utilities like rexec? A. PGP B. SSH C. PEM D. SSL

B.Secure Shell (SSH) provides secure replacements for a number of common Internet utilities, such as converting FTP to SFTP, and internal network utilities, such as converting rexec to sexec.

Q. 34 What type of attack uses malicious email and targets a group of employees within a single company? A. Phishing B. Spear phishing C. Whaling D. Vishing

B.Spear phishing targets a specific group of people such as a group of employees within a single company. Phishing goes to anyone without any specific target. Whaling is a form of phishing that targets high-level executives. Vishing is a form of phishing that commonly uses Voice over IP (VoIP).

Q. 24 Which of the following algorithms/protocols provides inherent support for nonrepudiation? A. HMAC B. DSA C. MD5 D. SHA-1

B.The Digital Signature Algorithm (as specified in FIPS 186-2) is the only one of the algorithms listed here that supports true digital signatures, providing integrity verification and nonrepudiation. HMAC allows for the authentication of message digests but supports only integrity verification. MD5 and SHA-1 are message digest creation algorithms and can be used in the generation of digital signatures but provide no guarantees of integrity or nonrepudiation in and of themselves.

Q. 30 The __________ of a process consist of limits set on the memory addresses and resources it can access. This also states or defines the area within which a process is confined. A. Isolation B. Bounds C. Confinement D. Authentication

B.The bounds of a process consist of limits set on the memory addresses and resources it can access. The bounds state or define the area within which a process is confined.

Q. 7 What is the primary purpose of change management? A. To prevent unwanted reductions to security B. To allow management to review all changes C. To delay the release of mission-critical patches D. To improve productivity of end users

B.The primary purpose of change management is to allow management to review all changes. However, it is true that the overall goal of change management is to prevent unwanted reductions to security.

Q. 21 What is the value of the logical operation shown here?(NOTE: Images may not function on all devices or browsers) A. 0 1 1 1 1 1 B. 1 1 0 0 1 0 C. 0 0 1 0 0 0 D. 0 0 1 1 0 1

B.The ~ symbol represents the NOT function, which inverts the bits of the affected variable. In this case, the X value is not used.

Q. 15 Which of the following is an example of an interpreted language? A. C++ B. VBScript C. Java D. Fortran

B.VBScript is the only example of an interpreted language listed. C++, Java, and Fortran are compiled languages.

Q. 142 Which security mechanism is used to verify whether the directive and preventive controls have been successful? A. Directive control B. Preventive control C. Detective control D. Corrective control

C. A detective control is a security mechanism used to verify whether the directive and preventive controls have been successful.

Q. 62 A process can function or operate as _______________. A. Subject only B. Object only C. Subject or object D. Neither a subject nor an object

C. A process can function or operate as a subject or object. In fact, many elements within an IT environment, including users, can be subjects or objects in different access control situations.

Q. 147 Which of the following is not an element defined under the Clark-Wilson model? A. Constrained data item B. Transformation procedures C. Redundant commit statement D. Integrity verification procedure

C. A redundant commit statement is not associated with the Clark-Wilson model; it is instead an element in database replication. The Clark-Wilson model does define the constrained data item, transformation procedures, and integrity verification procedure.

Q. 143 Biometric authentication devices fall under what top-level authentication factor type? A. Type 1 B. Type 2 C. Type 3 D. Type 4

C. Biometric authentication devices represent a Type 3 (something you are) authentication factor.

Q. 102 Which security protocol automatically performs reauthentication of the client system throughout the connected session in order to detect session hijacking? A. SSL B. SSH C. CHAP D. LEAP

C. CHAP is a security protocol that automatically performs reauthentication of the client system throughout the connected session in order to detect session hijacking.

Q. 91 What evidence standard do most civil investigations follow? A. Beyond a reasonable doubt B. Beyond the shadow of a doubt C. Preponderance of the evidence D. Clear and convincing evidence

C. Civil investigations typically follow the "preponderance of the evidence" standard.

Q. 73 What attack involves an interruptive malicious user positioned between a client and server attempting to take over? A. Man-in-the-middle B. Spoofing C. Hijacking D. Cracking

C. In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over.

Q. 84 What networking device can be used to extend the maximum usable length of network cabling? A. Router B. Firewall C. Repeater D. Bridge

C. Long cable lengths can often be supplemented through the use of repeaters or concentrators. A repeater is just a signal amplification device.

Q. 65 You discover a virus that is written in the language Visual Basic for Applications. What type of virus have you likely found? A. MBR B. Stealth C. Macro D. Service injection

C. Macro viruses use scripting languages such as Visual Basic for Applications.

Q. 39 What network devices operate within the Physical layer? A. Bridges and switches B. Firewalls C. Hubs and repeaters D. Routers

C. Network hardware devices that function at layer 1, the Physical layer, are hubs and repeaters.

What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them? A. Inference B. Manipulation C. Polyinstantiation D. Aggregation

C. Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels.

Q. 67 Which of the following is not a protocol used by the standard Internet-based email system? A. SMTP B. POP3 C. PEM D. IMAP

C. Privacy Enhanced Mail (PEM) is not a standard Internet email protocol; it is an add-on encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation.

Q. 29 What sort of system defines subject access through subject roles (job descriptions) and subject tasks (job functions)? A. Rule-based access control B. Mandatory access control C. Role-based access control D. Discretionary access control

C. Role-based access control uses a well-defined collection of named job roles to endow each one with specific permissions, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.

Q. 1 What port is used by Transport Layer Security (TLS) to provide secure web connections? A. 25 B. 81 C. 443 D. 8080

C. TLS uses port 443 to generate secure client-server web connections.

Q. 13 Which one of the following items is not a critical piece of information in the chain of evidence? A. General description of the evidence B. Name of the person collecting the evidence C. Relationship of the evidence to the crime D. Time and date the evidence was collected

C. The chain of evidence does not require that the evidence collector know or document the relationship of the evidence to the crime.

If a 2,048-bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be? A. 1,024 bits B. 2,048 bits C. 4,096 bits D. 8,192 bits

C. The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plain-text message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.

What security model has a feature that has one name or label, but when implemented into a solution, takes on the name or label of the security kernel? A. Graham-Denning model B. Deployment modes C. Trusted computing base D. Chinese Wall

C. The trusted computing base (TCB) has a component known as the reference monitor in theory, which becomes the security kernel in implementation.

Q. 82 Which of the following is true? A. Tunneling is always secure. B. Tunneling is available only on IP networks. C. Tunneling prevents security control devices from inspecting the actual content of the transmitted data. D. Tunneling is a mechanism found exclusively in software.

C. The tunneling process prevents security control devices from blocking or dropping the communication because such devices don't know what the contents of the packets actually are.

Q. 12 What database element is equivalent to a single attribute? A. Table B. Row C. Column D. Attribute

C.A database column contains the data corresponding to a single attribute for all records in the table.

Q. 29 ____________ is a weakness in cryptography where a plain-text message generates identical cipher-text messages using the same algorithm but using different keys. A. Nonce B. Aggregation C. Clustering D. Collusion

C.Clustering (aka key clustering) is a weakness in cryptography where a plain-text message generates identical cipher-text messages using the same algorithm but different keys.

Q. 18 Which of the following is nested RAID involving the mirroring of striped drive sets with evenly distributed parity data? A. RAID 1 B. RAID 6 C. RAID 1+5 D. RAID 1+0

C.RAID 1+5 is nested RAID involving the mirroring (RAID 1) of striped drive sets with evenly distributed parity data (RAID 5).

Q. 33 Which of the following is not a valid security measure to protect against brute-force and dictionary attacks? A. Enforce strong passwords through a security policy. B. Maintain strict control over physical access. C. Require all users to log in remotely. D. Use two-factor authentication.

C.Requiring users to log in remotely does not protect against password attacks such as brute-force or dictionary attacks. Strong password policies, physical access control, and two-factor authentication all improve the protection against brute-force and dictionary password attacks.

Q. 13 Which of the following is not an aggregate function in SQL? A. MAX() B. SUM() C. SELECT() D. AVG()

C.SELECT() is not an aggregate function but an SQL command. MAX() is an aggregate function that selects the maximum value from a set. SUM() is an aggregate function that adds values together. AVG() is an aggregate function that determines the mathematical average of a series of values.

Q. 19 Which one of the following files is least likely to contain a virus? A. COMMAND.COM B. SOLITAIRE.EXE C. SECRET.TXT D. LOVE.VBS

C.The filename extension .txt is normally used to describe text files, which do not contain executable code. Thus, it is the least likely type of file to contain a virus. A virus typically needs a host that can provide the virus with execution capability.

Q. 36 When assigning a classification label, which of the following is not an essential criterion? A. Value or cost B. Data disclosure damage assessment C. Source or origin D. Maturity or age

C.The source or origin of a resource is rarely a serious criterion in the assignment of a classification label. The other options are just a few of the important criteria of classification assignment.

Q. 39 What document should state where critical business information will be stored? A. Business impact assessment B. Statement of purpose C. Vital records program D. Emergency-response guidelines

C.The vital records program states where critical business records will be stored and the procedures for making and storing backup copies of those records.

Q. 8 When attempting to impose accountability on users, what key issue must be addressed? A. Reliable log storage system B. Proper warning banner notification C. Legal defense/support of authentication D. Use of discretionary access control

C.To effectively hold users accountable, your security must be legally defensible. Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.

Q. 20 What is the length of protection offered by trademark law without requiring a renewal? A. 5 years B. 7 years C. 10 years D. 20 years

C.Trademarks are protected for an initial 10-year period and may be renewed for unlimited successive 10-year periods.

Q. 16 What form of interference is generated by a difference in power between hot and neutral wires of a power source? A. Radio frequency interference B. Cross-talk noise C. Traverse mode noise D. Common mode noise

C.Traverse mode noise is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment.

When a trusted subject violates the star property of Bell-LaPadula in order to write an object into a lower level, what valid operation could be taking place? A. Perturbation B. Polyinstantiation C. Aggregation D. Declassification

D. Declassification is the process of moving an object into a lower level of classification once it is determined that it no longer justifies being placed at a higher level. Only a trusted subject can perform declassification because this action is a violation of the verbiage of the star property of Bell-LaPadula, but not the spirit or intent, which is to prevent unauthorized disclosure.

Q. 3 What frequency does an 802.11n-compliant device employ that allows it to maintain support for legacy 802.11g devices? A. 5 GHz B. 900 MHz C. 7 GHz D. 2.4 GHz

D.802.11n can use the 2.4 GHz and 5 GHz frequencies. The 2.4 GHz frequency is also used by 802.11g and 802.11b. The 5 GHz frequency is used by 802.11a, 802.11n, and 802.11ac.

Q. 76 Which of the following tools is most useful in sorting through large log files to search for intrusion-related events? A. Text editor B. Vulnerability scanner C. Password cracker D. SIEM

D. A Security Information and Event Management (SIEM) system is the best tool to search through large log files looking for intrusion-related events. A text editor requires manually looking at logs. Vulnerability scanners and password crackers are not used to search through log files looking for intrusions.

What is a security control? A. A security component that stores attributes that describe an object B. A document that lists all data classification types C. A list of valid access rules D. A mechanism that limits access to an object

D. A control limits access to an object to protect it from misuse by unauthorized users.

Q. 6 Which of the following network devices is used to connect networks that are using different network protocols? A. Bridge B. Router C. Switch D. Gateway

D. A gateway connects networks that are using different network protocols.

Q. 43 What is the client source port of a secured web communication? A. 1024 B. 80 C. 443 D. A dynamic port

D. Client source ports are dynamic ports (i.e., randomly selected port number between 1024-65,535) for most Application layer protocols, including secure web communications (i.e., HTTPS).

Q. 28 What type of alternate processing facility takes advantage of Infrastructure as a Service (IaaS) providers? A. Hot site B. Warm site C. Cold site D. Cloud site

D. Cloud service providers offer Infrastructure-as-a-Service options that are ideal backup sites.

Q. 34 Which type of control provides extended options to existing controls and aids or supports administrative security policy? A. Recovery access control B. Corrective access control C. Restorative access control D. Compensation access control

D. Compensation access control is deployed to provide various options to existing controls to help enforce and support a security policy.

Q. 78 Once a system is compromised, _______________ is deployed to restore it to its previous known-good state. A. Compensation access control B. Recovery access control Your selection is incorrect C. Restorative access control D. Corrective access control

D. Corrective access control is deployed to restore systems to normal after an unwanted or unauthorized activity has occurred.

Q. 64 Which network topology offers multiple routes to each node to protect from multiple segment failures? A. Ring B. Star C. Bus D. Mesh

D. Mesh topologies provide redundant connections to systems, allowing multiple segment failures without seriously affecting connectivity.

Which one of the following encryption algorithms is now considered insecure? A. El Gamal B. RSA C. Elliptic Curve Cryptography D. Merkle-Hellman Knapsack

D. The Merkle-Hellman Knapsack algorithm, which relies on the difficulty of factoring super-increasing sets, has been broken by cryptanalysts.

Q. 17 What is the biggest problem with computer-based information when used as evidence? A. It is considered hearsay. B. It is not accepted in court. C. It cannot be contained. D. It may be volatile.

D. The biggest problem with computer evidence is that some of it may be volatile, meaning it can be lost with the loss of power. Finding and preserving volatile evidence from memory is the most challenging aspect of gathering computer evidence. Although computer evidence is usually considered hearsay, there is an exception to the hearsay rule that makes it admissible (specifically if it was created by a normal business operation and supported by a witness).

Q. 81 UDP is a connectionless protocol that operates at the Transport layer of the OSI model and uses ports to manage simultaneous connections. Which of the following terms also is related to UDP? A. Bits B. Logical addressing C. Data reformatting D. Simplex

D. UDP is a simplex protocol at the Transport layer.

Q. 38 If a specific step-by-step guide does not exist that prescribes how to accomplish a necessary task, which of the following is used to create such a document? A. Policy B. Standard C. Procedure D. Guideline

D.A guideline offers recommendations on how standards and baselines are implemented and serves as an operational guide for both security professionals and users. Guidelines are flexible so they can be customized for each unique system or condition and can be used in the creation of new procedures (i.e., step-by-step guides).

Q. 28 From within the Bell-LaPadula model, what is allowed to violate the star property, but when doing so does not actually violate security? A. End users B. Intruders C. Root administrators D. Trusted subject

D.A trusted subject can violate the star property of "no write down" in the act of declassification, which is not an actual violation of security.

Q. 14 What type of data model does the Domain Name System (DNS) use? A. Relational B. Distributed C. Transactional D. Hierarchical

D.DNS uses a hierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.

Q. 5 Which of the following is not a benefit of NAT? A. Use of RFC 1918 addresses B. Fewer leased public addresses C. Hidden configuration of internal systems D. Access initiations from external entities

D.NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.

Q. 17 What method is not integral to assuring effective and reliable security staffing? A. Screening B. Bonding C. Training D. Conditioning

D.Screening, bonding, and training are all vital procedures for ensuring effective and reliable security staffing because they verify the integrity and validate the suitability of said staffers.

Q. 35 What part of the Common Criteria specifies the claims of security from the vendor that are built into a target of evaluation? A. Protection profiles B. Evaluation assurance level C. Certificate authority D. Security target

D.Security targets (STs) specify the claims of security from the vendor that are built into a TOE.

What type of mitigation provision is utilized when redundant communications links are installed? A. Hardening systems B. Defining systems C. Reducing systems D. Alternative systems

D.This is an example of alternative systems. Redundant communications circuits provide backup links that may be used when the primary circuits are unavailable.

Q. 27 Which wireless security protocol makes use of AES cryptography? A. WPS B. WEP C. WPA D. WPA2

D.WPA2 replaces RC4 and TKIP (used by the original WPA) with AES and CCMP cryptography.

Q. 31 ___________ is a form of programming attack that is used to either falsify information being sent to a visitor or cause their system to give up information without authorization. A. SQL injection B. Buffer overflow C. DDoS D. XML exploitation

D.XML exploitation is a form of programming attack that is used to either falsify information being sent to a visitor or cause their system to give up information without authorization.