IT Security Foundations
If SLE is calculated at $2,500 and there are an anticipated 4 occurrences a year (ARO), then ALE is: A) $10,000 B) $5,000 C) $2,500 D) $625
A) $10,000
Accordingly, you are expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon A) Multifactor B) Biometrics C) Smartcard D) Kerberos
A) Multifactor
Which of the following terms implies hosting data from more than one customer on the same equipment? A) Multitenancy B) Duplexing C) Bastioning D) Fashioning
A) Multitenancy
Which cloud delivery model is implemented by a single organization, enabling it to be implemented behind a firewall? A) Private B) Public C) Community D) Hybrid
A) Private
Which access control method model grants rights or privileges based on a user's job function or position held? A) RBAC B) MAC C) DAC D) CAC
A) RBAC
Which of the following is the most widely used asymmetric algorithm today? A) RSA B) AES C) 3DES D) SHA
A) RSA
What type of attack captures portions of a session to play back later to convince a host that it is still talking to the original connection? A) Replay B) Echo C) Duplication D) Reprise
A) Replay
Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to live with it? A) Risk acceptance B) Risk avoidance C) Risk deterrence D) Risk mitigation E) Risk transferrence
A) Risk acceptance
Dennis has implemented an authentication system that uses a password, a PIN, and the user's birthday. What best describes this system? A) Single factor B) Two factor C) Three factor D) Strong authentication
A) Single factor
Which of the following is a method of capturing a virtual machine at a given point in time? A) Snapshot B) Photograph C) Syslog D) WMI
A) Snapshot
Which kind of security attack is a result of the trusting nature of human beings?: A) Social engineering B) Friendly neighbor C) Sociologic D) Human nature
A) Social engineering
Which of the following can be implemented as a software or hardware solution and is usually associated with a device - a router, a firewall, a NAT device, etc. - used to shift a load from one device to another? A) Proxy B) Hub C) Load balancer D) Switch
C) Load balancer
Which specification is an estimation of how long a component will last?: A) MTFE B) MTTR C) MTBF D) MTAR
C) MTBF
Which type of risk strategy is undertaken when you attempt to reduce the risk? A)transference B) assessment C) mitigation D) avoidance
C) Mitigation
Locking the doors to the server room involves what kind of security? A)Management B)Operational C) Physical D)Organizational
C) Physical
A certificate authority (CA) is an organization responsible for doing three of the following activities with certificates. Which one is NOT an activity for which the CA is responsible? A) Issuing B) Revoking C) Promoting D) Distributing
C) Promoting
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A) Man in the Middle attack B) Backdoor attack C) Replay attack D) TCP/IP hijacking
C) Replay attack
Which of the following devices is most capable of providing infrastructure security? A) Hub B) Switch C) Router D) Modem
C) Router
A _____ is an update to a software product that corrects known problems and adds updates that extend functionality. A) Hotfix B) Overhaul C) Service pack D) Security update
C) Service pack
What term describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? A) Patch infiltration B) XML injection C) Session hijacking D) DTB exploitation
C) Session hijacking
Which type of attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit? Question 2 options: A) NRZ B) Faulty access point C) Ordinal data D) Evil twin
D) Evil twin
A _____ is used to provide EMI and RFI shielding for an entire room of computer or electronic equipment, and is also used to prevent electronic eavesdropping. A) Cone of silence B) Room shield C) Smart shield D) Faraday cage
D) Faraday cage
Separation of duties policies are designed to reduce the risk of what? A) Breach of confidentiality B) Burn C) Turnover D) Fraud
D) Fraud
Wireless Ethernet conforms to which IEEE standard? Question 1 options: A) IEEE 1394 B) IEEE 802.2 C) IEEE 802.10 D) IEEE 802.11
D) IEEE 802.11
How does a user obtain a Message Authentication Code (MAC)? A) It is assigned by the encryption software manufacturer. B) It is applied for from a third-party organization. C) It is specified by the user before the encryption software runs. D) It is derived from the message itself using an algorithm.
D) It is derived from the message itself using an algorithm.
Which authentication method uses a key distribution center (KDC)? A) CHAP B) Login and authentication C) Identification and authentication D) Kerberos
D) Kerberos
Personal smartphones at work create a potential security risk due to which of the following? A) Operating system incompatibility B) Large storage capacity C) Widespread use D) Potential for malware introduction
D) Potential for malware introduction
What is it known as when an attacker manipulates database code to take advantage of a weakness in it? A) XSS B) XML manipulation C) LDAP injection D) SQL injection
D) SQL injection
What is the term for restricting an application to a safe/restricted resource area? A)Multitenancy B) Fencing C) Securing D) Sandboxing
D) Sandboxing
Which "X." standard from ITU-T defines certificate formats and fields for public keys? A) X.300 B) X.305 C) X.500 D) X.509
D) X.509
Which of the following attempts to detect exfiltration of data? A) HSM B) TPM C) EAL D) DLP
D) DLP
Consider the following scenario: The asset value of your company's primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornadoes in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the SLE for this scenario? A) $2 million B) $1 million C) $500,000 D) $33,333.33 E) $16,667
A) $2 Million
What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on things such as the MAC address of your machine and the serial number of the packet? A) 128-bit B) 64-bit C) 56-bit D) 2-bit
A) 128-bit
Which of the following best describes an ACL? A) ACLs provide individual access control to resources. B) ACLs aren't used in today's systems. C) The ACL process is dynamic in nature. D) ACLs are used to authenticate users.
A) ACLs provide individual access control to resources.
Which of the following is used to refer to any sophisticated series of related attacks taking place over an extended period of time? A) APT B) TAP C) RSA D) EST
A) APT
Which of the following is a notification that an unusual condition exists and should be addressed when possible? A) Alert B) Trend C) Alarm D) Trap
A) Alert
Which of the following is the process of ensuring that policies, procedures, and regulations are carried out in a manner consistent with organizational standards?: A) Auditing B) Inventory review C) SOX D) Baselining
A) Auditing
Which of the following terms refers to the process of using a metric to establish one or more standards for secure operation, from which changes can be documented and accounted for? A) Baselining B) Security evaluation C) Hardening D) Methods research
A) Baselining
Using Bluetooth to extract data from a victim's phone is best described as which of the following? A)Bluesnarfing B) Bluejacking C) CYOD D) Jailbreaking
A) Bluesnarfing
Which of the following is a process of collecting and securing evidence during an investigation to prevent claims of evidence tampering? A) Chain of custody B) Order of volatility C) Legal hold D) Strategic evidence gathering
A) Chain of custody
What types of systems monitor the contents of workstations, servers, and networks to make sure that key content is not deleted or removed, and that confidential data is not leaked to unauthorized people outside the system? A) DLP B) PKI C) XML D) GSP
A) DLP
How must user accounts for exiting employees be handled? A) Disabled, regardless of the circumstances B) Disabled if the employee has been terminated C) Deleted, regardless of the circumstances D) Deleted if the employee has been terminated
A) Disabled, regardless of the circumstances
You are the administrator of your company's website. You are working when suddenly web server and network utilization both spike to 100% and stay there for several minutes, and users start reporting "Server not available" errors. You have become most likely the victim of what kind of attack? A) DoS Attack B) Virus Attack C) Replay Attack D) Man in the Middle Attack
A) DoS Attack
Elizabeth works for a company that manufactures portable medical devices such as insulin pumps. She is concerned about security for the devices. Which of the following would be the most helpful in securing these devices? A) Ensure that all communications with the device are encrypted. B) Ensure that the device has FDE. C) Ensure that the device has been stress-tested. D) Ensure that the device has been fuzz tested.
A) Ensure that all communications with the device are encrypted.
Which of the following is the best description of tailgating? A) Following someone through a door they just unlocked B) Figuring out how to unlock a secured area C) Sitting close to someone in a meeting D) Stealing information from someone's desk
A) Following someone through a door they just unlocked
Which of the following will not significantly contribute to network hardening? A) Installing new anti-virus software on workstations B) Updating network switch firmware to newest versions C) Putting passwords on all remote-configurable network hardware D) Locking down all unused ports on the firewall
A) Installing new anti-virus software on workstations
_____ are used to monitor a network for suspect activity. A) Intrusion detection systems B) Internet detection systems C) Intrusion deterrent systems D) Internet deterrent systems
A) Intrusion detection systems
In a hot and cold aisle system, what is the typical method of handling cold air? A) It is pumped in from below raised floor tiles B) It is pumped in from above through the ceiling tiles C) Only hot air is extracted and cold air is the natural result D) Cold air exists in each aisle
A) It is pumped in from below raised floor tiles
Which of the following access control methods includes switching work assignments at pre-set intervals?: A) Job rotation B) Mandatory vacations C) Least privilege D) Separation of duties
A) Job rotation
What principle is most important in setting up network accounts? A) Least privilege B) Password expiration C) Password complexity D) Separation of duties
A) Least privilege
Which of the following is a passive method of threat response? A) Logging the event B) Terminating the connection C) Changing network configuration D) Shutting down the computer
A) Logging the event
Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the technique to be used is one that is primarily based on preestablished access and can't be changed by users? A) MAC B) DAC C) RBAC D) Kerberos
A) MAC
Which of the following is an access control mechanism used in high-security installations that requires visual identification as well as authentication to gain access? A) Mantrap B) Fencing C) Proximity reader D) Hot aisle
A) Mantrap
What kind of cryptographic method replaces one character with another from a "match-up list" to produce the ciphertext? (The decoder wheel kids get in cereal boxes often use this type of cryptography.) A) Substitution cipher B)Transposition cipher C)Steganographic cipher D)Watermark cipher
A) Substitution cipher
Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other? A) VLAN B) NAT C) MAC D) Security zone
A) VLAN
An IV attack is usually associated with which of the following wireless protocols? A) WEP B) WAP C) WPA D) WPA2
A) WEP
In TCP/IP parlance, any computer or device with an IP address on a TCP/IP network is known as a(n): A) host B) device C) unit D) IP responder
A) host
To prevent files from being copied on a workstation to removable media, you should disable which ports? A) Serial B) USB C) Firewire D) Marker
B) USB
Susan is responsible for security of a SCADA system. If availability is her biggest concern, what is the most important thing for her to implement? A) SIEM B) IPS C) Automated patch control D) Log monitoring
B) IPS
_____ is the first step in the incident response cycle. A)Investigating the incident B) Incident identification C)Documenting the response D) Repairing the damage
B) Incident identification
security measure would be most important for him to implement? A) Stress testing B) Input validation C) IPS D) Agile programming
B) Input validation
When assigning permissions to users, which principle should you adhere to? A) Eminent domain B) Least privilege C) Manifest destiny D) Risk deterrence
B) Least privilege
Whether or not your server operating system can force a user to change a password is considered what kind of a security issue? A)Management B)Operational C) Physical D)Organizational
B) Operational
Which cloud service model provides the consumer the infrastructure to create applications and host them? A) SaaS B) PaaS C) IaaS D) CaaS
B) PaaS
Which of the following is the term for a fix for a known software problem? A) Skiff B) Patch C) Slipstream D) Upgrade
B) Patch
Which of the following is NOT an asymmetric encryption algorithm? A) RSA B) 3DES C) ECC D) Diffie-Hellman
B) 3DES
Which encryption technology is associated with WPA2? A) TKIP B) AES-CCMP C) WEP D) LDAP
B) AES-CCMP
Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware? A) Separation of duties B) Acceptable use C) Least privilege D) Physical access contro
B) Acceptable use
Which of the following is NOT a goal of information security? A) Prevention B) Archiving C) Detection D) Response
B) Archiving
A _____ security device uses some biological characteristic of human beings to uniquely identify a person for authentication. A) Biosecure B) Biometric C) Biotangeric D) Biogenic
B) Biometric
Your company requires that when employees are not at their desk no documents should be out on the desk and the monitor should not be viewable. What is this called? A) Wiping the desk B) Clean desk C) Excessive requirements D) Basic housekeeping
B) Clean desk
Servers or computers that have two NIC cards, each connected to different networks, are known as what type of computers? A) Routed B) Dual-homed C) Firewalled D) Protected
B) Dual-homed
Which feature of cloud computing involves dynamically provisioning or de-provisioning resources as needed? A)Multitenancy B) Elasticity C) CMDB D) Sandboxing
B) Elasticity
_____ is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. A) Enticement B) Entrapment C) Deceit D) Sting
B) Entrapment
Which of the following is a technique of providing unexpected values as input to an application to try to make it crash? A) DLP B) Fuzzing C) TPM D) HSM
B) Fuzzing
Which U.S. regulation dictates the standards for storage, use, and transmission of personal medical information?: A) EICAR B) HIPAA C) Graham Leach Bliley Act of 1999 D) FERPA
B) HIPAA
Which of the following will not reduce EMI? A) Physical shielding B) Humidity control C) Physical location D)Overhauling worn motors
B) Humidity control
You are a senior administrator at a bank. A bank customer calls you on the telephone and says that they were told to contact you. Two days ago, an email told them that there was something wrong with their account and that they needed to click a link in the email to submit information to fix the problem. They clicked the link and filled in the information the bank requested, but now their account is showing a large number of transactions they did not authorize. They were likely the victims of what type of attack? A) Spimming B) Phishing C) Pharming D) Escalating
B) Phishing
In order to run "packet sniffer" software properly, the NIC in the computer running the sniffer software must be set to: A) 10/100 Mode B) Promiscuous Mode C) Link Mode D) Ethernet listening mode
B) Promiscuous Mode
In order to run "packet sniffer" software properly, the NIC in the computer running the sniffer software must be set to: A) 10/100 Mode B)Promiscuous Mode C) Link Mode D) Ethernet listening mode
B) Promiscuous Mode
Which of the following technologies is used to identify and track tags attached to objects? A) NFC B) RFID C) IV D) DSC
B) RFID
Which of the following would be best at preventing a thief from accessing the data on a stolen phone? A) Geotagging B) Remote wipe C) Geofencing D) Segmentation
B) Remote wipe
Which encryption/security measure, originally developed by Netscape, is used to establish a secure, lower-layer communication connection between two TCP/IP-based machines? A) PKCS B) SSL C) TTS D) Telnet
B) SSL
A _____ is the term for an area in a building where access is individually monitored and controlled. A) Secured room B) Security zone C) Mantrap D) Network perimeter
B) Security zone
An administrator can configure access control functions but is not able to administer audit functions. This is an example of what? A) Access enforcement B) Separation of duties C) Least privilege D) Account management
B) Separation of duties
You require your ISP to keep your Internet connection up 99.999% of the time. In which document would this condition be placed.? A) Backup plan B) Service level agreement C) Disaster recovery plan D) Corporate minutes
B) Service level agreement
Which of the following is a type of attack that occurs when an attacker pretends to be a legitimate client, using information it has gained from a legitimate client (such as its IP address)? A) DoS B) Spoofing C) Replay D) Smurf
B) Spoofing
As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency? A) Hub B) Switch C) Router D) PBX
B) Switch
Which hypervisor model requires the operating system to be up, and cannot boot until it is? A) Type I B) Type II C) Type III D) Type IV
B) Type II
Which of the following is the basic premise of least privilege? A) Always assign responsibilities to the administrator who has the minimum permissions required. B) When assigning permissions, give users only the permissions they need to do their work and no more. C) Regularly review user permissions, and take away one they currently have to see if they will complain or even notice that it is missing. D) Do not give management more permissions than users.
B) When assigning permissions, give users only the permissions they need to do their work and no more.
The area of an application that is available to users (both authenticated and non-authenticated) is known as its: A) ring of trust B) attack surface C) public persona D) personal space
B) attack surface
Which of the following 802.11 standards is implemented in WPA2? A) 802.11a B) 802.11b C) 802.11i D) 802.11n
C) 802.11i
Which standard defines port-based security for wireless network access control? A) 802.1n B) 802.11ac C) 802.1x D) 802.16
C) 802.1x
Which encrpytion algorithm is based on Rijndael? A) DES B) RC C) AES D) CAST
C) AES
You need to encrypt your hard drive. Which of the following algorithms is your best choice? A) DES B) RSA C) AES D) SHA
C) AES
Which of the following is a reversion from a change that had negative consequences? A) Backup B) ERD C) Backout D) DIS
C) Backout
Which method of cryptanalysis tries every possible combination of characters in an attempt to guess the password or key? A)Mathematical B) Frequency Analysis C) Brute Force D) Algorithm Error Analysis
C) Brute Force
Which type of fire extinguisher is best for use on computer equipment in case of a computer fire? A) Class A B) Class B C) Class C D) Class D
C) Class C
Which access control method model allows the owner of a resource to grant privileges that they own? A) RBAC B) MAC C) DAC D) CAC
C) DAC
Which backup system backs up only those files that have changed since the last full backup? A) Full backup B) Incremental backup C) Differential backup D) Archival backup
C) Differential backup
The process of automatically switching from a malfunctioning system to another system is called what? A) Fail safe B)Redundancy C) Failover D) Hot site
C) Failover
Which of the following devices are the first line of defense for networks connected to the Internet? A) Routers B) Hubs C) Firewalls D) Switches
C) Firewalls
The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as: A) Stabilizing B) Reinforcing C) Hardening D) Toughening
C) Hardening
A _____ is a system designed to fool attackers into thinking a system is unsecured so they will attack it. Then the "victim" will learn their attack methods without having a live system compromised. A) Enticement B) Open Door C) Honeypot D) Black Hole
C) Honeypot
In which cloud service model can the consumer "provision" and "deploy and run"? A) SaaS B) PaaS C) IaaS D) CaaS
C) IaaS
Which type of penetration-style testing involves actually trying to break into the network? A) Discreet B) Indiscreet C) Intrusive D) Non-intrusive
C) Intrusive
When an organization chooses to go with a public cloud delivery model, who is accountable for the security and privacy of the outsourced service? A) The cloud provider and the organization B) The cloud provider C) The organization D) No one
C) The organization
Your system administrator comes back from a conference intent on disabling the SSID broadcast on the single AP your company uses. What will be the effect on the client machines? A) They will no longer be able to use wireless networking. B) They will no longer see the SSID as a Preferred Network when they are connected. C) They will no longer see the SSID as an available network. D) They will be required to make the SSID part of their HomeGroup.
C) They will no longer see the SSID as an available network.
Which of the following models is used to provide an intermediate server between the end user and the database, to provide additional security to the database server? A) One-tiered B) Two-tiered C) Three-tiered D) Relational database
C) Three-tiered
You have taken out an insurance policy on your data/systems to share some of the risk with another entity. What type of risk strategy is this? A)Transformation B)Conveyence C)Transference D) Devolution
C) Transference
In which two modes can IPSec work? A) Tunneling and Storing B) Transport and Storing C) Tunneling and Transport D) At-Rest and At-Ease
C) Tunneling and Transport
Which of the following is NOT one of the cloud delivery models recognized by NIST? A) Hybrid B) Community C) Unlisted D) Private
C) Unlisted
If you wanted to connect two networks securely over the Internet, what type of technology could you use? A) Repeater B) Bridge C) VPN D) Telnet
C) VPN
In which of the following does the tester have significant knowledge of the system and typically simulates an attack from an insider? A) Gray box B) Red box C) White box D) Black box
C) White box
The process of making a computer environment more secure from attacks and intruders is known as _____ .: A) locking up B) polishing C) hardening D) securing
C) hardening
The outer edge of physical security, where we create the first barrier to entry, is known as the _____. A) blockade B) door C) perimeter D) stop
C) perimeter
Which method of attack against a password happens when an attacker tries many different combinations of alphanumeric characters until successful? A)\Mathematical B)Alphanumeric C) Dictionary D) Brute force
D) Brute force
Which of the following uses multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they had intended to click on the top page? A) Wireshark B) OpenVAS C) John the Ripper D) Clickjacking
D) Clickjacking
Refer to the scenario in question 7. Which of the following amounts is the ALE for this scenario? A) $2 million B) $1 million C) $500,000 D) $33,333.33 E) $16,667
D) $33,333.33
What well-known TCP port does HTTP use? A) 21 B) 23 C) 25 D) 80
D) 80
Which of the following is an attack where a program or service is placed on a server to bypass normal security procedures? A) DoS B) Replay C) Social Engineering D) Back Door
D) Back Door