Assessment Test aline
What type of program exists primarily to propagate and spread itself to other systems? A. Virus B. Trojan horse C. Logic bomb D. Worm
D. A worm is designed to multiply and propagate. Worms may carry viruses that cause system destruction, but that isn't their primary mission.
A user has just reported that he downloaded a file from a prospective client using IM. The user indicates that the file was called account.doc. The system has been behaving unusually since he downloaded the file. What is the most likely event that occurred? A. Your user inadvertently downloaded a virus using IM. B. Your user may have a defective hard drive. C. Your user is imagining what cannot be and is therefore mistaken. D. The system is suffering from power surges.
A. IM and other systems allow unsuspecting users to download files that may contain viruses. Due to a weakness in the file extension naming conventions, a file that appears to have one extension may actually have another extension
Which design concept limits access to systems from outside users while protecting users and systems inside the LAN? A. DMZ B. VLAN C. I&A D. Router
A. A DMZ (demilitarized zone) is an area in a network that allows restrictive access to untrusted users and isolates the internal network from access by external users and systems. It does so by using routers and firewalls to limit access to sensitive network resources.
Which of the following is included in an SSID broadcast (choose the best answer)? A. Network name B. MAC address C. DHCP configuration information D. DNS default values
A. An SSID (Service Set Identifier) broadcast includes the network name.
You've been hired as a security consultant for a company that's beginning to implement handheld devices, such as smartphones. You're told that the company must use an asymmetric system. Which security standard would you recommend that it implement? A. ECC B. PKI C. SHA D. MD
A. Elliptic Curve Cryptography (ECC) would probably be your best choice. ECC is designed to work with smaller processors. The other systems may be options, but they require more computing power than ECC.
Which system would you install to provide active protection and notification of security problems in a network connected to the Internet? A. IPS B. Network monitoring C. Router D. VPN
A. An intrusion prevention system (IPS) provides active monitoring and rule-based responses to unusual activities on a network. A firewall, for example, provides passive security by preventing access from unauthorized traffic. If the firewall were compromised, the IPS would notify you based on rules that it's designed to implement.
The process of investigating a computer system for clues about an event is called what? A. Computer forensics B. Virus scanning C. Security policy D. Evidence gathering
A. Computer forensics is the process of investigating a computer system to determine the cause of an incident. Part of this process would be gathering evidence.
Which type of audit can be used to determine whether accounts have been established properly and verify that privilege creep isn't occurring? A. Privilege audit B. Usage audit C. Escalation audit D. Report audit
A. Privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned assigned according to the policies of an organization.
An individual presents herself at your office claiming to be a service technician. She wants to discuss your current server configuration. This may be an example of what type of attack? A. Social engineering B. Access control C. Perimeter screening D. Behavioral engineering
A. Social engineering is using human intelligence methods to gain access or information about your organization.
What encryption process uses one message to hide another? A. Steganography B. Hashing C. MDA D. Cryptointelligence
A. Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking.
The integrity objective addresses which characteristic of information security? A. Verification that information is accurate B. Verification that ethics are properly maintained C. Establishment of clear access control of data D. Verification that data is kept private and secure
A. To meet the goal of integrity, you must verify that the information being used is accurate and hasn't been tampered with. Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed.
Which algorithm is used to create a temporary secure session for the exchange of key information? A. KDC B. KEA C. SSL D. RSA
B. The Key Exchange Algorithm (KEA) is used to create a temporary session to exchange key information. This session creates a secret key. When the key has been exchanged, the regular session begins.
You want to install a cryptoprocessor chip that can be used to enhance security with the PKI systems. Which of the following is the one you are looking for? A. OCSP B. HSM C. MTU D. PIV
B. A Hardware Security Module (HSM) is a cryptoprocessor chip (or circuit mounted within the computer) that can be used to enhance secuiryt, and it is commonly used with PKI systems.
Which of the following is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanisms yet still displays back the user's intended transaction? A. PFS B. MITB C. P12 D. SDN
B. A man-in-the-browser attack (abbreviated as MITB, MitB, MIB, and MiB) is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanisms, sniffing or modifying transactions as they are formed on the browser yet still displaying back the user's intended transaction.
Which component of an IDS collects data? A. Data source B. Sensor C. Event D. Analyzer
B. A sensor collects data from the data source and passes it on to the analyzer. If the analyzer determines that unusual activity has occurred, an alert may be generated.
What type of exercise involves discussing possible security risks in a low-stress environment? A. White box B. Tabletop C. Black hat D. DHE
B. A tabletop exercise involves sitting around the table and discussing (with the help of a facilitator) possible security risks in a low-stress format
Which of the following backup methods will generally provide the fastest backup times? A. Full backup B. Incremental backup C. Differential backup D. Archival backup
B. An incremental backup will generally be the fastest of the backup methods because it backs up only the files that have changed since the last incremental or full backup.
Which of the following is a set of voluntary standards governing encryption? A. PKI B. PKCS C. ISA D. SSL
B. Public Key Cryptography Standards is a set of voluntary standards for public key cryptography. This set of standards is coordinated by RSA.
To increase security, TKIP places a wrapper around the WEP encryption with a key that is based on things such as the MAC address of the host device and the serial number of the packet. What is the size of the wrapper? A. 64-bit B. 128-bit C. 256-bit D. 512-bit
B. TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the host device and the serial number of the packet.
What is the acronym associated with the point of maximum tolerable loss for a system due to a major incident? A. ARO B. RPO C. RTP D. WML
B. The Recovery Point Objective (RPO) is the point of maximum tolerable loss for a system due to a major incident
Virtualization that does not utilize hypervisors can be accomplished through the use of which of the following? A. Wrappers B. Containers C. Portals D. Sinks
B. Virtualization that does not utilize hypervisors can be accomplished through the use of containers, also known as "Docker containers."
Which mechanism or process is used to enable or disable access to a network resource based on an IP address? A. NDS B. ACL C. Hardening D. Port blocking
B. Access control lists (ACLs) are used to allow or deny an IP address access to a network. ACL mechanisms are implemented in many routers, firewalls, and other network devices.
The process of verifying the steps taken to maintain the integrity of evidence is called what? A. Security investigation B. Chain of custody C. Three As of investigation D. Security policy
B. The chain of custody ensures that each step taken with evidence is documented and accounted for from the point of collection. Chain of custody is the Who, What, When, Where, and Why of evidence storage.
In the key recovery process, which key must be recoverable? A. Rollover key B. Secret key C. Previous key D. Escrow key
C. A key recovery process must be able to recover a previous key. If the previous key can't be recovered, then all the information for which the key was used will be irrecoverably lost.
You want to grant access to network resources based on authenticating an individual's retina during a scan. Which security method uses a physical characteristic as a method of determining identity? A. Smart card B. I&A C. Biometrics D. CHAP
C. Biometrics is the authentication process that uses physical characteristics, such as a palm print or retinal pattern, to establish identification.
Which access control method is primarily concerned with the role that individuals have in the organization? A. MAC B. DAC C. RBAC D. STAC
C. Role-based access control (RBAC) is primarily concerned with providing access to systems that a user needs based on the user's role in the organization.
Penetration/vulnerability testing that takes a passive approach rather than actually trying to break into the network is known as which one of the following? A. Flaccid testing B. Noncredentialed testing C. Nonintrusive testing D. Pedestrian testing
C. Penetration/vulnerability testing that takes a passive approach rather than actually trying to break into the network is known as nonintrusive testing.
Which kind of attack is designed to overload a particular protocol or service? A. Spoofing B. Back door C. Man in the middle D. Flood
D. A flood attack is designed to overload a protocol or service by repeatedly initiating a request for service. This type of attack usually results in a DoS (denial-of-service) situation occurring because the protocol freezes or since excessive bandwidth is used in the network as a result of the requests.
What kind of physical access device restricts access to a small number of individuals at one time? A. Checkpoint B. Perimeter security C. Security zones D. Mantrap
D. A mantrap limits access to one individual at a time. It could be, for example, a small room. Mantraps typically use electronic locks and other methods to control access.
Which mechanism is used by PKI to allow immediate verification of a certificate's validity? A. CRL B. MD5 C. SSHA D. OCSP
D. Online Certificate Status Protocol (OCSP) is the mechanism used to verify immediately whether a certificate is valid. The Certificate Revocation List (CRL) is published on a regular basis, but it isn't current once it's published.
You're the administrator for a research firm that works on only one project at at time and collects data through the web to a single server. The value of each research project is approximately $100,000. At any given time, an intruder could commandeer no more than 90 percent of the data. The industry average for ARO is 0.33. What is the ALE?
The SLE equals $90,000 ($100,000 X 0.9), and the ARO is 0.33. Therefore, the ALE is $29,700 ($90,000 X 0.33)
You work at the help desk for a small company. One of most common requests to which you must respond is to help retrieve a file that has been accidentally deleted by a user. On average, this happens once a week. If the user creates the file and then deletes it on the server (about 60 percent of the incidents), then it can be restored in moments from the shadow copy and there is rarely any data lost. If the user creates the file on their workstation and then deletes it (about 40 percent of the incidents), and if it can't be recovered and it takes the user an average of two hours to re-create it at $12 an hour, what is the ALE?
The SLE is $24 ($12 X 2), and the ARO is 20.8 (52 weeks X 0.4). Therefore, the ALE equals $499.20 ($24 X 20.8)
You're the administrator of a web server that generates $25,000 per hour in revenue. The probability of the web server failing during the year is estimated to be 25 percent. A failure would lead to three hours of downtime and cost $5000 in components to correct. What is the ALE?
The SLE is $80,000 ($25,000 X 3 hours + $5,000), and the ARO is 0.25 Therefore, the ALE is $20,000 ($80,000 X 0.25)