CISSP PRACTICE TESTS Chapter 7▪ Security Operations (Domain7)

66. Ann continues her investigation and realizes that the traffic generating the alert is abnormally high volumes of inbound UDP traffic on port 53. What service typical uses this port? A. DNS B. SSH/SCP C. SSL/TLS D. HTTP

A. DNS

1.Referring to the figure below, what technology is shown that provides fault tolerance for the database servers? Refer to page 138 in book. A. Failover cluster B. UPS C. Tape backup D. Cold site

A. Failover cluster

52. During an incident investigation, investigators meet with a system administrator who may have information about the incident but is not a suspect. What type of conversation is taking place during this meeting? A. Interview B. Interrogation C. Both an interview and an interrogation D. Neither an interview nor an interrogation

A. Interview

98. In what type of attackers manage to insert themselves into a connection between a user and a legitimate website? A. Man-in-the-middle B. Fraggle C. Wardrivind D. Meet-in-the-middle

A. Man-in-the-middle

6. Which one of the following trusted recovery types does not fail into a secure operating state? A. Manual recovery B. Automated recovery C. Automated recovery without undue loss D. Function recovery

A. Manual recovery

30. In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity? A. Public cloud B. Private cloud C. Community cloud D. Shared cloud

A. Public cloud

48. What type of attack is shown in the figure below? Refer to page 148 in book. A. SYN flood B. Ping flood C. Smurf D. Fraggle

A. SYN flood

12. As Gary design the program, he uses the matrix shown below. What principle of information security does this matrix most directly help enforce? Refer to page 140 in the book. A. Segregation of duties B. Aggregation C. Two-person control D. Defense in depth

A. Segregation of duties

63. Carla has worked for her company for 15 years and has held a variety of different positions. Each time she changed positions, she gained new privileges associated with that position, but no privilsges were ever taken away. What concept describes the sets of privileges she has accumlated? A. Entitlement B. Aggregation C. Transitivity D. Isolation

B. Aggregation

86. Gina is the firewall administrator for a small business and recently installed a new firewall. After seeing signs of unusually heavy network traffic, she checked the intrusion detection system, which reported that a fraggle attack was underway. What firewall configuration change can Gina make to most effectively prevent this attack? A. Block ICMP echo reply packets from entering the network. B. Block UDP port 7 and 19 traffic from entering the network. C. Block the destination address of the attack. D. Block the destination address of the attack.

B. Block UDP port 7 and 19 traffic from entering the network.

13. Gary is preparing to create an account for a new user and assign privileges to the HR database. What two elements of information must Gary verify before granting this access? A. Credentials and need to know B. Clearance and need to know C. Password and clearance D. Password and biometric scan

B. Clearance and need to know

53. Beth is selecting a disaster recovery facility for her organization. She would like to choose a facility that has appropriate environmental controls and power for her operations but wants to minnimize costs. She is willing to accept a lengthy recovery time. What type of facility should she choose? A. Hot site B. Cold site C. Warm site D. Service bureau

B. Cold site

71. Which one of the following tools provides an organization with the greastest level of protection against a software vendor going out of business? A. Service-level agreement B. Escrow agreement C. Mutual assistance agreement D. PCI DSS compliance agreement

B. Escrow agreement

90. What legal protection prevents law enforcement agencies from searching a facility or electronic system without either probable cause or consent? A.First Amendment B. Fourth Amendment C. Fifth Amendment D. Fifteenth Amendment

B. Fourth Amendment

76. You are performing an investigation into a potential bot infection on your network and wish to perform a forensic analysis of the information that passed between different systems on your network and those on the Internet.You believe that the information was likely encrypted. You are beginning your investigation after the activity concluded. What would be the best and easiest way to obtain the source of this information? A.Packet captures B. Netflow data C. Intrusion detection system logs D. Centralized authentication records

B. Netflow data

8. Toni responds to the desk of a user who reports slow system activity. Upon checking outbound network connections from that system, Toni notices a large amount of social media traffic originating from the system. The user does not use social media, and when Toni checks the accounts in question, they contain strange messages that appear encrypted. What is the most likely cause of this traffic? A. Other users are relaying social media requests through Toni's computer. B. Toni's computer is partof a botnet. C. Toni is lying about her use of social media. D. Someone else is using Toni's computer when she is not present.

B. Toni's computer is part of a botnet.

93. What is the minimum number of disks required to implement RAID level 1? A.One B. Two C. Three D. Five

B. Two

32. Sam is responsible for backing up his company's primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p. m. and differential backups on other days of the week at the same time. Files change according to the information shown in the figure below. How many files wil be copied in Wednesday's backup? A. 2 B. 3 C. 5 D. 6 File Modifications Monday 8 a.m. - File 1 created Monday 10 a.m. - File 2 created Monday 11 a.m. - File 3 created Monday 4 p.m. - File 1 modified Monday 5 p.m. - File 4 created Tuesday 8 a.m. - File 1 modified Tuesday 9 a.m. - File 2 modified Tuesday 10 a.m. - File 5 created Wednesday 8 a.m. - File 3 modified Wednesday 9 a.m. - File 6 created

C. 5

77. Which one of the following tools helps system administrators by providing a standard, secure template of configuration settings for operating systems and applications? A. Security guidelines B. Security policy C. Baseline configuration D. Running configuration

C. Baseline configuration

88. Renee is a software developer who writes code in Node.js for her organization. The company is considering moving from a self-hosted Node.js environment to one where Renee will run her code on application servers managed by a cloud vendor. What type of cloud solution is Renee's company considering? A.IaaS B. CaaS C. PaaS D. SaaS

C. PaaS

34. In virtualizationn platforms, what name is given to the module that is responsible for controlling access to physical resource by vitual resources? A. Guest machine B. SDN C. Kernel D. Hypervisor

D. Hypervisor

92. Which one ofthe following techniques is not commonly used to remove unwanted remnant data from magnetic tapes? A. Phyical destruction B. Degaussing C. Overwriting D. Reformatting

D. Reformatting

37. Which one of the following frameworks focuses on IT service management and includes topics such as change management, configuration management, and service-level agreements? A. ITIL B. PMBOK C. PCI DSS D. TOGAF

A. ITIL

Questions 11-14 refer to the following scenario. Gary was recently hired as the first cheif information security officer (CISO) for a local government agency. The agency recently suffered a security breach and is attempting to build a new information security program. Gary would like to apply some best practices for security operations as he designing this program. 11. As Gary decides what access permissions he should grant to each user, what principle should guide his decisions sbout default permissions? A. Separation of duties B. Least privilege C. Aggregation D. Separation of privileges

B. Least privilege

50. Which one of the folloing statements best describes a zero-day vulnerability? A. An attacker that is new to the world of hacking B. A database attack that places the date 00/00/0000 in data tables in an attempt to exploit flaws in business logic C. An attack previously unknown to the security community D. An attack that sets the operating system date and time to 00/00/0000 and 00:00:00

C. An attack previously unkown to the security community

83. The historic ping of death attack is most similar to which of the following modern attack types? A. SQL injection B. Cross-site scripting C. Buffer overflow D. Brute force password cracking

C. Buffer overflow

75. Alice is responsible for reviewing authentication logs on her organization's network. She does not have the time to review all logs, so she decides to choose only records where there have been four or more invalid authentication attempts. What technique is Alice using to reduce the size of the pool? A. Sampling B. Random selection C. Clipping D. Statistical analysis

C. Clipping

100. Which one of the following controls protects an organization in the event of a sustained period of power loss? A. Redundant server B. Uninterruptible power supply (UPS) C. Generator D. RAID

C. Generator

4. Which one of the following individuals is most likely to lead a regulatory investigation? A. CISO B. CIO C. Government agent D. Private detective

C. Government agent

61. Melanie suspects that someone is using malicious software to steal computing cycles from her company. Which one of the following security tools would be in the best position to detect this type of incident? A. NIDS B. Firewall C.HIDS D. DLP

C. HIDS

20. Which one of the following mechanisms is not commonly seen as a deterrent to fraud? A. Job rotatio B. Mandatory vacations C. Incident response D. Two-person control

C. Incident response

72. Fran is considering new human resources policies for her bank that will deter fraud. She plans to implement a mandatory vacation policy. What is typically considered the shortest effective length of a mandatory vacation? A. Two days B Four days C. One week D. One month

C. One week

46. Which one of the following technologies would provide the most automation of an inventory control process in a cost- effective manner? A. IPS B. Wi-Fi C. RFID D. Ethernet

C. RFID

60. Which one of the following events marks the completetion of a diaster recovery process? A. Securing property and life safety B. Restoring operations in an alternate facility C. Restoring operations in the primary facility D. Standing down first responders

C. Restoring operations in the primary facility

45. Which one of the following is an example of a computer security incident? A. Completion of a backup schedule B. System access recorded in a log C. Unauthorixed vulnerability scsn of a file server D. Update of antivirus signatures

C. Unauthorized vulnerability scsn of a file server

31. Which of the following organizations would be likely to have a representative on a CSIRT? I. Information security II. Legal counsel III. Senior management IV. Engineering A. I, III, and IV B. I, II, and III C. I, II,and IV D. All of the above

D. All of the above

35. What term is used to describe the default set of privileges assigned to a user when a new account is created? A. Aggregation B. Transitivity C. Baseline D. Entitlement

D. Entitlement

25. Which of the following would normally be considered an example of disaster when performing disaster recovery planning? I. Hacking incident II. Flood III. Fire IV. Terrorism A. II and III only B. I amd IV only C. II, III, and IV only D. I, II,III, and IV

D. I, II, III, and IV

91. Darcy is a computer security specialist who is assisting with the prosecution of a hacker. The prosecutor requests that Darcy give testimony in court about whether, in her opinion, the logs and other records in a case are indicative of a hacking attempt. What type of evidence is Darcy being asked to provide? A. Expert opinion B. Direct evidence C. Real evidence D. Documentary evidence

A. Expert opinion

80. In what virtualization model do full guest operating systems run on top of a virtualization platform? A. Virtual machines B. Software-defined networking C. Virtual SAN D. Application virtualization

A. Virtual machines

27. Which one if the following is not an example of a backup tape rotation scheme? A. Grandfather/Father/Son B. Meet in the middle C. Tower of Hanoi D. Six Cartridge Weekly

B. Meet in the middle

51. Which one of the following is not a canon of the (ISC)2 code of ethics? A. Protect society , the common good, necessary public trust and confidence, and the infrastructure. B. Promptly report security vulnerabilities to relevant authorities. C. Act honorably, honestly, justly, responsibly, and legally. D. Provide diligent and competent service to principals.

B. Promptly report security vulnerabilities to relevant authorities.

85. What technique can application developers use to test applications in an isolated virtualized environment before allowing them on a production network? A. Penetration testing B. Sandboxing C. White box testing D. Black box testing

B. Sandboxing

58. When designing an access control scheme, Hilda set up roles so that the same person does not have the ability to provision a new user account and assign superuser privileves to an account. What information security principle is Hilda following? A. Least privilege B. Separation of duties C. Job rotation D. Security through obscurity

B. Separation of duties

17. Which one of the following tasks is performed by a forensic disk controller? A. Masking error conditions reported by the storage device B. Transmitting write commands to the storage device C. Intercepting and modifying or discarding commands sent to the storage deviice D. Preventing data from being returned by a read operation sent to the device

C. Intercepting and modifying or discarding commands sent to the storage device

3. Which one of the following is not a privileged administrative activity that should be automatically sent to a log of superuser actions? A. Purging log entries B. Restoring a system from backup C. Logging into a workstation D. Managing user accounts

C. Logging into a workstation

64. During what phase of the incident response process do administrators take action to limit the effect or scope of an incident? A. Detection B. Response C. Mitigation D. Recovery

C. Mitigation

82. Bruce is seeing quite a bit of suspicious activity on his network. It appears that an outside entity is attempting to connect to all of his systems using a TCP connection on pirt 22. What type of scanning is the ouysidee likely engaging in? A. FTP scannin B. Telnet scanning C. SSH scanning D. HTTP scanning

C. SSH scanniing

47. Connor's company recently experienced a denial of service attack that Connor believes came from an inside source. If true, what type of event has the company experienced? A. Espionage B. Confidentiality breach C. Sabotage D. Integrity breach

C. Sabotage

99. Which one of the following techniques uses statistical methods to select a small number of records from a large pool for further analysis with the goal of choosing a set of records that is representative of theentire pool? A. Clipping B. Randomization C. Sampling D. Selection

C. Sampling

55. You are working to evaluate the risk of flood to an area and consult the flood maps from the Federal Emergency Management Agency (FEMA). According to those maps, the area lies within a 200-year flood plain. What is the annualized rate of occurrence (ARO) of a flood in that region? A. 200 B. 0.01 C. 0.02 D. 0.005

D. 0.005

73. Which of the following events would constitute a security incident? 1. An attempted network intrusion 2. A successful database intrusion 3. A malware infection 4. A violation of a confidentiality policy 5. An unsuccessful attempt to remove information from a secured area A. 2, 3, and 4 B. 1, 2, and 3 C. 4 and 5 D. All of the above

D. All of the above

24. Which one of the following information sources is useful to security admiistrators seeking a list information security vulnerabilities in applications, devices, and operating systems? A. OWASP B. Bugtraq C. Microsoft Security Bulletins D. CVE

D. CVE

26. Glenda would like to conducta diaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information activities and as minimal a commitment of time as possible. What type of information system activities and as minimal a commitment of time as possible. What type of test should shebchoose? A. Tabletop excerrise B. Parallel test C. Full interruption test D. Checklist review

D. Checklist review

69. Frank is seeking to introduce a hacker's laptop in court as evidence against the hacker. The laptop does contain logs that indicate the hacker committed the crime, but the court ruled that the search of the apartment that resulted in police finding the laptop was unconstitutional. What admissibility criteria prevents Frank from introducing the laptop as evidence? A. Materiality B. Relevance C. Hearsay D. Competence

D. Competence

43. Which one of the following is not a basis preventative measure that you can take to protect your systems and applications against attack? A. Implement intrusion detection and prevention systems. B. Maintain current patch levels on all operating systems and applications. C. Remove unnessary accounts and services. D. Conduct forensic imaging of all systems.

D. Conduct forensic imaging of all systems.

19. Which one of the folling security tools consists of an unused network address space that may detect unauthorized activity? A. Honeypot B. Honeynet C. Psuedoflaw D. Darknet

D. Darknet

67. As Ann analyzes the traffic further, she realizes that the traffic is coming from many different sources and has overwhelmed the network, preventing legitimate uses. The inbound packets are responses to queries that she does not see in outbound traffic. The responses are abnormally large for their type. What type of attack should Ann suspect? A. Reconnaissance B. Malicious code C. System penetration D. Denial of service

D. Denial of service

59. Reggie recently reived a letter from his company's internal auditors scheduling the kickoff meeting for an assessment of his group. Which of the following should Reggie not expect to learn during that meeting? A. Scope of the audit B. Purpose of the audit C. Expected timeframe D. Expected findings

D. Expected findings

21. Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own data center but also leverages an IaaS provider for hosting its web services and SaaS email system. What term best describes the type of cloud environment this organisation uses? A. Public cloud B. Dedicated cloud C. Private cloud D. Hybrid cloud

D. Hybrid cloud

38. Richard is experiencing issues with the quality of network service on his organization's network. The primary systom is that packets are consistently taking too long to travel from their source to their destination. What term describes the issue Richard is facing? A. Jitter B. Packet loss C. Interference D. Latency

D. Latency

2. Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts? A. Read only B. Editor C. Administrator D. No access

D. No Access

5. What type of evidence consists entirely of tangible items that may be brought into a court of law? A. Documentary evidence B. Parol evidence C. Testimonial evidence D. Real evidence

D. Real Edvidence

9. Under what virtualization model does the virtualization platform separate the network control plane from the data plane and replace complex network devices with simpler devices that simply receive instructions from the controller? A. Virtual machines B. VSAN C. VLAN D. SDN

D. SDN

23. Mark is considering replacing his organization's customer relationship management (CRM) solution with a mew product that is available in the cloud. This new solution is completely managed by the vendor and Mark's company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering? A. IaaS B. CaaS C. PaaS D. SaaS

D. SaaS

14. Gary is preparing to develop controls around access to root encryption keys and would like to apply a principle of security designed specifically for very sensitive operations. What principle should he apply? A. Least privilege B. Defense in depth C. Security through obscurity D. Two-person control

D. Two-person control

22. Tom is responding to a recent security incident and seeking information on the approval process for a recent modification to a system's security settings. Where would he most likely find this information? A. Change log B. System log C. security log D. Application log

A. Change log

89. Timber Industries recently got into a dispute with a customer. During a meeting with his account representative, the customer stood up and declared, "There is no other solution. We will have to take this matter to court." He then left the room. When does Timber Industries have an obligation to begin preserving evidence? A. Immediately B. Upon recipt of a notice of litigation from opposing attorneys C. Upon receipt of a subpoena D. Upon receipt of a court order

A. Immediately

18. Lydia is processing access control requests for her organization. She comes across a request where the user does have the required security clearance, but there is no business justification for the access. Lydia denies this request. What security principle is she following? A. Need to know B. Least privilege C. Seperation of duties D. Two-person control

A. Need to know

42. Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing? A. Need to know B. Least privilege C. Two-person control D. Transitive trust

B. Least privilege

10. Jim would like to identify compromised systems on his network that may be participating in a botnet. He plans to do this by watching for connections made to known comnand and-control servers. Which one of the following techniques would be most likely to provide this information if Jim has access to a list of known servers? A. Netflow records B. IDS logs C. Authentication logs D. RFC logs

A. Netflow records

36. Which one of the following types of agreements is the most formal document that contains expectations about availability and other perforomance parameters between a service provider and a customer? A. Service-level agreement (SLA) B. Operations level agreement (OLA) C. Memorandum of understanding (MOU) D. Statement of work (SOW)

A. Service-level agreement (SLA)

39. Joe is an investigator with a law enforcement agency. He recieved a tip that a suspect is communicatingsensitive information with a third party via a message board. After obtaining a warrant for the message, he obtained the contents and found that the message only contains the image show in the figure below. if this is the sole content of the communication, what technique could the suspect have used to embed sensitive information in the message? Refer to page 146 in the book. A. Steganography B. Watermarking C. Clipping D. Sampling

A. Steganography

87. What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains? A. Transitive trust B. Inhsritable trust C. Nontransitive trust D. Noninheritable trust

A. Transitive trust

49. Florian is building a diaster recovery plan for his organization and would like to determine the amount of time that a particular IT service may be down without causing serious damage to business operations. What variable is Florian calculating? A. RTO B. MTD C. RPO D. SLA

B. MTD

56. Which one of the following individuals poses the greatest risk to security in most well-defended organizations? A. Political activist B. Malicious insider C. Script kiddie D. Thrill attacker

B. Malicious insider

44. Tim is a forensic analyst who is attempting to retrieve information from a hard drive. It appears that thebuser attempted to erase the data, and Tim is trying to reconstruct it. What type of forensic analysis is Tim performing? A. Software analysis B. Media analysis C. Embedded device analysis D. Network analysis

B. Media analysis

78. What type of disater recovery test activates the alternate processing facility and uses it to conduct transactions but leaves the primary site up and runnings? A. Full interruption test B. Parallel test C. Checklist review D. Tabletop exercise

B. Parallel test

62. Brandon observes that an authorized user of a system on his network recently misused his account to exploit a system vulnerability against a shared server that allowed him to gain root access to the server. What type of attack took place? A. Denial of service B. Privilege escalation C. Reconaissance D. Brute force

B. Privilege escalation

7. Which one of the following might a security team use on a honeypot system to consume an attacker's time while alerting administrators? A. Honeynet B. Pseudoflaw C. Warning banner D. Darknet

B. Pseudoflaw

81. What level of RAID is also known as disk mirroring? A. RAID-0 B. RAID-1 C. RAID-5 D. RAID-10

B. RAID-1

68. At this point in the incident response process, what term best describes what has occurred in Ann's organization? A. Security occurrence B. Security incident C. Security event D. Security intrusion

B. Security incident

94. Jerome is conducting a forensic investigation and is reviewing database server logs to investigate query contents for evidence of SQL injection. attacks. What type of analysis is he performing? A. Hardware analysis B. Software analysis C. Network analysis D. Media analysis

B. Software analysis

28. Helen is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both the employee's manager and the accounting manager must approve the request before the access is granted. What information security principle is Helen enforcing? A. Least privilege B. Two-person control C. Job rotation D. Separation of duties

B. Two-person control

96. Carolyn is concerned that users on her network may be storing sensitive information, such as Social Security numbers, on their hard drives without proper authorization or security controls. What technology can she use to best detect this activity? A. IDS B. IDP C. DLP D. TLS

C. DLP

95. Quantum Computing regularly ships tapes of backup data across the country to a secondary facility. These tapes contain confidential information. What is the most important security control that Quantum can use to proctect these tapes? A. Locked shipping containers B. Private couriers C. Data encryption D. Media rotation

C. Data encryption

79. During which phase of the incident response process would an analyst receive an intrusion detection system alert and veeify its accuracy? A. Response B. Mitigation C. Detection D. Reporting

C. Detection

57. Veronia is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move database backups from the primary facility to an offsite location eachbnight. What type of database recovery technique is the consultant describing? A. Remote journaling B. Remote mirroring C. Electronic vaulting D. Transaction logging

C. Electronic vaulting

70. Gordon suspects that a hacker has penetrated a system belonging to his company. The system does not contain any regulated information and Gordon wishes to conduct an investigation on behalf of his company. He has permission from his supervisor to conduct the investigation. Which of the following statements is true? A. Gordon is legally required to contract law enforcement before beginning the investigation. B. Gordon's may not conduct his own investigation. C. Gordon's investigation may include examining the contents of hard disks, network traffic, and any other systems or information belonging to the conpany. D. Gordon may ethically perform "hack back" activities after identifying the perpetrator.

C. Gordon's investigation may include examining the contents of hard disks, network traffic, and any other systems or information belonging to the company.

33. Which one of the following security tools is not capable ofgenerating an active response to a security event? A. IPS B.Firewall C.IDS D. Antivirus software

C. IDS

84. Roger recently accepted a newcposition as a security professional at a company that runs its entire IT infrastructure within an IaaS environment. Which one of the following would most likely be the responsibility of Roger's firm? A. Configuring the network firewall B. Applying hypervisor updates C. Patshing operating systems D. Wiping drives prior to disposal

C. Patshing operating system

Questions 65-68 refer to the following scenario. Ann is a security professional for a mid-sized business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, any many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because that network began to recieve an unusually high volume of inbound traffic. Ann recieved this alert and began looking into the orgin of the traffic. 65. At this point in the incident response process, what term best describes what has occurred in Ann's organization? A. Security occurrence B. Security incident C. Security event D. Security intrusion

C. Security intrusion

41. Which of the following is not true about the (ISC)2 code of ethics? A. Adherence to the code is a condition of certification. B. Failure to comply with the code may result in revocation of certification. C. The code applies to all members of the information security profession. D. Members who observe aa breach of the code are required to report the possible violation.

C. The code applies to all members of the information security profession.

29. Which one of the following is not a requirement for evidence to be admissible in court? A. The evidence must be relevent. B. The evidence must be material. C. The evidence must be tangible. D. The evidence must be competent..

C. The evidence must be tangible.

15. When should an organization conduct a review of theprivileged access that a user has to sensitive systems? A. On a periodic basis B. When a user leaves the organization C. When a user changes roles D. All of the above

D. All of the above

97. Under what type of software license does the recipient of software have an unlimited right to copy, modify, distribute, or resell a software package? A. GNU Public License B. Freeware C. Open source D. Public domain

D. Public domain

16. Which one of the following terms is often used to describe a collection of unrelated patches released in a large collection? A. Hotfix B. Update C. Security fix D. Service pack

D. Service pack

74. Which one of the following traffic types should not be blocked by an organization's egress filtering policy? A. Traffic destined to a private IP address B. Traffic with a broadcast destination C. Traffic with a source address from an external network D. Traffic with a destination address on a external network

D. Traffic with a destination address on a external network

40. Which one of the following is an example of a manmade disaster? A. Hurricane B. Flood C. Mudslide D. Transformer failure

D. Transformer failure

54. What technique has been used to protect the intellectual property in the image shown below? Refer to page 149 in the book? A. Steganography B. Clipping C. Sampling D. Watermarking

D. Watermarking