Final 3
Which of the following is implied by the pooling of losses?
sharing of losses by an entire group, substitute average loss for factual loss, law of large numbers
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which method should you use to best prevent extracting data from the discs?
shredding
Dictionary attacks are often more successful when performed after what reconnaissance action?
social engineering
One branch of government insurance programs has a number of distinguishing characteristics. These programs are compulsory, they are financed by mandatory contributions rather than general tax revenues, and benefits are weighted in favor of low-income groups. These government insurance programs are called
social insurance programs
Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?
social validation
Jim and Paula Franklin started a dry cleaning business. The business may be successful or it may fail. The type of risk that is present when either a profit or loss could occur is called
speculative risk
ssh command
ssh is the application used to remotely connect to server ssh <user-name>@<ip-address> -p <port-number>
How to generate key pair?
ssh-keygen
What are the types of encryption supported by ssh-keygen
ssh-keygen can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
Future income and assets can be attached to pay judgments if inadequate insurance is carried
statement about liability risks
Principle of least privilege
states that users or groups are given only the access they need to do their job (and nothing more).
You are currently logged in using the badams account. You want to view the contents of the /etc/inittab but you are not allowed to with the badams account. Which command could you use to view the file ?
su -c "cat /etc/inttab" -l
Uncertainty based on a person's mental condition or state of mind is known as
subjective risk
You have logged in as a regular user when a frantic phone call comes in. The ABCD process must be started on the server now but only be run by root. Which command do you use to start this process?
sudo ABCD
How to create a new user?
sudo adduser <username>
Upgrading Linux after updating
sudo apt-get upgrade
disable password based login
sudo nano /etc/ssh/sshd_config (service running on server listening for ssh connections) change password required to no and restart - sudo service ssh restart
Neil needs insurance that is unavailable in the state where he lives. To obtain insurance from a nonadmitted insurer, Neil should contact a
surplus lines broker
You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered?
tabletop exercise
Which command should you use to check the TCP wrapper configuration in your system?
tcpdchk
A peril is
the cause of a loss
Separation of duties
the concept of having more than one person required to complete a task. Helps prevent insider attacks because no one person has end-to-end control and no one person is irreplaceable.
Risk management is concerned with
the identification and treatment of loss exposures
Algorithm
the process or formula used to convert a message or otherwise hide its meaning.
define: objective risk
the relative variation of actual loss from expected loss
The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing?
the resting of control procedures to see if they are working as expected and are being implemented in accordance with management policies
examples of burdens to society because of the presence of risk
the size of an emergency fund must be increased, Society is deprived of certain goods and services, Mental fear and worry are present
Cryptology
the study of cryptography and cryptanalysis
Examples of direct property losses
the theft of a person's jewelry, the destruction of a firm's manufacturing plant by an earthquake, the vandalism of a person's automobile
Which of the following best defines Single Loss Expectancy (SLE)?
the total monetary loss associated with a single occurrence of a threat
When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated?
through historical data provided by insurance companies and crime statistics
What is the primary purpose of source code escrow?
to obtain change rights over software after the vendor goes out of business
Which of the following commands will you use to track the route of packets from a computer to a destination? Each correct answer represents a complete solution. Choose two.
traceroute tracepath
Execute the command to determine the routers that your system must connect through to reach the machine with the host named www.ucertify.com.
traceroute www.ucertify.com
Purchasing insurance is what type of response to risk?
transference
Which command will prevent the shell from using to much of the systems resources?
ulimit
define: risk
uncertainty concerning the occurrence of loss
Jan is employed by an insurance company. She reviews applications to determine whether her company should insure the applicant. If insurable, Jan assigns the applicant to a rating category based on the applicant's degree of risk. Jan is a(n)
underwriter
Updating Linux
update package source lists sudo apt-get update
System Access List (SACL)
used by Microsoft for auditing to identify past actions performed by users on an object.
What is the most effective means of improving or enforcing security in any environment?
user awareness training
Rule of least privilige
user or application has enough permissions to do its job nothing more
You work as a Network Administrator for McNeil Inc. The company has a Linux-based network. You want to create a new user account from the shell. Which of the following commands will you use?
useradd
Which of the following commands could be used to create a user account named sam?
useradd sam
An employee named Bob Smith, with a user name of bsmith, has left the company. You have been instructed by your supervisor to delete his user account along with his home directory. Which of the ff. commands would produce the required outcome? (Choose all that apply.)
userdel -r bsmith, userdel bsmith; rm -rf /home/bsmith
A user with an account name of larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage the files in the system in the very near future. Which command below will disable or remove the user account from the system and remove his home directory?
userdel -r larry
Which of the following commands is used to modify a user account?
usermod
Which of the following commands will you use to add a user sam to the root group?
usermod -G root sam
You have performed an audit and have found active accounts from employees who no longer work for the company. You want to disable those accounts. What command example will disable a user account?
usermod -L joer
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the ff. commands will accomplish this?
usermod -l kjones kscott
Quantum Cryptography
uses a series of phontons to encrypt and send msgs. If the receiver knows the sequence and polarity of the photons, the message can be decoded.
) Antonio is a claims adjustor for LMN Insurance Company. After the insurer is notified that there has been a loss, Antonio meets with the insured. The first step in the claims process that Antonio should follow is to
very that a covered loss has occured
What is the best definition of a security incident?
violation of security policy
Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?
vishing
Which command should you use to edit the /etc/sudoers file?
visudo
You need to block all users from logging in to the Linux system while you resolve a serious issue. You first need to force all active users to log out. Which command will display a list of all active users?
w
In the /etc/shadow file, which character in the password field indicates that a standar user account is locked?
!
Acme Company has three identical manufacturing plants, one on the Texas Gulf Coast, one in southern Alabama, and one in Florida. Each plant is valued at $50 million. Acme's risk manager is concerned about the damage which could be caused by a single hurricane. The risk manager believes there is an extremely low probability that a single hurricane could destroy two or all three
$150 million
Acme Company has three identical manufacturing plants, one on the Texas Gulf Coast, one in southern Alabama, and one in Florida. Each plant is valued at $50 million. Acme's risk manager is concerned about the damage which could be caused by a single hurricane. The risk manager believes there is an extremely low probability that a single hurricane could destroy two or all three plants because they are located so far apart. What is the probable maximum loss associated with a single hurricane?
$50 million
Transposition cipher
(aka anagram) changes the position of characters in the plaintext msg.
Which of the following crontab command parameters can be used to display the contents of the crontab file?
-l
Which "chage" option keeps a user from changing password every two weeks?
-m 33
Which chage option keeps a user from changing a password every two weeks?
-m 33
Financial risk is easily addressed through the purchase of insurance
...
All available package source lists are listed in which file
/etc/apt/sources.list
Which of the following files configures how network printers are discovered?
/etc/cups/snmp.conf
You are modifying the tcpd control files of the xinetd super daemon. Of the two tcpd control files which file is applied first?
/etc/hosts.allow
Which of the following files are used to configure the TCP Wrapper? Each correct answer represents a complete solution. Choose two.
/etc/hosts.allow /etc/hosts.deny
Which file should you edit to configure the inetd super daemon?
/etc/inetd .conf
Which of the following storage locations are modified to set the timezone of a Linux system? Each correct answer represents a complete solution. Choose three.
/etc/localtime /usr/share/zoneinfo /etc/timezone
Which file should you create to disable the ability to log into a Linux system?
/etc/nologin
Which pluggable authentication modules (PAM) configuration file should you edit to enforce login blocking?
/etc/pam.d/login
finger retrieves most of the info about user from which file?
/etc/passwd
Which file should you edit to limit the amount of concurrent logins for a specific user?
/etc/security/limits.conf
Which file should you edit to limit the amount of concurrent logins for a specific user? (Tip: Enter the full path to the file.)
/etc/security/limits.conf
You're planning to add a number of users to the system by utilizing the useradd utility. Which directory holds the default configuration files that will be used for these new accounts?
/etc/skel
You need to configure which commands may be used with the sudo command. Which command should you edit?
/etc/sudoers
Which file has the usernames that can use sudo command
/etc/sudoers file has usernames that can use sudo command
Management wants a compilation of specific data to occur every night. The only way to accomplish this is to copy files throughout all network hosts to one server via FTTP. Which file must you edit to enable TFTP on the Linux server ?
/etc/xinetd.d /tftp
Advantages of the direct response system for marketing life insurance include which of the following? I. Advertising can be specifically directed to selected markets. II. Complex products can be easily sold.
1
Which of the following statements about brokers is (are) true? I. They legally represent the insured rather than the insurance company. II. They are prohibited from being licensed as agents.
1
Which of the following statements concerning the selection of risk management techniques and insurance market conditions is true? I. It's easier to purchase affordable insurance during a "soft " market than during a "hard" market. II. Retention is used more during a "soft" market than during a "hard" market.
1
Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established between your domain and their domain. This configuration will allow users in their domain to access resources in your domain and vice versa. As a security administrator, which tasks should you complete during this phase? (Select two.) 1. Conduct security audits on the partner organization. 2. Verify compliance with the A documents. 3. Identify how data ownership will be determined. 4. Reset all passwords used by the third party to access data or applications on your network. 5. Identify how data will be shared.
1 Identify how data ownership will be determined. 2 Identify how data will be shared.
A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario?
whaling
Adverse selection occurs
when applicants with a higher-than-average chance of loss seek insurance at standard rates
When would choosing to do nothing about an identified risk be acceptable?
when the cost of protecting the asset is greater than the potential loss
What is an appropriate condition for using retention
when the worst possible loss is not serious
Why may premature death result in economic insecurity? I. Additional expenses associated with death may be incurred. II. The income of the deceased person's family may be inadequate to meet its basic needs.
1. Additional expenses associated with death may be incurred. 2. The income of the deceased person's family may be inadequate to meet its basic needs.
Placing the public key in the remote server
1. create .ssh directory 2. create file .ssh/authorized_keys (stores public keys that the account uses for authentication) 3. copy contents of public key to authorized_keys and save 4. set permissions for .ssh chmod 700 .ssh chmod 644 authorized keys
Which of the following IP addresses will you use to test theTCP/IP stack on your local host?
127.0.0.1
The session keys employed by SSL are available in what bit lengths?
128 & 40 bit. They are also available in 56-bit & 256-bit lengths.
Which of the following IP addresses are Class C addresses? Each correct answer represents a complete solution. Choose two.
192.44.57.96 211.23.121.27
Which of the following statements about a personal risk management program is (are) true? I. Insurance and retention are the only techniques used to handle potential losses. II. The steps in a personal risk management process are the same steps used by businesses.
2
Which of the following statements about captive insurance companies is (are) true? I. A captive insurance company established by a U.S. company must be domiciled in the United States. II. A captive insurance company may be owned by several parents.
2
You have conducted a risk analysis to protect a key company asset. You identify ff. values: *Asset value = 400 *Exposure factor = 75 * Annualized Rate of Occurrence =.25 What is the Single Loss Expectancy (SLE)?
300
Which ports does LDAP use by default? (Select two.)
389 and 636
Which algorithms are used in symmetric encryption?(select three)
3DES, blowfish, AES
Which of the ff. ports are used with TACACS?
49
Which of the following port addresses is used by the CUPS to access the CUPS web-based interface tool?
631
You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use?
636
You have conducted a risk analysis to protect a key company asset. You identify ff. values: *Asset value = 400 *Exposure factor = 75 * Annualized Rate of Occurrence =.25 What is the Annualized Loss Expectancy (ALE)?
75
What are the fields in /etc/passwd?
<username>:x:<UID>:<GID>:<description>:<user-home-directory>:<user-default-shell>
All of the following are classified as casualty insurance EXCEPT A) life insurance. B) general liability insurance. C) workers compensation insurance. D) burglary and theft insurance.
A
Laura Evans is risk manager of LMN Company. Laura decided to retain certain property losses. All of the following are methods which Laura can use to fund retained property losses EXCEPT A) private insurance. B) current net income. C) funded reserve. D) borrowed funds.
A
Which of the ff. is an example of two-factor authentication?
A Token device and a PIN
Which of the ff. are requirements to deploy Kerberos on a network? (Select two.)
A centralized database of users and password, Time synchronization between devices
If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's logon credentials, which of the ff. is true? (Select two.)
A collision was discovered, The discovered password will allow the attacker to log on as the user, even if it is not the same as the user's password.
Digital Signatures
A combination of asymmetric encryption and hashing values. It provides confidentiality, integrity validation, strong authentication, and non-repudiation.
One-time pad
A cryptography method in which the plaintext is converted to binary and combined with a string of randomly generated binary numbers (referred to as the pad). It is a form of substitution.
Which of the ff. would you find on a CPS?
A declaration of the security that the organization is implementing for all certificates
Which would you find on a CPS(certificate Practice Statement)
A declaration of the security that the organization is implementing for all certificates
What is true about retention regarding firms?
A financially strong firm can have a higher retention level than a firm whose financial position is weak
Trusted Platform Module (TPM)
A hardware chip on the motherboard that can generate and store cryptographic keys.
What is a PKI?
A hierarchy of computers for issuing certificates
Diffie-Hellman
A key exchange protocol used for generating and securely exchanging symmetric encryption keys. - Asymmetric
Which of the ff. is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
Hardware Security Modules (HSM)
A piece of hardware and associated software/firmware that is connected to a computer system to provide cryptographic functions such as encryption, decryption, key generation, and hashing.
What is mutual authentication?
A process by which each party in an online communication verifies the identity of the other party
Logic bomb
A program that performs a malicious activity at a specific time or after a triggering event.
ElGamal
A protocol used for encryption & based on Diffie-Hellman. Used in the free GNU privacy guard software and recent versions of PGP. - Asymmetric
Rootkit
A set of programs that allows attackers to maintain permanent, administrator-level, hidden access to a computer.
What type of key or keys are used in symmetric cryptography?
A shared private key
What types of key or keys are used in symmetric cryptography?
A shared private key
Which best describes high amplification when applied to hashing algorithms?
A small change in the message results in a big change in the hash value
Which of the ff. best describes high amplification when applied to hashing algorithms?
A small change in the message results in a big change in the hash value.
Fuzzing
A software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application.
Which of the ff. is stronger than any biometric authentication factor?
A two-factor authentication
Which of the ff. is the best example of remote access authentication?
A user establishes a dialup connection to a server to gain access to shared resources
You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible?
AES
Which of the ff. are true concerning the Advanced Encryption Standard (AES) symmetric block cipher? (Select two.)
AES uses a variable-length block and key length (128-, 192-, or 256-bit keys)., AES uses the Rijndael block cipher.
Which are true concerning the Advanced Encryption Standard (AES) symmetric block cypher?
AES uses the Rijndael block cipher and AES uses a variable-length block and key length (128-,192-, or 256-bit keys)
Which of the ff. algorithms are used in symmetric encryption? (Select Three.)
AES, Blowfish, 3DES
You want to allow any host from westsim.com to have access to your system. What is the correct line item you would add to the /etc/hosts.allow file to accomplish this?
ALL: .westsim.com
You want to allow any host from westsim.com to have access to your system except a system called testsvr.westsim.com. What is the correct line you would use to add to the /etc/hosts.allow file to accomplish this?
ALL: .westsim.com EXCEPT testsvr.westsim.com
Deny Permissions
ALWAYS override allow permissions
What is the average number of times that a specific risk is likely to be realized?
ARO(annualized rate of occurrence)
You have conducted a risk analysis to protect a key company asset. You identify ff. values: *Asset value = 400 *Exposure factor = 75 * Annualized Rate of Occurrence =.25 Countermeasure A has a cost of 320 and will protect the asset for four years. Countermeasure B has an annual cost of 85. An insurance policy to protect the asset has an annual premium of 90. What should you do?
Accept the risk or find another countermeasure.
Which of the ff. advantages can Single Sign-On (SSO) provide? (Select two).
Access to all authorized resources with a single instance of authentication, The elimination of multiple user accounts and passwords for an individual.
Which of the ff. terms describes the component that is generated ff. authentication and which is used to gain access to resources following logon?
Access token
A process performed in a controlled environment by a third-party which verifies that an IS meets a specific set of security standards before being granted the approval to operate is known as?
Accreditation
According to the law of large numbers, what should happen as an insurer increases the number of units insured?
Actual results will more closely approach expected results
According to the law of large numbers, what happens as the number of exposure units increases?
Actual results will more closely approach probable results
Asymmetric encryption
Aka public key encryption, uses two keys that are mathematically related. Both keys together are called the key pair. Used for data encryption, digital signing, & key exchange.
Which of the following defines system high mode?
All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system
Which of the ff. defines system high mode?
All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.
Which of the following defines system high mode?
All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.
Which of the ff. defines an acceptable use agreement?
An agreement which identifies the employee's right to use company property such as Internet access and computer equipment for personal use.
Which of the following defines an acceptable use agreement?
An agreement which identifies the employee's rights to use company property such as Internet access and computer equipment for personal use.
piggybacking
An attacker enters a secured building by following an authorized employee through a secure door without providing identification.
spear phishing
An attacker gathers personal information about the target individual in an organization.
whaling
An attacker gathers personal information about the target individual, who is a CEO.
dumpster diving
An attacker searches through an organization's trash looking for sensitive information.
phishing
An attacker sends an email pretending to be from a trusted organization, asking users to access a web site to verify personal information.
vishing
An attacker uses a telephone to convince target individuals to reveal their credit card information.
GNU Privacy Guard (GPG) and Pretty Good Privacy (PGP)
An encryption tool that encrypts emails, digitally signs emails, and encrypts documents.
Which of the ff. is a form of mathematical attack against the complexity of a cryptosystem's algorithm?
Analytic Attack
Which of the following is a form of mathematical attack against the complexity of a cryptosystem\'s algorithm?
Analytic attack
What is the average number of times that a specific risk is likely to be realized?
Annualized Rate of Occurrence
You opened the /etc/xinetd.d/telnet file and found the entry like: service telnet { only_from 192.168.0.0/24 access_time 08:00- 17:00 }
Any host on the network 192.168.0.0 can access the telnet service between 8am-5pm.
How often should change control management be implemented?
Any time a production system is altered
How often should change control management be implemented?
Any time a production system is altered.
Who may use sudo?
Any user who's properly configured in /etc/sudoers
A computer with a single Ethernet interface is behaving strangely; it's sending out lots of random network packets, which is causing congestion on your local network. How can you quickly remove the computer from the network while still allowing a local user to use the computer?
As root, type ifdown eth0 on the misbehaving computer.
Which of the ff. is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted?
Assurance
Which of the following is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted?
Assurance
A PKI is a method for managing which type of encryption?
Asymmetric
What form of cryptography is scalable for use in very large and ever-expanding environments where data is frequently exchanged between different communication partners?
Asymmetric cryptography
Which of the ff. statements is "true" when comparing symmetric and asymmetric cryptography?
Asymmetric key cryptography is used to distribute symmetric keys.
Another name for a logic bomb
Asynchronous attack
What is the purpose of the find find / type f -perm -o=x -ls command?
Audit files in the root directory that have execute permissions for others
What is the purpose of the find / type -f perm -u=S -ls command?
Audit files in the root directory that have the SUID bit set
What is the primary means by which supervisors can determine whether or not employees are complying with the organization's security policy?
Auditing
RADUIS is primarily used for what purpose?
Authenticating remote clients before access to the network is granted
Which of the ff. is the term process of validating a subject's identity?
Authentication
A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources?
Authentication and authorization.
The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?
Authority
What is the primary countermeasure to social engineering?
Awareness
All of the following are benefits to society that result from insurance EXCEPT A) less worry and fear. B) elimination of moral hazard. C) indemnification for loss. D) loss prevention.
B
All of the following are methods that a property and liability insurance company can use to protect against catastrophic losses EXCEPT A) sale of catastrophe bonds. B) purchase of common stock. C) purchase of excess-of-loss reinsurance. D) quota share reinsurance with a low retention percentage.
B
All of the following are programs to insure fundamental risks EXCEPT A) federally subsidized flood insurance. B) auto physical damage insurance. C) Social Security. D) unemployment insurance.
B
All of the following are risk management objectives prior to the occurrence of loss EXCEPT A) analysis of the cost of different techniques for handling losses. B) continuing operations after a loss. C) reduction of anxiety. D) meeting externally imposed obligations.
B
From the viewpoint of the insurer, all of the following are characteristics of an ideally insurable risk EXCEPT A) The loss must be accidental. B) The loss should be catastrophic. C) The premium must be economically feasible. D) There must be a large number of exposure units
B
Sources of information that can be used by a risk manager to identify pure loss exposures include all of the following EXCEPT A) risk analysis questionnaires. B) currency exchange rates. C) physical inspections. D) past losses.
B
Creates an agreement with a vendor to provide services on an ongoing basis
BPO - Blanket Purchase Order
Specifies a preset discounted pricing structure
BPO - Blanket Purchase Order
Which of the ff. is an important aspect of evidence gathering?
Back up all log files and audit trails
After an intrusion has occurred and the intruder has been removed from the system, which of the ff. is the best next step or action to take?
Back up all logs and audits regarding the incident
If two different messages or files produce the same hashing digest, then a collision has occurred. What form of cryptographic attack exploits this condition?
Birthday attack
Statement regarding individuals and businesses purchasing private insurance
Both individuals and businesses purchase private insurance
A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?
Botnet
Which of the ff. attacks will typically take the longest amount of time to complete?
Brute force attack
Which of the following attacks will typically take the longest amount of time to complete?
Brute force attack
In business continuity planning, what is the primary focus of the scope?
Business processes
All of the following are disadvantages of noninsurance transfers EXCEPT A) The party to whom the potential loss is transferred may be unable to pay. B) The transfer may fail because the contract language is ambiguous. C) The only potential losses that can be transferred are those that are not commercially insurable. D) The noninsurance transfer may be costly.
C
All of the following are disadvantages of using insurance in a risk management program EXCEPT A) There is an opportunity cost because premiums must be paid in advance. B) Considerable time and effort must be spent selecting and negotiating coverages. C) It results in considerable fluctuations in earnings after losses occur. D) Attitudes toward loss control may become lax when losses are insured
C
All of the following statements about captive insurers are true EXCEPT A) They may act as a profit center by insuring parties other than the parent company. B) They provide a way to obtain types of insurance that may be unavailable from commercial insurers. C) They increase the volatility of the parent company's earnings. D) They make it easier for a firm to have access to reinsurance.
C
All of the following statements about risk retention are true EXCEPT A) It may be used intentionally if commercial insurance is unavailable. B) It may be used passively because of ignorance. C) Its use is most appropriate for low-frequency, high-severity types of risks. D) Its use results in cost savings if losses are less than the cost of insurance.
C
All of the following statements about the administration of a risk management program are true EXCEPT A) The risk manager is an important part of a firm's management team. B) A risk management policy statement can be used to educate top executives about the risk management process. C) If a risk management program is properly designed, periodic review of the program is unnecessary. D) In order to properly identify loss exposures, the risk manager needs the cooperation of other departments
C
From the standpoint of the insurer, all of the following are characteristics of an ideally insurable risk EXCEPT A) The loss must be unintentional. B) The chance of loss must be calculable. C) The loss must be indeterminable. D) The loss must be measurable.
C
Which of the following statements about stock insurers is true? A) They issue assessable policies. B) They are not permitted to write property and liability insurance. C) Stockholders bear any losses and share in any profits. D) They are owned by their policy-owners.
C
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?
CHAP
Which of the ff. authentication protocols uses a three-way handshake to authenticate users to the network? (Choose two.)
CHAP and MS-CHAP
Which generates the key pair used in asymmetric cryptography?
CSP
Which of the ff. generates the key pair used in asymmetric cryptography?
CSP
In what form of key management solution is key recovery possible?
Centralized
Which of the ff. defines two-man control?
Certain tasks should be dual-custody in nature to prevent security breach.
Which does NOT result in a certificate being added to the certificate revocation list?
Certificate expiration
Which of the ff. conditions does "not" result in a certificate being added to the certificate revocation list?
Certificate expiration
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting cipher text. What type of attack is this?
Chosen plaintext
A code of ethics provides for all but which of the ff.?
Clearly defines courses of action to take when complex issue is encountered
Which of the ff. is a password that relates to things that people know, such as a mother's maiden name, or the name of a pet?
Cognitive
As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?
Collect and destroy all old plan copies
When two diff. messages produce the same hash value, what has occurred?
Collision
When two different messages produce the same hash value, what has occurred?
Collision
Need to know is required to access which types of resources?
Compartmentalized resources
By definition, which security concept ensures that only authorized parties can access data?
Confidentiality
For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?
Configure account lockout policies in Group Policy
You want to make sure that all users have passwords over 8 character and that passwords must be changed every 30 days. What should you do?
Configure account policies in Group policy
You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?
Configure day/time restrictions in the user accounts
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the ff. would be a required part of your configuration?
Configure the remote access servers as RADIUS clients.
Which of the ff. terms restricts the ability of a program to read and write to memory according to its permissions or access level?
Confinement
Which of the following terms restricts the ability of a program to read and write to memory according to its permissions or access level?
Confinement
The Brewer-Nash model is designed primarily to prevent?
Conflicts of interest
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occuring in the future. What else might you be legally required to do?
Contact your customers to let them know of the security breach
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do?
Contact your customers to let them know of the security breach
What are consequences of long-term disability?
Continuing medical expenses, and loss or reduction of employee benefits
The Clark-Wilson model is primarily based on?
Controlled intermediary access applications
Which statement about a company's cost of risk is (are) true?
Cost of risk includes insurance premiums and retained losses, reducing the cost of risk increases profitability.
Which of the following statements about Lloyd's of London is true?
Coverage is actually written by syndicates who belong to Lloyd's of London.
A customer just received a phone bill on which there were charges for unauthorized services. This customer is a victim of which type of attack?
Cramming
Which of the following phone attacks adds unauthorized charges to a telephone bill?
Cramming
You want to ensure that all users in the Development OU use specific network communication security settings when transmitting files. Which method should you use?
Create a GPO computer policy for the computers in the Development OU.
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?
Create a checksum using a hashing algorithm
Hashing algorithms are used to perform what activity?
Create a message digest
How would you enable the rsync service to be managed by the xinetd super daemon?
Create the rsync file in the /etc /xinetd.d
Which of the ff. is an example of privilege escalation?
Creeping privileges
Which of the ff. is "not" a protection against collusion?
Cross training
) All of the following are social costs associated with insurance EXCEPT A) insurance company operating expenses. B) fraudulent claims. C) inflated claims. D) increased cost of capital.
D
) Which of the following statements about the exclusive agency system for marketing property and liability insurance is true? A) Exclusive agents typically have complete ownership of policy expirations. B) A higher commission rate is usually paid on exclusive agents' renewal business than on new business. C) Exclusive agents represent several different insurance companies. D) New exclusive agents usually start as employees and after a training period become independent contractors.
D
33) Amy heads the legal staff of a large property and liability insurance company. Amy's staff is likely involved in all of the following activities EXCEPT A) reviewing policy wording before policies are adopted and marketed. B) recouping subrogation recoveries from third parties who injured individuals insured by Amy's company. C) providing legal advice about marketing, taxation, and insurance law. D) reviewing applications to determine if the company should insure the risk. Answer: D
D
All of the following are characteristics of the liability risk that most people face EXCEPT A) a lien may be placed on your income and assets to satisfy a legal judgment. B) substantial legal expenses may be incurred defending the claim. C) there is no upper limit on the amount of the loss. D) owning liability insurance eliminates the possibility of being held legally liable.
D
All of the following are considered financial risks EXCEPT A) the decline in the value of a bond portfolio because of rising interest rates. B) increased cost of production because of rising commodity prices. C) loss of money because of adverse movements in currency exchange rates. D) destruction of a production facility caused by an explosion.
D
All of the following are examples of personal risks EXCEPT A) poor health. B) unemployment. C) premature death. D) flood.
D
All of the following are potential advantages of retention EXCEPT A) lower expenses. B) increased cash flow. C) encouragement of loss prevention. D) protection from catastrophic losses.
D
All of the following statements about avoidance are true EXCEPT A) Certain loss exposures are never acquired. B) Certain loss exposures may be abandoned. C) The chance of loss for certain loss exposures may be reduced to zero. D) It can be used for any loss exposure facing a firm.
D
Which of the following statements about mutual insurers is true? A) They are legally organized as partnerships. B) They have a board of directors which is selected by state insurance departments. C) They are owned by their stockholders. D) They may pay dividends to their policy-owners.
D
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
DAC
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
DAC
Which of the following commands will you use to delete the record where the FirstName is "Richard" from the employee table?
DELETE FROM employee WHERE FirstName="Richard"
Which encryption mechanisms offers the least security because of weak keys?
DES
Which of the ff. encryption mechanism offers the least security because of weak keys?
DES
How would you delete the table called deleteme from a SQL database?
DROP TABLE deleteme;
Which of the ff. defines an object as used in access control?
Data, applications, systems, networks, and physical space.
The requirement that losses should be accidental and unintentional in order to be insurable results in which of the following?
Decrease in moral hazard, more accurate prediction of future losses
Which is the operating mode of a system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have that same specific clearance level as well as all of the need to know over all the data on the system?
Dedicated
Which is the operating mode of a system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have the same specific clearance level as well as all of the need to know over all the data on the system?
Dedicated
Which of the ff. is the best protection against security violations?
Defense in depth
To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?
Delphi method
All of the following are current trends of the corporate structure of mutual insurers
Demutualization of some insurers, increase in company mergers, formation of mutual holding companies.
Which of the ff. is "not" a valid response to a risk discovered during a risk analysis?
Denial
Who is assigned the task of judging the security of a system or network and granting it an approval to operate?
Designated Approving Authority
Who is assigned the task of judging the security of a system or network granting it an approval to operate?
Designated Approving Authority
RSA
Developed by Rivest, Shamir, & Adleman and uses multiplication of large prime numbers. - Asymmetric
Which type of password attack employs a list of pre-defined passwords that it tries against a logon prompt or a local copy of a security accounts database?
Dictionary
Which type of password attack employs a list of predefined passwords that it tries against a logon prompt or a local copy of a security accounts database?
Dictionary
Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5 or any other symmetric cryptography solution?
Diffie- Hellman
Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5 or any other symmetric cryptography solution?
Diffie-Hellman
Which of the following is a minimal requirement in order to employ S/MIME?
Digital Certificate. S/MIME authenticates using digital signatures which are a form of digital certificates.
Which of the ff. is a direct protection of integrity?
Digital Signature
Which of the following is a direct protection of integrity?
Digital Signature
What is the most obvious means of providing non-repudiation in a cryptography system?
Digital signatures
What should be done to a user account if the user goes on an extended vacation?
Disable the account
When informing an employee that they are being terminated, what is the most important activity?
Disabling their network access
During a recent site survey, you find a rogue wireless access point on your network. Which of the ff. actions should you take first to protect your network, while still preserving evidence?
Disconnect the access point from the network
Which of the ff. is "not" an element of the termination process?
Dissolution of the NDA
The best way to initiate solid administrative control over an organization's employee is to have what element in place?
Distinct job descriptions
An automobile that is a total loss as a result of a collision is an example of which of the following types of risk
Diversifiable risk
When conducting a forensic investigation, and assuming that the attack has been stopped, which of the ff. actions should you perform first?
Document what's on the screen
When conducting a forensic investigation, which of the ff. initial actions is appropriate for preserving evidence?
Document what's on the screen
Which of the ff. statement is true regards to risk analysis? (Select two)
Don't implement a countermeasure if the cost is greater than loss, Annualized Rate of Occurrence (ARO) identifies how often in a single year the successful threat attack will occur.
Which of the following is the employmentof two separate key pairs in order to separate the security functions of confidentiality and integrity in a communication system?
Dual key pair
Which of the ff. are examples of social engineering? (Select two.)
Dumpster diving, Shoulder surfing
Secure Multi-Purpose Internet Mail Extensions (S/MIME) is used primarily to protect what?
E-mail attachments
Which of the ff. is a representative example of an assigned level of a system that was judged through Common Criteria?
EAL5
Which of the following is a representative example of an assigned level of a system that was judged through Common Criteria?
EAL5
Which IPSec subprotocol provides data encryption?
ESP. Encapsulating Security Payload protocol provides data encryption for IPSec traffic.
How can an organization help prevent social engineering attacks? (Select two.)
Educate employees on the risks and countermeasures, Publish and enforce clearly-written security polices
How can an organization help prevent social engineering attacks? (Select two.)
Educate employees on the risks and countermeasures. Publish and enforce clearly-written security policies.
Which form of asymmetric cryptography is based upon Diffie-Hellman?
El Gamal
Which of the ff. is "not" part of security awareness training?
Employee agreement documents.
You would like to implement bitlocker to encrypt data on a hard disk even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external usb device. What should you do?
Enable TPM in the BIOS. The system startup key can be saved in the TPM.
Which of the ff. is not important aspect of password management?
Enable account lockout
You manage a Linux server that only occasionally and at random times needs to provide ftp services. To save on resources, you want to only have the ftp service running when it is needed and stopped the rest of the time. Which of the following solutions would satisfy these requirements with the least amount of effort?
Enable the ftp service to be managed by the xinted service
ESP
Encapsulating Security Protocol provides data encryption for IPSec traffic.
Block Cipher
Encrypt by transposing plaintext to cipher text in chunks (block-by-block) - Symmetric Encryption
Whole disk encryption (Bitlocker)
Encrypts the entire contents of the OS partition, including OS files, swap files, hibernation files, and alk user files. It uses integrity checking early in the boot process to ensure the drive contents have not been altered, and the drive is in the original computer.
Which of the ff. is a characteristic of TACACS+?
Encrypts the entire packet, not just authentication packets
You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.)
Enforce password history, Minimum password age
In an Identity Management System, What is the function of the Identity Vault?
Ensure that each employee has the appropriate level of access in each system.
You want to limit telnet access to three specific users. How can you best accomplish this?
Enter IP address entries for all three users in the /etc/hosts.allow file
Enterprise risk includes financial risk (no answer)
Enterprise risk does not include financial risk (no answer)
Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?
Establish and enforce a document destruction policy
protect root user
Every Linux system has root user so when we remotely login into it then it should not go to root user, it should create another user
Cryptography
Exam Questions 3.1.5
Cryptography
Exam Questions 3.2.4
Cryptography
Exam Questions 3.3.5
Cryptography
Exam Questions 3.4.3
Cryptography
Exam Questions 3.5.8
Cryptography
Exam Questions 3.6.4
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access.
Explicit allow, implicit deny
Which of the ff. terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
False negative
Which of the following are denial of service attacks?
Fraggle & Smurf
Which of the following will enter random data to the inputs of an application?
Fuzzing
What is the main function of a TPM hardware chip?
Generate and store cryptographic keys
Which of the ff. is a recommendation to use when a specific standard or procedure does not exist?
Guideline
Which is used to verify that a downloaded file has not been altered?
Hash
Which of the ff. is used to verify that a downloaded file has not been altered?
Hash
A birthday attack focuses on what?
Hashing algorithms
Mr. White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group to access to a special folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Mr. White log off and log back on
Which of the following are characteristics of a rootkit
Hides itself from detection, requires administrator-level privileges for installation, resides below regular antivirus software detection, might not be malicious, often replaces operating system files with alternative versions that allow hidden access
Which of the ff. is a common form of social engineering attack?
Hoax virus information e-mails.
Which of the following is a common form of social engineering attack?
Hoax virus information e-mails.
Which super daemon is most commonly found in modern Linux distributions?
xinetd
Which of the following is an advantage of xinetd or inetd?
xinetd uses separate configuration files for each managed service
Which of the following commands is used to obtain detailed technical information about a specific window?
xwininfo
Which of the ff. password attacks adds appendages to known dictionary words?
Hybrid
Which password attack adds appendages to known dictionary words?
Hybrid
Which of the ff. symmetric block ciphers does not use a variable block length?
IDEA (International Data Encryption Algorithm)
The PGP or Pretty Good Privacy encryption utility relies upon what algorithms? (Select two.)
IDEA, 3DES
Which of the ff. can be used to encrypt Web, e-mail, telnet, file transfer, and SNMP traffic?
IPSec (Internet Protocol Security)
Which of the following can be used to encrypt Web, e-mail, telnet, file transfer, and snmp traffic?
IPSec (Internet Security Protocol). It supports any traffic supported by the IP protocol.
Documents how the networks will be connected
ISA - Interconnection Security Agreement
Computer policies include a special category called user rights. Which action do they allow an administrator to perform?
Identify users who can perform maintenance tasks on computers in the OU.
To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where should it be submitted?
Identifying data and a certification request to the registration authority (RA)
To obtain a digital certificate and participate in a Public Key Infrastructure(PKI), what must be submitted and where should it be submitted?
Identifying data and a certification request to the registration authority (RA)
A risk manager is concerned with
Identifying potential losses, selecting the appropriate techniques for treating losses
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
Identity
Which statement is true regarding application of GPO settings?
If a settings is defined in the Local Group Policy on the computer and not defined in the GPO linked to the OU, the settings will be applied.
As you are helping a user with a computer problem you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the ff. settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Require complex password that include numbers and symbols Account lockout clipping level = 3 Which of the ff. is the best action to take to make remembering passwords easier so that she no longer has to write the password down?
Implement end-user training.
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone not on the list?
Implicit deny
Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment?
Improve and hold new awareness sessions
What is the primary purpose of imposing software life cycle management concepts?
Increase the quality of software
What is the primary purpose of imposing software life cycle management concepts?
Increase the quality of software.
You are working on a Linux computer. One of the keys of the keyboard is not functioning properly. You have been asked to complete an assigned task within an hour and you do not have any spare keyboard. What will you do to solve this issue?
Install and use GOK.
difference between insurance and hedging is?
Insurance involves the transfer of insurable risk while hedging handles risk that is typically uninsurable.
Which of the following statements regarding insurance and gambling is (are) true?
Insurance is used to handle existing pure risks, while gambling creates a new speculative risk
Which symmetric block ciphers does NOT use a variable block length?
International Data Encryption Algorithm (IDEA)
Which is true of Triple DES (3DES)?
Is used in IPSec & uses a 168-bit key
Why is a large number of exposure units generally required before a pure risk is insurable?
It enables the insurer to predict losses more accurately
A shell script references the variable $0 (that's a numeric 0, not the letter O). What is the meaning of this variable?
It holds the name of the script, as run by the user.
Why would you want to use shadow passwords?
It improves password security by using better encryption and blocking direct user access to the passwords.
Which of the following statements are true about the xdmcp protocol? Each correct answer represents a complete solution. Choose two.
It supports graphical login for the remote host on the network. It authenticates with the display manager in a plain text.
An insurance company estimates its objective risk for 10,000 exposures to be 10 percent. Assuming the probability of loss remains the same, what would happen to the objective risk if the number of exposures were to increase to 1 million?
It would decrease to 1 percent
You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement?
Job rotation
Which of the ff. is "not" an accepted countermeasure to strengthen a cryptosystem?
Keep the cryptosystem a secret
Which of the ff. authentication methods uses tickets to provide single sign-on?
Kerberos
Which of the ff. protocols uses port 88?
Kerberos
Which of the ff. are examples of Single Sign-on authentication (Select two).
Kerberos, SESAME
When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred?
Key clustering
Which is NOT true concerning symmetric key cryptography?
Key management is easy when implemented on a large scale
Which of the ff. is not true concerning symmetric key cryptography?
Key management is easy when implemented on a large scale.
Which of the following is not true concerning symmetric key cryptography?
Key management is easy when implemented on a large scale.
In which type of attack does the attacker have access to both the plain text and the resulting cipher text, but does not have the ability to encrypt the plain text?
Known plaintext
Which of the ff. authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?
LANMAN
Which of the ff. protocols uses ports 389 and 636?
LDAP
What effect does the ulimit -t 600 command have on a Linux system?
Limits CPU time for a process to 10 minutes
Within the /etc/security/limits.conf file you notice the following entry: @guests hard maxlogins 3 What effect does the line have on the Linux system?
Limits the number of max logins from a guest group to three
Within the "/etc/security/limits.conf file", you notice the ff. entry: @guest hard maxlogins 3
Limits the number of max logins from the guest group of three.
Which of the ff. is the single best rule to enforce when designing complex passwords?
Longer passwords
Loss control includes what two things?
Loss reduction and loss prevention
Which of the following types of loss exposures may be appropriately handled through the purchase of insurance?
Low frequency high severity
In which form of access control environment is access controlled by rules rather than by identity?
MAC
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
MAC
What is the weakest having algorithm?
MD5
Which of the ff. is the weakest hashing algorithm?
MD5
Provides a summary of which party is responsible for performing specific tasks
MOU - Memorandum of Understanding
What is the primary goal of business continuity planning?
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
What is another name for a backdoor that was left in a product by the manufacturer by accident?
Maintenance hook
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first?
Make a bit-level copy of the disk
You work as a Network Administrator for Perfect solutions Inc. You decided that some users must not access the telnet service. Which of the following files will you use to get the task done without adding unrelated restrictions?
Make an entry listing those users in the /etc/hosts.deny file.
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature?
Mary's private key
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to recreate the digital signature?
Mary's private key
You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attemps. Which policies should you configure? (Select two.)
Minimum password length, Account lockout threshold
When recovery is being performed due to disaster, which services are to be stabilized first?
Mission critical
Which of the ff. is a feature of MS-CHAP v2 that is not included in CHAP?
Mutual authentication
When is the best time to apply for a certificate renewal?
Near the end of the certificate's valid lifetime
Which of the ff. principles is implemented in a mandatory access control model to determine access to an object using classification levels?
Need to know
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?
Negligence
When is a BCP or DRP design and development actually completed?
Never
Which is the star property of Bell-LaPadula?
No write down
Which of the ff. is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information?
Non-disclosure agreement
When a sender encrypts a message using their own private key, what security service is being provided to the recipient?
Non-repudiation
You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?
Obtain a certificate from a public PKI.
Disable VPN configurations that allow partner access to your network.
Off-Boarding
Disable the domain trust relationship between networks.
Off-Boarding
Compare your organization's security policies against the partner's policies
On-Boarding
Identify how privacy will be protected.
On-Boarding
Draft an ISA.
On-boarding
How many keys are used with symmetric key cryptography?
One
What is the primary difference between impersonation and masquerading?
One is more active, the other is more passive
Which encryption method combines a random value with the plain text to produce the cipher text?
One-time pad
Which of the ff. encryption methods combines a random value with the plain text to produce the cipher text?
One-time pad
Communicate vulnerability assessment findings with the other party.
Ongoing Operations
Conduct regular security audits.
Ongoing-operations
What technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large complex environments?
Online Certificate Status Protocol
SHA-1 uses which bit length hashing algorithms?
Only 160-bit
SHA-1 uses which of the ff. bit length hashing algorithms?
Only 160-bit
Which policy specifically protects PII
PRIVACY
Which of the ff. is the most common form of authentication?
Password
You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next?
Perform a memory dump
Chap performs which of the ff. security functions?
Periodically verifies the identity of a peer using a three-way handshake.
Which of the following is a result of adverse selection?
Persons most likely to have losses are also most likely to seek insurance at standard rates.
Which of the ff. is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
Phishing
Which of the ff. are examples of Type II authentication credentials? (Select two).
Photo ID, Smart card
Which of the ff. is a high-level, general statement about the role of security in the organization?
Policy
Which of the following is a high-level, general statement about the role of security in the organization?
Policy
Preloss objectives of risk management include what two things?
Preparing for potential losses in the most economical way, reduction of anxiety
By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized?
Pretexting
What is the primary purpose of separation of duties?
Prevent conflicts of interest
What is the primary purpose of change control?
Prevent unmanaged change
Separation of duties is an example of which type of access control?
Preventive
By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?
Principle of least privilege
HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?
Privacy
Which of the ff. policies specifically protects PII?
Privacy
Which policy specifically protects PII?
Privacy
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?
Private keys
What of the following is one effect caused by the following line in a system bash startup script accomplish? ulimit -Sc 0
Programs launched from bash won't create core files if they crash unless the user overrides this setting with another use of ulimit's -c option.
In which phase of the system life cycle is security integrated into the product?
Project initiation
In which phase of the system life cycle is security integrated into the project?
Project initiation
What is the primary use of Secure Electronic Transaction (SET)?
Protect credit card information transmissions
Which of the ff. components of the Common Criteria (CC) evaluation system is a document written by a user or community that identifies the security requirements for a specific purpose?
Protection Profile (PP)
Which of the following components of a Common Criteria (CC) evaluation system is a document written by a user or a community that identifies the security requirements for a specific purpose?
Protection Profile (PP)
Authentication Header (AH)
Provides message integrity through authentication, verifying that data are received unaltered from the trusted destination. AH provides no privacy and is often combined with ESP to achieve integrity and confidentiality.
Which of the ff. items are contained in a digital certificate? (Select two.)
Public Key, Validity period
Which two items are contained in a digital certificate?
Public key and validity period
When analyzing assets, which analysis method assigns financial values to assets?
Quantitative
Which of the ff. are differences between RADIUS and TACACS+?
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used?
RBAC
Which of the ff. symmetric cryptography systems can have a key size of 0 bits?
RC5
Which symmetric cryptography systems can have a key size of 0 bits?
RC5
Which version of Rivest Cipher is a block cipher that supports variable bit length keys and variable bit block sizes?
RC5
Which version of the Rivest Cipher is a block cipher that supports variable bit length keys and variable bit block sizes?
RC5
Which public key encryption system does PGP (Pretty Good Privacy) use for key exchange signatures?
RSA
Which are used in asymmetric encryption?
RSA & Diffie-Hellman
Which of the following protocols are most likely used with digital signatures? (Select two)
RSA & ECC. Digital signatures use asymmetric encryption, rsa and ecc are asymmetric.
Which of the ff. algorithms are used in asymmetric encryption? (Select two.)
RSA, Diffie-Hellman
Which of the ff. best describes the concept of due care or due diligence?
Reasonable precautions, based on industry best practices, are utilized and documented.
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the ff. actions is most likely to destroy critical evidence?
Rebooting the system
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?
Recovery agent
Which of the ff. is an entity that accepts and validates information contained within a request for a certificate?
Registration authority
Which of the following is a key feature of Light Display Manager (LightDM)?
Remote Login
What does a remote access server use for authorization?
Remote access policies
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?
Residual risk
In addition to marketing life insurance, life insurers typically sell what products?
Retirement annuities, disability income insurance
Which of the ff. is "not" used by the reference monitor to determine levels of access?
Ring architecture
Which of the following is NOT used by the reference monitor to determine levels of access?
Ring architecture
Which of the following is not used by the reference monitor to determine levels of access?
Ring architecture
Common symmetric cryptography methods
Rivest Cipher (RC), International Data Encryption Algorithm (IDEA), Carlisle Adams Stafford Tavares (CAST), Twofish, Blowfish, Data Encryption Standard (DES), Triple DES (3DES), Advanced Encryption Standard (AES)
Which access control model manages rights and permissions based on job description and responsibilities?
Role Based Access Control (RBAC)
Which form of access control is based on job descriptions?
Role-based access control (RBAC)
In the certificate authority trust model known as a hierarchy, where does trust start?
Root CA.
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?
SASL
What is the strongest hashing algorithm?
SHA-1
Which does not or cannot produce a hash value of 128 bits?
SHA-1
Which of the ff. does not or cannot produce a hash value of 128 bits?
SHA-1
Which of the ff. is the strongest hashing algorithm?
SHA-1
Defines how disputes will be managed
SLA - Service Level Agreement
Specifies exactly which services will be performed by each party
SLA - Service Level Agreement
Which of the following is the most secure remote text-mode access tool?
SSH
Which security mechanism can be used to harden or protect e-commerce traffic from Web servers?
SSL
Protocols that are used with Asymmetric Encryption
SSL/TLS, IPSEC, VPNs (PPTP, L2TP, SSTP), S/MIME and PGP for email security, SSH tunnels
Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message?
Sam's public key
Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt three message?
Sam's public key
Fraggle
Same as smurf but uses UDP packets directed to port 7 echo and port 19 character generation.
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization?
Sanitization
The strength of a cryptosystem is dependent upon which of the ff.?
Secrecy of the key
The strength of a cryptosystem is dependent upon?
Secrecy of the key
Digital envelope
Secure data transmission uses asymmetric encryption to protect the msg. from hackers.
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to verify the integrity of the transmission?
Sender's public key
Who has the responsibility for the development of a security policy?
Senior Management
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
Separation of duties
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?
Separation of duties
Which of the ff. is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its client?
Service level agreement
What is the effect of the ff. command? chage -M 60 -W 10 jsmith?
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires.
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which method should you use to best prevent extracting data from the discs?
Shredding
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the ff. methods should you use to best prevent extracting data from the discs?
Shredding
Salami
Small amounts of info, data, or valuables are taken over time. The result is to construct or obtain data or property of great value.
Which of the ff. is a hardware device that contains identification information and which can be used to control building access or computer logon?
Smart Card
Dictionary attacks are often more successful when performed after what reconnaissance action?
Social engineering
Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?
Social validation
In which phase of the system life cycle is software testing performed?
Software development
In an Identity Management System, What is the function of the Authoritative Source?
Specify the owner of a data item.
Smurf
Spoofs the source address in ICMP packets and sends the ICMP packets to a bounce site. The bounce site then responds to thoudands of messages the victim site didn't send.
Which form of cryptanalysis focuses on the weaknesses in the supporting computing platform as a means to exploit and defeat encryption?
Statistical attack
Which form of cryptoanalysis focuses on the weaknesses in the supporting computing platform as a means to exploit and defeat encryption?
Statistical attack
What is the cryptography mechanism which hides secret communication within various forms of data?
Steganography
What is the cryptography mechanism which hides secret communications within various forms of data?
Steganography
Which of the ff. development modes is a method used by programmers while writing programs that allows for optimal control over coherence, security, accuracy, and comprehensibility?
Structured programming
Which of the following development modes is a method used by programmers while writing programs that allows for optimal control over coherence, security, accuracy, and comprehensibility?
Structured programming
The Enigma machine, a cryptographic toll introduced in 1944 & used in WW2, encrypted messages by replacing characters for plain text. Which type of cipher does the Enigma machine use?
Substitution
The Enigma machine, a cryptographic tool introduced in 1944 and used in WW2, encrypted messages by replacing characters for plain text. Which type of cipher does the Enigma machine use?
Substitution
What form of cryptography is "not" scalable as a stand-alone system for use in very large and ever expanding environments where data is frequently exchanged between different communication partners?
Symmetric cryptography
When protection of the content of a message is required, which cryptography solutions should be employed?
Symmetric encryption
When protection of the content of a message is required, which of the ff. cryptography solutions should be employed?
Symmetric encryption
What form of cryptography is best suited for bulk encryption because it is so fast?
Symmetric key cryptography
Which of the ff. forms of cryptography is best implemented in hardware?
Symmetric steam
Which form of cryptography is best implemented in hardware?
Symmetric stream
A device which is synchronized to an authentication server is which type of authentication?
Synchronous token
In which phase of the system life cycle is software testing performed?
System Development
You are teaching new users about security and passwords. Which example of the passwords would be the most secure password?
T1a73gZ9
Which of the ff. protocols can be used to centralize remote access authentication?
TACACS
Which of the ff. are methods for providing centralized authentication, authorization for remote access? (Select two.)
TACACS+ , RADIUS
Which of the ff. communication encryption mechanisms has a specific version for wireless communications?
TLS (Transport Layer Security)
Which of the ff. technologies is based upon SSL (Secure Sockets Layer)?
TLS (Transport Layer Security)
Which of the ff. terms describes the product that is evaluated against the security requirements in the Common Criteria (CC) evaluation system?
Target of Evaluation (TOE)
Which of the following terms describes the product that is evaluated against the security requirements in the Common Criteria (CC) evaluation system?
Target of Evaluation (TOE)
Which of the ff. are typically associated with human resource security policies? (Select two.)
Termination, Background checks
Immediately expire user password
The -e flag tells the passwd command to immediately expire the user's password.
Which of the following best describes the Security Target (ST) in the Common Criteria (CC) evaluation system?
The ST is a document that describes the security properties of a security product
Which of the ff. best describes the Security Target (ST) in the Common Criteria (CC) evaluation system?
The ST is a document that describes the security properties of a security product.
You have implemented lockout with a clipping level of 4. What will be the effect of this setting?
The account will be locked after 4 incorrect attempts.
JKL Insurance Company estimates that 14 out of every 100 homeowners it insures will file a claim each year. Last year, JKL insured 200 homeowners. According to the law of large numbers, what should happen if JKL insures 2,000 homeowners this year?
The actual results will more closely approach the expected results
Cryptosystem
The associated items of cryptography that are used as a unit to provide a single means of encryption and decryption
Fill in the blank with the appropriate command name.
The atq command is used to list the user's jobs scheduled by the at command.
Which of the ff. best describes a side-channel attack?
The attack is based on information from the physical implementation of a cryptosystem.
Describe a side-channel attack
The attack is based on information gained from the physical implementation of a cryptosystem.
Two factors a risk manager must consider in selecting an insurer
The availability of risk management services, the financial strength of the insurer.
If a birthday attack was successful, meaning the attacker discovers a password that generates the same hash a that captured from a users logon credentials, which is true?
The discovered password will allow the attacker to log on as the user, even if it is not the same as the users password and a collision has occurred
What is an excess insurance plan?
The insurer does not participate in a loss until it exceeds the amount the firm has decided to retain.
What is implied by the requirement that a loss should be determinable and measurable to be insurable?
The loss must be definite as to place, the loss must be definite as to amount
Characteristic of a fortuitous loss
The loss occurs as a result of chance
XYZ Insurance Company writes coverage for most perils which can damage property. XYZ, however, does not write flood insurance on property located in flood plains. Which requirement of an ideally insurable risk might be violated if XYZ wrote flood insurance on property located in flood plains?
The loss should not be catastrophic
In the following syslog.conf file, which of the following statements correctly describes the facility and priority? news.notice /var/log/news
The news is the facility and the notice is the priority.
Which of the ff. defines the crossover rate for evaluating biometric systems?
The point where the number of false positives matches the number of false negatives in a biometric system.
Two reasons why market, financial, and production risks are often uninsurable
The potential to produce a catastrophic loss is great, the chance of loss cannot be accurately estimated
Input validation
The process of ensuring that a program operates on clean, correct and useful data. It uses routines that check for correctness, meaningfulness, and security of data that are input to the system.
Application Hardening
The process of preventing exploitation of vulnerabilities in software applications
Key Space
The range of possible values that can be used to construct a key. Generally - the longer the space the stronger the encryption
Your company security policy requires separation of duties for all network security matters. Which of the ff. scenarios best describes this concept?
The system administrator configures remote access privileges and the security officer reviews and activates each account
The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the ff. best describes compliance testing?
The testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies.
Which of the ff. best defines Single Loss Expectancy (SLE)?
The total monetary loss associated with a single occurrence of a threat
Method by which insurers may minimize or avoid catastrophic losses include which of the following?
The use of reinsurance
MD-5
The weakest hashing algorithm. It produces a message digest of 128 bits. The larger the message digest the more secure the hash. SHA-1 produces 160 bit.
Which of the following statements are true about the xinetd service? Each correct answer represents a complete solution. Choose three.
The xinetd service allows access control mechanism. The xinetd directory contains a list of configuration files for each service. Each service using xinetd can store the configuration in a separate file.
The insurance industry as a source of investment funds?
These funds result in a lower cost of capital than would exist in the absence of insurance, These funds tend to promote economic growth and full employment.
Why are some mutual insurers referred to as "assessment mutuals"?
They can assess policy-owners if premiums are insufficient to pay losses and expenses
Which of the following statements about speculative risks is true? A) They are almost always insurable by private insurers. B) They are more easily predictable than pure risks. C) They may benefit society even though a loss occurs. D) They involve only a chance of loss.
They may benefit society even though a loss occurs
Why are brute force attacks always successful?
They test every possible valid combination
When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated?
Through historical data provided by insurance companies and crime statistics.
When using Kerberos authentication, which of the ff. terms is used to describe the token that verifies the identity of the user to the target system?
Ticket
A user has just authenticated using Kerberos. What object is issued to the user immediately following logon?
Ticket granting ticket
Which of the ff. are required when implementing Kerberos for authentication and authorization? (Select two.)
Time synchronization, Ticket granting server
What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year?
To check for evidence of fraud
How to give user permission to use sudo command
To give permission, we need to update /etc/sudoers.d/ because system updates could overwrite /etc/sudoers file and all your settings will be lost. But sudoers.d is not updated by system updates copy the file of a user that has permission and save the new file with the name of the user that wants permission and open and edit the file by adding the username
What is the main purpose of the xinted service?
To listen on behalf of different network services and to start and stop them on demand
What is the primary purpose of source code escrow?
To obtain change rights over software after the vendor goes out of business
What is the purpose of key escrow?
To provide a means to recover from a least private key
What is the purpose of key escrow?
To provide a means to recover from a lost private key
What is the function of Nmap?
To scan computers for open ports
Which of the ff. is an example of three-factor authentication?
Token device, Keystroke analysis, Cognitive question
Purchasing insurance is what type of response to risk?
Transference
Which type of cipher changes the position of characters in a plain text message?
Transposition
Which type of cipher changes the position of the characters in a plain text message?
Transposition
Algorithm Examples
Transposition cipher, substitution cipher, code, one-time pad
The aspect of certificates that makes them a reliable and useful mechanism for proving the identity of a person, system, or service on the internet
Trusted third-party
Which aspect of certificates makes them a reliable and useful mechanism for providing the identity of a person, system, or service on the Internet?
Trusted third-party
How many keys are used with Public Key Cryptography?
Two
How many keys are used with asymmetric or public key cryptography?
Two
True statement about chance of loss and risk
Two individuals may perceive differently the risk inherent in a given activity
A program's instructions say that the $FIRMWARE environment variable must be set to /lib/firmware/tp9173.fw. How can you verify that this is so?
Type echo $FIRMWARE and verify that the command displays /lib/firmware/tp9173.fw.
In a cryptosystem, what properties should the initialization vector have?
Unpredictable and large
In a cryptographic system, what properties should the initialization vector have? (Select two.)
Unpredictable, Large
Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication?
Use SSL.
Stream Cipher
Use a sequence of bits known as a keystream which is the key used for encryption. The encryption is performed on each bit within the stream in real time. - Symmetric Encryption
Which parameter of the /etc/inetd.conf file determines user permissions when network daemons access the file system?
User
Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
User ACL
Which of the ff. information is typically not included in an access token?
User account password
What is the most effective means of improving or enforcing security in any environment?
User awareness training
You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again?
User awareness training
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration?
User cannot change the password for 10 days.
Which of the ff. Identification and authentication factors are often well-known or easy to discover by others on the same network or system?
Username
Which of the ff. is used for identification?
Username
Which of the ff. is "not" true regarding to S/MIME?
Uses IDEA encryption
Which of the ff. are characteristics of TACACS+? (Select two.)
Uses TCP, Allows for a possible of three different servers, one each for authentication, authorization, and accounting.
Which of the ff. are true of Triple DES (3DES)? (Select two.)
Uses a 168-bit key, Is used in IPSec
Which of the ff. are characteristics of ECC? (Select two.)
Uses a finite set of value within an algebraic field, Asymmetric encryption
Eliptic Curve Cryptography (ECC)
Uses a finite set of values w/in an eliptic curve (algebraic set of numbers). Considered a more efficient method of an encryption. - Asymmetric
Which of the following are characteristics of ECC?
Uses a finite set of values within an algebraic field & asymmetric encryption
Which of the following defines layering in regards to system access control?
Various tasks are divided into a hierarchical manner to provide security
Which of the ff. defines layering in regards to system access control?
Various tasks are divided into a hierarchical manner to provide security.
Which of the ff. is an action which must take place during the release stage of the SDLC?
Venders develop and release patches in response to exploited vulnerabilities that have been discovered.
Which of the following is an action which must take place during the release stage of the SDLC?
Vendors develop and release patches in response to exploited vulnerabilities that have been discovered
Your organization entered into anInteroperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.) 1 Negotiate the BPO agreement. 2 Verify compliance with the A documents. 3 Conduct periodic vulnerability assessments. 4 Disable user and groups accounts used by the partner organization to access your organization's data. 5 Draft an MOU document.
Verify compliance with the A documents. Conduct periodic vulnerability assessments.
You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service. What should you do?
Verify that the e-mail was sent by the administrator and that this new service is legitimate.
You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service. What should you do?
Verify that the e-mail was sent by the administrator and that this new service is legitimate.
You've just received an e-mail message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. What should your first action based on this message be?
Verify the information on well-known malicious code threat management Web sites
You've got just received an e-mail messages that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. What should your first action based on the message be?
Verify the information on well-known malicious code threat management Web sites.
What is the best definition of a security incident?
Violation of security policy
Which of the ff. social engineering attacks are use Voice over IP (VoIP) to gain sensitive information?
Vishing
Which Internet connectivity method sends voice phone calls using the TCP/IP protocol over digital data lines?
VoIP
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations?
WSUS & Group Policy
Windows Software Update Service
WSUS is a patch management tool that allows clients on a network to download software updates from a WSUS internal server to their organization
The presence of unapproved modems on desktop systems gives rise to the LAN being vulnerable to which of the following?
War Dialing
Bob Jones used the RC5 cryptosystem to encrypt a sensitive and confidential file on his notebook. He used 32 bit blocks, a 64 bit key, and he only used the selected key once. He moved the key onto a USB hard drive which was stored in a safe deposit box. Bob's notebook was stolen. Within a few days Bob discovered the contents of his encrypted file on the Internet. What is the primary reason why Bob's file was opened so quickly?
Weak key
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) can be used to provide security for what type of traffic?
Web
A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. What type of an attack best describes the scenario?
Whaling
When would choosing to do nothing about an identified risk be acceptable?
When the cost of protecting the asset is greater than the potential loss
Which of the ff. is an example of a decentralized privilege management solution?
Workgroup
You have just downloaded a file. Your create a hash of the file and compare it to the hash posted on the Web site. The two hashes match. What do you know about the file?
Your copy is the same as the copy posted on the website
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the Website. The two hashes match. What do you know about the file?
Your copy is the same as the copy posted on the website.
Symmetric key encryption
a form of cryptography that provides confidentiality with a weak form of authentication or integrity (one key to encrypt/decrypt data)
The unearned premium reserve of an insurer is
a liability representing the unearned portion of gross premiums on outstanding policies
Cipher text
a message in a form that makes it unreadable to all but those for whom the message was intended
Cryptographer
a person who develops ways of converting plaintext to cipher text
User rights
a privilege or action that can be taken on the system, ie logging on, shutting down the system, backing up the system, etc.
Plaintext
a readable message
An individual's personal estimate of the chance of loss is
a subjective probability
Job rotation
a technique where users are cross-trained in multiple job positions, and where responsibilities are regularly rotated between personnel
Key
a variable in a cipher used to encrypt or decrypt a mesage.
3DES
acceptable form of DES, applies encryption 3 times
Sue double-majored in mathematics and statistics in college. She also enrolled in a number of finance courses. After graduation, she was hired by Econodeath Insurance Company. Her job is to calculate premium rates for life insurance coverages. Sue is a(n)
actuary
ABC Appliance offers a warranty requiring an annual fee. The warranty may be purchased at the time of sale or at any time within the first year after the appliance was purchased. The warranty fee after the date of purchase is twice the time-of-purchase fee. When asked why the fee was higher after the date of purchase, ABC's president said, "Buying a warranty is voluntary. We've noted that those who buy the warranty after the purchase date have a greater need for service." Charging the same rate or a lower rate after the date of purchase would expose ABC to what problem that also impacts private insurers?
adverse selection
Ashley opened an all-you-can-eat buffet restaurant. The cost per-person was based upon what Ashley believed an average restaurant patron would consume. The restaurant began to lose money. Ashley concluded that her patrons had "above average" appetites, and were attracted to her restaurant because they could eat as much as they wanted while being charged an average price. A similar phenomenon exists in insurance markets. This problem is called
adverse selection
The tendency for unhealthy people to seek life or health insurance at standard rates is an example of
adverse selection
the underwriting process begins with the
agent
Most insurance companies require their marketing representatives to submit an evaluation of the prospective insured. This important source of underwriting information is called the
agent's report
What will the netstat -a command option show ?
all listening and non listening sockets
Blowfish & Twofish
alternatives to DES, but AES is the designated replacement to DES
Defense-in-depth
an access control method which implements multiple access control methods instead of relying on a single method. Multiple defenses make it harder to bypass the security measures.
Which of the following defines an acceptable use agreement?
an agreement which identifies the employee's rights to use company property such as Internet access and Computer equipment for personal use
Huge Insurance Company is a property insurer that is interested in protecting itself against cumulative losses that exceed $200 million during the year. This protection can best be obtained using
an excess-of-loss reinsurance treaty
Discretionary Access List (DACL)
an implementation of discretionary access control (DAC).
Group
an object that identifies a set of users with similar access needs.
Permissions
apply to objects (files, folders, printers, etc.)
Linux command that acts as an interface to packages
apt-get
Which of the following commands will you choose to schedule the tasks to be executed later? Each correct answer represents a complete solution. Choose three.
at batch crontab
Which of the following commands list the user's pending jobs? Each correct answer represents a complete solution. Choose two.
atq at -l
Carelessness or indifference to a loss is an example of
attitudinal hazard
The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?
authority
Abandoning an existing loss exposure is an example of
avoidance
Bev lives in the suburbs and works downtown. She drives to work, and her most direct route to work would require her to pass through an area where car-jackings and drive-by-shootings are common. Bev does not drive through this area. Instead, she uses a route which adds 10 minutes to her commute. Which risk management technique is Bev using with respect to the risk of injury while driving through the dangerous area?
avoidance
What is the primary countermeasure to social engineering?
awareness
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?
back up all logs and audits regarding the incident
Which of the following is an important aspect of evidence gathering?
backing up all log files and audit trails
Which of the following constructs is used to completely exit a loop?
break
In business continuity planning, what is the primary focus of the scope?
business processes
Alpha Insurance Company insures a broad range of risks, including whatever is not covered by fire, marine, and life insurers. Which term best describes the wide range of risks written by Alpha Insurance?
casualty insurance
Execute the command to view the file that determines when your system's cron jobs will run.
cat /etc/crontab
Which of the following commands will you use to see the crontab file of the root?
cat /var/spool/cron/root
Which of the following commands can be used to set a password so that the user is required to change it every 30 days? Each correct answer represents a complete solution. Choose two.
chage passwd
What "chage" command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Enter the command as if at the command prompt.)
chage -M 60 -W 10 jsmith
What chage command should you use to set the password for jsmith to expire after 60 days and gives a warning 10 days before it expires?
chage -M 60 -W 10 jsmith
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?
chain of custody
What is the most important element related to evidence in addition to the evidence itself?
chain of custody document
As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?
collect and destroy all old plan copies
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do?
contact your customer to let them know of the security breach
A useful measure for an organization is the total of the organization's expenditures for treating loss exposures including retained losses, loss control expenses, insurance premiums, and other related expenses. This measure is called the organization's
cost of risk.
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?
create a checksum using a hashing algorithm
What represents risk retention used by insurance purchasers?
deductibles
Which of the following is the best protection against security violations?
defense in depth
To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?
delphi method
Which of the following is not a valid response to a risk discovered during a risk analysis?
denial
Need to know
describes the restriction of data that is highly sensitive and is usually referenced in gov't and military context.
The function of an actuary is to
determine premium rates
Which of the following commands is used to query DNS? Each correct answer represents a complete solution. Choose two.
dig nslookup
When informing an employee that they are being terminated, what is the most important activity?
disabling their network access
During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence?
disconnect the access point from the network
finger command
displays user information for users who are logged in
A risk that affects only individuals or small groups and not the entire economy is called a
diversifiable risk
Best practice
do not use su command. use sudo
When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?
document what's on the screen
When conducting a forensic investigation, which of the following initial actions is appropriate for preserving evidence?
document what's on the screen
Which of the following statements is true in regards to risk analysis? (Select two.)
dont implement a countermeasure if the cost is greater than loss; ARO identifies how often in a single year the successful threat attack will occur
Hashed Keyed Message Authentication Code (HMAC)
embes a symmetric key into a msg. befor the msg. is hashed. When received, the recipient's symmetric key is added back into the msg. before hashing the message.
Salespersons of a direct writer are considered to be
employees
Encrypting file system (EFS)
encrypts files and folders stored on NTFS partitions.
You are a network administrator over two Windows-based sites. You have almost 2000 employees with workstations and 64 servers that need to be more secure. You have decided to implement a Data Loss Prevention (DLP) solution to detect and stop breaches of sensitive data. You decide to implement e-mail and instant messaging communication controls so that messages that violate your organizations security policy are blocked at the workstation before being transmitted on the network. Which DLP solution should you implement?
endpoint DLP
Gina would like to buy a house. She will pay 10 percent of the cost of the house as a down payment and borrow the other 90 percent from a mortgage lender. The home will serve as collateral for the loan. The lender requires Gina to purchase property insurance on the home so that the collateral supporting the loan will be protected. This scenario illustrates which of the following benefits of insurance to society?
enhancement of credit
methods of noninsurance transfer
entering into a hold-harmless agreement, hedging risk using futures contracts, incorporating a business
A phrase that encompasses all of the major risks faced by a business firm is
enterprise risk
Katelyn was just named Risk Manager of ABC Company. She has decided to create a risk management program which considers all of the risks faced by ABC-pure, speculative, operational, and strategic-in a single risk management program. Such a program is called a(n)
enterprise risk management program
ABC Insurance retains the first $1 million of each property damage loss and purchases insurance for that part of any property loss that exceeds $1 million. The insurance for property losses above $1 million is called
excess insurance
You have asked su to become another user and fix problems with the user account. You want to revert back to your regular account. Which command should you use?
exit
ABC Insurance Company calculated the amount that it expected to pay in claims under each policy sold. Rather than selling the insurance for the amount it expected to pay in claims, ABC added an allowance to cover the cost of doing business, including commissions, taxes, and acquisition expenses. This allowance is called a(n)
expense loading
After logging into a remote system from a Linux computer running X, what would you type in your remote login session to have that system use your local computer's X display? Assume your local computer is called me.luna.edu.
export DISPLAY=me.luna.edu:0
To better understand her company's operations, a risk manager asked a production manager to draw a diagram tracing the steps in the production and distribution of the company's products. Such a diagram, which is useful in risk identification, is called a
flowchart
How to get Linux software
from package source lists
) Brian is a life insurance agent. He is licensed to represent one company and has been assigned a territory. In addition to marketing life insurance products in the territory, Brian is also responsible for recruiting, training, and motivating new agents for the company in his territory. Brian is a(n)
general agent
Which of the following is a form of casualty insurance?
general liability insurance
finger <username> command
get additional information about a user
Inland marine insurance provides coverage for
goods being shipped on land.
Which of the following commands is used to administer the /etc/gshadow file?
gpasswd
Assigning permissions to a group
grants those same permissions to all members of the group
Drag the file manipulation commands to match them with their functions.
grep: Locates files that contain specific strings. cut: Extracts text from fields in a file. sed: A stream editor used to perform basic text transformations on an input stream.
You are the administrator for a small company. You need to add a new group user, named sales, to the system. Which command will accomplish this?
groupadd sales
You need to execute a command to create a group, named students, in a Linux environment.
groupadd students
You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the ff. commands should you use?
groupdel temp_sales
Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the ff. commands will accomplish this?
groupmod -n marketing sales
Which of the following commands will you use to get the group information of a user named maria?
groups maria
Which of the following is a recommendation to use when a specific standard or procedure does not exist?
guideline
Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?
hashing
Steganography
hiding data or a msg. such that only the sender or recipient suspects that the hidden data exists.
Which of the following types of loss exposures are best handled by the use of avoidance?
high-frequency, high-severity
Which of the following is least likely to occur during a "hard" insurance market period?
higher insurer profits
Your site is dependent upon the use of the rlogin utility for remote access. For security reasons you want to prevent the hosts in the marketing department from accessing the payroll server but allow others to do so. Which file should you use to create this restriction?
hosts.deny
You want to add a printer using the Web-based administrative tools built into CUPS. Assuming the server is configured for this, what URL would you enter in a Web browser running on the server computer itself to accomplish this goal?
http://localhost:631
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He wants to set the current system time according to the Hardware clock time. Which of the following commands will he use to accomplish the task?
hwclock -s
Access Control List (ACL)
identifies users or groups who have specific security assignments to an object.
Cal was just hired as XYZ Company's first risk manager. Cal would like to employ the risk management process. The first step in the process Cal should follow is to
identify potential losses faced by XYZ Company
You are facing some network problems in your organization. You need to execute the commands to: Display information about your local network settings for all network interfaces. Print the routing table with numerical addresses. Check Internet connectivity and test the connection with www.ucertify.com. Bring down the local Ethernet connection.
ifconfig route -n ping www.ucertify.com ifconfig eth0 down
Which of the following commands will temporarily disable the first ethernet interface of a Linux computer?
ifconfig eth0 down
Which of the following commands will you use to bring a network interface down?
ifdown
Ryan decided to review his personal risk management program. His car is 10 years old, and he would receive little money from his insurer if the car was damaged or destroyed. Ryan decided to drop the physical damage insurance on the car. From a risk management perspective, dropping the physical damage insurance on the car is best described as
increasing the use of retention in the risk management program
) Sarah owns a property and liability insurance agency. She is authorized to represent several insurance companies and she is compensated by commissions. Sarah's agency owns the expiration rights to the business she sells. Sarah is a(n)
independent agent
Jenna opened a successful restaurant. One night, after the restaurant had closed, a fire started when the electrical system malfunctioned. In addition to the physical damage to the restaurant, Jenna also lost profits that could have been earned while the restaurant was closed for repairs. The lost profits are an example of
indirect loss
The extra expense incurred by a business to stay in operation following a fire is an example of a(n)
indirect loss
Mark has been an underwriter for 20 years. An application he recently reviewed looked odd to him. The building value in the application seemed far too high, and Mark suspected the applicant might be planning to destroy the property after it is insured. Mark contacted an outside firm and hired someone to investigate the applicant and to prepare a report about the applicant. This report is called a(n)
inspection report
Insurers obtain data which can be used to determine rates from
insurance advisory organizations
Scott works in property and liability insurance marketing. He legally represents insurance purchasers, rather than insurance companies. Scott is paid a commission on the insurance placed with insurers. Scott is a(n)
insurance broker
ABC Health Insurance Company sells health insurance in one state. Recently, that state's legislature passed a law forbidding health insurers from considering an individual's health history when selecting applicants to insure. This change in law will increase the possibility of unprofitable results for ABC. This type of hazard is an example of
legal hazard
Some characteristics of the judicial system and regulatory environment increase the frequency and severity of loss. This hazard is called
legal hazard
The characteristics of the judicial system that increase the frequency and severity of losses are known as
legal hazard
Bronson Casualty Company sells casualty insurance only. Which of the following coverages could you purchase from Bronson Casualty Company?
liability insurance
Ben is concerned that if he injures someone or damages someone's property he could be held legally responsible and required to pay damages. This type of risk is called a
liability risk
The chain of custody is used for what purposes?
listing people coming into contact with evidence
You are the only Linux administrator for a small company. Your are constantly asked to fix one problem or another as they occur. How should you log into the system each morning?
logon as a regular user then use su as needed to solve problems
Which of the following is the most common log rotation tool?
logrotate
Ross studied engineering in college. After graduation, he went to work for an insurance company. Ross visits properties insured by his company. He conducts inspections and makes recommendations about alarm systems, sprinkler systems, and building construction. In what functional area does Ross work?
loss control
The use of fire-resistive materials when constructing a building is an example of
loss control
Parker Department Stores has been hurt in recent months by a large increase in shoplifting losses. Parker's risk manager concluded that while the frequency of shoplifting losses was high, the severity is still relatively low. What is (are) the appropriate risk management technique(s) to apply to this problem?
loss control and retention
A situation or circumstance in which a loss is possible, regardless of whether a loss occurs, is called a
loss exposure
Following good health habits can be categorized as
loss prevention
You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. A printer is configured on the network. You want to see the status of a print queue. Which of the following commands will you use to accomplish the task?
lpq
You work as a Network Administrator for Net World Inc. The company has a Linux-based network. You have just configured a printer on a Linux server. You want to print a file named test. Which of the following commands will you use?
lpr test
Which of the following commands will you use to remove the job from a print queue?
lprm
You work as a Network Administrator for McNeil Inc. You want to remove a file from a print queue. Which of the following commands will you use to accomplish the task?
lprm
What is the primary goal of business continuity planning?
maintaining business operations with reduced or restricted infrastructure capabilities or resources
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first?
make a bit-level copy of the disk
An insurance policy specifically written and designed to meet the needs of an insurance purchaser is called a
manuscript policy.
Which of the following types of risks is normally uninsurable by private insurers?
market risks
The worst loss that could ever happen to a firm is referred to as the
maximum possible loss
When recovery is being performed due to a disaster, which services are to be stabilized first?
mission critical
Curt borrowed money from a bank to purchase a fishing boat. He purchased property insurance on the boat. Curt had difficulty making loan payments because he did not catch many fish, and fish prices were low. Curt intentionally sunk the boat, collected from his insurer, and paid off the loan balance. This scenario illustrates the problem of
moral hazard
Faking an accident to collect insurance proceeds is an example of a
moral hazard
LMN Insurance markets homeowners insurance. The LMN homeowners policy combines property and casualty insurance in the same contract. Insurance policies combining property and casualty coverage in the same contract are called
multiple-line policies
Your DNS server has IP address as 10.11.12.11. Which of the following lines will you add in the /etc/resolv.conf file?
nameserver
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?
negligence
Which command should you use to display both listening and non-listening sockets on your Linux system?
netstat -a
Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?
network DLP
When is a BCP or DRP design and development actually completed?
never
Which of the following commands is identical to the sendmail -bi command?
newaliases
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you locate open ports?
nmap
Which command should you use to scan for open TCP ports on your Linux system?
nmap -sT
Brad started a pest control business. To protect his personal assets against liability arising out of the business, Brad incorporated the business. Brad's use of the corporate form of organization to shield against personal liability claims illustrates
noninsurance transfer
Tyndal Products Company produces cereal. The company has entered into contracts to deliver 500,000 boxes of cereal during the next 18 months. The company is concerned that the prices of two ingredients, corn and wheat, may increase over the next 18 months. The company used grain futures contracts to hedge the price risk associated with these commodities. Tyndal's use of hedging illustrates which risk management technique?
noninsurance transfer
A restaurant owner leased a meeting room at the restaurant to a second party. The lease specified that the second party, not the restaurant owner, would be responsible for any liability arising out of the use of the meeting room, and that the restaurant owner would be "held harmless" for any damages. The restaurant owner's use of the hold-harmless agreement is an example of
noninsurance transfer.
The long-run relative frequency of an event based on the assumption of an infinite number of observations with no change in the underlying conditions is called
objective probability
ABC Insurance Company plans to sell homeowners insurance in five Western states. ABC expects that 8 homeowners out of every 100, on average, will report claims each year. The variation between the rate of loss that ABC expects to occur and the rate of loss that actually does occur
objective risk
DES
one of the first symmetric encryption methods = now obsolete
A pure risk is defined as a situation in which there is
only the possibility of loss or no loss.
Which of the following utilities can be used as a speech synthesizer? Each correct answer represents a complete solution. Choose two.
orca emacspeak
How to search for packages
packages.ubuntu.com
Barb, who is self-employed, is the main breadwinner for her family. Barb does not have disability income insurance because she has never stopped to consider the impact of a long-term disability upon her family. Barb's treatment of the risk of disability is best described as
passive retention
You suspect that the gshant user account is locked. Which command will show the status of user account? (Tip: Enter the command as if at the command prompt.)
passwd -S gshant
Which of the ff. utilities would you typically use to lock a user account? (Select two).
passwd, usermod
characteristics of insurance
payment of fortuitous losses, pooling of losses, indemnification, risk transfer
You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next?
perform a memory dump
An earthquake is an example of a
peril
Brenda identified all of the pure loss exposures her family faces. Then she analyzed these loss exposures, developed a plan to treat these risks, and implemented the plan. The process Brenda conducted is called
personal risk management
You need to allow Peter and Paul access to execute any programs in the sbin/ or /usr/sbin directories without needing su to root. Which command line is added to the sudoers file will work?
peter ,paul ALL = /sbin, /usr/sbin
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site?
phishing
Cathy's car hit a patch of ice on the road. The car skidded off the road and hit a tree. The presence of ice on the road is best described as a(n)
physical hazard
Dense fog that increases the chance of an automobile accident is an example of a
physical hazard
Mark owns a 1998 sedan. The last time Mark renewed his auto insurance, he decided to drop the physical damage insurance on this vehicle. How is Mark dealing with the auto physical damage exposure in his personal risk management program?
planned retention
Self-insurance is a form of?
planned retention
Which of the following is a high-level, general statement about the role of security in the organization?
policy
A group of farmers agreed that if any farmer suffered a property loss, the loss would be spread over the entire group. In this way, each farmer is responsible for the average loss of the group rather than the actual loss that the farmer sustained. Which characteristic of insurance is embodied in this agreement?
pooling of losses
By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized?
pretexting
What is the primary purpose of change control?
prevent unmanaged change
HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?
privacy
The worst loss that is likely to happen is referred to as the
probable maximum loss
Loss frequency is defined as the
probable number of losses that may occur during some period
Loss severity is defined as the
probable size of the losses which may occur during some period
Easy Pay Insurance Company may require insureds who suffer a loss to submit a sworn statement to substantiate that a loss occurred and to describe the conditions under which the loss occurred. This sworn statement is called a
proof of loss
The term "multiple-line insurance" is used to describe a type of insurance that combines which of the following coverages into a single contract?
property and casualty insurance
Which of the following types of risks best meets the requirements for being insurable by private insurers
property risks
Authentication using public and private key
public key - server private key - client Always generate key pairs locally!
The premature death of an individual is an example of a
pure risk
When analyzing assets, which analysis method assigns financial values to assets?
quantitative
) Liability Insurance Company (LIC) was approached by a regional airline to see if LIC would write the airline's liability coverage. LIC agreed to write the coverage and entered into an agreement with a reinsurer. Under the agreement, LIC retains 25 percent of the premium and pays 25 percent of the losses, and the reinsurer receives 75 percent of the premium and pays 75 percent of the losses. This reinsurance arrangement is best described as
quota-share reinsurance
Which of the following best describes the concept of due care or due diligence?
reasonable precautions, based on industry best practices, are utilized and documented
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?
rebooting the system
Apex Insurance Company wrote a large number of property insurance policies in an area where earthquake losses could occur. When the president of Apex was asked if she feared that a severe earthquake might put the company out of business, she responded, "Not a chance. We transferred most of that risk to other insurance companies." An arrangement by which an insurer that initially writes insurance transfers to another insurer part or all of the potential losses associated with such insurance is called
reinsurance
One method through which reinsurance is provided is through an organization of insurers that underwrites insurance on a joint basis. Through the organization, financial capacity is available for large commercial risks. This reinsurance arrangement is a(n)
reinsurance pool
Substitution cipher
replaces one set of characters with symbols or another character set
Low-frequency, low-severity loss exposures are best handled by
retention.
MLX Drug Company would like to market a new hypertension drug. While the Food and Drug Administration (FDA) was testing the drug, it discovered that the drug produced a harmful side effect. When MLX learned of the FDA's test result, MLX abandoned its plan to produce and distribute the drug. MLX's reaction illustrates
risk avoidance
In reviewing his company's operations, a risk manager noticed that all of the company's finished goods were stored in a single warehouse. The risk manager recommended that the finished goods be divided among three warehouses to prevent all of the finished goods from being destroyed by the same peril. Dividing the finished goods among three warehouses illustrates
risk control
From the insured's perspective, the use of deductibles in insurance contracts is an example of
risk retention
Members of Mid-South Petroleum Distributors, a trade group, had trouble obtaining affordable pollution liability insurance. The members formed a group captive that is exempt from many state laws that apply to other insurers. This group captive is called a(n)
risk retention group
Purchasing health insurance illustrates the use of which personal risk management technique?
risk transfer
You need to execute the command to display the routing table entries without the associated host names with IP addresses.
route -n
You are limiting the total amount of memory a user can use when they use the X Windows system. Which of the following limit keywords should you use?
rss
Which of the following commands is equivalent to the mailq command?
sendmail -bp
Who has the responsibility for the development of a security policy?
senior management
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow its client?
service level agreement
What is the effect of the following command? chage -M -60 -W 10 jsmith
sets the password for jsmith to expire after 60 days and gives warning 10 days before it expires.