pop
(p. 765) Which action is an example of transferring risk? A. Management purchases insurance for the occurrence of the risk. B. Management applies controls that reduce the impact of an attack. C. Management has decided to accept responsibility for the risk if it does happen. D. Management has decided against deploying a module that increases risk.
A
(p. 780) What is the first step in the general risk management model? A. Asset identification B. Threat assessment C. Impact determination and quantification D. Residual risk management
A
(p. 820) All accesses and privileges to systems, software, or data should be granted based on the principle of <blank>. A. least privilege B. role-based access C. minimum use D. activity-based access
A
(p. 826) In which CMMI-DEV maturity level are processes generally ad hoc and chaotic? A. Level 1: Initial B. Level 2: Managed C. Level 3: Defined D. Level 5: Optimizing
A
(p. 828) Which type of systems is one that fairly closely mimics the production environment, with the same versions of software, down to patch levels, and the same sets of permissions, file structures, and so on? A. Test B. Virtual C. Production D. Staging
A
(p. 837) Which statement applies to a low-impact exposure incident? A. A low-impact exposure incident only involves repairing the broken system. B. A low-impact exposure incident may result in significant risk exposure. C. A low-impact exposure incident require the highest level of scrutiny. D. A low-impact exposure incident can essentially be ignored.
A
(p. 837) Which term refers to a key measure used to prioritize actions throughout the incident response process? A. Information criticality B. Information scalability C. Footprinting D. Steganography
A
(p. 895) The term describes a series of digits near the beginning of the file that provides information about the file format. A. magic number B. hash C. index D. key
A
(p. 911) A law that is passed by a legislative branch of government is known as a(n) <blank>. A. statutory law B. administrative law C. common law D. blue law
A
(p. 670) Which TCP port does SMTP use by default? A. 25 B. 110 C. 143 D. 443
A
(p. 670) Which of the following is a primary e-mail protocol? A. SMTP B. SNMP C. P3OP D. MUA
A
(p. 687) In PGP, the content is encrypted with the generated <blank> key. A. symmetric B. asymmetric C. shared key D. elliptical
A
(p. 732) Which term refers to the process by which application programs manipulate strings to a base form, creating a foundational representation of the input? A. Canonicalization B. Obfuscation C. Injection D. Blacklisting
A
(p. 762) Which term refers to the possibility of suffering harm or loss? A. Risk B. Hazard C. Threat vector D. Threat actor
A
(p. 894) Clusters that are marked by the operating system as usable when needed are referred to as . A. free space B. slack space C. open space D. unused space
A
The two main places to filter spam are at the <blank>. A. host itself and the server B. firewall and the LAN C. proxy server and the LAN D. host itself and the firewall
A
(p. 883) What is a software bomb? A. A firework that destroys all the disks and CDs in your library B. Software that can destroy or modify files when commands are executed on the computer C. Screensavers that show fireworks going off D. Software trying to access a computer
B
(p. 912) What is the Convention on Cybercrime? A. A convention of black hats who trade hacking secrets B. The first international treaty on crimes committed via the Internet and other computer networks C. A convention of white hats who trade hacker prevention knowledge D. A bilateral treaty regulating international conventions
B
(p.787) Which statistical term is a representation of the frequency of the event, measured in a standard year? A. SLE B. ALE C. SRO D. ARO
B
Which term refers to the ability to distribute the processing load over two or more systems? A. High availability clustering B. Load balancing C. Infrastructure as a Service (IaaS) D. Single point of failure
B
(Not in book) Which port is used by SSMTP? A. TCP port 21 B. TCP port 443 C. TCP port 465 D. TCP port 80
C
(p. 670) . Which TCP port does IMAP use by default? A. 110 B. 25 C. 143 D. 443
C
(p. 822) Which form of configuration auditing verifies that the configuration item performs as defined by the documentation of the system requirements? A. Activity-based access control B. Configuration status accounting C. Functional configuration audit D. Physical configuration audit
C
(p. 823) Which process is responsible for planning, scheduling and controlling the movement of releases to test and live environments? A. Incident management B. Backout plan C. Release management D. Software engineering
C
(p. 826) In which CMMI-DEV maturity level does an organization establish quantitative objectives for quality and process performance and use them as criteria in managing projects? A. Level 2: Managed B. Level 3: Defined C. Level 4: Quantitatively Managed D. Level 5: Optimizing
C
(p. 871) Which service allows organizations to share cyberthreat information in a secure and automated manner? A. Cyber kill chain B. Cyber Observable eXpression (CybOX) C. Trusted Automated eXchange of Indicator Information (TAXII) D. Structured Threat Information eXpression (STIX)
C
(p. 878) Business records, printouts, and manuals are which type of evidence? A. Direct evidence B. Real evidence C. Documentary evidence D. Demonstrative evidence
C
(p. 878) Oral testimony that proves a specific fact with no inferences or presumptions is which type of evidence? A. Hearsay B. Real evidence C. Direct evidence D. Demonstrative evidence
C
(p. 884) Which of the following has the least volatile data? A. CPU storage B. RAM C. Hard disk D. Kernel table
C
(p. 911) Law that is based on previous events or precedents is known as <blank>. A. statutory law B. administrative law C. common law D. blue law
C
(p. 918) A principal reference for rules governing the export of encryption can be found in the <blank>. A. Bureau of Industry and Security B. U.S. Department of Commerce C. Export Administration Regulations D. State Department
C
(p. 778) Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure? A. Qualitative risk assessment B. Quantitative risk assessment C. Configuration management D. Change management
D
(p. 805) Which backup requires a small amount of space and is considered to have a complex restoration process? A. Partial B. Differential C. Incremental D. Delta
D
(p. 805) Which backup technique requires a large amount of space and is considered to have a simple restoration process? A. Delta B. Differential C. Incremental D. Full
D
(p. 657) Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection? A. Telnet B. SSH C. SNMP D. FTP
D
(p. 915) The Gramm-Leach-Bliley Act is a major piece of legislation that <blank>. A. implements the principle that a signature, contract, or other record may not be deleted B. denies legal effect, validity, or enforceability solely because it is electronic form C. makes it a violation of federal law to knowingly use another's identity D. affects the financial industry and contains significant privacy provisions for individuals
D
(p. 769) . Evidence that is convincing or measures up without question is known as A. Direct evidence B. Real evidence C. Documentary evidence D. Demonstrative evidence E. None of the above
E. Sufficient evidence
True or False: (Pg 667) A signed applet can be hijacked.
True
(p. 665) Which term describes a piece of code that is distributed to allow additional functionality to be added to an existing program? A. Plug-in B. Add-on C. Applet D. Certificate
B
(p. 669) Which attack is a code injection attack in which an attacker sends code in response to an input request? A. Cache poisoning B. Cross-site scripting attack C. Man-in-the-middle D. Buffer overflow
B
(p. 681) One of the steps that the majority of system administrators running Internet e- mail servers have taken to reduce spam is to shut down <blank>. A. spam filters B. mail relaying C. e-mail attachments D. Outlook Express
B
(p. 721) What does the term spiral method refer to? A. A newer method of code signing B. A software engineering process category C. An obsolete way to stress test a program D. The recommended method to provision a system
B
(p. 724) Which phase of the secure development lifecycle model is concerned with minimizing the attack surface area? A. Coding phase B. Design phase C. Requirements phase D. Testing phase
B
(p. 788) Which calculated value determines the threshold for evaluating the cost/benefit ratio of a given countermeasure? A. SLE B. ALE C. SRO D. ARO
B
(p. 792) Which term refers to the path or tool used by an attacker to attack a target? A. Baseline monitor B. Threat vector C. Configuration scanner D. Target actor
B
(p. 803) <blank> substitutions in the event that the primary person is not available to fulfill their assigned duties? A. Risk assessment B. Succession planning C. Business continuity planning D. Business impact analysis
B
(p. 810) Which alternative site is designed to be operational within a few days? A. Hot site B. Warm site C. Cold site D. Reciprocal site
B
(p. 810) Which alternative site is partially configured, usually having peripherals and software, but perhaps not the more expensive main processing components? A. Hot site B. Warm site C. Cold site D. Reciprocal site
B
(p. 811) Which item should be available for short-term interruptions, such as what might occur as the result of an electrical storm? A. Backup emergency generator B. Uninterruptible power supply (UPS) C. Cloud computing service D. RAID 6 disk storage with parity duplication
B
(p. 817) Which strategy has the goal of defining the requirements for business continuity? A. Business continuity plan (BCP) B. Recovery time objective (RTO) C. Disaster recovery plan (DRP) D. Recovery point objective (RPO)
B
(p. 822) Which change management phase ensures that only approved changes to a baseline are allowed to be implemented? A. Configuration auditing B. Configuration control C. Configuration identification D. Configuration status accounting
B
(p. 825) Which report documents changes or corrections to a system? A. System process report B. System problem report C. Segregated software report D. System progress report
B
(p. 853) Which attack type is common, and to a degree, relatively harmless? A. Port flooding B. Port scan C. Buffer overflow D. SQL injection
B
(p. 879) Which of the following rules applies to evidence obtained in violation of the Fourth Amendment of the Constitution? A. Best evidence rule B. Exclusionary rule C. Hearsay rule D. Evidentiary rule
B
(p. 852) . How is quarantine accomplished? A. With the erection of firewalls that restrict communication between machines B. By rebooting the infected machine as many times as needed C. By encrypting the infected data on the network's hard drive D. With periodic patches of the infected systems
A
(p. 914) Which law makes it a crime to knowingly access a computer that is either considered a government computer or used in interstate commerce, or to use a computer in a crime that is interstate in nature? A. Computer Fraud and Abuse Act B. Stored Communications Act C. CAN-SPAM Act D. Sarbanes-Oxley Act
A
(p. 919) The Wassenaar Arrangement can be described as a(n) <blank>. A. international arrangement on export controls for conventional arms and dual-use goods and technologies B. international arrangement on import controls and unconventional arms C. rule governing encryption and decryption in the United States D. rule governing interstate trade and accessibility in the United States
A
(p. 837) What are the two components comprising information criticality? A. Data location and data classification B. Quantity of data involved and data location C. Data classification and the quantity of data involved D. Impact on the core business process and its location
C
(p. 839) In an "old school" attack, which step is a listing of the systems and vulnerabilities to build an attack game plan. A. Scanning B. Footprinting C. Enumeration D. Pilfering
C
(p. 840) Which term refers to the targeting of specific steps of a multistep process with the goal of disrupting the overall process? A. Scanning B. Footprinting C. Kill chain D. Indicator of compromise (IOC)
C
(p. 870) What are the three states of the data lifecycle in which data requires protection? A. In storage, during encryption, and during backup B. During processing, during encryption, and during deletion C. In storage, in transit, and during processing D. During identification, during encryption, and during backup
C
Which RAID configuration, known as byte-striped with error check, spreads the data across multiple disks at the byte level with one disk dedicated to parity bits? A. RAID 1 B. RAID 2 C. RAID 3 D. RAID 4
C
Which term refers to refers to the predicted average time that will elapse before failure (or between failures) of a system? A. Mean time to restore B. Mean time to recovery C. Mean time to failure D. Recovery point objective
C
(p. 659) What application is associated with TCP Ports 989 and 990? A. SSL/TLS 3.0 B. SPOP3 C. SFTP D. FTPS
D
(p. 665) Which term is a means of signing an ActiveX control so that a user can judge trust based on the control's creator? A. Side-jacking B. Server side scripting C. Cross-site scripting D. Authenticode
D
(p. 728) In which phase of the secure development lifecycle model would you employ use cases? A. Coding phase B. Design phase C. Requirements phase D. Testing phase
D
(p. 747) Which term refers to the process of checking whether the program specification captures the requirements from the customer? A. Data exposure B. Static analysis C. Verification D. Validation
D
(p. 747) Which type of testing involves running the system under a controlled speed environment? A. Fuzz testing B. Penetration testing C. Stress testing D. Load testing
D
(p. 814) Which plan defines the data and resources necessary and the steps required to restore critical organizational processes? A. Succession plan B. Business impact analysis (BIA) C. Business continuity plan (BCP) D. Disaster recovery plan (DRP)
D
(p. 821) Which term refers to the process responsible for managing the lifecycle of all incidents? A. Incident management B. Configuration management C. Release management D. Change management
D
(p. 868) Which indicator of compromise (IOC) standard is a method of information sharing developed by MITRE? A. Structured Threat Information eXpression (STIX) B. Incident Object Description Exchange Format (IODEF) C. OpenIOC D. Cyber Observable eXpression (CybOX)
D
(p. 900) <blank> is a branch of digital forensics dealing with identifying, managing, and preserving digital information that is subject to legal hold. A. Clustering B. Partitioning C. Litigation holding D. E-discovery
D
(p. 915) Which law overhauled the financial accounting standards for publicly traded firms in the United States? A. Computer Fraud and Abuse Act B. Stored Communications Act C. CAN-SPAM Act D. Sarbanes-Oxley Act
D
Which RAID configuration, known as block-striped with error check, is a commonly used method that stripes the data at the block level and spreads the parity data across the drives? A. RAID 2 B. RAID 3 C. RAID 4 D. RAID 5
D
True or False: (Can't find anything about this?) Certificates vouch for code security.
False
True or False: (P 818) Change management should only be used in the quality assurance (QA) phase of a system's life.
False
True or False: (P 820) Since developers create and enhance programs, they should be able to install these programs on the production system.
False
True or False: (P 825) Most large enterprises rely on a paper-based system problem report (SPR) process.
False
True or False: (P. 769) A control classified as preventative has to be known by a person in order to be effective.
False
True or False: (P. 781) For an intangible impact, assigning a financial value of the impact is easy.
False
True or False: (P. 782) All risks need to be mitigated or controlled.
False
True or False: (P. 836) Incident response is strictly an information security operation.
False
True or False: (P. 842) Large organizations typically have the resources to protect everything against all threats.
False
True or False: (P. 850) Detecting that a security event is occurring or has occurred is an easy matter.
False
True or False: (P. 870) All data is equally important, and it is equally damaging in the event of loss.
False
True or False: (P. 895) Changing a file's extension will alter the contents of a file.
False
True or False: (P. 909) Check fraud is an example of computer-based fraud that deals with Internet advertising.
False
True or False: (P. 912) Computer trespass is only treated as a crime in the United States.
False
True or False: (Pg 805) The archive bit is cleared in a differential backup.
False
True or False: (p. 878) Oral testimony that proves a specific fact is considered real evidence.
False
True or False: (p. 879) Evidence offered by the witness that is not based on the personal knowledge of the witness—but is being offered to prove the truth of the matter asserted—falls under the exclusionary rule.
False
True or False: (p. 879) Relevant evidence must be convincing or measure up without question.
False
True or False: (p. 887) When performing forensics on a computer system you should use the utilities provided by that system.
False
True or False: (pg 721) The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.
False
True or False: (pg 725) Least privilege refers to removing all controls from a system.
False
True or False: (pg 727) The generation of a real random number is a trivial task.
False
True or False: (pg 735) Buffer overflow is one of the most common web attack methodologies.
False
True or False: (pg 748) Compilers create runtime code that can be executed via an interpreter engine, like a Java virtual machine (JVM), on a computer system.
False
True or False: When analyzing computer storage components, the original system should be analyzed.
False
True or False: (P. 901) Both forensics and e-discovery are secondary processes from a business perspective.
True
True or False: (P. 915) The PATRIOT Act permits the Justice Department to proceed with its rollout of the Carnival program, an eavesdropping program for the Internet.
True
True or False: (P. 919) Export control rules for encryption technologies fall under the Wassenaar Arrangement.
True
True or False: (P. 922) The DMCA protects the rights of recording artists and the music industry.
True
True or False: (Pg 802) A major focus of the disaster recovery plan (DRP) is the protection of human life.
True
True or False: (Pg 811) The interruption of power is a common issue during a disaster.
True
True or False: (p. 895) The space that is left over in a cluster is called slack space.
True
True or False: RAID increases reliability through the use of redundancy.
True
(p 790) Which management tool is used for identifying relationships between a risk and the factors that can cause it? A. Baseline identification and analysis B. Cause and effect analysis C. Cost/benefit analysis D. Risk management plan
B
(p. 638) What term refers to the process of assessing the state of an organization's security compared against an established standard? • A. Pen testing • B. Auditing • C. Vulnerability testing • D. Accounting
B
(p. 652) Which cryptographic protocols can be used by SSL/TLS? A. HTTPS and SSMTP B. Diffie-Hellman and RSA C. RC4 and 3DES D. MD5 and SHA-1
B
(p. 659) When using Secure FTP (SFTP) for confidential transfer, what protocol is combined with FTP to accomplish this task? A. Secure Sockets Layer (SSL) B. Secure Shell (SSH) C. Transport Layer Security (TLS) D. Secure Hyper Text Transfer Protocol (HTTPs)
B
(p. 672) Which protocol allows the exchange of different kinds of data across text-based e- mail systems? A. MTA B. MUA C. MIME D. MDA
C
(p. 674) Unsolicited commercial e-mail is known as . A. Hoax e-mail B. Worm C. Spam D. Spork
C
(p. 676) What was the primary reason for the spread of the ILOVEYOU worm? A. Network firewalls failed. B. Systems did not have the appropriate software patch. C. Automatic execution, such as Microsoft Outlook's preview pane. D. Virus scan software was not updated.
C
(p. 754) What tool is the protocol/standard for the collection of network metadata on the flows of network traffic? A. Sniffer B. Penetration test C. NetFlow D. NetStat
C
(p. 766) Which term refers to a risk that remains after implementing controls? A. Unsystematic risk B. Systematic risk C. Residual risk D. Control
C
(p. 781) Which event is an example of a tangible impact? A. Breach of legislation or regulatory requirements B. Loss of reputation or goodwill (brand damage) C. Endangerment of staff or customers D. Breach of confidence
C
(p. 788) If you have a farm of five web servers and two of them break, what is the exposure factor (EF)? The exposure factor is the percentage of an asset's value that is at risk. A. 0 percent B. 20 percent C. 40 percent D. 100 percent
C
(p. 819) Which term refers to a preapproved change that is low risk, relatively common and follows a procedure or work instruction? A. Change B. Reserve change C. Standard change D. Emergency change
C
True or False: (P. 789) The impact of an event is a measure of the actual loss when a threat exploits a vulnerability.
True
True or False: (P. 790) Usually risk management includes both qualitative and quantitative elements.
True
True or False: (P. 855) Recovery is the returning of the asset into the business function.
True
True or False: (P. 884) A physical hard disk drive will persist data longer than a solid state drive.
True
True or False: (P. 887) There is no recovery from data that has been changed.
True
True or False: (P. 900) Major legal awards have been decided based on failure to retain information.
True
True or False: (P 825) Executable code integrity can be verified using host-based intrusion detection systems.
True
True or False: (P 829) Virtualization can be used as a form of sandboxing with respect to an entire system.
True
