Simplilearn Test 2

How many encryption keys must be fully protected while using an asymmetric cryptography with 20 participants? SELECT THE CORRECT ANSWER 20 40 190 380

20 In an asymmetric cryptography, only the private keys need to be protected. Public keys must be shared publicly.

In IPsec, what is the minimum number of security associations (SA) required while using both AH and ESP protocols between two communicating hosts? SELECT THE CORRECT ANSWER 2 4 6 8

4 A security association (SA) is a one-way connection between two communicating parties; thus, two SAs are required for each pair of communicating hosts. Additionally, each SA supports only a single protocol (AH or ESP). Therefore, using both an AH and an ESP between two communicating hosts will require a total of four SAs.

Which of the following statements is true about compiled and interpreted programs? SELECT THE CORRECT ANSWER Source code is not available for interpreted program. A compiled program runs faster than an interpreted program. A compiled program compiles code during runtime. An interpreted program generates an executable file.

A compiled program runs faster than an interpreted program. A compiled program is faster to run than an interpreted program, but it takes more time to compile and run a program than to just interpret it.

Which of the following best describes the IP protocol? SELECT THE CORRECT ANSWER A connectionless protocol that deals with dialog establishment, maintenance, and destruction A connectionless protocol that deals with the addressing and routing of packets A connection-oriented protocol that deals with the addressing and routing of packets A connection-oriented protocol that deals with sequencing, error detection, and flow control

A connectionless protocol that deals with the addressing and routing of packets The IP protocol is connectionless and works at the network layer. It adds source and destination addresses to a packet as it goes through its data encapsulation process. IP can also make routing decisions based on the destination address.

What type of evidence consists of tangible objects from the actual crime, such as a computer equipment, a keyboard with fingerprints on it, or a hard drive from a hacker's computer system? SELECT THE CORRECT ANSWER Direct evidence Real evidence Hearsay evidence Corroborative evidence

A real evidence consists of tangible or physical objects. A knife or a bloody glove might constitute real evidence in some traditional criminal proceedings. However, with most computer incidents, real evidence is commonly made up of physical objects such as hard drives, DVDs, USB storage devices, or printed business records.

Which of the following are the fundamental components of a trusted computing base (TCB)? SELECT THE CORRECT ANSWER All trusted policies, standards, and procedures All trusted hardware, software, and firmware components All trusted kernel and operating system components All trusted users and software components

All trusted hardware, software, and firmware components The TCB contains and controls all protection mechanisms within the system, whether they are software, hardware, or firmware.

Which of the following is the primary objective of business process outsourcing? SELECT THE CORRECT ANSWER Optimizing business processes Increasing the automation of business processes Realigning business processes with business strategy Allowing the enterprise to focus on core competencies

Allowing the enterprise to focus on core competencies Outsourcing of business processes to a third-party allows the enterprise to focus on its core competencies.

Which of the following provides evidence that an entity is in fact who they claim to be? SELECT THE CORRECT ANSWER Authentication Authorization Federation Identification

Authentication Authentication provides proof of the identification of an entity to an acceptable degree of certainty based on policy or regulation. Authorization, done after successful authentication, is the process of granting a user access to data or functions within an application and is based on the role or approved needs of the user. Federation is an authentication system that uses external identity providers; it will accept authentication tokens for users without requiring the user to create an account with the actual application. Identification is part of the authentication process.

Elevation of privilege, as it relates to enforcing controls in software development, is a violation of: SELECT THE CORRECT ANSWER Confidentiality Non-repudiation Authentication Authorization

Authorization A user account with limited power is transformed into an account with greater privileges, powers, and access.

What type of password cracking attack will ALWAYS be successful? SELECT THE CORRECT ANSWER Dictionary attack Brute-force attack Rainbow-table attack Side-channel attack

Brute-force attack Brute-force cracking, in which a computer tries every possible key or password until it succeeds

Which of the following would not be used to determine the classification of data? SELECT THE CORRECT ANSWER Metadata PII Creator Business requirement

Business requirement The future use or intended use of data should have no bearing on the classification of it. The classification of data should be based on the sensitivity of the data, any regulatory requirements, and the potential risks and costs associated with compromise. Applications and services that intend to use data must adapt their security controls and policies to the classification of the data. The data should not be classified based on the demands or needs of specific applications or users.

Which of the following can be considered both a detective and a deterrent control? SELECT THE CORRECT ANSWER CCTV Mantrap Faraday cage Spam filter

CCTV CCTV can act as both a detective and a deterrent control. The others are examples of preventive controls.

Which of the following communication protocols is not used in Storage area network (SAN)? SELECT THE CORRECT ANSWER iSCSI (IP-based SCSI) Fibre Channel Protocol (FCP, SCSI over Fibre Channel) FCoE (Fibre Channel over Ethernet) CIFS (Common Internet File System)

CIFS (Common Internet File System) Server Message Block (SMB), one version of this was also known as Common Internet File System (CIFS), operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

Which communication is used to quickly communicate news of an event and coordinate recovery throughout an organization without overburdening any specific person? SELECT THE CORRECT ANSWER Interactive voice response (IVR) Email Call Tree Public announcement system

Call Tree Call tree outlines who should be contacted, in what order, and who is responsible for doing the calling.

Your company has just been served with an eDiscovery order to collect event data and other pertinent information from your application during a specific period of time and to be used as potential evidence for a court proceeding. Which of the following, apart from ensuring that you collect all pertinent data, would be the most important consideration? SELECT THE CORRECT ANSWER Encryption Chain of custody Compression Confidentiality

Chain of custody When a company is dealing with eDiscovery orders, the chain of custody is extremely important as it pertains to official legal proceedings. The chain of custody documents the information about everyone who has had possession of the data, the format of the data, and the reasons. For data to be admissible for legal proceedings, the chain of custody is vital in showing that nothing has been tampered with and that everyone in possession of the data can be questioned and investigated if needed.

An administrator can set operating parameters that allow a pre-determined number of failed logon attempts to be accepted before a user is locked out. This number is know as: SELECT THE CORRECT ANSWER Maximum Tolerable Downtime Clipping level Violation level Minimum security baseline

Clipping level The pre-determined number of acceptable user errors before recording the error as a potential security incident is referred to as clipping level.

Unauthorized disclosure of US government's _______ information would cause damage but not serious or grave damage to national security. SELECT THE CORRECT ANSWER Top Secret Secret Confidential Classified

Confidential Confidential information is information that, if compromised, could cause damage to national security. Confidential information is the lowest level of classified government information.

Which of the following would not be part of an audit scope statement? SELECT THE CORRECT ANSWER Deliverables Cost Certifications Exclusions

Cost Cost would not be part of an audit scope statement. The audit scope statement covers the breadth and depth of the audit, as well as the timing and toolsets used to conduct it. Cost is not part of the audit scope at this level, nor part of the planning and discussion between management and the auditors. The deliverables, exclusions, and certifications covered or required are all part of the audit scope statement.

Which of the following describes an SYN flood attack? SELECT THE CORRECT ANSWER Rapid transmission of Internet Relay Chat (IRC) messages Creating a high number of half-open connections Disabling the Domain Name Service (DNS) server Excessive list linking of users and files

Creating a high number of half-open connections An attacker performs an SYN flood attack by opening multiple half-open connections and not responding to any SYN_ACK packets.

Annual Loss Expectancy and ROI are expressed in: SELECT THE CORRECT ANSWER Currency and percentage Percentage and level of risk Cost of security and percentage Percentage and cost savings

Currency and percentage ALE is potential loss measured in financial terms, and ROI is percentage return on what was invested.

Which of the following is not an example of converged protocol? SELECT THE CORRECT ANSWER MPLS (Multiprotocol Label Switching) FCoE (Fibre Channel over Ethernet) DNP3 (Distributed Network Protocol) VoIP (Voice over Internet Protocol)

DNP3 (Distributed Network Protocol) DNP3 (Distributed Network Protocol) is a multilayer protocol that is purpose-built for some type of specialized communications need. Multilayer protocols have their own schemes for encapsulation, just like TCP/IP itself.

Who is responsible for data content and business rules within an organization? SELECT THE CORRECT ANSWER Data owner Data custodian Data steward Data curator

Data steward The data steward is responsible for overseeing data content and ensuring that applicable policies are applied to access controls. The data steward is also responsible for ensuring that appropriate approvals have been obtained before access is granted.

Multi-factor authentication is most closely related to ________ security design principle. SELECT THE CORRECT ANSWER Separation of Duties Defense in depth Dual control Fail secure

Defense in depth Having more than one way of authentication provides for a layered defense. This is the premise of the defense in depth security design principle.

Which of the following is not a responsibility of a data owner? SELECT THE CORRECT ANSWER Determining classification levels for assigned assets Delegating day-to-day accountability and functions to a custodian maintaining inventories and accounting for assigned assets Determining intellectual property rights of assets

Delegating day-to-day accountability and functions to a custodian Data owner can delegate day-to-day responsibility (but not accountability) and functions to a custodian.

Which common threat, which an organization could be totally unaware of at the time, could lead to a direct financial cost without loss of reputation or privacy exposure? SELECT THE CORRECT ANSWER Data breach Denial of service Social engineering Salami attack

Denial of service A denial-of-service attack could lead to direct financial costs for a customer, without data exposure.

Which of the following is not part of the OWASP Top 10 list? SELECT THE CORRECT ANSWER Cross-site scripting Injection Denial of service Broken Authentication

Denial of service Denial of service is not listed as a threat in OWASP Top 10

Which of the following is a means of restricting access to objects based on the identity of subjects and/or groups to which they belong, as mandated by the requested resource owner? SELECT THE CORRECT ANSWER Attribute Based Access Control (ABAC) Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role Based Access Control (RBAC)

Discretionary Access Control (DAC) In Discretionary Access Control (DAC), the access control depends on the owner's discretion and authorization granted to the users.

Which water sprinkler system is best used in colder climates? SELECT THE CORRECT ANSWER Wet pipe Dry pipe Pre-action Deluge

Dry pipe When exposed to low temperatures, the water in the pipes can freeze and expand, which may lead to pipes getting damaged. Hence, a dry pipe system that contains compressed air is more useful.

Apart from annual testing, when would it be most crucial for a BCDR plan to undergo additional testing? SELECT THE CORRECT ANSWER Immediately after a disaster During major configuration changes to an application When new staff is hired During a change in encryption keys

During major configuration changes to an application Major configuration changes to an application should entail new BCDR testing. Any major configuration change or update represents a significant shift in an environment, and, as such, proper testing is needed to ensure that all BCDR implementations and procedures are both still valid and still work as intended. The changes mentioned in the other answer choices are either minor or personnel changes that would not require new comprehensive testing.

Which expression is used to describe the process where a person is provided with sufficient temptation so that they make their own decision to perform illegal or unauthorized actions? SELECT THE CORRECT ANSWER Enticement Coercion Entrapment Encouragement

Enticement Entrapment is the act of encouraging an individual to become involved in a crime that the individual may have had no intention of committing. Coercion involves forcing or intimidating an individual to testify or confess. Enticement involves tempting an individual into providing evidence or into leading another party to it.

Which of the following is not a core component of an SIEM solution? SELECT THE CORRECT ANSWER Correlation Aggregation Escalation Compliance Correct Option:C

Escalation Escalation is the process of moving issues or alerts along a predefined path to others responsible for remediation and action if those prior to them in the chain do not respond. This is done to bring the issues to the attention of management. While SIEM solutions can trigger alerts based on predefined conditions, the full workflow of escalation is handled by an external tool or application, and the role of the SIEM solution would be the initial identification and alert.

Which backup method provides a baseline for systems to restore? SELECT THE CORRECT ANSWER Full backup Incremental backup Differential backup Tape backup

Full backup Full backup method provides a baseline for systems to Restore; the full backup must be done at least once regardless of the method you are using to make backups.

Which of the following is NOT a requirement for a Gigabit ethernet (GbE) network? SELECT THE CORRECT ANSWER Gigabit-capable switch or routers Gigabit-capable NIC Gigabit-capable RJ-45 connecter Cat5e, Cat6 or higher network cable

Gigabit-capable RJ-45 connecter A gigabit network requires that every part of the network must be gigabit-capable. Network devices provide the same RJ-45 connection type whether their Ethernet ports support 10/100 (Fast) or 10/100/1000 (Gigabit) connections.

Which protocol is commonly used by attackers for network reconnaissance, device discovery, and denial-of-service (DoS) attacks? SELECT THE CORRECT ANSWER ICMP (Internet Control Message Protocol) VoIP (Voice over Internet Protocol) SLIP (Serial Line Internet Protocol) EIGRP (Enhanced Interior Gateway Routing Protocol)

ICMP (Internet Control Message Protocol) ICMP is a Network Layer protocol that is used for network control and diagnostics. Commonly used ICMP commands include ping and traceroute. Although ICMP is very helpful in troubleshooting routing and connectivity issues in a network, it is also commonly used by attackers for network reconnaissance, device discovery, and denial-of-service (DoS) attacks (such as an ICMP flood).

The major benefit of information classification is that it allows users to: SELECT THE CORRECT ANSWER Meet regulatory requirements Determine security baseline Identify vulnerabilities and threats Identify the appropriate level of protection needs

Identify the appropriate level of protection needs The purpose of information classification is to ensure that personnel are aware of the sensitivity and handling requirements of a piece of information.

Which model indicates that for federated identity management, every organization must individually certify every other participating organization? SELECT THE CORRECT ANSWER Trusted third party model Cross-certification model Bridge model Once in unlimited access model

In Cross-certification model, every organization must individually certify every other participating organization

Data classification is a core activity that is conducted as part of: SELECT THE CORRECT ANSWER Key Management Lifecycle Information Lifecycle Management Configuration Management Problem Management

Information Lifecycle Management Data classification is the conscious effort to assign a level of sensitivity to data assets based on potential impact upon disclosure, alteration, or destruction. The results of the classification exercise can then be used to categorize the data elements into appropriate buckets. Data classification is part of information lifecycle management.

Interface testing can involve all of the following, except? SELECT THE CORRECT ANSWER Physical interfaces, such as keyboard, mouse, or display Application programming interfaces (APIs) Transaction processing gateways Input validation

Input validation Interface testing focuses on the interface between different systems and components. It ensures that functions (such as data transfer and control between systems or components) perform correctly and as expected. Interface testing also verifies that execution errors are properly handled and do not expose any potential security vulnerabilities.

Parity bit checking mechanisms CANNOT be used for: SELECT THE CORRECT ANSWER Error detection Data reconstruction Integrity assurance Input validation

Input validation Parity bit checking is primarily used for error detection, but it can be used for assuring the integrity of transferred files and messages.

Risk transfer is often associated to what type of service? SELECT THE CORRECT ANSWER Banking Insurance Inspection Auditing

Insurance The transfer of risk occurs when an organization gets another entity to assume liability for all or some of the impact and loss as a result of a successful exploit. The most common example of this kind of transfer is through the use of insurance to cover any losses.

Which of the key aspects of security is concerned with ensuring that data is in its intended format and has not been altered? SELECT THE CORRECT ANSWER Confidentiality Integrity Availability Privacy

Integrity Integrity is the main security principle concerned with data being accurate and in its intended form. This allows the data to be considered trustworthy throughout its entire lifecycle, ensuring that it has not been altered in an unauthorized manner or by an unauthorized party.

Which of the following is a primary consideration for the software publisher when selling Commercially Off the Shelf (COTS) software? SELECT THE CORRECT ANSWER Service Level Agreements (SLAs) Intellectual property protection Cost of customization Review of the code for backdoors and trojan

Intellectual property protection All of the other options are considerations for the software acquirer (purchaser).

Which of the following is not a routing protocol? SELECT THE CORRECT ANSWER Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF) Internet Protocol (IP) Border Gateway Protocol (BGP)

Internet Protocol (IP) Routing protocols are defined at the Network Layer and specify how routers communicate with one another on a WAN. Internet Protocol (IP) contains addressing information that enables packets to be routed. IP is part of the TCP/IP (Transmission Control Protocol/Internet Protocol) suite, which is the language of the Internet.

If there is an intruder through a window, which physical security will help detect the intrusion? SELECT THE CORRECT ANSWER Mantrap Intrusion alarm Cipher-lock Faraday cage

Intrusion alarm When a burglar picks a lock or climbs through an open window, door and window intrusion sensors sound the alarm-doing everything from emitting a loud siren to triggering your home security system to sending you an alert on your smart phone.

Which of the following are attributes of cloud computing? SELECT THE CORRECT ANSWER Minimal management effort and shared resources High cost and unique resources Rapid provisioning and slow release of resources Limited access and service provider interaction

Minimal management effort and shared resources Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Which password policy prevents users from cycling through their previous passwords to get back to a preferred one? SELECT THE CORRECT ANSWER Password complexity Password history Minimum password age Minimum password length

Minimum password age The minimum password age policy setting determines the period of time (in days) a password must be used before the user can change it. This prevents users from cycling through their previous passwords to get back to a preferred one.

In Biba model, what does * (star) integrity axiom mean? SELECT THE CORRECT ANSWER No Read Up No Write Down No Read Down No Write Up

No Write Up The * (star) Integrity Property states that a subject at a given level of integrity must not write to data at a higher level of integrity (write down).

Which of the following is NOT a transition technology that gives full IPv6 connectivity to IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network? SELECT THE CORRECT ANSWER Teredo 6to4 ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) OSPF (Open Shortest Path First)

OSPF (Open Shortest Path First) Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks.

Which of the following methods is commonly used to ensure that data removed from a cloud system is not recoverable? SELECT THE CORRECT ANSWER Deletion Degaussing Overwriting Shredding

Overwriting is a common method used to ensure that removed data is no longer accessible in a cloud environment by replacing valid and sensitive data with random data, null values, or repeating data so that it cannot be read. Simple deleting only removes pointers to data and not the data itself, and degaussing and shredding are physical media destruction techniques that would not be available within a cloud environment.

Which of the following must not be used in a multifactor authentication system along with a password? SELECT THE CORRECT ANSWER RSA token PIN Retina scan Fingerprint

PIN A PIN falls under the same category as a password, which is something the user knows, so it cannot be used as part of a multifactor authentication system if the password was the other factor.

Which of the following is NOT a regulatory law for data privacy? SELECT THE CORRECT ANSWER Payment Card Industry - Data Security Standard (PCI-DSS) Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health (HITECH) Act General Data Protection Regulation (GDPR)

Payment Card Industry - Data Security Standard (PCI-DSS) The Payment Card Industry Data Security Standard (PCI DSS) is not a regulatory law but an information security standard for organizations that handle branded credit cards from the major card schemes.

Which of the following is the BEST way to ensure that a tape backup can be recovered in its entirety? SELECT THE CORRECT ANSWER Restore a random file. Perform a full restore. Perform a differential restore. Perform an incremental restore.

Perform a full restore. Performing a full restore is the only way to ensure that a backup can be recovered in its entirety.

Which of the following issues would be the greatest concern from a regulatory standpoint of using a cloud provider for a BCDR solution? SELECT THE CORRECT ANSWER Physical location of stored data Scalability Self-service Interoperability

Physical location of stored data Physical location of stored data would be the most important concern from a regulatory standpoint due to different jurisdictions and requirements.

Which of the following characteristics are associated with biometric authentication? SELECT THE CORRECT ANSWER Physical and administrative Physiological and ethical Physical and technical Physiological and behavioral

Physiological and behavioral Biometrics, based on individuals' physiological and behavioral characteristics, is one of the most effective and accurate methods of verifying identification.

Which of the following types of virus can change their own signature at the time of infection and cannot be detected by the signature-based antivirus? SELECT THE CORRECT ANSWER Multipartite Polymorphic Stealth Encrypted

Polymorphic viruses have the ability to change their own signature at the time of infection. These viruses are very complicated and are difficult to detect. Polymorphic viruses cannot be detected by signature-based antivirus.

Which layer in the OSI layer is responsible for data compression and data encryption? SELECT THE CORRECT ANSWER Application layer Presentation layer Session layer Transport layer

Presentation layer Presentation layer is the second-last layer in the OSI model responsible for services like data compression, encryption, decryption, and data conversion.

What is the most important security reason for centralizing log collection? SELECT THE CORRECT ANSWER Minimize storage needs on hosts Prevent log manipulation or deletion on a host Encrypt logs that contain sensitive information Ensure immediate response for eDiscovery requests

Prevent log manipulation or deletion on a host Preventing log manipulation or deletion on a host is the main reason for log aggregation. Sending or copying the logs from hosts into a central system prevents those with system or administrative access on host servers from altering the logs to cover traces of unauthorized access or the wholesale deletion of logs.

Audit logs can be used for all of the following except: SELECT THE CORRECT ANSWER Providing evidentiary information Preventing a user from performing some unauthorized operations Assuring that the user cannot deny their actions Detecting the actions that were undertaken

Preventing a user from performing some unauthorized operations Audit log information can be a detective control and a deterrent control when the users know that they are being audited, but it cannot prevent any unauthorized actions.

Which of the following is the greatest disadvantage of preventive control when compared to a detective control? SELECT THE CORRECT ANSWER Preventive controls are more expensive to implement. Preventive controls sometimes prevent desired outcome. Preventive controls are more difficult to implement. Preventive controls are not very useful during cyber forensics.

Preventive controls sometimes prevent desired outcome. Preventive control can result in false positives and prevent a desired outcome (for example, IPS blocking a legitimate traffic).

What is the major concern raised by the usage of biometric devices for authentication? SELECT THE CORRECT ANSWER Cost Regulatory compliance Privacy Performance

Privacy The collection of biometric identifiers raises privacy concerns about the ultimate use of this information.

Which of the following is not a component of a digital certificate? SELECT THE CORRECT ANSWER Public key Digital signature Private key Serial number

Private key The private key must never be shared.

Which of the following concepts is focused on preventing potential issues from occurring within a system or process? SELECT THE CORRECT ANSWER Continuity management Availability management Incident management Problem management

Problem management Problem management is focused on preventing issues from occurring within a system or process in a proactive manner. Incident management is focused on the response and mitigation of problems or incidents after they have occurred; this is done in a reactionary manner. Continuity management is focused on the resiliency or restoration of services after an unexpected outage or event, and availability management is focused on meeting SLA requirements for performance and availability of systems.

To mitigate the threats identified during a penetration testing, ABC Corp has decided to change the firewall to another vendor's product. Which document would see the most changes? SELECT THE CORRECT ANSWER Policy Procedure Guideline Baseline

Procedure is a tactical document that changes with every different product.

Which of the following is known to circumvent the ring protection mechanisms in operating systems? SELECT THE CORRECT ANSWER Cross Site Request Forgery (CSRF) Injection Rootkit Buffer overflow

Rootkit Kernel-mode rootkits are based on an advanced technique to hide the rootkit using operating system kernel components. Kernel-mode rootkits modify the kernel. This can change the kernel behavior to circumvent the ring protection and enforce certain stealth capabilities to hide malicious activities, for example, a keystroke code logger.

Which one of the following best describe ethics? SELECT THE CORRECT ANSWER Actions set forth by religion Laws of professional conduct Regulations set forth by a professional organization Rules of personal behavior

Rules of personal behavior Ethics are the principles and values used by an individual to govern their actions and decisions.

Which of the following cloud categories would allow for the LEAST amount of customization by the cloud customer? SELECT THE CORRECT ANSWER IaaS PaaS SaaS CaaS

SaaS Software as a Service allows the least amount of customization by the cloud customer. With the entire system and application under control of the cloud provider, the cloud customer will only have minimal options for customization, which are typically limited to branding or the selection of default options or settings.

The Center for Internet Security is the primary recognized industry-standard for secure configuration guidance. It develops comprehensive, consensus-derived checklists to help identify and mitigate known security vulnerabilities across a wide range of platforms. Adopting and customizing only those CIS benchmarks relevant to your organization requirements would involve: SELECT THE CORRECT ANSWER Baselining and tailoring Scoping and tailoring Baselining and scoping Scoping and customizing

Scoping and tailoring Scoping involves selecting only those controls from a list of general recommendations that is relevant for a specific environment or an organization. Tailoring involves customizing and altering details from the selected general recommendations to meet the specific requirements of an environment or an organization.

The token that is PRIMARILY used for authentication purposes in a Single Sign (SSO) implementation between two different companies is: SELECT THE CORRECT ANSWER Kerberos Security Assert Markup Language (SAML) SESAME (Secure European System for Applications in a Multi-vendor Environment) Digital certificate

Security Assert Markup Language (SAML) The Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication, and authorization across different systems.

What is the main objective of software-defined networking (SDN)? SELECT THE CORRECT ANSWER Make networking dependent on the operating system of the host and leverage its utilities. Separate the filtering of network traffic and administration from the actual transport of network traffic. Allow different operating systems to seamlessly communicate with each other. Use software to create virtual networks instead of relying on physical network cabling.

Separate the filtering of network traffic and administration from the actual transport of network traffic. The main objective of SDN is to separate the filtering of network traffic and administration from the actual transport of network traffic. This allows management to be performed from portals and API calls, rather than by networking specialists. Toolsets and provisioning systems can access and modify network capabilities that are specific to customer needs, without impacting the underlying actual routing and network transport of packets.

The main purpose of a service level agreement (SLA) is to: SELECT THE CORRECT ANSWER Set expectations between users and providers Ensure IT system resilience Minimize risk and ensure increased productivity Control IT service costs

Set expectations between users and providers A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end user that defines the level of service expected from the service provider.

Which of the following is not a key component of a data archiving strategy? SELECT THE CORRECT ANSWER Format Technologies Testing Size

Size The size of archives is not a key component of a data archiving strategy. The main driving components of a data archiving strategy deal with the format of the archives, the technologies used with the archiving, and the ongoing and successful testing of restoration abilities.

When reviewing a database table, Bob notices that a flag is used to indicate that a record must be deleted. This method of data deletion is referred to as: SELECT THE CORRECT ANSWER Logical deletion Soft deletion Link deletion Flag deletion

Soft deletion is to mark a record in a database for deletion or to temporarily prevent it from being selected. In order to actually delete the record, a "hard" delete or "permanent" delete function must be performed.

What impact can access to a source code repository have on security? SELECT THE CORRECT ANSWER Source code respository improves security because more people can look for issues. Source code respository can reveal the configuration settings. Source code respository security can be compromised and publicly leaked. Source code respository does not impact security. Only executable code that actually runs can impact security.

Source code respository security can be compromised and publicly leaked. It can compromise security, and access should be limited. Not only can security be compromised by someone with direct access, but it can also lead to source code being leaked publicly.

What does the S in the STRIDE model refer to? SELECT THE CORRECT ANSWER Spoofing Security Sensitive SAML

Spoofing The S in STRIDE stands for spoofing identity." This involves a user being able to assume the identity of another user to use that user's level of authorization to access functions or data

Which type of test evaluates the security of a software, without running it, by analyzing either the source code or the compiled application using automated tools? SELECT THE CORRECT ANSWER Dynamic Static Manual Fuzzing

Static Static tests are done with knowledge of the system and security configurations, typically with the source code. This enables testers to perform on an offline system comprehensive analyses (such as scans of source code and evaluation of the coding and security mechanisms in place) that would not be possible from external tests without such knowledge. Tests can be directed to the specific protocols and technologies used rather than applying general tests or having to discover what is being used.

Which of the following is a covert mechanism that assures confidentiality? SELECT THE CORRECT ANSWER Encryption Steganography Masking Hashing

Steganography Encryption and Hashing are overt mechanisms to assure confidentiality. Masking is an obfuscating mechanism to assure confidentiality. Steganography, which involves hiding information within other media, is a covert mechanism to assure confidentiality. Steganography is more commonly referred to as invisible ink writing and is the art of camouflage or hidden writing; the information is hidden, and the existence of the message itself is concealed. Steganography is primarily useful for covert communications and is useful and prevalent in military espionage communications.

What kind of data is best used in security testing to ensure that the system meets the real world security requirements? SELECT THE CORRECT ANSWER Synthetic data that follows real patterns Synthetic data with random patterns Live data in its entirety Live data with sensitive information stripped out

Synthetic data that follows real patterns Synthetic data is created algorithmically to mimic real world data, and it is used as a stand-in for test datasets. Production data must never be used for security testing as it presents an additional security risk. As test data, test systems, and test networks are often open to access by someone who could compromise that data, and having it brings no real benefit.

Which of the following protocols work in the following layers: application, data link, network, and transport? SELECT THE CORRECT ANSWER FTP, ARP, TCP, and UDP SMTP, ICMP, IP, and UDP TFTP, ARP, IP, and UDP HTTP, RARP, IP, and ICMP

TFTP, ARP, IP, and UDP TFTP (application), ARP (data link), IP (network), and UDP (transport).

Which protocol is the current default and industry standard for encrypting traffic across a network? SELECT THE CORRECT ANSWER TLS SSL IPsec DNSSEC

TLS Transport Layer Security (TLS) is the standard protocol used for sending encrypted traffic over a network between two parties. It has replaced SSL, which is no longer considered secure enough for general usage. TLS supports much stronger and more robust encryption ciphers.

Which of the following best describes the use of the password generated by a synchronous token device? SELECT THE CORRECT ANSWER The password must be used within a variable time interval. The password must be used within a fixed time interval. The password is not dependent upon time. The password is of variable length.

The password must be used within a fixed time interval. Synchronous dynamic password tokens continuously generate a new password or passcode at a fixed time interval. Typically, the passcode is valid only during a fixed time interval and only for a single logon.

What is the most important decision an organization needs to make when implementing Role Based Access Control (RBAC)? SELECT THE CORRECT ANSWER Two-factor authentication needs to be implemented. The roles users have on the system need to be clearly defined. Each user's security clearance label needs to be finalized. Each user needs to be provided with more privileges than required to do their job.

The roles users have on the system need to be clearly defined. Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. An employee's role in an organization determines the permissions that the individual is granted and ensures that lower-level employees can't access sensitive information or perform high-level tasks.

What is a major security risk with Type 2 hypervisors that does not exist with Type 1 hypervisors? SELECT THE CORRECT ANSWER They have slower release of security patches. They have a proprietary platform controlled by a single vendor. They rely on a small number of coding platforms. They run on top of another operating system

They run on top of another operating system As Type 2 hypervisors run on top of another operating system rather than being tied directly to the hardware, there is a major security risk. This potentially subjects the hypervisors to security exploits or issues the underlying operating system may have. Type 1 hypervisors do not have this issue as they are tied directly to the hardware and do not rely on security patching and configurations of an external software package.

In a single sign-on system, what is passed between systems to verify the user's authentication? SELECT THE CORRECT ANSWER Tokens Tickets Certificates Credentials

Tokens Tokens are passed between systems. This enables the relying parties or service providers to verify to the identity provider that a user has been authenticated, as well as to obtain encoded information about the user to determine specific access.

Requiring the end user to accept the AS-IS disclaimer clause before the installation of the software is an example of risk _____. SELECT THE CORRECT ANSWER Acceptance Avoidance Transference Mitigation

Transference When an AS-IS disclaimer clause is used, the risk is transferred from the publisher of the software to the user of the software.

Two users on the same system have the same password, but different hashes are stored in the database file. What is the most likely reason that the hashes are different? SELECT THE CORRECT ANSWER The usernames are different, so the hashes will be different. Hashing algorithms generate random values. Use of rainbow table Use of salts

Use of Salts Salt is random data that is concatenated with a password and hashed to generate a unique value. Salts defend against dictionary attacks or against their hashed equivalent, a pre-computed rainbow table attack.

Which networking concept allows for segregation and isolation of systems? SELECT THE CORRECT ANSWER VLAN WAN LAN MAN

VLAN A VLAN allows for network isolation in a cloud environment by establishing virtual network segments with their own IP space and firewall settings. These are segregated from other network segments.

Which of the following security devices would enable a system to filter out attacks, such as SQL injection, before they reach the application servers? SELECT THE CORRECT ANSWER Proxy firewall Intrusion detection system (IDS) Data Loss Prevention (DLP) Web application firewall (WAF)

WAF A WAF sits in front of an application and has the capability to analyze and apply policies to incoming traffic and transactions based on their content. A very common use for a WAF is to detect and block common security threats such as injection attacks or cross-site scripting attacks. A firewall is used to deny or allow network traffic based solely on the source, destination, and port of the packets and does not perform analysis of the packets or have the ability to inspect the packets for content.

When is a security guard the better choice for a physical access control mechanism rather than automated controls? SELECT THE CORRECT ANSWER When discriminating judgment is required When the security budget is low When CCTV is not available When intrusion detection is required

When discriminating judgment is required Security guards provide discriminating judgement, insight, and 'people skills' needed in the security job.

When is it acceptable to not take action on an identified risk? SELECT THE CORRECT ANSWER When the risk cannot be fully mitigated When the cost of countermeasure is more than the asset value When the single loss expectancy (SLE) is less than the annualized loss expectancy (ALE) Never (good security practice addresses and reduces all risks)

When the cost of countermeasure is more than the asset value Companies may decide to accept the risk if the cost of countermeasure is more than the asset value.

Which of the following is not a fundamental question addressed by data retention policy? SELECT THE CORRECT ANSWER What data do we keep? How long do we keep this data? Who will keep this data? Where do we keep this data?

Who will keep this data? The data retention policy should address what data to keep, where to keep it, how to store it, and for how long to keep it.

The process of removing private information from sensitive datasets is referred to as: SELECT THE CORRECT ANSWER Normalization Anonymization Sanitization Encryption

anonymization Data anonymization is the process of either encrypting or removing personally identifiable information from datasets, so that the people whom the data describes remain anonymous.

Which type of encryption should be used to secure sensitive data at rest and data in motion? SELECT THE CORRECT ANSWER RC4 at rest and SSL in motion DES at rest and TLS in motion 3DES at rest and SSL in motion AES at rest and TLS in motion

AES at rest and TLS in motion RC4, DES, 3DES, and SSL are insecure algorithms, hence should not be used to encrypt sensitive data.

Organization mission statements: SELECT THE CORRECT ANSWER Are very specific and provide specific goals and objectives Provide everyone in the organization overall direction and focus for their activities Are designed to meet legal and regulatory requirements Are tactical plans put together by senior management

Provide everyone in the organization overall direction and focus for their activities The mission statement provides an overall focus and direction from which specific goals and objectives are developed.

Which type of assessment is based on observations and documentation rather than data and numbers? SELECT THE CORRECT ANSWER Quantitative Observatory Qualitative Documentary

Qualitative A qualitative assessment is based on a review of documentation in regard to system design, policies, and procedures. It is not based on hard numbers or data in the way that a quantitative assessment is.

Which of the following RAID configurations is expensive, complex, and rarely implemented? SELECT THE CORRECT ANSWER RAID 1 RAID 2 RAID 5 RAID 10

RAID 2 stripes data at the bit (rather than block) level and uses a Hamming code for error correction. It is rarely used for commercial purpose because it cannot handle simultaneous requests, is complex to implement, and is expensive.

Which of the following is based on the fact that it is hard to factor large numbers into two original prime numbers? SELECT THE CORRECT ANSWER Diffie-Hellman AES RSA ECC

RSA The RSA algorithm's security is based on the difficulty of factoring large numbers into their original prime numbers. This is a one-way function. It is easier to calculate the product than it is to identify the prime numbers used to generate that product.

When there is a security breach or disaster, business operations need to be restored to service levels within a certain period of time in order to avoid unacceptable consequences associated with a break in business continuity. This time span is known as: SELECT THE CORRECT ANSWER Maximum Tolerable Downtime (MTD) Mean Time Between Failure (MTBF) Mean Time To Repair (MTTR) Recovery Time Objective (RTO)

Recovery Time Objective (RTO) The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.

Maximum Tolerable Downtime (MTD) is comprised of: SELECT THE CORRECT ANSWER Recovery Point Objective (RPO) and Work Recovery Time (WRT) Recovery Time Objective (RTO) and Work Recovery Time (WRT) Recovery Time Objective (RTO) and Mean Time to Repair (MTTR) Recovery Point Objective (RPO) and Mean Time to Repair (RTO)

Recovery Time Objective (RTO) and Work Recovery Time (WRT) The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD). It defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences.

Which algorithm was selected by NIST to replace DES as the AES? SELECT THE CORRECT ANSWER Lucifer Rijndael Serpent IDEA

Rijndael Rijndael algorithm developed by Joan Daemen and Vincent Rijmen was selected to be used in AES.

Which of the following risk response options is pursued when an enterprise continues its operations after a significant risk has been identified? SELECT THE CORRECT ANSWER Risk transfer Risk acceptance Risk mitigation Risk avoidance

Risk acceptance Some risks may be accepted. In some cases, it is cheaper to leave an asset unprotected due to a specific risk rather than make the effort (and spend the money) required to protect it. This cannot be an ignorant decision. The risk must be considered, and all options must be considered before accepting the risk.