Simplilearn Test 5
_______ is a trial and error method to obtain passwords for user accounts by using different combination of characters. SELECT THE CORRECT ANSWER Brute force attack Spoofing attack Man-in-the-middle attack Denial-of-service attack
Brute force attack A brute force attack is a trial and error method to obtain passwords for user accounts by systematically trying every possible combination of letters, numbers, and symbols.
What type error cannot be detected by automated functional testing? SELECT THE CORRECT ANSWER Business logic error Runtime error Input validation error Buffer overflow error
Business logic error Automated systems cannot detect business logic errors, for which humans are typically necessary.
Fuzzing is an example of ____________. SELECT THE CORRECT ANSWER White Box testing Black Box testing Grey Box testing Orange box testing
Black Box testing Fuzzing is an example of black box testing.
One-time pads have been used throughout history to protect extremely sensitive communications. What is the MAJOR issue in the widespread use of a one-time-pad? SELECT THE CORRECT ANSWER Weak encryption used Susceptible to man-in-the-middle attack Extensive training required for both sender and receiver Both the sender and receiver must have an identical pad
Both the sender and receiver must have an identical pad The major obstacle to the widespread use of one-time pads is the difficulty of generating, distributing, and safeguarding the lengthy keys required. The sender and receiver must be perfectly synchronized such that both use the same pad.
Which of the following best describes the difference between white-box testing and black-box testing? SELECT THE CORRECT ANSWER White-box testing is performed by an independent programmer team Black-box testing uses the bottom-up approach White-box testing examines the program's internal logical structure Black-box testing involves the business units
White-box testing examines the program's internal logical structure White-box testing is used to examine the program's internal structure in details.
What is the default subnet mask for a class B network? SELECT THE CORRECT ANSWER 255.0.0.0 255.255.0.0 255.255.255.0 255.255.255.255
255.255.0.0 Class B networks holds 2^16 hosts, and its default subnet mask is 255.255.0.0
ARP and RARP map between which of the following? SELECT THE CORRECT ANSWER 32-bit hardware address and 128-bit IPv6 address 32-bit IPv4 address and 128-bit IPv6 address 32-bit hardware address and 48-bit IPv4 address 32-bit address in IPv4 and 48-bit hardware address
32-bit address in IPv4 and 48-bit hardware address An Ethernet address is a 48-bit address that is hard-wired into the NIC of the network node. ARP matches up the 32-bit IP address with this hardware address, which is technically referred to as the Media Access Control (MAC) address or the physical address.
How many hosts are possible in the network 192.168.1.3/23? SELECT THE CORRECT ANSWER 254 256 510 512
510 Network bits: 23 Host bits: 9 No of hosts = 2^9-2 = 510
Which of the following is a disadvantage of single sign-on? SELECT THE CORRECT ANSWER Consistent time-out enforcement across platforms A compromised password exposes all authorized resources Use of multiple passwords to remember Password change control
A compromised password exposes all authorized resources Since only one password is used to access all the services, a compromised password exposes all the authorized resources.
Of the statements given, which statement best describes a botnet? SELECT THE CORRECT ANSWER A network used solely for internal communications An automatic security alerting tool for corporate networks A group of dispersed, compromised machines controlled remotely for illicit reasons A type of trojan horse
A group of dispersed, compromised machines controlled remotely for illicit reasons "Bots" and "botnets" are most insidious implementations of unauthorized, remote control of compromised systems.
System reliability is increased by: SELECT THE CORRECT ANSWER A lower MTBF and a lower MTTR A higher MTBF and a lower MTTR A lower MTBF and a higher MTTR A higher MTBF and a higher MTTR
A higher MTBF and a lower MTTR Each device has a Mean Time Between Failure (MTBF) and a Mean Time To Repair (MTTR). The MTBF estimate is used to determine the expected lifetime of a device or when an element within that device is expected to give out. The MTTR value is used to estimate the time it will take to repair the device and get it back into production.
What is the first step of the qualitative scenario procedure? SELECT THE CORRECT ANSWER The team prepares its findings and presents them to management A scenario is written to address each identified threat Business unit managers review the scenario for a reality check The team works through each scenario by using a threat, asset and safeguard
A scenario is written to address each identified threat A scenario is written to address each identified threat.
Which of the following BEST describes a session key and a secret key in Kerberos? SELECT THE CORRECT ANSWER A session key is a dynamic key whereas a secret key is a static key A session key is a static key whereas a secret key is a dynamic key A session key is used to encrypt a secret key A secret key is used to hash a secret key
A session key is a static key whereas a secret key is a dynamic key In Kerberos, a session key is a dynamic key that is generated when needed, shared between two principals, then destroyed when it is no longer needed. A secret key is a static key that is used to encrypt a session key.
Which of the following BEST describes frequency analysis? SELECT THE CORRECT ANSWER A study of the occurrences of letters in a ciphertext A full brute force method to discover the key used in the encryption process A hybrid method to discover the key used in the encryption process A study of the occurrences of letters in a plaintext
A study of the occurrences of letters in a ciphertext In cryptanalysis, frequency analysis (also known as counting letters) is the study of the frequency of letters or groups of letters in a ciphertext. These patterns have the potential to be exploited in a ciphertext-only attack.
The principle by which a specific action can be associated to the individual is known as ___________. SELECT THE CORRECT ANSWER Authenticity Accountability Authorization Identification
Accountability Accountability is a principle by which specific action can be traced back to an individual.
Which of the options listed below is an example of a security mechanism that fits the description 'the ability to prevent certain aspects of a class or software component from being accessible to its clients, using either programming language features or an explicit exporting policy'? SELECT THE CORRECT ANSWER Layering Data hiding Cryptographic protections Abstraction
Abstraction Abstraction involves the removal of characteristics from an entity in order to easily represent its essential properties.
A company manufacturing food and drug products was found to market adulterated products. This resulted in health complications and hospitalization of many people. It was also established that the officers in that company were aware of the issue but chose to ignore it. The officers in that company could be liable under which of the following laws? SELECT THE CORRECT ANSWER Administrative Administrative, civil Administrative, criminal law Administrative, civil, criminal law
Administrative, civil, criminal law The officers in the company could be liable under administrative, civil, or even criminal law if they were aware of the issue but chose to ignore it to keep profits up.
Which of the following best describe the function of a Security Event Management (SEM) service? SELECT THE CORRECT ANSWER Gathers firewall logs for archiving Aggregates logs from security devices and application servers looking for suspicious activity Reviews access controls logs on servers and physical entry points to match user system authorization with physical access permissions Coordination software for security conferences and seminars
Aggregates logs from security devices and application servers looking for suspicious activity SEM service consolidates the logs into a single database and then correlates events looking for clues to unauthorized behaviors that would be otherwise inconclusive if observed in a single log file.
Single Loss Expectancy (SLE) is best described as: SELECT THE CORRECT ANSWER An algorithm that represents the magnitude of a loss to an asset from a threat An algorithm that expresses the annual frequency with which a threat is expected to occur An algorithm used to determine the monetary impact of each occurrence of a threat An algorithm that determines the expected annual loss to an organization from a threat
An algorithm used to determine the monetary impact of each occurrence of a threat The SLE represents only the estimated monetary loss of a single occurrence of a specified threat event.
What type of data sanitization method describes a process of either encrypting or removing personally identifiable information from data sets to an irreversible form? SELECT THE CORRECT ANSWER Pseudonymization Anonymization Prison sentence, financial restitution, financial penalty Financial penalty, prison sentence, financial restitution Prison sentence, financial penalty, financial restitution
Anonymization Prison sentence, financial restitution, financial penalty Punishments for violating criminal law include community service, fines, prison sentence, or death penalty. Civil penalties provide financial restitution to the victim. Violations of administrative laws may result in financial penalties and/or imprisonment
An incident is defined as ____________. SELECT THE CORRECT ANSWER Any event on the system Any event that has the potential to adversely impact the business or its assets The probability of an event having a negative impact on the IT infrastructure or architecture An inherent design flaw in a system or model that may effect its functioning
Any event that has the potential to adversely impact the business or its assets Incidents are defined as events that have negative outcomes affecting the confidentiality, integrity, or availability of your data.
The best countermeasure against new threats of malicious code objects exploiting known vulnerabilities, is to: SELECT THE CORRECT ANSWER Update antivirus definitions monthly Install anti-worm filters on the proxy server Apply security patches as they are released Prohibit Internet use on the corporate network
Apply security patches as they are released Security patches released by the vendors fix the new vulnerabilities identified in the software. It is one of the best countermeasures since most of the malwares try to compromise the system using these vulnerabilities.
What is the first step of the vulnerability assessment process? SELECT THE CORRECT ANSWER Defining and implementing ways to minimize the consequences if an attack occurs Identifying the vulnerabilities or potential threats to each resource Asset or resource identification Assigning quantifiable level of importance to those resources
Asset or resource identification Asset or resource identification is the first step of the vulnerability assessment process
Which property of database transactions follows "all or nothing" rule? SELECT THE CORRECT ANSWER Atomicity Consistency Isolation Durability
Atomicity Atomicity (database systems) is a property of database transactions which are guaranteed to either completely occur, or have no effects.
An AAA server is a server program that handles user requests for accessing computer resources. AAA stands for _________. SELECT THE CORRECT ANSWER Accounting , Authentication and Authorization Authentication, Accounting and Authorization Authentication, Authorization and Accounting Authorization, Authentication and Accounting
Authentication, Authorization and Accounting AAA stands for Authentication, Authorization and Accounting
Which process determines that the entity is trusted for a given purpose? SELECT THE CORRECT ANSWER Authorization Authentication Identification Accounting
Authorization Authorization determines who is trusted for a given purpose. More precisely, it determines whether a particular principal, who has been authenticated as the source of a request to do something, is trusted for that operation. Authorization may also include controls on the time at which something can be done (e.g. only during working hours) or the computer terminal from which it can be requested (e.g. only the one on the system administrator desk).
Surveys, interviews, and audits are all examples of ways to measure what important part of the organization's security posture? SELECT THE CORRECT ANSWER Attack surfaces Service vulnerabilities Awareness Code quality
Awareness Surveys, interviews, and audits are all useful for assessing security awareness amongst employees.
Which of the following statement BEST describes the difference between security awareness and training? SELECT THE CORRECT ANSWER Awareness has long-term impact Awareness focuses on why Awareness changes user behavior They are one and same thing
Awareness changes user behavior Training provides the necessary knowledge and makes the candidate learn about the fixed machineries; whereas awareness is about embedding the knowledge and changing the behavior
Which type of intellectual property covers the expression of ideas rather than the ideas themselves? SELECT THE CORRECT ANSWER Trademark Patent Copyright Trade secret
Copyright A copyright covers the expression of ideas rather than the ideas themselves.
What is defined as inference of information from other intermediate, relevant facts? SELECT THE CORRECT ANSWER Secondary evidence Conclusive evidence Hearsay evidence Circumstantial evidence
Circumstantial evidence Circumstantial evidence is any evidence that requires some reasoning or inference in order to prove a fact. This type of evidence is sometimes referred to as "indirect evidence," and it may have more than one explanation or lead to more than one conclusion.
Which software development approach is BEST used for high-quality and mission-critical applications that will be put through a strict certification process? SELECT THE CORRECT ANSWER Joint Application Development (JAD) Cleanroom Agile Waterfall
Cleanroom The Cleanroom software engineering is a process for developing and certifying high-reliability software which is achieved by integrating formal methods for specification and design, nonexecution-based program development, and statistically based independent testing.
What is it called when using the same transformation algorithm but with different keys, when a plaintext message generates identical ciphertext message? SELECT THE CORRECT ANSWER Confusion Clustering Collision Diffusion
Clustering Key clustering, in cryptography, is when two different keys that generate the same ciphertext from the same plaintext by using the same cipher algorithm. A good cipher algorithm, using different keys on the same plaintext, should generate a different ciphertext irrespective of the key length.
Which of the following is INCORRECT about Common Criteria (CC)? SELECT THE CORRECT ANSWER Common Criteria evaluations are performed on computer security products and systems Common Criteria provides a numerical rating describing the depth and rigor of an evaluation Common Criteria certificate guarantees security of the tested products Common Criteria evaluation process is very time consuming and expensive
Common Criteria certificate guarantees security of the tested products Common Criteria certification cannot guarantee security, but it can provide assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous and standard manner at a level that is commensurate with the target environment for use.
Which of the following determines the integrity of a forensic bit stream image? SELECT THE CORRECT ANSWER Comparing hash totals to the original source Keeping good notes Taking pictures Using digital watermark
Comparing hash totals to the original source Integrity can be checked by comparing hash totals to the original source.
In public key cryptography, a message is encrypted using the recipient's public key, and the recipient's private key is used to decrypt the message. This process ensures which tenet of information security? SELECT THE CORRECT ANSWER Confidentiality Integrity Availability Authenticity
Confidentiality In public key encryption, when a message is encrypted with a recipient's public key, it can only be decrypted by the recipient's private key. This ensures confidentiality of the message.
A distinctive feature by which the activity that does not violate any integrity constraints during its execution is known as: SELECT THE CORRECT ANSWER Atomicity Consistency Isolation Durability
Consistency A distinctive feature by which the activity that does not violate any integrity constraints during its execution is known as definition of consistency.
XYZ Corporation has found that their employees are consistently tailgating into the data center. What should be done first to stop this practice? SELECT THE CORRECT ANSWER Create a visitor log Install biometric access control Install a proximity card reader Create a access control policy
Create a access control policy A clear and communicated policy to outline permitted and improper behaviors is the first step to control the behavior of the employees.
What type of attack occurs when an application takes user input data and sends it to a web browser without proper validation and escaping? SELECT THE CORRECT ANSWER Session Hijacking SQL Injection Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF)
Cross Site Scripting (XSS) Cross-Site Scripting (XSS) attack occurs when an application includes untrusted data in a web page without proper validation or escaping.
___ processes data but does not control the data and cannot change the purpose or use of the particular set of data. SELECT THE CORRECT ANSWER Data controller Data processor Data owner Data custodian
Data processor A data processor processes data on behalf of the data controller but does not control the data and cannot change the purpose or use of the particular set of data.
_____ means a legal entity who either alone or jointly determines the purposes for which and the manner in which any personal data is, or is to be processed. SELECT THE CORRECT ANSWER Data controller Data processor Data owner Data custodian
Data controller A data controller is the legal entity "who either alone, or jointly, determines the purpose for and manner in which personal data is, or will be, processed".
A bank contracts a market research company to carry out market research for a new product. The bank leaves it to the research company to determine sample sizes, interview methods, and presentation of results. The latter is an example of a ______ SELECT THE CORRECT ANSWER Data controller Data processor Data steward Data researcher
Data controller The research company is a data controller as it determines the methodology for processing personal data.
In order to comply with GDPR, who is ultimately responsible for protecting the confidentiality and integrity of the data? SELECT THE CORRECT ANSWER Data controller Data processor EU member state Supervisory Authority (SA)
Data controller To be able to demonstrate compliance with the GDPR, the data controller must implement measures which meet the principles of data protection by design and by default.
Which phase is not included in the Software Development Life Cycle when compared to the System Development Life Cycle? SELECT THE CORRECT ANSWER Decommissioning/Disposal Startup/Requirements Development/Construction Operational Testing
Decommissioning/Disposal The SDLC commonly ends approximately at the time of system implementation. The SDLC continues through to the decommissioning or start of a new SDLC with a major modification of the system.
One of the main risks associated with VOIP may be _____________. SELECT THE CORRECT ANSWER Use of non-standard protocols Denial of Service attacks Loss of data Noise and interference
Denial of Service attacks The use of the network for voice communications will also render the voice network, subject to denial of service attacks.
A review of an operator's shift logs can be identified by what type of control? SELECT THE CORRECT ANSWER Deterrent Detective Recovery Mandatory
Detective A review of an operator's shift logs can be identified by detective control.
What is the MOST difficult challenge in protecting Intellectual Property (IP) worldwide? SELECT THE CORRECT ANSWER Difficulty in identifying IP violations Usage of peer-to-peer and tor networks Differing interpretations of laws Lack of IP law awareness amongst citizens
Differing interpretations of laws Different countries vary in the extent to which they protect intellectual property and enforce intellectual property regulations.
Reciprocal agreements between independent organizations for backup processing capability are rarely used primarily because of: SELECT THE CORRECT ANSWER Lack of successful recoveries using reciprocal agreements Legal liability of the host site in the event that the recovery fails Dissimilar equipment used by disaster recovery organization members Difficulty in enforcing the reciprocal agreement
Difficulty in enforcing the reciprocal agreement Reciprocal agreements also known as Mutual Aid Agreements are at best, a secondary option for disaster protection. The agreements are not enforceable, so there is no guarantee that this facility will be available to the company in a time of need.
An evacuation drill is scheduled and an employee reports to work with a leg cast. As a BC Coordinator, what action should you take? SELECT THE CORRECT ANSWER Direct the employee to follow evacuation procedures. Direct the employee to stay at his or her desk. Direct the employee to take the elevator earlier and wait at the assembly point. Direct the employee to stay at his or her desk and direct the supervisor to report the employee reported to the assembly area.
Direct the employee to follow evacuation procedures. The evacuation procedures include provisions for the evacuation of disabled personnel. The employee should follow those steps in order to test the plan properly.
Which access control modal PRIMARILY uses access control lists (ACLs)? SELECT THE CORRECT ANSWER Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role Based Access Control (RBAC) Attribute Based Access Control (ABAC)
Discretionary Access Control (DAC) Access control lists (ACLs) provide a flexible method for applying discretionary access controls. An ACL lists the specific rights and permissions that are assigned to a subject for a given object.
A batch process to dump the data at periodical intervals to a remote backup system is called _____________. SELECT THE CORRECT ANSWER Remote journaling Remote mirroring Electronic vaulting Database shadowing
Electronic vaulting Electronic vaulting makes a copy of data to a backup location. This is a batch process operation that functions to keep a copy of all current records, transactions, or files at an offsite location.
What is the primary benefit of using Encapsulating Security Payload over using Authentication Header (AH)? SELECT THE CORRECT ANSWER Authentication Header uses an encryption algorithm that is considered weak Encapsulating Security Payload requires less computational overhead Encapsulating Security Payload protects the confidentiality of the transmitted data Authentication Header provides integrity services for the packet header only
Encapsulating Security Payload protects the confidentiality of the transmitted data The benefit of using ESP is that it provides for confidentiality of the data, whereas AH only protects the integrity of the header.
e following describes the benefits of using encryption to protect personal data-at-rest, EXCEPT: SELECT THE CORRECT ANSWER Encryption converts personal data to non-personal data Encryption of personal data meets compliance requirements Encryption maintains integrity of personal data Encryption protects confidentiality of personal data
Encryption converts personal data to non-personal data Encryption of personal data meets compliance requirements Encryption does not convert personal data to non-personal data.
A SYN flood attack can be carried out by: SELECT THE CORRECT ANSWER Sending large numbers of UDP packets to a victim Using an amplification network to flood a victim with packets Exploiting the three-way handshake used by TCP/IP Sending oversized ping packets to a victim
Exploiting the three-way handshake used by TCP/IP A SYN flood is a form of denial-of-service attack in which an attacker exploits the three-way handshake used by TCP/IP by sending a series of SYN requests to a target's system. The target system sends ACK for each SYN request and waits for ACK reply from attacker which never comes. This consume enough server resources to make the system unresponsive to legitimate traffic.
Paired programming is a part of which software development method? SELECT THE CORRECT ANSWER Waterfall Extreme programming Spiral CASE
Extreme programming Paired programming is a part of the extreme programming software development method.
What happens when the sensitivity of a biometric system increases? SELECT THE CORRECT ANSWER FRRs will rise and FARs will drop FRRs will drop and FARs will drop FRRs will rise and FARs will drop FRRs will drop and FARs will drop
FRRs will rise and FARs will drop When the sensitivity of a biometric system increases, FRRs will rise and FARs will drop.
Identify the correct order of the EAL descriptions from EAL1 to EAL7. SELECT THE CORRECT ANSWER Functionally tested Structurally tested Methodically tested and checked Methodically designed, tested and reviewed Semiformally designed and tested Semiformally verified design and tested Formally verified design and tested Structurally tested Functionally tested Methodically tested and checked Methodically designed, tested and reviewed Semiformally designed and tested Semiformally verified design and tested Formally verified design and tested Functionally tested Structurally tested Semiformally designed and tested Semiformally verified design and tested Methodically tested and checked Methodically designed, tested and reviewed Formally verified design and tested Structurally tested Functionally tested Methodically designed, tested and reviewed Methodically tested and checked Semiformally verified design and tested Semiformally designed and tested Formally verified design and tested
Functionally tested Structurally tested Methodically tested and checked Methodically designed, tested and reviewed Semiformally designed and tested Semiformally verified design and tested Formally verified design and tested This is the correct order of the EAL descriptions from EAL1 to EAL7.
The systematic application; of a series of random malformed inputs, to test how a program responds, is called: SELECT THE CORRECT ANSWER Fuzzing Whitebox Testing Anomaly based IDS Blackbox testing
Fuzzing Fuzzing is giving random insensible input and noticing the behavior of the system in response to it.
The temperature in the data center has risen. It has also been observed that the primary and backup air conditioning units are malfunctioning. When contacted, the vendor maintenance staff advised that it will take one hour for them to arrive. What steps should be taken? SELECT THE CORRECT ANSWER Gracefully powering down the complete system and all of the peripheral devices Do nothing until the vendor maintenance staff arrive Power down only the peripheral devices Move the magnetic media to an area outside of the data center where the temperature is much cooler
Gracefully powering down the complete system and all of the peripheral devices In order to prevent a disaster it is prudent to gracefully power down the systems.
Identity and access management (IAM) solutions can be very useful for on-boarding new employees. Which of the following is NOT true regarding IAM solutions? SELECT THE CORRECT ANSWER Creates new account by integrating with HR systems Automates many routine provisioning tasks Grants permission on individuals for granular control Shortens the on-boarding time
Grants permission on individuals for granular control IAM solutions grant permissions based on roles rather than on individuals.
Words like "should SELECT THE CORRECT ANSWER may" and "can" are generally found in __________ document. Standard Guidelines Procedures
Guidelines Words including may, should, can, might and could, all imply some form of recommendation or guideline - where the user makes their own judgement as to whether to follow the recommendation/guideline or not.
What is a socket? SELECT THE CORRECT ANSWER IP address and Port IP address and Protocol Port and Protocol Port and Gateway
IP address and Port A socket is a combination of an IP address and a TCP or UDP port in one node.
While conducting a penetration test, John discovers a live intrusion which has a potential to compromise the critical business systems. What should be the immediate step that John is expected to perform? SELECT THE CORRECT ANSWER Note the results in the penetration testing report Immediately end the penetration test and inform the management Remove the malware Shut the system down
Immediately end the penetration test and inform the management When discovering a live malicious intrusion, the penetration tester should immediately end the test and notify the client.
The major advantage of Security Event Management (SEM) system over a log management system is that SEM systems are useful for log collection, collation, and analysis ___________. SELECT THE CORRECT ANSWER In real time For historical purposes For admissibility in court In discerning patterns
In real time SEM are intended to provide a common platform for log collection, collation, and analysis in real-time to allow for more effective and efficient responses.
What is the primary reason for sending employees on a vacation for specified length? SELECT THE CORRECT ANSWER Reduces stress levels, thereby lowering insurance claims. Improves morale, thereby decreasing errors. Increases potential for discovering frauds. Reduces dependence on critical individuals.
Increases potential for discovering frauds. Mandatory vacations require employees to take one or more weeks of their vacation in a single block of time, hence giving the organization, an opportunity to uncover potential fraud or abuse.
What is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions? SELECT THE CORRECT ANSWER Risk assessment Information security continuous monitoring Information security management system
Information security continuous monitoring Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
Which test verifies if all the interactions between the modules are working properly? SELECT THE CORRECT ANSWER Unit testing Interface testing White Box testing Regression testing
Interface testing Interface testing verifies if all the interactions between the modules are working properly.
What concept defines a network of devices, vehicles, and home appliances that contain electronics, software, actuators, and connectivity which allows these things to connect, interact and exchange data? SELECT THE CORRECT ANSWER Internet of things (IoT) Distributed systems Web of things (WoT) Smart grid
Internet of things (IoT) The Internet of things is the network of devices, vehicles, and home appliances that contain electronics, software, actuators, and connectivity which allows these things to connect, interact and exchange data.
Which of the following is incorrect regarding the application layer in the OSI model? SELECT THE CORRECT ANSWER It is the highest layer of the OSI model It contains the user applications It is responsible for identifying and establishing the availability of the intended communication partner Application layer firewalls also operate at this layer
It contains the user applications This layer does not include the actual applications, but rather the protocols that support the applications.
Which security principle states that the security of a cipher should depend only on keeping the key secret? SELECT THE CORRECT ANSWER Diffie-Hellman's principle Ceaser's principle Kerckhoffs' principle Ron Rivist's principle
Kerckhoffs' principle A fundamental principle in cryptography, Kerckhoffs' Principle, states that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Which indicator uses mathematical formulas or models to give an early warning to identify a potential event that may the harm continuity of the activity or project? SELECT THE CORRECT ANSWER Key Performance Indicator Key Risk Indicator Key Project Indicator Key Threat Indicator
Key Risk Indicator Key risk indicator uses mathematical formulas or models to give an early warning to identify a potential event that may harm continuity of the activity or a project.
What is the MAJOR drawback of symmetric cryptography? SELECT THE CORRECT ANSWER Key management Performance Key length Key strength
Key management The primary drawback of symmetric key ciphers is key management, because the same key is used for both encryption and decryption, the key must be distributed to both sender and the receiver. Should an adversary obtain the key, not only is the confidentiality of the data compromised, but integrity is also threatened given that the key can be used to encrypt as well as decrypt. The risks posed by losing control of the key make distributing and storing the key difficult.
One of the major security risk of wireless LANs is: SELECT THE CORRECT ANSWER Lack of physical access control Demonstrably insecure standards Implementation weaknesses Lack of collision detection
Lack of physical access control Many wireless LAN's can be accessed outside the organization's property by anyone with a wireless card in a laptop, which effectively extends the LAN beyond physical limits.
Which of the following statement best describes ethics and laws? SELECT THE CORRECT ANSWER Laws define what we should do and ethics define what we might do Laws define what we must do and ethics define what we should do laws define what we could do and ethics define what we must do laws define what we can do and ethics define what we may do
Laws define what we must do and ethics define what we should do Laws define what we must do and ethics define what we should do.
One of the advantages of a cold site recovery solution is________. SELECT THE CORRECT ANSWER Less downtime Less expensive Highly available Zero maintenance
Less expensive One of the advantages of a cold site recovery solution is that its less expensive.
Identify the statement that correctly matches who determines the access control policy in the following access control models. SELECT THE CORRECT ANSWER MAC: system, DAC: owner, RBAC: administrator MAC: owner, DAC: system, RBAC: administrator MAC: administrator, DAC: owner, RBAC: system MAC: owner, DAC: administrator, RBAC: system
MAC: system, DAC: owner, RBAC: administrator In MAC, the system determines the access policy. In DAC, the owner determines the access policy. In role-BAC, administrators determine subject privileges and assign appropriate privileges to roles or groups.
Which of the following is NOT a routing protocol? SELECT THE CORRECT ANSWER OSPF (Open Shortest Path First) BGP (Border Gateway Protocol) MPLS (Multiprotocol Label Switching) EIGRP (Enhanced Interior Gateway Routing Protocol)
MPLS (Multiprotocol Label Switching) MPLS is not a routing protocol. There are numerous dynamic routing protocols, including EIGRP, RIP, OSPF and BGP.
Alice is the new BCM coordinator and needs to identify various preventive and recovery solutions her company should implement for BCP\DRP efforts. She and her team have carried out a business impact analysis and found out that if the company's accounting system is out of operation for more than 6 hours, the company would face significant losses. She has calculated that the accounting system would take 4 hours to be brought back online after a disruption. The analysis efforts have also indicated that the data that are restored cannot be older than ten minutes of current real-time data. Which of the following BEST describes the metrics and their corresponding values that Alice's team has derived? SELECT THE CORRECT ANSWER MTD is 6 hours. RTO value is 10 minutes. WRT value is 2 hours. RPO value is 4 hours. MTD is 6 hours. RTO value is 2 hours. WRT value is 4 hours. RPO value is 10 minutes. MTD is 6 hours. RTO value is 2 hours. WRT value is 10 minutes. RPO value is 4 hours. MTD is 6 hours. RTO value is 4 hours. WRT value is 2 hours. RPO value is 10 minutes.
MTD is 6 hours. RTO value is 4 hours. WRT value is 2 hours. RPO value is 10 minutes. MTD is 6 hours. RTO value is 4 hours. WRT = MTD - RTO. WRT value is 2 hours. RPO value is 10 minutes.
A compiled code poses more security risk than an interpreted code, why? SELECT THE CORRECT ANSWER Malicious code can be embedded in a compiled code and can be difficult to detect The browser can safely execute all interpreted applets Compilers are not reliable Interpreted code poses more risk than compiled code
Malicious code can be embedded in a compiled code and can be difficult to detect Since the compiled code has already been translated to binary language, it is very difficult for us to detect malicious code inside an application
Which of the following is the central axioms of computer forensics? SELECT THE CORRECT ANSWER Minimize the degree of contamination to the scene and evidence. Work as quickly as possible as all evidence is dynamic Don't bother with non-digital evidence as it is not require Digital crime scenes are completely different than physical crime scenes.
Minimize the degree of contamination to the scene and evidence. Protection of evidence and the crime scene is one of the central principles of investigation of all types of crime, whether digital or physical.
Which recovery alternative has the highest readiness? SELECT THE CORRECT ANSWER Mobile site Mirrored site Hot site Warm site
Mirrored site A mirrored site has the highest level of readiness. It is able to assume all processing with almost no outage.
Which of the following correctly describes an electricity fault? SELECT THE CORRECT ANSWER Prolonged high voltage Momentary power outage Prolonged reduction in voltage Momentary reduction in voltage
Momentary power outage Electricity fault is a momentary loss of power.
A user must have a business requirement to view data before attempting to do so is an example of which security principle? SELECT THE CORRECT ANSWER Least privilege Need-to-know Rotation of duties Separation of duties
Need-to-Know Need-to-know means that the user must have a need (business requirement) to view a specific data.
In Bell-LaPadula model what does Simple Security Property mean? SELECT THE CORRECT ANSWER No Read Up No Write Down No Read Down No Write Up
No Read Up The Simple Security Property states that a subject at a given security level may not read an object at a higher security level.
Which of the following best defines the advisory policies? SELECT THE CORRECT ANSWER Non-mandated policies, but strongly suggested Policies implemented for compliance reasons Policies implemented due to public regulation Mandatory policies implemented as a consequence of legal action
Non-mandated policies, but strongly suggested Advisory policies might have consequences of failure attached to them, but they are still considered non-mandatory.
Which cloud model gives responsibility for the physical environment to the cloud customer? SELECT THE CORRECT ANSWER IaaS PaaS SaaS None
None None of the environments gives responsibility for physical security to the cloud customer. In all cloud hosting environments, the cloud provider has sole responsibility for the physical infrastructure and the security of it.
When establishing the value of information, the LEAST important factor is? SELECT THE CORRECT ANSWER Intellectual property Operational impact Value to outsiders Quantity of information
Quantity of information The quantity of information is not as important to establish the value of information.
During the client authentication process in Kerberos, what does the client send to the Authentication Server (AS)? SELECT THE CORRECT ANSWER Only cleartext message of the user ID Encrypted user ID and password Encrypted user ID, password, and secret key Cleartext user ID and encrypted password
Only cleartext message of the user ID During the client authentication process the client sends a cleartext message of the user ID to the AS (Authentication Server) requesting services on behalf of the user. Neither the secret key nor the password is sent to the AS.
Which of the following is true about PKI (Public Key Infrastructure)? SELECT THE CORRECT ANSWER PKI is a decentralized mechanism to validate digital certificates issued by Certificate Authority PKI uses only asymmetric key encryption with digital certificates Registration Authority verifies and issues digital certificates PKI is a combination of digital certificates, public-key cryptography, and certificate authorities that provide enterprise wide security
PKI is a combination of digital certificates, public-key cryptography, and certificate authorities that provide enterprise wide security PKI consists of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke digital certificates based on public key cryptography.
Which of the following is the BEST practice with regards to input validation in web applications? SELECT THE CORRECT ANSWER Perform both client-side and server-side validation Perform only client-side validation Perform only server-side validation Perform neither client-side nor server-side validation
Perform both client-side and server-side validation Only client side validation is not sufficient and can be easily bypassed by disabling JavaScript. This is why validation should always be implemented on both the client and server.
Which of the following is NOT an appropriate privacy principle? SELECT THE CORRECT ANSWER Personal data should be obtained without the knowledge or consent of the individual The purposes for the data use should be specified at the time of the collection Personal data should be protected by reasonable security safeguards Data collection and processing should be transparent to the individuals
Personal data should be obtained without the knowledge or consent of the individual Personal data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the individual
Fire sprinkler system may be required to be installed by building codes, or may be recommended by insurance companies to reduce potential property losses or business interruption. These internal controls are categorized by type and purpose as: SELECT THE CORRECT ANSWER Technical and preventive Physical and detective Administrative and corrective Physical and preventive
Physical and preventive Fire sprinkler systems are physical security controls designed for fire safety by automatically putting out fires in the room of origin and preventing fires from spreading or re-igniting.
What database security technology involves creating two or more rows with seemingly identical primary keys that contain different data for users with different security clearances? SELECT THE CORRECT ANSWER Polyinstantiation Polymorphism Referential integrity Views
Polyinstantiation Database developers use polyinstantiation, the creation of multiple records that seem to have the same primary key, to protect against inference attacks.
Which type of testing is used to test whether an application works as expected? SELECT THE CORRECT ANSWER Negative testing Misuse case testing Positive testing Regression testing
Positive testing Positive testing is used to test whether an application works as expected.
Which OSI layer is responsible for data encryption and compression? SELECT THE CORRECT ANSWER Application Presentation Session Transport
Presentation Presentation layer in the OSI model is responsible for data encryption and compression.
Which communication standard relies on the concept of "Web of Trust"? SELECT THE CORRECT ANSWER Public Key Infrastructure (PKI) Pretty Good Privacy (PGP) Federated identity IPsec
Pretty Good Privacy (PGP) PGP does not use a hierarchy of CAs, or any type of formal trust certificates, but relies on a "web of trust" in its key management approach. Each user generates and distributes his or her public key, and users sign each other's public keys, which creates a community of users who trust each other. This is different to the CA approach where no one trusts each other, they only trust the CA.
Which process identifies and addresses the root cause? SELECT THE CORRECT ANSWER Change management Problem management Incident management Patch management
Problem management Root cause and the underlying issue is addressed by the problem management process.
Which one of the following is NOT a value practiced in the Agile software development process? SELECT THE CORRECT ANSWER Processes and tools over individuals and interactions Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan
Processes and tools over individuals and interactions Agile software development values individuals and interactions over processes and tools.
A signed user acknowledgment of the corporate security policy is important as this: SELECT THE CORRECT ANSWER Ensures that users have read the policy Ensures that users understand the policy, as well as the consequences for not following the policy Can be waived if the organization is satisfied that users have an adequate understanding of the policy Protects the organization if a user's behavior violates the policy
Protects the organization if a user's behavior violates the policy All users should sign an acknowledgement that they have read and understood the corporate security policies. While this does not ensure that they have understood the policies, it will help protect the organization if a user's behavior violates the policy.
An SSID (Service Set Identifier) is a name (up to 32 characters) that uniquely identifies a wireless network. It is recommended to disable the broadcasting of the SSID. What security does this provide? SELECT THE CORRECT ANSWER Prevents man-in-the-middle attack Prevents detection by packet sniffing tools Prevents denial or service attacks Provides security by obscurity
Provides security by obscurity SSID should be disabled if the network is not for public use, but realize that hiding the SSID is not true security because any hacker with basic wireless knowledge can easily discover the SSID. Hiding the SSID is security by obscurity as it does not secure the network; you must enable encryption. Even when broadcast is disabled, the SSID can still be detected using packet sniffing tools.
An airline has taken measures to protect the passenger data (name, address, passport number) by storing it in one file and the travel history in the other file. In addition, each passenger is given a passenger number (P8705), so this data is added to the dataset. By separating passenger data and travel history, it is possible to find which passenger belongs to which passenger number in one file. the other file contains travel behaviour belonging to the passenger number. These files are kept separately with role-based access control. In this way, the travel data is analyzed without each employee knowing the true identity of the passenger. This limits the dissemination of sensitive information within the company and improves the protection of passengers' personal data. Which data protection measure is described here? SELECT THE CORRECT ANSWER Pseudonymization A1, E1 A6, E1 A6, E6
Pseudonymization The GDPR defines pseudonymization as "the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information." To pseudonymise a data set, the "additional information" must be "kept separately and subject to technical and organisational measures to ensure non-attribution to an identified or identifiable person." ,,,,Encryption,0, ,,,,Tokenization,0, ,,,,Obfuscation,0, 144,Security Architecture and Engineering,mcq,What is the TCSEC and ITSEC equivalent of CC EAL7?,"A1, E6
Which of the following are the key elements of a security policy document? SELECT THE CORRECT ANSWER Purpose, scope, objectives, responsibilities, compliance Overview, history, controls, responsibilities, audit Overview, scope, controls, training, audit Purpose, history, scope, responsibilities, training
Purpose, scope, objectives, responsibilities, compliance Purpose, scope, objectives, responsibilities, and compliance are the key elements of a security policy.
An application mirrors (or replicates) data to a backup system in real-time. If a disaster occurs, the disaster recovery team requires 6 hours to start the backup system. After the team gets the backup system running, the business has data from the time when the primary system failed. What BEST describes this scenario? SELECT THE CORRECT ANSWER RPO is equal to RTO RTO is equal to MTD RPO is less than RTO RTO is less than RPO
RPO is equal to RTO A business can recover an application in 6 hours (RTO), with a maximum data loss of 6 hours (RPO).
Which of the following statement best describes RTO and RPO? SELECT THE CORRECT ANSWER RTO defines "How far back?". RPO defines "How long to recover?" RTO defines "How long to recover?". RPO defines "How far back?" RTO defines "How far back?". RPO defines "What to recover?" RTO defines "How long to recover?". RPO defines "What to recover?"
RTO defines "How long to recover?". RPO defines "How far back?" A Recovery Time Objective (RTO) is the maximum period of time in which a business process must be restored after a disaster. The Recovery Point Objective (RPO) is the earlier point in time to which systems and data must be recovered after an outage. RPO defines the maximum amount of data that your organization is willing to sacrifice after a disaster.
A security guard comes upon a hole cut in a perimeter fence. What is the next best step? SELECT THE CORRECT ANSWER Switch on the light Raise an alarm Call the police Scream for help
Raise an alarm Alarms are used to discourage intruders or attackers from continuing their malicious or trespassing activities and force them off the premises.
________ records all user interaction with a website or client interaction with a cloud-based application or server. SELECT THE CORRECT ANSWER Real user monitoring Synthetic monitoring Application monitoring Control monitoring
Real user monitoring Real user monitoring records all user interaction with a website or client interaction with a cloud-based application or server.
Which of the following requires keeping archives of audit logs for a specific time? SELECT THE CORRECT ANSWER Data remanence Data diddling Record retention Data mining
Record retention Record retention policies define the amount of time to keep any data, including logs. Data remanence is data remnants on media. Data diddling refers to the modification of data before or during data entry resulting in incorrect or corrupt data. Data mining refers to extracting meaningful knowledge from large amounts of data.
The PRIMARY purpose of a foreign key is to ensure: SELECT THE CORRECT ANSWER Entity integrity Primary integrity Referential integrity Semantic integrity
Referential integrity The purpose of the foreign key is to ensure referential integrity of the data. Therefore, any column in a base table that is declared a foreign key can contain either a null value, or only values from a parent table's primary key or a candidate key.
Which of the following is not correct? SELECT THE CORRECT ANSWER Risk Acceptance: Accepting the risk and absorbing the cost when and if it occurs. Risk Transference: Pass risk to another party. Example: Insurance. Risk Avoidance: Decide to continue with the activity despite the identified risk. Risk Reduction: Provide countermeasures to reduce the risk and strengthen the security posture.
Risk Avoidance: Decide to continue with the activity despite the identified risk. While all the other definitions are correct, risk avoidance is to cease a business process or decide not to enter into an activity that would create an unacceptable level of risk.
Which of the following is an XML-based framework for exchanging security information, including authentication data? SELECT THE CORRECT ANSWER Kerberos OpenID SAML OAuth
SAML Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. As its name implies, SAML is an XML-based markup language for security assertions
Which of the following reports can be freely distributed? SELECT THE CORRECT ANSWER SOC 1 SOC 2 SOC 3 SAS 70
SOC 3 SOC 3 reports can be freely distributed.
A SOC 1 report for service provider is issued under: SELECT THE CORRECT ANSWER SSAE 16 ISO/IEC 27001 SSAE 18 ISO/IEC 27002
SSAE 18 SSAE 18 (Statement on Standards for Attestation Engagements No. 18.) standards establish requirements and provide application guidance to auditors for performing and reporting on examination, review, and agreed-upon procedures engagements, including Service Organization Controls (SOC) attestations. SSAE 18 completely replaces SSAE 16 and many other SSAEs into a combined standard.
Demilitarized Zone (DMZ) is generally implemented using a ______. SELECT THE CORRECT ANSWER Screening router Dual-homed gateway Screened-host gateway Screened-subnet
Screened-subnet The screened-subnet employs an external screening router, a dual- homed (or multi-homed) host, and a second internal screening router. This implements the concept of a network DMZ (or demilitarized zone). Publicly available services are placed on bastion hosts in the DMZ.
After the entire BCP has been documented and reviewed by all stakeholders, what is the next BEST step? SELECT THE CORRECT ANSWER Secure senior management approval Make the BCP document available on the public company website Share the BCP document with the regulatory bodies Ensure every employee reads and signs the BCP document
Secure senior management approval After the entire plan has been documented and reviewed by all stakeholders, the senior management must examine it and approve it. Senior management's approval is needed so that all affected and involved employees in the organization understand the importance of emergency planning.
What term is used to describe a small, portable device that generates a digital security code used with your token password to securely authorize online payments above your daily limit? SELECT THE CORRECT ANSWER Token Ring Security tokens Token passing networks Coupons
Security tokens Security token is a small, portable device that generates a digital security code used with your token password to securely authorize online payments above your daily limit. Tokens are usually used to provide authentication.
A courier service is contracted by a local hospital to deliver envelopes containing patients' medical records to other health service institutions. The courier service is in physical possession of the mail but does not open it to access any personal data or other content. The mail delivery service can be considered as a ___________. SELECT THE CORRECT ANSWER Data controller Data processor Data owner Service provider
Service provider The mail delivery service is neither a data controller or data processor for the service provided as it does not process any personal data. It is only a service provider.
Which of the following is NOT a GDPR data protection principle? SELECT THE CORRECT ANSWER Purpose limitation Data minimisation Storage limitations Sharing limitation
Sharing limitation The GDPR data protection principles are: Lawfulness, fairness, and transparency Purpose limitation Data minimisation Accuracy Storage limitations Integrity and confidentiality
When deploying a network in an environment heavily populated with Radio Frequency (RF) energy, which transmission media would offer the highest level of protection? SELECT THE CORRECT ANSWER Unshielded Twisted Pair (UTP) Shielded Twisted Pair (STP) Microwave Single Mode Fiber Optics
Single Mode Fiber Optics Fiber optic cabling is the best option because it is not susceptible to interference from RF energy. Using shielded twisted pair would be the next best solution.
A potential vulnerability of the Kerberos authentication server is _____________. SELECT THE CORRECT ANSWER Single point of failure Slow because of asymmetric key usage Use of dynamic passwords Limited lifetimes for authentication credentials
Single point of failure A major drawback of Kerberos is single point of failure as it requires continuous availability of a central server. When the Kerberos server is down, new users cannot log in. This can be mitigated by using multiple Kerberos servers and fallback authentication mechanisms.
An attacker is sending ICMP echo_request messages into the network with the source address spoofed as the address of the victim and the destination address which is a directed broadcast. What type of attack is the hacker using? SELECT THE CORRECT ANSWER Fraggle Smurf Ping of Death Brute force
Smurf The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.
Which of the following is required by a company that uses vendor software, to mitigate the impact of a software vendor going out of business? SELECT THE CORRECT ANSWER Detailed credit investigation prior to acquisition Source code held in escrow Standby contracts with other vendors Substantial penalties for breech of contract
Source code held in escrow A software escrow arrangement is a unique tool used to protect a company against the failure of a software developer to provide adequate support for its products or against the possibility that the developer will go out of business and no technical support will be available for the product.
What correctly describes the statement "Analysis of the application source code for finding vulnerabilities without actually executing the application". SELECT THE CORRECT ANSWER Static Source Code Analysis Static Binary Code Analysis Manual binary review Architecture security review
Static Source Code Analysis Static Source Code Analysis (SAST) involves analysis of the application source code for finding vulnerabilities without actually executing the application.
An Intrusion Detection System (IDS) that develops baselines of normal traffic activity and throughput, and alerts the IDS administrator if there is a deviation from the norm is using which of the following methods of detection? SELECT THE CORRECT ANSWER Attack signature detection Statistical anomaly detection Protocol anomaly detection Traffic anomaly detection
Statistical anomaly detection Using statistical anomaly detection, an IDS first creates a baseline profile that represents the normal behavior of the traffic. In detection mode, the IDS starts comparing the regular traffic with the profile that was created, and if any abnormality or deviation from the baseline profile is found, then an alert is triggered cautioning the possible intrusion.
The process of hiding characters of plain text within an audio file is referred to as _______. SELECT THE CORRECT ANSWER Steganography Optimal Asymmetric Encryption Padding (OAEP) A null cipher. Digital Rights Managment (DrM)
Steganography Steganography is the process of hiding a message within another message so that its very existence is hidden.
Harry works for an Indian company that conducts business with customers in the European Union. He is developing a data retention policy for his organization. Which privacy principle should he PRIMARILY consider while formulating this policy? SELECT THE CORRECT ANSWER Purpose limitation Data minimisation Storage limitations Accuracy
Storage limitations Storage limitations principle in GDPR states that "Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed". This principle is most important when developing data retention policy.
Possession or knowledge of which of the following cryptographic component by the attacker would lead to confidentiality issue? SELECT THE CORRECT ANSWER Ciphertext Algorithm Hash of the message Symmetric key
Symmetric key Possession of the ciphertext, hash of the message or the knowledge of the algorithm used is not a threat to confidentiality. However, the key must be carefully protected from unauthorized users.
Bob is reviewing the baseline controls for his organization. He finds that the controls apply perfectly to computers in their main location, but some controls aren't appropriate or feasible in a remote office location. In this situation, Bob selects compensating security controls to customize the baseline for the remote location. SELECT THE CORRECT ANSWER Baselining Scoping Tailoring Standardizing
Tailoring Tailoring refers to modifying the list of security controls within a baseline so that they align with the mission of the organization.
Weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack is utilized in which attacks? SELECT THE CORRECT ANSWER Teardrop Smurf Ping of Death SYN flood
Teardrop The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash.
The software testing team in Bob's organization uses automated testing tools. He is concerned that the team may not completely test the source code. What should he check, in the report, to measure the percentage of source code executed during testing? SELECT THE CORRECT ANSWER Code review report White box test report Test coverage report Black box test report
Test coverage report Test coverage is a measure used to describe the degree to which the source code of a program is executed when a particular test suite runs. A high test coverage suggests lower chance of undetected software bugs.
Within Kerberos, which part is the single point of failure? SELECT THE CORRECT ANSWER The Ticket Granting Ticket The Realm The Key Distribution Center The Client-Server session key
The Key Distribution Center The Key Distribution Center is the single point of failure within a Kerberos.
Which of the following statements is NOT correct about safeguard selection in the risk analysis process? SELECT THE CORRECT ANSWER Maintenance costs need to be included in determining the total cost of the safeguard The best possible safeguard should always be implemented, regardless of cost The most commonly considered criteria is the cost effectiveness of the safeguard Many elements need to be considered in determining the total cost of the safeguard
The best possible safeguard should always be implemented, regardless of cost Performing a cost-benefit analysis of the proposed safeguard before implementation is vital. The level of security afforded could easily outweigh the value of a proposed safeguard.
What is a method in an object-oriented system? SELECT THE CORRECT ANSWER The means of communication among objects. A guide to the programming of objects. The code defining the actions that the object performs in response to a message. The situation where a class inherits the behavioral characteristics of more than one parent class.
The code defining the actions that the object performs in response to a message. A method in an object-oriented system is the code that defines the actions that the object performs in response to a message.
Non-Discretionary Access Control is centrally administered with authorization decisions based on: SELECT THE CORRECT ANSWER The society's role in the organization The individual's role in the organization The group-dynamics as they relate to the individual's role in the organization The group-dynamics as they relate to the master-slave role in the organization
The individual's role in the organization Non-Discretionary Access Control is usually role-based, centrally administered with authorization decisions based on the roles the individuals have within an organization.
An organization performs daily backup of its order processing system. The organization makes an average of $5,000 per hour in orders. The organization establishes a RPO of 2 hours for the business. To meet that goal, the organization has to purchase new storage systems, plus an expensive data connection from the main processing center to the backup processing center amounting to $100,000. What should the organization do? SELECT THE CORRECT ANSWER The organization should not invest on the equipments The organization should establish a longer RPO The organization should establish a shorter RPO The organization should consider the equipments as warranted
The organization should consider the equipments as warranted Business loss without the equipments: $5,000*24 = $120,000 Investment on equipments: $100,000 Business loss due to disaster with RPO of 2 hours : $5000*2 = $10,000 Total: $100,000 + $10,000 = $110,000 This clearly justifies the investments.
Which of the following is true for digital signatures? SELECT THE CORRECT ANSWER The sender encrypts the hash with a public key The sender encrypts the hash with a private key The sender encrypts the plaintext with a public key The sender encrypts the plaintext with a private key
The sender encrypts the hash with a private key A digital signature is a hash value that has been encrypted with the sender's private key.
Bob is accessing a remote website on the Internet from his laptop connected to a Wi-Fi Access Point (AP) which is secured using WPA2. Which of the following statement is true? SELECT THE CORRECT ANSWER The traffic between the laptop and the remote website is always encrypted The traffic between the laptop and the Access Point (AP) is always encrypted The traffic between the access Point (AP) and the router is always encrypted The traffic between the router and remote website is always encrypted
The traffic between the laptop and the Access Point (AP) is always encrypted Modern access points come with built-in encryption using WPA2 protocol, thus the traffic between the laptop and the access point (AP) is always encrypted.
There are three different applications on computer A communicating with three applications on computer B. Which of the following statements is TRUE? SELECT THE CORRECT ANSWER There are three session layer connections and one transport layer connection between computer A and computer B There are three session layer connections and three transport layer connections between computer A and computer B There is one session layer connection and one transport layer connection between computer A and computer B There is one session layer connection and three transport layer connections between computer A and computer B
There are three session layer connections and one transport layer connection between computer A and computer B Session layer protocols control application-to-application communication, whereas the transport layer protocols handle computer-to-computer communication.
Usage of need-to-know principle, due care, and NDA are relevant to the protection of what type of intellectual property? SELECT THE CORRECT ANSWER Patent Trademark Copyright Trade secret
Trade secret Trade Secret protection is provided to those who take reasonable steps to keep a valuable part of their business known to key personnel only. The economic value of the secret must be demonstrable, and reasonable steps to keep a secret can range from limiting knowledge to only need to know individuals (need-to-know), to making sure employees or independent contractors who have to work in/around the secret have NDAs.
Which of the following intellectual property licences are perpetual? SELECT THE CORRECT ANSWER Patent and trademark Trademark and copyright Copyright and trade secret Trade secret and trademark
Trade secret and trademark Trade secret protections do not have a specified term and can exist in perpetuity. Trademark can be licensed perpetually provided the same is periodically renewed by the licensor.
Bob was reading about a recent case in which organization had successfully won a lawsuit against a competitor organization. The case in question was regarding the use of his company's product name for a similar kind of its product by the competitor organization. The court gave its verdict in favor of his company and the opposite party had to pay heavy fine. Under which type of IP law, was the lawsuit filed? SELECT THE CORRECT ANSWER Patent Trademark Who, what, when, where and how Admissibility, completeness, accuracy, authenticity and availability Integrity, confidentiality, availability, authenticity and veracity
Trademark Who, what, when, where and how These are the core principles of chain of custody-there is a documented chronology of all activities related to the evidence throughout its lifecycle.
Server A trusts Server B. Server B trusts Server C. Server A therefore trusts Server C. What term describes this trust relationship? SELECT THE CORRECT ANSWER Domain trust Forest trust Non-transitive trust Transitive trust
Transitive trust Microsoft trust relationships fall into two categories: non-transitive and transitive. Non-transitive trusts only exist between two trust partners. Transitive trusts exist between two partners and all of their partner domains. For example: if A trusts B, in a transitive trust, A will trust B and all of B's trust partners.
What is the most important consideration when designing a firewall architecture? SELECT THE CORRECT ANSWER Identify the boundaries between security domains Understand the specific security needs of the business Identify all of the points of ingress and egress for the network Understand the level of filtering that is required for the organization
Understand the specific security needs of the business This is the best option as it encompasses all the other options as well.
Which of the following labeling is LEAST likely to be found on the backup tape? SELECT THE CORRECT ANSWER Value of data Retention period Classification level Date to be destroyed
Value of data Labels on a backup tape is likely to have fields such as Date created, Retention period, Classification level, Who created it, Date to be destroyed, Name and version.
Which of the following international agreement pertains to the transfer of conventional weapons and dual-use goods and technologies, and to prevent the acquisition of these items by terrorists? SELECT THE CORRECT ANSWER Montreal Protocol Wassenaar Arrangement World Intellectual Property Organization (WIPO) United Nations Commission on International Trade Law (UNCITRAL)
Wassenaar Arrangement The Wassenaar Arrangement, formally established in July 1996, is a voluntary export control regime whose 42 members exchange information on transfers of conventional weapons and dual-use goods and technologies. Participants are required to "ensure that transfers of these items do not contribute to the development or enhancement of military capabilities which undermine the goal". The aim, according to WA, is also to prevent the acquisition of these items by terrorists.
The Billion Laughs attack is a denial-of-service attack cause due to: SELECT THE CORRECT ANSWER Insecure Deserialization Security Misconfiguration Cross Site Scripting (XSS) XML External Entity (XXE)
XML External Entity (XXE) Poorly configured XML processors evaluate external entity references within XML documents. Attackers can use external entities for attacks including remote code execution, internal port scanning, and to disclose internal files and SMB file shares.
When dealing with digital evidence, the crime scene must: SELECT THE CORRECT ANSWER never be altered be completely reproducible in a court of law exist in only one country have the least amount of contamination that is possible
have the least amount of contamination that is possible The integrity of digital evidence is very important. Thus, when dealing with digital evidence, the crime scene must have the least amount of contamination that is possible.
When considering the IT Development Life-Cycle, security should be _____________. SELECT THE CORRECT ANSWER mostly considered during the initiation phase mostly considered during the development phase treated as an integral part of the overall system design added once the design is completed
treated as an integral part of the overall system design When considering the IT Development Life-Cycle, security should be treated as an integral part of overall system design.