Systems Security Certified Practitioner

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection? A. B B. A C. C D. D

A. B

Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection? A. C B. B C. A D. D

A. C

Which of the following division is defined in the TCSEC (Orange Book) as minimal protection? A. Division D B. Division C C. Division B D. Division A

A. Division D

Domain Name Service is a distributed database system that is used to map: A. Domain Name to IP addresses. B. MAC addresses to domain names. C. MAC Address to IP addresses. D. IP addresses to MAC Addresses.

A. Domain Name to IP addresses.

Within the legal domain what rule is concerned with the legality of how the evidence was gathered ? A. Exclusionary rule B. Best evidence rule C. Hearsay rule D. Investigation rule

A. Exclusionary rule

All hosts on an IP network have a logical ID called a(n): A. IP address. B. MAC address. C. TCP address. D. Datagram address.

A. IP address.

Which security model introduces access to objects only through programs? A. The Biba model B. The Bell-LaPadula model C. The Clark-Wilson model D. The information flow model

C. The Clark-Wilson model

In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. Initiation B. Development/acquisition C. Implementation D. Operation/maintenance

A. Initiation

Making sure that the data has not been changed unintentionally, due to an accident or malice is: A. Integrity. B. Confidentiality. C. Availability. D. Auditability.

A. Integrity.

What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)? A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol

A. Internet Key Exchange (IKE)

Which of the following statements pertaining to Kerberos is TRUE? A. Kerberos does not address availability B. Kerberos does not address integrity C. Kerberos does not make use of Symmetric Keys D. Kerberos cannot address confidentiality of information

A. Kerberos does not address availability

Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA): A. Notifying senior management of the start of the assessment. B. Creating data gathering techniques. C. Identifying critical business functions. D. Calculating the risk for each different business function.

A. Notifying senior management of the start of the assessment.

Sensitivity labels are an example of what application control type? A. Preventive security controls B. Detective security controls C. Compensating administrative controls D. Preventive accuracy controls

A. Preventive security controls

Which of the following should NOT normally be allowed through a firewall? A. SNMP B. SMTP C. HTTP D. SSH

A. SNMP

How would an IP spoofing attack be best classified? A. Session hijacking attack B. Passive attack C. Fragmentation attack D. Sniffing attack

A. Session hijacking attack

Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing? A. System development activity B. Help-desk function C. System Imaging D. Risk management process

A. System development activity

What is the RESULT of a hash algorithm being applied to a message ? A. A digital signature B. A ciphertext C. A message digest D. A plaintext

C. A message digest

Which of the following would best define a digital envelope? A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's private key

C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.

What is the difference between Advisory and Regulatory security policies? A. there is no difference between them B. regulatory policies are high level policy, while advisory policies are very detailed C. Advisory policies are not mandated. Regulatory policies must be implemented. D. Advisory policies are mandated while Regulatory policies are not

C. Advisory policies are not mandated. Regulatory policies must be implemented.

In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use: A. Screened subnets B. Digital certificates C. An encrypted Virtual Private Network D. Encryption

C. An encrypted Virtual Private Network

Which of the following best allows risk management results to be used knowledgeably? A. A vulnerability analysis B. A likelihood assessment C. An uncertainty analysis D. A threat identification

C. An uncertainty analysis

In the CIA triad, what does the letter A stand for? A. Auditability B. Accountability C. Availability D. Authentication

C. Availability

In an organization, an Information Technology security function should: A. Be a function within the information systems function of an organization. B. Report directly to a specialized business unit such as legal, corporate security or insurance. C. Be lead by a Chief Security Officer and report directly to the CEO. D. Be independent but report to the Information Systems function

C. Be lead by a Chief Security Officer and report directly to the CEO.

Knowledge-based Intrusion Detection Systems (IDS) are more common than: A. Network-based IDS B. Host-based IDS C. Behavior-based IDS D. Application-Based IDS

C. Behavior-based IDS

What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources? A. Micrometrics B. Macrometrics C. Biometrics D. MicroBiometrics

C. Biometrics

Which of the following was not designed to be a proprietary encryption algorithm? A. RC2 B. RC4 C. Blowfish D. Skipjack

C. Blowfish

Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle? A. Pipelining B. Reduced Instruction Set Computers (RISC) C. Complex Instruction Set Computers (CISC) D. Scalar processors

C. Complex Instruction Set Computers (CISC)

What is the main focus of the Bell-LaPadula security model? A. Accountability B. Integrity C. Confidentiality D. Availability

C. Confidentiality

What is the proper term to refer to a single unit of Ethernet data at the link layer of the DoD TCP model ? A. Ethernet Segment. B. Ethernet Datagram. C. Ethernet Frame. D. Ethernet Packet.

C. Ethernet Frame.

Which layer of the DoD TCP/IP Model ensures error-free delivery and packet sequencing? A. Internet layer B. Network access layer C. Host-to-host D. Application layer

C. Host-to-host

Which of the following is the FIRST step in protecting data's confidentiality? A. Install a firewall B. Implement encryption C. Identify which information is sensitive D. Review all user access rights

C. Identify which information is sensitive

In Synchronous dynamic password tokens: A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). C. The unique password is not entered into a system or workstation along with an owner's PIN. D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.

A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).

Which of the following is an example of a connectionless communication protocol? A. UDP B. X.25 C. Packet switching D. TCP

A. UDP

Which of the following would be the best criterion to consider in determining the classification of an information asset? A. Value B. Age C. Useful life D. Personal association

A. Value

What is malware that can spread itself over open network connections? A. Worm B. Rootkit C. Adware D. Logic Bomb

A. Worm

Unshielded Twisted Pair cabling is a: A. four-pair wire medium that is used in a variety of networks. B. three-pair wire medium that is used in a variety of networks. C. two-pair wire medium that is used in a variety of networks. D. one-pair wire medium that is used in a variety of networks.

A. four-pair wire medium that is used in a variety of networks.

Which protocol is NOT implemented in the Network layer of the OSI Protocol Stack? A. hyper text transport protocol B. Open Shortest Path First C. Internet Protocol D. Routing Information Protocol

A. hyper text transport protocol

Which is the last line of defense in a physical security sense? A. people B. interior barriers C. exterior barriers D. perimeter barriers

A. people

Each data packet is assigned the IP address of the sender and the IP address of the: A. recipient. B. host. C. node. D. network.

A. recipient.

A DMZ is located: A. right behind your first Internet facing firewall B. right in front of your first Internet facing firewall C. right behind your first network active firewall D. right behind your first network passive Internet http firewall

A. right behind your first Internet facing firewall

A server cluster looks like a: A. single server from the user's point of view B. dual server from the user's point of view C. triple server from the user's point of view D. quardle server from the user's point of view

A. single server from the user's point of view

The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. 4 B. 16 C. 54 D. 64

B. 16

What is an IP routing table? A. A list of IP addresses and corresponding MAC addresses. B. A list of station and network addresses with corresponding gateway IP address. C. A list of host names and corresponding IP addresses. D. A list of current network interfaces on which IP routing is enabled.

B. A list of station and network addresses with corresponding gateway IP address.

Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive? A. Pattern Matching (also called signature analysis) B. Anomaly Detection C. Host-based intrusion detection D. Network-based intrusion detection

B. Anomaly Detection

Which of the following is NOT an example of an operational control? A. backup and recovery B. Auditing C. contingency planning D. operations procedures

B. Auditing

Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN? A. DHCP B. BootP C. DNS D. ARP

B. BootP

The scope and focus of the Business continuity plan development depends most on: A. Directives of Senior Management B. Business Impact Analysis (BIA) C. Scope and Plan Initiation D. Skills of BCP committee

B. Business Impact Analysis (BIA)

Which TCSEC level is labeled Controlled Access Protection? A. C1 B. C2 C. C3 D. B1

B. C2

Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy? A. Mandatory Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Rule-based Access control

C. Non-Discretionary Access Control

What is the essential difference between a self-audit and an independent audit? A. Tools used B. Results C. Objectivity D. Competence

C. Objectivity

Which type of control is concerned with avoiding occurrences of risks? A. Deterrent controls B. Detective controls C. Preventive controls D. Compensating controls

C. Preventive controls

Which of the following embodies all the detailed actions that personnel are required to follow? A. Standards B. Guidelines C. Procedures D. Baselines

C. Procedures

Which of the following algorithms is used today for encryption in PGP? A. RSA B. IDEA C. Blowfish D. RC5

B. IDEA

Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location? A. Direct addressing B. Indirect addressing C. Indexed addressing D. Program addressing

B. Indirect addressing

What does the Clark-Wilson security model focus on? A. Confidentiality B. Integrity C. Accountability D. Availability

B. Integrity

Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)? A. Host-to-host layer B. Internet layer C. Network access layer D. Session layer

B. Internet layer

Which of the following can prevent hijacking of a web session? A. RSA B. SET C. SSL D. PPP

C. SSL

The Clipper Chip utilizes which concept in public key cryptography? A. Substitution B. Key Escrow C. An undefined algorithm D. Super strong encryption

B. Key Escrow

What is the MOST critical piece to disaster recovery and continuity planning? A. Security policy B. Management support C. Availability of backup information processing facilities D. Staff training

B. Management support

Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)

B. Message Authentication Code (MAC)

To understand the 'whys' in crime, many times it is necessary to understand MOM. Which of the following is not a component of MOM? A. Opportunities B. Methods C. Motivation D. Means

B. Methods

In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the best choice below. A. Network Address Translation B. Network Address Hijacking C. Network Address Supernetting D. Network Address Sniffing

B. Network Address Hijacking

What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition? A. Running key cipher B. One-time pad C. Steganography D. Cipher block chaining

B. One-time pad

A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)? A. Covert channel B. Overt channel C. Opened channel D. Closed channel

B. Overt channel

Which one of the following is used to provide authentication and confidentiality for e-mail messages? A. Digital signature B. PGP C. IPSEC AH D. MD4

B. PGP

Which of the following is the simplest type of firewall ? A. Stateful packet filtering firewall B. Packet filtering firewall C. Dual-homed host firewall D. Application gateway

B. Packet filtering firewall

In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? A. Pre Initialization Phase B. Phase 1 C. Phase 2 D. No peer authentication is performed

B. Phase 1

What can best be defined as high-level statements, beliefs, goals and objectives? A. Standards B. Policies C. Guidelines D. Procedures

B. Policies

Which of the following is best at defeating frequency analysis? A. Substitution cipher B. Polyalphabetic cipher C. Transposition cipher D. Ceasar Cipher

B. Polyalphabetic cipher

What prevents a process from accessing another process' data? A. Memory segmentation B. Process isolation C. The reference monitor D. Data hiding

B. Process isolation

Which of the following is not an encryption algorithm? A. Skipjack B. SHA-1 C. Twofish D. DEA

B. SHA-1

What can be defined as a momentary low voltage? A. Spike B. Sag C. Fault D. Brownout

B. Sag

Kerberos depends upon what encryption method? A. Public Key cryptography. B. Secret Key cryptography. C. El Gamal cryptography. D. Blowfish cryptography.

B. Secret Key cryptography.

Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems? A. Recovery testing B. Security testing C. Stress/volume testing D. Interface testing

B. Security testing

Which must bear the primary responsibility for determining the level of protection needed for information systems resources? A. IS security specialists B. Senior Management C. Senior security analysts D. systems Auditors

B. Senior Management

Which of the following is an example of a passive attack? A. Denying services to legitimate users B. Shoulder surfing C. Brute-force password cracking D. Smurfing

B. Shoulder surfing

Which type of attack involves impersonating a user or a system? A. Smurfing attack B. Spoofing attack C. Spamming attack D. Sniffing attack

B. Spoofing attack

Good security is built on which of the following concept? A. The concept of a pass-through device that only allows certain traffic in and out B. The Concept of defense in depth C. The Concept of Preventative controls D. The Concept of Defensive Controls

B. The Concept of defense in depth

What is the length of an MD5 message digest? A. 128 bits B. 160 bits C. 256 bits D. varies depending upon the message size

A. 128 bits

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 192.168.42.5 B. 192.166.42.5 C. 192.175.42.5 D. 192.1.42.5

A. 192.168.42.5

In the Bell-LaPadula model, the Star-property is also called: A. The simple security property B. The confidentiality property C. The confinement property D. The tranquility property

B. The confidentiality property

Which of the following would be LESS likely to prevent an employee from reporting an incident? A. They are afraid of being pulled into something they don't want to be involved with. B. The process of reporting incidents is centralized. C. They are afraid of being accused of something they didn't do. D. They are unaware of the company's security policies and procedures.

B. The process of reporting incidents is centralized.

What is also known as 10Base5? A. Thinnet B. Thicknet C. ARCnet D. UTP

B. Thicknet

In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term? A. Subordinate CA B. Top Level CA C. Big CA D. Master CA

B. Top Level CA

Which of the following offers security to wireless communications? A. S-WAP B. WTLS C. WSP D. WDP

B. WTLS

Which of the following statements pertaining to key management is incorrect? A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.

B. When not using the full keyspace, the key should be extremely random.

Asynchronous Communication transfers data by sending: A. bits of data sequentially B. bits of data sequentially in irregular timing patterns C. bits of data in sync with a heartbeat or clock D. bits of data simultaneously

B. bits of data sequentially in irregular timing patterns

FTP, TFTP, SNMP, and SMTP are provided at what level of the Open Systems Interconnect (OSI) Reference Model? A. Application B. Network C. Presentation D. Transport

A. Application

Who is ultimately responsible for the security of computer based information systems within an organization? A. The tech support team B. The Operation Team. C. The management team. D. The training team

C. The management team.

Which of the following statements pertaining to message digests is incorrect? A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Messages digests are usually of fixed size

C. The message digest should be calculated using at least 128 bytes of the file.

Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that: A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use. B. The channels through which the information flows are secure. C. The recipient's identity can be positively verified by the sender. D. The sender of the message is the only other person with access to the recipient's private key.

C. The recipient's identity can be positively verified by the sender.

What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted? A. The security kernel B. The reference monitor C. The security perimeter D. The reference perimeter

C. The security perimeter

Which of the following offers confidentiality to an e-mail message? A. The sender encrypting it with its private key. B. The sender encrypting it with its public key. C. The sender encrypting it with the receiver's public key. D. The sender encrypting it with the receiver's private key.

C. The sender encrypting it with the receiver's public key.

Who should measure the effectiveness of Information System security related controls in an organization? A. The local security specialist B. The business manager C. The systems auditor D. The central security manager

C. The systems auditor

Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources? A. They are more cost-effective B. They offer a lack of corporate bias C. They use highly talented ex-hackers D. They ensure a more complete reporting

C. They use highly talented ex-hackers

Which of the following tools is NOT likely to be used by a hacker? A. Nessus B. Saint C. Tripwire D. Nmap

C. Tripwire

What can best be defined as the sum of protection mechanisms inside the computer, including hardware, firmware and software? A. Trusted system B. Security kernel C. Trusted computing base D. Security perimeter

C. Trusted computing base

Which of the following is used by RADIUS for communication between clients and servers? A. TCP B. SSL C. UDP D. SSH

C. UDP

How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE? A. 6 bits B. 12 bits C. 16 bits D. 24 bits

D. 24 bits

What can be defined as: It confirms that users' needs have been met by the supplied solution ? A. Accreditation B. Certification C. Assurance D. Acceptance

D. Acceptance

A contingency plan should address: A. Potential risks. B. Residual risks. C. Identified risks. D. All answers are correct.

D. All answers are correct.

Which of the following choices describe a condition when RAM and Secondary storage are used together? A. Primary storage B. Secondary storage C. Virtual storage D. Real storage

C. Virtual storage

The primary service provided by Kerberos is which of the following? A. non-repudiation B. confidentiality C. authentication D. authorization

C. authentication

Controls to keep password sniffing attacks from compromising computer systems include which of the following? A. static and recurring passwords B. encryption and recurring passwords. C. one-time passwords and encryption. D. static and one-time passwords

C. one-time passwords and encryption.

Which of the following is not a security goal for remote access? A. Reliable authentication of users and systems B. Protection of confidential data C. Easy to manage access control to systems and network resources D. Automated login for remote users

D. Automated login for remote users

Which TCSEC class specifies discretionary protection? A. B2 B. B1 C. C2 D. C1

D. C1

Which of the following is not a preventive operational control? A. Protecting laptops, personal computers and workstations. B. Controlling software viruses. C. Controlling data media access and disposal. D. Conducting security awareness and technical training.

D. Conducting security awareness and technical training.

Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses? A. Digital Video Tape (DVT). B. Digital Analog Tape (DAT). C. Digital Voice Tape (DVT). D. Digital Audio Tape (DAT).

D. Digital Audio Tape (DAT).

At what stage of the applications development process should the security department become involved? A. Prior to the implementation B. Prior to systems testing C. During unit testing D. During requirements development

D. During requirements development

Risk reduction in a system development life-cycle should be applied: A. Mostly to the initiation phase. B. Mostly to the development phase. C. Mostly to the disposal phase. D. Equally to all phases

D. Equally to all phases

The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

D. IGMP.

What is the Maximum Tolerable Downtime (MTD)? A. Maximum elapsed time required to complete recovery of application data B. Minimum elapsed time required to complete recovery of application data C. Maximum elapsed time required to move back to primary site after a major disruption D. It is maximum delay businesses can tolerate and still remain viable

D. It is maximum delay businesses can tolerate and still remain viable

Which of the following statements pertaining to quantitative risk analysis is false? A. Portion of it can be automated B. It involves complex calculations C. It requires a high volume of information D. It requires little experience to apply

D. It requires little experience to apply

Valuable paper insurance coverage does not cover damage to which of the following? A. Inscribed, printed and Written documents B. Manuscripts C. Records D. Money and Securities

D. Money and Securities

Which of the following is covered under Crime Insurance Policy Coverage? A. Inscribed, printed and Written documents B. Manuscripts C. Accounts Receivable D. Money and Securities

D. Money and Securities

Upon which of the following ISO/OSI layers does network address translation operate? A. Transport layer B. Session layer C. Data link layer D. Network layer

D. Network layer

What layer of the ISO/OSI model do routers normally operate at? A. Data link layer B. Session layer C. Transport layer D. Network layer

D. Network layer

Which of the following are the two MOST common implementations of Intrusion Detection Systems? A. Server-based and Host-based. B. Network-based and Guest-based. C. Network-based and Client-based. D. Network-based and Host-based.

D. Network-based and Host-based.

What does the (star) integrity axiom mean in the Biba model? A. No read up B. No write down C. No read down D. No write up

D. No write up

Which of the following elements of telecommunications is not used in assuring confidentiality? A. Network security protocols B. Network authentication services C. Data encryption services D. Passwords

D. Passwords

At which layer of ISO/OSI does the fiber optics work? A. Network layer B. Transport layer C. Data link layer D. Physical layer

D. Physical layer

Which of the following best defines add-on security? A. Physical security complementing logical security measures. B. Protection mechanisms implemented as an integral part of an information system. C. Layer security. D. Protection mechanisms implemented after an information system has become operational.

D. Protection mechanisms implemented after an information system has become operational.

Which of the following is NOT part of the Kerberos authentication protocol? A. Symmetric key cryptography B. Authentication service (AS) C. Principals D. Public Key

D. Public Key

Access Control techniques do not include which of the following? A. Rule-Based Access Controls B. Role-Based Access Control C. Mandatory Access Control D. Random Number Based Access Control

D. Random Number Based Access Control

Which protocol is used to send email? A. File Transfer Protocol (FTP). B. Post Office Protocol (POP). C. Network File System (NFS). D. Simple Mail Transfer Protocol (SMTP).

D. Simple Mail Transfer Protocol (SMTP).

Which of the following is not a two-factor authentication mechanism? A. Something you have and something you know. B. Something you do and a password. C. A smartcard and something you are. D. Something you know and a password.

D. Something you know and a password.

Which disaster recovery plan test involves functional representatives meeting to review the plan in detail? A. Simulation test B. Checklist test C. Parallel test D. Structured walk-through test

D. Structured walk-through test

As a result of a risk assessment, your security manager has determined that your organization needs to implement an intrusion detection system that can detect unknown attacks and can watch for unusual traffic behavior, such as a new service appearing on the network. What type of intrusion detection system would you select? A. Protocol anomaly based B. Pattern matching C. Stateful matching D. Traffic anomaly-based

D. Traffic anomaly-based

A timely review of system access audit records would be an example of which of the basic security functions? A. avoidance B. deterrence C. prevention D. detection

D. detection

Which of the following backup sites is the most effective for disaster recovery? A. Time brokers B. Hot sites C. Cold sites D. Reciprocal Agreement

B. Hot sites

What kind of Encryption technology does SSL utilize? A. Secret or Symmetric key B. Hybrid (both Symmetric and Asymmetric) C. Public Key D. Private key

B. Hybrid (both Symmetric and Asymmetric)

The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

B. ICMP.

What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month? A. 100 B. 120 C. 1 D. 1200

D. 1200

What is the maximum key size for the RC5 algorithm? A. 128 bits B. 256 bits C. 1024 bits D. 2040 bits

D. 2040 bits

Which authentication technique best protects against hijacking? A. Static authentication B. Continuous authentication C. Robust authentication D. Strong authentication

B. Continuous authentication

Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier? A. Dynamic authentication B. Continuous authentication C. Encrypted authentication D. Robust authentication

B. Continuous authentication

Single Sign-on (SSO) is characterized by which of the following advantages? A. Convenience B. Convenience and centralized administration C. Convenience and centralized data administration D. Convenience and centralized network administration

B. Convenience and centralized administration

This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence? A. Circumstantial evidence B. Corroborative evidence C. Opinion evidence D. Secondary evidence

B. Corroborative evidence

What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions? A. A B. D C. E D. F

B. D

Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis? A. DSS is aimed at solving highly structured problems. B. DSS emphasizes flexibility in the decision making approach of users. C. DSS supports only structured decision-making tasks D. DSS combines the use of models with non-traditional data access and retrieval functions.

B. DSS emphasizes flexibility in the decision making approach of users.

Which of the following is NOT a common backup method? A. Full backup method B. Daily backup method C. Incremental backup method D. Differential backup method

B. Daily backup method

Which of the following is given the responsibility of the maintenance and protection of the data? A. Data owner B. Data custodian C. User D. Security administrator

B. Data custodian

Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control? A. Physical B. Data link C. Network D. Session

B. Data link

Which of the following is not a method to protect objects and the data within the objects? A. Layering B. Data mining C. Abstraction D. Data hiding

B. Data mining

What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging

B. Data remanence

A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include? A. Marketing/Public relations B. Data/Telecomm/IS facilities C. IS Operations D. Facilities security

B. Data/Telecomm/IS facilities

What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database? A. Database Management system B. Database views C. Database security D. Database shadowing

B. Database views

A timely review of system access audit records would be an example of which of the basic security functions? A. avoidance. B. deterrence. C. prevention. D. detection.

D. detection

Which of the following is not appropriate in addressing object reuse? A. Degaussing magnetic tapes when they're no longer needed. B. Deleting files on disk before reusing the space. C. Clearing memory blocks before they are allocated to a program or data. D. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.

B. Deleting files on disk before reusing the space.

The viewing of recorded events after the fact using a closed-circuit TV camera is considered a A. Preventative control. B. Detective control C. Compensating control D. Corrective control

B. Detective control

The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative

B. Detective/technical

Which of the following is NOT a symmetric key algorithm? A. Blowfish B. Digital Signature Standard (DSS) C. Triple DES (3DES) D. RC5

B. Digital Signature Standard (DSS)

Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature

B. Digital watermarking

Organizations should not view disaster recovery as which of the following? A. Committed expense. B. Discretionary expense. C. Enforcement of legal statutes. D. Compliance with regulations.

B. Discretionary expense.

What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)? A. It is too complex to manage user access restrictions under TFTP B. Due to the inherent security risks C. It does not offer high level encryption like FTP D. It cannot support the Lightwight Directory Access Protocol (LDAP)

B. Due to the inherent security risks

Which of the following are NOT a countermeasure to traffic analysis? A. Padding messages. B. Eavesdropping. C. Sending noise. D. Faraday Cage

B. Eavesdropping.

Ensuring least privilege does not require: A. Identifying what the user's job is. B. Ensuring that the user alone does not have sufficient rights to subvert an important process. C. Determining the minimum set of privileges required for a user to perform their duties. D. Restricting the user to required privileges and nothing more

B. Ensuring that the user alone does not have sufficient rights to subvert an important process.

What can best be defined as the detailed examination and testing of the security features of an IT system or product to ensure that they work correctly and effectively and do not show any logical vulnerabilities, such as evaluation criteria? A. Acceptance testing B. Evaluation C. Certification D. Accreditation

B. Evaluation

Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system? A. TCP sequence number attack B. IP spoofing attack C. Piggybacking attack D. Teardrop attack

B. IP spoofing attack

Which of the following would best describe a Concealment cipher? A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed

B. Every X number of words within a text, is a part of the real message.

What can be described as a measure of the magnitude of loss or impact on the value of an asset? A. Probability B. Exposure factor C. Vulnerability D. Threat

B. Exposure factor

Which of the following is BEST defined as a physical control? A. Monitoring of system activity B. Fencing C. Identification and authentication methods D. Logical access control mechanisms

B. Fencing

Which of the following rules appearing in an Internet firewall policy is inappropriate? A. Source routing shall be disabled on all firewalls and external routers. B. Firewalls shall be configured to transparently allow all outbound and inbound services. C. Firewalls should fail to a configuration that denies all services, and require a firewall administrator to re-enable services after a firewall has failed. D. Firewalls shall not accept traffic on its external interfaces that appear to be coming from internal network addresses

B. Firewalls shall be configured to transparently allow all outbound and inbound services.

Which of the following are additional access control objectives? A. Consistency and utility B. Reliability and utility C. Usefulness and utility D. Convenience and utility

B. Reliability and utility

Which of the following determines that the product developed meets the projects goals? A. verification B. validation C. concurrence D. accuracy

B. validation

A momentary power outage is a: A. spike B. blackout C. surge D. fault

D. fault

Which of the following is an advantage of a qualitative over a quantitative risk analysis? A. It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities. B. It provides specific quantifiable measurements of the magnitude of the impacts. C. It makes a cost-benefit analysis of recommended controls easier. D. It can easily be automated.

A. It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities.

What is NOT true about a one-way hashing function? A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message

A. It provides authentication of the message

Which of the following statements regarding an off-site information processing facility is TRUE? A. It should have the same amount of physical access restrictions as the primary processing site. B. It should be located in proximity to the originating site so that it can quickly be made operational. C. It should be easily identified from the outside so in the event of an emergency it can be easily found. D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.

A. It should have the same amount of physical access restrictions as the primary processing site.

Which of the following is a trusted, third party authentication protocol that was developed under Project Athena at MIT? A. Kerberos B. SESAME C. KryptoKnight D. NetSP

A. Kerberos

Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found? A. Knowledge-Based ID System B. Application-Based ID System C. Host-Based ID System D. Network-Based ID System

A. Knowledge-Based ID System

What is defined as the rules for communicating between computers on a Local Area Network (LAN)? A. LAN Media Access methods B. LAN topologies C. LAN transmission methods D. Contention Access Control

A. LAN Media Access methods

Which of the following is not a preventive login control? A. Last login message B. Password aging C. Minimum password length D. Account expiration

A. Last login message

Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? A. Limiting the local access of operations personnel B. Job rotation of operations personnel C. Management monitoring of audit logs D. Enforcing regular password changes

A. Limiting the local access of operations personnel

Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? A. Limiting the local access of operations personnel B. Job rotation of operations personnel C. Management monitoring of audit logs D. Enforcing regular password changes

A. Limiting the local access of operations personnel

Which of the following is NOT an administrative control? A. Logical access control mechanisms B. Screening of personnel C. Development of policies, standards, procedures and guidelines D. Change control procedures

A. Logical access control mechanisms

Which of the following is most appropriate to notify an external user that session monitoring is being conducted? A. Logon Banners B. Wall poster C. Employee Handbook D. Written agreement

A. Logon Banners

Qualitative loss resulting from the business interruption does NOT usually include: A. Loss of revenue B. Loss of competitive advantage or market share C. Loss of public confidence and credibility D. Loss of market leadership

A. Loss of revenue

QUESTION NO: 655 Of the following, which is NOT a specific loss criteria that should be considered while developing a BIA? A. Loss of skilled workers knowledge B. Loss in revenue C. Loss in profits D. Loss in reputation

A. Loss of skilled workers knowledge

Which access control model would a lattice-based access control model be an example of? A. Mandatory access control. B. Discretionary access control. C. Non-discretionary access control. D. Rule-based access control.

A. Mandatory access control.

What is the main concern with single sign-on? A. Maximum unauthorized access would be possible if a password is disclosed. B. The security administrator's workload would increase. C. The users' password would be too hard to remember. D. User access rights would be increased.

A. Maximum unauthorized access would be possible if a password is disclosed.

Which one of the following authentication mechanisms creates a problem for mobile users? A. Mechanisms based on IP addresses B. Mechanism with reusable passwords C. one-time password mechanism. D. challenge response mechanism.

A. Mechanisms based on IP addresses

Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender? A. Message Authentication Code - MAC B. PAM - Pluggable Authentication Module C. NAM - Negative Acknowledgement Message D. Digital Signature Certificate

A. Message Authentication Code - MAC

If an organization were to monitor their employees' e-mail, it should not: A. Monitor only a limited number of employees. B. Inform all employees that e-mail is being monitored. C. Explain who can read the e-mail and how long it is backed up. D. Explain what is considered an acceptable use of the e-mail system.

A. Monitor only a limited number of employees.

Which of the following is NOT a basic component of security architecture? A. Motherboard B. Central Processing Unit (CPU C. Storage Devices D. Peripherals (input/output devices)

A. Motherboard

What is it called when a computer uses more than one CPU in parallel to execute instructions? A. Multiprocessing B. Multitasking C. Multithreading D. Parallel running

A. Multiprocessing

Which of the following OSI layers provides routing and related services? A. Network Layer B. Presentation Layer C. Session Layer D. Physical Layer

A. Network Layer

In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the A. Network or Transport Layer. B. Application Layer. C. Inspection Layer. D. Data Link Layer.

A. Network or Transport Layer.

What does the simple security (ss) property mean in the Bell-LaPadula model? A. No read up B. No write down C. No read down D. No write up

A. No read up

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is: A. Not possible B. Only possible with key recovery scheme of all user keys C. It is possible only if X509 Version 3 certificates are used D. It is possible only by "brute force" decryption

A. Not possible

Application Layer Firewalls operate at the: A. OSI protocol Layer seven, the Application Layer. B. OSI protocol Layer six, the Presentation Layer. C. OSI protocol Layer five, the Session Layer. D. OSI protocol Layer four, the Transport Layer

A. OSI protocol Layer seven, the Application Layer.

A host-based IDS is resident on which of the following? A. On each of the critical hosts B. decentralized hosts C. central hosts D. bastion hosts

A. On each of the critical hosts

Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations? A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to. B. The initial logon process is cumbersome to discourage potential intruders. C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications. D. Once a user obtains access to the system through the initial log-on, he has to logout from all other systems

A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.

Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part? A. One Time Pad (OTP) B. One time Cryptopad (OTC) C. Cryptanalysis D. Pretty Good Privacy (PGP)

A. One Time Pad (OTP)

Which type of password provides maximum security because a new password is required for each new log-on? A. One-time or dynamic password B. Cognitive password C. Static password D. Passphrase

A. One-time or dynamic password

What is the name of a one way transformation of a string of characters into a usually shorter fixedlength value or key that represents the original string? Such a transformation cannot be reversed? A. One-way hash B. DES C. Transposition D. Substitution

A. One-way hash

Which of the following is an issue with signature-based intrusion detection systems? A. Only previously identified attack signatures are detected. B. Signature databases must be augmented with inferential elements. C. It runs only on the windows operating system D. Hackers can circumvent signature evaluations.

A. Only previously identified attack signatures are detected.

Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the: A. Operations Security Domain. B. Operations Security Domain Analysis. C. Telecommunications and Network Security Domain. D. Business Continuity Planning and Disater Recovery Planning.

A. Operations Security Domain.

Which of the following exemplifies proper separation of duties? A. Operators are not permitted modify the system time. B. Programmers are permitted to use the system console. C. Console operators are permitted to mount tapes and disks. D. Tape operators are permitted to use the system console.

A. Operators are not permitted modify the system time.

Which of the following exemplifies proper separation of duties? A. Operators are not permitted modify the system time. B. Programmers are permitted to use the system console. C. Console operators are permitted to mount tapes and disks. D. Tape operators are permitted to use the system console.

A. Operators are not permitted modify the system time.

Crime Prevention Through Environmental Design (CPTED) is a discipline that: A. Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. B. Outlines how the proper design of the logical environment can reduce crime by directly affecting human behavior. C. Outlines how the proper design of the detective control environment can reduce crime by directly affecting human behavior. D. Outlines how the proper design of the administrative control environment can reduce crime by directly affecting human behavior.

A. Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior.

A confidential number used as an authentication factor to verify a user's identity is called a: A. PIN B. User ID C. Password D. Challenge

A. PIN

Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for: A. Peer Authentication B. Peer Identification C. Server Authentication D. Name Resolution

A. Peer Authentication

Which of the following is considered the weakest link in a security system? A. People B. Software C. Communications D. Hardware

A. People

Which of the following is NOT a type of motion detector? A. Photoelectric sensor B. Passive infrared sensors C. Microwave Sensor. D. Ultrasonic Sensor.

A. Photoelectric sensor

The MOST common threat that impacts a business's ability to function normally is: A. Power Outage B. Water Damage C. Severe Weather D. Labor Strike

A. Power Outage

Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model? A. Prevention of the modification of information by unauthorized users. B. Prevention of the unauthorized or unintentional modification of information by authorized users. C. Preservation of the internal and external consistency. D. Prevention of the modification of information by authorized users.

A. Prevention of the modification of information by unauthorized users.

Which of the following control pairings include: organizational policies and procedures, preemployment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks? A. Preventive/Administrative Pairing B. Preventive/Technical Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing

A. Preventive/Administrative Pairing

Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key. A. Private / Public B. Public / Private C. Symmetric / Asymmetric D. Private / Symmetric

A. Private / Public

Risk analysis is MOST useful when applied during which phase of the system development process? A. Project initiation and Planning B. Functional Requirements definition C. System Design Specification D. Development and Implementation

A. Project initiation and Planning

Which of the following is an advantage of prototyping? A. Prototype systems can provide significant time and cost savings. B. Change control is often less complicated with prototype systems. C. It ensures that functions or extras are not added to the intended system. D. Strong internal controls are easier to implement.

A. Prototype systems can provide significant time and cost savings.

An application layer firewall is also called a: A. Proxy B. A Presentation Layer Gateway. C. A Session Layer Gateway. D. A Transport Layer Gateway.

A. Proxy

What kind of certificate is used to validate a user identity? A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate

A. Public key certificate

What kind of certificate is used to validate a user identity? A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate

A. Public key certificate

Which of the following protocols operates at the session layer (layer 5)? A. RPC B. IGMP C. LPD D. SPX

A. RPC

A public key algorithm that does both encryption and digital signature is which of the following? A. RSA B. DES C. IDEA D. Diffie-Hellman

A. RSA

Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)? A. Recovery Point Objective B. Recovery Time Objective C. Point of Time Objective D. Critical Time Objective

A. Recovery Point Objective

To be admissible in court, computer evidence must be which of the following? A. Relevant B. Decrypted C. Edited D. Incriminating

A. Relevant

Access Control techniques do not include which of the following choices? A. Relevant Access Controls B. Discretionary Access Control C. Mandatory Access Control D. Lattice Based Access Control

A. Relevant Access Controls

Which of the following biometric devices has the lowest user acceptance level? A. Retina Scan B. Fingerprint scan C. Hand geometry D. Signature recognition

A. Retina Scan

What protocol is used on the Local Area Network (LAN) to obtain an IP address from it's known MAC address? A. Reverse address resolution protocol (RARP) B. Address resolution protocol (ARP) C. Data link layer D. Network address translation (NAT)

A. Reverse address resolution protocol (RARP)

Which of the following would best classify as a management control? A. Review of security controls B. Personnel security C. Physical and environmental protection D. Documentation

A. Review of security controls

An Architecture where there are more than two execution domains or privilege levels is called: A. Ring Architecture. B. Ring Layering C. Network Environment. D. Security Models

A. Ring Architecture.

Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks? A. Risk assessment B. Residual risks C. Security controls D. Business units

A. Risk assessment

Which access model is most appropriate for companies with a high employee turnover? A. Role-based access control B. Mandatory access control C. Lattice-based access control D. Discretionary access control

A. Role-based access control

Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support? A. SESAME B. RADIUS C. KryptoKnight D. TACACS+

A. SESAME

The DES algorithm is an example of what type of cryptography? A. Secret Key B. Two-key C. Asymmetric Key D. Public Key

A. Secret Key

Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet? A. Secure Electronic Transaction (SET) B. MONDEX C. Secure Shell (SSH-2) D. Secure Hypertext Transfer Protocol (S-HTTP)

A. Secure Electronic Transaction (SET)

Which of the following security-focused protocols has confidentiality services operating at a layer different from the others? A. Secure HTTP (S-HTTP) B. FTP Secure (FTPS) C. Secure socket layer (SSL) D. Sequenced Packet Exchange (SPX)

A. Secure HTTP (S-HTTP)

Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating ? A. Security administrators B. Operators C. Data owners D. Data custodians

A. Security administrators

Who should DECIDE how a company should approach security and what security measures should be implemented? A. Senior management B. Data owner C. Auditor D. The information security specialist

A. Senior management

Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network. Within which OSI/ISO layer is RPC implemented? A. Session layer B. Transport layer C. Data link layer D. Network layer

A. Session layer

Which OSI/ISO layer does a SOCKS server operate at? A. Session layer B. Transport layer C. Network layer D. Data link layer

A. Session layer

When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as? A. Shadowing B. Data mirroring C. Backup D. Archiving

A. Shadowing

What IDS approach relies on a database of known attacks? A. Signature-based intrusion detection B. Statistical anomaly-based intrusion detection C. Behavior-based intrusion detection D. Network-based intrusion detection

A. Signature-based intrusion detection

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services? A. Single Sign-On B. Dynamic Sign-On C. Smart cards D. Kerberos

A. Single Sign-On

Which of the following is true related to network sniffing? A. Sniffers allow an attacker to monitor data passing across a network. B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. C. Sniffers take over network connections. D. Sniffers send IP fragments to a system that overlap with each other.

A. Sniffers allow an attacker to monitor data passing across a network.

Which type of firewall can be used to track connectionless protocols such as UDP and RPC? A. Stateful inspection firewalls B. Packet filtering firewalls C. Application level firewalls D. Circuit level firewalls

A. Stateful inspection firewalls

Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host? A. Statistical Anomaly-Based ID B. Signature-Based ID C. dynamical anomaly-based ID D. inferential anomaly-based ID

A. Statistical Anomaly-Based ID

Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? A. Steganography B. ADS - Alternate Data Streams C. Encryption D. NTFS ADS

A. Steganography

Which of the following can be used as a covert channel? A. Storage and timing. B. Storage and low bits. C. Storage and permissions. D. Storage and classification.

A. Storage and timing.

Which of the following is more suitable for a hardware implementation? A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book

A. Stream ciphers

Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? A. Symmetric Key Cryptography B. PKI - Public Key Infrastructure C. Diffie-Hellman D. DSS - Digital Signature Standard

A. Symmetric Key Cryptography

Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean? A. System functions are layered, and none of the functions in a given layer can access data outside that layer. B. Auditing processes and their memory addresses cannot be accessed by user processes. C. Only security processes are allowed to write to ring zero memory. D. It is a form of strong encryption cipher.

A. System functions are layered, and none of the functions in a given layer can access data outside that layer.

Which of the following remote access authentication systems is the most robust? A. TACACS+ B. RADIUS C. PAP D. TACACS

A. TACACS+

Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? A. TCP is connection-oriented, UDP is not. B. UDP provides for Error Correction, TCP does not. C. UDP is useful for longer messages, rather than TCP. D. TCP does not guarantee delivery of data, while UDP does guarantee data delivery .

A. TCP is connection-oriented, UDP is not.

The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

A. TCP.

Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ? A. TCSEC B. ITSEC C. DIACAP D. NIACAP

A. TCSEC

Which of the following is a large hardware/software backup system that uses the RAID technology? A. Tape Array. B. Scale Array. C. Crimson Array D. Table Array.

A. Tape Array.

Which type of attack consists of modifying the length and fragmentation offset fields in sequential IP packets? A. Teardrop attack B. Smurf attack C. SYN attack D. Buffer overflow attack

A. Teardrop attack

The Logical Link Control sub-layer is a part of which of the following? A. The ISO/OSI Data Link layer B. The Reference monitor C. The Transport layer of the TCP/IP stack model D. Change management control

A. The ISO/OSI Data Link layer

What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access? A. The Reference Monitor B. The Security Kernel C. The Trusted Computing Base D. The Security Domain

A. The Reference Monitor

Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? A. The Software Capability Maturity Model (CMM) B. The Spiral Model C. The Waterfall Model D. Expert Systems Model

A. The Software Capability Maturity Model (CMM)

Unshielded Twisted Pair (UTP) cables comes in several categories. The categories are based on: A. The level of performance B. How thick the shielding is. C. The length of the cable D. The diameter of the copper.

A. The level of performance

Which of the following best defines source routing? A. The packets hold the forwarding information so they don't need to let bridges and routers decide what is the best route or way to get to the destination. B. The packets hold source information in a fashion that source address cannot be forged. C. The packets are encapsulated to conceal source information. D. The packets hold information about redundant paths in order to provide a higher reliability.

A. The packets hold the forwarding information so they don't need to let bridges and routers decide what is the best route or way to get to the destination.

Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied? A. The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed. B. The pair of elements is the subject and object, and the subject has an upper bound lower then the upper bound of the object being accessed. C. The pair of elements is the subject and object, and the subject has no special upper or lower bound needed within the lattice. D. The pair of elements is the subject and object, and the subject has no access rights in relation to an object.

A. The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.

The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept: A. The reference monitor. B. Discretionary Access Control. C. The Security Kernel. D. Mandatory Access Control.

A. The reference monitor.

What does "residual risk" mean? A. The security risk that remains after controls have been implemented B. Weakness of an assets which can be exploited by a threat C. Risk that remains after risk assessment has has been performed D. A security risk intrinsic to an asset being audited, where no mitigation has taken place.

A. The security risk that remains after controls have been

What is a common problem when using vibration detection devices for perimeter control? A. They are vulnerable to non-adversarial disturbances. B. They can be defeated by electronic means. C. Signal amplitude is affected by weather conditions. D. They must be buried below the frost line.

A. They are vulnerable to non-adversarial disturbances.

What is a TFTP server most useful for? A. Transferring configurations to and from network devices. B. Transferring files to web servers. C. Terminal access to network devices. D. Terminal access to file servers.

A. Transferring configurations to and from network devices.

Which protocol of the TCP/IP suite addresses reliable data transport? A. Transmission control protocol (TCP) B. User datagram protocol (UDP) C. Internet protocol (IP) D. Internet control message protocol (ICMP)

A. Transmission control protocol (TCP)

In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided? A. Transport B. Network C. Presentation D. Application

A. Transport

In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols? A. Transport layer B. Application layer C. Physical layer D. Network layer

A. Transport layer

Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean? A. Use of public key encryption to secure a secret key, and message encryption using the secret key. B. Use of the recipient's public key for encryption and decryption based on the recipient's private key. C. Use of software encryption assisted by a hardware encryption accelerator. D. Use of elliptic curve encryption.

A. Use of public key encryption to secure a secret key, and message encryption using the secret key.

Identification and authentication are the keystones of most access control systems. Identification establishes: A. User accountability for the actions on the system. B. Top management accountability for the actions on the system. C. EDP department accountability for the actions of users on the system. D. Authentication for actions on the system

A. User accountability for the actions on the system.

Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model? A. User datagram protocol (UDP) B. Internet protocol (IP) C. Internet Group Management Protocol (IGMP) D. Internet control message protocol (ICMP)

A. User datagram protocol (UDP)

The end result of implementing the principle of least privilege means which of the following? A. Users would get access to only the info for which they have a need to know B. Users can access all systems. C. Users get new privileges added when they change positions. D. Authorization creep.

A. Users would get access to only the info for which they have a need to know

Which xDSL flavour can deliver up to 52 Mbps downstream over a single copper twisted pair? A. VDSL B. SDSL C. HDSL D. ADSL

A. VDSL

If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on: A. Value of item on the date of loss B. Replacement with a new item for the old one regardless of condition of lost item C. Value of item one month before the loss D. Value of item on the date of loss plus 10 percent

A. Value of item on the date of loss

Which of the following would best describe certificate path validation? A. Verification of the validity of all certificates of the certificate chain to the root certificate B. Verification of the integrity of the associated root certificate C. Verification of the integrity of the concerned private key D. Verification of the revocation status of the concerned certificate

A. Verification of the validity of all certificates of the certificate chain to the root certificate

Which of the following describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time? A. Very-Long Instruction-Word Processor (VLIW) B. Complex-Instruction-Set-Computer (CISC) C. Reduced-Instruction-Set-Computer (RISC) D. Super Scalar Processor Architecture (SCPA)

A. Very-Long Instruction-Word Processor (VLIW)

A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called a ? A. Vulnerability B. Risk C. Threat D. Overflow

A. Vulnerability

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks? A. Web Applications B. Intrusion Detection Systems C. Firewalls D. DNS Servers

A. Web Applications

Secure Sockets Layer (SSL) is very heavily used for protecting which of the following? A. Web transactions. B. EDI transactions. C. Telnet transactions. D. Electronic Payment transactions.

A. Web transactions.

Which of the following standards is concerned with message handling? A. X.400 B. X.500 C. X.509 D. X.800

A. X.400

A Wide Area Network (WAN) is basically everything outside of: A. a Local Area Network (LAN). B. a Campus Area Network (CAN). C. a Metropolitan Area Network (MAN). D. the Internet.

A. a Local Area Network (LAN).

Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic? A. a firewall. B. dial-up. C. passwords. D. fiber optics.

A. a firewall.

SMTP can best be described as: A. a host-to-host email protocol. B. an email retrieval protocol. C. a web-based e-mail reading protocol. D. a standard defining the format of e-mail messages.

A. a host-to-host email protocol.

The Terminal Access Controller Access Control System (TACACS) employs which of the following? A. a user ID and static password for network access B. a user ID and dynamic password for network access C. a user ID and symmetric password for network access D. a user ID and asymmetric password for network access

A. a user ID and static password for network access

When submitting a passphrase for authentication, the passphrase is converted into ... A. a virtual password by the system B. a new passphrase by the system C. a new passphrase by the encryption technology D. a real password by the system which can be used forever

A. a virtual password by the system

Attributable data should be: A. always traced to individuals responsible for observing and recording the data B. sometimes traced to individuals responsible for observing and recording the data C. never traced to individuals responsible for observing and recording the data D. often traced to individuals responsible for observing and recording the data

A. always traced to individuals responsible for observing and recording the data

The general philosophy for DMZ's is that: A. any system on the DMZ can be compromized because it's accessible from the Internet. B. any system on the DMZ cannot be compromized because it's not accessible from the Internet. C. some systems on the DMZ can be compromized because they are accessible from the Internet. D. any system on the DMZ cannot be compromized because it's by definition 100 percent safe and not accessible from the Internet.

A. any system on the DMZ can be compromized because it's accessible from the Internet.

Which of the following would assist the most in Host Based intrusion detection? A. audit trails. B. access control lists. C. security clearances D. host-based authentication

A. audit trails.

Which of the following would assist the most in Host Based intrusion detection? A. audit trails. B. access control lists. C. security clearances. D. host-based authentication

A. audit trails.

Address Resolution Protocol (ARP) interrogates the network by sending out a? A. broadcast. B. multicast. C. unicast. D. semicast.

A. broadcast.

A prolonged power supply that is below normal voltage is a: A. brownout B. blackout C. surge D. fault

A. brownout

Secure Shell (SSH) is a strong method of performing: A. client authentication B. server authentication C. host authentication D. guest authentication

A. client authentication

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? A. clipping level B. acceptance level C. forgiveness level D. logging level

A. clipping level

The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields

A. computing in Galois fields

Making sure that only those who are supposed to access the data can access is which of the following? A. confidentiality. B. capability. C. integrity. D. availability.

A. confidentiality.

In regards to information classification what is the main responsibility of information (data) owner? A. determining the data sensitivity or classification level B. running regular data backups C. audit the data users D. periodically check the validity and accuracy of the data

A. determining the data sensitivity or classification level

Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup? A. differential backup method B. full backup method C. incremental backup method D. tape backup method.

A. differential backup method

Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location? A. direct addressing B. Indirect addressing C. implied addressing D. indexed addressing

A. direct addressing

One purpose of a security awareness program is to modify: A. employee's attitudes and behaviors towards enterprise's security posture B. management's approach towards enterprise's security posture C. attitudes of employees with sensitive data D. corporate attitudes about safeguarding data

A. employee's attitudes and behaviors towards enterprise's security posture

A Packet Filtering Firewall system is considered a: A. first generation firewall. B. second generation firewall. C. third generation firewall. D. fourth generation firewall.

A. first generation firewall.

Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.

A. full backup method.

Which of the following backup methods makes a complete backup of every file on the server every time it is run? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.

A. full backup method.

Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful? A. host-based IDS B. firewall-based IDS C. bastion-based IDS D. server-based IDS

A. host-based IDS

Detective/Technical measures: A. include intrusion detection systems and automatically-generated violation reports from audit trail information. B. do not include intrusion detection systems and automatically-generated violation reports from audit trail information. C. include intrusion detection systems but do not include automatically-generated violation reportsfrom audit trail information. D. include intrusion detection systems and customised-generated violation reports from audit trail information.

A. include intrusion detection systems and automatically-generated violation reports from audit trail information.

Packet Filtering Firewalls examines both the source and destination address of the: A. incoming and outgoing data packets B. outgoing data packets only C. Incoming Data packets only D. user data packet

A. incoming and outgoing data packets

Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following? A. integrity B. confidentiality C. availability D. identity

A. integrity

Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext? A. known plaintext B. brute force C. ciphertext only D. chosen plaintext

A. known plaintext

A circuit level proxy is ___________________ when compared to an application level proxy. A. lower in processing overhead. B. more difficult to maintain. C. more secure. D. slower.

A. lower in processing overhead.

Which of the following is NOT a system-sensing wireless proximity card? A. magnetically striped card B. passive device C. field-powered device D. transponder

A. magnetically striped card

A proxy can control which services (FTP and so on) are used by a workstation , and also aids in protecting the network from outsiders who may be trying to get information about the: A. network's design B. user base C. operating system design D. net BIOS' design

A. network's design

Which of the following monitors network traffic in real time? A. network-based IDS B. host-based IDS C. application-based IDS D. firewall-based IDS

A. network-based IDS

Which of the following usually provides reliable, real-time information without consuming network or host resources? A. network-based IDS B. host-based IDS C. application-based IDS D. firewall-based IDS

A. network-based IDS

Which of the following is NOT a transaction redundancy implementation? A. on-site mirroring B. Electronic Vaulting C. Remote Journaling D. Database Shadowing

A. on-site mirroring

Packet Filtering Firewalls can also enable access for: A. only authorized application port or service numbers. B. only unauthorized application port or service numbers. C. only authorized application port or ex-service numbers. D. only authorized application port or service integers

A. only authorized application port or service numbers.

What is called a sequence of characters that is usually longer than the allotted number for a password? A. passphrase B. cognitive phrase C. anticipated phrase D. Real phrase

A. passphrase

What is the role of IKE within the IPsec protocol? A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service

A. peer authentication and key exchange

Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions? A. pipelining B. complex-instruction-set-computer (CISC) C. reduced-instruction-set-computer (RISC) D. multitasking

A. pipelining

Which of the following refers to the data left on the media after the media has been erased? A. remanence B. recovery C. sticky bits D. semi-hidden

A. remanence

A DMZ is also known as a A. screened subnet B. three legged firewall C. a place to attract hackers D. bastion host

A. screened subnet

A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is: A. server cluster B. client cluster C. guest cluster D. host cluster

A. server cluster

If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a: A. server farm B. client farm C. cluster farm D. host farm

A. server farm

Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS) ? A. signature-based IDS B. statistical anomaly-based IDS C. event-based IDS D. inferent-based IDS

A. signature-based IDS

Which of the following are additional terms used to describe knowledge-based IDS and behaviorbased IDS? A. signature-based IDS and statistical anomaly-based IDS, respectively B. signature-based IDS and dynamic anomaly-based IDS, respectively C. anomaly-based IDS and statistical-based IDS, respectively D. signature-based IDS and motion anomaly-based IDS, respectively.

A. signature-based IDS and statistical anomaly-based IDS, respectively

Which one of the following represents an ALE calculation? A. single loss expectancy x annualized rate of occurrence. B. gross loss expectancy x loss frequency. C. actual replacement cost - proceeds of salvage. D. asset value x loss expectancy

A. single loss expectancy x annualized rate of occurrence.

A momentary high voltage is a: A. spike B. blackout C. surge D. fault

A. spike

In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the most accurate. Which of the following would be used to compare accuracy of devices? A. the CER is used. B. the FRR is used C. the FAR is used D. the FER is used

A. the CER is used.

In the UTP category rating, the tighter the wind: A. the higher the rating and its resistance against interference and crosstalk. B. the slower the rating and its resistance against interference and attenuation. C. the shorter the rating and its resistance against interference and attenuation. D. the longer the rating and its resistance against interference and attenuation.

A. the higher the rating and its resistance against interference and crosstalk.

Which of the following is most relevant to determining the maximum effective cost of access control? A. the value of information that is protected B. management's perceptions regarding data importance C. budget planning related to base versus incremental spending. D. the cost to replace lost data

A. the value of information that is protected

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished: A. through access control mechanisms that require identification and authentication and through the audit function. B. through logical or technical controls involving the restriction of access to systems and the protection of information. C. through logical or technical controls but not involving the restriction of access to systems and the protection of information. D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

A. through access control mechanisms that require identification and authentication and through the audit function.

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished: A. through access control mechanisms that require identification and authentication and through the audit function. B. through logical or technical controls involving the restriction of access to systems and the protection of information. C. through logical or technical controls but not involving the restriction of access to systems and the protection of information. D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

A. through access control mechanisms that require identification and authentication and through the audit function.

What is the goal of the Maintenance phase in a common development process of a security policy? A. to review the document on the specified review date B. publication within the organization C. to write a proposal to management that states the objectives of the policy D. to present the document to an approving body

A. to review the document on the specified review date

Which of the following is NOT a technique used to perform a penetration test? A. traffic padding B. scanning and probing C. war dialing D. sniffing

A. traffic padding

Which of the following is commonly used for retrofitting multilevel security to a database management system? A. trusted front-end. B. trusted back-end. C. controller. D. kernel.

A. trusted front-end

Another name for a VPN is a: A. tunnel B. one-time password C. pipeline D. bypass

A. tunnel

Network cabling comes in three flavors, they are: A. twisted pair, coaxial, and fiber optic. B. tagged pair, coaxial, and fiber optic. C. trusted pair, coaxial, and fiber optic. D. twisted pair, control, and fiber optic.

A. twisted pair, coaxial, and fiber optic.

Hierarchical Storage Management (HSM) is commonly employed in: A. very large data retrieval systems B. very small data retrieval systems C. shorter data retrieval systems D. most data retrieval systems

A. very large data retrieval systems

Which of the following would be true about Static password tokens? A.The owner identity is authenticated by the token B.The owner will never be authenticated by the token. C.The owner will authenticate himself to the system. D.The token does not authenticates the token owner but the system.

A.The owner identity is authenticated by the token

What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%? A. $300,000 B. $150,000 C. $60,000 D. $1,500

C. $60,000

The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or authenticated by a biometric system. Acceptable throughput rates are in the range of: A. 100 subjects per minute. B. 25 subjects per minute. C. 10 subjects per minute. D. 50 subjects per minute.

C. 10 subjects per minute.

What is the maximum allowable key size of the Rijndael encryption algorithm? A. 128 bits B. 192 bits C. 256 bits D. 512 bits

C. 256 bits

What is the maximum number of different keys that can be used when encrypting with Triple DES? A. 1 B. 2 C. 3 D. 4

C. 3

How many layers are defined within the US Department of Defense (DoD) TCP/IP Model? A. 7 B. 5 C. 4 D. 3

C. 4

How many bits is the effective length of the key of the Data Encryption Standard algorithm? A. 168 B. 128 C. 56 D. 64

C. 56

The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics? A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output

C. 64 bit blocks with a 64 bit total key length

A packet containing a long string of NOP's followed by a command is usually indicative of what? A. A syn scan. B. A half-port scan. C. A buffer overflow attack. D. A packet destined for the network's broadcast address.

C. A buffer overflow attack.

What would BEST define a covert channel? A. An undocumented backdoor that has been left by a programmer in an operating system B. An open system port that should be closed. C. A communication channel that allows transfer of information in a manner that violates the system's security policy. D. A trojan horse.

C. A communication channel that allows transfer of information in a manner that violates the system's security policy.

Which of the following would best describe secondary evidence? A. Oral testimony by a non-expert witness B. Oral testimony by an expert witness C. A copy of a piece of evidence D. Evidence that proves a specific act

C. A copy of a piece of evidence

Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms? A. A trusted path B. A protection domain C. A covert channel D. A maintenance hook

C. A covert channel

What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it? A. A fail safe system B. A fail soft system C. A fault-tolerant system D. A failover system

C. A fault-tolerant system

What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept? A. The reference monitor B. Protection rings C. A security kernel D. A protection domain

C. A security kernel

What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used.

C. A standalone workstation on which the password database is copied and processed by the cracking program.

Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used) ? A. A subject is not allowed to read up. B. The property restriction can be escaped by temporarily downgrading a high level subject. C. A subject is not allowed to read down. D. It is restricted to confidentiality.

C. A subject is not allowed to read down.

To protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and availability is the purpose of: A. Remote journaling. B. Database shadowing. C. A tape backup method. D. Mirroring.

C. A tape backup method.

Which xDSL flavour, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance? A. VDSL B. SDSL C. ADSL D. HDSL

C. ADSL

How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of the risk? A. Reject the risk B. Perform another risk analysis C. Accept the risk D. Reduce the risk

C. Accept the risk

In response to Access-request from a client such as a Network Access Server (NAS), which of the following is not one of the response from a RADIUS Server? A. Access-Accept B. Access-Reject C. Access-Granted D. Access-Challenge

C. Access-Granted

What is called the formal acceptance of the adequacy of a system's overall security by the management? A. Certification B. Acceptance C. Accreditation D. Evaluation

C. Accreditation

What is the most critical characteristic of a biometric identifying system? A. Perceived intrusiveness B. Storage requirements C. Accuracy D. Scalability

C. Accuracy

What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity? A. Polyinstantiation B. Inference C. Aggregation D. Data mining

C. Aggregation

Which of the following statements pertaining to packet switching is incorrect? A. Most data sent today uses digital signals over network employing packet switching. B. Messages are divided into packets. C. All packets from a message travel through the same route. D. Each network node or point examines each packet for routing.

C. All packets from a message travel through the same route.

What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects? A. A capacity table B. An access control list C. An access control matrix D. A capability table

C. An access control matrix

Which of the following best defines a Computer SecurityIncident Response Team (CSIRT)? A. An organization that provides a secure channel for receiving reports about suspected security incidents. B. An organization that ensures that security incidents are reported to the authorities. C. An organization that coordinates and supports the response to security incidents. D. An organization that disseminates incident-related information to its constituency and other involved parties.

C. An organization that coordinates and supports the response to security incidents.

Java is not: A. Object-oriented. B. Distributed. C. Architecture Specific. D. Multithreaded.

C. Architecture Specific.

Which of the following questions is less likely to help in assessing physical and environmental protection? A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled?

C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information?

During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first? A. Damage mitigation B. Install LAN communications network and servers C. Assess damage to LAN and servers D. Recover equipment

C. Assess damage to LAN and servers

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system? A. Accountability controls B. Mandatory access controls C. Assurance procedures D. Administrative controls

C. Assurance procedures

A trusted system does NOT involve which of the following? A. Enforcement of a security policy. B. Sufficiency and effectiveness of mechanisms to be able to enforce a security policy. C. Assurance that the security policy can be enforced in an efficient and reliable manner. D. Independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective.

C. Assurance that the security policy can be enforced in an efficient and reliable manner.

How often should a Business Continuity Plan be reviewed? A. At least once a month B. At least every six months C. At least once a year D. At least Quarterly

C. At least once a year

How often should tests and disaster recovery drills be performed? A. At least once a quarter B. At least once every 6 months C. At least once a year D. At least once every 2 years

C. At least once a year

A Business Continuity Plan should be tested: A. Once a month. B. At least twice a year. C. At least once a year. D. At least once every two years.

C. At least once a year.

Which of the following is most likely to be useful in detecting intrusions? A. Access control lists B. Security labels C. Audit trails D. Information security policies

C. Audit trails

QUESTION NO: 245 What is the PRIMARY use of a password? A. Allow access to files. B. Identify the user. C. Authenticate the user. D. Segregate various user's accesses.

C. Authenticate the user.

What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list

C. Authority revocation list

Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions? A. Because infrared eavesdropping requires more sophisticated equipment. B. Because infrared operates only over short distances. C. Because infrared requires direct line-of-sight paths. D. Because infrared operates at extra-low frequencies (ELF).

C. Because infrared requires direct line-of-sight paths.

Why should batch files and scripts be stored in a protected area? A. Because of the least privilege concept. B. Because they cannot be accessed by operators. C. Because they may contain credentials. D. Because of the need-to-know concept.

C. Because they may contain credentials.

Who developed one of the first mathematical models of a multilevel-security computer system? A. Diffie and Hellman. B. Clark and Wilson. C. Bell and LaPadula. D. Gasser and Lipner.

C. Bell and LaPadula.

Which of the following models does NOT include data integrity or conflict of interest? A. Biba B. Clark-Wilson C. Bell-LaPadula D. Brewer-Nash

C. Bell-LaPadula

Which security model is based on the military classification of data and people with clearances? A.Brewer-Nash model B. Clark-Wilson model C. Bell-LaPadula model D. Biba model

C. Bell-LaPadula model

Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack

C. Birthday attack

Which of the following concerning the Rijndael block cipher algorithm is false? A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.

C. Both block size and key length can be extended to multiples of 64 bits.

Which of the following networking devices allows the connection of two or more homogeneous LANs in a simple way where they forward the traffic based on the MAC address ? A. Gateways B. Routers C. Bridges D. Firewalls

C. Bridges

What is called the access protection system that limits connections by calling back the number of a previously authorized location? A. Sendback systems B. Callback forward systems C. Callback systems D. Sendback forward systems

C. Callback systems

When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court? A. Back up the compromised systems. B. Identify the attacks used to gain access. C. Capture and record system information. D. Isolate the compromised systems.

C. Capture and record system information.

What type of cable is used with 100Base-TX Fast Ethernet? A. Fiber-optic cable B. Category 3 or 4 unshielded twisted-pair (UTP). C. Category 5 unshielded twisted-pair (UTP). D. RG-58 cable.

C. Category 5 unshielded twisted-pair (UTP).

Which security model uses division of operations into different parts and requires different users to perform each part? A. Bell-LaPadula model B. Biba model C. Clark-Wilson model D. Non-interference model

C. Clark-Wilson model

This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? A. Checkpoint level B. Ceiling level C. Clipping level D. Threshold level

C. Clipping level

Which of the following is a problem regarding computer investigation issues? A. Information is tangible. B. Evidence is easy to gather. C. Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence. D. In many instances, an expert or specialist is not required.

C. Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence.

The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of: A. Confidentiality, Integrity, and Entity (C.I.E.). B. Confidentiality, Integrity, and Authenticity (C.I.A.). C. Confidentiality, Integrity, and Availability (C.I.A.). D. Confidentiality, Integrity, and Liability (C.I.L.).

C. Confidentiality, Integrity, and Availability (C.I.A.).

Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true? A. Personnel turnover B. Large plans can take a lot of work to maintain C. Continous auditing makes a Disaster Recovery plan irrelevant D. Infrastructure and environment changes

C. Continous auditing makes a Disaster Recovery plan irrelevant

One of these statements about the key elements of a good configuration process is NOT true A. Accommodate the reuse of proven standards and best practices B. Ensure that all requirements remain clear, concise, and valid C. Control modifications to system hardware in order to prevent resource changes D. Ensure changes, standards, and requirements are communicated promptly and precisely

C. Control modifications to system hardware in order to prevent resource changes

What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate? A. False Rejection Rate (FRR) or Type I Error B. False Acceptance Rate (FAR) or Type II Error C. Crossover Error Rate (CER) D. Failure to enroll rate (FTE or FER)

C. Crossover Error Rate (CER)

Which of the following does NOT concern itself with key management? A. Internet Security Association Key Management Protocol (ISAKMP) B. Diffie-Hellman (DH) C. Cryptology (CRYPTO) D. Key Exchange Algorithm (KEA)

C. Cryptology (CRYPTO)

Which of the following services relies on UDP? A. FTP B. Telnet C. DNS D. SMTP

C. DNS

Which of the following computer crime is MORE often associated with INSIDERS A. IP spoofing B. Password sniffing C. Data diddling D. Denial of service (DOS)

C. Data diddling

Which of the following should NOT be performed by an operator? A. Implementing the initial program load B. Monitoring execution of the system C. Data entry D. Controlling job flow

C. Data entry

One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec) A. Data cannot be read by unauthorized parties B. The identity of all IPsec endpoints are confirmed by other endpoints C. Data is delivered in the exact order in which it is sent D. The number of packets being exchanged can be counted.

C. Data is delivered in the exact order in which it is sent

What ISO/OSI layer do switches primarily operate at? Do take note that this question makes reference to a plain vanilla switch and not one of the smart switches that is available on the market today. A. Physical layer B. Network layer C. Data link layer D. Session layer

C. Data link layer

Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel? A. Transport layer B. Network layer C. Data link layer D. Physical layer

C. Data link layer

Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of? A. Transport layer B. Network layer C. Data link layer D. Physical layer

C. Data link layer

A code, as is pertains to cryptography: A. Is a generic term for encryption. B. Is specific to substitution ciphers. C. Deals with linguistic units. D. Is specific to transposition ciphers.

C. Deals with linguistic units.

Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes? A. Composition B. Priorities C. Dependencies D. Service levels

C. Dependencies

The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative

C. Detective/physical

When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first? A. Eliminate all means of intruder access. B. Contain the intrusion. C. Determine to what extent systems and data are compromised. D. Communicate with relevant parties.

C. Determine to what extent systems and data are compromised.

Which backup method does not reset the archive bit on files that are backed up? A. Full backup method B. Incremental backup method C. Differential backup method D. Additive backup method

C. Differential backup method

What is used to bind a document to its creation at a particular time? A. Network Time Protocol (NTP) B. Digital Signature C. Digital Timestamp D. Certification Authority (CA)

C. Digital Timestamp

Who should direct short-term recovery actions immediately following a disaster? A. Chief Information Officer. B. Chief Operating Officer. C. Disaster Recovery Manager. D. Chief Executive Officer.

C. Disaster Recovery Manager.

Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms? A. Rivest, Shamir, Adleman (RSA) B. El Gamal C. Elliptic Curve Cryptography (ECC) D. Advanced Encryption Standard (AES)

C. Elliptic Curve Cryptography (ECC)

The preliminary steps to security planning include all of the following EXCEPT which of the following? A. Establish objectives. B. List planning assumptions. C. Establish a security audit function. D. Determine alternate courses of action

C. Establish a security audit function.

Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications? A. External Hot site B. Warm Site C. Internal Hot Site D. Dual Data Center

C. Internal Hot Site

Which of the following statements is most accurate regarding a digital signature? A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.

C. It allows the recipient of data to prove the source and integrity of data.

Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false? A. It can be used for voice B. it can be used for data C. It carries various sizes of packets D. It can be used for video

C. It carries various sizes of packets

Which of the following is true about Kerberos? A. It utilizes public key cryptography. B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. C. It depends upon symmetric ciphers. D. It is a second party authentication system.

C. It depends upon symmetric ciphers.

Which of the following is true about Kerberos? A. It utilizes public key cryptography. B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. C. It depends upon symmetric ciphers. D. It is a second party authentication system.

C. It depends upon symmetric ciphers.

What is the main characteristic of a multi-homed host? A. It is placed between two routers or firewalls. B. It allows IP routing C. It has multiple network interfaces, each connected to separate networks. D. It operates at multiple layers.

C. It has multiple network interfaces, each connected to separate networks.

Which of the following is not a property of the Rijndael block cipher algorithm? A. It employs a round transformation that is comprised of three layers of distinct and invertible transformations. B. It is suited for high speed chips with no area restrictions. C. It operates on 64-bit plaintext blocks and uses a 128 bit key. D. It could be used on a smart card.

C. It operates on 64-bit plaintext blocks and uses a 128 bit key.

Which of the following statements do not apply to a hot site? A. It is expensive. B. There are cases of common overselling of processing capabilities by the service provider. C. It provides a false sense of security. D. It is accessible on a first come first serve basis. In case of large disaster it might not be accessible.

C. It provides a false sense of security.

Which of the following statements pertaining to Kerberos is false? A. The Key Distribution Center represents a single point of failure. B. Kerberos manages access permissions. C. Kerberos uses a database to keep a copy of all users' public keys. D. Kerberos uses symmetric key cryptography.

C. Kerberos uses a database to keep a copy of all users' public keys.

Which of the following statements pertaining to using Kerberos without any extension is false? A. A client can be impersonated by password-guessing. B. Kerberos is mostly a third-party authentication protocol. C. Kerberos uses public key cryptography. D. Kerberos provides robust authentication.

C. Kerberos uses public key cryptography.

The Diffie-Hellman algorithm is used for: A. Encryption B. Digital signature C. Key agreement D. Non-repudiation

C. Key agreement

Which of the following statements pertaining to VPN protocol standards is false? A. L2TP is a combination of PPTP and L2F. B. L2TP and PPTP were designed for single point-to-point client to server communication. C. L2TP operates at the network layer. D. PPTP uses native PPP authentication and encryption services

C. L2TP operates at the network layer.

One of the following statements about the differences between PPTP and L2TP is NOT true A. PPTP can run only on top of IP networks. B. PPTP is an encryption protocol and L2TP is not. C. L2TP works well with all firewalls and network devices that perform NAT. D. L2TP supports AAA servers

C. L2TP works well with all firewalls and network devices that perform NAT.

What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values? A. Mandatory model B. Discretionary model C. Lattice model D. Rule model

C. Lattice model

Which of the following would be used to implement Mandatory Access Control (MAC)? A. Clark-Wilson Access Control B. Role-based access control C. Lattice-based access control D. User dictated access control

C. Lattice-based access control

Who is responsible for initiating corrective measures and capabilities used when there are security violations? A. Information systems auditor B. Security administrator C. Management D. Data owners

C. Management

What security model is dependent on security labels? A. Discretionary access control B. Label-based access control C. Mandatory access control D. Non-discretionary access control

C. Mandatory access control

Which of the following is NOT a property of the Rijndael block cipher algorithm? A. The key sizes must be a multiple of 32 bits B. Maximum block size is 256 bits C. Maximum key size is 512 bits D. The key size does not have to match the block size

C. Maximum key size is 512 bits

How are memory cards and smart cards different? A. Memory cards normally hold more memory than smart cards B. Smart cards provide a two-factor authentication whereas memory cards don't C. Memory cards have no processing power D. Only smart cards can be used for ATM cards

C. Memory cards have no processing power

Which of the following is NOT a technical control? A. Password and resource management B. Identification and authentication methods C. Monitoring for physical intrusion D. Intrusion Detection Systems

C. Monitoring for physical intrusion

Which OSI/ISO layer is responsible for determining the best route for data to be transferred? A. Session layer B. Physical layer C. Network layer D. Transport layer

C. Network layer

Which layer defines how packets are routed between end systems? A. Session layer B. Transport layer C. Network layer D. Data link layer

C. Network layer

What does the (star) property mean in the Bell-LaPadula model? A. No write up B. No read up C. No write down D. No read down

C. No write down

What does the directive of the European Union on Electronic Signatures deal with? A. Encryption of classified data B. Encryption of secret data C. Non repudiation D. Authentication of web servers

C. Non repudiation

A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: A. Mandatory Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Rule-based Access control

C. Non-Discretionary Access Control

Which of the following encryption methods is known to be unbreakable? A. Symmetric ciphers. B. DES codebooks. C. One-time pads. D. Elliptic Curve Cryptography

C. One-time pads

Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. Development/acquisition B. Implementation C. Operation/Maintenance D. Initiation

C. Operation/Maintenance

Whose role is it to assign classification level to information? A. Security Administrator B. User C. Owner D.Auditor

C. Owner

Which of the following was designed to support multiple network types over the same serial link? A. Ethernet B. SLIP C. PPP D. PPTP

C. PPP

Why is traffic across a packet switched network difficult to monitor? A. Packets are link encrypted by the carrier B. Government regulations forbids monitoring C. Packets can take multiple paths when transmitted D. The network factor is too high

C. Packets can take multiple paths when transmitted

Which of the following does not address Database Management Systems (DBMS) Security? A. Perturbation B. Cell suppression C. Padded cells D. Partitioning

C. Padded cells

Which of the following does not apply to system-generated passwords? A. Passwords are harder to remember for users. B. If the password-generating algorithm gets to be known, the entire system is in jeopardy. C. Passwords are more vulnerable to brute force and dictionary attacks. D. Passwords are harder to guess for attackers.

C. Passwords are more vulnerable to brute force and dictionary attacks.

Which of the following firewall rules found on a firewall installed between an organization's internal network and the Internet would present the greatest danger to the internal network? A. Permit all traffic between local hosts. B. Permit all inbound ssh traffic. C. Permit all inbound tcp connections. D. Permit all syslog traffic to log-server.abc.org

C. Permit all inbound tcp connections.

Which of the following is responsible for MOST of the security issues? A. Outside espionage B. Hackers C. Personnel D. Equipment failure

C. Personnel

In the context of access control, locks, gates, guards are examples of which of the following? A. Administrative controls B. Technical controls C. Physical controls D. Logical controls

C. Physical controls

Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used? A. preventive, corrective, and administrative B. detective, corrective, and physical C. Physical, technical, and administrative D. Administrative, operational, and logical

C. Physical, technical, and administrative

Which of the following statements pertaining to block ciphers is incorrect? A. It operates on fixed-size blocks of plaintext. B. It is more suitable for software than hardware implementations. C. Plain text is encrypted with a public key and decrypted with a private key. D. Some Block ciphers can operate internally as a stream.

C. Plain text is encrypted with a public key and decrypted with a private key.

Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a dropdown ceiling. This area is referred to as the: A. smoke boundry area B. fire detection area C. Plenum area D. Intergen area

C. Plenum area

Which of the following ports does NOT normally need to be open for a mail server to operate? A. Port 110 B. Port 25 C. Port 119 D. Port 143

C. Port 119

Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address? A. IP Spoofing B. IP subnetting C. Port address translation D. IP Distribution

C. Port address translation

Which of the following are WELL KNOWN PORTS assigned by the IANA? A. Ports 0 to 255 B. Ports 0 to 1024 C. Ports 0 to 1023 D. Ports 0 to 127

C. Ports 0 to 1023

Password management falls into which control category? A. Compensating B. Detective C. Preventive D. Technical

C. Preventive

Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options? A. Detailed design B. Implementation C. Product design D. Software plans and requirements

C. Product design

Due care is not related to: A. Good faith B. Prudent man C. Profit D. Best interest

C. Profit

All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan: A. IT Network Support B. Accounting C. Public Relations D. Purchasing

C. Public Relations

What kind of encryption is realized in the S/MIME-standard? A. Asymmetric encryption scheme B. Password based encryption scheme C. Public key based, hybrid encryption scheme D. Elliptic curve based encryption

C. Public key based, hybrid encryption scheme

During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable? A. Measurement of accuracy B. Elapsed time for completion of critical tasks C. Quantitatively measuring the results of the test D. Evaluation of the observed test results

C. Quantitatively measuring the results of the test

Which of the following algorithms does NOT provide hashing? A. SHA-1 B. MD2 C. RC4 D. MD5

C. RC4

Which of the following is a symmetric encryption algorithm? A. RSA B. Elliptic Curve C. RC5 D. El Gamal

C. RC5

What is the name for a substitution cipher that shifts the alphabet by 13 places? A. Caesar cipher B. Polyalphabetic cipher C. ROT13 cipher D. Transposition cipher

C. ROT13 cipher

Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS? A. El Gamal B. Elliptic Curve Cryptosystems (ECCs) C. RSA D. International Data Encryption Algorithm (IDEA)

C. RSA

Which of the following encryption algorithms does not deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve

C. RSA

Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors? A. Unit testing B. Pilot testing C. Regression testing D. Parallel testing

C. Regression testing

Which of the following is a device that is used to regenerate or replicate the received signals? A. Bridge B. Router C. Repeater D. router

C. Repeater

Which of the following is the LEAST user accepted biometric device? A. Fingerprint B. Iris scan C. Retina scan D. Voice verification

C. Retina scan

What algorithm has been selected as the AES algorithm, replacing the DES algorithm? A. RC6 B. Twofish C. Rijndael D. Blowfish

C. Rijndael

Which access control model is also called Non Discretionary Access Control (NDAC)? A. Lattice based access control B. Mandatory access control C. Role-based access control D. Label-based access control

C. Role-based access control

Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure? A. Access control lists B. Discretionary access control C. Role-based access control D. Non-mandatory access control

C. Role-based access control

Which of the following is a not a preventative control? A. Deny programmer access to production data. B. Require change requests to include information about dates, descriptions, cost analysis and anticipated effects. C. Run a source comparison program between control and current source periodically. D. Establish procedures for emergency changes.

C. Run a source comparison program between control and current source periodically.

Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank? A. SSH ( Secure Shell) B. S/MIME (Secure MIME) C. SET (Secure Electronic Transaction) D. SSL (Secure Sockets Layer)

C. SET (Secure Electronic Transaction)

Which SSL version offers client-side authentication? A. SSL v1 B. SSL v2 C. SSL v3 D. SSL v4

C. SSL v3

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? A. Data fiddling B. Data diddling C. Salami techniques D.Trojan horses

C. Salami techniques

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? A. Black hats B. White hats C. Script kiddies D. Phreakers

C. Script kiddies

Which of the following would be best suited to oversee the development of an information security policy? A. System Administrators B. End User C. Security Officers D. Security administrators

C. Security Officers

Which of the following are required for Life-Cycle Assurance? A. System Architecture and Design specification. B. Security Testing and Covert Channel Analysis. C. Security Testing and Trusted distribution. D. Configuration Management and Trusted Facility Management.

C. Security Testing and Trusted distribution.

Which of the following is NOT a form of detective administrative control? A. Rotation of duties B. Required vacations C. Separation of duties D. Security reviews and audits

C. Separation of duties

Which of the following keys has the SHORTEST lifespan? A. Secret key B. Public key C. Session key D. Private key

C. Session key

Which of the following is NOT a known type of Message Authentication Code (MAC)? A. Keyed-hash message authentication code (HMAC) B. DES-CBC C. Signature-based MAC (SMAC) D. Universal Hashing Based MAC (UMAC)

C. Signature-based MAC (SMAC)

Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers? A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed

C. Speed

What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as "what each must bring" and joined together when getting access or decrypting a file. Each of which does not reveal the other? A. Dual control B. Separation of duties C. Split knowledge D. Need to know

C. Split knowledge

Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection? A. Anomaly detection tends to produce more data B. A pattern matching IDS can only identify known attacks C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams D. An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines

C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams

Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit? A. Time-division multiplexing B. Asynchronous time-division multiplexing C. Statistical multiplexing D. Frequency division multiplexing

C. Statistical multiplexing

A periodic review of user account management should not determine: A. Conformity with the concept of least privilege. B. Whether active accounts are still being used. C. Strength of user-chosen passwords. D. Whether management authorizations are up-to-date.

C. Strength of user-chosen passwords.

The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for: A. Security Testing. B. Design Verification. C. System Integrity. D. System Architecture Specification.

C. System Integrity.

Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? A. Business and functional managers B. IT Security practitioners C. System and information owners D. Chief information officer

C. System and information owners

Which of the following would be an example of the best password? A. golf001 B. Elizabeth C. T1me4g0lF D. password

C. T1me4g0lF

Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number? A. IP spoofing attack B. SYN flood attack C. TCP sequence number attack D. Smurf attack

C. TCP sequence number attack

Telnet and rlogin use which protocol? A. UDP. B. SNMP. C. TCP. D. IGP

C. TCP.

Which of the following protocols suite does the Internet use? A. IP/UDP/TCP B. IP/UDP/ICMP/TCP C. TCP/IP D. IMAP/SMTP/POP3

C. TCP/IP

Smart cards are an example of which type of control? A. Detective control B. Administrative control C. Technical control D. Physical control

C. Technical control

Which of the following statements pertaining to software testing is incorrect? A. Unit testing should be addressed and considered when the modules are being designed. B. Test data should be part of the specifications. C. Testing should be performed with live data to cover all possible situations. D. Test data generators can be used to systematically generate random test data that can be used to test programs.

C. Testing should be performed with live data to cover all possible situations.

Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? A. The Take-Grant model B. The Biba integrity model C. The Clark Wilson integrity model D. The Bell-LaPadula integrity model

C. The Clark Wilson integrity model

Which of the following Kerberos components holds all users' and services' cryptographic keys? A. The Key Distribution Service B. The Authentication Service C. The Key Distribution Center D. The Key Granting Service

C. The Key Distribution Center

The first step in the implementation of the contingency plan is to perform: A. A firmware backup B. A data backup C. An operating systems software backup D. An application software backup

B. A data backup

Which of the following is true of network security? A. A firewall is a not a necessity in today's connected world. B. A firewall is a necessity in today's connected world. C. A whitewall is a necessity in today's connected world. D. A black firewall is a necessity in today's connected world.

B. A firewall is a necessity in today's connected world.

Failure of a contingency plan is usually: A. A technical failure. B. A management failure. C. Because of a lack of awareness. D. Because of a lack of training.

B. A management failure.

In order to be able to successfully prosecute an intruder: A. A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies. B. A proper chain of custody of evidence has to be preserved. C. Collection of evidence has to be done following predefined procedures. D.Whenever possible, analyze a replica of the compromised resource, not the original, thereby avoiding inadvertently tamping with evidence.

B. A proper chain of custody of evidence has to be preserved.

What can best be described as a domain of trust that shares a single security policy and single management? A. The reference monitor B. A security domain C. The security kernel D. The security perimeter

B. A security domain

Which software development model is actually a meta-model that incorporates a number of the software development models? A. The Waterfall model B. The modified Waterfall model C. The Spiral model D. The Critical Path Model (CPM)

C. The Spiral model

Which of the following statements pertaining to stream ciphers is correct? A. A stream cipher is a type of asymmetric encryption algorithm. B. A stream cipher generates what is called a keystream. C. A stream cipher is slower than a block cipher. D. A stream cipher is not appropriate for hardware-based encryption.

B. A stream cipher generates what is called a keystream.

PGP uses which of the following to encrypt data? A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate

B. A symmetric encryption algorithm

What is Kerberos? A. A three-headed dog from the egyptian mythology. B. A trusted third-party authentication protocol. C. A security model. D. A remote authentication dial in user server.

B. A trusted third-party authentication protocol.

Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited? A. A threat B. A vulnerability C. A risk D. An exposure

B. A vulnerability

Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following? A. Accountability of biometrics systems B. Acceptability of biometrics systems C. Availability of biometrics systems D. Adaptability of biometrics systems

B. Acceptability of biometrics systems

What is the difference between Access Control Lists (ACLs) and Capability Tables? A. Access control lists are related/attached to a subject whereas capability tables are related/attached to an object. B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject. C. Capability tables are used for objects whereas access control lists are used for users. D. They are basically the same.

B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.

What protocol is used to match an IP address to the appropriate hardware address of the packet's destination so it can be sent? A. Routing tables B. Address resolution protocol (ARP) C. Reverse address resolution protocol (RARP) D. Internet Control Message Protocol (ICMP)

B. Address resolution protocol (ARP)

Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)? A. Authentication B. Administration C. Accounting D. Authorization

B. Administration

What can be defined as a list of subjects along with their access rights that are authorized to access a specific object? A. A capability table B. An access control list C. An access control matrix D. A role-based matrix

B. An access control list

What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public key certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate

B. An attribute certificate

Which of the following types of Intrusion Detection Systems uses behavioral characteristics of a system's operation or network traffic to draw conclusions on whether the traffic represents a risk to the network or host? A. Network-based ID systems. B. Anomaly Detection. C. Host-based ID systems. D. Signature Analysis.

B. Anomaly Detection.

Which of the following questions are least likely to help in assessing controls covering audit trails? A. Does the audit trail provide a trace of user actions? B. Are incidents monitored and tracked until resolved? C. Is access to online logs strictly controlled? D. Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

B. Are incidents monitored and tracked until resolved?

What is the primary difference between FTP and TFTP? A. Speed of negotiation B. Authentication C. Ability to automate D. TFTP is used to transfer configuration files to and from network equipment.

B. Authentication

Which of the following best ensures accountability of users for the actions taken within a system or domain? A. Identification B. Authentication C. Authorization D. Credentials

B. Authentication

The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram? A. Transmission Control Protocol (TCP) B. Authentication Header (AH) C. User datagram protocol (UDP) D. Internet Control Message Protocol (ICMP)

B. Authentication Header (AH)

The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as? A. Confidentiality B. Availability C. Integrity D. Reliability

B. Availability

If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated: A. Based on the value of item on the date of loss B. Based on new, comparable, or identical item for old regardless of condition of lost item C. Based on value of item one month before the loss D. Based on the value listed on the Ebay auction web site

B. Based on new, comparable, or identical item for old regardless of condition of lost item

Computer security should be first and foremost which of the following: A. Cover all identified risks B. Be cost-effective. C. Be examined in both monetary and non-monetary terms. D. Be proportionate to the value of IT systems.

B. Be cost-effective.

An effective information security policy should not have which of the following characteristic? A. Include separation of duties B. Be designed with a short- to mid-term focus C. Be understandable and supported by all stakeholders D. Specify areas of responsibility and authority

B. Be designed with a short- to mid-term focus

IT security measures should: A. Be complex B. Be tailored to meet organizational security goals. C. Make sure that every asset of the organization is well protected. D. Not be developed in a layered fashion.

B. Be tailored to meet organizational security goals.

Why would a memory dump be admissible as evidence in court? A. Because it is used to demonstrate the truth of the contents. B. Because it is used to identify the state of the system. C. Because the state of the memory cannot be used as evidence. D. Because of the exclusionary rule

B. Because it is used to identify the state of the system.

Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit D. Because of insufficient system memory

B. Because of improper parameter checking within the application

Which division of the Orange Book deals with discretionary protection (need-to-know)? A. D B. C C. B D. A

B. C

When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass: A. packet filtering B. CIrcuit level proxy C. Dynamic packet filtering D. Application level proxy

B. CIrcuit level proxy

Which of the following centralized access control mechanisms is the least appropriate for mobile workers accessing the corporate network over analog lines? A. TACACS B. Call-back C. CHAP D. RADIUS

B. Call-back

Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors

B. Capacitance detectors

What is the name of the third party authority that vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority

B. Certification authority

Once evidence is seized, a law enforcement officer should emphasize which of the following? A. Chain of command B. Chain of custody C. Chain of control D. Chain of communications

B. Chain of custody

Which of the following is NOT a VPN communications protocol standard? A. Point-to-point tunnelling protocol (PPTP) B. Challenge Handshake Authentication Protocol (CHAP) C. Layer 2 tunnelling protocol (L2TP) D. IP Security

B. Challenge Handshake Authentication Protocol (CHAP)

In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process? A. Known-plaintext attack B. Ciphertext-only attack C. Chosen-Ciphertext attack D. Plaintext-only attack

B. Ciphertext-only attack

In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class B network? A. The first bit of the IP address would be set to zero. B. The first bit of the IP address would be set to one and the second bit set to zero. C. The first two bits of the IP address would be set to one, and the third bit set to zero. D. The first three bits of the IP address would be set to one.

C. The first two bits of the IP address would be set to one, and the third bit set to zero.

When it comes to magnetic media sanitization, what difference can be made between clearing and purging information? A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files. B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack. C. They both involve rewriting the media. D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack

B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.

Which of the following is the biggest concern with firewall security? A. Internal hackers B. Complex configuration rules leading to misconfiguration C. Buffer overflows D. Distributed denial of service (DDOS) attacks

B. Complex configuration rules leading to misconfiguration

What are the three FUNDAMENTAL principles of security? A. Accountability, confidentiality and integrity B. Confidentiality, integrity and availability C. Integrity, availability and accountability D. Availability, accountability and confidentiality

B. Confidentiality, integrity and availability

Controlling access to information systems and associated networks is necessary for the preservation of their: A. Authenticity, confidentiality and availability B. Confidentiality, integrity, and availability. C. integrity and availability. D. authenticity,confidentiality, integrity and availability.

B. Confidentiality, integrity, and availability.

Which type of control is concerned with restoring controls? A. Compensating controls B. Corrective controls C. Detective controls D. Preventive controls

B. Corrective controls

What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility? A. DS-0 B. DS-1 C. DS-2 D. DS-3

B. DS-1

Which of the following is not a form of passive attack? A. Scavenging B. Data diddling C. Shoulder surfing D. Sniffing

B. Data diddling

Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ? A. System Auditor B. Data or Information Owner C. System Manager D. Data or Information user

B. Data or Information Owner

Which of the following is true about digital certificate? A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.

B. Electronic credential proving that the person the certificate was issued to is who they claim to be

What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location? A. Remote journaling B. Electronic vaulting C. Data clustering D. Database shadowing

B. Electronic vaulting

What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent? A. Evidence Circumstance Doctrine B. Exigent Circumstance Doctrine C. Evidence of Admissibility Doctrine D. Exigent Probable Doctrine

B. Exigent Circumstance Doctrine

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating: A. Lower False Rejection Rate (FRR) B. Higher False Rejection Rate (FRR) C. Higher False Acceptance Rate (FAR) D. It will not affect either FAR or FRR

B. Higher False Rejection Rate (FRR)

Which layer of the DoD TCP/IP model controls the communication flow between hosts? A. Internet layer B. Host-to-host transport layer C. Application layer D. Network access layer

B. Host-to-host transport layer

What is the proper term to refer to a single unit of IP data? A. IP segment. B. IP datagram. C. IP frame. D. IP fragment. .

B. IP datagram.

Which of the following statements pertaining to IPSec is incorrect? A. IPSec can help in protecting networks from some of the IP network attacks. B. IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication. C. IPSec protects against man-in-the-middle attacks. D. IPSec protects against spoofing.

B. IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication.

In biometrics, "one-to-many" search against database of stored biometric images is done in: A. Authentication B. Identification C. Identities D. Identity-based access control

B. Identification

What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? A. Authentication B. Identification C. Authorization D. Confidentiality

B. Identification

Which of the following statements pertaining to access control is false? A. Users should only access data on a need-to-know basis. B. If access is not explicitly denied, it should be implicitly allowed. C. Access rights should be granted based on the level of trust a company has on a subject. D. Roles can be an efficient way to assign rights to a type of user who performs certain tasks.

B. If access is not explicitly denied, it should be implicitly allowed.

Which common backup method is the fastest on a daily basis? A. Full backup method B. Incremental backup method C. Fast backup method D. Differential backup method

B. Incremental backup method

In stateful inspection firewalls, packets are: A. Inspected at only one layer of the Open System Interconnection (OSI) model B. Inspected at all Open System Interconnection (OSI) layers C. Decapsulated at all Open Systems Interconnect (OSI) layers D. Encapsulated at all Open Systems Interconnect (OSI) layers.

B. Inspected at all Open System Interconnection (OSI) layers

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using a TACACS+ server. B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5. D. Only attaching modems to non-networked hosts

B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.

Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is not a component that achieves this type of security? A. Administrative control mechanisms B. Integrity control mechanisms C. Technical control mechanisms D. Physical control mechanisms

B. Integrity control mechanisms

What are the three most important functions that Digital Signatures perform? A. Integrity, Confidentiality and Authorization B. Integrity, Authentication and Nonrepudiation C. Authorization, Authentication and Nonrepudiation D. Authorization, Detection and Accountability

B. Integrity, Authentication and Nonrepudiation

Why does fiber optic communication technology have significant security advantage over other transmission technology? A. Higher data rates can be transmitted. B. Interception of data traffic is more difficult. C. Traffic analysis is prevented by multiplexing. D. Single and double-bit errors are correctable.

B. Interception of data traffic is more difficult.

Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)

B. Internet Security Association and Key Management Protocol (ISAKMP)

Which of the following questions is less likely to help in assessing physical access controls? A. Does management regularly review the list of persons with physical access to sensitive facilities? B. Is the operating system configured to prevent circumvention of the security software and application controls? C. Are keys or other access devices needed to enter the computer room and media library? D. Are visitors to sensitive areas signed in and escorted?

B. Is the operating system configured to prevent circumvention of the security software and application controls?

What is the main characteristic of a bastion host? A. It is located on the internal network. B. It is a hardened computer implementation C. It is a firewall. D. It does packet filtering.

B. It is a hardened computer implementation

The primary purpose for using one-way hashing of user passwords within a password file is which of the following? A. It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords.

B. It prevents an unauthorized person from reading the password.

What is the main problem of the renewal of a root CA certificate? A. It requires key recovery of all end user keys B. It requires the authentic distribution of the new root CA certificate to all PKI participants C. It requires the collection of the old root CA certificates from all the users D. It requires issuance of the new root CA certificate

B. It requires the authentic distribution of the new root CA certificate to all PKI participants

How should a doorway of a manned facility with automatic locks be configured? A. It should be configured to be fail-secure. B. It should be configured to be fail-safe. C. It should have a door delay cipher lock. D. It should not allow piggybacking.

B. It should be configured to be fail-safe.

Which of the following statements pertaining to a security policy is incorrect? A. Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. B. It specifies how hardware and software should be used throughout the organization. C. It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. D. It must be flexible to the changing environment.

B. It specifies how hardware and software should be used throughout the organization.

The Diffie-Hellman algorithm is primarily used to provide which of the following? A. Confidentiality B. Key Agreement C. Integrity D. Non-repudiation

B. Key Agreement

What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? A. Key collision B. Key clustering C. Hashing D. Ciphertext collision

B. Key clustering

Which conceptual approach to intrusion detection system is the most common? A. Behavior-based intrusion detection B. Knowledge-based intrusion detection C. Statistical anomaly-based intrusion detection D. Host-based intrusion detection

B. Knowledge-based intrusion detection

What is defined as the manner in which the network devices are organized to facilitate communications? A. LAN transmission methods B. LAN topologies C. LAN transmission protocols D. LAN media access methods

B. LAN topologies

What attack involves the perpetrator sending spoofed packet(s) wich contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host? A. Boink attack B. Land attack C. Teardrop attack D. Smurf attack

B. Land attack

Which access control model provides upper and lower bounds of access capabilities for a subject? A. Role-based access control B. Lattice-based access control C. Biba access control D. Content-dependent access control

B. Lattice-based access control

An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? A. Discretionary Access B. Least Privilege C. Mandatory Access D. Separation of Duties

B. Least Privilege

After a company is out of an emergency state, what should be moved back to the original site first? A. Executives B. Least critical components C. IT support staff D. Most critical components

B. Least critical components

What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database? A. Level 1/Class 1 B. Level 2/Class 2 C. Level 3/Class 3 D. Level 4/Class 4

B. Level 2/Class 2

Which of the following results in the most devastating business interruptions? A. Loss of Hardware/Software B. Loss of Data C. Loss of Communication Links D. Loss of Applications

B. Loss of Data

Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control? A. DAC B. MAC C. Access control matrix D. TACACS

B. MAC

Which of the following access control models is based on sensitivity labels? A. Discretionary access control B. Mandatory access control C. Rule-based access control D. Role-based access control

B. Mandatory access control

Which of the following statements pertaining to disk mirroring is incorrect? A. Mirroring offers better performance in read operations but writing hinders system performance. B. Mirroring is a hardware-based solution only. C. Mirroring offers a higher fault tolerance than parity. D. Mirroring is usually the less cost-effective solution.

B. Mirroring is a hardware-based solution only.

Which of the following is a telecommunication device that translates data from digital to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator

B. Modem

Which of the following security mode of operation does NOT require all users to have the clearance for all information processed on the system? A. Compartmented security mode B. Multilevel security mode C. System-high security mode D. Dedicated security mode

B. Multilevel security mode

Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit? A. Router B. Multiplexer C. Channel service unit/Data service unit (CSU/DSU) D. Wan switch

B. Multiplexer

What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol.

B. Needs a Public Key Infrastructure (PKI) to work

The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to: A. Netware Architecture. B. Network Architecture. C. WAN Architecture. D. Multiprotocol Architecture.

B. Network Architecture.

ICMP and IGMP belong to which layer of the OSI model? A. Datagram Layer. B. Network Layer. C. Transport Layer. D. Data Link Layer.

B. Network Layer.

An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as: A. Netware availability B. Network availability C. Network acceptability D. Network accountability

B. Network availability

What does the simple integrity axiom mean in the Biba model? A. No write down B. No read down C. No read up D. No write up

B. No read down

Which of the following is most concerned with personnel security? A. Management controls B. Operational controls C. Technical controls D. Human resources controls

B. Operational controls

While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most? A. Key session exchange B. Packet Header Source or Destination address C. VPN cryptographic key size D. Crypotographic algorithm used

B. Packet Header Source or Destination address

Which of the following is used in database information security to hide information? A. Inheritance B. Polyinstantiation C. Polymorphism D. Delegation

B. Polyinstantiation

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software? A. Stealth viruses B. Polymorphic viruses C. Trojan horses D. Logic bombs

B. Polymorphic viruses

Which Network Address Translation (NAT) is the most convenient and secure solution? A. Hiding Network Address Translation B. Port Address Translation C. Dedicated Address Translation D. Static Address Translation

B. Port Address Translation

Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system? A. Detective Controls B. Preventative Controls C. Corrective Controls D. Directive Controls

B. Preventative Controls

Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? A. Preventive/Technical Pairing B. Preventive/Administrative Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing

B. Preventive/Administrative Pairing

Which of the following pairings uses technology to enforce access control policies? A. Preventive/Administrative B. Preventive/Technical C. Preventive/Physical D. Detective/Administrative

B. Preventive/Technical

Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing? A. Preventive/Administrative Pairing B. Preventive/Technical Pairing C. Preventive/Physical Pairing D. Detective/Technical Pairing

B. Preventive/Technical Pairing

Which of the following describes a logical form of separation used by secure computing systems? A. Processes use different levels of security for input and output devices. B. Processes are constrained so that each cannot access objects outside its permitted domain. C. Processes conceal data and computations to inhibit access by outside processes. D. Processes are granted access based on granularity of controlled objects.

B. Processes are constrained so that each cannot access objects outside its permitted domain.

Which of the following items is NOT a benefit of cold sites? A. No resource contention with other organisation B. Quick Recovery C. A secondary location is available to reconstruct the environment D. Low Cost

B. Quick Recovery

Which of the following algorithms is a stream cipher? A. RC2 B. RC4 C. RC5 D. RC6

B. RC4

Which of the following is not a one-way hashing algorithm? A. MD2 B. RC4 C. SHA-1 D. HAVAL

B. RC4

Degaussing is used to clear data from all of the following medias except: A. Floppy Disks B. Read-Only Media C. Video Tapes D. Magnetic Hard Disks

B. Read-Only Media

Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions would have no bearing on the inadmissibility of audit logs and audit trails in a court of law? A. Records are collected during the regular conduct of business. B. Records are collected by senior or executive management. C. Records are collected at or near the time of occurrence of the act being investigated to generate automated reports. D. You can prove no one could have changed the records/data/logs that were collected.

B. Records are collected by senior or executive management.

What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization? A. Recovery Point Objectives (RPO) B. Recovery Time Objectives (RTO) C. Recovery Time Period (RTP) D. Critical Recovery Time (CRT

B. Recovery Time Objectives (RTO)

What mechanism does a system use to compare the security labels of a subject and an object? A. Validation Module. B. Reference Monitor. C. Clearance Check. D. Security Module.

B. Reference Monitor.

Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks? A. Monitoring and auditing for such activity B. Require user authentication C. Making sure only necessary phone numbers are made public D. Using completely different numbers for voice and data accesses

B. Require user authentication

When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).

B. Reverse Address Resolution Protocol (RARP).

What is called the probability that a threat to an information system will materialize? A. Threat B. Risk C. Vulnerability D. Hole

B. Risk

Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes? A. Key escrow B. Rotation of duties C. Principle of need-to-know D. Principle of least privilege

B. Rotation of duties

How is Annualized Loss Expectancy (ALE) derived from a threat? A. ARO x (SLE - EF) B. SLE x ARO C. SLE/EF D. AV x EF

B. SLE x ARO

Which of the following technologies has been developed to support TCP/IP networking over lowspeed serial interfaces? A. ISDN B. SLIP C. xDSL D. T1

B. SLIP

What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests? A. Ping of death attack B. SYN attack C. Smurf attack D. Buffer overflow attack

B. SYN attack

Which of the following is an example of an active attack? A. Traffic analysis B. Scanning C. Eavesdropping D. Wiretapping

B. Scanning

Which of the following is the most secure firewall implementation? A. Dual-homed host firewalls B. Screened-subnet firewalls C. Screened-host firewalls D. Packet-filtering firewalls

B. Screened-subnet firewalls

Computer-generated evidence is considered: A. Best evidence B. Second hand evidence C. Demonstrative evidence D. Direct evidence

B. Second hand evidence

When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems? A. Executive management staff B. Senior business unit management C. BCP committee D. Functional business units

B. Senior business unit management

As per RFC 1122, which of the following is not a defined layer in the DoD TCP/IP protocol model? A. Application layer B. Session layer C. Internet layer D. Link/Network Access Layer

B. Session layer

Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis? A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)

B. Simple Key-management for Internet Protocols (SKIP)

Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access? A. Smart cards B. Single Sign-On (SSO) C. Symmetric Ciphers D. Public Key Infrastructure (PKI)

B. Single Sign-On (SSO)

What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets? A. SYN Flood attack B. Smurf attack C. Ping of Death attack D. Denial of Service (DOS) attack

B. Smurf attack

Which of the following attacks could capture network user passwords? A. Data diddling B. Sniffing C. IP Spoofing D. Smurfing

B. Sniffing

Which type of attack involves impersonating a user or a system? A. Smurfing attack B. Spoofing attack C. Spamming attack D. Sniffing attack

B. Spoofing attack

What can be defined as secret communications where the very existence of the message is hidden? A. Clustering B. Steganography C. Cryptology D. Vernam cipher

B. Steganography

Which communication method is characterized by very high speed transmission rates that are governed by electronic clock timing signals? A. Asynchronous Communication. B. Synchronous Communication. C. Automatic Communication. D. Full duplex Communication.

B. Synchronous Communication.

Which type of password token involves time synchronization? A. Static password tokens B. Synchronous dynamic password tokens C. Asynchronous dynamic password tokens D. Challenge-response tokens

B. Synchronous dynamic password tokens

Which of the following is the most reliable authentication method for remote access? A. Variable callback system B. Synchronous token C. Fixed callback system D. Combination of callback and caller ID

B. Synchronous token

Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request? A. ICMP B. TCP C. UDP D. IP

B. TCP

Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data? A. Test environment using test data. B. Test environment using sanitized live workloads data. C. Production environment using test data. D. Production environment using sanitized live workloads data.

B. Test environment using sanitized live workloads data.

The control of communications test equipment should be clearly addressed by security policy for which of the following reasons? A. Test equipment is easily damaged. B. Test equipment can be used to browse information passing on a network. C. Test equipment is difficult to replace if lost or stolen. D. Test equipment must always be available for the maintenance personnel

B. Test equipment can be used to browse information passing on a network.

The Orange Book is founded upon which security policy model? A. The Biba Model B. The Bell LaPadula Model C. Clark-Wilson Model D. TEMPEST

B. The Bell LaPadula Model

What assesses potential loss that could be caused by a disaster? A. The Business Assessment (BA) B. The Business Impact Analysis (BIA) C. The Risk Assessment (RA) D. The Business Continuity Plan (BCP)

B. The Business Impact Analysis (BIA)

Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect? A. The plan should be reviewed at least once a year for accuracy and completeness. B. The Contingency Planning Coordinator should make sure that every employee gets an up-to-date copy of the plan. C. Strict version control should be maintained. D. Copies of the plan should be provided to recovery personnel for storage offline at home and office.

B. The Contingency Planning Coordinator should make sure that every employee gets an up-to-date copy of the plan.

Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations? A. The Computer Security Act of 1987. B. The Federal Sentencing Guidelines of 1991. C. The Economic Espionage Act of 1996. D. The Computer Fraud and Abuse Act of 1986.

B. The Federal Sentencing Guidelines of 1991.

Which of the following statements pertaining to Secure Sockets Layer (SSL) is false? A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols

B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.

In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server

B. The client's browser

In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on: A. The societies role in the organization B. The individual's role in the organization C. The group-dynamics as they relate to the individual's role in the organization D. The group-dynamics as they relate to the master-slave role in the organization

B. The individual's role in the organization

Which of the following is NOT true of the Kerberos protocol? A. Only a single login is required per session. B. The initial authentication steps are done using public key algorithm. C. The KDC is aware of all systems in the network and is trusted by all of them D. It performs mutual authentication

B. The initial authentication steps are done using public key algorithm.

In Mandatory Access Control, sensitivity labels attached to object contain what information? A. The item's classification B. The item's classification and category set C. The item's category D. The items's need to know

B. The item's classification and category set

What can best be described as an abstract machine which must mediate all access to subjects to objects? A. A security domain B. The reference monitor C. The security kernel D. The security perimeter

B. The reference monitor

Which approach to a security program ensures people responsible for protecting the company's assets are DRIVING the program? A. The Delphi approach B. The top-down approach C. The bottom-up approach D. The technology approach

B. The top-down approach

Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack? A. The use of good key generators. B. The use of session keys. C. Nothing can defend you against a brute force crypto key attack. D. Algorithms that are immune to brute force key attacks.

B. The use of session keys.

Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if: A. The company is not a multi-national company. B. They have not exercised due care protecting computing resources. C. They have failed to properly insure computer resources against loss. D. The company does not prosecute the hacker that caused the breach.

B. They have not exercised due care protecting computing resources.

Within the realm of IT security, which of the following combinations best defines risk? A. Threat coupled with a breach B. Threat coupled with a vulnerability C. Vulnerability coupled with an attack D. Threat coupled with a breach of security

B. Threat coupled with a vulnerability

In a Public Key Infrastructure, how are public keys published? A. They are sent via e-mail. B. Through digital certificates. C. They are sent by owners. D. They are not published.

B. Through digital certificates.

What is the main purpose of Corporate Security Policy? A. To transfer the responsibility for the information security to all users of the organization B. To communicate management's intentions in regards to information security C. To provide detailed steps for performing specific actions D. To provide a common framework for all development activities

B. To communicate management's intentions in regards to information security

Which of the following would be the best reason for separating the test and development environments? A. To restrict access to systems under test. B. To control the stability of the test environment. C. To segregate user and development staff. D. To secure access to systems under development.

B. To control the stability of the test environment.

Which of the following best describes the purpose of debugging programs? A. To generate random data that can be used to test programs before implementing them. B. To ensure that program coding flaws are detected and corrected. C. To protect, during the programming phase, valid changes from being overwritten by other changes. D. To compare source code versions before transferring to the test environment

B. To ensure that program coding flaws are detected and corrected.

Which of the following tools is less likely to be used by a hacker? A. l0phtcrack B. Tripwire C. OphCrack D. John the Ripper

B. Tripwire

Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet? A. Authentication mode B. Tunnel mode C. Transport mode D. Safe mode

B. Tunnel mode

Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following? A. Multi-party authentication B. Two-factor authentication C. Mandatory authentication D. Discretionary authentication

B. Two-factor authentication

What is considered the most important type of error to avoid for a biometric access control system? A. Type I Error B. Type II Error C. Combined Error Rate D. Crossover Error Rate

B. Type II Error

When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED? A. Type I error B. Type II error C. Type III error D. Crossover error

B. Type II error

Preservation of confidentiality within information systems requires that the information is not disclosed to: A. Authorized person B. Unauthorized persons or processes. C. Unauthorized persons. D. Authorized persons and processes

B. Unauthorized persons or processes.

The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics? A. Standard model for network communications B. Used to gain information from network devices such as count of packets received and routing tables C. Enables dissimilar networks to communicate D. Defines 7 protocol layers (a.k.a. protocol stack)

B. Used to gain information from network devices such as count of packets received and routing tables

Which of the following would MOST likely ensure that a system development project meets business objectives? A. Development and tests are run by different individuals B. User involvement in system specification and acceptance C. Development of a project plan identifying all development activities D. Strict deadlines and budgets

B. User involvement in system specification and acceptance

Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements? A. Validation B. Verification C. Assessment D. Accuracy

B. Verification

Which of the following is biggest factor that makes Computer Crimes possible? A. The fraudster obtaining advanced training & special knowledge. B. Victim carelessness. C. Collusion with others in information processing. D. System design flaws.

B. Victim carelessness.

What is the 802.11 standard related to? A. Public Key Infrastructure (PKI) B. Wireless network communications C. Packet-switching technology D. The OSI/ISO model

B. Wireless network communications

Which of the following is NOT true about IPSec Tunnel mode? A. Fundamentally an IP tunnel with encryption and authentication B. Works at the Transport layer of the OSI model C. Have two sets of IP headers D. Established for gateway service

B. Works at the Transport layer of the OSI model

Which of the following is NOT a proper component of Media Viability Controls? A. Storage B. Writing C. Handling D. Marking

B. Writing

Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of: A. a class A network. B. a class B network. C. a class C network. D. a class D network

B. a class B network.

Related to information security, integrity is the opposite of which of the following? A. abstraction B. alteration C. accreditation D. application

B. alteration

Which of the following DoD Model layer provides non-repudiation services? A. network layer. B. application layer. C. transport layer. D. data link layer.

B. application layer.

A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed: A. at one end of the connection. B. at both ends of the connection C. somewhere between both end points. D. in the middle of the connection.

B. at both ends of the connection

Communications devices must operate: A. at different speeds to communicate. B. at the same speed to communicate. C. at varying speeds to interact. D. at high speed to interact.

B. at the same speed to communicate.

Which of the following is NOT a factor related to Access Control? A. integrity B. authenticity C. confidentiality D. availability

B. authenticity

An alternative to using passwords for authentication in logical or technical access control is: A. manage without passwords B. biometrics C. not there D. use of them for physical access control

B. biometrics

A prolonged complete loss of electric power is a: A. brownout B. blackout C. surge D. fault

B. blackout

What is the appropriate role of the security analyst in the application system development or acquisition project? A. policeman B. control evaluator & consultant C. data owner D. application user

B. control evaluator & consultant

The following is NOT a security characteristic we need to consider while choosing a biometric identification systems: A. data acquisition process B. cost C. enrollment process D. speed and user interface

B. cost

Passwords can be required to change monthly, quarterly, or at other intervals: A. depending on the criticality of the information needing protection B. depending on the criticality of the information needing protection and the password's frequency of use C. depending on the password's frequency of use D. not depending on the criticality of the information needing protection but depending on the password's frequency of use

B. depending on the criticality of the information needing protection and the password's frequency of use

Related to information security, confidentiality is the opposite of which of the following? A. closure B. disclosure C. disposal D. disaster

B. disclosure

Which of the following media is MOST resistant to EMI interference? A. microwave B. fiber optic C. twisted pair D. coaxial cable

B. fiber optic

In biometric identification systems, the parts of the body conveniently available for identification are: A. neck and mouth B. hands, face, and eyes C. feet and hair D. voice and neck

B. hands, face, and eyes

What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team? A. The most critical operations are moved from alternate site to primary site before others B. Operation may be carried by a completely different team than disaster recovery team C. The least critical functions should be moved back first D. You moves items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site

C. The least critical functions should be moved back first

Which of the following will a Business Impact Analysis NOT identify? A. Areas that would suffer the greatest financial or operational loss in the event of a disaster. B. Systems critical to the survival of the enterprise. C. The names of individuals to be contacted during a disaster. D. The outage time that can be tolerated by the enterprise as a result of a disaster.

C. The names of individuals to be contacted during a disaster.

Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? A. The Bell-LaPadula model B. The information flow model C. The noninterference model D. The Clark-Wilson model

C. The noninterference model

What would BEST define risk management? A. The process of eliminating the risk B. The process of assessing the risks C. The process of reducing risk to an acceptable level D. The process of transferring risk

C. The process of reducing risk to an acceptable level

Which of the following statements pertaining to software testing approaches is correct? A. A bottom-up approach allows interface errors to be detected earlier. B. A top-down approach allows errors in critical modules to be detected earlier. C. The test plan and results should be retained as part of the system's permanent documentation. D. Black box testing is predicated on a close examination of procedural detail.

C. The test plan and results should be retained as part of the system's permanent documentation.

In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? A. The transactions should be dropped from processing. B. The transactions should be processed after the program makes adjustments. C. The transactions should be written to a report and reviewed. D. The transactions should be corrected and reprocessed.

C. The transactions should be written to a report and reviewed.

In addition to the accuracy of the biometric systems, there are other factors that must also be considered: A. These factors include the enrollment time and the throughput rate, but not acceptability. B. These factors do not include the enrollment time, the throughput rate, and acceptability. C. These factors include the enrollment time, the throughput rate, and acceptability. D. These factors include the enrollment time, but not the throughput rate, neither the acceptability.

C. These factors include the enrollment time, the throughput rate, and acceptability.

What do the ILOVEYOU and Melissa virus attacks have in common? A. They are both denial-of-service (DOS) attacks. B. They have nothing in common. C. They are both masquerading attacks. D. They are both social engineering attacks.

C. They are both masquerading attacks.

The typical computer fraudsters are usually persons with which of the following characteristics? A. They have had previous contact with law enforcement B. They conspire with others C. They hold a position of trust D. They deviate from the accepted norms of society

C. They hold a position of trust

Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor

C. Third floor

Which of the following is true about link encryption? A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.

C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.

What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment? A. Risk management B. Risk analysis C. Threat analysis D. Due diligence

C. Threat analysis

Which of the following teams should NOT be included in an organization's contingency plan? A. Damage assessment team B. Hardware salvage team C. Tiger team D. Legal affairs team

C. Tiger team

What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected? A. To ensure that no evidence is lost. B. To ensure that all possible evidence is gathered. C. To ensure that it will be admissible in court D. To ensure that incidents were handled with due care and due diligence.

C. To ensure that it will be admissible in court

What is the main objective of proper separation of duties? A. To prevent employees from disclosing sensitive information. B. To ensure access controls are in place. C. To ensure that no single individual can compromise a system. D. To ensure that audit trails are not tampered with.

C. To ensure that no single individual can compromise a system.

Under United States law, an investigator's notebook may be used in court in which of the following scenarios? A. When the investigator is unwilling to testify. B. When other forms of physical evidence are not available. C. To refresh the investigators memory while testifying. D. If the defense has no objections.

C. To refresh the investigators memory while testifying

Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient when properly implemented? A. Token Link. B. Token system. C. Token Ring. D. Duplicate ring.

C. Token Ring.

In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of? A. Complexity B. Non-transparency C. Transparency D. Simplicity

C. Transparency

Which of the following layers provides end-to-end data transfer service? A. Network Layer. B. Data Link Layer. C. Transport Layer. D. Presentation Layer.

C. Transport Layer.

At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed? A. Network layer B. Session layer C. Transport layer D. Data link layer

C. Transport layer

When considering an IT System Development Life-cycle, security should be: A. Mostly considered during the initiation phase. B. Mostly considered during the development phase. C. Treated as an integral part of the overall system design. D. Added once the design is completed

C. Treated as an integral part of the overall system design.

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm. A. virus B. worm C. Trojan horse. D. trapdoor

C. Trojan horse.

Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers? A. TCP B. SSL C. UDP D. SSH

C. UDP

Which of the following is an advantage that UDP has over TCP? A. UDP is connection-oriented whereas TCP is not. B. UDP is more reliable than TCP. C. UDP is faster than TCP. D. UDP makes a better effort to deliver packets

C. UDP is faster than TCP.

The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

C. UDP.

Which of the following statements pertaining to biometrics is FALSE? A. User can be authenticated based on behavior. B. User can be authenticated based on unique physical attributes. C. User can be authenticated by what he knows. D. A biometric system's accuracy is determined by its crossover error rate (CER).

C. User can be authenticated by what he knows.

Which of the following binds a subject name to a public key value? A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate

A. A public-key certificate

Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability? A. A risk B. A residual risk C. An exposure D. A countermeasure

A. A risk

What is a hot-site facility? A. A site with pre-installed computers, raised flooring, air conditioning, telecommunications and networking equipment, and UPS. B. A site in which space is reserved with pre-installed wiring and raised floors. C. A site with raised flooring, air conditioning, telecommunications, and networking equipment, and UPS. D. A site with ready made work space with telecommunications equipment, LANs, PCs, and terminals for work groups.

A. A site with pre-installed computers, raised flooring, air conditioning, telecommunications and networking equipment, and UPS.

Which of the following choices describe a Challenge-response tokens generation? A. A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN. B. A workstation or system that generates a random login id that the user enters when prompted along with the proper PIN. C. A special hardware device that is used to generate random text in a cryptography system. D. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.

A. A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN.

In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified. Such a model can be used to quickly summarize what permissions a subject has for various system objects A. Access Control Matrix model B. Take-Grant model C. Bell-LaPadula model D. Biba model

A. Access Control Matrix model

To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up: A. Access Rules B. Access Matrix C. Identification controls D. Access terminal

A. Access Rules

Most access violations are: A. Accidental B. Caused by internal hackers C. Caused by external hackers D. Related to Internet

A. Accidental

Which of the following is used to find the Media Access Control address (MAC) that matches with a known Internet Protocol (IP) address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).

A. Address Resolution Protocol (ARP).

Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it? A. Aggregation B. Inference C. Clustering D. Collision

A. Aggregation

For which areas of the enterprise are business continuity plans required? A. All areas of the enterprise. B. The financial and information processing areas of the enterprise. C. The operating areas of the enterprise. D. The marketing, finance, and information processing areas.

A. All areas of the enterprise.

In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network? A. Allow echo reply outbound B. Allow echo request outbound C. Drop echo request inbound D. Allow echo reply inbound

A. Allow echo reply outbound

Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)? A. Alternate site selection B. Create data-gathering techniques C. Identify the company's critical business functions D. Select individuals to interview for data gathering

A. Alternate site selection

Which of the following methods of providing telecommunications continuity involves the use of an alternative media? A. Alternative routing B. Diverse routing C. Long haul network diversity D. Last mile circuit protection

A. Alternative routing

A network-based vulnerability assessment is a type of test also referred to as: A. An active vulnerability assessment. B. A routing vulnerability assessment. C. A host-based vulnerability assessment. D. A passive vulnerability assessment.

A. An active vulnerability assessment.

A 'Pseudo flaw' is which of the following? A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders. B. An omission when generating Psuedo-code. C. Used for testing for bounds violations in application programming. D. A normally generated page fault causing the system to halt.

A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders.

What is the greatest danger from DHCP? A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients. B. Having multiple clients on the same LAN having the same IP address. C. Having the wrong router used as the default gateway. D. Having the organization's mail server unreachable

A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients.

Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model? A. Application Layer. B. Transport Layer. C. Session Layer. D. Network Layer

A. Application Layer.

The RSA algorithm is an example of what type of cryptography? A. Asymmetric Key. B. Symmetric Key. C. Secret Key. D. Private Key.

A. Asymmetric Key.

The basic language of modems and dial-up remote access systems is: A. Asynchronous Communication. B. Synchronous Communication. C. Asynchronous Interaction. D. Synchronous Interaction.

A. Asynchronous Communication.

Which of the following is needed for System Accountability? A. Audit mechanisms. B. Documented design as laid out in the Common Criteria. C. Authorization. D. Formal verification of system design.

A. Audit mechanisms.

Which of the following is needed for System Accountability? A. Audit mechanisms. B. Documented design as laid out in the Common Criteria. C. Authorization. D. Formal verification of system design.

A. Audit mechanisms.

In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered: A. Authentication B. Identification C. Auditing D. Authorization

A. Authentication

What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time? A. Authentication B. Identification C. Integrity D. Confidentiality

A. Authentication

Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec? A. Authentication Header (AH) B. Encapsulating Security Payload (ESP) C. Secure Sockets Layer (SSL) D. Secure Shell (SSH-2

A. Authentication Header (AH)

Business Continuity and Disaster Recovery Planning (Primarily) addresses the: A. Availability of the CIA triad B. Confidentiality of the CIA triad C. Integrity of the CIA triad D. Availability, Confidentiality and Integrity of the CIA triad

A. Availability of the CIA triad

Why does compiled code pose more of a security risk than interpreted code? A. Because malicious code can be embedded in compiled code and be difficult to detect. B. If the executed compiled code fails, there is a chance it will fail insecurely. C. Because compilers are not reliable. D. There is no risk difference between interpreted code and compiled code.

A. Because malicious code can be embedded in compiled code and be difficult to detect.

Which access control model was proposed for enforcing access control in government and military applications? A. Bell-LaPadula model B. Biba model C. Sutherland model D. Brewer-Nash model

A. Bell-LaPadula model

What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics? A. Biometrics B. Micrometrics C. Macrometrics D. MicroBiometrics

A. Biometrics

What enables a workstation to boot without requiring a hard or floppy disk drive? A. Bootstrap Protocol (BootP). B. Reverse Address Resolution Protocol (RARP). C. Address Resolution Protocol (ARP). D. Classless Inter-Domain Routing (CIDR).

A. Bootstrap Protocol (BootP).

Which of the following is a LAN transmission method? A. Broadcast B. Carrier-sense multiple access with collision detection (CSMA/CD) C. Token ring D. Fiber Distributed Data Interface (FDDI)

A. Broadcast

Which type of attack would a competitive intelligence attack best classify as? A. Business attack B. Intelligence attack C. Financial attack D. Grudge attack

A. Business attack

Which of the following focuses on sustaining an organization's business functions during and after a disruption? A. Business continuity plan B. Business recovery plan C. Continuity of operations plan D. Disaster recovery plan

A. Business continuity plan

Which is NOT a suitable method for distributing certificate revocation information? A. CA revocation mailing list B. Delta CRL C. OCSP (online certificate status protocol) D. Distribution point CRL

A. CA revocation mailing list

What is NOT an authentication method within IKE and IPsec? A. CHAP B. Pre shared key C. certificate based authentication D. Public key authentication

A. CHAP

Which of the following access methods is used by Ethernet? A. CSMA/CD. B. CSU/DSU. C. TCP/IP. D. FIFO.

A. CSMA/CD.

Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on? A. Caesar B. The Jefferson disks C. Enigma D. SIGABA

A. Caesar

Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards? A. Category 5e UTP B. Category 2 UTP C. Category 3 UTP D. Category 1e UTP

A. Category 5e UTP

You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals. One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch. What critical step in forensic evidence have you forgotten? A. Chain of custody B. Locking the laptop in your desk C. Making a disk image for examination D. Cracking the admin password with chntpw

A. Chain of custody

Which of the following protects a password from eavesdroppers and supports the encryption of communication? A. Challenge Handshake Authentication Protocol (CHAP) B. Challenge Handshake Identification Protocol (CHIP) C. Challenge Handshake Encryption Protocol (CHEP) D. Challenge Handshake Substitution Protocol (CHSP)

A. Challenge Handshake Authentication Protocol (CHAP)

This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I ? A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack

A. Chosen-Ciphertext attack

Which access control model achieves data integrity through well-formed transactions and separation of duties? A. Clark-Wilson model B. Biba model C. Non-interference model D. Sutherland model

A. Clark-Wilson model

In what way can violation clipping levels assist in violation tracking and analysis? A. Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred. B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. C. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status. D. Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations.

A. Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred

Network-based Intrusion Detection systems: A. Commonly reside on a discrete network segment and monitor the traffic on that network segment. B. Commonly will not reside on a discrete network segment and monitor the traffic on that network segment. C. Commonly reside on a discrete network segment and does not monitor the traffic on that network segment. D. Commonly reside on a host and and monitor the traffic on that specific host.

A. Commonly reside on a discrete network segment and monitor the traffic on that network segment.

Which of the following prevents, detects, and corrects errors so that the integrity, availability, and confidentiality of transactions over networks may be maintained? A. Communications security management and techniques B. Information security management and techniques C. Client security management and techniques D. Server security management and techniques

A. Communications security management and techniques

Which of the following best describes what would be expected at a "hot site"? A. Computers, climate control, cables and peripherals B. Computers and peripherals C. Computers and dedicated climate control systems. D. Dedicated climate control systems

A. Computers, climate control, cables and peripherals

Encapsulating Security Payload (ESP) provides some of the services of Authentication Headers (AH), but it is primarily designed to provide: A. Confidentiality B. Cryptography C. Digital signatures D. Access Control

A. Confidentiality

Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following? A. Confidentiality B. Integrity C. Availability D. capability

A. Confidentiality

Which of the following is best provided by symmetric cryptography? A. Confidentiality B. Integrity C. Availability D. Non-repudiation

A. Confidentiality

Which property ensures that only the intended recipient can access the data and nobody else? A. Confidentiality B. Capability C. Integrity D. Availability

A. Confidentiality

Which of the following is addressed by Kerberos? A. Confidentiality and Integrity B. Authentication and Availability C. Validation and Integrity D. Auditability and Integrity

A. Confidentiality and Integrity

What are called user interfaces that limit the functions that can be selected by a user? A. Constrained user interfaces B. Limited user interfaces C. Mini user interfaces D. Unlimited user interfaces

A. Constrained user interfaces

Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix? A. Contact information for all personnel. B. Vendor contact information, including offsite storage and alternate site. C. Equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations. D. The Business Impact Analysis.

A. Contact information for all personnel.

A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A database security mechanism that enforces this policy would typically be said to provide which of the following A. Content-dependent access control B. Context-dependent access control C. Least privileges access control D. Ownership-based access control

A. Content-dependent access control

A business continuity plan is an example of which of the following? A. Corrective control B. Detective control C. Preventive control D. Compensating control

A. Corrective control

What is the primary role of cross certification? A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certificates by CA certificate revocation

A. Creating trust between different PKIs

What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities

A. Cross-certification

Which of the following is the most secure form of triple-DES encryption? A. DES-EDE3 B. DES-EDE1 C. DES-EEE4 D. DES-EDE2

A. DES-EDE3

Which of the following is NOT a true statement regarding the implementation of the 3DES modes? A. DES-EEE1 uses one key B. DES-EEE2 uses two keys C. DES-EEE3 uses three keys D. DES-EDE2 uses two keys

A. DES-EEE1 uses one key

Which of the following service is a distributed database that translate host name to IP address to IP address to host name? A. DNS B. FTP C. SSH D. SMTP

A. DNS

Which of the following is the most critical item from a disaster recovery point of view? A. Data B. Hardware/Software C. Communication Links D. Software Applications

A. Data

Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided? A. Data Link B. Transport C. Presentation D. Application

A. Data Link

Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer? A. Data diddling B. Salami techniques C. Trojan horses D. Viruses

A. Data diddling

What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at? A. Data link layer B. Transport layer C. Session layer D. Network layer

A. Data link layer

Who first described the DoD multilevel military security policy in abstract, formal terms? A. David Bell and Leonard LaPadula B. Rivest, Shamir and Adleman C. Whitfield Diffie and Martin Hellman D. David Clark and David Wilson

A. David Bell and Leonard LaPadula

Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette? A. Degaussing B. Parity Bit Manipulation C. Zeroization D. Buffer overflow

A. Degaussing

The fact that a network-based IDS reviews packets payload and headers enable which of the following? A. Detection of denial of service B. Detection of all viruses C. Detection of data corruption D. Detection of all password guessing attacks

A. Detection of denial of service

Which of the following is NOT a task normally performed by a Computer Incident Response Team (CIRT)? A. Develop an information security policy. B. Coordinate the distribution of information pertaining to the incident to the appropriate parties. C. Mitigate risk to the enterprise. D. Assemble teams to investigate the potential vulnerabilities.

A. Develop an information security policy.

Which backup method copies only files that have changed since the last full backup, but does not clear the archive bit? A. Differential backup method. B. Full backup method. C. Incremental backup method. D. Tape backup method.

A. Differential backup method.

Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses? A. Direct evidence. B. Circumstantial evidence. C. Conclusive evidence. D. Corroborative evidence.

A. Direct evidence.

If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Data leakage through covert channels. D. Denial of service through a deadly embrace.

A. Disclosure of residual data.

What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Denial of service through a deadly embrace. D. Data leakage through covert channels.

A. Disclosure of residual data.

Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity? A. Discretionary Access Control B. Mandatory Access Control C. Sensitive Access Control D. Role-based Access Control

A. Discretionary Access Control

Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control ? A. Discretionary Access Control (DAC) B. Mandatory Access control (MAC) C. Non-Discretionary Access Control (NDAC) D. Lattice-based Access control

A. Discretionary Access Control (DAC)

Which of the following categories of hackers poses the greatest threat? A. Disgruntled employees B. Student hackers C. Criminal hackers D. Corporate spies

A. Disgruntled employees

What attribute is included in a X.509-certificate? A. Distinguished name of the subject B. Telephone number of the department C. secret key of the issuing CA D. the key pair of the certificate holder

A. Distinguished name of the subject

When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as? A. Dual Control B. Need to know C. Separation of duties D. Segregation of duties

A. Dual Control

When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation? A. Due care B. Due concern C. Due diligence D. Due practice

A. Due care

Which encryption algorithm is BEST suited for communication with handheld wireless devices? A. ECC (Elliptic Curve Cryptosystem) B. RSA C. SHA D. RC4

A. ECC (Elliptic Curve Cryptosystem)

Which of the following is unlike the other three choices presented? A. El Gamal B. Teardrop C. Buffer Overflow D. Smurf

A. El Gamal

Which of the following services is NOT provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signature D. Authentication

A. Encryption

Which of the following is NOT an advantage that TACACS+ has over TACACS? A. Event logging B. Use of two-factor password authentication C. User has the ability to change his password D. Ability for security tokens to be resynchronized

A. Event logging

Which of the following is NOT an advantage that TACACS+ has over TACACS? A. Event logging B. Use of two-factor password authentication C. User has the ability to change his password D. Ability for security tokens to be resynchronized

A. Event logging

Which of the following statements pertaining to disaster recovery planning is incorrect? A. Every organization must have a disaster recovery plan B. A disaster recovery plan contains actions to be taken before, during and after a disruptive event. C. The major goal of disaster recovery planning is to provide an organized way to make decisions if a disruptive event occurs. D. A disaster recovery plan should cover return from alternate facilities to primary facilities.

A. Every organization must have a disaster recovery plan

When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this: 0101 0001 Plain text 0111 0011 Key stream 0010 0010 Output What is this cryptographic operation called? A. Exclusive-OR B. Bit Swapping C. Logical-NOR D. Decryption

A. Exclusive-OR

Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences? A. Extensible Authentication Protocol B. Challenge Handshake Authentication Protocol C. Remote Authentication Dial-In User Service D. Multilevel Authentication Protocol.

A. Extensible Authentication Protocol

What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system? A. False Rejection Rate (FRR) or Type I Error B. False Acceptance Rate (FAR) or Type II Error C. Crossover Error Rate (CER) D. True Rejection Rate (TRR) or Type III Error

A. False Rejection Rate (FRR) or Type I Error

Which of the following is a token-passing scheme like token ring that also has a second ring that remains dormant until an error condition is detected on the primary ring? A. Fiber Distributed Data Interface (FDDI). B. Ethernet C. Fast Ethernet D. Broadband

A. Fiber Distributed Data Interface (FDDI).

Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? A. Fiber Optic cable B. Coaxial cable C. Twisted Pair cable D. Axial cable

A. Fiber Optic cable

Which of the following backup method must be made regardless of whether Differential or Incremental methods are used? A. Full Backup Method. B. Incremental backup method. C. Supplemental backup method. D. Tape backup method.

A. Full Backup Method.

Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test? A. Full Interruption test B. Checklist test C. Simulation test D. Structured walk-through test

A. Full Interruption test

The session layer provides a logical persistent connection between peer hosts. Which of the following is one of the modes used in the session layer to establish this connection? A. Full duplex B. Synchronous C. Asynchronous D. Half simplex

A. Full duplex

Which xDSL flavour delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs? A. HDSL B. SDSL C. ADSL D. VDSL

A. HDSL

This type of backup management provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs (Write Once, Read Many): A. Hierarchical Storage Management (HSM). B. Hierarchical Resource Management (HRM). C. Hierarchical Access Management (HAM). D. Hierarchical Instance Management (HIM).

A. Hierarchical Storage Management (HSM).

In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected? A. Human Resources B. Industrial Security C. Public Relations D. External Audit Group

A. Human Resources

Which of the following can be defined as an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client? A. IMAP4 B. SMTP C. MIME D. PEM

A. IMAP4

Which of the following answers is described as a random value used in cryptographic algorithms to ensure that patterns are not created during the encryption process? A. IV - Initialization Vector B. Stream Cipher C. OTP - One Time Pad D. Ciphertext

A. IV - Initialization Vector

The type of discretionary access control (DAC) that is based on an individual's identity is also called: A. Identity-based Access control B. Rule-based Access control C. Non-Discretionary Access Control D. Lattice-based Access control

A. Identity-based Access control

Which of the following is an example of discretionary access control? A. Identity-based access control B. Task-based access control C. Role-based access control D. Rule-based access control

A. Identity-based access control

Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect? A. In order to facilitate recovery, a single plan should cover all locations. B. There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan. C. In its procedures and tasks, the plan should refer to functions, not specific individuals. D. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner

A. In order to facilitate recovery, a single plan should cover all locations.

Which backup method is used if backup time is critical and tape space is at an extreme premium? A. Incremental backup method. B. Differential backup method. C. Full backup method. D. Tape backup method.

A. Incremental backup method.

Which backup method usually resets the archive bit on the files after they have been backed up? A. Incremental backup method. B. Differential backup method. C. Partial backup method. D. Tape backup method.

A. Incremental backup method.

Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations? A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)

A. Internet Key exchange (IKE)

Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place? A. Intrusion Detection System B. Compliance Validation System C. Intrusion Management System (IMS) D. Compliance Monitoring System

A. Intrusion Detection System

What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)? A. It can be very invasive to the host operating system B. Monitors all processes and activities on the host system only C. Virtually eliminates limits associated with encryption D. They have an increased level of visibility and control compared to NIDS

A. It can be very invasive to the host operating system

What is a limitation of TCP Wrappers? A. It cannot control access to running UDP services. B. It stops packets before they reach the application layer, thus confusing some proxy servers. C. The hosts. access control system requires a complicated directory tree. D. They are too expensive.

A. It cannot control access to running UDP services.

Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message

A. It converts a message of a fixed length into a message digest of arbitrary length.

Why is Network File System (NFS) used? A. It enables two different types of file systems to interoperate. B. It enables two different types of file systems to share Sun applications. C. It enables two different types of file systems to use IP/IPX. D. It enables two different types of file systems to emulate each other.

A. It enables two different types of file systems to interoperate.

What is one disadvantage of content-dependent protection of information? A. It increases processing overhead. B. It requires additional password entry. C. It exposes the system to data locking. D. It limits the user's individual address space.

A. It increases processing overhead.

Which of the following statements pertaining to a Criticality Survey is incorrect? A. It is implemented to gather input from all personnel that is going to be part of the recovery teams. B. The purpose of the survey must be clearly stated. C. Management's approval should be obtained before distributing the survey. D. Its intent is to find out what services and systems are critical to keeping the organization in business.

A. It is implemented to gather input from all personnel that is going to be part of the recovery teams.

Which of the following statements is NOT true of IPSec Transport mode? A. It is required for gateways providing access to internal systems B. Set-up when end-point is host or communications terminates at end-points C. If used in gateway-to-host communication, gateway must act as host D. When ESP is used for the security protocol, the hash is only applied to the upper layer protocols contained in the packet

A. It is required for gateways providing access to internal systems

Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan? A. It is unlikely to be affected by the same disaster. B. It is close enough to become operational quickly. C. It is close enough to serve its users. D. It is convenient to airports and hotels.

A. It is unlikely to be affected by the same disaster.

Which element must computer evidence have to be admissible in court? A. It must be relevant. B. It must be annotated. C. It must be printed. D. It must contain source code

A. It must be relevant.

Which of the following is NOT a correct notation for an IPv6 address? A. 2001:0db8:0:0:0:0:1428:57ab B. ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 C. ::1 D. 2001:DB8::8:800::417A

D. 2001:DB8::8:800::417A

What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits

D. 80 bits

Which of the following IEEE standards defines the token ring media access method? A. 802.3 B. 802.11 C. 802.5 D. 802.2

D. 802.2

You are running a packet sniffer on a network and see a packet containing a long string of "0x90 0x90 0x90 0x90...." in the middle of it traveling to an x86-based machine as a target. This could be indicative of what activity being attempted? A. Over-subscription of the traffic on a backbone. B. A source quench packet. C. A FIN scan. D. A buffer overflow attack. .

D. A buffer overflow attack

Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival? A. A risk assessment B. A business assessment C. A disaster recovery plan D. A business impact analysis

D. A business impact analysis

What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature

D. A digital signature

An Intrusion Detection System (IDS) is what type of control? A. A preventive control. B. A detective control. C. A recovery control. D. A directive control.

D. A directive control.

What are the components of an object's sensitivity label? A. A Classification Set and a single Compartment. B. A single classification and a single compartment. C. A Classification Set and user credentials. D. A single classification and a Compartment Set.

D. A single classification and a Compartment Set

What is electronic vaulting? A. Information is backed up to tape on a hourly basis and is stored in a on-site vault. B. Information is backed up to tape on a daily basis and is stored in a on-site vault. C. Transferring electronic journals or transaction logs to an off-site storage facility D. A transfer of bulk information to a remote central backup facility.

D. A transfer of bulk information to a remote central backup facility.

Which of the following are not Remote Access concerns? A. Justification for remote access B. Auditing of activities C.Regular review of access privileges D. Access badges

D. Access badges

Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards? A. Certification B. Declaration C. Audit D. Accreditation

D. Accreditation

What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B Proprietary alarm C. A remote station alarm D. An auxiliary station alarm

D. An auxiliary station alarm

In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in? A. Recovery B. Containment C. Triage D. Analysis and tracking

D. Analysis and tracking

What is a decrease in amplitude as a signal propagates along a transmission medium best known as? A. Crosstalk B. Noise C. Delay distortion D. Attenuation

D. Attenuation

Which of the following is required in order to provide accountability? A. Authentication B. Integrity C. Confidentiality D. Audit trails

D. Audit trails

Configuration Management controls what? A. Auditing of changes to the Trusted Computing Base. B. Control of changes to the Trusted Computing Base. C. Changes in the configuration access to the Trusted Computing Base. D. Auditing and controlling any changes to the Trusted Computing Base.

D. Auditing and controlling any changes to the Trusted Computing Base.

RADIUS incorporates which of the following services? A. Authentication server and PIN codes. B. Authentication of clients and static passwords generation. C. Authentication of clients and dynamic passwords generation. D. Authentication server as well as support for Static and Dynamic passwords.

D. Authentication server as well as support for Static and Dynamic passwords.

Which of the following is most affected by denial-of-service (DOS) attacks? A. Confidentiality B. Integrity C. Accountability D. Availability

D. Availability

Which expert system operating mode allows determining if a given hypothesis is valid? A. Blackboard B. Lateral chaining C. Forward chaining D. Backward chaining

D. Backward chaining

Why would anomaly detection IDSs often generate a large number of false positives? A. Because they can only identify correctly attacks they already know about. B. Because they are application-based are more subject to attacks. C. Because they can't identify abnormal behavior. D. Because normal patterns of user and system behavior can vary wildly.

D. Because normal patterns of user and system behavior can vary wildly.

What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A Clark and Wilson Model B. Harrison-Ruzzo-Ullman Model C. Rivest and Shamir Model D. Bell-LaPadula Model

D. Bell-LaPadula Model

How can an individual/person best be identified or authenticated to prevent local masquarading attacks? A. UserId and password B. Smart card and PIN code C. Two-factor authentication D. Biometrics

D. Biometrics

Which of the following statements pertaining to biometrics is false? A. Increased system sensitivity can cause a higher false rejection rate B. The crossover error rate is the point at which false rejection rate equals the false acceptance rate. C. False acceptance rate is also known as Type II error. D. Biometrics are based on the Type 2 authentication mechanism.

D. Biometrics are based on the Type 2 authentication mechanism.

Which of the following is NOT a part of a risk analysis? A. Identify risks B. Quantify the impact of potential threats C. Provide an economic balance between the impact of the risk and the cost of the associated countermeasure D. Choose the best countermeasure

D. Choose the best countermeasure

A variation of the application layer firewall is called a: A. Current Level Firewall. B. Cache Level Firewall. C. Session Level Firewall. D. Circuit Level Firewall

D. Circuit Level Firewall

What is defined as inference of information from other, intermediate, relevant facts? A. Secondary evidence B. Conclusive evidence C. Hearsay evidence D. Circumstantial evidence

D. Circumstantial evidence

Which of the following is NOT a defined ISO basic task related to network management? A. Fault management B. Accounting resources C. Security management D. Communications management

D. Communications management

Which of the following would be used to detect and correct errors so that integrity and confidentiality of transactions over networks may be maintained while preventing unauthorize interception of the traffic? A. Information security B. Server security C. Client security D. Communications security

D. Communications security

A Security Kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy. To be secure, the kernel must meet three basic conditions, what are they? A. Confidentiality, Integrity, and Availability B. Policy, mechanism, and assurance C. Isolation, layering, and abstraction D. Completeness, Isolation, and Verifiability

D. Completeness, Isolation, and Verifiability

Prior to a live disaster test also called a Full Interruption test, which of the following is most important? A. Restore all files in preparation for the test. B. Document expected findings. C. Arrange physical security for the test site. D. Conduct of a successful Parallel Test

D. Conduct of a successful Parallel Test

According to private sector data classification levels, how would salary levels and medical information be classified? A. Public. B. Internal Use Only. C. Restricted. D. Confidential.

D. Confidential.

Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except: A. Authentication B. Integrity C. Replay resistance and non-repudiations D. Confidentiality

D. Confidentiality

What is the PRIMARY goal of incident handling? A. Successfully retrieve all evidence that can be used to prosecute B. Improve the company's ability to be prepared for threats and disasters C. Improve the company's disaster recovery plan D. Contain and repair any damage caused by an event.

D. Contain and repair any damage caused by an event

Which of the following is the primary security feature of a proxy server? A. Virus Detection B. URL blocking C. Route blocking D. Content filtering

D. Content filtering

Which of the following is NOT an asymmetric key algorithm? A. RSA B. Elliptic Curve Cryptosystem (ECC) C. El Gamal D. Data Encryption System (DES)

D. Data Encryption System (DES)

In discretionary access environments, which of the following entities is authorized to grant information access to other people A. Manager B. Group Leader C. Security Manager D. Data Owner

D. Data Owner

Cryptography does NOT help in: A. Detecting fraudulent insertion. B. Detecting fraudulent deletion. C. Detecting fraudulent modification. D. Detecting fraudulent disclosure.

D. Detecting fraudulent disclosure.

Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)? A. Calculate the risk for each different business function. B. Identify the company's critical business functions. C. Calculate how long these functions can survive without these resources. D. Develop a mission statement.

D. Develop a mission statement.

Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged? A. Full backup method B. Incremental backup method C. Fast backup method D. Differential backup method

D. Differential backup method

In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process? A. Using a write blocker B. Made a full-disk image C. Created a message digest for log files D. Displayed the contents of a folder

D. Displayed the contents of a folder

For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)? A. 3' to 4' high B. 6' to 7' high C. 8' high and above with strands of barbed wire D. Double fencing

D. Double fencing

Which of the following groups represents the leading source of computer crime losses? A. Hackers B. Industrial saboteurs C. Foreign intelligence officers D. Employees

D. Employees

Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product? A. Estimating the cost of the changes requested B. Recreating and analyzing the problem C. Determining the interface that is presented to the user D. Establishing the priorities of requests

D. Establishing the priorities of requests

Which of the following statements pertaining to ethical hacking is incorrect? A. An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. B. Testing should be done remotely to simulate external threats. C. Ethical hacking should not involve writing to or modifying the target systems negatively. D. Ethical hackers never use tools that have the potential of affecting servers or services

D. Ethical hackers never use tools that have the potential of affecting servers or services

This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario? A. Excessive Rights B. Excessive Access C. Excessive Permissions D. Excessive Privileges

D. Excessive Privileges

Which of the following transmission media would NOT be affected by cross talk or interference? A. Copper cable B. Radio System C. Satellite radiolink D. Fiber optic cables

D. Fiber optic cables

Crackers today are MOST often motivated by their desire to: A. Help the community in securing their networks. B. Seeing how far their skills will take them. C. Getting recognition for their actions. D. Gaining Money or Financial Gains.

D. Gaining Money or Financial Gains.

Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model? A. Bridge B. Repeater C. Router D. Gateway

D. Gateway

Which of the following would constitute the best example of a password to use for access to a system by a network administrator? A. holiday B. Christmas12 C. Jenny D. GyN19Za!

D. GyN19Za!

Secure Shell (SSH-2) supports authentication, compression, confidentiality, and integrity, SSH is commonly used as a secure alternative to all of the following protocols below except: A. telnet B. rlogin C. RSH D. HTTPS

D. HTTPS

Which of the following is NOT a common category/classification of threat to an IT system? A. Human B. Natural C. Technological D. Hackers

D. Hackers

Which of the following does NOT use token-passing? A. ARCnet B. FDDI C. Token-ring D. IEEE 802.3

D. IEEE 802.3

The concept of best effort delivery is best associated with? A. TCP B. HTTP C. RSVP D. IP

D. IP

Which of the following steps should be one of the first step performed in a Business Impact Analysis (BIA)? A. Identify all CRITICAL business units within the organization. B. Evaluate the impact of disruptive events. C. Estimate the Recovery Time Objectives (RTO). D. Identify and Prioritize Critical Organization Functions

D. Identify and Prioritize Critical Organization Functions

Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of: A. Incident Evaluation B. Incident Recognition C. Incident Protection D. Incident Response

D. Incident Response

Which of the following is the best reason for the use of an automated risk analysis tool? A. Much of the data gathered during the review cannot be reused for subsequent analysis. B. Automated methodologies require minimal training and knowledge of risk analysis. C. Most software tools have user interfaces that are easy to use and does not require any training. D. Information gathering would be minimized and expedited due to the amount of information already built into the tool.

D. Information gathering would be minimized and expedited due to the amount of information already built into the tool.

Who is responsible for providing reports to the senior management on the effectiveness of the security controls? A. Information systems security professionals B. Data owners C. Data custodians D. Information systems auditors

D. Information systems auditors

Buffer overflow and boundary condition errors are subsets of which of the following? A. Race condition errors. B. Access validation errors. C. Exceptional condition handling errors. D. Input validation errors.

D. Input validation errors.

What is the Biba security model concerned with? A. Confidentiality B. Reliability C. Availability D. Integrity

D. Integrity

Which of the following protocols' primary function is to send messages between network devices regarding the health of the network? A. Reverse Address Resolution Protocol (RARP). B. Address Resolution Protocol (ARP). C. Internet Protocol (IP). D. Internet Control Message protocol (ICMP).

D. Internet Control Message protocol (ICMP).

Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)

D. Internet Key Exchange (IKE)

Which layer of the TCP/IP protocol model would best correspond to the OSI/ISO model's network layer? A. Network access layer B. Application layer C. Host-to-host transport layer D. Internet layer

D. Internet layer

Which of the following questions is less likely to help in assessing identification and authentication controls? A. Is a current list maintained and approved of authorized users and their access? B. Are passwords changed at least every ninety days or earlier if needed? C. Are inactive user identifications disabled after a specified period of time? D. Is there a process for reporting incidents?

D. Is there a process for reporting incidents?

Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property? A. It allows "read up." B. It addresses covert channels. C. It addresses management of access controls. D. It allows "write up."

D. It allows "write up."

What is a packet sniffer? A. It tracks network connections to off-site locations. B. It monitors network traffic for illegal packets. C. It scans network segments for cabling faults. D. It captures network traffic for later analysis.

D. It captures network traffic for later analysis.

Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)? A. It has been mathematically proved to be more secure. B. It has been mathematically proved to be less secure. C. It is believed to require longer key for equivalent security. D. It is believed to require shorter keys for equivalent security

D. It is believed to require shorter keys for equivalent security

Which of the following is NOT true concerning Application Control? A. It limits end users use of applications in such a way that only particular screens are visible. B. Only specific records can be requested through the application controls C. Particular usage of the application can be recorded for audit purposes D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved

D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved

Which of the following statements pertaining to packet filtering is incorrect? A. It is based on ACLs. B. It is not application dependant. C. It operates at the network layer. D. It keeps track of the state of a connection.

D. It keeps track of the state of a connection.

Which of the following is true of two-factor authentication? A. It uses the RSA public-key signature based on integers with large prime factors. B. It requires two measurements of hand geometry. C. It does not use single sign-on technology. D. It relies on two independent proofs of identity.

D. It relies on two independent proofs of identity.

Which of the following statements is true about data encryption as a method of protecting data? A. It should sometimes be used for password files B. It is usually easily administered C. It makes few demands on system resources D. It requires careful key management

D. It requires careful key management

Which of the following is less likely to be used today in creating a Virtual Private Network? A. L2TP B. PPTP C. IPSec D. L2F

D. L2F

Which of the following would NOT violate the Due Diligence concept? A. Security policy being outdated B. Data owners not laying out the foundation of data protection C. Network administrator not taking mandatory two-week vacation as planned D. Latest security patches for servers being installed as per the Patch Management process

D. Latest security patches for servers being installed as per the Patch Management process

Which of the following server contingency solutions offers the highest availability? A. System backups B. Electronic vaulting/remote journaling C. Redundant arrays of independent disks (RAID) D. Load balancing/disk replication

D. Load balancing/disk replication

Which of the following is related to physical security and is not considered a technical control? A. Access control Mechanisms B. Intrusion Detection Systems C. Firewalls D. Locks

D. Locks

What refers to legitimate users accessing networked services that would normally be restricted to them? A. Spoofing B. Piggybacking C. Eavesdropping D. Logon abuse

D. Logon abuse

What algorithm was DES derived from? A. Twofish. B. Skipjack. C. Brooks-Aldeman. D. Lucifer

D. Lucifer

Another example of Computer Incident Response Team (CIRT) activities is: A. Management of the netware logs, including collection, retention, review, and analysis of data B. Management of the network logs, including collection and analysis of data C. Management of the network logs, including review and analysis of data D. Management of the network logs, including collection, retention, review, and analysis of data

D. Management of the network logs, including collection, retention, review, and analysis of data

Which of the following access control models introduces user security clearance and data classification? A. Role-based access control B. Discretionary access control C. Non-discretionary access control D. Mandatory access control

D. Mandatory access control

Which of the following access control models requires defining classification for objects? A. Role-based access control B. Discretionary access control C. Identity-based access control D. Mandatory access control

D. Mandatory access control

Which of the following access control models requires security clearance for subjects? A. Identity-based access control B. Role-based access control C. Discretionary access control D. Mandatory access control

D. Mandatory access control

Which of the following statements pertaining to RADIUS is incorrect: A. A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains. B. Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy. C. Most RADIUS servers have built-in database connectivity for billing and reporting purposes. D. Most RADIUS servers can work with DIAMETER servers.

D. Most RADIUS servers can work with DIAMETER servers.

Which of the following describes a technique in which a number of processor units are employed a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind? A. Multitasking B. Multiprogramming C. Pipelining D. Multiprocessing

D. Multiprocessing

What does it mean to say that sensitivity labels are "incomparable"? A. The number of classification in the two labels is different. B. Neither label contains all the classifications of the other. C. the number of categories in the two labels are different. D. Neither label contains all the categories of the other.

D. Neither label contains all the categories of the other.

What security model implies a central authority that define rules and sometimes global rules, dictating what subjects can have access to what objects? A. Flow Model B. Discretionary access control C.Mandatory access control D. Non-discretionary access control

D. Non-discretionary access control

Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY

D. OAKLEY

As per the Orange Book, what are two types of system assurance? A. Operational Assurance and Architectural Assurance. B Design Assurance and Implementation Assurance. C. Architectural Assurance and Implementation Assurance. D. Operational Assurance and Life-Cycle Assurance.

D. Operational Assurance and Life-Cycle Assurance.

Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network? A. Inbound packets with Source Routing option set B. Router information exchange protocols C. Inbound packets with an internal address as the source IP address D. Outbound packets with an external destination IP address

D. Outbound packets with an external destination IP address

Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect? A. PPTP allow the tunnelling of any protocols that can be carried within PPP. B. PPTP does not provide strong encryption. C. PPTP does not support any token-based authentication method for users. D. PPTP is derived from L2TP.

D. PPTP is derived from L2TP.

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of: A. Administrative controls B. Logical controls C. Technical controls D. Physical controls

D. Physical controls

What is the most secure way to dispose of information on a CD-ROM? A. Sanitizing B. Physical damage C. Degaussing D. Physical destruction

D. Physical destruction

Which of the following virus types changes some of its characteristics as it spreads? A. Boot Sector B. Parasitic C. Stealth D. Polymorphic

D. Polymorphic

Which of the following is NOT a common integrity goal? A. Prevent unauthorized users from making modifications. B. Maintain internal and external consistency. C. Prevent authorized users from making improper modifications. D. Prevent paths that could lead to inappropriate disclosure.

D. Prevent paths that could lead to inappropriate disclosure.

Which of the following is not an example of a block cipher? A. Skipjack B. IDEA C. Blowfish D. RC4

D. RC4

Which of the following best describes remote journaling? A. Send hourly tapes containing transactions off-site B. Send daily tapes containing transactions off-site. C. Real-time capture of transactions to multiple storage devices. D. Real time transmission of copies of the entries in the journal of transactions to an alternate site.

D. Real time transmission of copies of the entries in the journal of transactions to an alternate site.

Which of the following is the BEST way to detect software license violations? A. Implementing a corporate policy on copyright infringements and software use. B. Requiring that all PCs be diskless workstations. C. Installing metering software on the LAN so applications can be accessed through the metered software. D. Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC

D. Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC

Which of the following service is not provided by a public key infrastructure (PKI)? A. Access control B. Integrity C. Authentication D. Reliability

D. Reliability

Which of the following is NOT a fundamental component of an alarm in an intrusion detection system? A. Communications B. Enunciator C. Sensor D. Response

D. Response

Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard? A. Twofish B. Serpent C. RC6 D. Rijndael

D. Rijndael

Which of the following is not a component of a Operations Security "triples"? A. Asset B. Threat C. Vulnerability D. Risk

D. Risk

In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server? A. Peer-to-peer authentication B. Only server authentication (optional) C. Server authentication (mandatory) and client authentication (optional) D. Role based authentication scheme

D. Role based authentication scheme

Which of the following is not a responsibility of an information (data) owner? A. Determine what level of classification the information requires. B. Periodically review the classification assignments against business needs. C. Delegate the responsibility of data protection to data custodians.

D. Running regular backups and periodically testing the validity of the backup data.

A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence? A. Direct evidence B. Circumstantial evidence C. Hearsay evidence D. Secondary evidence

D. Secondary evidence

Which of the following protocols is designed to send individual messages securely? A. Kerberos B. Secure Electronic Transaction (SET). C. Secure Sockets Layer (SSL). D. Secure HTTP (S-HTTP).

D. Secure HTTP (S-HTTP).

Which of the following is NOT a compensating measure for access violations? A. Backups B. Business continuity planning C. Insurance D. Security awareness

D. Security awareness

Which of the following biometric characteristics cannot be used to uniquely authenticate an individual's identity? A. Retina scans B. Iris scans C. Palm scans D. Skin scans

D. Skin scans

Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence? A. Implementation B. System feasibility C. Product design D. Software plans and requirements

D. Software plans and requirements

You have been tasked to develop an effective information classification program. Which one of the following steps should be performed first? A. Establish procedures for periodically reviewing the classification and ownership B. Specify the security controls required for each classification level C. Identify the data custodian who will be responsible for maintaining the security level of data D. Specify the criteria that will determine how data is classified

D. Specify the criteria that will determine how data is classified

Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality? A. Network redundancy translation B. Load balancing translation C. Dynamic translation D. Static translation

D. Static translation

Which of the following remote access authentication systems is the most robust? A. TACACS+ B. RADIUS C. PAP D. TACACS

D. TACACS

What is the primary role of smartcards in a PKI? A. Transparent renewal of user keys B. Easy distribution of the certificates between the users C. Fast hardware encryption of the raw data D. Tamper resistant, mobile storage and application of private keys of the users

D. Tamper resistant, mobile storage and application of private keys of the users

What is the primary role of smartcards in a PKI? A. Transparent renewal of user keys B. Easy distribution of the certificates between the users C. Fast hardware encryption of the raw data D. Tamper resistant, mobile storage and application of private keys of the users

D. Tamper resistant, mobile storage and application of private keys of the users

Which of the following is the MOST important aspect relating to employee termination? A. The details of employee have been removed from active payroll files B. Company property provided to the employee has been returned. C. User ID and passwords of the employee have been deleted. D. The appropriate company staff are notified about the termination.

D. The appropriate company staff are notified about the termination.

How do you distinguish between a bridge and a router? A. A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to. B. "Bridge" and "router" are synonyms for equipment used to join two networks. C. The bridge is a specific type of router used to connect a LAN to the global Internet. D. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.

D. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.

Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court? A. It must prove a fact that is immaterial to the case. B. Its reliability must be proven. C. The process for producing it must be documented and repeatable. D. The chain of custody of the evidence must show who collected, secured, controlled, handled, transported the evidence, and that it was not tampered with.

D. The chain of custody of the evidence must show who collected, secured, controlled, handled, transported the evidence, and that it was not tampered with.

Which one of the following statements about the advantages and disadvantages of network-based Intrusion detection systems is true A. Network-based IDSs are not vulnerable to attacks. B. Network-based IDSs are well suited for modern switch-based networks. C. Most network-based IDSs can automatically indicate whether or not an attack was successful. D. The deployment of network-based IDSs has little impact upon an existing network.

D. The deployment of network-based IDSs has little impact upon an existing network.

Guards are appropriate whenever the function required by the security program involves which of the following? A. The use of discriminating judgment B. The use of physical force C. The operation of access control devices D. The need to detect unauthorized access

D. The need to detect unauthorized access

Which of the following security models does NOT concern itself with the flow of data? A. The information flow model B. The Biba model C. The Bell-LaPadula model D. The noninterference model

D. The noninterference model

What physical characteristic does a retinal scan biometric device measure? A. The amount of light reaching the retina B. The amount of light reflected by the retina C. The pattern of light receptors at the back of the eye D. The pattern of blood vessels at the back of the eye

D. The pattern of blood vessels at the back of the eye

What is a characteristic of using the Electronic Code Book mode of DES encryption? A. A given block of plaintext and a given key will always produce the same ciphertext. B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. C. Individual characters are encoded by combining output from earlier encryption routines with plaintext. D. The previous DES output is used as input

D. The previous DES output is used as input

Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate? A. The project will be completed late. B. The project will exceed the cost estimates. C. The project will be incompatible with existing systems. D. The project will fail to meet business and user needs

D. The project will fail to meet business and user needs

Which of the following statements pertaining to the security kernel is incorrect? A. The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept. B. The security kernel must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof. C. The security kernel must be small enough to be able to be tested and verified in a complete and comprehensive manner. D. The security kernel is an access control concept, not an actual physical component

D. The security kernel is an access control concept, not an actual physical component

The security of a computer application is most effective and economical in which of the following cases? A. The system is optimized prior to the addition of security. B. The system is procured off-the-shelf. C. The system is customized to meet the specific security threat. D. The system is originally designed to provide the necessary security.

D. The system is originally designed to provide the necessary security.

Which of the following is NOT a characteristic or shortcoming of packet filtering gateways? A. The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network. B. They don't protect against IP or DNS address spoofing. C. They do not support strong user authentication. D. They are appropriate for medium-risk environment. .

D. They are appropriate for medium-risk environment.

Which of the following statements pertaining to protection rings is false? A. They provide strict boundaries and definitions on what the processes that work within each ring can access. B. Programs operating in inner rings are usually referred to as existing in a privileged mode. C. They support the CIA triad requirements of multitasking operating systems. D. They provide users with a direct access to peripherals

D. They provide users with a direct access to peripherals

What is called an event or activity that has the potential to cause harm to the information systems or networks? A. Vulnerability B. Threat agent C. Weakness D. Threat

D. Threat

Which of the following can best define the "revocation request grace period"? A. The period of time allotted within which the user must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation request and the publication of the revocation information

D. Time period between the arrival of a revocation request and the publication of the revocation information

Which of the following protects Kerberos against replay attacks? A. Tokens B. Passwords C. Cryptography D. Time stamps

D. Time stamps

Which of the following protects Kerberos against replay attacks? A. Tokens B. Passwords C. Cryptography D. Time stamps

D. Time stamps

Which of the following is the primary reason why a user would choose a dial-up modem connection to the Internet when they have a faster, secure Internet connection through the organization's network? A. To access web sites that blocked by the organization's proxy server. B. To set up public services using the organization's resources. C. To check their personal e-mail. D. To circumvent the organization's security policy

D. To circumvent the organization's security policy

What is the primary goal of setting up a honeypot? A. To lure hackers into attacking unused systems B. To entrap and track down possible hackers C. To set up a sacrificial lamb on the network D. To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.

D. To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified

Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes? A. Carrier sense multiple access with collision avoidance (CSMA/CA) B. Carrier sense multiple access with collision detection (CSMA/CD) C. Polling D. Token-passing

D. Token-passing

Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the:: A. Transport Layer Security (TLS) Internet Protocol. B. Transport Layer Security (TLS) Data Protocol. C. Transport Layer Security (TLS) Link Protocol. D. Transport Layer Security (TLS) Handshake Protocol.

D. Transport Layer Security (TLS) Handshake Protocol.

Which OSI/ISO layers are TCP and UDP implemented at? A. Application layer B. Presentation layer C. Session layer D. Transport layer

D. Transport layer

Which cable technology refers to the CAT3 and CAT5 categories? A. Coaxial cables B. Fiber Optic cables C. Axial cables D. Twisted Pair cables

D. Twisted Pair cables

Which of the following statements pertaining to disaster recovery is incorrect? A. A recovery team's primary task is to get the pre-defined critical business functions at the alternate backup processing site. B. A salvage team's task is to ensure that the primary site returns to normal processing conditions. C. The disaster recovery plan should include how the company will return from the alternate site to the primary site. D. When returning to the primary site, the most critical applications should be brought back first.

D. When returning to the primary site, the most critical applications should be brought back first.

When should a post-mortem review meeting be held after an intrusion has been properly taken care of? A. Within the first three months after the investigation of the intrusion is completed. B. Within the first week after prosecution of intruders have taken place, whether successful or not. C. Within the first month after the investigation of the intrusion is completed. D. Within the first week of completing the investigation of the intrusion.

D. Within the first week of completing the investigation of the intrusion.

All following observations about IPSec are correct except: A. Default Hashing protocols are HMAC-MD5 or HMAC-SHA-1 B. Default Encryption protocol is Cipher Block Chaining mode DES, but other algorithms like ECC (Elliptic curve cryptosystem) can be used C. Support two communication modes - Tunnel mode and Transport mode D. Works only with Secret Key Cryptography

D. Works only with Secret Key Cryptography

Which of the following is most appropriate to notify an internal user that session monitoring is being conducted? A. Logon Banners B. Wall poster C. Employee Handbook D. Written agreement

D. Written agreement

What can a packet filtering firewall also be called? A. a scanning router B. a shielding router C. a sniffing router D. a screening router

D. a screening router

A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle? A. project initiation and planning phase B. system design specification phase C. development & documentation phase D. acceptance phase

D. acceptance phase

Making sure that the data is accessible when and where it is needed is which of the following A. confidentiality B. integrity C. acceptability D. availability

D. availability

Which of the following computer recovery sites is the least expensive and the most difficult to test? A. non-mobile hot site B. mobile hot site C. warm site D. cold site

D. cold site

External consistency ensures that the data stored in the database is: A. in-consistent with the real world. B. remains consistant when sent from one system to another. C. consistent with the logical world. D. consistent with the real world.

D. consistent with the real world.

Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the: A. data's payload B. data's details C. data's owner D. data's origin

D. data's origin

Which of the following issues is not addressed by digital signatures? A. nonrepudiation B. authentication C. data integrity D. denial-of-service

D. denial-of-service

Related to information security, availability is the opposite of which of the following? A. delegation B. distribution C. documentation D. destruction

D. destruction

The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called: A. alteration B. investigation C. entrapment D. enticement.

D. enticement

The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization? A. project initiation and planning phase B. system design specifications phase C. development and documentation phase D. in parallel with every phase throughout the project

D. in parallel with every phase throughout the project

Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. message non-repudiation. B. message confidentiality. C. message interleave checking. D. message integrity

D. message integrity

Examples of types of physical access controls include all EXCEPT which of the following? A. badges B. locks C. guards D. passwords

D. passwords

Organizations should consider which of the following first before allowing external access to their LANs via the Internet? A. plan for implementing workstation locking mechanisms. B. plan for protecting the modem pool. C. plan for providing the user with his account usage information. D. plan for considering proper authentication options

D. plan for considering proper authentication options

Organizations should consider which of the following first before allowing external access to their LANs via the Internet? A. plan for implementing workstation locking mechanisms. B. plan for protecting the modem pool. C. plan for providing the user with his account usage information. D. plan for considering proper authentication options

D. plan for considering proper authentication options

Step-by-step instructions used to satisfy control requirements is called a: A. policy B. standard C. guideline D. procedure

D. procedure

Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement? A. hot site B. warm site C. cold site D. reciprocal agreement

D. reciprocal agreement

The "vulnerability of a facility" to damage or attack may be assessed by all of the following except: A. Inspection B. History of losses C. Security controls D. security budget

D. security budget

It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security? A. security administrator B. security analyst C. systems auditor D. systems programmer

D. systems programmer

A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is: A. concern that the laser beam may cause eye damage B. the iris pattern changes as a person grows older. C. there is a relatively high rate of false accepts. D. the optical unit must be positioned so that the sun does not shine into the aperture.

D. the optical unit must be positioned so that the sun does not shine into the aperture.

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place? Take-Grant model B. Biba model C. Access Matrix model D. Take-Grant model

Take-Grant model

When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence: A. Evidence has to be collected in accordance with all laws and all legal regulations. B. Law enforcement officials should be contacted for advice on how and when to collect critical information. C. Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available. D. Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.

C. Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available.

The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)? A. Threat B. Exposure C. Vulnerability D. Risk

C. Vulnerability

Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy? A. Who is involved in establishing the security policy? B. Where is the organization's security policy defined? C. What are the actions that need to be performed in case of a disaster? D. Who is responsible for monitoring compliance to the organization's security policy?

C. What are the actions that need to be performed in case of a disaster?

When backing up an applications system's data, which of the following is a key question to be answered first? A. When to make backups B. Where to keep backups C. What records to backup D. How to store backups

C. What records to backup

Kerberos is vulnerable to replay in which of the following circumstances? A. When a private key is compromised within an allotted time window. B. When a public key is compromised within an allotted time window. C. When a ticket is compromised within an allotted time window. D. When the KSD is compromised within an allotted time window.

C. When a ticket is compromised within an allotted time window.

Which of the following would best describe the difference between white-box testing and black-box testing? A. White-box testing is performed by an independent programmer team. B. Black-box testing uses the bottom-up approach. C. White-box testing examines the program internal logical structure. D. Black-box testing involves the business units

C. White-box testing examines the program internal logical structure.

Frame relay uses a public switched network to provide: A. Local Area Network (LAN) connectivity. B. Metropolitan Area Network (MAN) connectivity. C. Wide Area Network (WAN) connectivity. D. World Area Network (WAN) connectivity.

C. Wide Area Network (WAN) connectivity.

Which of the following standards concerns digital certificates? A. X.400 B. X.25 C. X.509 D. X.75

C. X.509

The Secure Hash Algorithm (SHA-1) creates: A. a fixed length message digest from a fixed length input message B. a variable length message digest from a variable length input message C. a fixed length message digest from a variable length input message D. a variable length message digest from a fixed length input message

C. a fixed length message digest from a variable length input message

Because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to: A. neither physical attacks nor attacks from malicious code. B. physical attacks only C. both physical attacks and attacks from malicious code. D. physical attacks but not attacks from malicious code.

C. both physical attacks and attacks from malicious code.

In a known plaintext attack, the cryptanalyst has knowledge of which of the following? A. the ciphertext and the key B. the plaintext and the secret key C. both the plaintext and the associated ciphertext of several messages D. the plaintext and the algorithm

C. both the plaintext and the associated ciphertext of several messages

Which of the following is not a logical control when implementing logical access security? A. access profiles. B. userids. C. employee badges. D. passwords

C. employee badges

Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures? A. design, development, publication, coding, and testing. B. design, evaluation, approval, publication, and implementation. C. initiation, evaluation, development, approval, publication, implementation, and maintenance. D. feasibility, development, approval, implementation, and integration

C. initiation, evaluation, development, approval, publication, implementation, and maintenance.

An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n): A. active attack B. outside attack C. inside attack D. passive attack

C. inside attack

The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address? A. integrity and confidentiality. B. confidentiality and availability. C. integrity and availability. D. none of the above.

C. integrity and availability.

Controls are implemented to: A. eliminate risk and reduce the potential for loss B. mitigate risk and eliminate the potential for loss C. mitigate risk and reduce the potential for loss D. eliminate risk and eliminate the potential for loss

C. mitigate risk and reduce the potential for loss

There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? A. public keys B. private keys C. public-key certificates D. private-key certificates

C. public-key certificates

A momentary low voltage, from 1 cycle to a few seconds, is a: A. spike B. blackout C. sag D. fault

C. sag

A proxy is considered a: A. first generation firewall. B. third generation firewall. C. second generation firewall. D. fourth generation firewall.

C. second generation firewall.

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to: A. specify what users can do B. specify which resources they can access C. specify how to restrain hackers D. specify what operations they can perform on a system.

C. specify how to restrain hackers

What is called a password that is the same for each log-on session? A. "one-time password" B. "two-time password" C. static password D. dynamic password

C. static password

Business Continuity Planning (BCP) is not defined as a preparation that facilitates: A. the rapid recovery of mission-critical business operations B. the continuation of critical business functions C. the monitoring of threat activity for adjustment of technical controls D. the reduction of the impact of a disaster

C. the monitoring of threat activity for adjustment of technical controls

A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following? A. encrypting messages B. signing messages C. verifying signed messages D. decrypt encrypted messages

C. verifying signed messages

The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something: A. you need. B. non-trivial C. you are. D. you can get.

C. you are

The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something: A. you need. B. you read. C. you are. D. you do.

C. you are.

How would nonrepudiation be best classified as? A. A preventive control B. A logical control C. A corrective control D. A compensating control

A. A preventive control

The Computer Security Policy Model the Orange Book is based on is which of the following? A. Bell-LaPadula B. Data Encryption Standard C. Kerberos D. Tempest

A. Bell-LaPadula

Which of the following biometric parameters are better suited for authentication use over a long period of time? A. Iris pattern B. Voice pattern C. Signature dynamics D. Retina pattern

A. Iris pattern

Which of the following question is less likely to help in assessing an organization's contingency planning controls? A. Is damaged media stored and/or destroyed? B. Are the backup storage site and alternate site geographically far enough from the primary site? C. Is there an up-to-date copy of the plan stored securely off-site? D. Is the location of stored backups identified?

A. Is damaged media stored and/or destroyed?

A deviation from an organization-wide security policy requires which of the following? A. Risk Acceptance B. Risk Assignment C. Risk Reduction D. Risk Containment

A. Risk Acceptance

What works as an E-mail message transfer agent? A. SMTP B. SNMP C. S-RPC D. S/MIME

A. SMTP

Law enforcement agencies must get a warrant to search and seize an individual's property, as stated in the _____ Amendment. A. First. B. Second. C. Third. D. Fourth.

D. Fourth.

What type of attack involves IP spoofing, ICMP ECHO and a bounce site? A. IP spoofing attack B. Teardrop attack C. SYN attack D. Smurf attack

D. Smurf attack

The RSA Algorithm uses which mathematical concept as the basis of its encryption? A. Geometry B. 16-round ciphers C. PI (3.14159...) D. Two large prime numbers

D. Two large prime numbers

Which one of the following factors is NOT one on which Authentication is based? A. Type 1. Something you know, such as a PIN or password B. Type 2. Something you have, such as an ATM card or smart card C. Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan D. Type 4. Something you are, such as a system administrator or security administrator

D. Type 4. Something you are, such as a system administrator or security administrator

Cryptography does not concern itself with which of the following choices? A. Availability B. Integrity C. Confidentiality D. Validation

D. Validation

Which of the following media is MOST resistant to tapping? A. microwave. B. twisted pair. C. coaxial cable. D. fiber optic.

D. fiber optic.

Secure Shell (SSH-2) provides all the following services except: A. secure remote login B. command execution C. port forwarding D. user authentication

D. user authentication

Which port does the Post Office Protocol Version 3 (POP3) make use of? A. 110 B. 109 C. 139 D. 119

A. 110

Which of the following security modes of operation involves the highest risk? A. Compartmented Security Mode B. Multilevel Security Mode C. System-High Security Mode D. Dedicated Security Mode

B. Multilevel Security Mode

Which of the following are REGISTERED PORTS as defined by IANA ? A. Ports 128 to 255 B. Ports 1024 to 49151 C. Ports 1025 to 65535 D. Ports 1024 to 32767

B. Ports 1024 to 49151

The standard server port number for HTTP is which of the following? A. 81 B. 80 C. 8080 D. 8180

B. 80

Which of the following biometric devices offers the LOWEST CER? A. Keystroke dynamics B. Voice verification C. Iris scan D. Fingerprint

C. Iris scan

Which of the following is the core of fiber optic cables made of? A. PVC B. Glass fibers C. Kevlar D. Teflon

B. Glass fibers

A prolonged high voltage is a: A. spike B. blackout C. surge D. fault

C. surge

Which of the following is not a physical control for physical security? A. lighting B. fences C. training D. facility construction materials

C. training

Which of the following protocols does not operate at the data link layer (layer 2)? A. PPP B. RARP C. L2F D. ICMP

D. ICMP

What can be defined as an event that could cause harm to the information systems? A. A risk B. A threat C. A vulnerability D. A weakness

B. A threat

What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable? A. 80 meters B. 100 meters C. 185 meters D. 500 meters

B. 100 meters

What is the key size of the International Data Encryption Algorithm (IDEA)? A. 64 bits B. 128 bits C. 160 bits D. 192 bits

B. 128 bits

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 172.12.42.5 B. 172.140.42.5 C. 172.31.42.5 D. 172.15.42.5

C. 172.31.42.5

Which of the following computer recovery sites is only partially equipped with processing equipment? A. hot site B. rolling hot site C. warm site D. cold site

C. warm site

What is RAD? A. A development methodology B. A project management technique C. A measure of system complexity D. Risk-assessment diagramming

A. A development methodology

Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs? A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack

A. A known-plaintext attack

What is used to protect programs from all unauthorized modification or executional interference? A. A protection domain B. A security perimeter C. Security labels D. Abstraction

A. A protection domain

The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of the corresponding vulnerability. Therefore, a legal liability may exists when: A. (C < L) or C is less than L B. (C < L - (residual risk)) or C is less than L minus residual risk C. (C > L) or C is greather than L D. (C > L - (residual risk)) or C is greather than L minus residual risk

A. (C < L) or C is less than L

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 10.0.42.5 B. 11.0.42.5 C. 12.0.42.5 D. 13.0.42.5

A. 10.0.42.5

What size is an MD5 message digest (hash)? A. 128 bits B. 160 bits C. 256 bits D. 128 bytes

A. 128 bits

How many rounds are used by DES? A. 16 B. 32 C. 64 D. 48

A. 16

How long are IPv4 addresses? A. 32 bits long. B. 64 bits long. C. 128 bits long. D. 16 bits long.

A. 32 bits long.

What is the effective key size of DES? A. 56 bits B. 64 bits C. 128 bits D. 1024 bits

A. 56 bits

Which of the following is NOT a characteristic of a host-based intrusion detection system? A. A HIDS does not consume large amounts of system resources B. A HIDS can analyse system logs, processes and resources C. A HIDS looks for unauthorized changes to the system D. A HIDS can notify system administrators when unusual events are identified

A. A HIDS does not consume large amounts of system resources

What is the main difference between a Smurf and a Fraggle attack? A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based. B. A Smurf attack is UDP-based and a Fraggle attack is TCP-based. C. Smurf attack packets cannot be spoofed. D. A Smurf attack is UDP-based and a Fraggle attack is ICMP-based

A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based.

Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment ? A. A baseline B. A standard C. A procedure D. A guideline

A. A baseline

What can best be defined as a strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall? A. A bastion host B. A screened subnet C. A dual-homed host D. A proxy server

A. A bastion host

Why are coaxial cables called "coaxial"? A. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. B. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis C. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channels, both running along the same axis. D. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis

B. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis

Which of the following is a disadvantage of a statistical anomaly-based intrusion detection system? A. it may truly detect a non-attack event that had caused a momentary anomaly in the system. B. it may falsely detect a non-attack event that had caused a momentary anomaly in the system. C. it may correctly detect a non-attack event that had caused a momentary anomaly in the system. D. it may loosely detect a non-attack event that had caused a momentary anomaly in the system.

B. it may falsely detect a non-attack event that had caused a momentary anomaly in the system.

Which of the following recovery plan test results would be most useful to management? A. elapsed time to perform various activities. B. list of successful and unsuccessful activities. C. amount of work completed. D. description of each activity.

B. list of successful and unsuccessful activities.

In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices? A. new loop B. local loop C. loopback D. indigenous loop

B. local loop

Like the Kerberos protocol, SESAME is also subject to which of the following? A. timeslot replay B. password guessing C. symmetric key guessing D. asymmetric key guessing

B. password guessing

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on : A. sex of a person B. physical attributes of a person C. age of a person D. voice of a person

B. physical attributes of a person

Kerberos can prevent which one of the following attacks? A. tunneling attack. B. playback (replay) attack. C. destructive attack. D. process attack.

B. playback (replay) attack

Which one of the following is usually not a benefit resulting from the use of firewalls? A. reduces the risks of external threats from malicious hackers. B. prevents the spread of viruses. C. reduces the threat level on internal system. D. allows centralized management and control of services

B. prevents the spread of viruses.

Which of the following is often the greatest challenge of distributed computing solutions? A. scalability B. security C. heterogeneity D. usability

B. security

The major objective of system configuration management is which of the following? A. system maintenance. B. system stability. C. system operations. D. system tracking.

B. system stability.

In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because: A. people need not use discretion B. the access controls are based on the individual's role or title within the organization. C. the access controls are not based on the individual's role or title within the organization D. the access controls are often based on the individual's role or title within the organization

B. the access controls are based on the individual's role or title within the organization.

Layer 4 of the OSI stack is known as: A. the data link layer B. the transport layer C. the network layer D. the presentation layer

B. the transport layer

In Discretionary Access Control the subject has authority, within certain limitations, A. but he is not permitted to specify what objects can be accessible and so we need to get an independent third party to specify what objects can be accessible. B. to specify what objects can be accessible. C. to specify on a aggregate basis without understanding what objects can be accessible. D. to specify in full detail what objects can be accessible.

B. to specify what objects can be accessible.

Devices that supply power when the commercial utility power system fails are called which of the following? A. power conditioners B. uninterruptible power supplies C. power filters D. power dividers

B. uninterruptible power supplies

Communications and network security relates to transmission of which of the following? A. voice B. voice and multimedia C. data and multimedia D. voice, data and multimedia

B. voice and multimedia

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering 2 questions : A. what was the sex of a person and his age B. what part of body to be used and how to accomplish identification that is viable C. what was the age of a person and his income level D. what was the tone of the voice of a person and his habits

B. what part of body to be used and how to accomplish identification that is viable

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using a TACACS+ server. B.Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5. D. Only attaching modems to non-networked hosts.

B.Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.

Which of the following is the WEAKEST authentication mechanism? A. Passphrases B. Passwords C. One-time passwords D. Token devices

B.Passwords

Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of controls is correct? A. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks but do not include a review of vacation history, and also do not include increased supervision. B. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols. C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. D. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision.

C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.

In what way could Java applets pose a security threat? A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system. C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.

C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system.

Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system? A. Fail proof B. Fail soft C. Fail safe D. Fail Over

C. Fail safe

Which of the following statements pertaining to firewalls is incorrect? A. Firewalls create bottlenecks between the internal and external network. B. Firewalls allow for centralization of security services in machines optimized and dedicated to the task. C. Firewalls protect a network at all layers of the OSI models. D. Firewalls are used to create security checkpoints at the boundaries of private networks.

C. Firewalls protect a network at all layers of the OSI models.

Which one of the following is NOT one of the outcomes of a vulnerability assessment? A. Quantative loss assessment B. Qualitative loss assessment C. Formal approval of BCP scope and initiation document D. Defining critical support areas

C. Formal approval of BCP scope and initiation document

Which of the following backup methods is most appropriate for off-site archiving? A. Incremental backup method B. Off-site backup method C. Full backup method D. Differential backup method

C. Full backup method

Which of the following LAN topologies offers the highest availability? A. Bus topology B. Tree topology C. Full mesh topology D. Partial mesh topology

C. Full mesh topology

During which phase of an IT system life cycle are security requirements developed? A. Operation B. Initiation C. Functional design analysis and Planning D. Implementation

C. Functional design analysis and Planning

What does "System Integrity" mean? A. The software of the system has been implemented as designed. B. Users can't tamper with processes they do not own. C. Hardware and firmware have undergone periodic testing to verify that they are functioning properly. D. Design specifications have been verified against the formal top-level specification.

C. Hardware and firmware have undergone periodic testing to verify that they are functioning properly.

Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. S/MIME and SSH B. TLS and SSL C. IPsec and L2TP D. PKCS#10 and X.509

C. IPsec and L2TP

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? A. Illiminated at nine feet high with at least three foot-candles B. Illiminated at eight feet high with at least three foot-candles C. Illiminated at eight feet high with at least two foot-candles D. Illuminated at nine feet high with at least two foot-candles

C. Illiminated at eight feet high with at least two foot-candles

Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users? A. Inadequate quality assurance (QA) tools. B. Constantly changing user needs. C. Inadequate user participation in defining the system's requirements. D. Inadequate project management.

C. Inadequate user participation in defining the system's requirements.

Which of the following specifically addresses cyber attacks against an organization's IT systems? A. Continuity of support plan B. Business continuity plan C. Incident response plan D. Continuity of operations plan

C. Incident response plan

Which backup type run at regular intervals would take the least time to complete? A. Full Backup B. Differential Backup C. Incremental Backup D. Disk Mirroring

C. Incremental Backup

Which of the following statements pertaining to link encryption is false? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.

C. Information stays encrypted from one end of its journey to the other.

Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design? A. Development/acquisition B. Implementation C. Initiation D. Maintenance

C. Initiation

Which of the following is not a DES mode of operation? A. Cipher block chaining B. Electronic code book C. Input feedback D. Cipher feedback

C. Input feedback

A one-way hash provides which of the following? A. Confidentiality B. Availability C. Integrity D. Authentication

C. Integrity


Ensembles d'études connexes

No red ink (capitalizing and formatting titles, commonly confused words 1-5)

View Set

Dental Assisting— Radiology Ch. 39, 40, 41, 42 FINAL EXAM

View Set

for the real music nerds😝🤠

View Set

Ch 18: Eating/Feeding Disorders QUESTIONS (Varcarolis Psych-Mental Health Nursing)

View Set

LearnSmart Chapter 5 Conceptual Questions

View Set